Weird scan results/currently scanning object thing

christamofo · May 30, 2014

Hey I have been fighting a nasty ransom type virus on my dads old computer, I ran a scan before startup and managed to remove something but whilst doing a Malwarebytes scan after to make sure it's gone I'm getting very weird files!!

It just keep adding slashes now it's gone on to the next line and they all look like full stops, anyone know what's going on.

Thank you in advance.

Chris.

kevinf80 · May 30, 2014

Hello and

P2P/Piracy Warning:

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.
Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Let me those logs....

Kevin

christamofo · May 31, 2014

Okay, I guess getting that comming up in the scan isn't normal then is it?

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:30-05-2014
Ran by User1 (administrator) on ACER-1240D29348 on 31-05-2014 11:13:41
Running from C:\Documents and Settings\User1\Desktop
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) D:\Program Files\AVG\AVG2014\avgrsx.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
(Intel Corporation ) C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
(Acer Inc.) C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
(Agere Systems) C:\WINDOWS\System32\AGRSMSVC.EXE
(AVG Technologies CZ, s.r.o.) D:\Program Files\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) D:\Program Files\AVG\AVG2014\avgwdsvc.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BIN\BTWDINS.EXE
(AVG Technologies CZ, s.r.o.) D:\Program Files\AVG\AVG2014\avgnsx.exe
(AVG Technologies CZ, s.r.o.) D:\Program Files\AVG\AVG2014\avgemcx.exe
(Eastman Kodak Company) C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
(Eastman Kodak Company) C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
(AVG Technologies CZ, s.r.o.) D:\Program Files\AVG\AVG2014\AVGUI.EXE
(Acer Inc.) C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Eastman Kodak Company) C:\Program Files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
() C:\Program Files\AVG SafeGuard toolbar\vprot.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.5\ToolbarUpdater.exe
() C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.5\loggingserver.exe
(Microsoft Corporation) C:\WINDOWS\System32\wscntfy.exe
(Microsoft Corporation) C:\WINDOWS\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\IEXPLORE.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\IEXPLORE.EXE
(Microsoft Corporation) C:\WINDOWS\System32\msiexec.exe
(AVG Technologies CZ, s.r.o.) D:\Program Files\AVG\AVG2014\avgcsrvx.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\IEXPLORE.EXE

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [bluetoothAuthenticationAgent] => rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
HKLM\...\Run: [AzMixerSel] => C:\Program Files\Realtek\InstallShield\AzMixerSel.exe [53248 2006-07-19] (Realtek Semiconductor Corp.)
HKLM\...\Run: [AVG_UI] => D:\Program Files\AVG\AVG2014\avgui.exe [5181456 2014-05-13] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [Acer ePresentation HPD] => C:\Acer\Empowering Technology\ePresentation\ePresentation.exe [208896 2006-06-07] (Acer Inc.)
HKLM\...\Run: [EKStatusMonitor] => C:\PROGRAM FILES\KODAK\AIO\STATUSMONITOR\EKStatusMonitor.exe [2750840 2013-01-15] (Eastman Kodak Company)
HKLM\...\Run: [vProt] => C:\Program Files\AVG SafeGuard toolbar\vprot.exe [2561560 2014-05-12] ()
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [98304 2008-07-13] (Apple Computer, Inc.)
HKU\.DEFAULT\...\RunOnce: [KodakHomeCenter] - C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe [2236792 2013-03-15] (Eastman Kodak Company)
HKU\.DEFAULT\...\RunOnce: [spUninstallDeleteDir] - rmdir /s /q "C:\WINDOWS\system32\config\systemprofile\Application Data\SearchProtect"
HKU\S-1-5-21-3048764170-4027112551-3766241791-1005\...\MountPoints2: {03ce172e-a4d9-11dc-824b-0019d20ba795} - F:\VMC_PBStarter.exe
HKU\S-1-5-21-3048764170-4027112551-3766241791-1005\...\MountPoints2: {03ce172f-a4d9-11dc-824b-0019d20ba795} - F:\VMC_PBStarter.exe
HKU\S-1-5-21-3048764170-4027112551-3766241791-1005\...\MountPoints2: {19cf8f9c-3987-11e2-88f5-0019d20ba795} - F:\StartVMCLite.exe
HKU\S-1-5-21-3048764170-4027112551-3766241791-1005\...\MountPoints2: {1cbf7774-3984-11e2-88f4-0019d20ba795} - F:\StartVMCLite.exe
HKU\S-1-5-21-3048764170-4027112551-3766241791-1005\...\MountPoints2: {2f37cbde-4149-11e0-86ab-0019d20ba795} - "F:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-3048764170-4027112551-3766241791-1005\...\MountPoints2: {5a0f8416-368f-11df-857c-0019d20ba795} - F:\VMC_PBStarter.exe
HKU\S-1-5-21-3048764170-4027112551-3766241791-1005\...\MountPoints2: {5a0f8417-368f-11df-857c-0019d20ba795} - F:\VMC_PBStarter.exe
HKU\S-1-5-21-3048764170-4027112551-3766241791-1005\...\MountPoints2: {647dec54-f690-11e0-878f-0019d20ba795} - F:\VMC_PBStarter.exe
HKU\S-1-5-21-3048764170-4027112551-3766241791-1005\...\MountPoints2: {647dec55-f690-11e0-878f-0019d20ba795} - F:\VMC_PBStarter.exe
HKU\S-1-5-21-3048764170-4027112551-3766241791-1005\...\MountPoints2: {97d05590-d4ac-11de-8535-0019d20ba795} - F:\VMC_PBStarter.exe
HKU\S-1-5-21-3048764170-4027112551-3766241791-1005\...\MountPoints2: {97d05591-d4ac-11de-8535-0019d20ba795} - F:\VMC_PBStarter.exe
HKU\S-1-5-21-3048764170-4027112551-3766241791-1005\...\MountPoints2: {9abc8d40-1d21-11e1-87b6-0019d20ba795} - F:\VMC_PBStarter.exe
HKU\S-1-5-21-3048764170-4027112551-3766241791-1005\...\MountPoints2: {9abc8d41-1d21-11e1-87b6-0019d20ba795} - F:\VMC_PBStarter.exe
HKU\S-1-5-21-3048764170-4027112551-3766241791-1005\...\MountPoints2: {bfda1c58-e297-11de-8549-00197de510b7} - F:\VMC_PBStarter.exe
HKU\S-1-5-21-3048764170-4027112551-3766241791-1005\...\MountPoints2: {bfda1c59-e297-11de-8549-00197de510b7} - F:\VMC_PBStarter.exe
HKU\S-1-5-21-3048764170-4027112551-3766241791-1005\...\MountPoints2: {c65b7e22-f1f5-11e0-8785-0019d20ba795} - F:\VMC_PBStarter.exe
HKU\S-1-5-21-3048764170-4027112551-3766241791-1005\...\MountPoints2: {c65b7e23-f1f5-11e0-8785-0019d20ba795} - G:\VMC_PBStarter.exe
HKU\S-1-5-21-3048764170-4027112551-3766241791-1005\...\MountPoints2: {ebae1706-ebd8-11e1-88bf-0019d20ba795} - F:\VMC_PBStarter.exe
HKU\S-1-5-21-3048764170-4027112551-3766241791-1005\...\MountPoints2: {ebae1707-ebd8-11e1-88bf-0019d20ba795} - F:\VMC_PBStarter.exe
HKU\S-1-5-21-3048764170-4027112551-3766241791-1005\...\MountPoints2: {f24e7454-96b3-11dc-8234-0019d20ba795} - F:\VMC_PBStarter.exe
HKU\S-1-5-21-3048764170-4027112551-3766241791-1005\...\MountPoints2: {f24e7455-96b3-11dc-8234-0019d20ba795} - F:\VMC_PBStarter.exe
HKU\S-1-5-21-3048764170-4027112551-3766241791-1005\...\MountPoints2: {f2b9b670-a35f-11dc-8246-0019d20ba795} - F:\VMC_PBStarter.exe
HKU\S-1-5-21-3048764170-4027112551-3766241791-1005\...\MountPoints2: {f2b9b671-a35f-11dc-8246-0019d20ba795} - F:\VMC_PBStarter.exe
Lsa: [Authentication Packages] msv1_0 nwprovau

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.uk/
HKCU\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
URLSearchHook: HKCU - WiseConvert B2 Toolbar - {da7a20cf-bef4-4342-ad78-0240fdf87055} - C:\Program Files\WiseConvert_B2\prxtbWis0.dll No File
SearchScopes: HKLM - DefaultScope {DC93EB45-EEFA-4D88-99F2-8B01CEFB7D11} URL =
SearchScopes: HKLM - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKLM - {DC93EB45-EEFA-4D88-99F2-8B01CEFB7D11} URL =
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3297951&CUI=UN35513305752290424&UM=2&UP=SP7CFE7FD0-7799-4AE9-8204-2658A6EB40FD&SSPV=
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://mysearch.avg.com/search?cid={3E3B00E2-E930-4E81-A432-9B98BFCA7A05}&mid=f85d8ed427d847d1a438d15094ef4e66-844f50ddd86b4ae3fa5435f2815ce127442dbc64〈=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-05-11 11:51:23&v=18.1.0.443&pid=safeguard&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {DC93EB45-EEFA-4D88-99F2-8B01CEFB7D11} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3297951&CUI=UN35513305752290424&UM=2
SearchScopes: HKCU - {DF9ACCA0-A71B-4CD0-945A-3C872BA9CEF6} URL = http://uk.search.yahoo.com/search?fr=mcafee&p={SearchTerms}
BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\18.1.5.512\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
Toolbar: HKLM - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\18.1.5.512\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
Toolbar: HKCU - WiseConvert B2 Toolbar - {DA7A20CF-BEF4-4342-AD78-0240FDF87055} - C:\Program Files\WiseConvert_B2\prxtbWis0.dll No File
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} http://magnet.2020.net/virtualplanner/Core/Player/2020PlayerAX_Win32.cab
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1219790818437
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.4.2/jinstall-1_4_2_08-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA} http://java.sun.com/update/1.4.2/jinstall-1_4_2_08-windows-i586.cab
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.5\ViProtocol.dll (AVG Secure Search)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{CC7FBE3F-CFEF-467F-A2E2-429F7F78F5F4}: [NameServer]4.4.4.4,8.8.8.8

FireFox:
========
FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.5\\npsitesafety.dll No File
FF Plugin: @garmin.com/GpsControl - C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [hotfix@mozilla.org] - C:\Documents and Settings\User1\Application Data\Mozilla\Firefox\Extensions\MozillaHotfix
FF Extension: Mozilla hotfix - C:\Documents and Settings\User1\Application Data\Mozilla\Firefox\Extensions\MozillaHotfix [2014-02-23]
FF HKCU\...\Firefox\Extensions: [hotfix@mozilla.org] - C:\Documents and Settings\User1\Application Data\Mozilla\Firefox\Extensions\MozillaHotfix
FF Extension: Mozilla hotfix - C:\Documents and Settings\User1\Application Data\Mozilla\Firefox\Extensions\MozillaHotfix [2014-02-23]

========================== Services (Whitelisted) =================

R2 6to4; C:\WINDOWS\System32\6to4svc.dll [100864 2010-02-12] (Microsoft Corporation)
R2 AcerMemUsageCheckService; C:\Acer\Empowering Technology\ePerformance\MemCheck.exe [28672 2006-03-29] (Acer Inc.)
R2 AVGIDSAgent; D:\Program Files\AVG\AVG2014\avgidsagent.exe [3644432 2014-05-13] (AVG Technologies CZ, s.r.o.)
R2 avgwd; D:\Program Files\AVG\AVG2014\avgwdsvc.exe [292424 2014-05-13] (AVG Technologies CZ, s.r.o.)
S2 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [431960 2014-04-01] (Garmin Ltd or its subsidiaries)
R2 Kodak AiO Network Discovery Service; C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe [395640 2013-03-15] (Eastman Kodak Company)
R2 Kodak AiO Status Monitor Service; C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [780152 2013-01-15] (Eastman Kodak Company)
S2 NWCWorkstation; C:\WINDOWS\System32\nwwks.dll [65536 2008-04-14] (Microsoft Corporation)
R2 S24EventMonitor; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [540745 2006-04-14] (Intel Corporation )
R2 vToolbarUpdater18.1.5; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.5\ToolbarUpdater.exe [1801752 2014-05-12] (AVG Secure Search)
S2 helpsvc; %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dlles\pchsvc.dll [X]

==================== Drivers (Whitelisted) ====================

R0 abp480n5; C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS [23552 2004-08-04] (Microsoft Corporation)
R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [21275 2007-10-24] (Meetinghouse Data Communications)
R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [122136 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\WINDOWS\System32\DRIVERS\avgidsdriverx.sys [198936 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [149784 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [21272 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [192280 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [237848 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [107288 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [27416 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [210200 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [42784 2014-05-12] (AVG Technologies)
R3 btaudio; C:\WINDOWS\System32\drivers\btaudio.sys [328061 2006-01-17] (Broadcom Corporation.)
R3 BTDriver; C:\WINDOWS\System32\DRIVERS\btport.sys [30459 2006-01-17] (Broadcom Corporation.)
R3 BTKRNL; C:\WINDOWS\System32\DRIVERS\btkrnl.sys [850474 2006-01-17] (Broadcom Corporation.)
R2 BTSERIAL; C:\WINDOWS\system32\drivers\btserial.sys [23271 2006-01-17] (Broadcom Corporation.)
S3 BTWDNDIS; C:\WINDOWS\System32\DRIVERS\btwdndis.sys [148900 2006-01-17] (Broadcom Corporation.)
R3 BTWUSB; C:\WINDOWS\System32\Drivers\btwusb.sys [65688 2006-01-17] (Broadcom Corporation.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R2 EpmPsd; C:\WINDOWS\system32\drivers\epm-psd.sys [4096 2004-07-19] (Acer Value Labs, USA)
R2 EpmShd; C:\WINDOWS\system32\drivers\epm-shd.sys [78208 2005-04-07] (Acer Value Labs, USA)
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2008-10-24] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2008-10-24] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2008-10-24] (HP)
R2 int15; C:\WINDOWS\system32\drivers\int15.sys [69632 2006-06-02] ()
S3 lv321av; C:\WINDOWS\System32\DRIVERS\lv321av.sys [1097728 2006-06-19] (Logitech)
R3 LVUSBSta; C:\WINDOWS\System32\drivers\lvusbsta.sys [39424 2006-06-19] (Logitech)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\mbamswissarmy.sys [40776 2014-05-30] (Malwarebytes Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S3 NPF; C:\WINDOWS\System32\drivers\npf.sys [32512 2005-11-02] (CACE Technologies)
R2 NwlnkIpx; C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys [88320 2008-04-13] (Microsoft Corporation)
R2 NwlnkNb; C:\WINDOWS\System32\DRIVERS\nwlnknb.sys [63232 2004-08-04] (Microsoft Corporation)
R2 NwlnkSpx; C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys [55936 2004-08-04] (Microsoft Corporation)
S3 NWRDR; C:\WINDOWS\System32\DRIVERS\nwrdr.sys [163584 2008-04-13] (Microsoft Corporation)
S3 psdfilter; C:\WINDOWS\system32\Drivers\psdfilter.sys [12288 2006-04-07] (HiTRUST)
S3 psdvdisk; C:\WINDOWS\system32\Drivers\psdvdisk.sys [60416 2006-03-08] (HiTRUST)
R3 Rasirda; C:\WINDOWS\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)
U3 rpcapd;
R2 s24trans; C:\WINDOWS\System32\DRIVERS\s24trans.sys [13568 2006-04-14] (Intel Corporation)
R1 Tcpip6; C:\WINDOWS\System32\DRIVERS\tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
R0 UBHelper; C:\WINDOWS\system32\Drivers\UBHelper.sys [13952 2004-12-17] ()
R3 w39n51; C:\WINDOWS\System32\DRIVERS\w39n51.sys [1429632 2006-04-04] (Intel® Corporation)
R3 yukonwxp; C:\WINDOWS\System32\DRIVERS\yk51x86.sys [250496 2006-11-22] (Marvell)
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S3 SNP2UVC; system32\DRIVERS\snp2uvc.sys [X]
U1 WS2IFSL;

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-05-31 11:13 - 2014-05-31 11:13 - 00018607 _____ () C:\Documents and Settings\User1\Desktop\FRST.txt
2014-05-31 11:12 - 2014-05-31 11:13 - 01056256 _____ (Farbar) C:\Documents and Settings\User1\Desktop\FRST.exe
2014-05-30 22:05 - 2014-05-30 22:07 - 00040776 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2014-05-25 02:24 - 2014-05-25 02:25 - 00000169 _____ () C:\Documents and Settings\All Users\Application Data\RUNDLL32.EXE-2548-F.txt
2014-05-25 02:22 - 2014-05-25 02:22 - 00000000 ____D () C:\WINDOWS\Y8HQY7GPX6FOX6FO
2014-05-25 02:20 - 2014-05-25 02:20 - 00000000 __SHD () C:\FOUND.000
2014-05-25 01:10 - 2014-05-25 01:10 - 00000054 _____ () C:\Documents and Settings\All Users\Application Data\RUNDLL32.EXE-2764-F.txt
2014-05-25 01:05 - 2014-05-25 01:06 - 00000571 _____ () C:\Documents and Settings\All Users\Application Data\RUNDLL32.EXE-2304-F.txt
2014-05-25 01:02 - 2014-05-25 01:02 - 00000362 _____ () C:\Documents and Settings\All Users\Application Data\RUNDLL32.EXE-3760-F.txt
2014-05-25 01:02 - 2014-05-25 01:02 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\80555278EAABD67929D47DCA445020E8
2014-05-19 11:10 - 2014-05-19 11:10 - 00000000 ____D () C:\Documents and Settings\Default User\Local Settings\Application Data\Avg2014
2014-05-19 00:00 - 2014-05-25 02:09 - 00001980 _____ () C:\WINDOWS\setupact.log
2014-05-19 00:00 - 2014-05-19 00:00 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-05-11 20:56 - 2014-05-30 20:59 - 00012956 _____ () C:\WINDOWS\setupapi.log
2014-05-11 11:51 - 2014-05-12 20:55 - 00042784 _____ (AVG Technologies) C:\WINDOWS\system32\Drivers\avgtpx86.sys
2014-05-11 11:51 - 2014-05-11 11:52 - 00000000 ____D () C:\Documents and Settings\User1\Local Settings\Application Data\AVG SafeGuard toolbar
2014-05-11 11:51 - 2014-05-11 11:51 - 00000000 ____D () C:\Documents and Settings\User1\Application Data\AVG SafeGuard toolbar
2014-05-11 11:51 - 2014-05-11 11:51 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
2014-05-11 11:50 - 2014-05-11 11:50 - 00000000 ____D () C:\Program Files\Common Files\AVG Secure Search
2014-05-11 11:50 - 2014-05-11 11:50 - 00000000 ____D () C:\Program Files\AVG SafeGuard toolbar
2014-05-11 11:50 - 2014-05-11 11:50 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG Secure Search
2014-05-11 11:50 - 2014-05-11 11:50 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG SafeGuard toolbar
2014-05-09 20:50 - 2014-05-09 20:50 - 00000692 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-09 20:50 - 2014-05-09 20:50 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-05-09 20:50 - 2014-05-09 20:50 - 00000000 ____D () C:\Documents and Settings\User1\Application Data\Malwarebytes
2014-05-09 20:50 - 2014-05-09 20:50 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
2014-05-09 20:50 - 2014-05-09 20:50 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-05-09 20:50 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-05-09 09:17 - 2014-05-09 09:17 - 00000000 ____D () C:\FRST
2014-05-09 07:26 - 2014-02-15 17:14 - 00000426 _____ () C:\AVScanner.ini
2014-05-09 06:40 - 2014-05-09 06:40 - 00000000 ____D () C:\Documents and Settings\User1\Application Data\AVG2014
2014-05-09 06:40 - 2014-05-09 06:40 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\Application Data\Avg2014
2014-05-09 06:39 - 2014-05-19 11:10 - 00000508 _____ () C:\Documents and Settings\All Users\Desktop\AVG 2014.lnk
2014-05-09 06:39 - 2014-05-09 06:39 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2014-05-09 06:35 - 2014-05-09 06:35 - 00000000 ___HD () C:\$AVG
2014-05-09 06:35 - 2014-05-09 06:35 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG2014
2014-05-09 06:31 - 2014-05-09 06:31 - 00000000 ____D () C:\Documents and Settings\User1\Local Settings\Application Data\MFAData
2014-05-09 06:31 - 2014-05-09 06:31 - 00000000 ____D () C:\Documents and Settings\User1\Local Settings\Application Data\Avg2014
2014-05-09 06:24 - 2014-03-31 09:35 - 00231584 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2014-05-08 20:25 - 2014-05-08 20:25 - 00000000 ____D () C:\WINDOWS\Microsoft Antimalware
2014-05-06 16:50 - 2014-05-06 16:50 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\johclez.cpp

==================== One Month Modified Files and Folders =======

2014-05-31 11:13 - 2014-05-31 11:13 - 00018607 _____ () C:\Documents and Settings\User1\Desktop\FRST.txt
2014-05-31 11:13 - 2014-05-31 11:12 - 01056256 _____ (Farbar) C:\Documents and Settings\User1\Desktop\FRST.exe
2014-05-31 11:05 - 2013-10-02 00:41 - 00000422 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{D53700B8-169E-422C-996D-BAD488ECF26C}.job
2014-05-31 11:05 - 2006-08-01 16:00 - 00001158 _____ () C:\WINDOWS\system32\wpa.dbl
2014-05-31 11:04 - 2006-08-01 16:01 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-05-31 11:03 - 2014-03-23 20:29 - 00000222 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-05-31 11:03 - 2011-05-06 17:48 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-05-31 00:05 - 2014-02-18 18:22 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-05-31 00:05 - 2007-10-24 07:24 - 00000178 ___SH () C:\Documents and Settings\User1\ntuser.ini
2014-05-31 00:05 - 2006-08-01 16:01 - 01150364 _____ () C:\WINDOWS\WindowsUpdate.log
2014-05-31 00:05 - 2006-08-01 16:01 - 00032572 _____ () C:\WINDOWS\SchedLgU.Txt
2014-05-31 00:05 - 2006-08-01 16:01 - 00000012 _____ () C:\WINDOWS\bthservsdp.dat
2014-05-30 22:07 - 2014-05-30 22:05 - 00040776 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2014-05-30 20:59 - 2014-05-11 20:56 - 00012956 _____ () C:\WINDOWS\setupapi.log
2014-05-25 02:25 - 2014-05-25 02:24 - 00000169 _____ () C:\Documents and Settings\All Users\Application Data\RUNDLL32.EXE-2548-F.txt
2014-05-25 02:22 - 2014-05-25 02:22 - 00000000 ____D () C:\WINDOWS\Y8HQY7GPX6FOX6FO
2014-05-25 02:20 - 2014-05-25 02:20 - 00000000 __SHD () C:\FOUND.000
2014-05-25 02:09 - 2014-05-19 00:00 - 00001980 _____ () C:\WINDOWS\setupact.log
2014-05-25 01:10 - 2014-05-25 01:10 - 00000054 _____ () C:\Documents and Settings\All Users\Application Data\RUNDLL32.EXE-2764-F.txt
2014-05-25 01:06 - 2014-05-25 01:05 - 00000571 _____ () C:\Documents and Settings\All Users\Application Data\RUNDLL32.EXE-2304-F.txt
2014-05-25 01:02 - 2014-05-25 01:02 - 00000362 _____ () C:\Documents and Settings\All Users\Application Data\RUNDLL32.EXE-3760-F.txt
2014-05-25 01:02 - 2014-05-25 01:02 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\80555278EAABD67929D47DCA445020E8
2014-05-19 11:10 - 2014-05-19 11:10 - 00000000 ____D () C:\Documents and Settings\Default User\Local Settings\Application Data\Avg2014
2014-05-19 11:10 - 2014-05-09 06:39 - 00000508 _____ () C:\Documents and Settings\All Users\Desktop\AVG 2014.lnk
2014-05-19 00:00 - 2014-05-19 00:00 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-05-14 16:35 - 2011-02-06 10:28 - 00000278 _____ () C:\Documents and Settings\User1\Desktop\Vehicle tracking systems track vans, trucks & cars with Quartix award-winning GPS devices.url
2014-05-13 14:19 - 2014-03-27 22:15 - 00192280 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgldx86.sys
2014-05-13 14:17 - 2014-03-31 16:11 - 00210200 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgtdix.sys
2014-05-13 14:17 - 2014-03-31 16:11 - 00107288 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgmfx86.sys
2014-05-13 14:17 - 2014-03-27 22:14 - 00122136 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgdiskx.sys
2014-05-13 14:17 - 2014-03-27 22:04 - 00237848 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avglogx.sys
2014-05-13 14:17 - 2014-03-27 22:04 - 00149784 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgidshx.sys
2014-05-13 14:09 - 2014-04-18 15:02 - 00198936 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgidsdriverx.sys
2014-05-13 14:04 - 2014-03-27 22:03 - 00027416 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgrkx86.sys
2014-05-13 14:04 - 2014-03-27 22:03 - 00021272 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgidsshimx.sys
2014-05-12 20:55 - 2014-05-11 11:51 - 00042784 _____ (AVG Technologies) C:\WINDOWS\system32\Drivers\avgtpx86.sys
2014-05-11 11:52 - 2014-05-11 11:51 - 00000000 ____D () C:\Documents and Settings\User1\Local Settings\Application Data\AVG SafeGuard toolbar
2014-05-11 11:51 - 2014-05-11 11:51 - 00000000 ____D () C:\Documents and Settings\User1\Application Data\AVG SafeGuard toolbar
2014-05-11 11:51 - 2014-05-11 11:51 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
2014-05-11 11:50 - 2014-05-11 11:50 - 00000000 ____D () C:\Program Files\Common Files\AVG Secure Search
2014-05-11 11:50 - 2014-05-11 11:50 - 00000000 ____D () C:\Program Files\AVG SafeGuard toolbar
2014-05-11 11:50 - 2014-05-11 11:50 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG Secure Search
2014-05-11 11:50 - 2014-05-11 11:50 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG SafeGuard toolbar
2014-05-09 20:50 - 2014-05-09 20:50 - 00000692 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-09 20:50 - 2014-05-09 20:50 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-05-09 20:50 - 2014-05-09 20:50 - 00000000 ____D () C:\Documents and Settings\User1\Application Data\Malwarebytes
2014-05-09 20:50 - 2014-05-09 20:50 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
2014-05-09 20:50 - 2014-05-09 20:50 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-05-09 11:11 - 2006-08-01 16:00 - 00000211 ___SH () C:\boot.ini
2014-05-09 11:11 - 2006-08-01 13:58 - 00000709 _____ () C:\WINDOWS\win.ini
2014-05-09 11:11 - 2006-08-01 13:52 - 00000246 _____ () C:\WINDOWS\system.ini
2014-05-09 09:17 - 2014-05-09 09:17 - 00000000 ____D () C:\FRST
2014-05-09 07:13 - 2014-04-07 00:45 - 00318818 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2014-05-09 06:40 - 2014-05-09 06:40 - 00000000 ____D () C:\Documents and Settings\User1\Application Data\AVG2014
2014-05-09 06:40 - 2014-05-09 06:40 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\Application Data\Avg2014
2014-05-09 06:39 - 2014-05-09 06:39 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2014-05-09 06:35 - 2014-05-09 06:35 - 00000000 ___HD () C:\$AVG
2014-05-09 06:35 - 2014-05-09 06:35 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG2014
2014-05-09 06:31 - 2014-05-09 06:31 - 00000000 ____D () C:\Documents and Settings\User1\Local Settings\Application Data\MFAData
2014-05-09 06:31 - 2014-05-09 06:31 - 00000000 ____D () C:\Documents and Settings\User1\Local Settings\Application Data\Avg2014
2014-05-08 23:36 - 2014-04-07 01:19 - 03052188 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-3048764170-4027112551-3766241791-1005-0.dat
2014-05-08 20:25 - 2014-05-08 20:25 - 00000000 ____D () C:\WINDOWS\Microsoft Antimalware
2014-05-08 20:17 - 2014-03-23 20:29 - 00000216 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-05-07 01:59 - 2011-05-24 20:11 - 00002209 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft ActiveSync.lnk
2014-05-07 01:02 - 2013-01-14 03:01 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-05-06 16:50 - 2014-05-06 16:50 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\johclez.cpp

Some content of TEMP:
====================
C:\Documents and Settings\User1\Local Settings\Temp\w8p0.dll

==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version:30-05-2014
Ran by User1 at 2014-05-31 11:19:11
Running from C:\Documents and Settings\User1\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: AVG AntiVirus Free Edition 2014 (Disabled - Up to date) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Internet Security 2012 (Disabled) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall (Disabled) {8decf618-9569-4340-b34a-d78d28969b66}

==================== Installed Programs ======================

2007 Microsoft Office system (HKLM\...\PROHYBRIDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
32 Bit HP CIO Components Installer (Version: 3.1.1 - Hewlett-Packard) Hidden
Acer eDataSecurity Management (Version: 2.0.3077 - Acer) Hidden
Acer eDataSecurity Management 2.0.3077 (HKLM\...\InstallShield_{4AD13F68-CADA-4C6B-9759-C33753F89908}) (Version: 2.0.3077 - Acer)
Acer Empowering Technology (HKLM\...\{AB6097D9-D722-4987-BD9E-A076E2848EE2}) (Version: 2.03.2024 - Acer)
Acer eNet Management (HKLM\...\{C06554A1-2C1E-4D20-B613-EE62C79927CC}) (Version: 2.05.2006 - )
Acer ePerformance Management (HKLM\...\{7057702F-6D71-4F30-8000-9E72BC771887}) (Version: 2.00.2007 - Acer)
Acer ePower Management (HKLM\...\{58E5844B-7CE2-413D-83D1-99294BF6C74F}) (Version: 2.00.2027 - Acer Inc)
Acer ePresentation Management (HKLM\...\{BF839132-BD43-4056-ACBF-4377F4A88E2A}) (Version: 2.00.2012 - Acer Inc.)
Acer eSettings Management (HKLM\...\{1F2C8256-2773-46C7-9ABA-3E39C24ABB51}) (Version: 2.03.2017 - Acer)
Acer GridVista (HKLM\...\GridVista) (Version: 2.53.0209 - )
Acer Screensaver (HKLM\...\{D458BBDC-0363-42E0-8FF9-4736E3CB3CA2}) (Version: 1.0.0 - acer)
AcerOrbiCam (HKLM\...\{D26569C3-9B03-4669-9EC5-9FCF70933688}) (Version: 1.0.10 - Sonix)
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.1.102.63 - Adobe Systems Incorporated)
Adobe Reader 7.0 (HKLM\...\{AC76BA86-7AD7-1033-7646-A70000000000}) (Version: 7.0.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.8.638 - Adobe Systems, Inc.)
Agere Systems HDA Modem (HKLM\...\Agere Systems Soft Modem) (Version: - Agere Systems)
aioscnnr (Version: 7.6.13.10 - Your Company Name) Hidden
ANT Drivers Installer x86 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4592 - AVG Technologies)
AVG 2014 (Version: 14.0.3955 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4592 - AVG Technologies) Hidden
AVG SafeGuard toolbar (HKLM\...\AVG SafeGuard toolbar) (Version: 18.1.5.512 - AVG Technologies)
BookletCreator (HKLM\...\BookletCreator) (Version: 1.3.0.0 - BookletCreator.com)
C4USelfUpdater (Version: 1.00.0000 - Your Company Name) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform)
center (Version: 7.7.2.0 - Eastman Kodak Company) Hidden
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
ConstructionSkills (HKLM\...\{5499A827-E4C8-49B8-8462-4C0E5CA976A5}) (Version: 1.00.673 - IDS)
Download Navigator (HKLM\...\{E728441A-7820-4B1C-87C9-DE7BE37B2953}) (Version: 1.1.0 - SEIKO EPSON CORPORATION)
Elevated Installer (Version: 3.1.7.0 - Garmin Ltd or its subsidiaries) Hidden
essentials (Version: 7.7.2.0 - Eastman Kodak Company) Hidden
Garmin Communicator Plugin (HKLM\...\{032A13FF-D26D-4844-9597-7EF698627985}) (Version: 4.1.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM\...\{50b02c70-f203-47ba-a926-5e4d816688db}) (Version: 3.1.7.0 - Garmin Ltd or its subsidiaries)
Garmin Express (Version: 3.1.7.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (Version: 3.1.7.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin POI Loader (HKLM\...\{80A2A967-C1B7-412D-B2B2-C4A33209C205}) (Version: 2.5.2.0 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM\...\{ABA5E381-EC46-425C-86C5-5CD15BBFB4BF}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Garmin WebUpdater (HKLM\...\{00FE2935-FB56-4410-AB5F-D6E70C1771D2}) (Version: 2.5.6 - Garmin Ltd or its subsidiaries)
HPSSupply (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: 6.14.10.4543 - )
Intel® PROSet/Wireless Software (HKLM\...\ProInst) (Version: 10.1.1.3 API - Intel Corporation)
Java 2 Runtime Environment, SE v1.4.2_08 (HKLM\...\{7148F0A8-6813-11D6-A77B-00B0D0142080}) (Version: 1.4.2_08 - Sun Microsystems, Inc.)
K-Lite Codec Pack 6.5.0 (Basic) (HKLM\...\KLiteCodecPack_is1) (Version: 6.5.0 - )
Kodak AIO Printer (Version: 7.7.2.0 - Eastman Kodak Company) Hidden
KODAK AiO Software (HKLM\...\{E0F274B7-592B-4669-8FB8-8D9825A09858}) (Version: 7.7.6.0 - Eastman Kodak Company)
Launch Manager (HKLM\...\LManager) (Version: - )
LightScribe 1.4.97.1 (Version: 1.4.97.1 - http://www.lightscribe.com) Hidden
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Marvell Miniport Driver (HKLM\...\{C950420B-4182-49EA-850A-A6A2ABF06C6B}) (Version: 9.12.4.3 - Marvell)
mCore (Version: 5.73.0000 - Intel Corporation) Hidden
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version: - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft ActiveSync (HKLM\...\{99052DB7-9592-4522-A558-5417BBAD48EE}) (Version: 4.5.5096.0 - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Internationalized Domain Names Mitigation APIs (Version: - Microsoft Corporation) Hidden
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 (Version: - Microsoft Corporation) Hidden
Microsoft National Language Support Downlevel APIs (Version: - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Hybrid 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (HKLM\...\{90120000-00B2-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Software Update for Web Folders (English) 12 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
mMHouse (Version: 5.73.0000 - Intel Corporation) Hidden
mPfMgr (Version: 5.73.0000 - Intel Corporation) Hidden
mProSafe (Version: 9.00.0000 - Intel) Hidden
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 6.0 Parser (HKLM\...\{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}) (Version: 6.10.1129.0 - Microsoft Corporation)
mWlsSafe (Version: 9.00.0000 - Intel) Hidden
mXML (Version: 5.73.0000 - Intel Corporation) Hidden
Nokia Connectivity Cable Driver (HKLM\...\{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}) (Version: 7.1.32.69 - )
NTI Backup NOW! 4.5 (HKLM\...\{B06B842F-2450-494F-BBDE-217CDC151A37}) (Version: 4 - NewTech Infosystems)
NTI CD & DVD-Maker (HKLM\...\InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}) (Version: 7 - NewTech Infosystems)
NTI CD & DVD-Maker (Version: 7 - NewTech Infosystems) Hidden
ocr (Version: 6.2.3.50 - Eastman Kodak Company) Hidden
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
PIF DESIGNER2.1 (HKLM\...\{23B59B9F-C360-11D7-875B-0090CC005647}) (Version: - )
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: - CyberLink Corporation)
PreReq (Version: 6.2.4.0 - Eastman Kodak Company) Hidden
PrintProjects (HKLM\...\PrintProjects) (Version: 1.0.0.9282 - RocketLife Inc.)
QuickTime (HKLM\...\QuickTime) (Version: - )
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.5273 - Realtek Semiconductor Corp.)
ScanToWeb (HKLM\...\{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}) (Version: - )
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 12 - HP)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 8.3.0.0 - Synaptics)
TeamViewer 7 (HKLM\...\TeamViewer 7) (Version: 7.0.13989 - TeamViewer)
Texas Instruments PCIxx21/x515/xx12 drivers. (HKLM\...\InstallShield_{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A}) (Version: 1.15.0000 - Texas Instruments Inc.)
TIPCI (Version: 1.15.0000 - Texas Instruments Inc.) Hidden
Tweaking.com - Windows Repair (All in One) (HKLM\...\Tweaking.com - Windows Repair (All in One)) (Version: 2.7.1 - Tweaking.com)
Uninstall Remote Fitter (HKLM\...\Wirtgen Remote Fitter GB_is1) (Version: - )
Update 4.0.3 for Microsoft .NET Framework 4 Client Profile (KB2600211) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2600211) (Version: 1 - Microsoft Corporation)
Update 4.0.3 for Microsoft .NET Framework 4 Extended (KB2600211) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2600211) (Version: 1 - Microsoft Corporation)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2878297) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{9B1DEEA3-B4ED-49F0-9EF7-4A820EEEA7F1}) (Version: - Microsoft)
Update for Windows Internet Explorer 8 (KB971930) (HKLM\...\KB971930-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB976662) (HKLM\...\KB976662-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB976749) (HKLM\...\KB976749-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB980182) (HKLM\...\KB980182-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2641690) (HKLM\...\KB2641690) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2718704) (HKLM\...\KB2718704) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Vodafone Mobile Connect Lite Runtime Components (HKLM\...\{CFA76A76-03CF-43AC-AAB4-E2E3DACE4E02}) (Version: 2.1.6.1 - Vodafone)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WIDCOMM Bluetooth Software (HKLM\...\{3F4EC965-28EF-45C3-B063-04B25D4E9679}) (Version: 5.0.1.1500 - )
WIDOS (HKLM\...\WIDOS) (Version: 20.12.03.01 - Wirtgen GmbH)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Internet Explorer 7 (Version: 20070813.185237 - Microsoft Corporation) Hidden
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows Media Format 11 runtime (Version: - Microsoft Corporation) Hidden
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
Windows Media Player 11 (Version: - Microsoft Corporation) Hidden
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
Wirtgen ProSecCo Client (HKLM\...\Wirtgen ProSecCo Client) (Version: 4.4.8.2 - LexCom Informationssysteme)
WiseConvert B2 Toolbar (HKLM\...\WiseConvert_B2 Toolbar) (Version: 6.14.0.28 - WiseConvert B2)

==================== Restore Points =========================

07-04-2014 00:37:22 Installed Microsoft Fix it 50356
08-04-2014 13:51:43 System Checkpoint
13-04-2014 19:55:35 System Checkpoint
20-04-2014 13:33:02 System Checkpoint
23-04-2014 02:27:20 System Checkpoint
24-04-2014 03:21:23 System Checkpoint
24-04-2014 21:59:58 Software Distribution Service 3.0
24-04-2014 23:35:45 Garmin Express
27-04-2014 19:27:28 System Checkpoint
30-04-2014 21:28:17 System Checkpoint
06-05-2014 23:08:44 System Checkpoint
09-05-2014 05:34:55 Installed AVG 2014
09-05-2014 05:35:41 Installed AVG 2014
09-05-2014 10:27:28 Removed Symantec AntiVirus
11-05-2014 11:23:36 System Checkpoint
14-05-2014 16:36:42 System Checkpoint
19-05-2014 16:04:00 System Checkpoint
20-05-2014 17:13:46 System Checkpoint
21-05-2014 17:19:21 System Checkpoint
24-05-2014 19:21:23 System Checkpoint
30-05-2014 22:44:31 System Checkpoint

==================== Hosts content: ==========================

2004-08-04 05:00 - 2011-10-08 21:47 - 00438972 ____R C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 123topsearch.com
127.0.0.1 www.123topsearch.com
127.0.0.1 132.com
127.0.0.1 www.132.com
127.0.0.1 www.136136.net
127.0.0.1 136136.net
127.0.0.1 163ns.com
127.0.0.1 www.163ns.com
127.0.0.1 171203.com
127.0.0.1 17-plus.com

There are 1000 more lines.

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{D53700B8-169E-422C-996D-BAD488ECF26C}.job => C:\WINDOWS\system32\msfeedssync.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe

==================== Loaded Modules (whitelisted) =============

2006-04-14 12:04 - 2006-04-14 12:04 - 00876544 _____ () C:\Program Files\Intel\Wireless\Bin\LIBEAY32.dll
2006-04-14 12:04 - 2006-04-14 12:04 - 00053322 _____ () C:\Program Files\Intel\Wireless\Bin\IntStngs.dll
2006-04-14 12:04 - 2006-04-14 12:04 - 00208965 _____ () C:\Program Files\Intel\Wireless\Bin\IWMSPROV.DLL
2013-07-15 02:25 - 2013-07-15 02:25 - 03391488 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_df7136db\mscorlib.dll
2013-07-15 02:24 - 2013-07-15 02:24 - 01966080 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_76333b3d\system.dll
2013-07-15 02:24 - 2013-07-15 02:24 - 02088960 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_f85fe12a\system.xml.dll
2014-05-11 11:50 - 2014-05-12 20:55 - 01633304 _____ () C:\Program Files\AVG SafeGuard toolbar\TBAPI.dll
2013-07-15 02:24 - 2013-07-15 02:24 - 03035136 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_74258b7a\system.windows.forms.dll
2013-07-15 02:25 - 2013-07-15 02:25 - 00843776 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_3b55b0a7\system.drawing.dll
2014-05-11 11:50 - 2014-05-12 20:55 - 02561560 _____ () C:\Program Files\AVG SafeGuard toolbar\vprot.exe
2014-05-12 20:56 - 2014-05-12 20:55 - 00519704 _____ () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.5\log4cplusU.dll
2014-05-12 20:56 - 2014-05-12 20:55 - 00159768 _____ () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.5\loggingserver.exe

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\27908078.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\27908078.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acer Empowering Technology.lnk => C:\WINDOWS\pss\Acer Empowering Technology.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk => C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk => C:\WINDOWS\pss\Bluetooth.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\WINDOWS\pss\McAfee Security Scan Plus.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SecurityClient.lnk => C:\WINDOWS\pss\SecurityClient.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Wirtgen ProSecCo Client.lnk => C:\WINDOWS\pss\Wirtgen ProSecCo Client.lnkCommon Startup
MSCONFIG\startupreg: AGRSMMSG => AGRSMMSG.exe
MSCONFIG\startupreg: Alcmtr => ALCMTR.EXE
MSCONFIG\startupreg: Boot => C:\Acer\Empowering Technology\ePower\Boot.exe
MSCONFIG\startupreg: BrowserChoice => "C:\WINDOWS\system32\browserchoice.exe" /run
MSCONFIG\startupreg: ccApp => "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
MSCONFIG\startupreg: Conime => %windir%\system32\conime.exe
MSCONFIG\startupreg: ctfmon.exe => C:\WINDOWS\system32\ctfmon.exe
MSCONFIG\startupreg: eDataSecurity Loader => C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 0
MSCONFIG\startupreg: EKStatusMonitor => C:\PROGRAM FILES\KODAK\AIO\STATUSMONITOR\EKStatusMonitor.exe
MSCONFIG\startupreg: ePower_DMC => C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
MSCONFIG\startupreg: eRecoveryService => C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
MSCONFIG\startupreg: GarminExpressTrayApp => "C:\Program Files\Garmin\Express Tray\ExpressTray.exe"
MSCONFIG\startupreg: H/PC Connection Agent => "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
MSCONFIG\startupreg: igfxhkcmd => C:\WINDOWS\system32\hkcmd.exe
MSCONFIG\startupreg: igfxpers => C:\WINDOWS\system32\igfxpers.exe
MSCONFIG\startupreg: igfxtray => C:\WINDOWS\system32\igfxtray.exe
MSCONFIG\startupreg: IMJPMIG8.1 => "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
MSCONFIG\startupreg: LaunchApp => Alaunch
MSCONFIG\startupreg: LManager => C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
MSCONFIG\startupreg: MSPY2002 => C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
MSCONFIG\startupreg: ntiMUI => C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
MSCONFIG\startupreg: PHIME2002A => C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
MSCONFIG\startupreg: PHIME2002ASync => C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\qttask.exe" -atboottime
MSCONFIG\startupreg: RTHDCPL => RTHDCPL.EXE
MSCONFIG\startupreg: SkyTel => SkyTel.EXE
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Java\j2re1.4.2_08\bin\jusched.exe"
MSCONFIG\startupreg: swg => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: SynTPEnh => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: updateMgr => C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
MSCONFIG\startupreg: vProt => "C:\Program Files\AVG Secure Search\vprot.exe"
MSCONFIG\startupreg: vptray => C:\PROGRA~1\SYMANT~1\VPTray.exe

==================== Faulty Device Manager Devices =============

Name: Bluetooth LAN Access Server Driver
Description: Bluetooth LAN Access Server Driver
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: %V_WIDCOMM%
Service: BTWDNDIS
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (05/31/2014 11:09:25 AM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

Error: (05/31/2014 11:03:40 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service. Server performance data
will not be returned. Error code returned is in data DWORD 0.

Error: (05/31/2014 00:04:14 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application mbam.exe, version 1.75.0.1, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (05/30/2014 08:56:59 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service. Server performance data
will not be returned. Error code returned is in data DWORD 0.

Error: (05/25/2014 02:27:10 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service. Server performance data
will not be returned. Error code returned is in data DWORD 0.

Error: (05/25/2014 02:23:54 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service. Server performance data
will not be returned. Error code returned is in data DWORD 0.

Error: (05/25/2014 02:21:46 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service. Server performance data
will not be returned. Error code returned is in data DWORD 0.

Error: (05/25/2014 01:22:11 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service. Server performance data
will not be returned. Error code returned is in data DWORD 0.

Error: (05/25/2014 01:18:53 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service. Server performance data
will not be returned. Error code returned is in data DWORD 0.

Error: (05/25/2014 01:09:23 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service. Server performance data
will not be returned. Error code returned is in data DWORD 0.

System errors:
=============
Error: (05/31/2014 11:05:24 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Routing and Remote Access service terminated with service-specific error 2147483720 (0x80000048).

Error: (05/31/2014 11:05:08 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Help and Support service terminated with the following error:
%%126

Error: (05/31/2014 11:05:08 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Garmin Core Update Service service failed to start due to the following error:
%%1053

Error: (05/31/2014 11:05:08 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Garmin Core Update Service service to connect.

Error: (05/30/2014 08:58:49 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Routing and Remote Access service terminated with service-specific error 2147483720 (0x80000048).

Error: (05/30/2014 08:58:15 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Help and Support service terminated with the following error:
%%126

Error: (05/30/2014 08:58:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Garmin Core Update Service service failed to start due to the following error:
%%1053

Error: (05/30/2014 08:58:15 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Garmin Core Update Service service to connect.

Error: (05/25/2014 02:25:34 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Routing and Remote Access service terminated with service-specific error 2147483720 (0x80000048).

Error: (05/25/2014 02:25:14 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Help and Support service terminated with the following error:
%%126

Microsoft Office Sessions:
=========================
Error: (09/09/2012 03:18:34 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 8153 seconds with 1500 seconds of active time. This session ended with a crash.

Error: (04/04/2012 06:18:37 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 228 seconds with 180 seconds of active time. This session ended with a crash.

Error: (01/29/2012 10:58:59 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3229 seconds with 720 seconds of active time. This session ended with a crash.

Error: (01/17/2011 02:02:07 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6548.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 31 seconds with 0 seconds of active time. This session ended with a crash.

Error: (01/17/2011 02:01:31 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6548.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 570 seconds with 300 seconds of active time. This session ended with a crash.

Error: (01/17/2011 01:51:17 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6548.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 36 seconds with 0 seconds of active time. This session ended with a crash.

Error: (01/17/2011 01:50:34 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6548.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 63 seconds with 60 seconds of active time. This session ended with a crash.

Error: (03/13/2010 02:46:53 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 141865 seconds with 0 seconds of active time. This session ended with a crash.

Error: (12/09/2009 02:56:23 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 838 seconds with 600 seconds of active time. This session ended with a crash.

Error: (12/07/2009 00:51:30 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 5775 seconds with 2460 seconds of active time. This session ended with a crash.

==================== Memory info ===========================

Percentage of memory in use: 37%
Total physical RAM: 2038.1 MB
Available physical RAM: 1266.7 MB
Total Pagefile: 3921.71 MB
Available Pagefile: 3234.44 MB
Total Virtual: 2047.88 MB
Available Virtual: 1952.63 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:53.2 GB) (Free:10.48 GB) FAT32 ==>[Drive with boot components (Windows XP)]
Drive d: (ACERDATA) (Fixed) (Total:53.69 GB) (Free:39.41 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 112 GB) (Disk ID: F404143B)
Partition 1: (Not Active) - (Size=5 GB) - (Type=12)
Partition 2: (Active) - (Size=53 GB) - (Type=0C)
Partition 3: (Not Active) - (Size=54 GB) - (Type=0C)

==================== End Of Log ============================

kevinf80 · May 31, 2014

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Download AdwCleaner by Xplode onto your Desktop.

Double click on Adwcleaner.exe to run the tool.
Click on Scan
Once the scan is done, click on the Clean button.
You will get a prompt asking to close all programs. Click OK.
Click OK again to reboot your computer.
A text file will open after the restart. Please post the content of that logfile in your reply.
You can also find the logfile at C:\AdwCleaner[sn].txt.

Next,

Read the following link before we continue and run Combofix:

ComboFix usage, Questions, Help? - Look here

Next,

Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from either of the following links :-

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

http://www.infospyware.net/antimalware/combofix/

Ensure that Combofix is saved directly to the Desktop <--- Very important
Disable all security programs as they will have a negative effect on Combofix, instructions available here http://www.bleepingcomputer.com/forums/topic114351.html if required. Be aware the list may not have all programs listed, if you need more help please ask.
Close any open browsers and any other programs you might have running
Double click the icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
Instructions for running Combofix available here http://www.bleepingcomputer.com/combofix/how-to-use-combofix if required.
If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.

Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read here http://thespykiller.co.uk/index.php?page=20 why disabling autoruns is recommended.

*EXTRA NOTES*

    If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
    If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
    If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

Post those logs in next reply please...

Kevin

fixlist.txt

christamofo · May 31, 2014

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:30-05-2014
Ran by User1 at 2014-05-31 12:05:53 Run:1
Running from C:\Documents and Settings\User1\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
HKU\.DEFAULT\...\RunOnce: [KodakHomeCenter] - C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe [2236792 2013-03-15] (Eastman Kodak Company)
HKU\.DEFAULT\...\RunOnce: [spUninstallDeleteDir] - rmdir /s /q "C:\WINDOWS\system32\config\systemprofile\Application Data\SearchProtect"
HKU\S-1-5-21-3048764170-4027112551-3766241791-1005\...\MountPoints2: {03ce172e-a4d9-11dc-824b-0019d20ba795} - F:\VMC_PBStarter.exe
HKU\S-1-5-21-3048764170-4027112551-3766241791-1005\...\MountPoints2: {03ce172f-a4d9-11dc-824b-0019d20ba795} - F:\VMC_PBStarter.exe
HKU\S-1-5-21-3048764170-4027112551-3766241791-1005\...\MountPoints2: {19cf8f9c-3987-11e2-88f5-0019d20ba795} - F:\StartVMCLite.exe
HKU\S-1-5-21-3048764170-4027112551-3766241791-1005\...\MountPoints2: {1cbf7774-3984-11e2-88f4-0019d20ba795} - F:\StartVMCLite.exe
HKU\S-1-5-21-3048764170-4027112551-3766241791-1005\...\MountPoints2: {2f37cbde-4149-11e0-86ab-0019d20ba795} - "F:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-3048764170-4027112551-3766241791-1005\...\MountPoints2: {5a0f8416-368f-11df-857c-0019d20ba795} - F:\VMC_PBStarter.exe
HKU\S-1-5-21-3048764170-4027112551-3766241791-1005\...\MountPoints2: {5a0f8417-368f-11df-857c-0019d20ba795} - F:\VMC_PBStarter.exe
HKU\S-1-5-21-3048764170-4027112551-3766241791-1005\...\MountPoints2: {647dec54-f690-11e0-878f-0019d20ba795} - F:\VMC_PBStarter.exe
HKU\S-1-5-21-3048764170-4027112551-3766241791-1005\...\MountPoints2: {647dec55-f690-11e0-878f-0019d20ba795} - F:\VMC_PBStarter.exe
HKU\S-1-5-21-3048764170-4027112551-3766241791-1005\...\MountPoints2: {97d05590-d4ac-11de-8535-0019d20ba795} - F:\VMC_PBStarter.exe
HKU\S-1-5-21-3048764170-4027112551-3766241791-1005\...\MountPoints2: {97d05591-d4ac-11de-8535-0019d20ba795} - F:\VMC_PBStarter.exe
HKU\S-1-5-21-3048764170-4027112551-3766241791-1005\...\MountPoints2: {9abc8d40-1d21-11e1-87b6-0019d20ba795} - F:\VMC_PBStarter.exe
HKU\S-1-5-21-3048764170-4027112551-3766241791-1005\...\MountPoints2: {9abc8d41-1d21-11e1-87b6-0019d20ba795} - F:\VMC_PBStarter.exe
HKU\S-1-5-21-3048764170-4027112551-3766241791-1005\...\MountPoints2: {bfda1c58-e297-11de-8549-00197de510b7} - F:\VMC_PBStarter.exe
HKU\S-1-5-21-3048764170-4027112551-3766241791-1005\...\MountPoints2: {bfda1c59-e297-11de-8549-00197de510b7} - F:\VMC_PBStarter.exe
HKU\S-1-5-21-3048764170-4027112551-3766241791-1005\...\MountPoints2: {c65b7e22-f1f5-11e0-8785-0019d20ba795} - F:\VMC_PBStarter.exe
HKU\S-1-5-21-3048764170-4027112551-3766241791-1005\...\MountPoints2: {c65b7e23-f1f5-11e0-8785-0019d20ba795} - G:\VMC_PBStarter.exe
HKU\S-1-5-21-3048764170-4027112551-3766241791-1005\...\MountPoints2: {ebae1706-ebd8-11e1-88bf-0019d20ba795} - F:\VMC_PBStarter.exe
HKU\S-1-5-21-3048764170-4027112551-3766241791-1005\...\MountPoints2: {ebae1707-ebd8-11e1-88bf-0019d20ba795} - F:\VMC_PBStarter.exe
HKU\S-1-5-21-3048764170-4027112551-3766241791-1005\...\MountPoints2: {f24e7454-96b3-11dc-8234-0019d20ba795} - F:\VMC_PBStarter.exe
HKU\S-1-5-21-3048764170-4027112551-3766241791-1005\...\MountPoints2: {f24e7455-96b3-11dc-8234-0019d20ba795} - F:\VMC_PBStarter.exe
HKU\S-1-5-21-3048764170-4027112551-3766241791-1005\...\MountPoints2: {f2b9b670-a35f-11dc-8246-0019d20ba795} - F:\VMC_PBStarter.exe
HKU\S-1-5-21-3048764170-4027112551-3766241791-1005\...\MountPoints2: {f2b9b671-a35f-11dc-8246-0019d20ba795} - F:\VMC_PBStarter.exe
U3 rpcapd;
U1 WS2IFSL;
2014-05-25 02:22 - 2014-05-25 02:22 - 00000000 ____D () C:\WINDOWS\Y8HQY7GPX6FOX6FO
2014-05-06 16:50 - 2014-05-06 16:50 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\johclez.cpp
C:\Documents and Settings\User1\Local Settings\Temp\w8p0.dll
End
*****************

HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\KodakHomeCenter => Value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpUninstallDeleteDir => Value deleted successfully.
HKU\S-1-5-21-3048764170-4027112551-3766241791-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{03ce172e-a4d9-11dc-824b-0019d20ba795} => Key deleted successfully.
HKCR\CLSID\{03ce172e-a4d9-11dc-824b-0019d20ba795} => Key not found.
HKU\S-1-5-21-3048764170-4027112551-3766241791-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{03ce172f-a4d9-11dc-824b-0019d20ba795} => Key deleted successfully.
HKCR\CLSID\{03ce172f-a4d9-11dc-824b-0019d20ba795} => Key not found.
HKU\S-1-5-21-3048764170-4027112551-3766241791-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{19cf8f9c-3987-11e2-88f5-0019d20ba795} => Key deleted successfully.
HKCR\CLSID\{19cf8f9c-3987-11e2-88f5-0019d20ba795} => Key not found.
HKU\S-1-5-21-3048764170-4027112551-3766241791-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1cbf7774-3984-11e2-88f4-0019d20ba795} => Key deleted successfully.
HKCR\CLSID\{1cbf7774-3984-11e2-88f4-0019d20ba795} => Key not found.
HKU\S-1-5-21-3048764170-4027112551-3766241791-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2f37cbde-4149-11e0-86ab-0019d20ba795} => Key deleted successfully.
HKCR\CLSID\{2f37cbde-4149-11e0-86ab-0019d20ba795} => Key not found.
HKU\S-1-5-21-3048764170-4027112551-3766241791-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5a0f8416-368f-11df-857c-0019d20ba795} => Key deleted successfully.
HKCR\CLSID\{5a0f8416-368f-11df-857c-0019d20ba795} => Key not found.
HKU\S-1-5-21-3048764170-4027112551-3766241791-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5a0f8417-368f-11df-857c-0019d20ba795} => Key deleted successfully.
HKCR\CLSID\{5a0f8417-368f-11df-857c-0019d20ba795} => Key not found.
HKU\S-1-5-21-3048764170-4027112551-3766241791-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{647dec54-f690-11e0-878f-0019d20ba795} => Key deleted successfully.
HKCR\CLSID\{647dec54-f690-11e0-878f-0019d20ba795} => Key not found.
HKU\S-1-5-21-3048764170-4027112551-3766241791-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{647dec55-f690-11e0-878f-0019d20ba795} => Key deleted successfully.
HKCR\CLSID\{647dec55-f690-11e0-878f-0019d20ba795} => Key not found.
HKU\S-1-5-21-3048764170-4027112551-3766241791-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{97d05590-d4ac-11de-8535-0019d20ba795} => Key deleted successfully.
HKCR\CLSID\{97d05590-d4ac-11de-8535-0019d20ba795} => Key not found.
HKU\S-1-5-21-3048764170-4027112551-3766241791-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{97d05591-d4ac-11de-8535-0019d20ba795} => Key deleted successfully.
HKCR\CLSID\{97d05591-d4ac-11de-8535-0019d20ba795} => Key not found.
HKU\S-1-5-21-3048764170-4027112551-3766241791-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9abc8d40-1d21-11e1-87b6-0019d20ba795} => Key deleted successfully.
HKCR\CLSID\{9abc8d40-1d21-11e1-87b6-0019d20ba795} => Key not found.
HKU\S-1-5-21-3048764170-4027112551-3766241791-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9abc8d41-1d21-11e1-87b6-0019d20ba795} => Key deleted successfully.
HKCR\CLSID\{9abc8d41-1d21-11e1-87b6-0019d20ba795} => Key not found.
HKU\S-1-5-21-3048764170-4027112551-3766241791-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bfda1c58-e297-11de-8549-00197de510b7} => Key deleted successfully.
HKCR\CLSID\{bfda1c58-e297-11de-8549-00197de510b7} => Key not found.
HKU\S-1-5-21-3048764170-4027112551-3766241791-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bfda1c59-e297-11de-8549-00197de510b7} => Key deleted successfully.
HKCR\CLSID\{bfda1c59-e297-11de-8549-00197de510b7} => Key not found.
HKU\S-1-5-21-3048764170-4027112551-3766241791-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c65b7e22-f1f5-11e0-8785-0019d20ba795} => Key deleted successfully.
HKCR\CLSID\{c65b7e22-f1f5-11e0-8785-0019d20ba795} => Key not found.
HKU\S-1-5-21-3048764170-4027112551-3766241791-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c65b7e23-f1f5-11e0-8785-0019d20ba795} => Key deleted successfully.
HKCR\CLSID\{c65b7e23-f1f5-11e0-8785-0019d20ba795} => Key not found.
HKU\S-1-5-21-3048764170-4027112551-3766241791-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ebae1706-ebd8-11e1-88bf-0019d20ba795} => Key deleted successfully.
HKCR\CLSID\{ebae1706-ebd8-11e1-88bf-0019d20ba795} => Key not found.
HKU\S-1-5-21-3048764170-4027112551-3766241791-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ebae1707-ebd8-11e1-88bf-0019d20ba795} => Key deleted successfully.
HKCR\CLSID\{ebae1707-ebd8-11e1-88bf-0019d20ba795} => Key not found.
HKU\S-1-5-21-3048764170-4027112551-3766241791-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f24e7454-96b3-11dc-8234-0019d20ba795} => Key deleted successfully.
HKCR\CLSID\{f24e7454-96b3-11dc-8234-0019d20ba795} => Key not found.
HKU\S-1-5-21-3048764170-4027112551-3766241791-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f24e7455-96b3-11dc-8234-0019d20ba795} => Key deleted successfully.
HKCR\CLSID\{f24e7455-96b3-11dc-8234-0019d20ba795} => Key not found.
HKU\S-1-5-21-3048764170-4027112551-3766241791-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f2b9b670-a35f-11dc-8246-0019d20ba795} => Key deleted successfully.
HKCR\CLSID\{f2b9b670-a35f-11dc-8246-0019d20ba795} => Key not found.
HKU\S-1-5-21-3048764170-4027112551-3766241791-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f2b9b671-a35f-11dc-8246-0019d20ba795} => Key deleted successfully.
HKCR\CLSID\{f2b9b671-a35f-11dc-8246-0019d20ba795} => Key not found.
rpcapd => Service deleted successfully.
WS2IFSL => Service deleted successfully.
C:\WINDOWS\Y8HQY7GPX6FOX6FO => Moved successfully.
C:\Documents and Settings\All Users\Application Data\johclez.cpp => Moved successfully.
C:\Documents and Settings\User1\Local Settings\Temp\w8p0.dll => Moved successfully.

==== End of Fixlog ====

christamofo · May 31, 2014

# AdwCleaner v3.211 - Report created 31/05/2014 at 12:11:03
# Updated 26/05/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : User1 - ACER-1240D29348
# Running from : C:\Documents and Settings\User1\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG SafeGuard toolbar
Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Babylon
Folder Deleted : C:\Program Files\AVG SafeGuard toolbar
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\WiseConvert_B2
Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
Folder Deleted : C:\Documents and Settings\User1\Local Settings\Application Data\AVG SafeGuard toolbar
Folder Deleted : C:\Documents and Settings\User1\Local Settings\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\User1\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\User1\Local Settings\Application Data\WiseConvert_B2
Folder Deleted : C:\Documents and Settings\User1\Application Data\AVG SafeGuard toolbar
Folder Deleted : C:\Documents and Settings\User1\Application Data\Babylon

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKCU\Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3196716
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3201318
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DA7A20CF-BEF4-4342-AD78-0240FDF87055}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DA7A20CF-BEF4-4342-AD78-0240FDF87055}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DA7A20CF-BEF4-4342-AD78-0240FDF87055}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{835BDB60-DAF3-4A5C-B821-D36319F476BB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5513386-9D1B-4768-A4CE-E877EDA33158}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{DA7A20CF-BEF4-4342-AD78-0240FDF87055}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{DA7A20CF-BEF4-4342-AD78-0240FDF87055}]
Key Deleted : HKCU\Software\AVG SafeGuard toolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\WiseConvert_B2
Key Deleted : HKCU\Software\AppDataLow\Software
Key Deleted : HKLM\Software\AVG SafeGuard toolbar
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\WiseConvert_B2
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG SafeGuard toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WiseConvert_B2 Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BabylonToolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WiseConvert_B2 Toolbar

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]

*************************

AdwCleaner[R0].txt - [9470 octets] - [31/05/2014 12:09:18]
AdwCleaner[s0].txt - [9457 octets] - [31/05/2014 12:11:03]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [9517 octets] ##########

kevinf80 · May 31, 2014

Thanks for those logs... just need Combofix log when ready..

christamofo · May 31, 2014

Combofix has been going since a few minutes after I posted those logs it seems to be stuck on deleting a folder plus the desktop has now disappeared, hang on I'll get a photo..........

How do I add another image?

christamofo · May 31, 2014

Got it.

christamofo · May 31, 2014

Damn I got to go out now, I'm leaving it on but if it has crashed what should I tell my parents to do with it?

kevinf80 · May 31, 2014

Thant looks ok, just leave it to continue..

christamofo · June 1, 2014

It was on the same screen for well over 6 hours, my parents came back the screen was blank, so they turned it on and it was still showing the same thing, eventually it went off again so they unplugged it and went to bed. I don't think it ever got past that deleting folder bit!

I've just turned it on and it has loaded up okay.

christamofo · June 1, 2014

There is no log.

kevinf80 · June 1, 2014

Please download RogueKiller and save it to your desktop from the following link: http://www.bleepingcomputer.com/download/roguekiller/

Quit all running programs.
For Windows XP, double-click to start.
For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
Read and accept the EULA (End User Licene Agreement)
Click Scan to scan the system.
When the scan completes Close the program > Don't Fix anything!
Post back the report which should be located on your desktop.

Kevin...

AdvancedSetup · June 13, 2014

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Weird scan results/currently scanning object thing

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information