Jump to content

jeffdavis

Members
  • Posts

    19
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Kevin you have been fantastic, very patient and extremely helpful. Thank you ever so much. Jeff
  2. Thanks for all your help on this but im afraid nothing works. I have got a work round, i installed Commodo browser as its based on chrome and has very similar interface, so i think i will just use that and uninstall chrome. Thanks once again. ps is there anything else i need to do to stay safe, i have now paid for a full license for malwarebytes.
  3. Hi, it is still the same. Tried all sorts now, but nothing has worked. Thanks for your help.
  4. Hi, everthig seem OK now apart from google chrome profile. I have tried several methods to fix that i found on the web, ie delete history, rename backup and move up a level etc but its still the same. Thanks Jeff
  5. Things are a lot better now. Managed to repair .pst for outlook. And giveaway of the day yesterday was an office recovery program believe it or not, very handy to have. Defender still not updating, but is this really a problem.Everything seems fine and the laptop is considerably faster than before you started to help me.
  6. Hi, here is the log from windows repair. System Variables -------------------------------------------------------------------------------- OS: Windows Vista Home Premium OS Architecture: 32-bit OS Version: 6.0.6002 OS Service Pack: Service Pack 2 Computer Name: DAVIS-PC Windows Drive: C:\ Windows Path: C:\Windows Current Profile: C:\Users\Davis Current Profile SID: S-1-5-21-1847146488-4185065798-1427826158-1000 Current Profile Classes: S-1-5-21-1847146488-4185065798-1427826158-1000_Classes Profiles Location: C:\Users Profiles Location 2: C:\Windows\ServiceProfiles Local Settings AppData: C:\Users\Davis\AppData\Local -------------------------------------------------------------------------------- Starting Repairs... Start (18/02/2014 09:41:49) 01 - Reset Registry Permissions 01/03 HKEY_CURRENT_USER & Sub Keys Start (18/02/2014 09:41:49) Running Repair Under Current User Account Done (18/02/2014 09:41:54) 01 - Reset Registry Permissions 02/03 HKEY_LOCAL_MACHINE & Sub Keys Start (18/02/2014 09:41:54) Running Repair Under System Account Done (18/02/2014 09:46:12) 01 - Reset Registry Permissions 03/03 HKEY_CLASSES_ROOT & Sub Keys Start (18/02/2014 09:46:12) Running Repair Under System Account Done (18/02/2014 09:47:11) 02 - Reset File Permissions 01/12 C:\$AVG & Sub Folders Start (18/02/2014 09:47:11) Running Repair Under System Account Done (18/02/2014 09:47:21) 02 - Reset File Permissions 02/12 C:\Boot & Sub Folders Start (18/02/2014 09:47:21) Running Repair Under System Account Done (18/02/2014 09:47:24) 02 - Reset File Permissions 03/12 C:\FRST & Sub Folders Start (18/02/2014 09:47:24) Running Repair Under System Account Done (18/02/2014 09:47:26) 02 - Reset File Permissions 04/12 C:\Intel & Sub Folders Start (18/02/2014 09:47:26) Running Repair Under System Account Done (18/02/2014 09:47:29) 02 - Reset File Permissions 05/12 C:\MSOCache & Sub Folders Start (18/02/2014 09:47:29) Running Repair Under System Account Done (18/02/2014 09:47:31) 02 - Reset File Permissions 06/12 C:\Program Files & Sub Folders Start (18/02/2014 09:47:31) Running Repair Under System Account Done (18/02/2014 09:49:15) 02 - Reset File Permissions 07/12 C:\ProgramData & Sub Folders Start (18/02/2014 09:49:15) Running Repair Under System Account Done (18/02/2014 09:49:40) 02 - Reset File Permissions 08/12 C:\Support & Sub Folders Start (18/02/2014 09:49:40) Running Repair Under System Account Done (18/02/2014 09:49:42) 02 - Reset File Permissions 09/12 C:\Toshiba & Sub Folders Start (18/02/2014 09:49:42) Running Repair Under System Account Done (18/02/2014 09:49:49) 02 - Reset File Permissions 10/12 C:\Windows & Sub Folders Start (18/02/2014 09:49:49) Running Repair Under System Account Done (18/02/2014 09:55:06) 02 - Reset File Permissions 11/12 C:\Works & Sub Folders Start (18/02/2014 09:55:06) Running Repair Under System Account Done (18/02/2014 09:55:12) 02 - Reset File Permissions 12/12 C:\zoek_backup & Sub Folders Start (18/02/2014 09:55:12) Running Repair Under System Account Done (18/02/2014 09:55:29) 02 - Reset File Permissions 01/05 E:\aafc74bbf5b4ac77b32fe4 & Sub Folders Start (18/02/2014 09:55:29) Running Repair Under System Account Done (18/02/2014 09:55:31) 02 - Reset File Permissions 02/05 E:\Firefox & Sub Folders Start (18/02/2014 09:55:32) Running Repair Under System Account Done (18/02/2014 09:55:34) 02 - Reset File Permissions 03/05 E:\Georgia & Sub Folders Start (18/02/2014 09:55:34) Running Repair Under System Account Done (18/02/2014 09:55:36) 02 - Reset File Permissions 04/05 E:\Google Desktop Data & Sub Folders Start (18/02/2014 09:55:36) Running Repair Under System Account Done (18/02/2014 09:55:39) 02 - Reset File Permissions 05/05 E:\HDDRecovery & Sub Folders Start (18/02/2014 09:55:39) Running Repair Under System Account Done (18/02/2014 09:55:41) 02 - Reset File Permissions: Cleanup & Sub Folders Start (18/02/2014 09:55:41) Running Repair Under System Account Processing ACL of: <\\?\C:\Documents and Settings> SetACL finished successfully. Processing ACL of: <\\?\C:\ProgramData\Application Data> SetACL finished successfully. Processing ACL of: <\\?\C:\ProgramData\Desktop> SetACL finished successfully. Processing ACL of: <\\?\C:\ProgramData\Documents> SetACL finished successfully. Processing ACL of: <\\?\C:\ProgramData\Favorites> SetACL finished successfully. Processing ACL of: <\\?\C:\ProgramData\Start Menu> SetACL finished successfully. Processing ACL of: <\\?\C:\ProgramData\Templates> SetACL finished successfully. Processing ACL of: <\\?\C:\Users\All Users\Application Data> SetACL finished successfully. Processing ACL of: <\\?\C:\Users\All Users\Desktop> SetACL finished successfully. Processing ACL of: <\\?\C:\Users\All Users\Documents> SetACL finished successfully. Processing ACL of: <\\?\C:\Users\All Users\Favorites> SetACL finished successfully. Processing ACL of: <\\?\C:\Users\All Users\Start Menu> SetACL finished successfully. Processing ACL of: <\\?\C:\Users\All Users\Templates> SetACL finished successfully. Processing ACL of: <\\?\C:\Users\Default User> SetACL finished successfully. Processing ACL of: <\\?\C:\Users\Default\Application Data> SetACL finished successfully. Processing ACL of: <\\?\C:\Users\Default\Cookies> SetACL finished successfully. Processing ACL of: <\\?\C:\Users\Default\Local Settings> SetACL finished successfully. Processing ACL of: <\\?\C:\Users\Default\My Documents> SetACL finished successfully. Processing ACL of: <\\?\C:\Users\Default\NetHood> SetACL finished successfully. Processing ACL of: <\\?\C:\Users\Default\PrintHood> SetACL finished successfully. Processing ACL of: <\\?\C:\Users\Default\Recent> SetACL finished successfully. Processing ACL of: <\\?\C:\Users\Default\SendTo> SetACL finished successfully. Processing ACL of: <\\?\C:\Users\Default\Start Menu> SetACL finished successfully. Processing ACL of: <\\?\C:\Users\Default\Templates> SetACL finished successfully. Processing ACL of: <\\?\C:\Users\Default\AppData\Local\Application Data> SetACL finished successfully. Processing ACL of: <\\?\C:\Users\Default\AppData\Local\History> SetACL finished successfully. Processing ACL of: <\\?\C:\Users\Default\AppData\Local\Temporary Internet Files> SetACL finished successfully. Processing ACL of: <\\?\C:\Users\Default\Documents\My Music> SetACL finished successfully. Processing ACL of: <\\?\C:\Users\Default\Documents\My Pictures> SetACL finished successfully. Processing ACL of: <\\?\C:\Users\Default\Documents\My Videos> SetACL finished successfully. Processing ACL of: <\\?\C:\Users\Davis\Application Data> SetACL finished successfully. Processing ACL of: <\\?\C:\Users\Davis\Cookies> SetACL finished successfully. Processing ACL of: <\\?\C:\Users\Davis\Local Settings> SetACL finished successfully. Processing ACL of: <\\?\C:\Users\Davis\My Documents> SetACL finished successfully. Processing ACL of: <\\?\C:\Users\Davis\NetHood> SetACL finished successfully. Processing ACL of: <\\?\C:\Users\Davis\PrintHood> SetACL finished successfully. Processing ACL of: <\\?\C:\Users\Davis\Recent> SetACL finished successfully. Processing ACL of: <\\?\C:\Users\Davis\SendTo> SetACL finished successfully. Processing ACL of: <\\?\C:\Users\Davis\Start Menu> SetACL finished successfully. Processing ACL of: <\\?\C:\Users\Davis\Templates> SetACL finished successfully. Processing ACL of: <\\?\C:\Users\Davis\AppData\Local\Application Data> SetACL finished successfully. Processing ACL of: <\\?\C:\Users\Davis\AppData\Local\History> SetACL finished successfully. Processing ACL of: <\\?\C:\Users\Davis\AppData\Local\Temporary Internet Files> SetACL finished successfully. Processing ACL of: <\\?\C:\Users\Davis\Documents\My Music> SetACL finished successfully. Processing ACL of: <\\?\C:\Users\Davis\Documents\My Pictures> SetACL finished successfully. Processing ACL of: <\\?\C:\Users\Davis\Documents\My Videos> SetACL finished successfully. Done (18/02/2014 09:55:46) 03 - Register System Files Start (18/02/2014 09:55:46) Running Repair Under Current User Account Running Repair Under System Account Done (18/02/2014 09:56:10) 04 - Repair WMI Start (18/02/2014 09:56:10) Running Repair Under Current User Account Done (18/02/2014 09:58:23) 05 - Repair Windows Firewall Start (18/02/2014 09:58:23) Running Repair Under Current User Account Running Repair Under System Account Done (18/02/2014 09:59:03) 06 - Repair Internet Explorer Start (18/02/2014 09:59:03) Running Repair Under Current User Account Running Repair Under System Account Done (18/02/2014 09:59:27) 07 - Repair MDAC/MS Jet Start (18/02/2014 09:59:27) Running Repair Under Current User Account Running Repair Under System Account Done (18/02/2014 09:59:48) 08 - Repair Hosts File Start (18/02/2014 09:59:48) Running Repair Under System Account Done (18/02/2014 09:59:51) 09 - Remove Policies Set By Infections Start (18/02/2014 09:59:51) Running Repair Under Current User Account Running Repair Under System Account Done (18/02/2014 09:59:55) 10 - Repair Missing Start Menu Icons Removed By Infections Start (18/02/2014 09:59:55) Running Repair Under System Account Done (18/02/2014 09:59:58) 11 - Repair Icons Start (18/02/2014 09:59:58) Running Repair Under System Account Done (18/02/2014 10:00:00) 12 - Repair Winsock & DNS Cache Start (18/02/2014 10:00:00) Running Repair Under Current User Account Running Repair Under System Account Done (18/02/2014 10:00:13) 13 - Remove Temp Files Start (18/02/2014 10:00:13) Running Repair Under System Account Done (18/02/2014 10:00:16) 14 - Repair Proxy Settings Start (18/02/2014 10:00:16) Running Repair Under Current User Account Running Repair Under System Account Done (18/02/2014 10:00:20) 15 - Unhide Non System Files Start (18/02/2014 10:00:20) C:\ - Total Files Unhidden: 277 - Check Unhidden_Files.txt for list of files unhidden E:\ - Total Files Unhidden: 0 - Check Unhidden_Files.txt for list of files unhidden Done (18/02/2014 10:02:43) 16 - Repair Windows Updates Start (18/02/2014 10:02:43) Running Repair Under Current User Account Running Repair Under System Account Done (18/02/2014 10:03:09) 17 - Repair CD/DVD Missing/Not Working Start (18/02/2014 10:03:09) iTunes was found, adding UpperFilters for iTunes Reg Key UpperFilters added?: True Done (18/02/2014 10:03:09) 18 - Repair Volume Shadow Copy Service Start (18/02/2014 10:03:09) Running Repair Under Current User Account Running Repair Under System Account Done (18/02/2014 10:03:24) 19 - Repair Windows Sidebar/Gadgets Start (18/02/2014 10:03:24) Running Repair Under Current User Account Running Repair Under System Account Done (18/02/2014 10:03:29) 20 - Repair MSI (Windows Installer) Start (18/02/2014 10:03:29) Running Repair Under Current User Account Running Repair Under System Account Done (18/02/2014 10:03:40) 21 - Repair Windows Snipping Tool Start (18/02/2014 10:03:40) Running Repair Under Current User Account Running Repair Under System Account Done (18/02/2014 10:03:45) 22.01 - Repair bat Association Start (18/02/2014 10:03:45) Running Repair Under Current User Account Running Repair Under System Account Done (18/02/2014 10:03:50) 22.02 - Repair cmd Association Start (18/02/2014 10:03:50) Running Repair Under Current User Account Running Repair Under System Account Done (18/02/2014 10:03:54) 22.03 - Repair com Association Start (18/02/2014 10:03:54) Running Repair Under Current User Account Running Repair Under System Account Done (18/02/2014 10:03:59) 22.04 - Repair Directory Association Start (18/02/2014 10:03:59) Running Repair Under Current User Account Running Repair Under System Account Done (18/02/2014 10:04:04) 22.05 - Repair Drive Association Start (18/02/2014 10:04:04) Running Repair Under Current User Account Running Repair Under System Account Done (18/02/2014 10:04:09) 22.06 - Repair exe Association Start (18/02/2014 10:04:09) Running Repair Under Current User Account Running Repair Under System Account Done (18/02/2014 10:04:13) 22.07 - Repair Folder Association Start (18/02/2014 10:04:13) Running Repair Under Current User Account Running Repair Under System Account Done (18/02/2014 10:04:18) 22.08 - Repair inf Association Start (18/02/2014 10:04:18) Running Repair Under Current User Account Running Repair Under System Account Done (18/02/2014 10:04:23) 22.09 - Repair lnk (Shortcuts) Association Start (18/02/2014 10:04:23) Running Repair Under Current User Account Running Repair Under System Account Done (18/02/2014 10:04:28) 22.10 - Repair msc Association Start (18/02/2014 10:04:28) Running Repair Under Current User Account Running Repair Under System Account Done (18/02/2014 10:04:33) 22.11 - Repair reg Association Start (18/02/2014 10:04:33) Running Repair Under Current User Account Running Repair Under System Account Done (18/02/2014 10:04:37) 22.12 - Repair scr Association Start (18/02/2014 10:04:37) Running Repair Under Current User Account Running Repair Under System Account Done (18/02/2014 10:04:42) 23 - Repair Windows Safe Mode Start (18/02/2014 10:04:42) Running Repair Under Current User Account Running Repair Under System Account Done (18/02/2014 10:04:49) 24 - Repair Print Spooler Start (18/02/2014 10:04:49) Running Repair Under Current User Account Running Repair Under System Account Done (18/02/2014 10:05:02) 25 - Restore Important Windows Services Start (18/02/2014 10:05:02) Running Repair Under Current User Account Running Repair Under System Account Done (18/02/2014 10:05:19) 26 - Set Windows Services To Default Startup Start (18/02/2014 10:05:19) Running Repair Under Current User Account Running Repair Under System Account Done (18/02/2014 10:05:30) Cleaning up empty logs... All Selected Repairs Done. Done (18/02/2014 10:05:30) Total Repair Time: 00:23:41 ...YOU MUST RESTART YOUR SYSTEM... Running Repair Under Current User Account
  7. Hi, ive run all that, defender starts now but wont update. error message Code 0xc000247 i have got avg internet security installed so i dont believe defender is important, but thats the error message. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 16-02-2014 Ran by Davis at 2014-02-17 13:52:10 Run:2 Running from C:\Users\Davis\Desktop Boot Mode: Normal ============================================== Content of fixlist: ***************** Start HKU\S-1-5-21-1847146488-4185065798-1427826158-1000\...\MountPoints2: F - F:\dilaunch.exe HKU\S-1-5-21-1847146488-4185065798-1427826158-1000\...\MountPoints2: {2ccf1bce-e309-11dd-ad59-001e337f74f4} - D:\AutoRun.exe HKU\S-1-5-21-1847146488-4185065798-1427826158-1000\...\MountPoints2: {2ccf1be2-e309-11dd-ad59-001e337f74f4} - D:\AutoRun.exe HKU\S-1-5-21-1847146488-4185065798-1427826158-1000\...\MountPoints2: {3826e3e7-de63-11dd-b592-00216b461096} - D:\AutoRun.exe HKU\S-1-5-21-1847146488-4185065798-1427826158-1000\...\MountPoints2: {3826e413-de63-11dd-b592-00216b461096} - D:\AutoRun.exe Toolbar: HKLM - Pivot Stickfigure Toolbar - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\Pivot Stickfigure Toolbar\tbcore3.dll () Toolbar: HKCU - Pivot Stickfigure Toolbar - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\Pivot Stickfigure Toolbar\tbcore3.dll () C:\Program Files\Pivot Stickfigure Toolbar CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X] S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] S1 SASDIFSV; \??\C:\Users\Davis\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV.SYS [X] S1 SASKUTIL; \??\C:\Users\Davis\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL.SYS [X] AlternateDataStreams: C:\ProgramData\TEMP:373E1720 End ***************** HKU\1\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\S-1-5-21-1847146488-4185065798-1427826158-1000 => Key not found. HKU\1\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2ccf1bce-e309-11dd-ad59-001e337f74f4} => Key not found. HKCR\CLSID\{2ccf1bce-e309-11dd-ad59-001e337f74f4} => Key not found. HKU\1\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2ccf1be2-e309-11dd-ad59-001e337f74f4} => Key not found. HKCR\CLSID\{2ccf1be2-e309-11dd-ad59-001e337f74f4} => Key not found. HKU\1\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3826e3e7-de63-11dd-b592-00216b461096} => Key not found. HKCR\CLSID\{3826e3e7-de63-11dd-b592-00216b461096} => Key not found. HKU\1\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3826e413-de63-11dd-b592-00216b461096} => Key not found. HKCR\CLSID\{3826e413-de63-11dd-b592-00216b461096} => Key not found. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{338B4DFE-2E2C-4338-9E41-E176D497299E} => Value deleted successfully. HKCR\CLSID\{338B4DFE-2E2C-4338-9E41-E176D497299E} => Key deleted successfully. HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{338B4DFE-2E2C-4338-9E41-E176D497299E} => Value deleted successfully. HKCR\CLSID\{338B4DFE-2E2C-4338-9E41-E176D497299E} => Key not found. C:\Program Files\Pivot Stickfigure Toolbar => Moved successfully. HKLM\SOFTWARE\Policies\Google => Key deleted successfully. hwdatacard => Service deleted successfully. IpInIp => Service deleted successfully. NwlnkFlt => Service deleted successfully. NwlnkFwd => Service deleted successfully. SASDIFSV => Service deleted successfully. SASKUTIL => Service deleted successfully. C:\ProgramData\TEMP => ":373E1720" ADS removed successfully. ==== End of Fixlog ==== Thanks
  8. The profile on Google Chrome wont open still. But its no major problem. I did run the shortcut fixer and i think it fixed a few but most of the shortcuts were to programs / apps that were part of my problem. (Whitesmoke toolbar etc) Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-02-2014 Ran by Davis (administrator) on DAVIS-PC on 17-02-2014 10:16:09 Running from C:\Users\Davis\Desktop Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English(US) Internet Explorer Version 9 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgrsx.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe (Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) C:\Windows\system32\SLsvc.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgfws.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe (TOSHIBA) C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe (Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.3.124.0\SeaPort.exe (Google Inc.) C:\Users\Davis\AppData\Local\Temp\{7A7AF753-F5B5-491A-B6A6-EC417E7525F2}\GoogleUpdate.exe (Google Inc.) C:\Users\Davis\AppData\Local\Temp\{7A7AF753-F5B5-491A-B6A6-EC417E7525F2}\GoogleUpdateSetup.exe (Google Inc.) C:\Program Files\GUM17F3.tmp\GoogleUpdate.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\saUI.exe (Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil32_12_0_0_44_ActiveX.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [] - [X] HKLM\...\Runonce: [AvgUninstallURL] - cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-lsf?lic=TlVIRDQtWUg5UEUtTzNQNEUtUVJERUstR0RKWjctVk9YVUw"&"inst=NzctMTIxODUzNjgzOS1GUDkyKzYtQkFSOUcrMS1GTCs5LVhPMzYrMS1DSUExMCsyLVNQMSsxLVNVUCs0LVRVRyszLVNQMVM0KzEtRERUKzAtTFNEKzItREQxMCsxLVNUMTBBUFArMS1QMTBNMTJDKzEtVTEwKzEtVEIrMS1GVUkrMi1QMTBUQisyLUVVTEErMS1TVFAxME0xMkNNKzEtU1QxMkFQUCsx"&"prod=55"&"ver=2012.0.1780"&"mid=84f5bd6a3a24b8b2df974b4dfa68e073-f53cc401da39bf00f11a57d79d9871e18aeaa71d HKLM\...\RunOnce: [!DPLauncher] - "C:\Program Files\Microsoft\DefaultPack\DPLauncher.EXE" partner=p001 comb=12 [60048 2013-12-16] (© 2012 Microsoft Corporation) HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-21-1847146488-4185065798-1427826158-1000\...\Run: [TOSCDSPD] - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [430080 2008-04-24] (TOSHIBA) HKU\S-1-5-21-1847146488-4185065798-1427826158-1000\...\Policies\Explorer: [HideSCAHealth] 1 HKU\S-1-5-21-1847146488-4185065798-1427826158-1000\...\MountPoints2: F - F:\dilaunch.exe HKU\S-1-5-21-1847146488-4185065798-1427826158-1000\...\MountPoints2: {2ccf1bce-e309-11dd-ad59-001e337f74f4} - D:\AutoRun.exe HKU\S-1-5-21-1847146488-4185065798-1427826158-1000\...\MountPoints2: {2ccf1be2-e309-11dd-ad59-001e337f74f4} - D:\AutoRun.exe HKU\S-1-5-21-1847146488-4185065798-1427826158-1000\...\MountPoints2: {3826e3e7-de63-11dd-b592-00216b461096} - D:\AutoRun.exe HKU\S-1-5-21-1847146488-4185065798-1427826158-1000\...\MountPoints2: {3826e413-de63-11dd-b592-00216b461096} - D:\AutoRun.exe Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) Startup: C:\Users\Georgie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) Startup: C:\Users\Mrs georgia bolgar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.co.uk/ HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch URLSearchHook: ATTENTION ==> Default URLSearchHook is missing. StartMenuInternet: IEXPLORE.EXE - iexplore.exe SearchScopes: HKLM - DefaultScope {413EC48B-03FB-4AD2-8F18-1B3525B940BD} URL = http://www.google.com/search?source=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEA; SearchScopes: HKLM - {413EC48B-03FB-4AD2-8F18-1B3525B940BD} URL = http://www.google.com/search?source=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEA; SearchScopes: HKCU - DefaultScope {413EC48B-03FB-4AD2-8F18-1B3525B940BD} URL = http://www.google.com/search?source=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEA_en-GBGB308 SearchScopes: HKCU - ToolbarSearchProviderProgress {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} SearchScopes: HKCU - {413EC48B-03FB-4AD2-8F18-1B3525B940BD} URL = http://www.google.com/search?source=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEA_en-GBGB308 SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=1I7TSEA_en-GBGB308 SearchScopes: HKCU - {70D46D94-BF1E-45ED-B567-48701376298E} URL = http://127.0.0.1:4664/search&s=PzUpTmDrCyJO6uiEzcPbAecchFQ?q={searchTerms} BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.) BHO: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.) BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation) BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO: SMTTB2009 Class - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Pivot Stickfigure Toolbar\tbcore3.dll () Toolbar: HKLM - Pivot Stickfigure Toolbar - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\Pivot Stickfigure Toolbar\tbcore3.dll () Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.) Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU - Pivot Stickfigure Toolbar - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\Pivot Stickfigure Toolbar\tbcore3.dll () Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\PROGRA~1\INBOXT~1\Inbox.dll No File Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll No File Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Handler: rebinfo - {AF808758-C780-404C-A4EE-4526323FD9B6} - No File Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0\ViProtocol.dll No File Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Davis\AppData\Roaming\Mozilla\Firefox\Profiles\xzk1ljzw.default FF DefaultSearchEngine: AVG Secure Search FF SearchEngineOrder.1: Secure Search FF SelectedSearchEngine: AVG Secure Search FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_44.dll () FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\17.3.0\\npsitesafety.dll No File FF Plugin: @checkpoint.com/FFApi - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll No File FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.) FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files\Yahoo!\Shared\npYState.dll No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Davis\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Davis\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Davis\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google) FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\Davis\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Davis\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Davis\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Plugin ProgramFiles/Appdata: C:\Users\Davis\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google) FF Plugin ProgramFiles/Appdata: C:\Users\Davis\AppData\Roaming\mozilla\plugins\npgtpo3dautoplugin.dll () FF Plugin ProgramFiles/Appdata: C:\Users\Davis\AppData\Roaming\mozilla\plugins\npo1d.dll (Google) FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [] FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor FF Extension: McAfee SiteAdvisor - C:\Program Files\McAfee\SiteAdvisor [2013-12-16] Chrome: ======= CHR Extension: (Google Docs) - C:\Users\Davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-16] CHR Extension: (Google Drive) - C:\Users\Davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-16] CHR Extension: (YouTube) - C:\Users\Davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-16] CHR Extension: (Google Search) - C:\Users\Davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-16] CHR Extension: (SiteAdvisor) - C:\Users\Davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2014-02-16] CHR Extension: (Google Wallet) - C:\Users\Davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-16] CHR Extension: (Gmail) - C:\Users\Davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-16] CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx [2013-12-16] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ========================== Services (Whitelisted) ================= R2 avgfws; C:\Program Files\AVG\AVG2014\avgfws.exe [1358944 2013-09-24] (AVG Technologies CZ, s.r.o.) R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3788816 2014-01-22] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.) S4 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2008-04-16] (TOSHIBA CORPORATION) S4 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-06-14] (Google) S4 McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [104880 2014-01-22] (McAfee, Inc.) S4 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [235696 2014-01-16] (McAfee, Inc.) S4 SmartFaceVWatchSrv; C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe [73728 2008-04-24] (Toshiba) S4 TempoMonitoringService; C:\Program Files\Toshiba TEMPRO\TempoSVC.exe [99720 2008-04-24] (Toshiba Europe GmbH) S4 TOSHIBA SMART Log Service; C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [126976 2007-12-03] (TOSHIBA Corporation) S4 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.) ==================== Drivers (Whitelisted) ==================== R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [120600 2013-11-25] (AVG Technologies CZ, s.r.o.) R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6x.sys [47928 2013-09-26] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [210712 2013-11-25] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [149272 2013-11-25] (AVG Technologies CZ, s.r.o.) R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [22808 2014-01-19] (AVG Technologies CZ, s.r.o.) R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [176952 2013-10-31] (AVG Technologies CZ, s.r.o.) R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [222520 2013-10-31] (AVG Technologies CZ, s.r.o.) R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [102712 2013-10-01] (AVG Technologies CZ, s.r.o.) R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27448 2013-09-10] (AVG Technologies CZ, s.r.o.) R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [193848 2013-08-01] (AVG Technologies CZ, s.r.o.) R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [37664 2013-11-13] (AVG Technologies) S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [30464 2014-02-14] () S3 UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [18432 2007-12-17] (Chicony Electronics Co., Ltd.) S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X] S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] S1 SASDIFSV; \??\C:\Users\Davis\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV.SYS [X] S1 SASKUTIL; \??\C:\Users\Davis\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL.SYS [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-02-17 10:16 - 2014-02-17 10:16 - 00021095 _____ () C:\Users\Davis\Desktop\FRST.txt 2014-02-17 10:14 - 2014-02-17 10:15 - 01141248 _____ (Farbar) C:\Users\Davis\Desktop\FRST.exe 2014-02-17 10:04 - 2014-02-17 10:04 - 00001976 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-02-17 10:03 - 2014-02-17 10:03 - 49940480 _____ () C:\Program Files\GUT1813.tmp 2014-02-17 10:03 - 2014-02-17 10:03 - 00000000 ____D () C:\Program Files\GUM17F3.tmp 2014-02-17 08:27 - 2014-02-17 08:27 - 00001209 _____ () C:\Users\Davis\Desktop\RKreport[0]_SC_02172014_082701.txt 2014-02-17 08:07 - 2014-02-17 08:07 - 00007818 _____ () C:\Users\Davis\Desktop\Eset online scanner.txt 2014-02-16 20:57 - 2014-02-16 20:57 - 00000000 ____D () C:\Users\Davis\AppData\Local\CrashDumps 2014-02-16 20:49 - 2014-02-16 20:49 - 01070592 _____ () C:\Users\Davis\Downloads\MicrosoftFixit50569(1).msi 2014-02-16 20:45 - 2014-02-16 20:46 - 01070592 _____ () C:\Users\Davis\Downloads\MicrosoftFixit50569.msi 2014-02-16 20:07 - 2014-02-16 20:07 - 01050624 _____ () C:\Users\Davis\Downloads\MicrosoftFixit50511.msi 2014-02-15 22:10 - 2014-02-17 10:16 - 00000000 ____D () C:\FRST 2014-02-15 20:27 - 2013-10-18 01:11 - 00024064 _____ () C:\Windows\zoek-delete.exe 2014-02-15 20:26 - 2014-02-15 20:26 - 00000000 ____D () C:\Program Files\HiJackThis 2014-02-15 20:07 - 2014-02-15 20:07 - 00109508 _____ () C:\Users\Public\Desktop\sample_022014_2007.zip 2014-02-15 19:49 - 2014-02-15 20:32 - 00147029 _____ () C:\zoek-results.log 2014-02-15 19:44 - 2014-02-15 20:23 - 00000000 ____D () C:\zoek_backup 2014-02-15 19:40 - 2014-02-15 19:41 - 00000000 ____D () C:\Users\Davis\Desktop\zoek 2014-02-15 19:40 - 2014-02-15 19:38 - 04088082 _____ () C:\Users\Davis\Desktop\zoek.zip 2014-02-15 15:36 - 2014-02-15 15:36 - 00002101 _____ () C:\Users\Davis\Desktop\RKreport[0]_S_02152014_153625.txt 2014-02-15 15:19 - 2014-02-17 08:25 - 00000000 ____D () C:\Users\Davis\Desktop\RK_Quarantine 2014-02-15 15:17 - 2014-02-15 15:08 - 03813376 _____ () C:\Users\Davis\Desktop\RogueKiller.exe 2014-02-15 10:11 - 2014-02-15 10:11 - 372136236 _____ () C:\Windows\MEMORY.DMP 2014-02-15 10:11 - 2014-02-15 10:11 - 00143248 _____ () C:\Windows\Minidump\Mini021514-01.dmp 2014-02-14 22:15 - 2014-02-14 22:15 - 00000000 ____D () C:\Windows\SoftwareDistribution.old 2014-02-14 21:13 - 2014-02-14 21:13 - 00000000 ____D () C:\Users\Davis\AppData\Roaming\SUPERAntiSpyware.com 2014-02-14 21:13 - 2014-02-14 21:13 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com 2014-02-14 21:01 - 2014-02-14 21:01 - 00041736 _____ () C:\Windows\system32\.crusader 2014-02-14 20:49 - 2014-02-14 21:10 - 00030464 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys 2014-02-14 20:49 - 2014-02-14 21:01 - 00000000 ____D () C:\ProgramData\HitmanPro 2014-02-14 20:32 - 2014-02-14 20:32 - 00000000 _____ () C:\Windows\setuperr.log 2014-02-14 20:11 - 2014-02-14 20:11 - 00688992 ____R (Swearware) C:\Users\Davis\Desktop\dds.com 2014-02-14 19:53 - 2014-02-14 19:53 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware 2014-02-14 19:23 - 2014-02-14 19:23 - 00000000 ____D () C:\Windows\ERUNT 2014-02-14 18:52 - 2014-02-14 18:55 - 00000087 _____ () C:\Windows\system32\zerobyte_files_deleted.txt 2014-02-14 18:52 - 2014-02-14 18:54 - 00000095 _____ () C:\Windows\zerobyte_files_deleted.txt 2014-02-12 17:49 - 2014-02-12 17:49 - 00000000 ____D () C:\Support 2014-02-11 09:47 - 2014-02-11 09:47 - 00000000 ____D () C:\Program Files\McAfee Security Scan 2014-02-04 20:13 - 2014-02-04 20:13 - 01069512 _____ (Solid State Networks) C:\Users\Davis\Downloads\install_flashplayer12x32au_mssd_awc_aih.exe 2014-02-04 14:40 - 2014-02-04 14:40 - 00001669 _____ () C:\Users\Public\Desktop\iTunes.lnk 2014-02-04 14:39 - 2014-02-04 14:40 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 2014-02-04 14:39 - 2014-02-04 14:40 - 00000000 ____D () C:\Program Files\iTunes 2014-02-04 14:39 - 2014-02-04 14:39 - 00000000 ____D () C:\Program Files\iPod 2014-01-29 21:01 - 2014-02-04 15:12 - 00000000 ____D () C:\ProgramData\toppbuyero 2014-01-29 21:01 - 2014-02-04 15:12 - 00000000 ____D () C:\ProgramData\DeuaalsFiindeorrPro 2014-01-20 16:25 - 2014-01-20 16:26 - 01069512 _____ (Solid State Networks) C:\Users\Davis\Downloads\install_flashplayer12x32au_mssa_awc_aih.exe 2014-01-19 21:46 - 2014-01-19 21:46 - 00022808 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsshimx.sys ==================== One Month Modified Files and Folders ======= 2014-02-17 10:16 - 2014-02-17 10:16 - 00021095 _____ () C:\Users\Davis\Desktop\FRST.txt 2014-02-17 10:16 - 2014-02-15 22:10 - 00000000 ____D () C:\FRST 2014-02-17 10:15 - 2014-02-17 10:14 - 01141248 _____ (Farbar) C:\Users\Davis\Desktop\FRST.exe 2014-02-17 10:15 - 2009-09-29 15:06 - 00000422 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{7DB64578-8B9B-4A26-8F64-DF64F6338DB0}.job 2014-02-17 10:12 - 2013-11-17 15:58 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-02-17 10:12 - 2012-12-10 22:15 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-02-17 10:04 - 2014-02-17 10:04 - 00001976 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-02-17 10:03 - 2014-02-17 10:03 - 49940480 _____ () C:\Program Files\GUT1813.tmp 2014-02-17 10:03 - 2014-02-17 10:03 - 00000000 ____D () C:\Program Files\GUM17F3.tmp 2014-02-17 10:03 - 2008-07-01 15:13 - 00000000 ____D () C:\Program Files\Google 2014-02-17 10:01 - 2012-05-24 20:05 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-02-17 10:00 - 2010-01-30 19:08 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-02-17 09:55 - 2009-09-14 20:51 - 01884319 _____ () C:\Windows\WindowsUpdate.log 2014-02-17 09:35 - 2011-03-02 11:17 - 00000000 ____D () C:\ProgramData\MFAData 2014-02-17 09:31 - 2012-12-11 17:26 - 00000940 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1003UA.job 2014-02-17 09:22 - 2012-12-08 22:05 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1000Core.job 2014-02-17 09:22 - 2010-01-30 19:08 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-02-17 09:22 - 2006-11-02 13:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-02-17 09:22 - 2006-11-02 12:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2014-02-17 09:22 - 2006-11-02 12:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2014-02-17 08:27 - 2014-02-17 08:27 - 00001209 _____ () C:\Users\Davis\Desktop\RKreport[0]_SC_02172014_082701.txt 2014-02-17 08:25 - 2014-02-15 15:19 - 00000000 ____D () C:\Users\Davis\Desktop\RK_Quarantine 2014-02-17 08:19 - 2012-12-08 22:05 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1000UA.job 2014-02-17 08:07 - 2014-02-17 08:07 - 00007818 _____ () C:\Users\Davis\Desktop\Eset online scanner.txt 2014-02-17 07:36 - 2012-01-08 16:05 - 00000926 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1000UA.job 2014-02-17 05:47 - 2012-12-11 17:43 - 00000960 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1003UA.job 2014-02-16 22:36 - 2012-01-08 16:05 - 00000904 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1000Core.job 2014-02-16 20:57 - 2014-02-16 20:57 - 00000000 ____D () C:\Users\Davis\AppData\Local\CrashDumps 2014-02-16 20:56 - 2013-01-23 16:30 - 00000000 ____D () C:\Users\Mrs georgia bolgar 2014-02-16 20:56 - 2012-12-02 09:47 - 00000000 ____D () C:\Users\Georgia davis 2014-02-16 20:56 - 2010-10-15 19:05 - 00000000 ____D () C:\Users\Guest 2014-02-16 20:56 - 2009-09-27 17:59 - 00000000 ____D () C:\Users\Georgie 2014-02-16 20:56 - 2008-12-28 18:57 - 00000000 ____D () C:\Users\Davis 2014-02-16 20:56 - 2006-11-02 11:18 - 00000000 ___RD () C:\Users\Public 2014-02-16 20:49 - 2014-02-16 20:49 - 01070592 _____ () C:\Users\Davis\Downloads\MicrosoftFixit50569(1).msi 2014-02-16 20:46 - 2014-02-16 20:45 - 01070592 _____ () C:\Users\Davis\Downloads\MicrosoftFixit50569.msi 2014-02-16 20:07 - 2014-02-16 20:07 - 01050624 _____ () C:\Users\Davis\Downloads\MicrosoftFixit50511.msi 2014-02-16 09:16 - 2006-11-02 13:01 - 00032614 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-02-16 09:05 - 2011-09-07 17:08 - 00000000 ____D () C:\Users\Davis\AppData\Local\PMB Files 2014-02-16 09:05 - 2011-02-05 14:20 - 00000000 ____D () C:\Windows\pss 2014-02-15 23:09 - 2006-11-02 11:18 - 00000000 ___HD () C:\Windows\system32\GroupPolicy 2014-02-15 20:32 - 2014-02-15 19:49 - 00147029 _____ () C:\zoek-results.log 2014-02-15 20:30 - 2013-01-10 19:39 - 00059246 _____ () C:\Windows\PFRO.log 2014-02-15 20:26 - 2014-02-15 20:26 - 00000000 ____D () C:\Program Files\HiJackThis 2014-02-15 20:23 - 2014-02-15 19:44 - 00000000 ____D () C:\zoek_backup 2014-02-15 20:07 - 2014-02-15 20:07 - 00109508 _____ () C:\Users\Public\Desktop\sample_022014_2007.zip 2014-02-15 19:41 - 2014-02-15 19:40 - 00000000 ____D () C:\Users\Davis\Desktop\zoek 2014-02-15 19:38 - 2014-02-15 19:40 - 04088082 _____ () C:\Users\Davis\Desktop\zoek.zip 2014-02-15 19:35 - 2012-12-11 17:43 - 00000938 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1003Core.job 2014-02-15 19:35 - 2012-12-11 17:26 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1003Core.job 2014-02-15 15:36 - 2014-02-15 15:36 - 00002101 _____ () C:\Users\Davis\Desktop\RKreport[0]_S_02152014_153625.txt 2014-02-15 15:13 - 2010-09-25 09:49 - 00000008 ___RS () C:\Users\Davis\ntuser.pol 2014-02-15 15:08 - 2014-02-15 15:17 - 03813376 _____ () C:\Users\Davis\Desktop\RogueKiller.exe 2014-02-15 10:11 - 2014-02-15 10:11 - 372136236 _____ () C:\Windows\MEMORY.DMP 2014-02-15 10:11 - 2014-02-15 10:11 - 00143248 _____ () C:\Windows\Minidump\Mini021514-01.dmp 2014-02-15 10:11 - 2010-04-09 21:06 - 00000000 ____D () C:\Windows\Minidump 2014-02-15 09:04 - 2006-11-02 12:47 - 00407168 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-02-14 22:43 - 2012-03-13 18:03 - 00115752 _____ () C:\Users\Davis\AppData\Local\GDIPFONTCACHEV1.DAT 2014-02-14 22:15 - 2014-02-14 22:15 - 00000000 ____D () C:\Windows\SoftwareDistribution.old 2014-02-14 21:22 - 2011-10-12 16:05 - 00000000 ____D () C:\Program Files\Pivot Stickfigure Toolbar 2014-02-14 21:13 - 2014-02-14 21:13 - 00000000 ____D () C:\Users\Davis\AppData\Roaming\SUPERAntiSpyware.com 2014-02-14 21:13 - 2014-02-14 21:13 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com 2014-02-14 21:10 - 2014-02-14 20:49 - 00030464 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys 2014-02-14 21:01 - 2014-02-14 21:01 - 00041736 _____ () C:\Windows\system32\.crusader 2014-02-14 21:01 - 2014-02-14 20:49 - 00000000 ____D () C:\ProgramData\HitmanPro 2014-02-14 20:42 - 2008-07-01 15:05 - 00000000 ___HD () C:\Windows\msdownld.tmp 2014-02-14 20:37 - 2006-11-02 10:33 - 00005526 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-02-14 20:32 - 2014-02-14 20:32 - 00000000 _____ () C:\Windows\setuperr.log 2014-02-14 20:32 - 2013-04-05 18:48 - 00005604 _____ () C:\Windows\setupact.log 2014-02-14 20:11 - 2014-02-14 20:11 - 00688992 ____R (Swearware) C:\Users\Davis\Desktop\dds.com 2014-02-14 19:53 - 2014-02-14 19:53 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware 2014-02-14 19:53 - 2012-03-13 12:24 - 00000911 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-02-14 19:23 - 2014-02-14 19:23 - 00000000 ____D () C:\Windows\ERUNT 2014-02-14 18:55 - 2014-02-14 18:52 - 00000087 _____ () C:\Windows\system32\zerobyte_files_deleted.txt 2014-02-14 18:55 - 2006-11-02 11:18 - 00000000 __RHD () C:\Users\Default 2014-02-14 18:54 - 2014-02-14 18:52 - 00000095 _____ () C:\Windows\zerobyte_files_deleted.txt 2014-02-14 18:14 - 2013-10-01 15:27 - 00000847 _____ () C:\Users\Public\Desktop\AVG 2014.lnk 2014-02-14 17:17 - 2013-01-29 21:00 - 00006144 _____ () C:\Users\Mrs georgia bolgar\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-02-14 16:56 - 2006-11-02 11:18 - 00000000 ____D () C:\Windows\system32\CatRoot2.old 2014-02-12 17:49 - 2014-02-12 17:49 - 00000000 ____D () C:\Support 2014-02-11 15:42 - 2013-12-16 19:57 - 00000000 ____D () C:\Program Files\McAfee 2014-02-11 09:47 - 2014-02-11 09:47 - 00000000 ____D () C:\Program Files\McAfee Security Scan 2014-02-11 09:47 - 2012-12-04 16:01 - 00001924 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk 2014-02-08 12:35 - 2012-05-24 20:05 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-02-08 12:35 - 2011-12-13 09:18 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-02-04 20:13 - 2014-02-04 20:13 - 01069512 _____ (Solid State Networks) C:\Users\Davis\Downloads\install_flashplayer12x32au_mssd_awc_aih.exe 2014-02-04 15:12 - 2014-01-29 21:01 - 00000000 ____D () C:\ProgramData\toppbuyero 2014-02-04 15:12 - 2014-01-29 21:01 - 00000000 ____D () C:\ProgramData\DeuaalsFiindeorrPro 2014-02-04 14:40 - 2014-02-04 14:40 - 00001669 _____ () C:\Users\Public\Desktop\iTunes.lnk 2014-02-04 14:40 - 2014-02-04 14:39 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 2014-02-04 14:40 - 2014-02-04 14:39 - 00000000 ____D () C:\Program Files\iTunes 2014-02-04 14:39 - 2014-02-04 14:39 - 00000000 ____D () C:\Program Files\iPod 2014-02-04 14:39 - 2010-02-27 17:48 - 00000000 ____D () C:\Program Files\Common Files\Apple 2014-02-04 14:33 - 2010-02-27 17:48 - 00000000 ____D () C:\ProgramData\Apple 2014-01-26 16:20 - 2012-12-08 22:06 - 00000000 ____D () C:\Users\Davis\AppData\Roaming\Mozilla 2014-01-26 16:20 - 2008-12-28 19:03 - 00000000 ____D () C:\Users\Davis\AppData\Local\Google 2014-01-24 20:23 - 2013-01-23 16:30 - 00000949 _____ () C:\Users\Mrs georgia bolgar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2014-01-20 16:26 - 2014-01-20 16:25 - 01069512 _____ (Solid State Networks) C:\Users\Davis\Downloads\install_flashplayer12x32au_mssa_awc_aih.exe 2014-01-19 21:46 - 2014-01-19 21:46 - 00022808 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsshimx.sys ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\system32\winlogon.exe => MD5 is legit C:\Windows\system32\wininit.exe => MD5 is legit C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\services.exe => MD5 is legit C:\Windows\system32\User32.dll => MD5 is legit C:\Windows\system32\userinit.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-02-17 09:29 ==================== End Of Log ============================ Farbar Service Scanner Version: 16-02-2014 Ran by Davis (administrator) on 17-02-2014 at 10:20:49 Running from "C:\Users\Davis\Desktop" Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall"=DWORD:0 System Restore: ============ System Restore Disabled Policy: ======================== Security Center: ============ Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== WinDefend Service is not running. Checking service configuration: Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist. Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist. Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist. Other Services: ============== File Check: ======== C:\Windows\system32\nsisvc.dll => MD5 is legit C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit C:\Windows\system32\dhcpcsvc.dll => MD5 is legit C:\Windows\system32\Drivers\afd.sys => MD5 is legit C:\Windows\system32\Drivers\tdx.sys => MD5 is legit C:\Windows\system32\Drivers\tcpip.sys [2013-08-19 13:37] - [2013-07-05 03:20] - 0914880 ____A (Microsoft Corporation) 6D0D344F643E28B31262AC2682109A3C C:\Windows\system32\dnsrslvr.dll => MD5 is legit C:\Windows\system32\mpssvc.dll => MD5 is legit C:\Windows\system32\bfe.dll => MD5 is legit C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit C:\Windows\system32\SDRSVC.dll => MD5 is legit C:\Windows\system32\vssvc.exe => MD5 is legit C:\Windows\system32\wscsvc.dll => MD5 is legit C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit C:\Windows\system32\wuaueng.dll => MD5 is legit C:\Windows\system32\qmgr.dll => MD5 is legit C:\Windows\system32\es.dll => MD5 is legit C:\Windows\system32\cryptsvc.dll => MD5 is legit C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit **** End of log ****
  9. The profile on Google Chrome wont open still. But its no major problem. I did run the shortcut fixer and i think it fixed a few but most of the shortcuts were to programs / apps that were part of my problem. (Whitesmoke toolbar etc) Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-02-2014 Ran by Davis (administrator) on DAVIS-PC on 17-02-2014 10:16:09 Running from C:\Users\Davis\Desktop Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English(US) Internet Explorer Version 9 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgrsx.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe (Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) C:\Windows\system32\SLsvc.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgfws.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe (TOSHIBA) C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe (Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.3.124.0\SeaPort.exe (Google Inc.) C:\Users\Davis\AppData\Local\Temp\{7A7AF753-F5B5-491A-B6A6-EC417E7525F2}\GoogleUpdate.exe (Google Inc.) C:\Users\Davis\AppData\Local\Temp\{7A7AF753-F5B5-491A-B6A6-EC417E7525F2}\GoogleUpdateSetup.exe (Google Inc.) C:\Program Files\GUM17F3.tmp\GoogleUpdate.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\saUI.exe (Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil32_12_0_0_44_ActiveX.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [] - [X] HKLM\...\Runonce: [AvgUninstallURL] - cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-lsf?lic=TlVIRDQtWUg5UEUtTzNQNEUtUVJERUstR0RKWjctVk9YVUw"&"inst=NzctMTIxODUzNjgzOS1GUDkyKzYtQkFSOUcrMS1GTCs5LVhPMzYrMS1DSUExMCsyLVNQMSsxLVNVUCs0LVRVRyszLVNQMVM0KzEtRERUKzAtTFNEKzItREQxMCsxLVNUMTBBUFArMS1QMTBNMTJDKzEtVTEwKzEtVEIrMS1GVUkrMi1QMTBUQisyLUVVTEErMS1TVFAxME0xMkNNKzEtU1QxMkFQUCsx"&"prod=55"&"ver=2012.0.1780"&"mid=84f5bd6a3a24b8b2df974b4dfa68e073-f53cc401da39bf00f11a57d79d9871e18aeaa71d HKLM\...\RunOnce: [!DPLauncher] - "C:\Program Files\Microsoft\DefaultPack\DPLauncher.EXE" partner=p001 comb=12 [60048 2013-12-16] (© 2012 Microsoft Corporation) HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-21-1847146488-4185065798-1427826158-1000\...\Run: [TOSCDSPD] - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [430080 2008-04-24] (TOSHIBA) HKU\S-1-5-21-1847146488-4185065798-1427826158-1000\...\Policies\Explorer: [HideSCAHealth] 1 HKU\S-1-5-21-1847146488-4185065798-1427826158-1000\...\MountPoints2: F - F:\dilaunch.exe HKU\S-1-5-21-1847146488-4185065798-1427826158-1000\...\MountPoints2: {2ccf1bce-e309-11dd-ad59-001e337f74f4} - D:\AutoRun.exe HKU\S-1-5-21-1847146488-4185065798-1427826158-1000\...\MountPoints2: {2ccf1be2-e309-11dd-ad59-001e337f74f4} - D:\AutoRun.exe HKU\S-1-5-21-1847146488-4185065798-1427826158-1000\...\MountPoints2: {3826e3e7-de63-11dd-b592-00216b461096} - D:\AutoRun.exe HKU\S-1-5-21-1847146488-4185065798-1427826158-1000\...\MountPoints2: {3826e413-de63-11dd-b592-00216b461096} - D:\AutoRun.exe Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) Startup: C:\Users\Georgie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) Startup: C:\Users\Mrs georgia bolgar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.co.uk/ HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch URLSearchHook: ATTENTION ==> Default URLSearchHook is missing. StartMenuInternet: IEXPLORE.EXE - iexplore.exe SearchScopes: HKLM - DefaultScope {413EC48B-03FB-4AD2-8F18-1B3525B940BD} URL = http://www.google.com/search?source=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEA; SearchScopes: HKLM - {413EC48B-03FB-4AD2-8F18-1B3525B940BD} URL = http://www.google.com/search?source=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEA; SearchScopes: HKCU - DefaultScope {413EC48B-03FB-4AD2-8F18-1B3525B940BD} URL = http://www.google.com/search?source=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEA_en-GBGB308 SearchScopes: HKCU - ToolbarSearchProviderProgress {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} SearchScopes: HKCU - {413EC48B-03FB-4AD2-8F18-1B3525B940BD} URL = http://www.google.com/search?source=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEA_en-GBGB308 SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=1I7TSEA_en-GBGB308 SearchScopes: HKCU - {70D46D94-BF1E-45ED-B567-48701376298E} URL = http://127.0.0.1:4664/search&s=PzUpTmDrCyJO6uiEzcPbAecchFQ?q={searchTerms} BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.) BHO: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.) BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation) BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO: SMTTB2009 Class - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Pivot Stickfigure Toolbar\tbcore3.dll () Toolbar: HKLM - Pivot Stickfigure Toolbar - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\Pivot Stickfigure Toolbar\tbcore3.dll () Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.) Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU - Pivot Stickfigure Toolbar - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\Pivot Stickfigure Toolbar\tbcore3.dll () Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\PROGRA~1\INBOXT~1\Inbox.dll No File Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll No File Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Handler: rebinfo - {AF808758-C780-404C-A4EE-4526323FD9B6} - No File Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0\ViProtocol.dll No File Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Davis\AppData\Roaming\Mozilla\Firefox\Profiles\xzk1ljzw.default FF DefaultSearchEngine: AVG Secure Search FF SearchEngineOrder.1: Secure Search FF SelectedSearchEngine: AVG Secure Search FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_44.dll () FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\17.3.0\\npsitesafety.dll No File FF Plugin: @checkpoint.com/FFApi - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll No File FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.) FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files\Yahoo!\Shared\npYState.dll No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Davis\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Davis\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Davis\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google) FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\Davis\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Davis\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Davis\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Plugin ProgramFiles/Appdata: C:\Users\Davis\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google) FF Plugin ProgramFiles/Appdata: C:\Users\Davis\AppData\Roaming\mozilla\plugins\npgtpo3dautoplugin.dll () FF Plugin ProgramFiles/Appdata: C:\Users\Davis\AppData\Roaming\mozilla\plugins\npo1d.dll (Google) FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [] FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor FF Extension: McAfee SiteAdvisor - C:\Program Files\McAfee\SiteAdvisor [2013-12-16] Chrome: ======= CHR Extension: (Google Docs) - C:\Users\Davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-16] CHR Extension: (Google Drive) - C:\Users\Davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-16] CHR Extension: (YouTube) - C:\Users\Davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-16] CHR Extension: (Google Search) - C:\Users\Davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-16] CHR Extension: (SiteAdvisor) - C:\Users\Davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2014-02-16] CHR Extension: (Google Wallet) - C:\Users\Davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-16] CHR Extension: (Gmail) - C:\Users\Davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-16] CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx [2013-12-16] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ========================== Services (Whitelisted) ================= R2 avgfws; C:\Program Files\AVG\AVG2014\avgfws.exe [1358944 2013-09-24] (AVG Technologies CZ, s.r.o.) R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3788816 2014-01-22] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.) S4 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2008-04-16] (TOSHIBA CORPORATION) S4 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-06-14] (Google) S4 McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [104880 2014-01-22] (McAfee, Inc.) S4 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [235696 2014-01-16] (McAfee, Inc.) S4 SmartFaceVWatchSrv; C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe [73728 2008-04-24] (Toshiba) S4 TempoMonitoringService; C:\Program Files\Toshiba TEMPRO\TempoSVC.exe [99720 2008-04-24] (Toshiba Europe GmbH) S4 TOSHIBA SMART Log Service; C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [126976 2007-12-03] (TOSHIBA Corporation) S4 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.) ==================== Drivers (Whitelisted) ==================== R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [120600 2013-11-25] (AVG Technologies CZ, s.r.o.) R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6x.sys [47928 2013-09-26] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [210712 2013-11-25] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [149272 2013-11-25] (AVG Technologies CZ, s.r.o.) R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [22808 2014-01-19] (AVG Technologies CZ, s.r.o.) R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [176952 2013-10-31] (AVG Technologies CZ, s.r.o.) R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [222520 2013-10-31] (AVG Technologies CZ, s.r.o.) R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [102712 2013-10-01] (AVG Technologies CZ, s.r.o.) R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27448 2013-09-10] (AVG Technologies CZ, s.r.o.) R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [193848 2013-08-01] (AVG Technologies CZ, s.r.o.) R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [37664 2013-11-13] (AVG Technologies) S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [30464 2014-02-14] () S3 UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [18432 2007-12-17] (Chicony Electronics Co., Ltd.) S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X] S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] S1 SASDIFSV; \??\C:\Users\Davis\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV.SYS [X] S1 SASKUTIL; \??\C:\Users\Davis\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL.SYS [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-02-17 10:16 - 2014-02-17 10:16 - 00021095 _____ () C:\Users\Davis\Desktop\FRST.txt 2014-02-17 10:14 - 2014-02-17 10:15 - 01141248 _____ (Farbar) C:\Users\Davis\Desktop\FRST.exe 2014-02-17 10:04 - 2014-02-17 10:04 - 00001976 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-02-17 10:03 - 2014-02-17 10:03 - 49940480 _____ () C:\Program Files\GUT1813.tmp 2014-02-17 10:03 - 2014-02-17 10:03 - 00000000 ____D () C:\Program Files\GUM17F3.tmp 2014-02-17 08:27 - 2014-02-17 08:27 - 00001209 _____ () C:\Users\Davis\Desktop\RKreport[0]_SC_02172014_082701.txt 2014-02-17 08:07 - 2014-02-17 08:07 - 00007818 _____ () C:\Users\Davis\Desktop\Eset online scanner.txt 2014-02-16 20:57 - 2014-02-16 20:57 - 00000000 ____D () C:\Users\Davis\AppData\Local\CrashDumps 2014-02-16 20:49 - 2014-02-16 20:49 - 01070592 _____ () C:\Users\Davis\Downloads\MicrosoftFixit50569(1).msi 2014-02-16 20:45 - 2014-02-16 20:46 - 01070592 _____ () C:\Users\Davis\Downloads\MicrosoftFixit50569.msi 2014-02-16 20:07 - 2014-02-16 20:07 - 01050624 _____ () C:\Users\Davis\Downloads\MicrosoftFixit50511.msi 2014-02-15 22:10 - 2014-02-17 10:16 - 00000000 ____D () C:\FRST 2014-02-15 20:27 - 2013-10-18 01:11 - 00024064 _____ () C:\Windows\zoek-delete.exe 2014-02-15 20:26 - 2014-02-15 20:26 - 00000000 ____D () C:\Program Files\HiJackThis 2014-02-15 20:07 - 2014-02-15 20:07 - 00109508 _____ () C:\Users\Public\Desktop\sample_022014_2007.zip 2014-02-15 19:49 - 2014-02-15 20:32 - 00147029 _____ () C:\zoek-results.log 2014-02-15 19:44 - 2014-02-15 20:23 - 00000000 ____D () C:\zoek_backup 2014-02-15 19:40 - 2014-02-15 19:41 - 00000000 ____D () C:\Users\Davis\Desktop\zoek 2014-02-15 19:40 - 2014-02-15 19:38 - 04088082 _____ () C:\Users\Davis\Desktop\zoek.zip 2014-02-15 15:36 - 2014-02-15 15:36 - 00002101 _____ () C:\Users\Davis\Desktop\RKreport[0]_S_02152014_153625.txt 2014-02-15 15:19 - 2014-02-17 08:25 - 00000000 ____D () C:\Users\Davis\Desktop\RK_Quarantine 2014-02-15 15:17 - 2014-02-15 15:08 - 03813376 _____ () C:\Users\Davis\Desktop\RogueKiller.exe 2014-02-15 10:11 - 2014-02-15 10:11 - 372136236 _____ () C:\Windows\MEMORY.DMP 2014-02-15 10:11 - 2014-02-15 10:11 - 00143248 _____ () C:\Windows\Minidump\Mini021514-01.dmp 2014-02-14 22:15 - 2014-02-14 22:15 - 00000000 ____D () C:\Windows\SoftwareDistribution.old 2014-02-14 21:13 - 2014-02-14 21:13 - 00000000 ____D () C:\Users\Davis\AppData\Roaming\SUPERAntiSpyware.com 2014-02-14 21:13 - 2014-02-14 21:13 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com 2014-02-14 21:01 - 2014-02-14 21:01 - 00041736 _____ () C:\Windows\system32\.crusader 2014-02-14 20:49 - 2014-02-14 21:10 - 00030464 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys 2014-02-14 20:49 - 2014-02-14 21:01 - 00000000 ____D () C:\ProgramData\HitmanPro 2014-02-14 20:32 - 2014-02-14 20:32 - 00000000 _____ () C:\Windows\setuperr.log 2014-02-14 20:11 - 2014-02-14 20:11 - 00688992 ____R (Swearware) C:\Users\Davis\Desktop\dds.com 2014-02-14 19:53 - 2014-02-14 19:53 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware 2014-02-14 19:23 - 2014-02-14 19:23 - 00000000 ____D () C:\Windows\ERUNT 2014-02-14 18:52 - 2014-02-14 18:55 - 00000087 _____ () C:\Windows\system32\zerobyte_files_deleted.txt 2014-02-14 18:52 - 2014-02-14 18:54 - 00000095 _____ () C:\Windows\zerobyte_files_deleted.txt 2014-02-12 17:49 - 2014-02-12 17:49 - 00000000 ____D () C:\Support 2014-02-11 09:47 - 2014-02-11 09:47 - 00000000 ____D () C:\Program Files\McAfee Security Scan 2014-02-04 20:13 - 2014-02-04 20:13 - 01069512 _____ (Solid State Networks) C:\Users\Davis\Downloads\install_flashplayer12x32au_mssd_awc_aih.exe 2014-02-04 14:40 - 2014-02-04 14:40 - 00001669 _____ () C:\Users\Public\Desktop\iTunes.lnk 2014-02-04 14:39 - 2014-02-04 14:40 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 2014-02-04 14:39 - 2014-02-04 14:40 - 00000000 ____D () C:\Program Files\iTunes 2014-02-04 14:39 - 2014-02-04 14:39 - 00000000 ____D () C:\Program Files\iPod 2014-01-29 21:01 - 2014-02-04 15:12 - 00000000 ____D () C:\ProgramData\toppbuyero 2014-01-29 21:01 - 2014-02-04 15:12 - 00000000 ____D () C:\ProgramData\DeuaalsFiindeorrPro 2014-01-20 16:25 - 2014-01-20 16:26 - 01069512 _____ (Solid State Networks) C:\Users\Davis\Downloads\install_flashplayer12x32au_mssa_awc_aih.exe 2014-01-19 21:46 - 2014-01-19 21:46 - 00022808 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsshimx.sys ==================== One Month Modified Files and Folders ======= 2014-02-17 10:16 - 2014-02-17 10:16 - 00021095 _____ () C:\Users\Davis\Desktop\FRST.txt 2014-02-17 10:16 - 2014-02-15 22:10 - 00000000 ____D () C:\FRST 2014-02-17 10:15 - 2014-02-17 10:14 - 01141248 _____ (Farbar) C:\Users\Davis\Desktop\FRST.exe 2014-02-17 10:15 - 2009-09-29 15:06 - 00000422 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{7DB64578-8B9B-4A26-8F64-DF64F6338DB0}.job 2014-02-17 10:12 - 2013-11-17 15:58 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-02-17 10:12 - 2012-12-10 22:15 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-02-17 10:04 - 2014-02-17 10:04 - 00001976 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-02-17 10:03 - 2014-02-17 10:03 - 49940480 _____ () C:\Program Files\GUT1813.tmp 2014-02-17 10:03 - 2014-02-17 10:03 - 00000000 ____D () C:\Program Files\GUM17F3.tmp 2014-02-17 10:03 - 2008-07-01 15:13 - 00000000 ____D () C:\Program Files\Google 2014-02-17 10:01 - 2012-05-24 20:05 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-02-17 10:00 - 2010-01-30 19:08 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-02-17 09:55 - 2009-09-14 20:51 - 01884319 _____ () C:\Windows\WindowsUpdate.log 2014-02-17 09:35 - 2011-03-02 11:17 - 00000000 ____D () C:\ProgramData\MFAData 2014-02-17 09:31 - 2012-12-11 17:26 - 00000940 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1003UA.job 2014-02-17 09:22 - 2012-12-08 22:05 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1000Core.job 2014-02-17 09:22 - 2010-01-30 19:08 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-02-17 09:22 - 2006-11-02 13:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-02-17 09:22 - 2006-11-02 12:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2014-02-17 09:22 - 2006-11-02 12:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2014-02-17 08:27 - 2014-02-17 08:27 - 00001209 _____ () C:\Users\Davis\Desktop\RKreport[0]_SC_02172014_082701.txt 2014-02-17 08:25 - 2014-02-15 15:19 - 00000000 ____D () C:\Users\Davis\Desktop\RK_Quarantine 2014-02-17 08:19 - 2012-12-08 22:05 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1000UA.job 2014-02-17 08:07 - 2014-02-17 08:07 - 00007818 _____ () C:\Users\Davis\Desktop\Eset online scanner.txt 2014-02-17 07:36 - 2012-01-08 16:05 - 00000926 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1000UA.job 2014-02-17 05:47 - 2012-12-11 17:43 - 00000960 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1003UA.job 2014-02-16 22:36 - 2012-01-08 16:05 - 00000904 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1000Core.job 2014-02-16 20:57 - 2014-02-16 20:57 - 00000000 ____D () C:\Users\Davis\AppData\Local\CrashDumps 2014-02-16 20:56 - 2013-01-23 16:30 - 00000000 ____D () C:\Users\Mrs georgia bolgar 2014-02-16 20:56 - 2012-12-02 09:47 - 00000000 ____D () C:\Users\Georgia davis 2014-02-16 20:56 - 2010-10-15 19:05 - 00000000 ____D () C:\Users\Guest 2014-02-16 20:56 - 2009-09-27 17:59 - 00000000 ____D () C:\Users\Georgie 2014-02-16 20:56 - 2008-12-28 18:57 - 00000000 ____D () C:\Users\Davis 2014-02-16 20:56 - 2006-11-02 11:18 - 00000000 ___RD () C:\Users\Public 2014-02-16 20:49 - 2014-02-16 20:49 - 01070592 _____ () C:\Users\Davis\Downloads\MicrosoftFixit50569(1).msi 2014-02-16 20:46 - 2014-02-16 20:45 - 01070592 _____ () C:\Users\Davis\Downloads\MicrosoftFixit50569.msi 2014-02-16 20:07 - 2014-02-16 20:07 - 01050624 _____ () C:\Users\Davis\Downloads\MicrosoftFixit50511.msi 2014-02-16 09:16 - 2006-11-02 13:01 - 00032614 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-02-16 09:05 - 2011-09-07 17:08 - 00000000 ____D () C:\Users\Davis\AppData\Local\PMB Files 2014-02-16 09:05 - 2011-02-05 14:20 - 00000000 ____D () C:\Windows\pss 2014-02-15 23:09 - 2006-11-02 11:18 - 00000000 ___HD () C:\Windows\system32\GroupPolicy 2014-02-15 20:32 - 2014-02-15 19:49 - 00147029 _____ () C:\zoek-results.log 2014-02-15 20:30 - 2013-01-10 19:39 - 00059246 _____ () C:\Windows\PFRO.log 2014-02-15 20:26 - 2014-02-15 20:26 - 00000000 ____D () C:\Program Files\HiJackThis 2014-02-15 20:23 - 2014-02-15 19:44 - 00000000 ____D () C:\zoek_backup 2014-02-15 20:07 - 2014-02-15 20:07 - 00109508 _____ () C:\Users\Public\Desktop\sample_022014_2007.zip 2014-02-15 19:41 - 2014-02-15 19:40 - 00000000 ____D () C:\Users\Davis\Desktop\zoek 2014-02-15 19:38 - 2014-02-15 19:40 - 04088082 _____ () C:\Users\Davis\Desktop\zoek.zip 2014-02-15 19:35 - 2012-12-11 17:43 - 00000938 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1003Core.job 2014-02-15 19:35 - 2012-12-11 17:26 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1003Core.job 2014-02-15 15:36 - 2014-02-15 15:36 - 00002101 _____ () C:\Users\Davis\Desktop\RKreport[0]_S_02152014_153625.txt 2014-02-15 15:13 - 2010-09-25 09:49 - 00000008 ___RS () C:\Users\Davis\ntuser.pol 2014-02-15 15:08 - 2014-02-15 15:17 - 03813376 _____ () C:\Users\Davis\Desktop\RogueKiller.exe 2014-02-15 10:11 - 2014-02-15 10:11 - 372136236 _____ () C:\Windows\MEMORY.DMP 2014-02-15 10:11 - 2014-02-15 10:11 - 00143248 _____ () C:\Windows\Minidump\Mini021514-01.dmp 2014-02-15 10:11 - 2010-04-09 21:06 - 00000000 ____D () C:\Windows\Minidump 2014-02-15 09:04 - 2006-11-02 12:47 - 00407168 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-02-14 22:43 - 2012-03-13 18:03 - 00115752 _____ () C:\Users\Davis\AppData\Local\GDIPFONTCACHEV1.DAT 2014-02-14 22:15 - 2014-02-14 22:15 - 00000000 ____D () C:\Windows\SoftwareDistribution.old 2014-02-14 21:22 - 2011-10-12 16:05 - 00000000 ____D () C:\Program Files\Pivot Stickfigure Toolbar 2014-02-14 21:13 - 2014-02-14 21:13 - 00000000 ____D () C:\Users\Davis\AppData\Roaming\SUPERAntiSpyware.com 2014-02-14 21:13 - 2014-02-14 21:13 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com 2014-02-14 21:10 - 2014-02-14 20:49 - 00030464 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys 2014-02-14 21:01 - 2014-02-14 21:01 - 00041736 _____ () C:\Windows\system32\.crusader 2014-02-14 21:01 - 2014-02-14 20:49 - 00000000 ____D () C:\ProgramData\HitmanPro 2014-02-14 20:42 - 2008-07-01 15:05 - 00000000 ___HD () C:\Windows\msdownld.tmp 2014-02-14 20:37 - 2006-11-02 10:33 - 00005526 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-02-14 20:32 - 2014-02-14 20:32 - 00000000 _____ () C:\Windows\setuperr.log 2014-02-14 20:32 - 2013-04-05 18:48 - 00005604 _____ () C:\Windows\setupact.log 2014-02-14 20:11 - 2014-02-14 20:11 - 00688992 ____R (Swearware) C:\Users\Davis\Desktop\dds.com 2014-02-14 19:53 - 2014-02-14 19:53 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware 2014-02-14 19:53 - 2012-03-13 12:24 - 00000911 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-02-14 19:23 - 2014-02-14 19:23 - 00000000 ____D () C:\Windows\ERUNT 2014-02-14 18:55 - 2014-02-14 18:52 - 00000087 _____ () C:\Windows\system32\zerobyte_files_deleted.txt 2014-02-14 18:55 - 2006-11-02 11:18 - 00000000 __RHD () C:\Users\Default 2014-02-14 18:54 - 2014-02-14 18:52 - 00000095 _____ () C:\Windows\zerobyte_files_deleted.txt 2014-02-14 18:14 - 2013-10-01 15:27 - 00000847 _____ () C:\Users\Public\Desktop\AVG 2014.lnk 2014-02-14 17:17 - 2013-01-29 21:00 - 00006144 _____ () C:\Users\Mrs georgia bolgar\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-02-14 16:56 - 2006-11-02 11:18 - 00000000 ____D () C:\Windows\system32\CatRoot2.old 2014-02-12 17:49 - 2014-02-12 17:49 - 00000000 ____D () C:\Support 2014-02-11 15:42 - 2013-12-16 19:57 - 00000000 ____D () C:\Program Files\McAfee 2014-02-11 09:47 - 2014-02-11 09:47 - 00000000 ____D () C:\Program Files\McAfee Security Scan 2014-02-11 09:47 - 2012-12-04 16:01 - 00001924 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk 2014-02-08 12:35 - 2012-05-24 20:05 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-02-08 12:35 - 2011-12-13 09:18 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-02-04 20:13 - 2014-02-04 20:13 - 01069512 _____ (Solid State Networks) C:\Users\Davis\Downloads\install_flashplayer12x32au_mssd_awc_aih.exe 2014-02-04 15:12 - 2014-01-29 21:01 - 00000000 ____D () C:\ProgramData\toppbuyero 2014-02-04 15:12 - 2014-01-29 21:01 - 00000000 ____D () C:\ProgramData\DeuaalsFiindeorrPro 2014-02-04 14:40 - 2014-02-04 14:40 - 00001669 _____ () C:\Users\Public\Desktop\iTunes.lnk 2014-02-04 14:40 - 2014-02-04 14:39 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 2014-02-04 14:40 - 2014-02-04 14:39 - 00000000 ____D () C:\Program Files\iTunes 2014-02-04 14:39 - 2014-02-04 14:39 - 00000000 ____D () C:\Program Files\iPod 2014-02-04 14:39 - 2010-02-27 17:48 - 00000000 ____D () C:\Program Files\Common Files\Apple 2014-02-04 14:33 - 2010-02-27 17:48 - 00000000 ____D () C:\ProgramData\Apple 2014-01-26 16:20 - 2012-12-08 22:06 - 00000000 ____D () C:\Users\Davis\AppData\Roaming\Mozilla 2014-01-26 16:20 - 2008-12-28 19:03 - 00000000 ____D () C:\Users\Davis\AppData\Local\Google 2014-01-24 20:23 - 2013-01-23 16:30 - 00000949 _____ () C:\Users\Mrs georgia bolgar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2014-01-20 16:26 - 2014-01-20 16:25 - 01069512 _____ (Solid State Networks) C:\Users\Davis\Downloads\install_flashplayer12x32au_mssa_awc_aih.exe 2014-01-19 21:46 - 2014-01-19 21:46 - 00022808 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsshimx.sys ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\system32\winlogon.exe => MD5 is legit C:\Windows\system32\wininit.exe => MD5 is legit C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\services.exe => MD5 is legit C:\Windows\system32\User32.dll => MD5 is legit C:\Windows\system32\userinit.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-02-17 09:29 ==================== End Of Log ============================ Farbar Service Scanner Version: 16-02-2014 Ran by Davis (administrator) on 17-02-2014 at 10:20:49 Running from "C:\Users\Davis\Desktop" Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall"=DWORD:0 System Restore: ============ System Restore Disabled Policy: ======================== Security Center: ============ Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== WinDefend Service is not running. Checking service configuration: Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist. Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist. Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist. Other Services: ============== File Check: ======== C:\Windows\system32\nsisvc.dll => MD5 is legit C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit C:\Windows\system32\dhcpcsvc.dll => MD5 is legit C:\Windows\system32\Drivers\afd.sys => MD5 is legit C:\Windows\system32\Drivers\tdx.sys => MD5 is legit C:\Windows\system32\Drivers\tcpip.sys [2013-08-19 13:37] - [2013-07-05 03:20] - 0914880 ____A (Microsoft Corporation) 6D0D344F643E28B31262AC2682109A3C C:\Windows\system32\dnsrslvr.dll => MD5 is legit C:\Windows\system32\mpssvc.dll => MD5 is legit C:\Windows\system32\bfe.dll => MD5 is legit C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit C:\Windows\system32\SDRSVC.dll => MD5 is legit C:\Windows\system32\vssvc.exe => MD5 is legit C:\Windows\system32\wscsvc.dll => MD5 is legit C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit C:\Windows\system32\wuaueng.dll => MD5 is legit C:\Windows\system32\qmgr.dll => MD5 is legit C:\Windows\system32\es.dll => MD5 is legit C:\Windows\system32\cryptsvc.dll => MD5 is legit C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit **** End of log **** I have had to post the additions txt. Every time i went to attach it wouldnt an error in pink high light came up. Additional scan result of Farbar Recovery Scan Tool (x86) Version: 16-02-2014 Ran by Davis at 2014-02-17 10:16:44 Running from C:\Users\Davis\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: AVG Internet Security 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: AVG Internet Security 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664} FW: AVG Internet Security 2014 (Enabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2} ==================== Installed Programs ====================== Update for Microsoft Office 2007 (KB2508958) (Version: - Microsoft) 3Connect (Version: 2.0.0 - 3 Mobile Broadband) Activation Assistant for the 2007 Microsoft Office suites (Version: - Microsoft Corporation) Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden Adobe AIR (Version: 2.5.1.17730 - Adobe Systems Inc.) Adobe AIR (Version: 2.5.1.17730 - Adobe Systems Inc.) Hidden Adobe Flash Player 12 ActiveX (Version: 12.0.0.44 - Adobe Systems Incorporated) Adobe Flash Player 12 Plugin (Version: 12.0.0.44 - Adobe Systems Incorporated) Adobe Media Player (Version: 1.6 - Adobe Systems Incorporated) Adobe Reader 8.1.3 (Version: 8.1.3 - Adobe Systems Incorporated) Apple Application Support (Version: 3.0 - Apple Inc.) Apple Mobile Device Support (Version: 7.1.0.32 - Apple Inc.) Apple Software Update (Version: 2.1.3.127 - Apple Inc.) AusLogics Disk Defrag (Version: version 1.4 - Auslogics Software Pty Ltd) AVG 2014 (Version: 14.0.3615 - AVG Technologies) Hidden AVG 2014 (Version: 14.0.3705 - AVG Technologies) Hidden AVG 2014 (Version: 14.0.4335 - AVG Technologies) Hidden AVG 2014 (Version: 2014.0.4335 - AVG Technologies) AVG Security Toolbar (Version: 17.3.0.49 - AVG Technologies) Babylon toolbar on IE (Version: - ) <==== ATTENTION Bing Bar (Version: 7.3.124.0 - Microsoft Corporation) Bluetooth Stack for Windows by Toshiba (Version: v6.10.07.2(T) - TOSHIBA CORPORATION) Bonjour (Version: 3.0.0.10 - Apple Inc.) Camera Assistant Software for Toshiba (Version: 1.7.193.0508L - Chicony Electronics Co.,Ltd.) CCleaner (remove only) (Version: - ) CD/DVD Drive Acoustic Silencer (Version: 2.02.03 - TOSHIBA) Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000 - Microsoft Corporation) D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden DeuaalsFiindeorrPro (Version: - DealSoFindderPurO) DVD MovieFactory for TOSHIBA (Version: 5.51 - Ulead Systems, Inc.) Facebook Video Calling 1.2.0.287 (Version: 1.2.287 - Skype Limited) Facebook Video Calling 2.0.0.447 (Version: 2.0.447 - Skype Limited) Facemoods Toolbar (Version: - ) <==== ATTENTION Google Chrome (Version: 32.0.1700.107 - Google Inc.) Google Chrome Packages (HKCU Version: - ) <==== ATTENTION Google Desktop (Version: 5.9.1005.12335 - Google) Google Earth (Version: 7.1.2.2041 - Google) Google Talk Plugin (Version: 3.10.2.10212 - Google) Google Talk Plugin (Version: 4.9.1.16010 - Google) Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden Google Toolbar for Internet Explorer (Version: 7.5.4805.320 - Google Inc.) Google Update Helper (Version: 1.3.22.3 - Google Inc.) Hidden HDMI Control Manager (Version: 1.7 - TOSHIBA) Huawei modem (Version: - ) Inbox Toolbar (Version: 1.0.0 - Inbox.com, Inc.) Intel® Matrix Storage Manager (Version: - Intel Corporation) iTunes (Version: 11.1.4.62 - Apple Inc.) Java Auto Updater (Version: 2.0.2.4 - Sun Microsystems, Inc.) Hidden Java 6 Update 23 (Version: 6.0.230 - Sun Microsystems, Inc.) Java 6 Update 6 (Version: 1.6.0.60 - Sun Microsystems, Inc.) Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300 - Malwarebytes Corporation) MathmosScreensaver (Version: - ) McAfee Security Scan Plus (Version: 3.8.141.11 - McAfee, Inc.) McAfee SiteAdvisor (Version: 3.6.135 - McAfee, Inc.) Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Microsoft .NET Framework 3.5 SP1 (Version: - Microsoft Corporation) Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden Microsoft Office 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office File Validation Add-In (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook Connector (Version: 14.0.5118.5000 - Microsoft Corporation) Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation) Microsoft Works (Version: 9.7.0621 - Microsoft Corporation) Microsoft XML Parser (Version: 8.20.8730.4 - Microsoft Corporation) Hidden Mozilla Firefox 27.0.1 (x86 en-US) (Version: 27.0.1 - Mozilla) Mozilla Maintenance Service (Version: 27.0.1 - Mozilla) MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0 - Microsoft Corporation) myphotobook 3.5 (Version: 3.5 - myphotobook) OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden Pando Media Booster (Version: 2.3.6.0 - Pando Networks Inc.) ParetoLogic PC Health Advisor (Version: 3.1.4.0 - ParetoLogic, Inc.) Picasa 2 (Version: 2.0 - Google, Inc.) Pivot Stickfigure Animator version 2.2.6 (Version: 2.2.6 - ) Pivot Stickfigure Toolbar (Version: - ) QuickTime (Version: 7.74.80.86 - Apple Inc.) Realtek 8169 8168 8101E 8102E Ethernet Driver (Version: 1.00.0000 - Realtek) Realtek High Definition Audio Driver (Version: 6.0.1.5599 - Realtek Semiconductor Corp.) RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.02 (Version: 3.54.02 - ) Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden Spelling Dictionaries Support For Adobe Reader 8 (Version: 8.0.0 - Adobe Systems) Synaptics Pointing Device Driver (Version: 10.1.8.0 - Synaptics) toppbuyero (Version: - toppBuuyer) TOSHIBA Assist (Version: 2.01.04 - TOSHIBA) TOSHIBA ConfigFree (Version: 7.2.13 - TOSHIBA Corporation) TOSHIBA Disc Creator (Version: 2.0.1.3 - TOSHIBA Corporation) TOSHIBA DVD PLAYER (Version: 1.31.14 - TOSHIBA Corporation) TOSHIBA Extended Tiles for Windows Mobility Center (Version: 1.01.00 - TOSHIBA Corporation) TOSHIBA Extended Tiles for Windows Mobility Center (Version: 1.01.00 - TOSHIBA Corporation) Hidden TOSHIBA Face Recognition (Version: 2.0.2.32 - TOSHIBA) TOSHIBA Face Recognition (Version: 2.0.2.32 - TOSHIBA) Hidden TOSHIBA Hardware Setup (Version: 2.00.08 - ) TOSHIBA Manuals (Version: 7.40 - TOSHIBA) Toshiba Online Product Information (Version: 1.00.0012 - TOSHIBA) TOSHIBA Recovery Disc Creator (Version: 2.0.0.1b - TOSHIBA Corporation) TOSHIBA SD Memory Utilities (Version: 1.8.1.3 - TOSHIBA) TOSHIBA Software Modem (Version: 2.1.77 (SM2177ALD04) - Agere Systems) TOSHIBA Supervisor Password (Version: 2.00.04 - ) Toshiba TEMPRO (Version: 1.1 - Toshiba Europe GmbH) TOSHIBA Value Added Package (Version: 1.1.19 - TOSHIBA Corporation) TOSHIBA Value Added Package (Version: 1.1.19 - TOSHIBA Corporation) Hidden TRDCReminder (Version: 1.00.0015 - TOSHIBA) TRDCReminder (Version: 1.00.0015 - TOSHIBA) Hidden TRORDCLauncher (Version: 1.0.0.1 - TOSHIBA) TRORDCLauncher (Version: 1.0.0.1 - TOSHIBA) Hidden Update for 2007 Microsoft Office System (KB967642) (Version: - Microsoft) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3 - Microsoft Corporation) Update for Microsoft Office 2007 Help for Common Features (KB963673) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (Version: - Microsoft) Update for Microsoft Office Access 2007 Help (KB963663) (Version: - Microsoft) Update for Microsoft Office Excel 2007 Help (KB963678) (Version: - Microsoft) Update for Microsoft Office Infopath 2007 Help (KB963662) (Version: - Microsoft) Update for Microsoft Office OneNote 2007 Help (KB963670) (Version: - Microsoft) Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (Version: - Microsoft) Update for Microsoft Office Outlook 2007 Help (KB963677) (Version: - Microsoft) Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition (Version: - Microsoft) Update for Microsoft Office Powerpoint 2007 Help (KB963669) (Version: - Microsoft) Update for Microsoft Office Publisher 2007 Help (KB963667) (Version: - Microsoft) Update for Microsoft Office Script Editor Help (KB963671) (Version: - Microsoft) Update for Microsoft Office Word 2007 Help (KB963665) (Version: - Microsoft) Visual Studio 2012 x86 Redistributables (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Essentials (Version: 15.4.3555.0308 - Microsoft Corporation) Windows Live Family Safety (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Mail (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Mesh (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2 - Microsoft Corporation) Windows Live Messenger (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden Windows Live Messenger Companion Core (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live PIMT Platform (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden Windows Live Writer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Writer Resources (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Media Encoder 9 Series (Version: - ) Windows Media Encoder 9 Series (Version: 9.00.3374 - Microsoft Corporation) Hidden Yahoo! Messenger (Version: - Yahoo! Inc.) Yahoo! Toolbar (Version: - ) ==================== Restore Points ========================= 14-02-2014 22:19:36 D7 Automatic Restore Point 15-02-2014 19:49:58 zoek.exe restore point 16-02-2014 20:08:26 Installed Microsoft Fix it 50511 16-02-2014 20:46:26 Installed Microsoft Fix it 50569 17-02-2014 09:59:34 Scheduled Checkpoint ==================== Hosts content: ========================== 2006-11-02 10:23 - 2006-09-18 21:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ::1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {02A4E6F1-AA4D-4754-845A-55C6689AE0CB} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1000Core => C:\Users\Davis\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-11] (Facebook Inc.) Task: {06B560B5-A314-47C7-8C6C-2AC7B7595928} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-30] (Google Inc.) Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM Task: {2560A82A-F2F3-4C3C-BDE0-19FA730E4540} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1003UA => C:\Users\Georgia davis\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-17] (Google Inc.) Task: {266A7279-4868-4DBF-927E-31A2DFE2CC8C} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1000UA => C:\Users\Davis\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-11] (Facebook Inc.) Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI Task: {33E86F53-2D79-43AD-AE86-A03AB8A358E4} - \Scheduled Update for Ask Toolbar No Task File Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages Task: {420FBBC6-0B3F-4C90-9CC5-82BD76665CF8} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation) Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation) Task: {52ECF0AC-66F0-4E35-BEFE-052558A6BF29} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1000Core => C:\Users\Davis\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-17] (Google Inc.) Task: {5CCAFB2A-03CA-47DE-BD8E-637EB99D5073} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-30] (Google Inc.) Task: {84A4B13D-BB77-49A5-8CBF-E7CEAC6EF480} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1003UA => C:\Users\Georgia davis\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-11] (Facebook Inc.) Task: {8D00947C-618E-4A44-8892-EC731179BD4E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {97097F62-DE6A-43C9-9688-A5AE9BA9F2ED} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-08] (Adobe Systems Incorporated) Task: {9F44DF2E-7412-4ED0-A98A-CA6ADB373EB3} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1000UA => C:\Users\Davis\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-17] (Google Inc.) Task: {B693CFDD-969A-40A0-B38E-C22B5A54BCE4} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Davis => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-11] (Microsoft Corporation) Task: {C605864F-6899-4629-A990-E3845F2B26B7} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1003Core => C:\Users\Georgia davis\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-17] (Google Inc.) Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] () Task: {F0A380A3-ED6D-402C-BD83-B49308391B62} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1003Core => C:\Users\Georgia davis\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-11] (Facebook Inc.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1000Core.job => C:\Users\Davis\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1000UA.job => C:\Users\Davis\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1003Core.job => C:\Users\Georgia davis\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1003UA.job => C:\Users\Georgia davis\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1000Core.job => C:\Users\Davis\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1000UA.job => C:\Users\Davis\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1003Core.job => C:\Users\Georgia davis\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1003UA.job => C:\Users\Georgia davis\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\User_Feed_Synchronization-{7DB64578-8B9B-4A26-8F64-DF64F6338DB0}.job => C:\Windows\system32\msfeedssync.exe ==================== Loaded Modules (whitelisted) ============= 2013-11-17 15:58 - 2014-02-17 10:12 - 03578992 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\ProgramData\TEMP:373E1720 ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service" ==================== Disabled items from MSCONFIG ============== MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3 MSCONFIG\Services: AgereModemAudio => 2 MSCONFIG\Services: Apple Mobile Device => 2 MSCONFIG\Services: Bonjour Service => 2 MSCONFIG\Services: ConfigFree Service => 2 MSCONFIG\Services: GoogleDesktopManager-051210-111108 => 3 MSCONFIG\Services: gupdate => 2 MSCONFIG\Services: gupdatem => 3 MSCONFIG\Services: gusvc => 3 MSCONFIG\Services: iPod Service => 3 MSCONFIG\Services: McAfee SiteAdvisor Service => 2 MSCONFIG\Services: McComponentHostService => 3 MSCONFIG\Services: MozillaMaintenance => 3 MSCONFIG\Services: SmartFaceVWatchSrv => 3 MSCONFIG\Services: TempoMonitoringService => 2 MSCONFIG\Services: TNaviSrv => 2 MSCONFIG\Services: TODDSrv => 2 MSCONFIG\Services: TosCoSrv => 2 MSCONFIG\Services: TOSHIBA SMART Log Service => 2 MSCONFIG\Services: UleadBurningHelper => 2 MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Update Agent.lnk => C:\Windows\pss\Update Agent.lnk.CommonStartup MSCONFIG\startupfolder: C:^Users^Davis^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Media Player.lnk => C:\Windows\pss\Adobe Media Player.lnk.Startup MSCONFIG\startupreg: 00TCrdMain => %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" MSCONFIG\startupreg: AVG_UI => "C:\Program Files\AVG\AVG2014\avgui.exe" /TRAYONLY MSCONFIG\startupreg: Camera Assistant Software => "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start MSCONFIG\startupreg: cfFncEnabler.exe => cfFncEnabler.exe MSCONFIG\startupreg: ctfmon.exe => C:\WINDOWS\system32\ctfmon.exe MSCONFIG\startupreg: ehTray.exe => C:\Windows\ehome\ehTray.exe MSCONFIG\startupreg: Facebook Update => "C:\Users\Davis\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver MSCONFIG\startupreg: Google Desktop Search => "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup MSCONFIG\startupreg: Google EULA Launcher => c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe IE PA MSCONFIG\startupreg: Google Update => "C:\Users\Davis\AppData\Local\Google\Update\GoogleUpdate.exe" /c MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" MSCONFIG\startupreg: HDMICtrlMan => C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe MSCONFIG\startupreg: HSON => %ProgramFiles%\TOSHIBA\TBS\HSON.exe MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe" MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet MSCONFIG\startupreg: mobilegeni daemon => C:\Program Files\Mobogenie\DaemonProcess.exe MSCONFIG\startupreg: NDSTray.exe => NDSTray.exe MSCONFIG\startupreg: Pando Media Booster => C:\Program Files\Pando Networks\Media Booster\PMB.exe MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime MSCONFIG\startupreg: RtHDVCpl => RtHDVCpl.exe MSCONFIG\startupreg: Skytel => Skytel.exe MSCONFIG\startupreg: SmoothView => %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe" MSCONFIG\startupreg: swg => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" MSCONFIG\startupreg: SynTPEnh => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe MSCONFIG\startupreg: topi => C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup MSCONFIG\startupreg: Toshiba Registration => C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe MSCONFIG\startupreg: Toshiba TEMPO => C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe MSCONFIG\startupreg: TPwrMain => %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE MSCONFIG\startupreg: vProt => "C:\Program Files\AVG Secure Search\vprot.exe" MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide MSCONFIG\startupreg: WMPNSCFG => C:\Program Files\Windows Media Player\WMPNSCFG.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (02/17/2014 10:16:03 AM) (Source: Microsoft-Windows-CAPI2) (User: ) Description: -583 Error: (02/17/2014 10:16:03 AM) (Source: Microsoft-Windows-CAPI2) (User: ) Description: -583 Error: (02/17/2014 10:16:03 AM) (Source: Microsoft-Windows-CAPI2) (User: ) Description: -583 Error: (02/17/2014 10:16:03 AM) (Source: Microsoft-Windows-CAPI2) (User: ) Description: -583 Error: (02/17/2014 10:15:54 AM) (Source: Microsoft-Windows-CAPI2) (User: ) Description: -583 Error: (02/17/2014 10:15:54 AM) (Source: Microsoft-Windows-CAPI2) (User: ) Description: -583 Error: (02/17/2014 10:05:21 AM) (Source: Windows Search Service) (User: ) Description: The Windows Search Service has failed to create the SystemIndex search index. Internal error <4, 0x8004117f, Failed to add project: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects>. Error: (02/17/2014 10:05:21 AM) (Source: Windows Search Service) (User: ) Description: The Windows Search Service cannot open the Jet property store. Details: The content index server cannot update or access information because of a database error. Stop and restart the search service. If the problem persists, reset and recrawl the content index. In some cases it may be necessary to delete and recreate the content index. (0x8004117f) Error: (02/17/2014 10:05:19 AM) (Source: Windows Search Service) (User: ) Description: The Windows Search Service has failed to create the SystemIndex search index. Internal error <4, 0x8004117f, Failed to add project: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects>. Error: (02/17/2014 10:05:19 AM) (Source: Windows Search Service) (User: ) Description: The Windows Search Service cannot open the Jet property store. Details: The content index server cannot update or access information because of a database error. Stop and restart the search service. If the problem persists, reset and recrawl the content index. In some cases it may be necessary to delete and recreate the content index. (0x8004117f) System errors: ============= Error: (02/17/2014 10:05:21 AM) (Source: Service Control Manager) (User: ) Description: Windows Search13 Error: (02/17/2014 10:05:21 AM) (Source: Service Control Manager) (User: ) Description: Windows Search2147749155 (0x80040D23) Error: (02/17/2014 10:05:19 AM) (Source: Service Control Manager) (User: ) Description: Windows Search12 Error: (02/17/2014 10:05:19 AM) (Source: Service Control Manager) (User: ) Description: Windows Search2147749155 (0x80040D23) Error: (02/17/2014 10:05:17 AM) (Source: Service Control Manager) (User: ) Description: Windows Search11 Error: (02/17/2014 10:05:17 AM) (Source: Service Control Manager) (User: ) Description: Windows Search2147749155 (0x80040D23) Error: (02/17/2014 10:05:14 AM) (Source: Service Control Manager) (User: ) Description: Windows Search10 Error: (02/17/2014 10:05:14 AM) (Source: Service Control Manager) (User: ) Description: Windows Search2147749155 (0x80040D23) Error: (02/17/2014 10:05:12 AM) (Source: Service Control Manager) (User: ) Description: Windows Search9 Error: (02/17/2014 10:05:12 AM) (Source: Service Control Manager) (User: ) Description: Windows Search2147749155 (0x80040D23) Microsoft Office Sessions: ========================= Error: (05/15/2011 05:59:32 PM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 22 seconds with 0 seconds of active time. This session ended with a crash. Error: (11/08/2010 08:43:53 PM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0 seconds with 0 seconds of active time. This session ended with a crash. Error: (11/08/2010 08:43:11 PM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1145 seconds with 420 seconds of active time. This session ended with a crash. Error: (09/27/2010 06:33:40 PM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 9893 seconds with 2580 seconds of active time. This session ended with a crash. Error: (09/25/2010 09:39:25 PM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 41752 seconds with 2160 seconds of active time. This session ended with a crash. CodeIntegrity Errors: =================================== Date: 2014-02-17 10:16:33.732 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\hitmanpro37.sys because the set of per-page image hashes could not be found on the system. Date: 2014-02-17 10:16:33.436 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\hitmanpro37.sys because the set of per-page image hashes could not be found on the system. Date: 2014-02-17 10:16:33.139 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\hitmanpro37.sys because the set of per-page image hashes could not be found on the system. Date: 2014-02-17 10:16:32.843 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\hitmanpro37.sys because the set of per-page image hashes could not be found on the system. Date: 2014-02-17 10:16:32.547 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\hitmanpro37.sys because the set of per-page image hashes could not be found on the system. Date: 2014-02-17 10:16:32.250 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\hitmanpro37.sys because the set of per-page image hashes could not be found on the system. Date: 2014-02-17 10:16:31.954 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\hitmanpro37.sys because the set of per-page image hashes could not be found on the system. Date: 2014-02-17 10:16:31.657 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\hitmanpro37.sys because the set of per-page image hashes could not be found on the system. Date: 2014-02-17 10:16:17.025 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\hitmanpro37.sys because the set of per-page image hashes could not be found on the system. Date: 2014-02-17 10:16:16.728 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\hitmanpro37.sys because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Percentage of memory in use: 52% Total physical RAM: 2939.26 MB Available physical RAM: 1397.25 MB Total Pagefile: 6088.75 MB Available Pagefile: 4743.39 MB Total Virtual: 2047.88 MB Available Virtual: 1918.45 MB ==================== Drives ================================ Drive c: (Vista) (Fixed) (Total:232.64 GB) (Free:155.39 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive e: (Data) (Fixed) (Total:230.84 GB) (Free:225.41 GB) NTFS Drive f: (BEYONCE) (CDROM) (Total:4.14 GB) (Free:0 GB) UDF Drive g: (D7 PREMIUM) (Removable) (Total:1.87 GB) (Free:0.72 GB) FAT ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: 8F1901FC) Partition 1: (Not Active) - (Size=2 GB) - (Type=27) Partition 2: (Active) - (Size=233 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=231 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 2 GB) (Disk ID: 13CCC2B5) Partition 1: (Not Active) - (Size=2 GB) - (Type=06) ==================== End Of Log ============================ Thanks
  10. Hi, i would like to get it back to normal if possible, that would give me the option of a clean instal if its not posible. At least i would be able to back my documents up with full confidence. Can we contnue please. Thanks
  11. Hi, i have tried the navpane reset for outlook pst repair and scanpst.exe but outlook still not starting, however here are the results for the eset online scan. Lots to see: C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch1.zip Win32/Bagle.gen.zip worm C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch130.zip Win32/Bagle.gen.zip worm C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch132.zip Win32/Bagle.gen.zip worm C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch133.zip Win32/Bagle.gen.zip worm C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch136.zip Win32/Bagle.gen.zip worm C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch140.zip Win32/Bagle.gen.zip worm C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch5.zip Win32/Bagle.gen.zip worm C:\Users\All Users\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch1.zip Win32/Bagle.gen.zip worm C:\Users\All Users\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch130.zip Win32/Bagle.gen.zip worm C:\Users\All Users\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch132.zip Win32/Bagle.gen.zip worm C:\Users\All Users\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch133.zip Win32/Bagle.gen.zip worm C:\Users\All Users\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch136.zip Win32/Bagle.gen.zip worm C:\Users\All Users\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch140.zip Win32/Bagle.gen.zip worm C:\Users\All Users\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch5.zip Win32/Bagle.gen.zip worm C:\Users\Davis\AppData\LocalLow\WhiteSmoke\html\english\dictClientDic\index.html HTML/WhiteSmoke potentially unwanted application C:\Users\Davis\AppData\LocalLow\WhiteSmoke\html\english\dictClientDic\translator.html HTML/WhiteSmoke potentially unwanted application C:\Users\Guest\AppData\LocalLow\WhiteSmoke\html\english\dictClientDic\index.html HTML/WhiteSmoke potentially unwanted application C:\Users\Guest\AppData\LocalLow\WhiteSmoke\html\english\dictClientDic\translator.html HTML/WhiteSmoke potentially unwanted application C:\Users\Guest\AppData\Roaming\NCH Software\Program Files\Debut\debut.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application C:\Users\Guest\AppData\Roaming\NCH Software\Program Files\Debut\debutsetup_v1.64.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application C:\Users\Guest\AppData\Roaming\NCH Software\Program Files\Debut\uninst.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application C:\Users\Guest\Desktop\ApnToolbarInstaller.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application C:\Users\Guest\Desktop\pivot_setup2.2.6.exe Win32/Somoto.F potentially unwanted application C:\Users\Guest\Downloads\SmileyCentral.exe a variant of Win32/AdInstaller potentially unwanted application C:\zoek_backup\C_Users_Guest_AppData_Local_My Web Search Installer(0003b8a4).exe.vir a variant of Win32/Toolbar.MyWebSearch.K potentially unwanted application C:\zoek_backup\C_Users_Guest_AppData_Local_My Web Search Installer(00043d4d).exe.vir a variant of Win32/Toolbar.MyWebSearch.K potentially unwanted application C:\zoek_backup\C_Users_Guest_AppData_Local_My Web Search Installer(002a5b49).exe.vir a variant of Win32/Toolbar.MyWebSearch.K potentially unwanted application C:\zoek_backup\C_Program Files_BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarApp.dll a variant of Win32/Toolbar.Montiera.A potentially unwanted application C:\zoek_backup\C_Program Files_Conduit\Community Alerts\Alert.dll Win32/Toolbar.Conduit.Y potentially unwanted application C:\zoek_backup\C_Program Files_facemoods.com\facemoods\1.4.17.11\facemoodsApp.dll a variant of Win32/Toolbar.Montiera.A potentially unwanted application C:\zoek_backup\C_Program Files_facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe a variant of Win32/Toolbar.Montiera.A potentially unwanted application C:\zoek_backup\C_Program Files_Mobogenie\DaemonProcess.exe a variant of Win32/Mobogenie.A potentially unwanted application C:\zoek_backup\C_Program Files_Mobogenie\Mobogenie.exe a variant of Win32/Mobogenie.A potentially unwanted application C:\zoek_backup\C_Program Files_Mobogenie\nengine.dll Win32/NextLive.A potentially unwanted application C:\zoek_backup\C_Program Files_Mobogenie\UpdateMoboGenie.exe a variant of Win32/Mobogenie.A potentially unwanted application C:\zoek_backup\C_Program Files_Optimizer Pro\OptimizerPro.exe a variant of Win32/SpeedingUpMyPC application C:\zoek_backup\C_Program Files_Optimizer Pro\OptProCrashSvc.dll a variant of Win32/SProtector.G potentially unwanted application C:\zoek_backup\C_Program Files_Optimizer Pro\OptProLauncher.exe a variant of Win32/AdWare.SpeedingUpMyPC.D application C:\zoek_backup\C_Program Files_Optimizer Pro\OptProSmartScan.exe a variant of Win32/Adware.SpeedingUpMyPC.C application C:\zoek_backup\C_Program Files_WhiteSmoke\Registration.exe probably a variant of Win32/WhiteSmoke potentially unwanted application C:\zoek_backup\C_Program Files_WhiteSmoke\html\english\dictClientDic\index.html HTML/WhiteSmoke potentially unwanted application C:\zoek_backup\C_Program Files_WhiteSmoke\html\english\dictClientDic\translator.html HTML/WhiteSmoke potentially unwanted application C:\zoek_backup\C_ProgramData_Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application C:\zoek_backup\C_Users_Davis_AppData_LocalLow_AskToolbar\setup.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application C:\zoek_backup\C_Users_Davis_AppData_LocalLow_FunWebProducts\Installr\Cache\0010D3D2.exe a variant of Win32/Toolbar.MyWebSearch.O potentially unwanted application C:\zoek_backup\C_Users_Davis_AppData_Local_Babylon\Setup\BExternal.dll a variant of Win32/Toolbar.Babylon.F potentially unwanted application C:\zoek_backup\C_Users_Davis_AppData_Local_Babylon\Setup\IECookieLow.dll a variant of Win32/Toolbar.Babylon.E potentially unwanted application C:\zoek_backup\C_Users_Davis_AppData_Local_Babylon\Setup\Setup.exe a variant of Win32/Toolbar.Babylon.H potentially unwanted application C:\zoek_backup\C_Users_Davis_AppData_Local_Google_Chrome_User Data_Default_Extensions_gaiilaahiahdejapggenmdmafpmbipje\3.0.7.2_0\background.html Win32/DealPly.J potentially unwanted application C:\zoek_backup\C_Users_Davis_AppData_Local_Google_Chrome_User Data_Default_Extensions_niapdbllcanepiiimjjndipklodoedlc\1.0.3_0\yl.js JS/Adware.Yontoo.A application C:\zoek_backup\C_Users_Davis_AppData_Local_Mobogenie\Version\OldVersion\Mobogenie\DaemonProcess.exe Win32/Mobogenie.A potentially unwanted application C:\zoek_backup\C_Users_Davis_AppData_Local_Mobogenie\Version\OldVersion\Mobogenie\Mobogenie.exe a variant of Win32/Mobogenie.A potentially unwanted application C:\zoek_backup\C_Users_Davis_AppData_Local_Mobogenie\Version\OldVersion\Mobogenie\New_UpdateMoboGenie.exe a variant of Win32/Mobogenie.A potentially unwanted application C:\zoek_backup\C_Users_Georgia davis_AppData_Local_Google_Chrome_User Data_Default_Extensions_gaiilaahiahdejapggenmdmafpmbipje\3.0.7.2_0\background.html Win32/DealPly.J potentially unwanted application C:\zoek_backup\C_Users_Georgia davis_AppData_Local_Google_Chrome_User Data_Default_Extensions_niapdbllcanepiiimjjndipklodoedlc\1.0.3_0\yl.js JS/Adware.Yontoo.A application C:\zoek_backup\C_Users_Guest_AppData_Local_Google_Chrome_User Data_Default_Extensions_gaiilaahiahdejapggenmdmafpmbipje\3.0.7.2_0\background.html Win32/DealPly.J potentially unwanted application C:\zoek_backup\C_Users_Mrs georgia bolgar_AppData_Local_Google_Chrome_User Data_Default_Extensions_gaiilaahiahdejapggenmdmafpmbipje\3.0.7.2_0\background.html Win32/DealPly.J potentially unwanted application C:\zoek_backup\C_Users_Mrs georgia bolgar_AppData_Local_Google_Chrome_User Data_Default_Extensions_niapdbllcanepiiimjjndipklodoedlc\1.0.3_0\yl.js JS/Adware.Yontoo.A application
  12. Hi, things like google chrome profile corrupted, outlook still wont run, lots of blank shortcuts everywhere. Question. Would the computer be fit for me to safely backup all my documents and then do a factory restore.I would like to not have to do that but would it be OK to backup my stuff now? Thanks
  13. 3rd part c:\program files\toshiba\smartlogservice\tosipcsrv.exe 03/12/2007 08:03 UleadBurningHelper C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe ULCDRSvr Ulead Systems, Inc. 1.0.0.4 c:\program files\common files\ulead systems\dvd\ulcdrsvr.exe 12/03/2004 20:04 HKLM\System\CurrentControlSet\Services AgereSoftModem system32\DRIVERS\AGRSM.sys SoftModem Device Driver Agere Systems 2.1.77.0 c:\windows\system32\drivers\agrsm.sys 28/11/2006 20:10 Avgdiskx system32\DRIVERS\avgdiskx.sys AVG File Vault Driver AVG Technologies CZ, s.r.o. 14.0.0.4302 c:\windows\system32\drivers\avgdiskx.sys 25/11/2013 20:49 Avgfwfd system32\DRIVERS\avgfwd6x.sys AVG network filter driver AVG Technologies CZ, s.r.o. 14.0.0.4143 c:\windows\system32\drivers\avgfwd6x.sys 26/09/2013 07:44 AVGIDSDriver system32\DRIVERS\avgidsdriverx.sys AVG Technologies IDS Application Activity Monitor Driver AVG Technologies CZ, s.r.o. 14.0.0.4302 c:\windows\system32\drivers\avgidsdriverx.sys 25/11/2013 20:56 AVGIDSHX system32\DRIVERS\avgidshx.sys AVG Technologies IDS Application Activity Monitor Helper Driver AVG Technologies CZ, s.r.o. 14.0.0.4302 c:\windows\system32\drivers\avgidshx.sys 25/11/2013 20:56 AVGIDSShim system32\DRIVERS\avgidsshimx.sys AVG Technologies IDS Application Activity Monitor Shim Loader Driver AVG Technologies CZ, s.r.o. 14.0.0.4329 c:\windows\system32\drivers\avgidsshimx.sys 19/01/2014 20:46 Avgldx86 system32\DRIVERS\avgldx86.sys AVG AVI Loader Driver AVG Technologies CZ, s.r.o. 14.0.0.4219 c:\windows\system32\drivers\avgldx86.sys 31/10/2013 22:00 Avglogx system32\DRIVERS\avglogx.sys AVG Logging Driver AVG Technologies CZ, s.r.o. 14.0.0.4219 c:\windows\system32\drivers\avglogx.sys 31/10/2013 21:30 Avgmfx86 system32\DRIVERS\avgmfx86.sys AVG Resident Shield Minifilter Driver AVG Technologies CZ, s.r.o. 14.0.0.4206 c:\windows\system32\drivers\avgmfx86.sys 30/09/2013 22:49 Avgrkx86 system32\DRIVERS\avgrkx86.sys AVG Anti-Rootkit Driver AVG Technologies CZ, s.r.o. 14.0.0.4202 c:\windows\system32\drivers\avgrkx86.sys 09/09/2013 22:43 Avgtdix system32\DRIVERS\avgtdix.sys AVG Network connection watcher AVG Technologies CZ, s.r.o. 14.0.0.4089 c:\windows\system32\drivers\avgtdix.sys 01/08/2013 14:07 avgtp \??\C:\Windows\system32\drivers\avgtpx86.sys AVG Technologies 17.0.0.3 c:\windows\system32\drivers\avgtpx86.sys 29/08/2013 07:26 BrFiltLo \SystemRoot\system32\drivers\brfiltlo.sys Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver Brother Industries, Ltd. 1.10.0.2 c:\windows\system32\drivers\brfiltlo.sys 06/08/2006 21:33 BrFiltUp \SystemRoot\system32\drivers\brfiltup.sys Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver Brother Industries, Ltd. 1.4.0.1 c:\windows\system32\drivers\brfiltup.sys 06/08/2006 21:33 BrUsbSer \SystemRoot\system32\drivers\brusbser.sys Brother USB Serial Driver Brother Industries Ltd. 1.0.1.3 c:\windows\system32\drivers\brusbser.sys 09/08/2006 12:02 E1G60 system32\DRIVERS\E1G60I32.sys Intel® PRO/1000 Adapter NDIS 6 deserialized driver Intel Corporation 8.3.2.8 c:\windows\system32\drivers\e1g60i32.sys 07/08/2007 16:14 FwLnk system32\DRIVERS\FwLnk.sys TOSHIBA Firmware Linkage 32-bit Driver TOSHIBA Corporation 1.0.0.3 c:\windows\system32\drivers\fwlnk.sys 19/11/2006 14:11 GEARAspiWDM system32\DRIVERS\GEARAspiWDM.sys CD DVD Filter GEAR Software Inc. 2.2.3.0 c:\windows\system32\drivers\gearaspiwdm.sys 03/05/2012 19:55 hitmanpro37 \??\C:\Windows\system32\drivers\hitmanpro37.sys HitmanPro 3.7 Support Driver 1.3.7.6 c:\windows\system32\drivers\hitmanpro37.sys 11/04/2013 14:47 hwdatacard system32\DRIVERS\ewusbmdm.sys File not found: system32\DRIVERS\ewusbmdm.sys iaStor system32\DRIVERS\iaStor.sys Intel Matrix Storage Manager driver - ia32 Intel Corporation 8.0.0.1039 c:\windows\system32\drivers\iastor.sys 16/04/2008 00:07 igfx system32\DRIVERS\igdkmd32.sys Intel Graphics Kernel Mode Driver Intel Corporation 7.15.10.1502 c:\windows\system32\drivers\igdkmd32.sys 13/06/2008 01:43 IntcAzAudAddService system32\drivers\RTKVHDA.sys Realtek® High Definition Audio Function Driver Realtek Semiconductor Corp. 6.0.1.5599 c:\windows\system32\drivers\rtkvhda.sys 09/04/2008 09:59 IntcHdmiAddService system32\drivers\IntcHdmi.sys Intel® High Definition Audio HDMI Intel® Corporation 6.10.1.2059 c:\windows\system32\drivers\intchdmi.sys 20/06/2008 19:37 IpInIp system32\DRIVERS\ipinip.sys IP in IP Tunnel Driver File not found: system32\DRIVERS\ipinip.sys Netaapl system32\DRIVERS\netaapl.sys Apple Mobile Device Ethernet Apple Inc. 1.8.5.1 c:\windows\system32\drivers\netaapl.sys 15/07/2013 22:38 NETw5v32 system32\DRIVERS\NETw5v32.sys Intel© Wireless WiFi Link Driver Intel Corporation 12.0.0.73 c:\windows\system32\drivers\netw5v32.sys 28/04/2008 13:29 NwlnkFlt system32\DRIVERS\nwlnkflt.sys IPX Traffic Filter Driver File not found: system32\DRIVERS\nwlnkflt.sys NwlnkFwd system32\DRIVERS\nwlnkfwd.sys IPX Traffic Forwarder Driver File not found: system32\DRIVERS\nwlnkfwd.sys PxHelp20 System32\Drivers\PxHelp20.sys Px Engine Device Driver for Windows 2000/XP Sonic Solutions 3.0.67.0 c:\windows\system32\drivers\pxhelp20.sys 20/06/2007 22:26 rimmptsk system32\DRIVERS\rimmptsk.sys RICOH SD Driver REDC 6.0.3.5 c:\windows\system32\drivers\rimmptsk.sys 15/02/2008 09:01 rimsptsk system32\DRIVERS\rimsptsk.sys RICOH MS Driver REDC 6.0.1.11 c:\windows\system32\drivers\rimsptsk.sys 30/07/2007 01:42 rismxdp system32\DRIVERS\rixdptsk.sys RICOH XD SM Driver REDC 6.0.1.13 c:\windows\system32\drivers\rixdptsk.sys 30/07/2007 02:54 RTL8169 system32\DRIVERS\Rtlh86.sys Realtek 8101E/8168/8169 NDIS6 32-bit Driver Realtek Corporation 6.205.403.2008 c:\windows\system32\drivers\rtlh86.sys 15/04/2008 02:05 SASDIFSV \??\C:\Users\Davis\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV.SYS File not found: C:\Users\Davis\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV.SYS SASKUTIL \??\C:\Users\Davis\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL.SYS File not found: C:\Users\Davis\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL.SYS secdrv secdrv Macrovision SECURITY Driver Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. 4.3.86.0 c:\windows\system32\drivers\secdrv.sys 13/09/2006 13:18 SynTP system32\DRIVERS\SynTP.sys Synaptics Touchpad Driver Synaptics, Inc. 10.1.8.0 c:\windows\system32\drivers\syntp.sys 07/12/2007 01:41 tdcmdpst system32\DRIVERS\tdcmdpst.sys Toshiba ODD Writing Driver For x86. TOSHIBA Corporation. 2.0.0.0 c:\windows\system32\drivers\tdcmdpst.sys 18/10/2006 02:50 tosrfec system32\DRIVERS\tosrfec.sys TOSHIBA Bluetooth EC Driver TOSHIBA Corporation 5.0.1023.0 c:\windows\system32\drivers\tosrfec.sys 23/10/2006 07:32 tos_sps32 system32\DRIVERS\tos_sps32.sys tos_sps2 TOSHIBA Corporation 4.0.2007.1115 c:\windows\system32\drivers\tos_sps32.sys 15/11/2007 02:49 TVALZ system32\DRIVERS\TVALZ_O.SYS TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver TOSHIBA Corporation 2.0.0.1 c:\windows\system32\drivers\tvalz_o.sys 09/11/2007 03:07 USBAAPL System32\Drivers\usbaapl.sys Apple Mobile Device USB Driver Apple, Inc. 1.64.0.0 c:\windows\system32\drivers\usbaapl.sys 27/11/2012 23:37 UVCFTR System32\Drivers\UVCFTR_S.SYS UVCFTR_S.sys Chicony Electronics Co., Ltd. 1.1.1.238 c:\windows\system32\drivers\uvcftr_s.sys 27/11/2007 10:38 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers {B65F237C-AAFF-4df7-8872-91B65663E41F} HKCR\CLSID\{B65F237C-AAFF-4df7-8872-91B65663E41F} c:\windows\system32\smartfacevcp.dll 24/04/2008 09:42 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify igfxcui igfxdev.dll igfxdev Module Intel Corporation 7.14.10.1502 c:\windows\system32\igfxdev.dll 13/06/2008 01:06 HKCU\Control Panel\Desktop\Scrnsave.exe C:\Windows\system32\MATHMO~1.SCR C:\Windows\system32\MATHMO~1.SCR ScreenTime Screensaver Engine ScreenTime Media 3.5.4.0 c:\windows\system32\mathmosscreensaver.scr 11/10/2007 22:33 HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors PCL hpz3llhn hpz3llhn.dll LanguageMonitor Hewlett-Packard Company 61.53.25.9 c:\windows\system32\hpz3llhn.dll 19/01/2008 07:29 Toshiba Bluetooth Monitor tbtmon.dll TOSHIBA CORPORATION. 5.0.1208.0 c:\windows\system32\tbtmon.dll 08/12/2006 02:05 HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries mdnsNSP C:\Program Files\Bonjour\mdnsNSP.dll Bonjour Namespace Provider Apple Inc. 3.0.0.10 c:\program files\bonjour\mdnsnsp.dll 31/08/2011 05:44 HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms rdpclip rdpclip File not found: rdpclip HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run SynTPEnh C:\Program Files\Synaptics\SynTP\SynTPEnh.exe Synaptics TouchPad Enhancements Synaptics, Inc. 10.1.8.0 c:\program files\synaptics\syntp\syntpenh.exe 07/12/2007 01:20 NDSTray.exe NDSTray.exe ConfigFree Task tray menu TOSHIBA CORPORATION 7.0.1.12 C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe 16/04/2008 15:21 Persistence C:\Windows\system32\igfxpers.exe persistence Module Intel Corporation 7.14.10.1502 c:\windows\system32\igfxpers.exe 13/06/2008 01:06 RtHDVCpl RtHDVCpl.exe HD Audio Control Panel Realtek Semiconductor 1.0.0.166 c:\windows\rthdvcpl.exe 08/04/2008 07:14 Skytel Skytel.exe Realtek Voice Manager Realtek Semiconductor Corp. 2.0.2.0 c:\windows\skytel.exe 20/11/2007 10:15 HDMICtrlMan C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe HDMICtrlMan.exe TOSHIBA Corporation. 1.6.0.0 c:\program files\toshiba\hdmictrlman\hdmictrlman.exe 26/04/2008 06:57 TPwrMain %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE TOSHIBA Power Saver TOSHIBA Corporation 1.0.0.1 c:\program files\toshiba\power saver\tpwrmain.exe 11/01/2008 01:57 Toshiba TEMPO C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe Toshiba TEMPRO Toshiba Europe GmbH 1.1.0.0 c:\program files\toshiba tempro\toshiba.tempo.ui.trayapplication.exe 23/04/2008 15:44 APSDaemon "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" Apple Push Apple Inc. 2.3.4.24 c:\program files\common files\apple\apple application support\apsdaemon.exe 07/12/2013 04:16 vProt "C:\Program Files\AVG Secure Search\vprot.exe" File not found: C:\Program Files\AVG Secure Search\vprot.exe AVG_UI "C:\Program Files\AVG\AVG2014\avgui.exe" /TRAYONLY AVG User Interface AVG Technologies CZ, s.r.o. 14.0.0.4330 c:\program files\avg\avg2014\avgui.exe 22/01/2014 11:17 QuickTime Task "C:\Program Files\QuickTime\QTTask.exe" -atboottime QuickTime Task Apple Inc. 7.7.4.0 c:\program files\quicktime\qttask.exe 01/05/2013 10:42 mobilegeni daemon C:\Program Files\Mobogenie\DaemonProcess.exe File not found: C:\Program Files\Mobogenie\DaemonProcess.exe iTunesHelper "C:\Program Files\iTunes\iTunesHelper.exe" iTunesHelper Apple Inc. 11.1.4.62 c:\program files\itunes\ituneshelper.exe 21/01/2014 00:03 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce AvgUninstallURL cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-lsf?lic=TlVIRDQtWUg5UEUtTzNQNEUtUVJERUstR0RKWjctVk9YVUw"&"inst=NzctMTIxODUzNjgzOS1GUDkyKzYtQkFSOUcrMS1GTCs5LVhPMzYrMS1DSUExMCsyLVNQMSsxLVNVUCs0LVRVRyszLVNQMVM0KzEtRERUKzAtTFNEKzItREQxMCsxLVNUMTBBUFArMS1QMTBNMTJDKzEtVTEwKzEtVEIrMS1GVUkrMi1QMTBUQisyLUVVTEErMS1TVFAxME0xMkNNKzEtU1QxMkFQUCsx"&"prod=55"&"ver=2012.0.1780"&"mid=84f5bd6a3a24b8b2df974b4dfa68e073-f53cc401da39bf00f11a57d79d9871e18aeaa71d File not found: http://www.avg.com/ww.special-uninstallation-feedback-lsf?lic=TlVIRDQtWUg5UEUtTzNQNEUtUVJERUstR0RKWjctVk9YVUw"&"inst=NzctMTIxODUzNjgzOS1GUDkyKzYtQkFSOUcrMS1GTCs5LVhPMzYrMS1DSUExMCsyLVNQMSsxLVNVUCs0LVRVRyszLVNQMVM0KzEtRERUKzAtTFNEKzItREQxMCsxLVNUMTBBUFArMS1QMTBNMTJDKzEtVTEwKzEtVEIrMS1GVUkrMi1QMTBUQisyLUVVTEErMS1TVFAxME0xMkNNKzEtU1QxMkFQUCsx"&"prod=55"&"ver=2012.0.1780"&"mid=84f5bd6a3a24b8b2df974b4dfa68e073-f53cc401da39bf00f11a57d79d9871e18aeaa71d HKLM\SOFTWARE\Classes\Protocols\Handler dssrequest HKCR\CLSID\{5513F07E-936B-4E52-9B00-067394E91CC5} SiteAdvisor McAfee, Inc. 3.6.5.118 c:\program files\mcafee\siteadvisor\mcieplg.dll 24/01/2014 21:25 inbox HKCR\CLSID\{37540F19-DD4C-478B-B2DF-C19281BCAF27} File not found: C:\PROGRA~1\INBOXT~1\Inbox.dll linkscanner HKCR\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} File not found: C:\Program Files\AVG\AVG2012\avgpp.dll sacore HKCR\CLSID\{5513F07E-936B-4E52-9B00-067394E91CC5} SiteAdvisor McAfee, Inc. 3.6.5.118 c:\program files\mcafee\siteadvisor\mcieplg.dll 24/01/2014 21:25 viprotocol HKCR\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9} File not found: C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0\ViProtocol.dll C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup McAfee Security Scan Plus.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk McAfee Security Scanner Scheduler McAfee, Inc. 3.8.141.0 c:\program files\mcafee security scan\3.8.141\ssscheduler.exe 16/01/2014 00:31 Update Agent.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Update Agent.lnk 3Connect Auto Update Birdstep Technology 2.7.0.16 c:\program files\3\3connect\autoupdatesrv.exe 23/02/2009 18:42 HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components Google Chrome "C:\Program Files\Google\Chrome\Application\32.0.1700.102\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome Google Chrome Google Inc. 32.0.1700.102 c:\program files\google\chrome\application\32.0.1700.102\installer\chrmstp.exe 23/01/2014 04:32 HKCU\Software\Microsoft\Windows\CurrentVersion\Run TOSCDSPD C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe CD/DVD Drive Acoustic Silencer TOSHIBA 2.2.0.1 c:\program files\toshiba\toscdspd\toscdspd.exe 24/04/2008 05:03 Pando Media Booster C:\Program Files\Pando Networks\Media Booster\PMB.exe Pando Media Booster 2.3.6.0 c:\program files\pando networks\media booster\pmb.exe 09/06/2011 21:12 Facebook Update "C:\Users\Davis\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver Facebook Installer Facebook Inc. 1.2.205.0 c:\users\davis\appdata\local\facebook\update\facebookupdate.exe 06/07/2012 19:50 swg "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" GoogleToolbarNotifier Google Inc. 2.0.301.1654 c:\program files\google\googletoolbarnotifier\googletoolbarnotifier.exe 01/03/2007 22:23 Google Update "C:\Users\Davis\AppData\Local\Google\Update\GoogleUpdate.exe" /c Google Installer Google Inc. 1.3.21.103 c:\users\davis\appdata\local\google\update\googleupdate.exe 16/02/2012 02:43 Task Scheduler \Adobe Flash Player Updater "C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe" Adobe© Flash© Player Update Service 12.0 r0 Adobe Systems Incorporated 12.0.0.44 c:\windows\system32\macromed\flash\flashplayerupdateservice.exe 28/01/2014 01:56 \FacebookUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1000Core "C:\Users\Davis\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver Facebook Installer Facebook Inc. 1.2.205.0 c:\users\davis\appdata\local\facebook\update\facebookupdate.exe 06/07/2012 19:50 \FacebookUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1000UA "C:\Users\Davis\AppData\Local\Facebook\Update\FacebookUpdate.exe" /ua /installsource scheduler Facebook Installer Facebook Inc. 1.2.205.0 c:\users\davis\appdata\local\facebook\update\facebookupdate.exe 06/07/2012 19:50 \FacebookUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1003Core "C:\Users\Georgia davis\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver Facebook Installer Facebook Inc. 1.2.205.0 c:\users\georgia davis\appdata\local\facebook\update\facebookupdate.exe 02/07/2012 21:07 \FacebookUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1003UA "C:\Users\Georgia davis\AppData\Local\Facebook\Update\FacebookUpdate.exe" /ua /installsource scheduler Facebook Installer Facebook Inc. 1.2.205.0 c:\users\georgia davis\appdata\local\facebook\update\facebookupdate.exe 02/07/2012 21:07 \GoogleUpdateTaskMachineCore "C:\Program Files\Google\Update\GoogleUpdate.exe" /c Google Installer Google Inc. 1.2.183.9 c:\program files\google\update\googleupdate.exe 13/10/2009 23:04 \GoogleUpdateTaskMachineUA "C:\Program Files\Google\Update\GoogleUpdate.exe" /ua /installsource scheduler Google Installer Google Inc. 1.2.183.9 c:\program files\google\update\googleupdate.exe 13/10/2009 23:04 \GoogleUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1000Core "C:\Users\Davis\AppData\Local\Google\Update\GoogleUpdate.exe" /c Google Installer Google Inc. 1.3.21.103 c:\users\davis\appdata\local\google\update\googleupdate.exe 16/02/2012 02:43 \GoogleUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1000UA "C:\Users\Davis\AppData\Local\Google\Update\GoogleUpdate.exe" /ua /installsource scheduler Google Installer Google Inc. 1.3.21.103 c:\users\davis\appdata\local\google\update\googleupdate.exe 16/02/2012 02:43 \GoogleUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1003Core "C:\Users\Georgia davis\AppData\Local\Google\Update\GoogleUpdate.exe" /c Google Installer Google Inc. 1.3.21.103 c:\users\georgia davis\appdata\local\google\update\googleupdate.exe 16/02/2012 02:43 \GoogleUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1003UA "C:\Users\Georgia davis\AppData\Local\Google\Update\GoogleUpdate.exe" /ua /installsource scheduler Google Installer Google Inc. 1.3.21.103 c:\users\georgia davis\appdata\local\google\update\googleupdate.exe 16/02/2012 02:43 \Apple\AppleSoftwareUpdate "C:\Program Files\Apple Software Update\SoftwareUpdate.exe" -task Apple Software Update Apple Inc. 2.1.3.127 c:\program files\apple software update\softwareupdate.exe 02/06/2011 00:46 \Microsoft\Windows\Wired\GatherWiredInfo "%windir%\system32\gatherWiredInfo.vbs" c:\windows\system32\gatherwiredinfo.vbs 21/01/2008 02:24 \Microsoft\Windows\Wireless\GatherWirelessInfo "%windir%\system32\gatherWirelessInfo.vbs" c:\windows\system32\gatherwirelessinfo.vbs 21/01/2008 02:23 HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects Adobe PDF Reader Link Helper HKCR\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} Adobe PDF Helper for Internet Explorer Adobe Systems Incorporated 8.0.0.456 c:\program files\common files\adobe\acrobat\activex\acroiehelper.dll 23/10/2006 07:08 MSS+ Identifier HKCR\CLSID\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01} Quick Browser Identifier for MSS+ Tool McAfee, Inc. 3.8.141.0 c:\program files\mcafee security scan\3.8.141\mcafeemss_ie.dll 16/01/2014 00:29 Google Toolbar Helper HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7} Google Toolbar Google Inc. 7.5.4805.320 c:\program files\google\google toolbar\googletoolbar_32.dll 05/12/2013 03:47 McAfee SiteAdvisor BHO HKCR\CLSID\{B164E929-A1B6-4A06-B104-2CD0E90A88FF} SiteAdvisor McAfee, Inc. 3.6.5.118 c:\program files\mcafee\siteadvisor\mcieplg.dll 24/01/2014 21:25 Java Plug-In 2 SSV Helper HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} Java Platform SE binary Sun Microsystems, Inc. 6.0.230.5 c:\program files\java\jre6\bin\jp2ssv.dll 13/11/2010 02:52 SMTTB2009 Class HKCR\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18} IE Toolbar Engine 4.2.0.7 c:\program files\pivot stickfigure toolbar\tbcore3.dll 16/02/2010 10:52 HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers AVG Shell Extension HKCR\CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} AVG Shell Extension AVG Technologies CZ, s.r.o. 14.0.0.4208 c:\program files\avg\avg2014\avgse.dll 07/10/2013 23:38 HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers SD Format HKCR\CLSID\{932CFB31-6AC9-4FE2-BEAC-A27FAF631D48} File not found: \SDFMTEXT.dll HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers MBAMShlExt HKCR\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3} Malwarebytes Anti-Malware Malwarebytes Corporation 1.70.0.0 c:\program files\malwarebytes' anti-malware\mbamext.dll 28/02/2013 20:39 HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers igfxcui HKCR\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} igfxpph Module Intel Corporation 7.14.10.1502 c:\windows\system32\igfxpph.dll 13/06/2008 01:06 HKLM\Software\Classes\Folder\Shellex\ColumnHandlers PDF Shell Extension HKCR\CLSID\{F9DB5320-233E-11D1-9F84-707F02C10627} PDF Shell Extension Adobe Systems, Inc. 8.1.0.0 c:\program files\common files\adobe\acrobat\activex\pdfshell.dll 11/05/2007 06:54 HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers AVG Shell Extension HKCR\CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} AVG Shell Extension AVG Technologies CZ, s.r.o. 14.0.0.4208 c:\program files\avg\avg2014\avgse.dll 07/10/2013 23:38 MBAMShlExt HKCR\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3} Malwarebytes Anti-Malware Malwarebytes Corporation 1.70.0.0 c:\program files\malwarebytes' anti-malware\mbamext.dll 28/02/2013 20:39 HKLM\Software\Microsoft\Internet Explorer\Toolbar Pivot Stickfigure Toolbar HKCR\CLSID\{338B4DFE-2E2C-4338-9E41-E176D497299E} IE Toolbar Engine 4.2.0.7 c:\program files\pivot stickfigure toolbar\tbcore3.dll 16/02/2010 10:52 Google Toolbar HKCR\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F} Google Toolbar Google Inc. 7.5.4805.320 c:\program files\google\google toolbar\googletoolbar_32.dll 05/12/2013 03:47 McAfee SiteAdvisor HKCR\CLSID\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} SiteAdvisor McAfee, Inc. 3.6.5.118 c:\program files\mcafee\siteadvisor\mcieplg.dll 24/01/2014 21:25 HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 msacm.l3acm C:\Windows\System32\l3codeca.acm MPEG Layer-3 Audio Codec for MSACM Fraunhofer Institut Integrierte Schaltungen IIS 1.9.0.402 c:\windows\system32\l3codeca.acm 21/01/2010 15:05 vidc.cvid iccvid.dll Cinepak© Codec Radius Inc. 1.10.0.13 c:\windows\system32\iccvid.dll 27/05/2010 20:08 msacm.dvacm C:\PROGRA~1\COMMON~1\ULEADS~1\vio\dvacm.acm Ulead DV Audio ACM Driver Ulead Systems, Inc. 8.0.0.0 c:\program files\common files\ulead systems\vio\dvacm.acm 06/09/2005 02:54 HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance Ulead DV Writer HKCR\CLSID\{020019F0-1313-4628-A978-ACDD105F5396} ulDVWriter Ulead System Inc. 1.0.0.3 c:\program files\common files\ulead systems\capture\uldvrite.ax 05/01/2006 06:35 Ulead Ogg Parser HKCR\CLSID\{08405FD6-CB7C-4EBA-8225-E38A3FF1CA13} ulOggParserFilter Ulead Systems, Inc. 1.0.0.2 c:\program files\common files\ulead systems\mpeg\uloggparserfilter.ax 18/11/2005 07:13 InterVideo Stream Buffer Filter HKCR\CLSID\{09FE0BA8-B7FA-4D82-8669-C62557470B5B} InterVideo Stream Buffer Filter InterVideo Inc. 3.0.85.0 c:\program files\intervideo\common\bin\smbuffer.ax 08/06/2007 09:22 InterVideo Audio Encoder HKCR\CLSID\{0CD2E140-8D60-11D3-9C32-00104B3801F6} InterVideo?Audio Encoder Filter InterVideo Inc. 3.1.6.0 c:\program files\intervideo\common\bin\iviaenc.ax 08/06/2007 09:31 InterVideo Demux HKCR\CLSID\{105808AA-413D-4F32-898B-C15457292D55} InterVideo© MPEG System Demultiplexer Filter InterVideo Inc. 3.1.6.0 c:\program files\intervideo\common\bin\ividemxx.ax 08/06/2007 09:36 Ulead Push Source Filter HKCR\CLSID\{185C9200-4CF8-4554-B06A-87014703D182} Ulead Push Source Filter Ulead Systems, Inc. 1.0.0.0 c:\program files\common files\ulead systems\mpeg\ulpushsource.ax 24/11/2003 02:44 Ulead Sub-Picture Push Source Filter HKCR\CLSID\{185C9230-4CF8-4554-B06A-87014703D182} Ulead Sub-Picture Push Source Filter Ulead Systems, Inc. 1.0.0.3 c:\program files\common files\ulead systems\mpeg\ulsubpicpushsource.ax 10/11/2004 04:29 InterVideo Time Shift HKCR\CLSID\{1D349B41-9B67-11D3-B718-00A0CC502E02} InterVideo Time Shifting Filter InterVideo Inc. 3.1.6.0 c:\program files\intervideo\common\bin\ivits.ax 08/06/2007 09:29 DV V/A Source Filter HKCR\CLSID\{1E951F23-9C37-11D3-BA52-0000E8497C01} Ulead Systems, Inc. 7.0.0.0 c:\program files\common files\ulead systems\filters\dvsf.ax 06/09/2005 04:09 MPEG2 TS Source HKCR\CLSID\{237204D5-8343-400E-8037-B3C20DB2AB22} c:\program files\intervideo\common\bin\mpgtsrdr.ax 08/06/2007 09:17 TOSHIBA MPEG-2 Video Decoder (DVD) HKCR\CLSID\{264D9CAF-3F92-410A-9C26-C2BC0F6C3F98} TOSHIBA DVD Video Decoder Filter TOSHIBA Corporation 4.0.0.2 c:\program files\toshiba\toshiba dvd player\tosmp2dvd.ax 18/07/2008 12:48 Intervideo AMR Decoder HKCR\CLSID\{2E3E7E8E-D8AA-4D98-8299-92FCF22BFBB3} IVI AMR Decoding Intervideo, Inc. 8.1.0.0 c:\program files\intervideo\common\bin\amrdec.ax 08/06/2007 09:22 Ulead DVD Navigator HKCR\CLSID\{2E558380-63DF-FFD4-AF96-00105A6FE9A1} DVD Navigator filter Ulead Systems, Inc. 1.0.2.1 c:\program files\common files\ulead systems\dvd\uleaddvdnavigator.ax 21/01/2005 09:15 InterVideo Video Encoder HKCR\CLSID\{317DDB61-870E-11D3-9C32-00104B3801F6} InterVideo© MPEG Video Encoder Filter InterVideo Inc. 3.1.6.0 c:\program files\intervideo\common\bin\ivivenc.ax 08/06/2007 09:33 InterVideo Multiplexer HKCR\CLSID\{317DDB63-870E-11D3-9C32-00104B3801F7} InterVideo© MPEG System Multiplexer Filter InterVideo Inc. 3.1.6.0 c:\program files\intervideo\common\bin\ivimux.ax 08/06/2007 09:35 Ulead Video Deinterlace Filter HKCR\CLSID\{35D8C6F7-7799-4A41-BC05-787442F3A96D} Ulead Systems, Inc. 1.0.2.3 c:\program files\common files\ulead systems\filters\deinterlace.ax 24/06/2005 07:10 DV ACM V/A Source Filter HKCR\CLSID\{39AEA79A-BF43-475F-B4F9-15347CFBF2B3} Ulead Systems, Inc. 7.0.0.0 c:\program files\common files\ulead systems\filters\dvsf.ax 06/09/2005 04:09 DV Video Source Filter HKCR\CLSID\{46A06300-914A-11D3-BA52-0000E8497C01} Ulead Systems, Inc. 7.0.0.0 c:\program files\common files\ulead systems\filters\dvsf.ax 06/09/2005 04:09 TOSHIBA Audio Rate Converter HKCR\CLSID\{5623D5D1-E19A-4AB1-8C09-9901D9DEE730} TOSHIBA Audio Rate Converter TOSHIBA Corporation 2.0.1.4 c:\program files\common files\toshiba shared\tosarc.ax 13/11/2006 08:32 InterVideo VBI Decoder HKCR\CLSID\{5708A5D4-5DD4-44E4-A665-604BC2F1E921} InterVideo VBI Decoder Filter InterVideo, Inc. 1.0.0.0 c:\program files\intervideo\common\bin\ivvbidec.ax 08/06/2007 09:16 InterVideo MPEG4 Video Decoder HKCR\CLSID\{604C9C22-F099-4482-A416-A02DC1FB264C} InterVideo© MPEG4 Video Decoder Filter InterVideo Inc. 0.8.8.0 c:\program files\intervideo\common\bin\mp4vdec.ax 08/06/2007 09:28 InterVideo Down Scale Filter HKCR\CLSID\{61B82E90-51CD-464A-8DA8-19AA6AB6C834} InterVideo© Down Scale Filter InterVideo Inc. 3.1.6.0 c:\program files\intervideo\common\bin\ividowns.ax 08/06/2007 09:37 TOSHIBA DVD Navigator HKCR\CLSID\{644A066C-D62F-484A-B4F1-CF303314E80B} TOSHIBA DVD Navigator TOSHIBA Corporation 1.0.0.71 c:\program files\toshiba\toshiba dvd player\tdvdnavi.ax 18/07/2008 12:44 Ulead DV Scene Detect HKCR\CLSID\{67928E40-2811-11D4-867A-0000E84979ED} ulDvScDt Ulead system Inc. 1.0.0.6 c:\program files\common files\ulead systems\capture\uldvscdt.ax 15/11/2006 06:05 TOSHIBA Progress Monitor HKCR\CLSID\{76C6522B-124B-40CB-A0B9-831D946D202C} TOSHIBA Progress Monitor TOSHIBA Corporation 1.0.1.209 c:\program files\toshiba\toshiba disc creator\tprogmon.ax 09/02/2006 08:34 TOSHIBA WAV Converter HKCR\CLSID\{777B3831-F9CF-4F26-A534-49B5812C29CA} TOSHIBA Wav Converter TOSHIBA Corporation 1.0.0.315 c:\program files\toshiba\toshiba disc creator\twavconv.ax 15/03/2005 15:46 InterVideo Pre-scaling Filter HKCR\CLSID\{77829DBC-A0CA-4A8C-A509-680A6D6B96CB} InterVideo© PreScale Filter InterVideo Inc. 3.0.88.4 c:\program files\intervideo\common\bin\iviscale.ax 08/06/2007 09:34 Ulead DVD Video decoder 2 HKCR\CLSID\{7AB72E17-9774-4FEB-AC0F-0025E7209C47} DVD Video Decoder with DxVA Support Ulead Systems, Inc. 2.0.0.34 c:\program files\common files\ulead systems\mpeg\uldvdvideo.ax 02/03/2007 05:58 TOSHIBA DVD VR Navigator HKCR\CLSID\{7C0F691E-3BF0-4550-B644-CFF545B3EC30} TOSHIBA DVD Player TOSHIBA Corporation 1.0.0.1 c:\program files\toshiba\toshiba dvd player\tvrnavi.ax 18/07/2008 12:45 AAC Encoder HKCR\CLSID\{7D0A4271-675B-480B-A361-FAB146935C40} AACEnc InterVider 1.0.0.1 c:\program files\intervideo\common\bin\aacenc.ax 08/06/2007 09:25 Dib Output HKCR\CLSID\{80DB7AC0-5EB4-11D6-A62F-0010B5549630} Ulead Systems, Inc. 8.0.0.0 c:\program files\common files\ulead systems\filters\diboutput.ax 06/09/2005 03:16 Dib Receive HKCR\CLSID\{8188FE20-61FC-11D6-A62F-0010B5549630} Ulead Systems, Inc. 8.0.0.0 c:\program files\common files\ulead systems\filters\dibreceive.ax 06/09/2005 03:16 InterVideo PSIP/SI Filter HKCR\CLSID\{82801A43-A5CA-4EC6-9CA5-500E336ECCC9} InterVideo PSIP/SI Sections/Tables Filter InterVideo, Inc. 1.5.0.1 c:\program files\intervideo\common\bin\psidecod.ax 08/06/2007 09:15 InterVideo DVB Subpicture Filter HKCR\CLSID\{82801A43-D6FE-4EDD-9CA5-5020336ECCC9} InterVideo DVB Subtitle Decoder InterVideo, Inc. 1.0.0.1 c:\program files\intervideo\common\bin\dvbspic.ax 08/06/2007 09:17 InterVideo DVB DSM-CC Filter HKCR\CLSID\{82801A43-E2FE-2ADD-9CA5-502F336ECCC9} InterVideo DVB DSM-CC Decoder InterVideo, Inc. 1.0.0.1 c:\program files\intervideo\common\bin\dvbdsmcc.ax 08/06/2007 09:16 InterVideo Transport to Program Stream HKCR\CLSID\{82D03B28-1B7E-4806-B5A6-E6677C5D2CC4} InterVideo¸ Transport to Program Stream Converter InterVideo, Inc. 1.0.1.0 c:\program files\intervideo\common\bin\trtoprog.ax 08/06/2007 09:14 Ulead OggVorbis Encoder HKCR\CLSID\{973784FB-4EA9-47D1-99B8-6F7A4701BB3E} ulOggVorbisEncoderFilter Ulead Systems, Inc. 1.0.0.1 c:\program files\common files\ulead systems\mpeg\uloggvorbisencoderfilter.ax 29/09/2004 09:46 Ulead MPEG Transcoder HKCR\CLSID\{98BCB417-A0CF-4000-8E35-DD78244A319C} ulMPGTrans Ulead com 1.0.0.33 c:\program files\common files\ulead systems\mpeg\ulmpgtrans.ax 13/04/2005 07:06 ULead Infinite Pin Tee HKCR\CLSID\{9D35EDAD-0E77-41E6-9F75-E66FFDF5C3A2} Ulead Infinite Tee Filter Ulead Systems, Inc. 1.0.0.2 c:\program files\common files\ulead systems\mpeg\uinftee.ax 07/01/2003 08:11 Ulead MPEG-4 Splitter HKCR\CLSID\{A136224E-CB5C-42C4-B1D1-DBB8ADC7559D} MP4 Splitter Filter Ulead Systems, Inc. 1.0.4.0 c:\program files\common files\ulead systems\mpeg\ulspmp4.ax 14/11/2005 04:01 Ulead MPEG-4 Audio Decoder HKCR\CLSID\{A136226E-CB5C-42C4-B1D1-DBB8ADC7559D} MP4 AAC Audio Decoder Filter Ulead Systems, Inc. 2.0.1.4 c:\program files\common files\ulead systems\mpeg\uladmp4.ax 01/11/2005 07:18 Ulead MPEG-4 Video Decoder HKCR\CLSID\{A136228E-CB5C-42C4-B1D1-DBB8ADC7559D} MP4 Video Decoder Filter Ulead Systems, Inc. 2.0.1.5 c:\program files\common files\ulead systems\mpeg\ulvdmp4.ax 16/02/2006 08:13 InterVideo MPEG4 Video Encoder HKCR\CLSID\{A7375B02-8639-45A5-9C03-E2EFA88BF91D} InterVideo© MPEG4 Video Encoder Filter InterVideo Inc. 0.8.8.0 c:\program files\intervideo\common\bin\mp4venc.ax 08/06/2007 09:27 Ulead DVD Audio Decoder 2 HKCR\CLSID\{AAB9D072-4326-48E3-A11A-BE93442E5F86} Audio Decoder Ulead Systems, Inc. 2.0.0.45 c:\program files\common files\ulead systems\mpeg\uldvdaudio.ax 17/08/2005 16:23 InterVideo Stream Writer HKCR\CLSID\{AAD9D04B-4C0F-4149-AD80-828BFF207F48} InterVideo¸ Stream File Writer InterVideo, Inc. 1.0.2.0 c:\program files\intervideo\common\bin\stmrite.ax 08/06/2007 09:22 SFVCaptureFilter HKCR\CLSID\{AFF3FD47-AD22-4F1E-95FD-6FB78BB64F72} SmartFaceVCapt 2.0.0.0 c:\windows\system32\smartfacevcapt.dll 24/04/2008 09:43 TOSHIBA DualMono HKCR\CLSID\{C069585A-56E6-4DD3-A9C4-357C8197AEA8} TOSHIBA DualMono TOSHIBA Corporation 2.0.2.0 c:\program files\common files\toshiba shared\tosdualmono.ax 30/04/2008 07:22 InterVideo AAC (XForm) Decoder HKCR\CLSID\{CA809AB8-80DB-4649-B95E-B0C87BB36D0A} InterVideo AAC Decoder InterVideo Inc. 1.0.0.0 c:\program files\intervideo\common\bin\iviaacdec.ax 08/06/2007 09:24 Ulead MPEG Splitter HKCR\CLSID\{CF957F20-77FE-4192-A59F-95CA43BD04BA} ULead Mpeg I/II Splitter ULead Systems 1.0.0.105 c:\program files\common files\ulead systems\mpeg\ulspmpeg.ax 06/03/2006 12:52 Ulead MPEG Audio Decoder HKCR\CLSID\{CF957F30-77FE-4192-A59F-95CA43BD04BA} Audio Decoder Ulead Systems, Inc. 2.0.0.45 c:\program files\common files\ulead systems\mpeg\uldvdaudio.ax 17/08/2005 16:23 Ulead MPEG Video Decoder HKCR\CLSID\{CF957F40-77FE-4192-A59F-95CA43BD04BA} MPEG Video and Audio Decoder ULead Systems 1.0.0.85 c:\program files\common files\ulead systems\mpeg\uldsmpeg.ax 03/05/2007 09:17 Ulead MPEG Encoder HKCR\CLSID\{CF957F50-77FE-4192-A59F-95CA43BD04BA} MPEG Encoder and Muxer ULead Systems 1.0.2.49 c:\program files\common files\ulead systems\mpeg\ulesmpeg.ax 24/10/2005 06:32 Ulead MPEG Muxer HKCR\CLSID\{CF957F80-77FE-4192-A59F-95CA43BD04BA} MPEG Muxer ULead Systems 1.0.1.170 c:\program files\common files\ulead systems\mpeg\ulmxmpeg.ax 26/05/2007 00:02 ULead File Writer HKCR\CLSID\{CF957FA0-77FE-4192-A59F-95CA43BD04BA} File Dump Filter ULead Systems 1.0.0.2 c:\program files\common files\ulead systems\filters\uldump.ax 23/11/2004 06:39 ULead File Source (Async.) HKCR\CLSID\{CF957FA1-77FE-4192-A59F-95CA43BD04BA} Ulead Async Filter Ulead Systems 1.0.0.13 c:\program files\common files\ulead systems\mpeg\ulasync.ax 26/05/2005 17:06 InterVideo File Writer HKCR\CLSID\{D2288805-7D1E-49D4-9934-6D5B3728E155} InterVideo© File Writer Filter InterVideo Inc. 3.1.6.0 c:\program files\intervideo\common\bin\iviwrite.ax 08/06/2007 09:30 InterVideo Still Capture HKCR\CLSID\{DB080360-01B9-11D4-898C-00A0CC5211EF} InterVideo© Still Capture Filter InterVideo Inc. 3.1.6.0 c:\program files\intervideo\common\bin\iviscapt.ax 08/06/2007 09:34 TOSHIBA Audio Decoder DVD HKCR\CLSID\{E107D5ED-A870-4329-A750-74EF51808146} TOSHIBA Audio Decoder DVD TOSHIBA Corporation 2.0.1.6 c:\program files\toshiba\toshiba dvd player\tosauddecl.ax 18/07/2008 12:40 Ulead DVB Parser HKCR\CLSID\{F0CB4200-B513-43F8-9D05-24D9CE8DEF04} Ulead DVB Parser Filter Ulead Systems, Inc. 2.0.0.17 c:\program files\common files\ulead systems\mpeg\uldvbparser.ax 26/10/2005 07:27 Ulead Audio Dual Channel Filter HKCR\CLSID\{F16EB735-3E60-4696-88E3-32610C10D669} Ulead Audio Dual Channel Filter Ulead Systems, Inc. 1.0.0.2 c:\program files\common files\ulead systems\mpeg\uaudiodcfilter.ax 26/04/2004 03:30 Ulead OggVorbis Decoder HKCR\CLSID\{F4453C84-C133-43F2-9E12-A9AB4B1422FE} ulOggVorbisDecoderFilter Ulead Systems, Inc. 1.0.0.1 c:\program files\common files\ulead systems\mpeg\uloggvorbisdecoderfilter.ax 02/02/2005 03:25 InterVideo DV Pre-Process HKCR\CLSID\{F54FF744-9B63-48FE-9C76-1F1F3B7F1BD7} InterVideo DV Pre-Process Filter InterVideo 1.2.3.0 c:\program files\intervideo\common\bin\dvprocs.ax 08/06/2007 09:14 Intervideo AMR Encoder HKCR\CLSID\{FF7667A9-586B-499A-B72A-F31445004000} IVI AMR Encoding Intervideo, Inc. 8.1.0.0 c:\program files\intervideo\common\bin\amrenc.ax 08/06/2007 09:22 ==== Empty IE Cache ====================== C:\Users\Davis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Davis\AppData\Local\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Davis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot C:\Users\Davis\AppData\Local\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot ==== Empty FireFox Cache ====================== C:\Users\Davis\AppData\Local\Mozilla\Firefox\Profiles\xzk1ljzw.default\Cache emptied successfully ==== Empty Chrome Cache ====================== No Chrome Cache found ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=7684 folders=1853 588794814 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Georgia davis\AppData\Local\Temp emptied successfully C:\Users\Georgie\AppData\Local\Temp emptied successfully C:\Users\Guest\AppData\Local\Temp emptied successfully C:\Users\Mrs georgia bolgar\AppData\Local\Temp emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Users\Davis\AppData\Local\Temp will be emptied at reboot C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Davis\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\Davis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found "C:\Users\Davis\AppData\Local\Temporary Internet Files\Content.IE5\index.dat" not found ==== EOF on 15/02/2014 at 20:32:20.62 ======================
  14. 2nd Part [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HSON] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="HSON" "hkey"="HKLM" "command"="%ProgramFiles%\\TOSHIBA\\TBS\\HSON.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IgfxTray] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="IgfxTray" "hkey"="HKLM" "command"="C:\\Windows\\system32\\igfxtray.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="iTunesHelper" "hkey"="HKLM" "command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Messenger (Yahoo!)] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Messenger (Yahoo!)" "hkey"="HKCU" "command"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="QuickTime Task" "hkey"="HKLM" "command"="\"C:\\Program Files\\QuickTime\\QTTask.exe\" -atboottime" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SmoothView] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SmoothView" "hkey"="HKLM" "command"="%ProgramFiles%\\Toshiba\\SmoothView\\SmoothView.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SunJavaUpdateSched" "hkey"="HKLM" "command"="\"C:\\Program Files\\Common Files\\Java\\Java Update\\jusched.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\swg] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="swg" "hkey"="HKCU" "command"="\"C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\topi] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="topi" "hkey"="HKLM" "command"="C:\\Program Files\\TOSHIBA\\Toshiba Online Product Information\\topi.exe -startup" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Toshiba Registration] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Toshiba Registration" "hkey"="HKLM" "command"="C:\\Program Files\\Toshiba\\Registration\\ToshibaRegistration.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Toshiba TEMPO] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Toshiba TEMPO" "hkey"="HKLM" "command"="C:\\Program Files\\Toshiba TEMPRO\\Toshiba.Tempo.UI.TrayApplication.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WMPNSCFG] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="WMPNSCFG" "hkey"="HKCU" "command"="C:\\Program Files\\Windows Media Player\\WMPNSCFG.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Davis^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Media Player.lnk] "path"="C:\\Users\\Davis\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Adobe Media Player.lnk" "backup"="C:\\Windows\\pss\\Adobe Media Player.lnk.Startup" "backupExtension"=".Startup" "command"="C:\\PROGRA~1\\ADOBEM~1\\ADOBEM~1.EXE " "item"="Adobe Media Player" ==== Startup Folders ====================== 2008-07-01 15:08:20 1835 ----a-w- C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk 2008-07-01 15:08:20 1835 ----a-w- C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk 2009-09-27 17:59:29 1833 ----a-w- C:\Users\Georgie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk 2011-01-05 18:37:11 1116 ----a-w- C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk 2013-10-22 19:38:54 1116 ----a-w- C:\Users\Mrs georgia bolgar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk 2012-12-04 16:01:49 1924 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk 2009-01-09 15:45:23 641 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Update Agent.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [08/02/2014 12:35] C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1000Core.job --a------ C:\Users\Davis\AppData\Local\Facebook\Update\FacebookUpdate.exe [11/07/2012 21:31] C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1000UA.job --a------ C:\Users\Davis\AppData\Local\Facebook\Update\FacebookUpdate.exe [11/07/2012 21:31] C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1003Core.job --a------ C:\Users\Georgia davis\AppData\Local\Facebook\Update\FacebookUpdate.exe [11/12/2012 17:42] C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1003UA.job --a------ C:\Users\Georgia davis\AppData\Local\Facebook\Update\FacebookUpdate.exe [11/12/2012 17:42] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [30/01/2010 19:08] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [30/01/2010 19:08] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1000Core.job --a------ C:\Users\Davis\AppData\Local\Google\Update\GoogleUpdate.exe [17/09/2012 19:10] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1000UA.job --a------ C:\Users\Davis\AppData\Local\Google\Update\GoogleUpdate.exe [17/09/2012 19:10] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1003Core.job --a------ C:\Users\Georgia davis\AppData\Local\Google\Update\GoogleUpdate.exe [17/09/2012 19:10] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1003UA.job --a------ C:\Users\Georgia davis\AppData\Local\Google\Update\GoogleUpdate.exe [17/09/2012 19:10] C:\Windows\tasks\User_Feed_Synchronization-{7DB64578-8B9B-4A26-8F64-DF64F6338DB0}.job --ah----- C:\Windows\system32\msfeedssync.exe [16/06/2011 22:22] ==== Other Scheduled Tasks ====================== "C:\Windows\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\system32\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\Windows\system32\tasks\FacebookUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1000Core" [C:\Users\Davis\AppData\Local\Facebook\Update\FacebookUpdate.exe] "C:\Windows\system32\tasks\FacebookUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1000UA" [C:\Users\Davis\AppData\Local\Facebook\Update\FacebookUpdate.exe] "C:\Windows\system32\tasks\FacebookUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1003Core" [C:\Users\Georgia davis\AppData\Local\Facebook\Update\FacebookUpdate.exe] "C:\Windows\system32\tasks\FacebookUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1003UA" [C:\Users\Georgia davis\AppData\Local\Facebook\Update\FacebookUpdate.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1000Core" [C:\Users\Davis\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1000UA" [C:\Users\Davis\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1003Core" [C:\Users\Georgia davis\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1003UA" [C:\Users\Georgia davis\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\User_Feed_Synchronization-{7DB64578-8B9B-4A26-8F64-DF64F6338DB0}" [C:\Windows\system32\msfeedssync.exe] "C:\Windows\system32\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files\Apple Software Update\SoftwareUpdate.exe] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "{4ED1F68A-5463-4931-9384-8FFF5ED91D92}"="C:\Program Files\McAfee\SiteAdvisor" [11/02/2014 15:41] ==== Firefox Extensions ====================== ProfilePath: C:\Users\Davis\AppData\Roaming\Mozilla\Firefox\Profiles\xzk1ljzw.default - Undetermined - C:\ProgramData\AVG Secure Search\FireFoxExt\17.3.0.49 AppDir: C:\Program Files\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\Davis\AppData\Roaming\Mozilla\Firefox\Profiles\xzk1ljzw.default FD6ACD9D85177259D442A0C4AC15F7B8 - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_44.dll - Shockwave Flash 63EE2015B877A2E472CC59E05291AA39 - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMSS.dll - McAfee Security Scanner + 49CFBB2130C682FFDF2CEBEE9A2D556E - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll - iTunes Application Detector C36444D7301A8C881FC7296B092609C7 - C:\Users\Davis\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll - Google Update C36444D7301A8C881FC7296B092609C7 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll - Google Update FF0D6F82A0EC13952E83B9439100E45D - C:\Users\Davis\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin 68BCBB241EF254BC5100D9E6C06ECC71 - C:\Users\Davis\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll - Google Talk Plugin Video Accelerator 99FE6AFE80EB7FE3EEB75DC504A326A3 - C:\Users\Davis\AppData\Roaming\Mozilla\plugins\npo1d.dll - Google Talk Plugin Video Renderer AF42019A3B0EDBFA6878F75B9377A792 - C:\Users\Davis\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll - Google Talk Plugin EEEB86077BB4682B3FCFEDA5AED3E396 - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll - QuickTime Plug-in 7.7.4 BADFB0DCCD9B7E9F2F6EB7954D24EED1 - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll - QuickTime Plug-in 7.7.4 1153F58FACBC9731AF6CDF313F76DF29 - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll - QuickTime Plug-in 7.7.4 9E4F520270BF7301CC24E8FA67791C22 - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll - QuickTime Plug-in 7.7.4 E50A1DB5DE70D656287511297B42F9F2 - C:\Program Files\QuickTime\Plugins\npqtplugin.dll - QuickTime Plug-in 7.7.4 5B92CB0A3EEE50F6B9AE036B4F9B0F0C - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll - Google Earth Plugin BE501CBC29B2025A263D80D399F1797A - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll - Silverlight Plug-In C517E5EA7CEE783F3681F62D2A362E5B - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Windows Live? Photo Gallery 0EFA66E9384DBCED4D639FB9BDD97536 - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll - Pando Web Plugin 44CD19D98995CB3056F406113B175820 - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll - Java Deployment Toolkit 6.0.230.5 EA8FCF30D2961369435C84CE3B3063F1 - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll - Java Platform SE 6 U23 8130FF8214221BA5AC764909587E161A - C:\Program Files\Adobe\Reader 8.0\Reader\browser\nppdf32.dll - Adobe Acrobat AB87EEFFD18F2BAAFC274E7075EA6C67 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation B27CCB1168B1960AEC6E9D3E0E0F0D2A - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrlui.dll - Microsoft® Silverlight ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions bopakagnckmlgajfccecajhnimjiiedh - No path found[] fheoggkfdfchfphceeifdbepaooicaho - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx[02/02/2014 08:58] gaiilaahiahdejapggenmdmafpmbipje - C:\Program Files\DealPly\DealPly.crx[] ihflimipbcaljfnojhhknppphnnciiif - C:\Program Files\facemoods.com\facemoods\1.4.17.11\facemoods.crx[] jpmbfleldcgkldadpdinhjjopdfpjfjp - C:\Users\Davis\AppData\Local\Wajam\Chrome\wajam.crx[] niapdbllcanepiiimjjndipklodoedlc - C:\Program Files\Yontoo\YontooLayers.crx[] HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions gaiilaahiahdejapggenmdmafpmbipje - C:\Program Files\DealPly\DealPly.crx[] New Tab - Davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj DealPly - Davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje Facemoods - Davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif DeuaalsFiindeorrPro - Davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbjidnnbnonlmanfgmfghkcnhbkndleb AVG Safe Search - Davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla AVG Secure Search - Davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof Google Drive - Georgia davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Georgia davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - Georgia davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf DealPly - Georgia davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje Facemoods - Georgia davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif AVG Safe Search - Georgia davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla AVG Secure Search - Georgia davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof Gmail - Georgia davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia Entanglement - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd DealPly - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje Facemoods - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif DeuaalsFiindeorrPro - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbjidnnbnonlmanfgmfghkcnhbkndleb AVG Safe Search - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla Poppit - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi AVG Secure Search - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof DealPly - Mrs georgia bolgar\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje Facemoods - Mrs georgia bolgar\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif DeuaalsFiindeorrPro - Mrs georgia bolgar\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbjidnnbnonlmanfgmfghkcnhbkndleb AVG Security Toolbar - Mrs georgia bolgar\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof Instagram for Chrome - Mrs georgia bolgar\AppData\Local\Google\Chrome\User Data\Default\Extensions\opnbmdkdflhjiclaoiiifmheknpccalb ==== Chrome Fix ====================== C:\Users\Davis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.wajam.com_0.localstorage deleted successfully C:\Users\Davis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.wajam.com_0.localstorage-journal deleted successfully C:\Users\Davis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.getpricepeep.com_0.localstorage deleted successfully C:\Users\Davis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.getpricepeep.com_0.localstorage-journal deleted successfully C:\Users\Davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje deleted successfully C:\Users\Georgia davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje deleted successfully C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje deleted successfully C:\Users\Mrs georgia bolgar\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje deleted successfully C:\Users\Davis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gaiilaahiahdejapggenmdmafpmbipje_0.localstorage deleted successfully C:\Users\Davis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gaiilaahiahdejapggenmdmafpmbipje_0.localstorage-journal deleted successfully C:\Users\Davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif deleted successfully C:\Users\Georgia davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif deleted successfully C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif deleted successfully C:\Users\Mrs georgia bolgar\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif deleted successfully C:\Users\Davis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ihflimipbcaljfnojhhknppphnnciiif_0.localstorage deleted successfully C:\Users\Davis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ihflimipbcaljfnojhhknppphnnciiif_0.localstorage-journal deleted successfully C:\Users\Georgia davis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ihflimipbcaljfnojhhknppphnnciiif_0.localstorage deleted successfully C:\Users\Georgia davis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ihflimipbcaljfnojhhknppphnnciiif_0.localstorage-journal deleted successfully C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ihflimipbcaljfnojhhknppphnnciiif_0.localstorage deleted successfully C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ihflimipbcaljfnojhhknppphnnciiif_0.localstorage-journal deleted successfully C:\Users\Davis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_jpmbfleldcgkldadpdinhjjopdfpjfjp_0.localstorage deleted successfully C:\Users\Davis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_jpmbfleldcgkldadpdinhjjopdfpjfjp_0.localstorage-journal deleted successfully C:\Users\Davis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_niapdbllcanepiiimjjndipklodoedlc_0.localstorage deleted successfully C:\Users\Davis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_niapdbllcanepiiimjjndipklodoedlc_0.localstorage-journal deleted successfully C:\Users\Georgia davis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_niapdbllcanepiiimjjndipklodoedlc_0.localstorage deleted successfully C:\Users\Georgia davis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_niapdbllcanepiiimjjndipklodoedlc_0.localstorage-journal deleted successfully C:\Users\Davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbjidnnbnonlmanfgmfghkcnhbkndleb deleted successfully C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbjidnnbnonlmanfgmfghkcnhbkndleb deleted successfully C:\Users\Mrs georgia bolgar\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbjidnnbnonlmanfgmfghkcnhbkndleb deleted successfully C:\Users\Davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof deleted successfully C:\Users\Georgia davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof deleted successfully C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof deleted successfully C:\Users\Mrs georgia bolgar\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof deleted successfully C:\Users\Davis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ndibdjnfmopecpmkdieinmbadjfpblof_0.localstorage deleted successfully C:\Users\Davis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ndibdjnfmopecpmkdieinmbadjfpblof_0.localstorage-journal deleted successfully C:\Users\Georgia davis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ndibdjnfmopecpmkdieinmbadjfpblof_0.localstorage deleted successfully C:\Users\Georgia davis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ndibdjnfmopecpmkdieinmbadjfpblof_0.localstorage-journal deleted successfully C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ndibdjnfmopecpmkdieinmbadjfpblof_0.localstorage deleted successfully C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ndibdjnfmopecpmkdieinmbadjfpblof_0.localstorage-journal deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.ebay.co.uk/" "Default_Page_URL"="http://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA;" "Search Bar"="http://www.google.com/" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://uk.yahoo.com" "Start Page"="http://www.searchya.com/?s=0&a=foxtab&chnl=tc-100&cd=2XzuyEtN2Y1L1QzutDtDtBtCyC0ByEyCtCtDzyyCzztByE0AtN0D0Tzu0StAtDtDtN1L2XzutBtFtBtFtCtFtAyDyD&cr=480137568" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] @="http://uk.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://uk.search.yahoo.com" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs] "Tabs"="http://www.searchya.com/?s=2&a=foxtab&chnl=tc-100&cd=2XzuyEtN2Y1L1QzutDtDtBtCyC0ByEyCtCtDzyyCzztByE0AtN0D0Tzu0StAtDtDtN1L2XzutBtFtBtFtCtFtAyDyD&cr=480137568" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{839A7CA3-273C-4130-AFF3-7A4766001684}" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{839A7CA3-273C-4130-AFF3-7A4766001684}] not found New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896" "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="http://www.ebay.co.uk/" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" {413EC48B-03FB-4AD2-8F18-1B3525B940BD} Google Url="http://www.google.com/search?source=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7GGLL_en-GB" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" {70D46D94-BF1E-45ED-B567-48701376298E} Google Desktop Url="http://127.0.0.1:4664/search&s=PzUpTmDrCyJO6uiEzcPbAecchFQ?q={searchTerms}" ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} deleted successfully HKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} deleted successfully HKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} deleted successfully HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} deleted successfully HKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} deleted successfully HKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} deleted successfully HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully HKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully HKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully HKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully HKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully HKEY_CLASSES_ROOT\CLSID\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} deleted successfully HKEY_CLASSES_ROOT\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully HKEY_CLASSES_ROOT\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Approved Extensions\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} deleted successfully HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully HKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully HKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Approved Extensions\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully HKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1004\Software\Microsoft\Internet Explorer\Approved Extensions\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully HKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\{00000000-6E41-4FD3-8538-502F5495E5FC} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\avg@toolbar deleted successfully ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\ihflimipbcaljfnojhhknppphnnciiif deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc deleted successfully HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\iLivid deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Mobogenie deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\searchya deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\WhiteSmoke deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE} deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B} deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1 deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF deleted successfully ==== HijackThis Entries ====================== R3 - Default URLSearchHook is missing O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll O2 - BHO: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files\Microsoft\BingBar\7.3.124.0\BingExt.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: SMTTB2009 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Pivot Stickfigure Toolbar\tbcore3.dll O3 - Toolbar: Pivot Stickfigure Toolbar - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\Pivot Stickfigure Toolbar\tbcore3.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O3 - Toolbar: Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files\Microsoft\BingBar\7.3.124.0\BingExt.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [skytel] Skytel.exe O4 - HKLM\..\Run: [HDMICtrlMan] C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Toshiba TEMPO] C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe" O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2014\avgui.exe" /TRAYONLY O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [mobilegeni daemon] C:\Program Files\Mobogenie\DaemonProcess.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-lsf?lic=TlVIRDQtWUg5UEUtTzNQNEUtUVJERUstR0RKWjctVk9YVUw"&"inst=NzctMTIxODUzNjgzOS1GUDkyKzYtQkFSOUcrMS1GTCs5LVhPMzYrMS1DSUExMCsyLVNQMSsxLVNVUCs0LVRVRyszLVNQMVM0KzEtRERUKzAtTFNEKzItREQxMCsxLVNUMTBBUFArMS1QMTBNMTJDKzEtVTEwKzEtVEIrMS1GVUkrMi1QMTBUQisyLUVVTEErMS1TVFAxME0xMkNNKzEtU1QxMkFQUCsx"&"prod=55"&"ver=2012.0.1780"&"mid=84f5bd6a3a24b8b2df974b4dfa68e073-f53cc401da39bf00f11a57d79d9871e18aeaa71d O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Davis\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [Google Update] "C:\Users\Davis\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-21-1847146488-4185065798-1427826158-1004\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Mrs georgia bolgar') O4 - S-1-5-21-1847146488-4185065798-1427826158-1004 Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Mrs georgia bolgar') O4 - S-1-5-21-1847146488-4185065798-1427826158-1004 User Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Mrs georgia bolgar') O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (User 'Default user') O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe O4 - Global Startup: Update Agent.lnk = ? O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\PROGRA~1\INBOXT~1\Inbox.dll (file missing) O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (file missing) O18 - Protocol: rebinfo - {AF808758-C780-404C-A4EE-4526323FD9B6} - (no file) O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0\ViProtocol.dll (file missing) O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2014\avgfws.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2014\avgidsagent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2014\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: SmartFaceVWatchSrv - Toshiba - C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe O23 - Service: Notebook Performance Tuning Service (TempoMonitoringService) - Toshiba Europe GmbH - C:\Program Files\Toshiba TEMPRO\TempoSVC.exe O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe ==== Sysinternals Autoruns Log ====================== HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute bootdelete bootdelete File not found: bootdelete C:\Users\Davis\AppData\Local\Microsoft\Windows Sidebar\Settings.ini Search eBay C:\Program Files\windows sidebar\shared gadgets\eBaySearch.Gadget Quick search eBay eBay Inc. C:\Program Files\windows sidebar\shared gadgets\eBaySearch.Gadget\Gadget.xml 01/07/2008 15:14 Amazon.co.uk - Online Shopping C:\Program Files\windows sidebar\shared gadgets\amazonSearch.Gadget Amazon EU S.a.r.l. C:\Program Files\windows sidebar\shared gadgets\amazonSearch.Gadget\Gadget.xml 01/07/2008 15:14 HKLM\System\CurrentControlSet\Services AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes. Adobe Systems Incorporated 12.0.0.44 c:\windows\system32\macromed\flash\flashplayerupdateservice.exe 28/01/2014 01:56 AgereModemAudio C:\Windows\system32\agrsmsvc.exe Agere Soft Modem Call Progress Service Agere Systems 1.0.0.4 c:\windows\system32\agrsmsvc.exe 05/10/2006 17:10 Apple Mobile Device "C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe" Provides the interface to Apple mobile devices. Apple Inc. 17.327.4.11 c:\program files\common files\apple\mobile device support\applemobiledeviceservice.exe 07/12/2013 04:16 avgfws "C:\Program Files\AVG\AVG2014\avgfws.exe" AVG Firewall Service AVG Technologies CZ, s.r.o. 14.0.0.4204 c:\program files\avg\avg2014\avgfws.exe 23/09/2013 23:34 AVGIDSAgent "C:\Program Files\AVG\AVG2014\avgidsagent.exe" Provides Identity Protection Against Cyber Crime. AVG Technologies CZ, s.r.o. 14.0.0.4330 c:\program files\avg\avg2014\avgidsagent.exe 22/01/2014 11:19 avgwd "C:\Program Files\AVG\AVG2014\avgwdsvc.exe" AVG Watchdog Service AVG Technologies CZ, s.r.o. 14.0.0.4204 c:\program files\avg\avg2014\avgwdsvc.exe 23/09/2013 23:33 Bonjour Service "C:\Program Files\Bonjour\mDNSResponder.exe" Enables hardware devices and software services to automatically configure themselves on the network and advertise their presence. Apple Inc. 3.0.0.10 c:\program files\bonjour\mdnsresponder.exe 31/08/2011 05:40 ConfigFree Service "C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe" You can't stop this service, if you want to keep ConfigFree functionality fine. TOSHIBA CORPORATION 7.0.1.6 c:\program files\toshiba\configfree\cfsvcs.exe 16/04/2008 15:19 GoogleDesktopManager-051210-111108 "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" Updates Google Desktop with the latest security fixes, enhancements and features. This service only runs occasionally and thus does not affect your computer's performance. If this service is stopped or disabled, Google Desktop may not function correctly. Google 5.9.1005.12335 c:\program files\google\google desktop search\googledesktop.exe 12/05/2010 18:47 gupdate "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it. Google Inc. 1.2.183.9 c:\program files\google\update\googleupdate.exe 13/10/2009 23:04 gupdatem "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it. Google Inc. 1.2.183.9 c:\program files\google\update\googleupdate.exe 13/10/2009 23:04 gusvc "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" Google Updater keeps your Google software up to date. If Google Updater Service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. Google 2.4.2617.4952 c:\program files\google\common\google updater\googleupdaterservice.exe 02/03/2012 21:13 iPod Service "C:\Program Files\iPod\bin\iPodService.exe" iPod hardware management services Apple Inc. 11.1.4.62 c:\program files\ipod\bin\ipodservice.exe 21/01/2014 00:03 McAfee SiteAdvisor Service c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe McAfee SiteAdvisor Service McAfee, Inc. 3.6.5.103 c:\program files\mcafee\siteadvisor\mcsacore.exe 22/01/2014 21:44 McComponentHostService "C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe" McAfee Security Scan Component Host Service McAfee, Inc. 3.8.141.0 c:\program files\mcafee security scan\3.8.141\mcchsvc.exe 16/01/2014 00:29 MozillaMaintenance "C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe" The Mozilla Maintenance Service ensures that you have the latest and most secure version of Mozilla Firefox on your computer. Keeping Firefox up to date is very important for your online security, and Mozilla strongly recommends that you keep this service enabled. Mozilla Foundation 26.0.0.5087 c:\program files\mozilla maintenance service\maintenanceservice.exe 05/12/2013 17:09 SmartFaceVWatchSrv "C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe" Service for SmartFaceV Toshiba 2.0.2.0 c:\program files\toshiba\smartfacev\smartfacevwatchsrv.exe 24/04/2008 09:35 TempoMonitoringService "C:\Program Files\Toshiba TEMPRO\TempoSVC.exe" Toshiba Notebook Performance Tuning Service Toshiba Europe GmbH 1.1.0.0 c:\program files\toshiba tempro\temposvc.exe 04/04/2008 01:30 TNaviSrv C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe TOSHIBA Navi Support Service TOSHIBA Corporation 1.0.0.3 c:\program files\toshiba\toshiba dvd player\tnavisrv.exe 18/07/2008 09:56 TODDSrv C:\Windows\system32\TODDSrv.exe TDCSrv Application TOSHIBA Corporation 1.0.0.5 c:\windows\system32\toddsrv.exe 21/11/2007 07:53 TosCoSrv "C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe" TOSHIBA Power Saver manages power saving settings supported by TOSHIBA. These settings will not work if the service has stopped. TOSHIBA Corporation 1.0.0.1 c:\program files\toshiba\power saver\toscosrv.exe 11/01/2008 01:57 TOSHIBA SMART Log Service "C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe" TosIPCSrv.exe TOSHIBA Corporation 1.0.0.1
  15. Hi, i have the results below. Windows defender still wont start, outlook wont start, i have tried opening word and it stopped responding. Eventually the scren went blank and then a message popped up "Logon process has failed to create the security options dialogue" And had a white cross in a red circle saying "Failure - Security Options" Log results below. Zoek.exe v5.0.0.0 Updated 15-February-2014 Tool run by Davis on 15/02/2014 at 19:44:05.61. Microsoft® Windows Vista™ Home Premium 6.0.6002 Service Pack 2 x86 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Davis\Desktop\zoek\zoek.com [scan all users] [script inserted] ==== System Restore Info ====================== 15/02/2014 19:50:14 Zoek.exe System Restore Point Created Succesfully. ==== Creating Sample_022014_2007.zip ====================== Process rundll32.exe killed Copied file C:\Users\Guest\AppData\Local\My Web Search Installer(0003b8a4).exe to sample\My Web Search Installer(0003b8a4).exe Copied file C:\Users\Guest\AppData\Local\My Web Search Installer(00043d4d).exe to sample\My Web Search Installer(00043d4d).exe Copied file C:\Users\Guest\AppData\Local\My Web Search Installer(002a5b49).exe to sample\My Web Search Installer(002a5b49).exe sample\My Web Search Installer(0003b8a4).exe renamed to C86C315D57C6FFF86C90172BBB97B7E5 sample\My Web Search Installer(00043d4d).exe renamed to 23A48B0CBDFE460FF1F946C092D95A1A sample\My Web Search Installer(002a5b49).exe renamed to C86C315D57C6FFF86C90172BBB97B7E5 C:\Users\Public\Desktop\sample_022014_2007.zip created successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A} deleted successfully HKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully HKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1000\Software\Microsoft\Internet Explorer\SearchScopes\{7D90F210-925A-0367-D5DC-118BF7CE73F4} deleted successfully HKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1000\Software\Microsoft\Internet Explorer\SearchScopes\{839A7CA3-273C-4130-AFF3-7A4766001684} deleted successfully HKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e} deleted successfully HKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1000\Software\Microsoft\Internet Explorer\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e} deleted successfully HKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1004\Software\Microsoft\Internet Explorer\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e} deleted successfully HKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} deleted successfully HKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1000\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} deleted successfully HKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1000\Software\Microsoft\Internet Explorer\SearchScopes\{BB023032-3702-4A9E-8D83-0527144C8ABD} deleted successfully HKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1000\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6} deleted successfully HKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1000\Software\Microsoft\Internet Explorer\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4} deleted successfully HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully HKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully HKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully HKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully HKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} deleted successfully HKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} deleted successfully HKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} deleted successfully HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} deleted successfully HKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} deleted successfully HKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} deleted successfully HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4efb-9B51-7695ECA05670} deleted successfully HKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4efb-9B51-7695ECA05670} deleted successfully HKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4efb-9B51-7695ECA05670} deleted successfully HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4efb-9B51-7695ECA05670} deleted successfully HKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4efb-9B51-7695ECA05670} deleted successfully HKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4efb-9B51-7695ECA05670} deleted successfully HKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0} deleted successfully HKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0} deleted successfully HKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{33AA308B-B565-4376-AC66-59EE9B6AD13E} deleted successfully HKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{33AA308B-B565-4376-AC66-59EE9B6AD13E} deleted successfully HKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} deleted successfully HKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} deleted successfully HKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} deleted successfully HKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} deleted successfully HKEY_CLASSES_ROOT\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully HKEY_CLASSES_ROOT\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully HKEY_CLASSES_ROOT\CLSID\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4efb-9B51-7695ECA05670} deleted successfully HKEY_CLASSES_ROOT\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Approved Extensions\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Approved Extensions\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Approved Extensions\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} deleted successfully HKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1004\Software\Microsoft\Internet Explorer\Approved Extensions\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} deleted successfully HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Approved Extensions\{02478D38-C3F9-4efb-9B51-7695ECA05670} deleted successfully HKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1004\Software\Microsoft\Internet Explorer\Approved Extensions\{9D717F81-9148-4F12-8568-69135F087DB0} deleted successfully HKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1004\Software\Microsoft\Internet Explorer\Approved Extensions\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} deleted successfully HKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1004\Software\Microsoft\Internet Explorer\Approved Extensions\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} deleted successfully HKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully HKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} deleted successfully HKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1000\Software\Mozilla\Firefox\Extensions\{ED76C299-85BC-4891-9237-74A140C28832} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\virtualKeyboard@kaspersky.ru deleted successfully HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\KavAntiBanner@Kaspersky.ru deleted successfully HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\linkfilter@kaspersky.ru deleted successfully ==== Installed Programs ====================== Update for Microsoft Office 2007 (KB2508958) 3Connect Activation Assistant for the 2007 Microsoft Office suites Adobe AIR Adobe Flash Player 12 ActiveX Adobe Flash Player 12 Plugin Adobe Media Player Adobe Reader 8.1.3 Apple Application Support Apple Mobile Device Support Apple Software Update AusLogics Disk Defrag AVG 2014 AVG Security Toolbar Babylon toolbar on IE Bing Bar Bluetooth Stack for Windows by Toshiba Bonjour Camera Assistant Software for Toshiba CCleaner (remove only) CD/DVD Drive Acoustic Silencer Compatibility Pack for the 2007 Office system D3DX10 DeuaalsFiindeorrPro DVD MovieFactory for TOSHIBA Facebook Video Calling 1.2.0.287 Facebook Video Calling 2.0.0.447 Facemoods Toolbar Google Chrome Google Chrome Packages Google Desktop Google Earth Google Talk Plugin Google Toolbar for Internet Explorer Google Update Helper HDMI Control Manager Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Huawei modem iLivid Inbox Toolbar Intel© Matrix Storage Manager iTunes Java Auto Updater Java 6 Update 23 Java 6 Update 6 Junk Mail filter update Malwarebytes Anti-Malware version 1.75.0.1300 MathmosScreensaver McAfee Security Scan Plus McAfee SiteAdvisor Mesh Runtime Messenger Companion Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office Groove MUI (English) 2007 Microsoft Office Groove Setup Metadata MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook Connector Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Works Microsoft XML Parser Mobogenie Mozilla Firefox 26.0 (x86 en-US) Mozilla Maintenance Service MSVCRT MSXML 4.0 SP2 (KB941833) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) myphotobook 3.5 OGA Notifier 2.0.0048.0 Optimizer Pro v3.2 Pando Media Booster ParetoLogic PC Health Advisor Picasa 2 Pivot Stickfigure Animator version 2.2.6 Pivot Stickfigure Toolbar QuickTime Realtek 8169 8168 8101E 8102E Ethernet Driver Realtek High Definition Audio Driver RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.02 Search-Results Toolbar SearchYa Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576) Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407) Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188) Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2837615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office Outlook 2007 (KB2825644) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2837617) 32-Bit Edition Security Update for Windows Media Encoder (KB2447961) Security Update for Windows Media Encoder (KB954156) Security Update for Windows Media Encoder (KB979332) Segoe UI Spelling Dictionaries Support For Adobe Reader 8 Synaptics Pointing Device Driver toppbuyero TOSHIBA Assist TOSHIBA ConfigFree TOSHIBA Disc Creator TOSHIBA DVD PLAYER TOSHIBA Extended Tiles for Windows Mobility Center TOSHIBA Face Recognition TOSHIBA Hardware Setup TOSHIBA Manuals Toshiba Online Product Information TOSHIBA Recovery Disc Creator TOSHIBA SD Memory Utilities TOSHIBA Software Modem TOSHIBA Supervisor Password Toshiba TEMPRO TOSHIBA Value Added Package TRDCReminder TRORDCLauncher Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition Update for Microsoft Office Access 2007 Help (KB963663) Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office Infopath 2007 Help (KB963662) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition Update for Microsoft Office Outlook 2007 Help (KB963677) Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Publisher 2007 Help (KB963667) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) Visual Studio 2012 x86 Redistributables WhiteSmoke Windows Live Communications Platform Windows Live Essentials Windows Live Family Safety Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live Messenger Companion Core Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Windows Media Encoder 9 Series Yahoo Messenger Yahoo Toolbar Yontoo 1.10.03 ==== Running Processes ====================== C:\Windows\System32\smss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\winlogon.exe C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe C:\Windows\system32\SLsvc.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\agrsmsvc.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\AVG\AVG2014\avgfws.exe C:\Program Files\AVG\AVG2014\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe C:\Program Files\Toshiba TEMPRO\TempoSVC.exe C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe C:\Windows\system32\TODDSrv.exe C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\loggingserver.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\taskeng.exe C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\Google\Update\GoogleUpdate.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Toshiba\ConfigFree\NDSTray.exe C:\Windows\System32\igfxpers.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Toshiba\HDMICtrlMan\HDMICtrlMan.exe C:\Program Files\Toshiba\Power Saver\TPwrMain.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe C:\Program Files\AVG Secure Search\vprot.exe C:\Program Files\AVG\AVG2014\avgui.exe C:\Program Files\Mobogenie\DaemonProcess.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe C:\Windows\ehome\ehtray.exe C:\Users\Davis\AppData\Local\Google\Update\GoogleUpdate.exe C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\igfxext.exe C:\Program Files\Toshiba\HDMICtrlMan\HCMSoundChanger.exe C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\Microsoft\BingBar\7.3.124.0\SeaPort.exe C:\Windows\system32\taskeng.exe C:\Windows\System32\mobsync.exe C:\Program Files\Mobogenie\mgusb.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vToolbarUpdater17.3.0 deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\vToolbarUpdater17.3.0 deleted successfully ==== FireFox Fix ====================== ProfilePath: C:\Users\Davis\AppData\Roaming\Mozilla\Firefox\Profiles\xzk1ljzw.default user.js not found ---- Lines mysearch removed from prefs.js ---- user_pref("avg.userPreferences.URLBarFocus.whiteList", "bing\\.com|google\\.\\w+|yahoo\\.\\w+|gmail\\.\\w+|hotmail\\.\\w+|live\\.\\w+|isearch\\.avg\\. ---- Lines extensions.5fBDRXI2 removed from prefs.js ---- user_pref("extensions.5fBDRXI2.epoch", "1392496057"); user_pref("extensions.5fBDRXI2.url", "http://veteranusashare.ru/sync2/?q=hfZ9ofmEgShEAen0rihTB6lKDzt4okDctNtVh7n0rjnErjs4rTwErdnFtMFHhd9FqdaGrjnGrds6r ---- Lines extensions.egn5ak9lWYJ removed from prefs.js ---- user_pref("extensions.egn5ak9lWYJ.epoch", "1392496057"); user_pref("extensions.egn5ak9lWYJ.url", "http://veteranusashare.ru/sync2/?q=hfZ9oemMCchEAen0rihTB6lKDzt4okDctNtVh7n0rjnErjs4rTwErjaHtMFHhd9FqdaGrjnGrd ---- FireFox user.js and prefs.js backups ---- prefs_022014_2011_.backup ==== Deleting Files \ Folders ====================== C:\Program Files\facemoods.com deleted C:\Users\Davis\appdata\locallow\facemoods.com deleted C:\Users\Davis\AppData\Local\genienext deleted C:\Users\Davis\.android deleted C:\Users\Mrs georgia bolgar\daemonprocess.txt deleted C:\Program Files\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml deleted C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml deleted C:\Program Files\Inbox Toolbar deleted C:\Program Files\Conduit deleted C:\Program Files\Productivity_3.1 deleted C:\Program Files\ParetoLogic deleted C:\Program Files\Common Files\ParetoLogic deleted C:\Program Files\BabylonToolbar deleted C:\Program Files\iLivid deleted C:\Program Files\Yahoo! deleted C:\Program Files\Optimizer Pro deleted C:\Program Files\Yontoo deleted C:\Program Files\SearchYa! deleted C:\Program Files\WhiteSmoke deleted C:\Program Files\Ask.com deleted C:\found.000 deleted C:\found.001 deleted C:\found.002 deleted C:\Users\Davis\AppData\Roaming\Yahoo! deleted C:\Users\Davis\AppData\Roaming\ParetoLogic deleted C:\Users\Davis\AppData\Roaming\DriverCure deleted C:\Users\Davis\AppData\Roaming\Babylon deleted C:\Users\Davis\AppData\Roaming\Optimizer Pro deleted C:\Users\Georgia davis\AppData\Roaming\Yahoo! deleted C:\Users\Georgie\AppData\Roaming\Yahoo! deleted C:\Users\Guest\AppData\Roaming\PCPowerSpeed deleted C:\Users\Guest\AppData\Roaming\Yahoo! deleted C:\Users\Mrs georgia bolgar\AppData\Roaming\Yahoo! deleted C:\Windows\system32\config\systemprofile\AppData\Roaming\Yahoo! deleted C:\ProgramData\Yahoo! deleted C:\ProgramData\Yahoo! Companion deleted C:\ProgramData\boost_interprocess deleted C:\ProgramData\ParetoLogic deleted C:\ProgramData\AVG Secure Search deleted C:\ProgramData\Tarma Installer deleted C:\ProgramData\Babylon deleted C:\Users\Davis\AppData\Local\Ilivid Player deleted C:\Users\Davis\AppData\Local\speeddial.crx deleted C:\Users\Davis\AppData\Local\Wajam deleted C:\Users\Davis\AppData\Local\Mobogenie deleted C:\Users\Davis\AppData\Local\cache deleted C:\Users\Davis\AppData\Local\Babylon deleted C:\Users\Davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc deleted C:\Users\Georgia davis\AppData\Local\AVG Secure Search deleted C:\Users\Georgia davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc deleted C:\Users\Guest\AppData\Local\AVG Secure Search deleted C:\Users\Mrs georgia bolgar\AppData\Local\AVG Secure Search deleted C:\Users\Mrs georgia bolgar\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc deleted C:\Users\wangzhisong\AppData\Local\Mobogenie deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AppGraffiti deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2 deleted C:\Users\Davis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie deleted C:\Users\Davis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic deleted C:\Users\Davis\AppData\LocalLow\AVG Security Toolbar deleted C:\Users\Davis\AppData\LocalLow\AVG Secure Search deleted C:\Users\Davis\AppData\LocalLow\AppGraffiti deleted C:\Users\Davis\AppData\LocalLow\searchqutoolbar deleted C:\Users\Davis\AppData\LocalLow\MyWebSearch deleted C:\Users\Davis\AppData\LocalLow\AskToolbar deleted C:\Users\Davis\AppData\LocalLow\DataMngr deleted C:\Users\Davis\AppData\LocalLow\Conduit deleted C:\Users\Davis\AppData\LocalLow\FunWebProducts deleted C:\Users\Davis\AppData\LocalLow\Toolbar4 deleted C:\Users\Georgia davis\AppData\LocalLow\AppGraffiti deleted C:\Users\Georgia davis\AppData\LocalLow\AskToolbar deleted C:\Users\Georgia davis\AppData\LocalLow\facemoods.com deleted C:\Users\Georgia davis\AppData\LocalLow\BabylonToolbar deleted C:\Users\Georgia davis\AppData\LocalLow\Toolbar4 deleted C:\Users\Guest\AppData\LocalLow\AVG Security Toolbar deleted C:\Users\Guest\AppData\LocalLow\AVG Secure Search deleted C:\Users\Guest\AppData\LocalLow\searchqutoolbar deleted C:\Users\Guest\AppData\LocalLow\MyWebSearch deleted C:\Users\Guest\AppData\LocalLow\facemoods.com deleted C:\Users\Guest\AppData\LocalLow\Conduit deleted C:\Users\Guest\AppData\LocalLow\FunWebProducts deleted C:\Users\Mrs georgia bolgar\AppData\LocalLow\AVG Secure Search deleted C:\Users\Mrs georgia bolgar\AppData\LocalLow\AppGraffiti deleted C:\Users\Mrs georgia bolgar\AppData\LocalLow\AskToolbar deleted C:\Users\Mrs georgia bolgar\AppData\LocalLow\facemoods.com deleted C:\Users\Mrs georgia bolgar\AppData\LocalLow\BabylonToolbar deleted C:\Users\Mrs georgia bolgar\AppData\LocalLow\Toolbar4 deleted C:\Windows\system32\config\systemprofile\AppData\LocalLow\AVG Secure Search deleted C:\Windows\system32\config\systemprofile\AppData\LocalLow\AppGraffiti deleted C:\Windows\system32\config\systemprofile\AppData\LocalLow\AskToolbar deleted C:\Windows\system32\config\systemprofile\AppData\LocalLow\facemoods.com deleted C:\Windows\system32\config\systemprofile\AppData\LocalLow\BabylonToolbar deleted C:\Windows\system32\config\systemprofile\AppData\LocalLow\Toolbar4 deleted C:\Windows\tasks\ParetoLogic Registration3.job deleted C:\Windows\tasks\ParetoLogic Update Version3 Startup Task.job deleted C:\Windows\tasks\ParetoLogic Update Version3.job deleted C:\Windows\tasks\PC Health Advisor Defrag.job deleted C:\Windows\tasks\PC Health Advisor.job deleted C:\user.js deleted C:\prefs.js deleted C:\END deleted C:\Users\wangzhisong deleted C:\Users\Davis\Documents\Optimizer Pro deleted C:\Users\Davis\Documents\Mobogenie deleted C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE} deleted C:\Users\Davis\Desktop\Optimizer Pro.lnk deleted C:\Users\Davis\Desktop\Mobogenie.lnk deleted C:\Program Files\Mozilla Firefox\searchplugins\fcmdSrch.xml deleted C:\Users\Guest\AppData\Local\My Web Search Installer(0003b8a4).exe deleted C:\Users\Guest\AppData\Local\My Web Search Installer(00043d4d).exe deleted C:\Users\Guest\AppData\Local\My Web Search Installer(002a5b49).exe deleted C:\Users\Davis\AppData\Roaming\Mozilla\Firefox\Profiles\xzk1ljzw.default\extensions\eacoeye@cqaeox.co.uk deleted C:\Users\Davis\AppData\Roaming\Mozilla\Firefox\Profiles\xzk1ljzw.default\extensions\xrttrtit@yeiignn.edu deleted "C:\Windows\Installer\25b66ae.msi" deleted "C:\ProgramData\352723942" deleted "C:\Users\Davis\daemonprocess.txt" deleted "C:\Users\Davis\AppData\Roaming\Cuuqlu\neun.tmp" deleted "C:\Users\Davis\AppData\Roaming\Ducovu\voluo.sik" deleted "C:\Users\Davis\AppData\Roaming\Firiso\feyp.ass" deleted "C:\Program Files\Mobogenie\DaemonProcess.exe" deleted "C:\Program Files\Mobogenie\libeay32.dll" deleted "C:\Program Files\Mobogenie\msvcp100.dll" deleted "C:\Program Files\Mobogenie\msvcr100.dll" deleted "C:\Program Files\Mobogenie\QtCore4.dll" deleted "C:\Program Files\Mobogenie\QtGui4.dll" deleted "C:\Program Files\Mobogenie\QtNetwork4.dll" deleted "C:\Program Files\Mobogenie\QtSql4.dll" deleted "C:\Program Files\Mobogenie\QtWebKit4.dll" deleted "C:\Program Files\Mobogenie\ssleay32.dll" deleted "C:\Program Files\AVG Secure Search\vprot.exe" deleted "C:\Program Files\AVG Secure Search\vprot.exe" deleted "C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\17.3.0\SiteSafety.dll" deleted "C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\log4cplusU.dll" deleted "C:\Users\Davis\AppData\Roaming\Wowe" deleted "C:\Users\Davis\AppData\Roaming\Eqegv" deleted "C:\Users\Davis\AppData\Roaming\Mekoh" deleted "C:\Users\Davis\AppData\Roaming\Atebus" deleted "C:\Users\Davis\AppData\Roaming\Cuuqlu" deleted "C:\Users\Davis\AppData\Roaming\Ducovu" deleted "C:\Users\Davis\AppData\Roaming\Firiso" deleted "C:\Program Files\Mobogenie" deleted "C:\Program Files\AVG Secure Search" deleted "C:\Program Files\AVG Secure Search" deleted "C:\Program Files\Common Files\AVG Secure Search" deleted "C:\Users\Davis\AppData\Local\AVG Secure Search" deleted "C:\Users\Davis\AppData\Local\AVG Secure Search" deleted "C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller" deleted "C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater" deleted "C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\17.3.0" deleted "C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0" deleted "C:\Users\Davis\AppData\Local\AVG Secure Search\Chrome" deleted "C:\Users\Davis\AppData\Local\AVG Secure Search\Chrome\Default" deleted "C:\Users\Davis\AppData\Local\AVG Secure Search\Chrome" deleted "C:\Users\Davis\AppData\Local\AVG Secure Search\Chrome\Default" deleted ==== System Specs ====================== Windows: Windows Vista Home Premium Edition Service Pack 2 (Build 6002) Memory (RAM): 2940 MB CPU Info: Intel® Core2 Duo CPU T5800 @ 2.00GHz CPU Speed: 1520.2 MHz Sound Card: Speakers (Realtek High Definiti | Realtek Digital Output (Realtek | Display Adapters: Mobile Intel® 4 Series Express Chipset Family | Mobile Intel® 4 Series Express Chipset Family | RDPDD Chained DD | RDP Encoder Mirror Driver Monitors: 1x; Generic PnP Monitor | Screen Resolution: 1280 X 800 - 32 bit Network: Network Present Network Adapters: Intel® Wireless WiFi Link 5100 | Realtek RTL8102E Family PCI-E Fast Ethernet NIC (NDIS 6.0) CD / DVD Drives: 1x (F: | ) F: PIONEER DVD-RW DVRTD08A Ports: COM3 LPT Port NOT Present. Mouse: 5 Button Wheel Mouse Present Hard Disks: C: 232.6GB | E: 230.8GB Hard Disks - Free: C: 155.2GB | E: 225.4GB Manufacturer *: INSYDE BIOS Info: AT/AT COMPATIBLE | 10/14/08 | TOSINV - 1 Time Zone: GMT Standard Time Motherboard *: TOSHIBA Portable PC Country: United Kingdom Language: ENG ==== System Specs (Software) ====================== Anti-Virus: AVG Internet Security 2014 On-access scanning disabled (Outdated) Anti-Spyware: Windows Defender disabled (Outdated) Anti-Spyware: AVG Internet Security 2014 disabled (Outdated) Firewall: AVG Internet Security 2014 disabled Default Browser: Firefox 26.0 Internet Explorer Version: 9.0.8112.16421 Mozilla Firefox version: 26.0 (x86 en-US) Google Chrome version: 32.0.1700.102 Adobe Reader version: 8.1.0.2007051100 Sun Java version: 1.6.0_23 (32-bit) Flash Player version: 12.0.0.44 ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== 2014-02-15 10:11:16 8C87A1CCF34BF92413B19A63EB84ECD2 372136236 ----a-w- C:\Windows\MEMORY.DMP 2014-02-14 18:52:59 9F1BB18CA23ABBBA591EB931BDF2E885 95 ----a-w- C:\Windows\zerobyte_files_deleted.txt ====== C:\Users\Davis\AppData\Local\Temp ==== 2014-02-15 15:34:52 B9FDFF876B0E7B4FECBAA5708C6ED616 1205168 ----a-w- C:\Users\Davis\AppData\Local\Temp\ntdll_dump.dll 2014-02-15 10:31:10 9109344E0DD07369654ADFEDD840845D 1042 ----a-w- C:\Users\Davis\AppData\Local\Temp\nsm47EA.tmp\notifykeysC.com 2014-02-15 10:30:37 ACC2B699EDFEA5BF5AAE45ABA3A41E96 6656 ----a-w- C:\Users\Davis\AppData\Local\Temp\nsm47EA.tmp\nsExec.dll 2014-02-15 10:30:28 C17103AE9072A06DA581DEC998343FC1 11264 ----a-w- C:\Users\Davis\AppData\Local\Temp\nsm47EA.tmp\System.dll 2014-02-15 10:30:28 7579ADE7AE1747A31960A228CE02E666 4096 ----a-w- C:\Users\Davis\AppData\Local\Temp\nsm47EA.tmp\UserInfo.dll 2014-02-15 10:03:27 6AC365B716BF5C77A64708F9A5AA004A 25088 ----a-w- C:\Users\Davis\AppData\Local\Temp\mbr.sys 2014-02-15 10:03:24 9109344E0DD07369654ADFEDD840845D 1042 ----a-w- C:\Users\Davis\AppData\Local\Temp\nsoFD34.tmp\notifykeysC.com 2014-02-15 10:02:25 ACC2B699EDFEA5BF5AAE45ABA3A41E96 6656 ----a-w- C:\Users\Davis\AppData\Local\Temp\nsoFD34.tmp\nsExec.dll 2014-02-15 10:02:22 C17103AE9072A06DA581DEC998343FC1 11264 ----a-w- C:\Users\Davis\AppData\Local\Temp\nsoFD34.tmp\System.dll 2014-02-15 10:02:22 7579ADE7AE1747A31960A228CE02E666 4096 ----a-w- C:\Users\Davis\AppData\Local\Temp\nsoFD34.tmp\UserInfo.dll 2014-02-15 09:17:35 9109344E0DD07369654ADFEDD840845D 1042 ----a-w- C:\Users\Davis\AppData\Local\Temp\nsf7C33.tmp\notifykeysC.com 2014-02-15 09:16:49 ACC2B699EDFEA5BF5AAE45ABA3A41E96 6656 ----a-w- C:\Users\Davis\AppData\Local\Temp\nsf7C33.tmp\nsExec.dll 2014-02-15 09:16:44 C17103AE9072A06DA581DEC998343FC1 11264 ----a-w- C:\Users\Davis\AppData\Local\Temp\nsf7C33.tmp\System.dll 2014-02-15 09:16:44 7579ADE7AE1747A31960A228CE02E666 4096 ----a-w- C:\Users\Davis\AppData\Local\Temp\nsf7C33.tmp\UserInfo.dll ====== Java Cache ===== ====== C:\Windows\system32 ===== 2014-02-14 21:01:50 C775BF17BAA95275679A5FFD1676F27B 41736 ----a-w- C:\Windows\System32\.crusader 2014-02-14 18:52:59 4391A2A136D3104A82E0CBDFBA1D2945 87 ----a-w- C:\Windows\System32\zerobyte_files_deleted.txt ====== C:\Windows\system32\drivers ===== 2014-02-14 20:49:07 05E0D8EE7D6FAB5CB672FEC3AAD93AA0 30464 ----a-w- C:\Windows\System32\drivers\hitmanpro37.sys 2014-01-19 21:46:54 18B3FFED808F032E037ED7F54A838053 22808 ----a-w- C:\Windows\System32\drivers\avgidsshimx.sys ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2014-02-04 14:39:23 -------- d-----w- C:\Program Files\iPod 2014-02-04 14:39:21 -------- d-----w- C:\Program Files\iTunes ======= C: ===== ====== C:\Users\Davis\AppData\Roaming ====== 2014-02-14 21:13:29 -------- d-----w- C:\Users\Davis\AppData\Roaming\SUPERAntiSpyware.com 2014-02-14 18:22:31 -------- d-----w- C:\Windows\system32\config\systemprofile\AppData\Local\Temp 2014-02-14 18:22:29 -------- d-----w- C:\Users\Mrs georgia bolgar\AppData\Local\Temp 2014-02-14 18:22:08 -------- d-----w- C:\Users\Guest\AppData\Local\Temp 2014-02-14 18:21:42 -------- d-----w- C:\Users\Georgie\AppData\Local\Temp 2014-02-14 18:21:30 -------- d-----w- C:\Users\Georgia davis\AppData\Local\Temp 2014-02-14 18:21:26 -------- d-----w- C:\Users\Default\AppData\Local\Temp 2014-02-14 18:21:26 -------- d-----w- C:\Users\Default User\AppData\Local\Temp 2014-01-29 21:01:03 -------- d-----w- C:\Windows\system32\config\systemprofile\AppData\Roaming\Mozilla 2014-01-29 21:01:03 -------- d-----w- C:\Windows\system32\config\systemprofile\AppData\Local\Mozilla 2014-01-21 19:32:28 -------- d-----w- C:\Users\Mrs georgia bolgar\AppData\Locallow\Sun ====== C:\Users\Davis ====== 2014-02-15 15:17:26 444D1016CF8768D83B05DCFB9974D001 3813376 ----a-w- C:\Users\Davis\Desktop\RogueKiller.exe 2014-02-14 21:13:29 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com 2014-02-14 20:49:07 -------- d-----w- C:\ProgramData\HitmanPro 2014-02-14 20:11:29 8B968045D75783A09592C3105F2865DA 688992 ------r- C:\Users\Davis\Desktop\dds.com 2014-02-14 18:54:53 -------- d-----w- C:\Windows\system32\config\systemprofile\cookies 2014-02-14 18:54:39 -------- d-----w- C:\Users\Mrs georgia bolgar\cookies 2014-02-14 18:54:19 -------- d-----w- C:\Users\Guest\cookies 2014-02-14 18:54:14 -------- d-----w- C:\Users\Georgie\cookies 2014-02-14 18:54:08 -------- d-----w- C:\Users\Georgia davis\cookies 2014-02-14 18:54:05 -------- d---a-w- C:\Users\Default\cookies 2014-02-14 18:14:55 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2014-02-04 20:13:10 B29E83869C302164E81F3B3D1DC51A90 1069512 ----a-w- C:\Users\Davis\Downloads\install_flashplayer12x32au_mssd_awc_aih.exe 2014-02-04 14:40:39 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2014-02-04 14:39:21 -------- d-----w- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 2014-01-29 21:01:15 -------- d-----w- C:\ProgramData\DeuaalsFiindeorrPro 2014-01-29 21:01:02 -------- d-----w- C:\ProgramData\toppbuyero ====== C: exe-files == 2014-02-15 15:17:26 444D1016CF8768D83B05DCFB9974D001 3813376 ----a-w- C:\Users\Davis\Desktop\RogueKiller.exe 2014-02-14 20:48:40 65C622BEC80214257477E7EEA5202634 9237392 ----a-w- C:\Users\Davis\AppData\Local\Temporary Internet Files\Content.IE5\0ZPWR73Q\HitmanPro[1].exe 2014-02-14 20:48:40 65C622BEC80214257477E7EEA5202634 9237392 ----a-w- C:\Users\Davis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0ZPWR73Q\HitmanPro[1].exe 2014-02-14 18:08:35 9658D51C4BF63614F8A4FECA5B2E2065 6059888 ----a-w- C:\Program Files\AVG\AVG2014\avgmfapx.exe 2014-02-09 13:00:10 210A979AD7DDAE41F7C67890F4D126DE 5508656 ----a-w- C:\Program Files\AVG\AVG2014\avgcremx.exe === C: other files == 2014-02-15 20:07:48 FEE78C814A473A5D49DDAE84E70E0442 109508 ----a-w- C:\Users\Public\Desktop\sample_022014_2007.zip 2014-02-15 10:31:10 9109344E0DD07369654ADFEDD840845D 1042 ----a-w- C:\Users\Davis\AppData\Local\Temp\nsm47EA.tmp\notifykeysC.com 2014-02-15 10:16:02 25F17E048A428044BBDECFD72C3BC614 709 ----a-w- C:\Users\Davis\AppData\Local\Temporary Internet Files\Content.IE5\L78J2XQ7\FoolishUpdates[2].zip 2014-02-15 10:16:02 25F17E048A428044BBDECFD72C3BC614 709 ----a-w- C:\Users\Davis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L78J2XQ7\FoolishUpdates[2].zip 2014-02-15 10:13:21 6DCD5D0BF29F3B83A880517ECE374E50 2474772 ----a-w- C:\Users\Davis\AppData\Local\Temporary Internet Files\Content.IE5\VSPA2X55\d7_modules[1].zip 2014-02-15 10:13:21 6DCD5D0BF29F3B83A880517ECE374E50 2474772 ----a-w- C:\Users\Davis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VSPA2X55\d7_modules[1].zip 2014-02-15 10:03:27 6AC365B716BF5C77A64708F9A5AA004A 25088 ----a-w- C:\Users\Davis\AppData\Local\Temp\mbr.sys 2014-02-15 10:03:24 9109344E0DD07369654ADFEDD840845D 1042 ----a-w- C:\Users\Davis\AppData\Local\Temp\nsoFD34.tmp\notifykeysC.com 2014-02-15 09:42:33 25F17E048A428044BBDECFD72C3BC614 709 ----a-w- C:\Users\Davis\AppData\Local\Temporary Internet Files\Content.IE5\L78J2XQ7\FoolishUpdates[1].zip 2014-02-15 09:42:33 25F17E048A428044BBDECFD72C3BC614 709 ----a-w- C:\Users\Davis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L78J2XQ7\FoolishUpdates[1].zip 2014-02-15 09:41:49 6DCD5D0BF29F3B83A880517ECE374E50 2474772 ----a-w- C:\Users\Davis\AppData\Local\Temporary Internet Files\Content.IE5\0ZPWR73Q\d7_modules[1].zip 2014-02-15 09:41:49 6DCD5D0BF29F3B83A880517ECE374E50 2474772 ----a-w- C:\Users\Davis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0ZPWR73Q\d7_modules[1].zip 2014-02-15 09:17:35 9109344E0DD07369654ADFEDD840845D 1042 ----a-w- C:\Users\Davis\AppData\Local\Temp\nsf7C33.tmp\notifykeysC.com 2014-02-14 21:11:31 FFB26724FC744EDB50D079DC5038ABC4 14702304 ----a-w- C:\Users\Davis\AppData\Local\Temporary Internet Files\Content.IE5\L78J2XQ7\SAS_019E716[1].COM 2014-02-14 21:11:31 FFB26724FC744EDB50D079DC5038ABC4 14702304 ----a-w- C:\Users\Davis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L78J2XQ7\SAS_019E716[1].COM 2014-02-14 21:05:03 6FE786A824FD9B4914520801290E2680 6202810 ----a-w- C:\ProgramData\AVG2014\IDS\outbox\tmp_7851bc69-8bc6-47d2-b5aa-d1682da2f965.zip 2014-02-14 21:00:00 324F5F9431487FAF29A973DE958C332D 6204393 ----a-w- C:\ProgramData\AVG2014\IDS\outbox\tmp_8dd4c258-8bc5-47d2-ae2c-d1682da2f965.zip 2014-02-14 20:49:07 05E0D8EE7D6FAB5CB672FEC3AAD93AA0 30464 ----a-w- C:\Windows\System32\drivers\hitmanpro37.sys 2014-02-14 20:11:29 8B968045D75783A09592C3105F2865DA 688992 ------r- C:\Users\Davis\Desktop\dds.com 2014-02-14 17:22:50 E4F0F25727407BC26A70895B7F7CE4E5 641612 ----a-w- C:\ProgramData\AVG2014\IDS\outbox\tmp_b2adc180-8ba4-47d2-a8e2-d1682da2f965.zip 2014-02-12 15:53:29 185BDF49783912DA91809DE5AC3EB276 54175 ----a-w- C:\ProgramData\AVG2014\IDS\outbox\tmp_3af4b3b6-8a17-47d2-a86a-d1682da2f965.zip 2014-02-12 10:51:47 B98AF63EFFE27AD2B898768C7ABCBC97 710413 ----a-w- C:\ProgramData\AVG2014\IDS\outbox\tmp_f99952f1-85ee-47d2-bb85-d1682da2f965.zip ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter" "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter" "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem" [HKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1000\Software\Microsoft\Windows\CurrentVersion\Run] "TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" "ehTray.exe"="C:\Windows\ehome\ehTray.exe" "Pando Media Booster"="C:\Program Files\Pando Networks\Media Booster\PMB.exe" "Facebook Update"="C:\Users\Davis\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver" "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" "Google Update"="C:\Users\Davis\AppData\Local\Google\Update\GoogleUpdate.exe /c" "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [HKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1004\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" "TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" "NDSTray.exe"="NDSTray.exe" "Persistence"="C:\Windows\system32\igfxpers.exe" "RtHDVCpl"="RtHDVCpl.exe" "Skytel"="Skytel.exe" "HDMICtrlMan"="C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe" "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" "Toshiba TEMPO"="C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe" "APSDaemon"="C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" "vProt"="C:\Program Files\AVG Secure Search\vprot.exe" "AVG_UI"="C:\Program Files\AVG\AVG2014\avgui.exe /TRAYONLY" "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe -atboottime" "mobilegeni daemon"="C:\Program Files\Mobogenie\DaemonProcess.exe" "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" "Windows Defender"="%ProgramFiles%\Windows Defender\MSASCui.exe -hide" "TPwrMain"="%ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "AvgUninstallURL"="cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-lsf?lic=TlVIRDQtWUg5UEUtTzNQNEUtUVJERUstR0RKWjctVk9YVUw&inst=NzctMTIxODUzNjgzOS1GUDkyKzYtQkFSOUcrMS1GTCs5LVhPMzYrMS1DSUExMCsyLVNQMSsxLVNVUCs0LVRVRyszLVNQMVM0KzEtRERUKzAtTFNEKzItREQxMCsxLVNUMTBBUFArMS1QMTBNMTJDKzEtVTEwKzEtVEIrMS1GVUkrMi1QMTBUQisyLUVVTEErMS1TVFAxME0xMkNNKzEtU1QxMkFQUCsx∏=55&ver=2012.0.1780&mid=84f5bd6a3a24b8b2df974b4dfa68e073-f53cc401da39bf00f11a57d79d9871e18aeaa71d" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" "ehTray.exe"="C:\Windows\ehome\ehTray.exe" "Pando Media Booster"="C:\Program Files\Pando Networks\Media Booster\PMB.exe" "Facebook Update"="C:\Users\Davis\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver" "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" "Google Update"="C:\Users\Davis\AppData\Local\Google\Update\GoogleUpdate.exe /c" "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" ==== Startup Registry Disabled ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\00TCrdMain] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="00TCrdMain" "hkey"="HKLM" "command"="%ProgramFiles%\\TOSHIBA\\FlashCards\\TCrdMain.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Reader Speed Launcher] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Adobe Reader Speed Launcher" "hkey"="HKLM" "command"="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Camera Assistant Software] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Camera Assistant Software" "hkey"="HKLM" "command"="\"C:\\Program Files\\Camera Assistant Software for Toshiba\\traybar.exe\" /start" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cfFncEnabler.exe] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="cfFncEnabler.exe" "hkey"="HKLM" "command"="cfFncEnabler.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ehTray.exe] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ehTray.exe" "hkey"="HKCU" "command"="C:\\Windows\\ehome\\ehTray.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Google Desktop Search] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Google Desktop Search" "hkey"="HKLM" "command"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Google EULA Launcher] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Google EULA Launcher" "hkey"="HKLM" "command"="c:\\Program Files\\Google\\Google EULA\\GoogleEULALauncher.exe IE PA" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HotKeysCmds] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="HotKeysCmds" "hkey"="HKLM" "command"="C:\\Windows\\system32\\hkcmd.exe" Post is in three part, wont post all due to length.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.