Jump to content

Recommended Posts

Hi, i hope you can help me. i have a laptop that seems to be very badly infected with malware, viruses etc. I have tried to run DDS but it gets stuck at about 3/4 done and then the laptop shuts down suddenly and restarts with windows recovered from an unexpected shutdown message, i am not on it at the moment as web pages shut suddenly and redirect to random sites whle surfing. So no logs im afraid to show you. I did run a program called rkill to stop malware running but it took ages and DDS still didnt complete afterwards. I was intending to reformat and start again but dont know if any malware is hidden in my documents if i were to back them up.

 

Regards Jeff

Link to post
Share on other sites

If you have USB memory stick do the following and post the produced log..

 

Please download Farbar Recovery Scan Tool from here:                                                                  

http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/

save it to a USB flash drive. Ensure to get the correct version for your system, 32 bit or 64 bit

 

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

 

Plug the flash drive into the infected PC.

 

If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt Here: http://www.bleepingcomputer.com/tutorials/windows-8-recovery-environment-command-prompt/ to enter System Recovery Command prompt.

 

If you are using Vista or Windows 7 enter System Recovery Options.

 

Plug the flashdrive into the infected PC.

 

Enter System Recovery Options I give two methods, use whichever is convenient for you.

 

To enter System Recovery Options from the Advanced Boot Options:

 

  •  

     

  • Restart the computer.

     

     

  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.

     

     

  • Use the arrow keys to select the Repair your computer menu item.

     

     

  • Select Your Country as the keyboard language settings, and then click Next.

     

     

  • Select the operating system you want to repair, and then click Next.

     

     

  • Select your user account an click Next.

     

     

 

 

To enter System Recovery Options by using Windows installation disc:

 

  •  

     

  • Insert the installation disc.

     

     

  • Restart your computer.

     

     

  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.

     

     

  • Click Repair your computer.

     

     

  • Select Your Country as the keyboard language settings, and then click Next.

     

     

  • Select the operating system you want to repair, and then click Next.

     

     

  • Select your user account and click Next.

     

     

 

 

On the System Recovery Options menu you will get the following options:

Startup Repair

System Restore

Windows Complete PC Restore

Windows Memory Diagnostic Tool

Command Prompt

 

 

  •  

     

  • Select Command Prompt

     

     

  • In the command window type in notepad and press Enter.

     

     

  • The notepad opens. Under File menu select Open.

     

     

  • Select "Computer" and find your flash drive letter and close the notepad.

     

     

  • In the command window type  e:\frst64 or e:\frst depending on your version. Press Enter

     

    Note: Replace letter e with the drive letter of your flash drive.

     

  • The tool will start to run.

     

     

  • When the tool opens click Yes to disclaimer.

     

     

  • Press Scan button.

     

     

  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

     

     

 

 

Kevin

Link to post
Share on other sites

Hi this is the scan result.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-02-2014 01
Ran by SYSTEM on MINWINPC on 15-02-2014 14:10:53
Running from G:\
Windows Vista Home Premium Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.


The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1029416 2007-12-06] (Synaptics, Inc.)
HKLM\...\Run: [NDSTray.exe] - NDSTray.exe
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [6037504 2008-04-08] (Realtek Semiconductor)
HKLM\...\Run: [skytel] - C:\Windows\Skytel.exe [1826816 2007-11-20] (Realtek Semiconductor Corp.)
HKLM\...\Run: [HDMICtrlMan] - C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe [716800 2008-04-26] (TOSHIBA Corporation.)
HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [431456 2008-01-17] (TOSHIBA Corporation)
HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [Toshiba TEMPO] - C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe [103824 2008-04-24] (Toshiba Europe GmbH)
HKLM\...\Run: [] - [X]
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-01-20] (Apple Inc.)
HKLM\...\Run: [vProt] - C:\Program Files\AVG Secure Search\vprot.exe [2552856 2014-02-04] ()
HKLM\...\Run: [AVG_UI] - C:\Program Files\AVG\AVG2014\avgui.exe [4962320 2014-01-22] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-04-30] (Apple Inc.)
HKLM\...\Run: [mobilegeni daemon] - C:\Program Files\Mobogenie\DaemonProcess.exe [738496 2013-10-18] ()
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-01-20] (Apple Inc.)
HKLM\...\Runonce: [AvgUninstallURL] - cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-lsf?lic=TlVIRDQtWUg5UEUtTzNQNEUtUVJERUstR0RKWjctVk9YVUw"&"inst=NzctMTIxODUzNjgzOS1GUDkyKzYtQkFSOUcrMS1GTCs5LVhPMzYrMS1DSUExMCsyLVNQMSsxLVNVUCs0LVRVRyszLVNQMVM0KzEtRERUKzAtTFNEKzItREQxMCsxLVNUMTBBUFArMS1QMTBNMTJDKzEtVTEwKzEtVEIrMS1GVUkrMi1QMTBUQisyLUVVTEErMS1TVFAxME0xMkNNKzEtU1QxMkFQUCsx"&"prod=55"&"ver=2012.0.1780"&"mid=84f5bd6a3a24b8b2df974b4dfa68e073-f53cc401da39bf00f11a57d79d9871e18aeaa71d
HKU\Davis\...\Run: [TOSCDSPD] - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [430080 2008-04-24] (TOSHIBA)
HKU\Davis\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\Davis\...\Run: [Pando Media Booster] - C:\Program Files\Pando Networks\Media Booster\PMB.exe [3077528 2011-09-07] ()
HKU\Davis\...\Run: [Facebook Update] - C:\Users\Davis\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-11] (Facebook Inc.)
HKU\Davis\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2008-07-01] (Google Inc.)
HKU\Davis\...\Run: [Google Update] - C:\Users\Davis\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-09-17] (Google Inc.)
HKU\Davis\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation)
HKU\Davis\...\Policies\system: [LogonHoursAction] 2
HKU\Davis\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Davis\...\Policies\Explorer: [HideSCAHealth] 1
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default\...\Run: [TOSCDSPD] - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [430080 2008-04-24] (TOSHIBA)
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [TOSCDSPD] - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [430080 2008-04-24] (TOSHIBA)
HKU\Georgia davis\...\Run: [TOSCDSPD] - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [430080 2008-04-24] (TOSHIBA)
HKU\Georgia davis\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2008-07-01] (Google Inc.)
HKU\Georgia davis\...\Run: [Google Update] - C:\Users\Georgia davis\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-09-17] (Google Inc.)
HKU\Georgia davis\...\Run: [Facebook Update] - C:\Users\Georgia davis\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-12-11] (Facebook Inc.)
HKU\Georgia davis\...\Policies\system: [LogonHoursAction] 2
HKU\Georgia davis\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Georgie\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Georgie\...\Run: [TOSCDSPD] - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [430080 2008-04-24] (TOSHIBA)
HKU\Georgie\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2008-07-01] (Google Inc.)
HKU\Georgie\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\Georgie\...\RunOnce: [spchecker] - "C:\Program Files\AVG\AVG10\Notification\SPCheckerTE.exe"
HKU\Georgie\...\Policies\system: [LogonHoursAction] 2
HKU\Georgie\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Guest\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Guest\...\Run: [TOSCDSPD] - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [430080 2008-04-24] (TOSHIBA)
HKU\Guest\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2008-07-01] (Google Inc.)
HKU\Guest\...\Run: [Facebook Update] - C:\Users\Guest\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-11] (Facebook Inc.)
HKU\Guest\...\Run: [msnmsgr] - C:\Program Files\Windows Live\Messenger\msnmsgr.exe [4280184 2012-03-08] (Microsoft Corporation)
HKU\Mrs georgia bolgar\...\Run: [TOSCDSPD] - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [430080 2008-04-24] (TOSHIBA)
HKU\Mrs georgia bolgar\...\Policies\system: [LogonHoursAction] 2
HKU\Mrs georgia bolgar\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Georgie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Mrs georgia bolgar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicyUsers\S-1-5-21-1847146488-4185065798-1427826158-1004\User: Group Policy restriction detected <======= ATTENTION

========================== Services (Whitelisted) =================

S2 avgfws; C:\Program Files\AVG\AVG2014\avgfws.exe [1358944 2013-09-23] (AVG Technologies CZ, s.r.o.)
S2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3788816 2014-01-22] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-23] (AVG Technologies CZ, s.r.o.)
S2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2008-04-16] (TOSHIBA CORPORATION)
S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-06-14] (Google)
S2 McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [104880 2014-01-22] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [235696 2014-01-15] (McAfee, Inc.)
S3 SmartFaceVWatchSrv; C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe [73728 2008-04-24] (Toshiba)
S2 TempoMonitoringService; C:\Program Files\Toshiba TEMPRO\TempoSVC.exe [99720 2008-04-24] (Toshiba Europe GmbH)
S2 TOSHIBA SMART Log Service; C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [126976 2007-12-03] (TOSHIBA Corporation)
S2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.)
S2 vToolbarUpdater17.3.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe [1771544 2014-01-10] (AVG Secure Search)

==================== Drivers (Whitelisted) ====================

S1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [120600 2013-11-25] (AVG Technologies CZ, s.r.o.)
S1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6x.sys [47928 2013-09-26] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [210712 2013-11-25] (AVG Technologies CZ, s.r.o.)
S0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [149272 2013-11-25] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [22808 2014-01-19] (AVG Technologies CZ, s.r.o.)
S1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [176952 2013-10-31] (AVG Technologies CZ, s.r.o.)
S0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [222520 2013-10-31] (AVG Technologies CZ, s.r.o.)
S0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [102712 2013-09-30] (AVG Technologies CZ, s.r.o.)
S0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27448 2013-09-09] (AVG Technologies CZ, s.r.o.)
S1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [193848 2013-08-01] (AVG Technologies CZ, s.r.o.)
S1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [37664 2013-11-13] (AVG Technologies)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [30464 2014-02-14] ()
S3 UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [18432 2007-12-17] (Chicony Electronics Co., Ltd.)
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S1 SASDIFSV; \??\C:\Users\Davis\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV.SYS [X]
S1 SASKUTIL; \??\C:\Users\Davis\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL.SYS [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-15 14:10 - 2014-02-15 14:10 - 00000000 ____D () C:\FRST
2014-02-15 02:11 - 2014-02-15 02:11 - 372136236 _____ () C:\Windows\MEMORY.DMP
2014-02-15 02:11 - 2014-02-15 02:11 - 00143248 _____ () C:\Windows\Minidump\Mini021514-01.dmp
2014-02-14 14:15 - 2014-02-14 14:15 - 00000000 ____D () C:\Windows\SoftwareDistribution.old
2014-02-14 13:13 - 2014-02-14 13:13 - 00000000 ____D () C:\Users\Davis\AppData\Roaming\SUPERAntiSpyware.com
2014-02-14 13:13 - 2014-02-14 13:13 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-02-14 13:01 - 2014-02-14 13:01 - 00041736 _____ () C:\Windows\System32\.crusader
2014-02-14 12:49 - 2014-02-14 13:10 - 00030464 _____ () C:\Windows\System32\Drivers\hitmanpro37.sys
2014-02-14 12:49 - 2014-02-14 13:01 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-02-14 12:32 - 2014-02-14 12:32 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-14 12:11 - 2014-02-14 12:11 - 00688992 ____R (Swearware) C:\Users\Davis\Desktop\dds.com
2014-02-14 11:53 - 2014-02-14 11:53 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-02-14 11:23 - 2014-02-14 11:23 - 00000000 ____D () C:\Windows\ERUNT
2014-02-14 10:52 - 2014-02-14 10:55 - 00000087 _____ () C:\Windows\System32\zerobyte_files_deleted.txt
2014-02-14 10:52 - 2014-02-14 10:54 - 00000095 _____ () C:\Windows\zerobyte_files_deleted.txt
2014-02-12 09:49 - 2014-02-12 09:49 - 00000000 ____D () C:\Support
2014-02-12 07:51 - 2014-02-14 09:37 - 00000058 _____ () C:\Users\Public\Desktop\Daves Support.url
2014-02-11 01:47 - 2014-02-11 01:47 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-02-04 12:13 - 2014-02-04 12:13 - 01069512 _____ (Solid State Networks) C:\Users\Davis\Downloads\install_flashplayer12x32au_mssd_awc_aih.exe
2014-02-04 06:40 - 2014-02-04 06:40 - 00001669 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-02-04 06:39 - 2014-02-04 06:40 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-02-04 06:39 - 2014-02-04 06:40 - 00000000 ____D () C:\Program Files\iTunes
2014-02-04 06:39 - 2014-02-04 06:39 - 00000000 ____D () C:\Program Files\iPod
2014-01-29 13:01 - 2014-02-04 07:12 - 00000000 ____D () C:\ProgramData\toppbuyero
2014-01-29 13:01 - 2014-02-04 07:12 - 00000000 ____D () C:\ProgramData\DeuaalsFiindeorrPro
2014-01-29 13:01 - 2014-01-29 13:01 - 00000000 ____D () C:\ProgramData\8e9effbdffc0dc74
2014-01-29 13:00 - 2014-01-29 13:00 - 00000000 ____D () C:\ProgramData\kejpoiceniffgnaigllabnhnpiiiigng
2014-01-20 08:25 - 2014-01-20 08:26 - 01069512 _____ (Solid State Networks) C:\Users\Davis\Downloads\install_flashplayer12x32au_mssa_awc_aih.exe
2014-01-19 13:46 - 2014-01-19 13:46 - 00022808 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgidsshimx.sys

==================== One Month Modified Files and Folders =======

2014-02-15 14:10 - 2014-02-15 14:10 - 00000000 ____D () C:\FRST
2014-02-15 05:56 - 2011-09-07 09:08 - 00000000 ____D () C:\Users\Davis\AppData\Local\PMB Files
2014-02-15 05:56 - 2009-09-14 12:51 - 01797425 _____ () C:\Windows\WindowsUpdate.log
2014-02-15 05:51 - 2006-11-02 04:47 - 00003216 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-15 05:51 - 2006-11-02 04:47 - 00003216 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-15 02:11 - 2014-02-15 02:11 - 372136236 _____ () C:\Windows\MEMORY.DMP
2014-02-15 02:11 - 2014-02-15 02:11 - 00143248 _____ () C:\Windows\Minidump\Mini021514-01.dmp
2014-02-15 02:11 - 2010-04-09 13:06 - 00000000 ____D () C:\Windows\Minidump
2014-02-15 01:44 - 2011-03-02 03:17 - 00000000 ____D () C:\ProgramData\MFAData
2014-02-15 01:16 - 2013-12-16 11:59 - 00004975 _____ () C:\Users\Davis\daemonprocess.txt
2014-02-15 01:04 - 2006-11-02 04:47 - 00407168 _____ () C:\Windows\System32\FNTCACHE.DAT
2014-02-14 14:43 - 2012-03-13 10:03 - 00115752 _____ () C:\Users\Davis\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-14 14:15 - 2014-02-14 14:15 - 00000000 ____D () C:\Windows\SoftwareDistribution.old
2014-02-14 13:24 - 2013-01-10 11:39 - 00058622 _____ () C:\Windows\PFRO.log
2014-02-14 13:22 - 2011-10-12 08:05 - 00000000 ____D () C:\Program Files\Pivot Stickfigure Toolbar
2014-02-14 13:13 - 2014-02-14 13:13 - 00000000 ____D () C:\Users\Davis\AppData\Roaming\SUPERAntiSpyware.com
2014-02-14 13:13 - 2014-02-14 13:13 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-02-14 13:10 - 2014-02-14 12:49 - 00030464 _____ () C:\Windows\System32\Drivers\hitmanpro37.sys
2014-02-14 13:01 - 2014-02-14 13:01 - 00041736 _____ () C:\Windows\System32\.crusader
2014-02-14 13:01 - 2014-02-14 12:49 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-02-14 13:01 - 2012-12-10 14:09 - 00000000 ____D () C:\Program Files\Yontoo
2014-02-14 12:42 - 2008-07-01 07:05 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-02-14 12:37 - 2006-11-02 02:33 - 00005526 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-02-14 12:32 - 2014-02-14 12:32 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-14 12:32 - 2013-04-05 10:48 - 00005604 _____ () C:\Windows\setupact.log
2014-02-14 12:22 - 2013-12-31 05:36 - 00000000 ____D () C:\Users\Davis\AppData\Local\genienext
2014-02-14 12:22 - 2011-10-12 10:17 - 00000000 ____D () C:\Program Files\Inbox Toolbar
2014-02-14 12:11 - 2014-02-14 12:11 - 00688992 ____R (Swearware) C:\Users\Davis\Desktop\dds.com
2014-02-14 11:53 - 2014-02-14 11:53 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-02-14 11:53 - 2012-03-13 04:24 - 00000911 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-14 11:23 - 2014-02-14 11:23 - 00000000 ____D () C:\Windows\ERUNT
2014-02-14 10:55 - 2014-02-14 10:52 - 00000087 _____ () C:\Windows\System32\zerobyte_files_deleted.txt
2014-02-14 10:55 - 2013-01-23 08:30 - 00000000 ____D () C:\users\Mrs georgia bolgar
2014-02-14 10:55 - 2012-12-02 01:47 - 00000000 ____D () C:\users\Georgia davis
2014-02-14 10:55 - 2010-10-15 11:05 - 00000000 ____D () C:\users\Guest
2014-02-14 10:55 - 2009-09-27 09:59 - 00000000 ____D () C:\users\Georgie
2014-02-14 10:55 - 2006-11-02 03:18 - 00000000 __RHD () C:\users\Default
2014-02-14 10:54 - 2014-02-14 10:52 - 00000095 _____ () C:\Windows\zerobyte_files_deleted.txt
2014-02-14 10:28 - 2008-12-28 10:57 - 00000000 ____D () C:\users\Davis
2014-02-14 10:21 - 2013-12-16 13:20 - 00000896 _____ () C:\Users\Mrs georgia bolgar\daemonprocess.txt
2014-02-14 10:14 - 2013-10-01 07:27 - 00000847 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-02-14 09:37 - 2014-02-12 07:51 - 00000058 _____ () C:\Users\Public\Desktop\Daves Support.url
2014-02-14 09:17 - 2013-01-29 13:00 - 00006144 _____ () C:\Users\Mrs georgia bolgar\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-02-14 08:56 - 2006-11-02 03:18 - 00000000 ____D () C:\Windows\System32\CatRoot2.old
2014-02-12 09:49 - 2014-02-12 09:49 - 00000000 ____D () C:\Support
2014-02-12 07:52 - 2013-12-16 11:59 - 00000000 ____D () C:\users\wangzhisong
2014-02-12 07:52 - 2006-11-02 03:18 - 00000000 ___RD () C:\users\Public
2014-02-11 07:42 - 2013-12-16 11:57 - 00000000 ____D () C:\Program Files\McAfee
2014-02-11 01:47 - 2014-02-11 01:47 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-02-11 01:47 - 2012-12-04 08:01 - 00001924 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2014-02-08 04:35 - 2012-05-24 12:05 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2014-02-08 04:35 - 2011-12-13 01:18 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2014-02-04 12:13 - 2014-02-04 12:13 - 01069512 _____ (Solid State Networks) C:\Users\Davis\Downloads\install_flashplayer12x32au_mssd_awc_aih.exe
2014-02-04 07:12 - 2014-01-29 13:01 - 00000000 ____D () C:\ProgramData\toppbuyero
2014-02-04 07:12 - 2014-01-29 13:01 - 00000000 ____D () C:\ProgramData\DeuaalsFiindeorrPro
2014-02-04 06:40 - 2014-02-04 06:40 - 00001669 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-02-04 06:40 - 2014-02-04 06:39 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-02-04 06:40 - 2014-02-04 06:39 - 00000000 ____D () C:\Program Files\iTunes
2014-02-04 06:39 - 2014-02-04 06:39 - 00000000 ____D () C:\Program Files\iPod
2014-02-04 06:39 - 2010-02-27 09:48 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-02-04 06:33 - 2010-02-27 09:48 - 00000000 ____D () C:\ProgramData\Apple
2014-02-04 06:10 - 2012-04-29 13:59 - 00000000 ____D () C:\Users\Davis\AppData\Local\AVG Secure Search
2014-02-04 06:05 - 2013-07-27 03:44 - 00000000 ____D () C:\Program Files\AVG Secure Search
2014-02-01 05:50 - 2013-12-16 11:58 - 00000000 ____D () C:\Program Files\Optimizer Pro
2014-01-29 13:01 - 2014-01-29 13:01 - 00000000 ____D () C:\ProgramData\8e9effbdffc0dc74
2014-01-29 13:00 - 2014-01-29 13:00 - 00000000 ____D () C:\ProgramData\kejpoiceniffgnaigllabnhnpiiiigng
2014-01-26 08:20 - 2012-12-08 14:06 - 00000000 ____D () C:\Users\Davis\AppData\Roaming\Mozilla
2014-01-26 08:20 - 2008-12-28 11:03 - 00000000 ____D () C:\Users\Davis\AppData\Local\Google
2014-01-20 08:26 - 2014-01-20 08:25 - 01069512 _____ (Solid State Networks) C:\Users\Davis\Downloads\install_flashplayer12x32au_mssa_awc_aih.exe
2014-01-19 13:46 - 2014-01-19 13:46 - 00022808 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgidsshimx.sys

==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2014-02-14 14:19:56

==================== Memory info ===========================

Percentage of memory in use: 17%
Total physical RAM: 2939.26 MB
Available physical RAM: 2413.3 MB
Total Pagefile: 2654.21 MB
Available Pagefile: 2505.24 MB
Total Virtual: 2047.88 MB
Available Virtual: 1963.36 MB

==================== Drives ================================

Drive c: (Vista) (Fixed) (Total:232.64 GB) (Free:156.16 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Data) (Fixed) (Total:230.84 GB) (Free:225.41 GB) NTFS
Drive e: (BEYONCE) (CDROM) (Total:4.14 GB) (Free:0 GB) UDF
Drive f: (WinRE) (Fixed) (Total:2.28 GB) (Free:2.04 GB) NTFS
Drive g: (Lexar 64GB) (Removable) (Total:59.62 GB) (Free:59.62 GB) exFAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: 8F1901FC)
Partition 1: (Not Active) - (Size=2 GB) - (Type=27)
Partition 2: (Active) - (Size=233 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=231 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 60 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=60 GB) - (Type=07 NTFS)


LastRegBack: 2014-02-15 02:18

==================== End Of Log ============================

Link to post
Share on other sites

Save the attached file fixlist.txt to your flash drive, same place as FRST.

Now please enter System Recovery Options as you did to get the log.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

 

Does you system boot ok to normal mode now, if so see if the following will run...

 

Please download RogueKiller from here:

http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe'>http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe  <- 32 bit version

http://www.sur-la-toile.com/RogueKiller/RogueKillerX64.exe'>http://www.sur-la-toile.com/RogueKiller/RogueKillerX64.exe  <- 64 bit version

                                   

 


  •  

     


  • Make sure to get the correct version for your system.

     

     


  • Quit all running programs

     

     


  • Please disconnect any USB or external drives from the computer before you run this scan!

     

     


  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe

     

     


  • Wait until Prescan has finished...

     

     


  • The following EULA will appear, please select accept

     

     

    RKLicence.png

     

     


  • Ensure MBR scan, Check faked and AntiRootkit are checked

     

     


  • Select Scan

     

     

    RK1A.png

     

     


  • When the scan completes select Report, copy and paste that to your reply.

     

     

    RK2A.png

     

     


  • The log should be found in RKreport[?].txt on your Desktop

     

     


  • Exit/Close RogueKiller

     

     


fixlist.txt

Link to post
Share on other sites

System booted OK and ran program OK.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 12-02-2014 01
Ran by SYSTEM at 2014-02-15 15:09:58 Run:1
Running from G:\
Boot Mode: Recovery

==============================================

Content of fixlist:
*****************
Start
GroupPolicyUsers\S-1-5-21-1847146488-4185065798-1427826158-1004\User: Group Policy restriction detected <======= ATTENTION
2014-01-29 13:01 - 2014-01-29 13:01 - 00000000 ____D () C:\ProgramData\8e9effbdffc0dc74
2014-01-29 13:00 - 2014-01-29 13:00 - 00000000 ____D () C:\ProgramData\kejpoiceniffgnaigllabnhnpiiiigng
End
*****************

C:\Windows\System32\GroupPolicyUsers\S-1-5-21-1847146488-4185065798-1427826158-1004\User => Moved successfully.
C:\Windows\System32\GroupPolicy\GPT.ini => Moved successfully.
C:\ProgramData\8e9effbdffc0dc74 => Moved successfully.
C:\ProgramData\kejpoiceniffgnaigllabnhnpiiiigng => Moved successfully.

==== End of Fixlog ====

 

 

 

 

RogueKiller V8.8.7 [Feb 11 2014] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Davis [Admin rights]
Mode : Scan -- Date : 02/15/2014 15:36:25
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
[inline] EAT @explorer.exe (FwDoNothingOnObject) : FirewallAPI.DLL -> HOOKED (Unknown @ 0x356A2266)
[inline] EAT @explorer.exe (FwEnableMemTracing) : FirewallAPI.DLL -> HOOKED (Unknown @ 0x356A2266)
[inline] EAT @explorer.exe (FwSetMemLeakPolicy) : FirewallAPI.DLL -> HOOKED (Unknown @ 0x356A2266)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1       localhost
::1             localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST500LM012 HN-M500MBB +++++
--- User ---
[MBR] 6488c7a8aeb4bfe22d6b6930529605b2
[bSP] 8b362d57a304770837d447dbce50b01b : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 2338 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 4790272 | Size: 238222 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 492668928 | Size: 236379 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_02152014_153625.txt >>




Thanks

Link to post
Share on other sites

Hi, i have the results below. Windows defender still wont start, outlook wont start, i have tried opening word and it stopped responding. Eventually the scren went blank and then a message popped up "Logon process has failed to create the security options dialogue" And had a white cross in a red circle saying "Failure - Security Options"

 

Log results below.

 

Zoek.exe v5.0.0.0 Updated 15-February-2014
Tool run by Davis on 15/02/2014 at 19:44:05.61.
Microsoft® Windows Vista™ Home Premium  6.0.6002 Service Pack 2 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Davis\Desktop\zoek\zoek.com [scan all users] [script inserted]

==== System Restore Info ======================

15/02/2014 19:50:14 Zoek.exe System Restore Point Created Succesfully.

==== Creating Sample_022014_2007.zip ======================
 
Process rundll32.exe killed
Copied file C:\Users\Guest\AppData\Local\My Web Search Installer(0003b8a4).exe to sample\My Web Search Installer(0003b8a4).exe
Copied file C:\Users\Guest\AppData\Local\My Web Search Installer(00043d4d).exe to sample\My Web Search Installer(00043d4d).exe
Copied file C:\Users\Guest\AppData\Local\My Web Search Installer(002a5b49).exe to sample\My Web Search Installer(002a5b49).exe
sample\My Web Search Installer(0003b8a4).exe renamed to C86C315D57C6FFF86C90172BBB97B7E5
sample\My Web Search Installer(00043d4d).exe renamed to 23A48B0CBDFE460FF1F946C092D95A1A
sample\My Web Search Installer(002a5b49).exe renamed to C86C315D57C6FFF86C90172BBB97B7E5

C:\Users\Public\Desktop\sample_022014_2007.zip created successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A} deleted successfully
HKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully
HKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1000\Software\Microsoft\Internet Explorer\SearchScopes\{7D90F210-925A-0367-D5DC-118BF7CE73F4} deleted successfully
HKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1000\Software\Microsoft\Internet Explorer\SearchScopes\{839A7CA3-273C-4130-AFF3-7A4766001684} deleted successfully
HKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully
HKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully
HKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully
HKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully
HKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e} deleted successfully
HKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1000\Software\Microsoft\Internet Explorer\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e} deleted successfully
HKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1004\Software\Microsoft\Internet Explorer\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e} deleted successfully
HKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} deleted successfully
HKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1000\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} deleted successfully
HKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1000\Software\Microsoft\Internet Explorer\SearchScopes\{BB023032-3702-4A9E-8D83-0527144C8ABD} deleted successfully
HKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1000\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6} deleted successfully
HKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1000\Software\Microsoft\Internet Explorer\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully
HKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully
HKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully
HKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully
HKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} deleted successfully
HKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} deleted successfully
HKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} deleted successfully
HKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} deleted successfully
HKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4efb-9B51-7695ECA05670} deleted successfully
HKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4efb-9B51-7695ECA05670} deleted successfully
HKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4efb-9B51-7695ECA05670} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4efb-9B51-7695ECA05670} deleted successfully
HKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4efb-9B51-7695ECA05670} deleted successfully
HKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4efb-9B51-7695ECA05670} deleted successfully
HKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0} deleted successfully
HKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0} deleted successfully
HKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{33AA308B-B565-4376-AC66-59EE9B6AD13E} deleted successfully
HKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{33AA308B-B565-4376-AC66-59EE9B6AD13E} deleted successfully
HKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} deleted successfully
HKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} deleted successfully
HKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} deleted successfully
HKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4efb-9B51-7695ECA05670} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Approved Extensions\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Approved Extensions\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Approved Extensions\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} deleted successfully
HKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1004\Software\Microsoft\Internet Explorer\Approved Extensions\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Approved Extensions\{02478D38-C3F9-4efb-9B51-7695ECA05670} deleted successfully
HKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1004\Software\Microsoft\Internet Explorer\Approved Extensions\{9D717F81-9148-4F12-8568-69135F087DB0} deleted successfully
HKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1004\Software\Microsoft\Internet Explorer\Approved Extensions\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} deleted successfully
HKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1004\Software\Microsoft\Internet Explorer\Approved Extensions\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} deleted successfully
HKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully
HKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} deleted successfully
HKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1000\Software\Mozilla\Firefox\Extensions\{ED76C299-85BC-4891-9237-74A140C28832} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully
HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\virtualKeyboard@kaspersky.ru deleted successfully
HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\KavAntiBanner@Kaspersky.ru deleted successfully
HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\linkfilter@kaspersky.ru deleted successfully

==== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958)  
3Connect  
Activation Assistant for the 2007 Microsoft Office suites  
Adobe AIR  
Adobe Flash Player 12 ActiveX  
Adobe Flash Player 12 Plugin  
Adobe Media Player  
Adobe Reader 8.1.3  
Apple Application Support  
Apple Mobile Device Support  
Apple Software Update  
AusLogics Disk Defrag  
AVG 2014  
AVG Security Toolbar  
Babylon toolbar on IE  
Bing Bar  
Bluetooth Stack for Windows by Toshiba  
Bonjour  
Camera Assistant Software for Toshiba  
CCleaner (remove only)  
CD/DVD Drive Acoustic Silencer  
Compatibility Pack for the 2007 Office system  
D3DX10  
DeuaalsFiindeorrPro  
DVD MovieFactory for TOSHIBA  
Facebook Video Calling 1.2.0.287  
Facebook Video Calling 2.0.0.447  
Facemoods Toolbar  
Google Chrome  
Google Chrome Packages  
Google Desktop  
Google Earth  
Google Talk Plugin  
Google Toolbar for Internet Explorer  
Google Update Helper  
HDMI Control Manager  
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)  
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)  
Huawei modem  
iLivid  
Inbox Toolbar  
Intel© Matrix Storage Manager  
iTunes  
Java Auto Updater  
Java 6 Update 23  
Java 6 Update 6  
Junk Mail filter update  
Malwarebytes Anti-Malware version 1.75.0.1300  
MathmosScreensaver  
McAfee Security Scan Plus  
McAfee SiteAdvisor  
Mesh Runtime  
Messenger Companion  
Microsoft .NET Framework 3.5 SP1  
Microsoft .NET Framework 4 Client Profile  
Microsoft Application Error Reporting  
Microsoft Office 2007 Service Pack 3 (SP3)  
Microsoft Office Access MUI (English) 2007  
Microsoft Office Access Setup Metadata MUI (English) 2007  
Microsoft Office Enterprise 2007  
Microsoft Office Excel MUI (English) 2007  
Microsoft Office File Validation Add-In  
Microsoft Office Groove MUI (English) 2007  
Microsoft Office Groove Setup Metadata MUI (English) 2007  
Microsoft Office InfoPath MUI (English) 2007  
Microsoft Office OneNote MUI (English) 2007  
Microsoft Office Outlook Connector  
Microsoft Office Outlook MUI (English) 2007  
Microsoft Office PowerPoint MUI (English) 2007  
Microsoft Office PowerPoint Viewer 2007 (English)  
Microsoft Office Proof (English) 2007  
Microsoft Office Proof (French) 2007  
Microsoft Office Proof (Spanish) 2007  
Microsoft Office Proofing (English) 2007  
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)  
Microsoft Office Publisher MUI (English) 2007  
Microsoft Office Shared MUI (English) 2007  
Microsoft Office Shared Setup Metadata MUI (English) 2007  
Microsoft Office Word MUI (English) 2007  
Microsoft Silverlight  
Microsoft SQL Server 2005 Compact Edition [ENU]  
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053  
Microsoft Visual C++ 2005 Redistributable  
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570  
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148  
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161  
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219  
Microsoft Works  
Microsoft XML Parser  
Mobogenie  
Mozilla Firefox 26.0 (x86 en-US)  
Mozilla Maintenance Service  
MSVCRT  
MSXML 4.0 SP2 (KB941833)  
MSXML 4.0 SP2 (KB954430)  
MSXML 4.0 SP2 (KB973688)  
myphotobook 3.5  
OGA Notifier 2.0.0048.0  
Optimizer Pro v3.2  
Pando Media Booster  
ParetoLogic PC Health Advisor  
Picasa 2  
Pivot Stickfigure Animator version 2.2.6  
Pivot Stickfigure Toolbar  
QuickTime  
Realtek 8169 8168 8101E 8102E Ethernet Driver  
Realtek High Definition Audio Driver  
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.02  
Search-Results Toolbar  
SearchYa  
Security Update for CAPICOM (KB931906)  
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)  
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)  
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)  
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)  
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)  
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)  
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)  
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)  
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)  
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)  
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)  
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)  
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)  
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)  
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)  
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)  
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)  
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)  
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)  
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)  
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)  
Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)  
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)  
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)  
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)  
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)  
Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188)  
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition  
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition  
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition  
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2837615) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition   
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition   
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition   
Security Update for Microsoft Office Outlook 2007 (KB2825644) 32-Bit Edition   
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition  
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition  
Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition   
Security Update for Microsoft Office Word 2007 (KB2837617) 32-Bit Edition   
Security Update for Windows Media Encoder (KB2447961)  
Security Update for Windows Media Encoder (KB954156)  
Security Update for Windows Media Encoder (KB979332)  
Segoe UI  
Spelling Dictionaries Support For Adobe Reader 8  
Synaptics Pointing Device Driver  
toppbuyero  
TOSHIBA Assist  
TOSHIBA ConfigFree  
TOSHIBA Disc Creator  
TOSHIBA DVD PLAYER  
TOSHIBA Extended Tiles for Windows Mobility Center  
TOSHIBA Face Recognition  
TOSHIBA Hardware Setup  
TOSHIBA Manuals  
Toshiba Online Product Information  
TOSHIBA Recovery Disc Creator  
TOSHIBA SD Memory Utilities  
TOSHIBA Software Modem  
TOSHIBA Supervisor Password  
Toshiba TEMPRO  
TOSHIBA Value Added Package  
TRDCReminder  
TRORDCLauncher  
Update for 2007 Microsoft Office System (KB967642)  
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)  
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)  
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)  
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)  
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)  
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)  
Update for Microsoft Office 2007 Help for Common Features (KB963673)  
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition  
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition  
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition  
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition  
Update for Microsoft Office Access 2007 Help (KB963663)  
Update for Microsoft Office Excel 2007 Help (KB963678)  
Update for Microsoft Office Infopath 2007 Help (KB963662)  
Update for Microsoft Office OneNote 2007 Help (KB963670)  
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition  
Update for Microsoft Office Outlook 2007 Help (KB963677)  
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition  
Update for Microsoft Office Powerpoint 2007 Help (KB963669)  
Update for Microsoft Office Publisher 2007 Help (KB963667)  
Update for Microsoft Office Script Editor Help (KB963671)  
Update for Microsoft Office Word 2007 Help (KB963665)  
Visual Studio 2012 x86 Redistributables  
WhiteSmoke  
Windows Live Communications Platform  
Windows Live Essentials  
Windows Live Family Safety  
Windows Live ID Sign-in Assistant  
Windows Live Installer  
Windows Live Mail  
Windows Live Mesh  
Windows Live Mesh ActiveX Control for Remote Connections  
Windows Live Messenger  
Windows Live Messenger Companion Core  
Windows Live MIME IFilter  
Windows Live Movie Maker  
Windows Live Photo Common  
Windows Live Photo Gallery  
Windows Live PIMT Platform  
Windows Live Remote Client  
Windows Live Remote Client Resources  
Windows Live Remote Service  
Windows Live Remote Service Resources  
Windows Live SOXE  
Windows Live SOXE Definitions  
Windows Live UX Platform  
Windows Live UX Platform Language Pack  
Windows Live Writer  
Windows Live Writer Resources  
Windows Media Encoder 9 Series  
Yahoo Messenger  
Yahoo Toolbar  
Yontoo 1.10.03  

==== Running Processes ======================

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2014\avgfws.exe
C:\Program Files\AVG\AVG2014\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
C:\Program Files\Toshiba TEMPRO\TempoSVC.exe
C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\loggingserver.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Toshiba\HDMICtrlMan\HDMICtrlMan.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\AVG\AVG2014\avgui.exe
C:\Program Files\Mobogenie\DaemonProcess.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Windows\ehome\ehtray.exe
C:\Users\Davis\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Toshiba\HDMICtrlMan\HCMSoundChanger.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Microsoft\BingBar\7.3.124.0\SeaPort.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Mobogenie\mgusb.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vToolbarUpdater17.3.0 deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\vToolbarUpdater17.3.0 deleted successfully

==== FireFox Fix ======================

ProfilePath: C:\Users\Davis\AppData\Roaming\Mozilla\Firefox\Profiles\xzk1ljzw.default

user.js not found
---- Lines mysearch removed from prefs.js ----
user_pref("avg.userPreferences.URLBarFocus.whiteList", "bing\\.com|google\\.\\w+|yahoo\\.\\w+|gmail\\.\\w+|hotmail\\.\\w+|live\\.\\w+|isearch\\.avg\\.
---- Lines extensions.5fBDRXI2 removed from prefs.js ----
user_pref("extensions.5fBDRXI2.epoch", "1392496057");
user_pref("extensions.5fBDRXI2.url", "http://veteranusashare.ru/sync2/?q=hfZ9ofmEgShEAen0rihTB6lKDzt4okDctNtVh7n0rjnErjs4rTwErdnFtMFHhd9FqdaGrjnGrds6r
---- Lines extensions.egn5ak9lWYJ removed from prefs.js ----
user_pref("extensions.egn5ak9lWYJ.epoch", "1392496057");
user_pref("extensions.egn5ak9lWYJ.url", "http://veteranusashare.ru/sync2/?q=hfZ9oemMCchEAen0rihTB6lKDzt4okDctNtVh7n0rjnErjs4rTwErjaHtMFHhd9FqdaGrjnGrd
---- FireFox user.js and prefs.js backups ----

prefs_022014_2011_.backup

==== Deleting Files \ Folders ======================

C:\Program Files\facemoods.com deleted
C:\Users\Davis\appdata\locallow\facemoods.com deleted
C:\Users\Davis\AppData\Local\genienext deleted
C:\Users\Davis\.android deleted
C:\Users\Mrs georgia bolgar\daemonprocess.txt deleted
C:\Program Files\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml deleted
C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml deleted
C:\Program Files\Inbox Toolbar deleted
C:\Program Files\Conduit deleted
C:\Program Files\Productivity_3.1 deleted
C:\Program Files\ParetoLogic deleted
C:\Program Files\Common Files\ParetoLogic deleted
C:\Program Files\BabylonToolbar deleted
C:\Program Files\iLivid deleted
C:\Program Files\Yahoo! deleted
C:\Program Files\Optimizer Pro deleted
C:\Program Files\Yontoo deleted
C:\Program Files\SearchYa! deleted
C:\Program Files\WhiteSmoke deleted
C:\Program Files\Ask.com deleted
C:\found.000 deleted
C:\found.001 deleted
C:\found.002 deleted
C:\Users\Davis\AppData\Roaming\Yahoo! deleted
C:\Users\Davis\AppData\Roaming\ParetoLogic deleted
C:\Users\Davis\AppData\Roaming\DriverCure deleted
C:\Users\Davis\AppData\Roaming\Babylon deleted
C:\Users\Davis\AppData\Roaming\Optimizer Pro deleted
C:\Users\Georgia davis\AppData\Roaming\Yahoo! deleted
C:\Users\Georgie\AppData\Roaming\Yahoo! deleted
C:\Users\Guest\AppData\Roaming\PCPowerSpeed deleted
C:\Users\Guest\AppData\Roaming\Yahoo! deleted
C:\Users\Mrs georgia bolgar\AppData\Roaming\Yahoo! deleted
C:\Windows\system32\config\systemprofile\AppData\Roaming\Yahoo! deleted
C:\ProgramData\Yahoo! deleted
C:\ProgramData\Yahoo! Companion deleted
C:\ProgramData\boost_interprocess deleted
C:\ProgramData\ParetoLogic deleted
C:\ProgramData\AVG Secure Search deleted
C:\ProgramData\Tarma Installer deleted
C:\ProgramData\Babylon deleted
C:\Users\Davis\AppData\Local\Ilivid Player deleted
C:\Users\Davis\AppData\Local\speeddial.crx deleted
C:\Users\Davis\AppData\Local\Wajam deleted
C:\Users\Davis\AppData\Local\Mobogenie deleted
C:\Users\Davis\AppData\Local\cache deleted
C:\Users\Davis\AppData\Local\Babylon deleted
C:\Users\Davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc deleted
C:\Users\Georgia davis\AppData\Local\AVG Secure Search deleted
C:\Users\Georgia davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc deleted
C:\Users\Guest\AppData\Local\AVG Secure Search deleted
C:\Users\Mrs georgia bolgar\AppData\Local\AVG Secure Search deleted
C:\Users\Mrs georgia bolgar\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc deleted
C:\Users\wangzhisong\AppData\Local\Mobogenie deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AppGraffiti deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2 deleted
C:\Users\Davis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie deleted
C:\Users\Davis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic deleted
C:\Users\Davis\AppData\LocalLow\AVG Security Toolbar deleted
C:\Users\Davis\AppData\LocalLow\AVG Secure Search deleted
C:\Users\Davis\AppData\LocalLow\AppGraffiti deleted
C:\Users\Davis\AppData\LocalLow\searchqutoolbar deleted
C:\Users\Davis\AppData\LocalLow\MyWebSearch deleted
C:\Users\Davis\AppData\LocalLow\AskToolbar deleted
C:\Users\Davis\AppData\LocalLow\DataMngr deleted
C:\Users\Davis\AppData\LocalLow\Conduit deleted
C:\Users\Davis\AppData\LocalLow\FunWebProducts deleted
C:\Users\Davis\AppData\LocalLow\Toolbar4 deleted
C:\Users\Georgia davis\AppData\LocalLow\AppGraffiti deleted
C:\Users\Georgia davis\AppData\LocalLow\AskToolbar deleted
C:\Users\Georgia davis\AppData\LocalLow\facemoods.com deleted
C:\Users\Georgia davis\AppData\LocalLow\BabylonToolbar deleted
C:\Users\Georgia davis\AppData\LocalLow\Toolbar4 deleted
C:\Users\Guest\AppData\LocalLow\AVG Security Toolbar deleted
C:\Users\Guest\AppData\LocalLow\AVG Secure Search deleted
C:\Users\Guest\AppData\LocalLow\searchqutoolbar deleted
C:\Users\Guest\AppData\LocalLow\MyWebSearch deleted
C:\Users\Guest\AppData\LocalLow\facemoods.com deleted
C:\Users\Guest\AppData\LocalLow\Conduit deleted
C:\Users\Guest\AppData\LocalLow\FunWebProducts deleted
C:\Users\Mrs georgia bolgar\AppData\LocalLow\AVG Secure Search deleted
C:\Users\Mrs georgia bolgar\AppData\LocalLow\AppGraffiti deleted
C:\Users\Mrs georgia bolgar\AppData\LocalLow\AskToolbar deleted
C:\Users\Mrs georgia bolgar\AppData\LocalLow\facemoods.com deleted
C:\Users\Mrs georgia bolgar\AppData\LocalLow\BabylonToolbar deleted
C:\Users\Mrs georgia bolgar\AppData\LocalLow\Toolbar4 deleted
C:\Windows\system32\config\systemprofile\AppData\LocalLow\AVG Secure Search deleted
C:\Windows\system32\config\systemprofile\AppData\LocalLow\AppGraffiti deleted
C:\Windows\system32\config\systemprofile\AppData\LocalLow\AskToolbar deleted
C:\Windows\system32\config\systemprofile\AppData\LocalLow\facemoods.com deleted
C:\Windows\system32\config\systemprofile\AppData\LocalLow\BabylonToolbar deleted
C:\Windows\system32\config\systemprofile\AppData\LocalLow\Toolbar4 deleted
C:\Windows\tasks\ParetoLogic Registration3.job deleted
C:\Windows\tasks\ParetoLogic Update Version3 Startup Task.job deleted
C:\Windows\tasks\ParetoLogic Update Version3.job deleted
C:\Windows\tasks\PC Health Advisor Defrag.job deleted
C:\Windows\tasks\PC Health Advisor.job deleted
C:\user.js deleted
C:\prefs.js deleted
C:\END deleted
C:\Users\wangzhisong deleted
C:\Users\Davis\Documents\Optimizer Pro deleted
C:\Users\Davis\Documents\Mobogenie deleted
C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE} deleted
C:\Users\Davis\Desktop\Optimizer Pro.lnk deleted
C:\Users\Davis\Desktop\Mobogenie.lnk deleted
C:\Program Files\Mozilla Firefox\searchplugins\fcmdSrch.xml deleted
C:\Users\Guest\AppData\Local\My Web Search Installer(0003b8a4).exe deleted
C:\Users\Guest\AppData\Local\My Web Search Installer(00043d4d).exe deleted
C:\Users\Guest\AppData\Local\My Web Search Installer(002a5b49).exe deleted
C:\Users\Davis\AppData\Roaming\Mozilla\Firefox\Profiles\xzk1ljzw.default\extensions\eacoeye@cqaeox.co.uk deleted
C:\Users\Davis\AppData\Roaming\Mozilla\Firefox\Profiles\xzk1ljzw.default\extensions\xrttrtit@yeiignn.edu deleted
"C:\Windows\Installer\25b66ae.msi" deleted
"C:\ProgramData\352723942" deleted
"C:\Users\Davis\daemonprocess.txt" deleted
"C:\Users\Davis\AppData\Roaming\Cuuqlu\neun.tmp" deleted
"C:\Users\Davis\AppData\Roaming\Ducovu\voluo.sik" deleted
"C:\Users\Davis\AppData\Roaming\Firiso\feyp.ass" deleted
"C:\Program Files\Mobogenie\DaemonProcess.exe" deleted
"C:\Program Files\Mobogenie\libeay32.dll" deleted
"C:\Program Files\Mobogenie\msvcp100.dll" deleted
"C:\Program Files\Mobogenie\msvcr100.dll" deleted
"C:\Program Files\Mobogenie\QtCore4.dll" deleted
"C:\Program Files\Mobogenie\QtGui4.dll" deleted
"C:\Program Files\Mobogenie\QtNetwork4.dll" deleted
"C:\Program Files\Mobogenie\QtSql4.dll" deleted
"C:\Program Files\Mobogenie\QtWebKit4.dll" deleted
"C:\Program Files\Mobogenie\ssleay32.dll" deleted
"C:\Program Files\AVG Secure Search\vprot.exe" deleted
"C:\Program Files\AVG Secure Search\vprot.exe" deleted
"C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\17.3.0\SiteSafety.dll" deleted
"C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\log4cplusU.dll" deleted
"C:\Users\Davis\AppData\Roaming\Wowe" deleted
"C:\Users\Davis\AppData\Roaming\Eqegv" deleted
"C:\Users\Davis\AppData\Roaming\Mekoh" deleted
"C:\Users\Davis\AppData\Roaming\Atebus" deleted
"C:\Users\Davis\AppData\Roaming\Cuuqlu" deleted
"C:\Users\Davis\AppData\Roaming\Ducovu" deleted
"C:\Users\Davis\AppData\Roaming\Firiso" deleted
"C:\Program Files\Mobogenie" deleted
"C:\Program Files\AVG Secure Search" deleted
"C:\Program Files\AVG Secure Search" deleted
"C:\Program Files\Common Files\AVG Secure Search" deleted
"C:\Users\Davis\AppData\Local\AVG Secure Search" deleted
"C:\Users\Davis\AppData\Local\AVG Secure Search" deleted
"C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller" deleted
"C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater" deleted
"C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\17.3.0" deleted
"C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0" deleted
"C:\Users\Davis\AppData\Local\AVG Secure Search\Chrome" deleted
"C:\Users\Davis\AppData\Local\AVG Secure Search\Chrome\Default" deleted
"C:\Users\Davis\AppData\Local\AVG Secure Search\Chrome" deleted
"C:\Users\Davis\AppData\Local\AVG Secure Search\Chrome\Default" deleted

==== System Specs ======================

Windows: Windows Vista Home Premium Edition Service Pack 2 (Build 6002)
Memory (RAM): 2940 MB
CPU Info: Intel® Core2 Duo CPU     T5800  @ 2.00GHz
CPU Speed: 1520.2 MHz
Sound Card: Speakers (Realtek High Definiti |
Realtek Digital Output (Realtek |
Display Adapters: Mobile Intel® 4 Series Express Chipset Family | Mobile Intel® 4 Series Express Chipset Family | RDPDD Chained DD | RDP Encoder Mirror Driver
Monitors: 1x; Generic PnP Monitor |
Screen Resolution: 1280 X 800 - 32 bit
Network: Network Present
Network Adapters: Intel® Wireless WiFi Link 5100 | Realtek RTL8102E Family PCI-E Fast Ethernet NIC (NDIS 6.0)
CD / DVD Drives: 1x (F: | ) F: PIONEER DVD-RW  DVRTD08A
Ports: COM3 LPT Port NOT Present.
Mouse: 5 Button Wheel Mouse Present
Hard Disks: C:  232.6GB | E:  230.8GB
Hard Disks - Free: C:  155.2GB | E:  225.4GB
Manufacturer *: INSYDE
BIOS Info: AT/AT COMPATIBLE | 10/14/08 | TOSINV - 1
Time Zone: GMT Standard Time
Motherboard *: TOSHIBA Portable PC
Country: United Kingdom
Language: ENG

==== System Specs (Software) ======================

Anti-Virus: AVG Internet Security 2014 On-access scanning disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Anti-Spyware: AVG Internet Security 2014 disabled (Outdated)
Firewall: AVG Internet Security 2014 disabled
Default Browser: Firefox    26.0
Internet Explorer Version: 9.0.8112.16421
Mozilla Firefox version: 26.0 (x86 en-US)
Google Chrome version: 32.0.1700.102
Adobe Reader version: 8.1.0.2007051100
Sun Java version: 1.6.0_23 (32-bit)
Flash Player version: 12.0.0.44

==== Files Recently Created / Modified ======================

====== C:\Windows ====
2014-02-15 10:11:16    8C87A1CCF34BF92413B19A63EB84ECD2    372136236    ----a-w-    C:\Windows\MEMORY.DMP
2014-02-14 18:52:59    9F1BB18CA23ABBBA591EB931BDF2E885    95    ----a-w-    C:\Windows\zerobyte_files_deleted.txt
====== C:\Users\Davis\AppData\Local\Temp ====
2014-02-15 15:34:52    B9FDFF876B0E7B4FECBAA5708C6ED616    1205168    ----a-w-    C:\Users\Davis\AppData\Local\Temp\ntdll_dump.dll
2014-02-15 10:31:10    9109344E0DD07369654ADFEDD840845D    1042    ----a-w-    C:\Users\Davis\AppData\Local\Temp\nsm47EA.tmp\notifykeysC.com
2014-02-15 10:30:37    ACC2B699EDFEA5BF5AAE45ABA3A41E96    6656    ----a-w-    C:\Users\Davis\AppData\Local\Temp\nsm47EA.tmp\nsExec.dll
2014-02-15 10:30:28    C17103AE9072A06DA581DEC998343FC1    11264    ----a-w-    C:\Users\Davis\AppData\Local\Temp\nsm47EA.tmp\System.dll
2014-02-15 10:30:28    7579ADE7AE1747A31960A228CE02E666    4096    ----a-w-    C:\Users\Davis\AppData\Local\Temp\nsm47EA.tmp\UserInfo.dll
2014-02-15 10:03:27    6AC365B716BF5C77A64708F9A5AA004A    25088    ----a-w-    C:\Users\Davis\AppData\Local\Temp\mbr.sys
2014-02-15 10:03:24    9109344E0DD07369654ADFEDD840845D    1042    ----a-w-    C:\Users\Davis\AppData\Local\Temp\nsoFD34.tmp\notifykeysC.com
2014-02-15 10:02:25    ACC2B699EDFEA5BF5AAE45ABA3A41E96    6656    ----a-w-    C:\Users\Davis\AppData\Local\Temp\nsoFD34.tmp\nsExec.dll
2014-02-15 10:02:22    C17103AE9072A06DA581DEC998343FC1    11264    ----a-w-    C:\Users\Davis\AppData\Local\Temp\nsoFD34.tmp\System.dll
2014-02-15 10:02:22    7579ADE7AE1747A31960A228CE02E666    4096    ----a-w-    C:\Users\Davis\AppData\Local\Temp\nsoFD34.tmp\UserInfo.dll
2014-02-15 09:17:35    9109344E0DD07369654ADFEDD840845D    1042    ----a-w-    C:\Users\Davis\AppData\Local\Temp\nsf7C33.tmp\notifykeysC.com
2014-02-15 09:16:49    ACC2B699EDFEA5BF5AAE45ABA3A41E96    6656    ----a-w-    C:\Users\Davis\AppData\Local\Temp\nsf7C33.tmp\nsExec.dll
2014-02-15 09:16:44    C17103AE9072A06DA581DEC998343FC1    11264    ----a-w-    C:\Users\Davis\AppData\Local\Temp\nsf7C33.tmp\System.dll
2014-02-15 09:16:44    7579ADE7AE1747A31960A228CE02E666    4096    ----a-w-    C:\Users\Davis\AppData\Local\Temp\nsf7C33.tmp\UserInfo.dll
====== Java Cache =====
====== C:\Windows\system32 =====
2014-02-14 21:01:50    C775BF17BAA95275679A5FFD1676F27B    41736    ----a-w-    C:\Windows\System32\.crusader
2014-02-14 18:52:59    4391A2A136D3104A82E0CBDFBA1D2945    87    ----a-w-    C:\Windows\System32\zerobyte_files_deleted.txt
====== C:\Windows\system32\drivers =====
2014-02-14 20:49:07    05E0D8EE7D6FAB5CB672FEC3AAD93AA0    30464    ----a-w-    C:\Windows\System32\drivers\hitmanpro37.sys
2014-01-19 21:46:54    18B3FFED808F032E037ED7F54A838053    22808    ----a-w-    C:\Windows\System32\drivers\avgidsshimx.sys
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
2014-02-04 14:39:23    --------    d-----w-    C:\Program Files\iPod
2014-02-04 14:39:21    --------    d-----w-    C:\Program Files\iTunes
======= C: =====
====== C:\Users\Davis\AppData\Roaming ======
2014-02-14 21:13:29    --------    d-----w-    C:\Users\Davis\AppData\Roaming\SUPERAntiSpyware.com
2014-02-14 18:22:31    --------    d-----w-    C:\Windows\system32\config\systemprofile\AppData\Local\Temp
2014-02-14 18:22:29    --------    d-----w-    C:\Users\Mrs georgia bolgar\AppData\Local\Temp
2014-02-14 18:22:08    --------    d-----w-    C:\Users\Guest\AppData\Local\Temp
2014-02-14 18:21:42    --------    d-----w-    C:\Users\Georgie\AppData\Local\Temp
2014-02-14 18:21:30    --------    d-----w-    C:\Users\Georgia davis\AppData\Local\Temp
2014-02-14 18:21:26    --------    d-----w-    C:\Users\Default\AppData\Local\Temp
2014-02-14 18:21:26    --------    d-----w-    C:\Users\Default User\AppData\Local\Temp
2014-01-29 21:01:03    --------    d-----w-    C:\Windows\system32\config\systemprofile\AppData\Roaming\Mozilla
2014-01-29 21:01:03    --------    d-----w-    C:\Windows\system32\config\systemprofile\AppData\Local\Mozilla
2014-01-21 19:32:28    --------    d-----w-    C:\Users\Mrs georgia bolgar\AppData\Locallow\Sun
====== C:\Users\Davis ======
2014-02-15 15:17:26    444D1016CF8768D83B05DCFB9974D001    3813376    ----a-w-    C:\Users\Davis\Desktop\RogueKiller.exe
2014-02-14 21:13:29    --------    d-----w-    C:\ProgramData\SUPERAntiSpyware.com
2014-02-14 20:49:07    --------    d-----w-    C:\ProgramData\HitmanPro
2014-02-14 20:11:29    8B968045D75783A09592C3105F2865DA    688992    ------r-    C:\Users\Davis\Desktop\dds.com
2014-02-14 18:54:53    --------    d-----w-    C:\Windows\system32\config\systemprofile\cookies
2014-02-14 18:54:39    --------    d-----w-    C:\Users\Mrs georgia bolgar\cookies
2014-02-14 18:54:19    --------    d-----w-    C:\Users\Guest\cookies
2014-02-14 18:54:14    --------    d-----w-    C:\Users\Georgie\cookies
2014-02-14 18:54:08    --------    d-----w-    C:\Users\Georgia davis\cookies
2014-02-14 18:54:05    --------    d---a-w-    C:\Users\Default\cookies
2014-02-14 18:14:55    --------    d-----w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-02-04 20:13:10    B29E83869C302164E81F3B3D1DC51A90    1069512    ----a-w-    C:\Users\Davis\Downloads\install_flashplayer12x32au_mssd_awc_aih.exe
2014-02-04 14:40:39    --------    d-----w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-02-04 14:39:21    --------    d-----w-    C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-01-29 21:01:15    --------    d-----w-    C:\ProgramData\DeuaalsFiindeorrPro
2014-01-29 21:01:02    --------    d-----w-    C:\ProgramData\toppbuyero

====== C: exe-files ==
2014-02-15 15:17:26    444D1016CF8768D83B05DCFB9974D001    3813376    ----a-w-    C:\Users\Davis\Desktop\RogueKiller.exe
2014-02-14 20:48:40    65C622BEC80214257477E7EEA5202634    9237392    ----a-w-    C:\Users\Davis\AppData\Local\Temporary Internet Files\Content.IE5\0ZPWR73Q\HitmanPro[1].exe
2014-02-14 20:48:40    65C622BEC80214257477E7EEA5202634    9237392    ----a-w-    C:\Users\Davis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0ZPWR73Q\HitmanPro[1].exe
2014-02-14 18:08:35    9658D51C4BF63614F8A4FECA5B2E2065    6059888    ----a-w-    C:\Program Files\AVG\AVG2014\avgmfapx.exe
2014-02-09 13:00:10    210A979AD7DDAE41F7C67890F4D126DE    5508656    ----a-w-    C:\Program Files\AVG\AVG2014\avgcremx.exe
=== C: other files ==
2014-02-15 20:07:48    FEE78C814A473A5D49DDAE84E70E0442    109508    ----a-w-    C:\Users\Public\Desktop\sample_022014_2007.zip
2014-02-15 10:31:10    9109344E0DD07369654ADFEDD840845D    1042    ----a-w-    C:\Users\Davis\AppData\Local\Temp\nsm47EA.tmp\notifykeysC.com
2014-02-15 10:16:02    25F17E048A428044BBDECFD72C3BC614    709    ----a-w-    C:\Users\Davis\AppData\Local\Temporary Internet Files\Content.IE5\L78J2XQ7\FoolishUpdates[2].zip
2014-02-15 10:16:02    25F17E048A428044BBDECFD72C3BC614    709    ----a-w-    C:\Users\Davis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L78J2XQ7\FoolishUpdates[2].zip
2014-02-15 10:13:21    6DCD5D0BF29F3B83A880517ECE374E50    2474772    ----a-w-    C:\Users\Davis\AppData\Local\Temporary Internet Files\Content.IE5\VSPA2X55\d7_modules[1].zip
2014-02-15 10:13:21    6DCD5D0BF29F3B83A880517ECE374E50    2474772    ----a-w-    C:\Users\Davis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VSPA2X55\d7_modules[1].zip
2014-02-15 10:03:27    6AC365B716BF5C77A64708F9A5AA004A    25088    ----a-w-    C:\Users\Davis\AppData\Local\Temp\mbr.sys
2014-02-15 10:03:24    9109344E0DD07369654ADFEDD840845D    1042    ----a-w-    C:\Users\Davis\AppData\Local\Temp\nsoFD34.tmp\notifykeysC.com
2014-02-15 09:42:33    25F17E048A428044BBDECFD72C3BC614    709    ----a-w-    C:\Users\Davis\AppData\Local\Temporary Internet Files\Content.IE5\L78J2XQ7\FoolishUpdates[1].zip
2014-02-15 09:42:33    25F17E048A428044BBDECFD72C3BC614    709    ----a-w-    C:\Users\Davis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L78J2XQ7\FoolishUpdates[1].zip
2014-02-15 09:41:49    6DCD5D0BF29F3B83A880517ECE374E50    2474772    ----a-w-    C:\Users\Davis\AppData\Local\Temporary Internet Files\Content.IE5\0ZPWR73Q\d7_modules[1].zip
2014-02-15 09:41:49    6DCD5D0BF29F3B83A880517ECE374E50    2474772    ----a-w-    C:\Users\Davis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0ZPWR73Q\d7_modules[1].zip
2014-02-15 09:17:35    9109344E0DD07369654ADFEDD840845D    1042    ----a-w-    C:\Users\Davis\AppData\Local\Temp\nsf7C33.tmp\notifykeysC.com
2014-02-14 21:11:31    FFB26724FC744EDB50D079DC5038ABC4    14702304    ----a-w-    C:\Users\Davis\AppData\Local\Temporary Internet Files\Content.IE5\L78J2XQ7\SAS_019E716[1].COM
2014-02-14 21:11:31    FFB26724FC744EDB50D079DC5038ABC4    14702304    ----a-w-    C:\Users\Davis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L78J2XQ7\SAS_019E716[1].COM
2014-02-14 21:05:03    6FE786A824FD9B4914520801290E2680    6202810    ----a-w-    C:\ProgramData\AVG2014\IDS\outbox\tmp_7851bc69-8bc6-47d2-b5aa-d1682da2f965.zip
2014-02-14 21:00:00    324F5F9431487FAF29A973DE958C332D    6204393    ----a-w-    C:\ProgramData\AVG2014\IDS\outbox\tmp_8dd4c258-8bc5-47d2-ae2c-d1682da2f965.zip
2014-02-14 20:49:07    05E0D8EE7D6FAB5CB672FEC3AAD93AA0    30464    ----a-w-    C:\Windows\System32\drivers\hitmanpro37.sys
2014-02-14 20:11:29    8B968045D75783A09592C3105F2865DA    688992    ------r-    C:\Users\Davis\Desktop\dds.com
2014-02-14 17:22:50    E4F0F25727407BC26A70895B7F7CE4E5    641612    ----a-w-    C:\ProgramData\AVG2014\IDS\outbox\tmp_b2adc180-8ba4-47d2-a8e2-d1682da2f965.zip
2014-02-12 15:53:29    185BDF49783912DA91809DE5AC3EB276    54175    ----a-w-    C:\ProgramData\AVG2014\IDS\outbox\tmp_3af4b3b6-8a17-47d2-a86a-d1682da2f965.zip
2014-02-12 10:51:47    B98AF63EFFE27AD2B898768C7ABCBC97    710413    ----a-w-    C:\ProgramData\AVG2014\IDS\outbox\tmp_f99952f1-85ee-47d2-bb85-d1682da2f965.zip

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter"
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter"
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem"

[HKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe"
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe"
"ehTray.exe"="C:\Windows\ehome\ehTray.exe"
"Pando Media Booster"="C:\Program Files\Pando Networks\Media Booster\PMB.exe"
"Facebook Update"="C:\Users\Davis\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver"
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"Google Update"="C:\Users\Davis\AppData\Local\Google\Update\GoogleUpdate.exe /c"
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe"

[HKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1004\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"NDSTray.exe"="NDSTray.exe"
"Persistence"="C:\Windows\system32\igfxpers.exe"
"RtHDVCpl"="RtHDVCpl.exe"
"Skytel"="Skytel.exe"
"HDMICtrlMan"="C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe"
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
"Toshiba TEMPO"="C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe"
"APSDaemon"="C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"vProt"="C:\Program Files\AVG Secure Search\vprot.exe"
"AVG_UI"="C:\Program Files\AVG\AVG2014\avgui.exe /TRAYONLY"
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe -atboottime"
"mobilegeni daemon"="C:\Program Files\Mobogenie\DaemonProcess.exe"
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"Windows Defender"="%ProgramFiles%\Windows Defender\MSASCui.exe -hide"
"TPwrMain"="%ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-lsf?lic=TlVIRDQtWUg5UEUtTzNQNEUtUVJERUstR0RKWjctVk9YVUw&inst=NzctMTIxODUzNjgzOS1GUDkyKzYtQkFSOUcrMS1GTCs5LVhPMzYrMS1DSUExMCsyLVNQMSsxLVNVUCs0LVRVRyszLVNQMVM0KzEtRERUKzAtTFNEKzItREQxMCsxLVNUMTBBUFArMS1QMTBNMTJDKzEtVTEwKzEtVEIrMS1GVUkrMi1QMTBUQisyLUVVTEErMS1TVFAxME0xMkNNKzEtU1QxMkFQUCsx∏=55&ver=2012.0.1780&mid=84f5bd6a3a24b8b2df974b4dfa68e073-f53cc401da39bf00f11a57d79d9871e18aeaa71d"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe"
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe"
"ehTray.exe"="C:\Windows\ehome\ehTray.exe"
"Pando Media Booster"="C:\Program Files\Pando Networks\Media Booster\PMB.exe"
"Facebook Update"="C:\Users\Davis\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver"
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"Google Update"="C:\Users\Davis\AppData\Local\Google\Update\GoogleUpdate.exe /c"
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe"

==== Startup Registry Disabled ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\00TCrdMain]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="00TCrdMain"
"hkey"="HKLM"
"command"="%ProgramFiles%\\TOSHIBA\\FlashCards\\TCrdMain.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Reader Speed Launcher]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Adobe Reader Speed Launcher"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Camera Assistant Software]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Camera Assistant Software"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Camera Assistant Software for Toshiba\\traybar.exe\" /start"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cfFncEnabler.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="cfFncEnabler.exe"
"hkey"="HKLM"
"command"="cfFncEnabler.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ehTray.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ehTray.exe"
"hkey"="HKCU"
"command"="C:\\Windows\\ehome\\ehTray.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Google Desktop Search]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Google Desktop Search"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Google EULA Launcher]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Google EULA Launcher"
"hkey"="HKLM"
"command"="c:\\Program Files\\Google\\Google EULA\\GoogleEULALauncher.exe IE PA"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HotKeysCmds]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="HotKeysCmds"
"hkey"="HKLM"
"command"="C:\\Windows\\system32\\hkcmd.exe"


    Post is in three part, wont post all due to length.

Link to post
Share on other sites

2nd Part

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HSON]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="HSON"
"hkey"="HKLM"
"command"="%ProgramFiles%\\TOSHIBA\\TBS\\HSON.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IgfxTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="IgfxTray"
"hkey"="HKLM"
"command"="C:\\Windows\\system32\\igfxtray.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Messenger (Yahoo!)]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Messenger (Yahoo!)"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="QuickTime Task"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\QTTask.exe\" -atboottime"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SmoothView]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SmoothView"
"hkey"="HKLM"
"command"="%ProgramFiles%\\Toshiba\\SmoothView\\SmoothView.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SunJavaUpdateSched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Java\\Java Update\\jusched.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\swg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="swg"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\topi]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="topi"
"hkey"="HKLM"
"command"="C:\\Program Files\\TOSHIBA\\Toshiba Online Product Information\\topi.exe -startup"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Toshiba Registration]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Toshiba Registration"
"hkey"="HKLM"
"command"="C:\\Program Files\\Toshiba\\Registration\\ToshibaRegistration.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Toshiba TEMPO]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Toshiba TEMPO"
"hkey"="HKLM"
"command"="C:\\Program Files\\Toshiba TEMPRO\\Toshiba.Tempo.UI.TrayApplication.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WMPNSCFG]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WMPNSCFG"
"hkey"="HKCU"
"command"="C:\\Program Files\\Windows Media Player\\WMPNSCFG.exe"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Davis^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Media Player.lnk]
"path"="C:\\Users\\Davis\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Adobe Media Player.lnk"
"backup"="C:\\Windows\\pss\\Adobe Media Player.lnk.Startup"
"backupExtension"=".Startup"
"command"="C:\\PROGRA~1\\ADOBEM~1\\ADOBEM~1.EXE "
"item"="Adobe Media Player"


==== Startup Folders ======================

2008-07-01 15:08:20    1835    ----a-w-    C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
2008-07-01 15:08:20    1835    ----a-w-    C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
2009-09-27 17:59:29    1833    ----a-w-    C:\Users\Georgie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
2011-01-05 18:37:11    1116    ----a-w-    C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
2013-10-22 19:38:54    1116    ----a-w-    C:\Users\Mrs georgia bolgar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
2012-12-04 16:01:49    1924    ----a-w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
2009-01-09 15:45:23    641    ----a-w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Update Agent.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [08/02/2014 12:35]
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1000Core.job --a------ C:\Users\Davis\AppData\Local\Facebook\Update\FacebookUpdate.exe [11/07/2012 21:31]
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1000UA.job --a------ C:\Users\Davis\AppData\Local\Facebook\Update\FacebookUpdate.exe [11/07/2012 21:31]
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1003Core.job --a------ C:\Users\Georgia davis\AppData\Local\Facebook\Update\FacebookUpdate.exe [11/12/2012 17:42]
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1003UA.job --a------ C:\Users\Georgia davis\AppData\Local\Facebook\Update\FacebookUpdate.exe [11/12/2012 17:42]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [30/01/2010 19:08]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [30/01/2010 19:08]
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1000Core.job --a------ C:\Users\Davis\AppData\Local\Google\Update\GoogleUpdate.exe [17/09/2012 19:10]
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1000UA.job --a------ C:\Users\Davis\AppData\Local\Google\Update\GoogleUpdate.exe [17/09/2012 19:10]
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1003Core.job --a------ C:\Users\Georgia davis\AppData\Local\Google\Update\GoogleUpdate.exe [17/09/2012 19:10]
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1003UA.job --a------ C:\Users\Georgia davis\AppData\Local\Google\Update\GoogleUpdate.exe [17/09/2012 19:10]
C:\Windows\tasks\User_Feed_Synchronization-{7DB64578-8B9B-4A26-8F64-DF64F6338DB0}.job --ah----- C:\Windows\system32\msfeedssync.exe [16/06/2011 22:22]

==== Other Scheduled Tasks ======================

"C:\Windows\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\system32\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe]
"C:\Windows\system32\tasks\FacebookUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1000Core" [C:\Users\Davis\AppData\Local\Facebook\Update\FacebookUpdate.exe]
"C:\Windows\system32\tasks\FacebookUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1000UA" [C:\Users\Davis\AppData\Local\Facebook\Update\FacebookUpdate.exe]
"C:\Windows\system32\tasks\FacebookUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1003Core" [C:\Users\Georgia davis\AppData\Local\Facebook\Update\FacebookUpdate.exe]
"C:\Windows\system32\tasks\FacebookUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1003UA" [C:\Users\Georgia davis\AppData\Local\Facebook\Update\FacebookUpdate.exe]
"C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe]
"C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe]
"C:\Windows\system32\tasks\GoogleUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1000Core" [C:\Users\Davis\AppData\Local\Google\Update\GoogleUpdate.exe]
"C:\Windows\system32\tasks\GoogleUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1000UA" [C:\Users\Davis\AppData\Local\Google\Update\GoogleUpdate.exe]
"C:\Windows\system32\tasks\GoogleUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1003Core" [C:\Users\Georgia davis\AppData\Local\Google\Update\GoogleUpdate.exe]
"C:\Windows\system32\tasks\GoogleUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1003UA" [C:\Users\Georgia davis\AppData\Local\Google\Update\GoogleUpdate.exe]
"C:\Windows\system32\tasks\User_Feed_Synchronization-{7DB64578-8B9B-4A26-8F64-DF64F6338DB0}" [C:\Windows\system32\msfeedssync.exe]
"C:\Windows\system32\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files\Apple Software Update\SoftwareUpdate.exe]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{4ED1F68A-5463-4931-9384-8FFF5ED91D92}"="C:\Program Files\McAfee\SiteAdvisor" [11/02/2014 15:41]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Davis\AppData\Roaming\Mozilla\Firefox\Profiles\xzk1ljzw.default
- Undetermined - C:\ProgramData\AVG Secure Search\FireFoxExt\17.3.0.49

AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Davis\AppData\Roaming\Mozilla\Firefox\Profiles\xzk1ljzw.default
FD6ACD9D85177259D442A0C4AC15F7B8    - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_44.dll -    Shockwave Flash
63EE2015B877A2E472CC59E05291AA39    - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMSS.dll -    McAfee Security Scanner +
49CFBB2130C682FFDF2CEBEE9A2D556E    - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll -    iTunes Application Detector
C36444D7301A8C881FC7296B092609C7    - C:\Users\Davis\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll -    Google Update
C36444D7301A8C881FC7296B092609C7    - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll -    Google Update
FF0D6F82A0EC13952E83B9439100E45D    - C:\Users\Davis\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll -    Facebook Video Calling Plugin
68BCBB241EF254BC5100D9E6C06ECC71    - C:\Users\Davis\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll -    Google Talk Plugin Video Accelerator
99FE6AFE80EB7FE3EEB75DC504A326A3    - C:\Users\Davis\AppData\Roaming\Mozilla\plugins\npo1d.dll -    Google Talk Plugin Video Renderer
AF42019A3B0EDBFA6878F75B9377A792    - C:\Users\Davis\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll -    Google Talk Plugin
EEEB86077BB4682B3FCFEDA5AED3E396    - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll -    QuickTime Plug-in 7.7.4
BADFB0DCCD9B7E9F2F6EB7954D24EED1    - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll -    QuickTime Plug-in 7.7.4
1153F58FACBC9731AF6CDF313F76DF29    - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll -    QuickTime Plug-in 7.7.4
9E4F520270BF7301CC24E8FA67791C22    - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll -    QuickTime Plug-in 7.7.4
E50A1DB5DE70D656287511297B42F9F2    - C:\Program Files\QuickTime\Plugins\npqtplugin.dll -    QuickTime Plug-in 7.7.4
5B92CB0A3EEE50F6B9AE036B4F9B0F0C    - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll -    Google Earth Plugin
BE501CBC29B2025A263D80D399F1797A    - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll -    Silverlight Plug-In
C517E5EA7CEE783F3681F62D2A362E5B    - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll -    Windows Live? Photo Gallery
0EFA66E9384DBCED4D639FB9BDD97536    - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll -    Pando Web Plugin
44CD19D98995CB3056F406113B175820    - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll -    Java Deployment Toolkit 6.0.230.5
EA8FCF30D2961369435C84CE3B3063F1    - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll -    Java Platform SE 6 U23
8130FF8214221BA5AC764909587E161A    - C:\Program Files\Adobe\Reader 8.0\Reader\browser\nppdf32.dll -    Adobe Acrobat
AB87EEFFD18F2BAAFC274E7075EA6C67    - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll -    Windows Presentation Foundation / Windows Presentation Foundation
B27CCB1168B1960AEC6E9D3E0E0F0D2A    - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrlui.dll -    Microsoft® Silverlight


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
bopakagnckmlgajfccecajhnimjiiedh - No path found[]
fheoggkfdfchfphceeifdbepaooicaho - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx[02/02/2014 08:58]
gaiilaahiahdejapggenmdmafpmbipje - C:\Program Files\DealPly\DealPly.crx[]
ihflimipbcaljfnojhhknppphnnciiif - C:\Program Files\facemoods.com\facemoods\1.4.17.11\facemoods.crx[]
jpmbfleldcgkldadpdinhjjopdfpjfjp - C:\Users\Davis\AppData\Local\Wajam\Chrome\wajam.crx[]
niapdbllcanepiiimjjndipklodoedlc - C:\Program Files\Yontoo\YontooLayers.crx[]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
gaiilaahiahdejapggenmdmafpmbipje - C:\Program Files\DealPly\DealPly.crx[]

New Tab - Davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj
DealPly - Davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Facemoods - Davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif
DeuaalsFiindeorrPro - Davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbjidnnbnonlmanfgmfghkcnhbkndleb
AVG Safe Search - Davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
AVG Secure Search - Davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Google Drive - Georgia davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Georgia davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Georgia davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
DealPly - Georgia davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Facemoods - Georgia davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif
AVG Safe Search - Georgia davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
AVG Secure Search - Georgia davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Gmail - Georgia davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Entanglement - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd
DealPly - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Facemoods - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif
DeuaalsFiindeorrPro - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbjidnnbnonlmanfgmfghkcnhbkndleb
AVG Safe Search - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Poppit - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi
AVG Secure Search - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
DealPly - Mrs georgia bolgar\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Facemoods - Mrs georgia bolgar\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif
DeuaalsFiindeorrPro - Mrs georgia bolgar\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbjidnnbnonlmanfgmfghkcnhbkndleb
AVG Security Toolbar - Mrs georgia bolgar\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Instagram for Chrome - Mrs georgia bolgar\AppData\Local\Google\Chrome\User Data\Default\Extensions\opnbmdkdflhjiclaoiiifmheknpccalb

==== Chrome Fix ======================

C:\Users\Davis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.wajam.com_0.localstorage deleted successfully
C:\Users\Davis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.wajam.com_0.localstorage-journal deleted successfully
C:\Users\Davis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.getpricepeep.com_0.localstorage deleted successfully
C:\Users\Davis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.getpricepeep.com_0.localstorage-journal deleted successfully
C:\Users\Davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje deleted successfully
C:\Users\Georgia davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje deleted successfully
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje deleted successfully
C:\Users\Mrs georgia bolgar\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje deleted successfully
C:\Users\Davis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gaiilaahiahdejapggenmdmafpmbipje_0.localstorage deleted successfully
C:\Users\Davis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gaiilaahiahdejapggenmdmafpmbipje_0.localstorage-journal deleted successfully
C:\Users\Davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif deleted successfully
C:\Users\Georgia davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif deleted successfully
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif deleted successfully
C:\Users\Mrs georgia bolgar\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif deleted successfully
C:\Users\Davis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ihflimipbcaljfnojhhknppphnnciiif_0.localstorage deleted successfully
C:\Users\Davis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ihflimipbcaljfnojhhknppphnnciiif_0.localstorage-journal deleted successfully
C:\Users\Georgia davis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ihflimipbcaljfnojhhknppphnnciiif_0.localstorage deleted successfully
C:\Users\Georgia davis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ihflimipbcaljfnojhhknppphnnciiif_0.localstorage-journal deleted successfully
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ihflimipbcaljfnojhhknppphnnciiif_0.localstorage deleted successfully
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ihflimipbcaljfnojhhknppphnnciiif_0.localstorage-journal deleted successfully
C:\Users\Davis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_jpmbfleldcgkldadpdinhjjopdfpjfjp_0.localstorage deleted successfully
C:\Users\Davis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_jpmbfleldcgkldadpdinhjjopdfpjfjp_0.localstorage-journal deleted successfully
C:\Users\Davis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_niapdbllcanepiiimjjndipklodoedlc_0.localstorage deleted successfully
C:\Users\Davis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_niapdbllcanepiiimjjndipklodoedlc_0.localstorage-journal deleted successfully
C:\Users\Georgia davis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_niapdbllcanepiiimjjndipklodoedlc_0.localstorage deleted successfully
C:\Users\Georgia davis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_niapdbllcanepiiimjjndipklodoedlc_0.localstorage-journal deleted successfully
C:\Users\Davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbjidnnbnonlmanfgmfghkcnhbkndleb deleted successfully
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbjidnnbnonlmanfgmfghkcnhbkndleb deleted successfully
C:\Users\Mrs georgia bolgar\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbjidnnbnonlmanfgmfghkcnhbkndleb deleted successfully
C:\Users\Davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof deleted successfully
C:\Users\Georgia davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof deleted successfully
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof deleted successfully
C:\Users\Mrs georgia bolgar\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof deleted successfully
C:\Users\Davis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ndibdjnfmopecpmkdieinmbadjfpblof_0.localstorage deleted successfully
C:\Users\Davis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ndibdjnfmopecpmkdieinmbadjfpblof_0.localstorage-journal deleted successfully
C:\Users\Georgia davis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ndibdjnfmopecpmkdieinmbadjfpblof_0.localstorage deleted successfully
C:\Users\Georgia davis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ndibdjnfmopecpmkdieinmbadjfpblof_0.localstorage-journal deleted successfully
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ndibdjnfmopecpmkdieinmbadjfpblof_0.localstorage deleted successfully
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ndibdjnfmopecpmkdieinmbadjfpblof_0.localstorage-journal deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.ebay.co.uk/"
"Default_Page_URL"="http://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA;"
"Search Bar"="http://www.google.com/"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://uk.yahoo.com"
"Start Page"="http://www.searchya.com/?s=0&a=foxtab&chnl=tc-100&cd=2XzuyEtN2Y1L1QzutDtDtBtCyC0ByEyCtCtDzyyCzztByE0AtN0D0Tzu0StAtDtDtN1L2XzutBtFtBtFtCtFtAyDyD&cr=480137568"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
@="http://uk.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://uk.search.yahoo.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="http://www.searchya.com/?s=2&a=foxtab&chnl=tc-100&cd=2XzuyEtN2Y1L1QzutDtDtBtCyC0ByEyCtCtDzyyCzztByE0AtN0D0Tzu0StAtDtDtN1L2XzutBtFtBtFtCtFtAyDyD&cr=480137568"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{839A7CA3-273C-4130-AFF3-7A4766001684}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{839A7CA3-273C-4130-AFF3-7A4766001684}] not found

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://www.ebay.co.uk/"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{413EC48B-03FB-4AD2-8F18-1B3525B940BD} Google  Url="http://www.google.com/search?source=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7GGLL_en-GB"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
{70D46D94-BF1E-45ED-B567-48701376298E} Google Desktop Url="http://127.0.0.1:4664/search&s=PzUpTmDrCyJO6uiEzcPbAecchFQ?q={searchTerms}"

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} deleted successfully
HKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} deleted successfully
HKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} deleted successfully
HKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} deleted successfully
HKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully
HKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully
HKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully
HKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully
HKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Approved Extensions\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully
HKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully
HKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Approved Extensions\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully
HKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1004\Software\Microsoft\Internet Explorer\Approved Extensions\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully
HKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\{00000000-6E41-4FD3-8538-502F5495E5FC} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully
HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\avg@toolbar deleted successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\ihflimipbcaljfnojhhknppphnnciiif deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc deleted successfully
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\iLivid deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Mobogenie deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\searchya deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\WhiteSmoke deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1 deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF deleted successfully

==== HijackThis Entries ======================

R3 - Default URLSearchHook is missing
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll
O2 - BHO: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files\Microsoft\BingBar\7.3.124.0\BingExt.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SMTTB2009 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Pivot Stickfigure Toolbar\tbcore3.dll
O3 - Toolbar: Pivot Stickfigure Toolbar - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\Pivot Stickfigure Toolbar\tbcore3.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files\Microsoft\BingBar\7.3.124.0\BingExt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [skytel] Skytel.exe
O4 - HKLM\..\Run: [HDMICtrlMan] C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Toshiba TEMPO] C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2014\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [mobilegeni daemon] C:\Program Files\Mobogenie\DaemonProcess.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-lsf?lic=TlVIRDQtWUg5UEUtTzNQNEUtUVJERUstR0RKWjctVk9YVUw"&"inst=NzctMTIxODUzNjgzOS1GUDkyKzYtQkFSOUcrMS1GTCs5LVhPMzYrMS1DSUExMCsyLVNQMSsxLVNVUCs0LVRVRyszLVNQMVM0KzEtRERUKzAtTFNEKzItREQxMCsxLVNUMTBBUFArMS1QMTBNMTJDKzEtVTEwKzEtVEIrMS1GVUkrMi1QMTBUQisyLUVVTEErMS1TVFAxME0xMkNNKzEtU1QxMkFQUCsx"&"prod=55"&"ver=2012.0.1780"&"mid=84f5bd6a3a24b8b2df974b4dfa68e073-f53cc401da39bf00f11a57d79d9871e18aeaa71d
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Davis\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Davis\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1847146488-4185065798-1427826158-1004\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Mrs georgia bolgar')
O4 - S-1-5-21-1847146488-4185065798-1427826158-1004 Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Mrs georgia bolgar')
O4 - S-1-5-21-1847146488-4185065798-1427826158-1004 User Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Mrs georgia bolgar')
O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (User 'Default user')
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
O4 - Global Startup: Update Agent.lnk = ?

O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\PROGRA~1\INBOXT~1\Inbox.dll (file missing)
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (file missing)
O18 - Protocol: rebinfo - {AF808758-C780-404C-A4EE-4526323FD9B6} - (no file)
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0\ViProtocol.dll (file missing)
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2014\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2014\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2014\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: SmartFaceVWatchSrv - Toshiba - C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe
O23 - Service: Notebook Performance Tuning Service  (TempoMonitoringService) - Toshiba Europe GmbH - C:\Program Files\Toshiba TEMPRO\TempoSVC.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

==== Sysinternals Autoruns Log ======================

HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute
   bootdelete
     bootdelete
     File not found: bootdelete
     

C:\Users\Davis\AppData\Local\Microsoft\Windows Sidebar\Settings.ini
   Search eBay
     C:\Program Files\windows sidebar\shared gadgets\eBaySearch.Gadget
     Quick search eBay
     eBay Inc.
     C:\Program Files\windows sidebar\shared gadgets\eBaySearch.Gadget\Gadget.xml
     01/07/2008 15:14
   Amazon.co.uk - Online Shopping
     C:\Program Files\windows sidebar\shared gadgets\amazonSearch.Gadget
     Amazon EU S.a.r.l.
     C:\Program Files\windows sidebar\shared gadgets\amazonSearch.Gadget\Gadget.xml
     01/07/2008 15:14

HKLM\System\CurrentControlSet\Services
   AdobeFlashPlayerUpdateSvc
     C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
     This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes.
     Adobe Systems Incorporated
     12.0.0.44
     c:\windows\system32\macromed\flash\flashplayerupdateservice.exe
     28/01/2014 01:56
   AgereModemAudio
     C:\Windows\system32\agrsmsvc.exe
     Agere Soft Modem Call Progress Service
     Agere Systems
     1.0.0.4
     c:\windows\system32\agrsmsvc.exe
     05/10/2006 17:10
   Apple Mobile Device
     "C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
     Provides the interface to Apple mobile devices.
     Apple Inc.
     17.327.4.11
     c:\program files\common files\apple\mobile device support\applemobiledeviceservice.exe
     07/12/2013 04:16
   avgfws
     "C:\Program Files\AVG\AVG2014\avgfws.exe"
     AVG Firewall Service
     AVG Technologies CZ, s.r.o.
     14.0.0.4204
     c:\program files\avg\avg2014\avgfws.exe
     23/09/2013 23:34
   AVGIDSAgent
     "C:\Program Files\AVG\AVG2014\avgidsagent.exe"
     Provides Identity Protection Against Cyber Crime.
     AVG Technologies CZ, s.r.o.
     14.0.0.4330
     c:\program files\avg\avg2014\avgidsagent.exe
     22/01/2014 11:19
   avgwd
     "C:\Program Files\AVG\AVG2014\avgwdsvc.exe"
     AVG Watchdog Service
     AVG Technologies CZ, s.r.o.
     14.0.0.4204
     c:\program files\avg\avg2014\avgwdsvc.exe
     23/09/2013 23:33
   Bonjour Service
     "C:\Program Files\Bonjour\mDNSResponder.exe"
     Enables hardware devices and software services to automatically configure themselves on the network and advertise their presence.
     Apple Inc.
     3.0.0.10
     c:\program files\bonjour\mdnsresponder.exe
     31/08/2011 05:40
   ConfigFree Service
     "C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe"
     You can't stop this service, if you want to keep ConfigFree functionality fine.
     TOSHIBA CORPORATION
     7.0.1.6
     c:\program files\toshiba\configfree\cfsvcs.exe
     16/04/2008 15:19
   GoogleDesktopManager-051210-111108
     "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe"
     Updates Google Desktop with the latest security fixes, enhancements and features. This service only runs occasionally and thus does not affect your computer's performance. If this service is stopped or disabled, Google Desktop may not function correctly.
     Google
     5.9.1005.12335
     c:\program files\google\google desktop search\googledesktop.exe
     12/05/2010 18:47
   gupdate
     "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc
     Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it.
     Google Inc.
     1.2.183.9
     c:\program files\google\update\googleupdate.exe
     13/10/2009 23:04
   gupdatem
     "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc
     Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it.
     Google Inc.
     1.2.183.9
     c:\program files\google\update\googleupdate.exe
     13/10/2009 23:04
   gusvc
     "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
     Google Updater keeps your Google software up to date. If Google Updater Service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work.
     Google
     2.4.2617.4952
     c:\program files\google\common\google updater\googleupdaterservice.exe
     02/03/2012 21:13
   iPod Service
     "C:\Program Files\iPod\bin\iPodService.exe"
     iPod hardware management services
     Apple Inc.
     11.1.4.62
     c:\program files\ipod\bin\ipodservice.exe
     21/01/2014 00:03
   McAfee SiteAdvisor Service
     c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
     McAfee SiteAdvisor Service
     McAfee, Inc.
     3.6.5.103
     c:\program files\mcafee\siteadvisor\mcsacore.exe
     22/01/2014 21:44
   McComponentHostService
     "C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe"
     McAfee Security Scan Component Host Service
     McAfee, Inc.
     3.8.141.0
     c:\program files\mcafee security scan\3.8.141\mcchsvc.exe
     16/01/2014 00:29
   MozillaMaintenance
     "C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe"
     The Mozilla Maintenance Service ensures that you have the latest and most secure version of Mozilla Firefox on your computer. Keeping Firefox up to date is very important for your online security, and Mozilla strongly recommends that you keep this service enabled.
     Mozilla Foundation
     26.0.0.5087
     c:\program files\mozilla maintenance service\maintenanceservice.exe
     05/12/2013 17:09
   SmartFaceVWatchSrv
     "C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe"
     Service for SmartFaceV
     Toshiba
     2.0.2.0
     c:\program files\toshiba\smartfacev\smartfacevwatchsrv.exe
     24/04/2008 09:35
   TempoMonitoringService
     "C:\Program Files\Toshiba TEMPRO\TempoSVC.exe"
     Toshiba Notebook Performance Tuning Service
     Toshiba Europe GmbH
     1.1.0.0
     c:\program files\toshiba tempro\temposvc.exe
     04/04/2008 01:30
   TNaviSrv
     C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
     TOSHIBA Navi Support Service
     TOSHIBA Corporation
     1.0.0.3
     c:\program files\toshiba\toshiba dvd player\tnavisrv.exe
     18/07/2008 09:56
   TODDSrv
     C:\Windows\system32\TODDSrv.exe
     TDCSrv Application
     TOSHIBA Corporation
     1.0.0.5
     c:\windows\system32\toddsrv.exe
     21/11/2007 07:53
   TosCoSrv
     "C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe"
     TOSHIBA Power Saver manages power saving settings supported by TOSHIBA. These settings will not work if the service has stopped.
     TOSHIBA Corporation
     1.0.0.1
     c:\program files\toshiba\power saver\toscosrv.exe
     11/01/2008 01:57
   TOSHIBA SMART Log Service
     "C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe"
     TosIPCSrv.exe
     TOSHIBA Corporation
     1.0.0.1

Link to post
Share on other sites

3rd part

 

 c:\program files\toshiba\smartlogservice\tosipcsrv.exe
     03/12/2007 08:03
   UleadBurningHelper
     C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
     ULCDRSvr
     Ulead Systems, Inc.
     1.0.0.4
     c:\program files\common files\ulead systems\dvd\ulcdrsvr.exe
     12/03/2004 20:04

HKLM\System\CurrentControlSet\Services
   AgereSoftModem
     system32\DRIVERS\AGRSM.sys
     SoftModem Device Driver
     Agere Systems
     2.1.77.0
     c:\windows\system32\drivers\agrsm.sys
     28/11/2006 20:10
   Avgdiskx
     system32\DRIVERS\avgdiskx.sys
     AVG File Vault Driver
     AVG Technologies CZ, s.r.o.
     14.0.0.4302
     c:\windows\system32\drivers\avgdiskx.sys
     25/11/2013 20:49
   Avgfwfd
     system32\DRIVERS\avgfwd6x.sys
     AVG network filter driver
     AVG Technologies CZ, s.r.o.
     14.0.0.4143
     c:\windows\system32\drivers\avgfwd6x.sys
     26/09/2013 07:44
   AVGIDSDriver
     system32\DRIVERS\avgidsdriverx.sys
     AVG Technologies IDS Application Activity Monitor Driver
     AVG Technologies CZ, s.r.o.
     14.0.0.4302
     c:\windows\system32\drivers\avgidsdriverx.sys
     25/11/2013 20:56
   AVGIDSHX
     system32\DRIVERS\avgidshx.sys
     AVG Technologies IDS Application Activity Monitor Helper Driver
     AVG Technologies CZ, s.r.o.
     14.0.0.4302
     c:\windows\system32\drivers\avgidshx.sys
     25/11/2013 20:56
   AVGIDSShim
     system32\DRIVERS\avgidsshimx.sys
     AVG Technologies IDS Application Activity Monitor Shim Loader Driver
     AVG Technologies CZ, s.r.o.
     14.0.0.4329
     c:\windows\system32\drivers\avgidsshimx.sys
     19/01/2014 20:46
   Avgldx86
     system32\DRIVERS\avgldx86.sys
     AVG AVI Loader Driver
     AVG Technologies CZ, s.r.o.
     14.0.0.4219
     c:\windows\system32\drivers\avgldx86.sys
     31/10/2013 22:00
   Avglogx
     system32\DRIVERS\avglogx.sys
     AVG Logging Driver
     AVG Technologies CZ, s.r.o.
     14.0.0.4219
     c:\windows\system32\drivers\avglogx.sys
     31/10/2013 21:30
   Avgmfx86
     system32\DRIVERS\avgmfx86.sys
     AVG Resident Shield Minifilter Driver
     AVG Technologies CZ, s.r.o.
     14.0.0.4206
     c:\windows\system32\drivers\avgmfx86.sys
     30/09/2013 22:49
   Avgrkx86
     system32\DRIVERS\avgrkx86.sys
     AVG Anti-Rootkit Driver
     AVG Technologies CZ, s.r.o.
     14.0.0.4202
     c:\windows\system32\drivers\avgrkx86.sys
     09/09/2013 22:43
   Avgtdix
     system32\DRIVERS\avgtdix.sys
     AVG Network connection watcher
     AVG Technologies CZ, s.r.o.
     14.0.0.4089
     c:\windows\system32\drivers\avgtdix.sys
     01/08/2013 14:07
   avgtp
     \??\C:\Windows\system32\drivers\avgtpx86.sys
     AVG Technologies
     17.0.0.3
     c:\windows\system32\drivers\avgtpx86.sys
     29/08/2013 07:26
   BrFiltLo
     \SystemRoot\system32\drivers\brfiltlo.sys
     Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver
     Brother Industries, Ltd.
     1.10.0.2
     c:\windows\system32\drivers\brfiltlo.sys
     06/08/2006 21:33
   BrFiltUp
     \SystemRoot\system32\drivers\brfiltup.sys
     Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver
     Brother Industries, Ltd.
     1.4.0.1
     c:\windows\system32\drivers\brfiltup.sys
     06/08/2006 21:33
   BrUsbSer
     \SystemRoot\system32\drivers\brusbser.sys
     Brother USB Serial Driver
     Brother Industries Ltd.
     1.0.1.3
     c:\windows\system32\drivers\brusbser.sys
     09/08/2006 12:02
   E1G60
     system32\DRIVERS\E1G60I32.sys
     Intel® PRO/1000 Adapter NDIS 6 deserialized driver
     Intel Corporation
     8.3.2.8
     c:\windows\system32\drivers\e1g60i32.sys
     07/08/2007 16:14
   FwLnk
     system32\DRIVERS\FwLnk.sys
     TOSHIBA Firmware Linkage 32-bit Driver
     TOSHIBA Corporation
     1.0.0.3
     c:\windows\system32\drivers\fwlnk.sys
     19/11/2006 14:11
   GEARAspiWDM
     system32\DRIVERS\GEARAspiWDM.sys
     CD DVD Filter
     GEAR Software Inc.
     2.2.3.0
     c:\windows\system32\drivers\gearaspiwdm.sys
     03/05/2012 19:55
   hitmanpro37
     \??\C:\Windows\system32\drivers\hitmanpro37.sys
     HitmanPro 3.7 Support Driver
     1.3.7.6
     c:\windows\system32\drivers\hitmanpro37.sys
     11/04/2013 14:47
   hwdatacard
     system32\DRIVERS\ewusbmdm.sys
     File not found: system32\DRIVERS\ewusbmdm.sys
     
   iaStor
     system32\DRIVERS\iaStor.sys
     Intel Matrix Storage Manager driver - ia32
     Intel Corporation
     8.0.0.1039
     c:\windows\system32\drivers\iastor.sys
     16/04/2008 00:07
   igfx
     system32\DRIVERS\igdkmd32.sys
     Intel Graphics Kernel Mode Driver
     Intel Corporation
     7.15.10.1502
     c:\windows\system32\drivers\igdkmd32.sys
     13/06/2008 01:43
   IntcAzAudAddService
     system32\drivers\RTKVHDA.sys
     Realtek® High Definition Audio Function Driver
     Realtek Semiconductor Corp.
     6.0.1.5599
     c:\windows\system32\drivers\rtkvhda.sys
     09/04/2008 09:59
   IntcHdmiAddService
     system32\drivers\IntcHdmi.sys
     Intel® High Definition Audio HDMI
     Intel® Corporation
     6.10.1.2059
     c:\windows\system32\drivers\intchdmi.sys
     20/06/2008 19:37
   IpInIp
     system32\DRIVERS\ipinip.sys
     IP in IP Tunnel Driver
     File not found: system32\DRIVERS\ipinip.sys
     
   Netaapl
     system32\DRIVERS\netaapl.sys
     Apple Mobile Device Ethernet
     Apple Inc.
     1.8.5.1
     c:\windows\system32\drivers\netaapl.sys
     15/07/2013 22:38
   NETw5v32
     system32\DRIVERS\NETw5v32.sys
     Intel© Wireless WiFi Link Driver
     Intel Corporation
     12.0.0.73
     c:\windows\system32\drivers\netw5v32.sys
     28/04/2008 13:29
   NwlnkFlt
     system32\DRIVERS\nwlnkflt.sys
     IPX Traffic Filter Driver
     File not found: system32\DRIVERS\nwlnkflt.sys
     
   NwlnkFwd
     system32\DRIVERS\nwlnkfwd.sys
     IPX Traffic Forwarder Driver
     File not found: system32\DRIVERS\nwlnkfwd.sys
     
   PxHelp20
     System32\Drivers\PxHelp20.sys
     Px Engine Device Driver for Windows 2000/XP
     Sonic Solutions
     3.0.67.0
     c:\windows\system32\drivers\pxhelp20.sys
     20/06/2007 22:26
   rimmptsk
     system32\DRIVERS\rimmptsk.sys
     RICOH SD Driver
     REDC
     6.0.3.5
     c:\windows\system32\drivers\rimmptsk.sys
     15/02/2008 09:01
   rimsptsk
     system32\DRIVERS\rimsptsk.sys
     RICOH MS Driver
     REDC
     6.0.1.11
     c:\windows\system32\drivers\rimsptsk.sys
     30/07/2007 01:42
   rismxdp
     system32\DRIVERS\rixdptsk.sys
     RICOH XD SM Driver
     REDC
     6.0.1.13
     c:\windows\system32\drivers\rixdptsk.sys
     30/07/2007 02:54
   RTL8169
     system32\DRIVERS\Rtlh86.sys
     Realtek 8101E/8168/8169 NDIS6 32-bit Driver                    
     Realtek Corporation                                            
     6.205.403.2008
     c:\windows\system32\drivers\rtlh86.sys
     15/04/2008 02:05
   SASDIFSV
     \??\C:\Users\Davis\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV.SYS
     File not found: C:\Users\Davis\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV.SYS
     
   SASKUTIL
     \??\C:\Users\Davis\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL.SYS
     File not found: C:\Users\Davis\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL.SYS
     
   secdrv
     secdrv
     Macrovision SECURITY Driver
     Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.
     4.3.86.0
     c:\windows\system32\drivers\secdrv.sys
     13/09/2006 13:18
   SynTP
     system32\DRIVERS\SynTP.sys
     Synaptics Touchpad Driver
     Synaptics, Inc.
     10.1.8.0
     c:\windows\system32\drivers\syntp.sys
     07/12/2007 01:41
   tdcmdpst
     system32\DRIVERS\tdcmdpst.sys
     Toshiba ODD Writing Driver For x86.
     TOSHIBA Corporation.
     2.0.0.0
     c:\windows\system32\drivers\tdcmdpst.sys
     18/10/2006 02:50
   tosrfec
     system32\DRIVERS\tosrfec.sys
     TOSHIBA Bluetooth EC Driver
     TOSHIBA Corporation
     5.0.1023.0
     c:\windows\system32\drivers\tosrfec.sys
     23/10/2006 07:32
   tos_sps32
     system32\DRIVERS\tos_sps32.sys
     tos_sps2
     TOSHIBA Corporation
     4.0.2007.1115
     c:\windows\system32\drivers\tos_sps32.sys
     15/11/2007 02:49
   TVALZ
     system32\DRIVERS\TVALZ_O.SYS
     TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver
     TOSHIBA Corporation
     2.0.0.1
     c:\windows\system32\drivers\tvalz_o.sys
     09/11/2007 03:07
   USBAAPL
     System32\Drivers\usbaapl.sys
     Apple Mobile Device USB Driver
     Apple, Inc.
     1.64.0.0
     c:\windows\system32\drivers\usbaapl.sys
     27/11/2012 23:37
   UVCFTR
     System32\Drivers\UVCFTR_S.SYS
     UVCFTR_S.sys
     Chicony Electronics Co., Ltd.
     1.1.1.238
     c:\windows\system32\drivers\uvcftr_s.sys
     27/11/2007 10:38

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers
   {B65F237C-AAFF-4df7-8872-91B65663E41F}
     HKCR\CLSID\{B65F237C-AAFF-4df7-8872-91B65663E41F}
     c:\windows\system32\smartfacevcp.dll
     24/04/2008 09:42

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
   igfxcui
     igfxdev.dll
     igfxdev Module
     Intel Corporation
     7.14.10.1502
     c:\windows\system32\igfxdev.dll
     13/06/2008 01:06

HKCU\Control Panel\Desktop\Scrnsave.exe
   C:\Windows\system32\MATHMO~1.SCR
     C:\Windows\system32\MATHMO~1.SCR
     ScreenTime Screensaver Engine
     ScreenTime Media
     3.5.4.0
     c:\windows\system32\mathmosscreensaver.scr
     11/10/2007 22:33

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors
   PCL hpz3llhn
     hpz3llhn.dll
     LanguageMonitor
     Hewlett-Packard Company
     61.53.25.9
     c:\windows\system32\hpz3llhn.dll
     19/01/2008 07:29
   Toshiba Bluetooth Monitor
     tbtmon.dll
     TOSHIBA CORPORATION.
     5.0.1208.0
     c:\windows\system32\tbtmon.dll
     08/12/2006 02:05

HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries
   mdnsNSP
     C:\Program Files\Bonjour\mdnsNSP.dll
     Bonjour Namespace Provider
     Apple Inc.
     3.0.0.10
     c:\program files\bonjour\mdnsnsp.dll
     31/08/2011 05:44

HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms
   rdpclip
     rdpclip
     File not found: rdpclip
     

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
   SynTPEnh
     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
     Synaptics TouchPad Enhancements
     Synaptics, Inc.
     10.1.8.0
     c:\program files\synaptics\syntp\syntpenh.exe
     07/12/2007 01:20
   NDSTray.exe
     NDSTray.exe
     ConfigFree Task tray menu
     TOSHIBA CORPORATION
     7.0.1.12
     C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
     16/04/2008 15:21
   Persistence
     C:\Windows\system32\igfxpers.exe
     persistence Module
     Intel Corporation
     7.14.10.1502
     c:\windows\system32\igfxpers.exe
     13/06/2008 01:06
   RtHDVCpl
     RtHDVCpl.exe
     HD Audio Control Panel
     Realtek Semiconductor
     1.0.0.166
     c:\windows\rthdvcpl.exe
     08/04/2008 07:14
   Skytel
     Skytel.exe
     Realtek Voice  Manager
     Realtek Semiconductor Corp.
     2.0.2.0
     c:\windows\skytel.exe
     20/11/2007 10:15
   HDMICtrlMan
     C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe
     HDMICtrlMan.exe
     TOSHIBA Corporation.
     1.6.0.0
     c:\program files\toshiba\hdmictrlman\hdmictrlman.exe
     26/04/2008 06:57
   TPwrMain
     %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
     TOSHIBA Power Saver
     TOSHIBA Corporation
     1.0.0.1
     c:\program files\toshiba\power saver\tpwrmain.exe
     11/01/2008 01:57
   Toshiba TEMPO
     C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe
     Toshiba TEMPRO
     Toshiba Europe GmbH
     1.1.0.0
     c:\program files\toshiba tempro\toshiba.tempo.ui.trayapplication.exe
     23/04/2008 15:44
   APSDaemon
     "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
     Apple Push
     Apple Inc.
     2.3.4.24
     c:\program files\common files\apple\apple application support\apsdaemon.exe
     07/12/2013 04:16
   vProt
     "C:\Program Files\AVG Secure Search\vprot.exe"
     File not found: C:\Program Files\AVG Secure Search\vprot.exe
     
   AVG_UI
     "C:\Program Files\AVG\AVG2014\avgui.exe" /TRAYONLY
     AVG User Interface
     AVG Technologies CZ, s.r.o.
     14.0.0.4330
     c:\program files\avg\avg2014\avgui.exe
     22/01/2014 11:17
   QuickTime Task
     "C:\Program Files\QuickTime\QTTask.exe" -atboottime
     QuickTime Task
     Apple Inc.
     7.7.4.0
     c:\program files\quicktime\qttask.exe
     01/05/2013 10:42
   mobilegeni daemon
     C:\Program Files\Mobogenie\DaemonProcess.exe
     File not found: C:\Program Files\Mobogenie\DaemonProcess.exe
     
   iTunesHelper
     "C:\Program Files\iTunes\iTunesHelper.exe"
     iTunesHelper
     Apple Inc.
     11.1.4.62
     c:\program files\itunes\ituneshelper.exe
     21/01/2014 00:03

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
   AvgUninstallURL
     cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-lsf?lic=TlVIRDQtWUg5UEUtTzNQNEUtUVJERUstR0RKWjctVk9YVUw"&"inst=NzctMTIxODUzNjgzOS1GUDkyKzYtQkFSOUcrMS1GTCs5LVhPMzYrMS1DSUExMCsyLVNQMSsxLVNVUCs0LVRVRyszLVNQMVM0KzEtRERUKzAtTFNEKzItREQxMCsxLVNUMTBBUFArMS1QMTBNMTJDKzEtVTEwKzEtVEIrMS1GVUkrMi1QMTBUQisyLUVVTEErMS1TVFAxME0xMkNNKzEtU1QxMkFQUCsx"&"prod=55"&"ver=2012.0.1780"&"mid=84f5bd6a3a24b8b2df974b4dfa68e073-f53cc401da39bf00f11a57d79d9871e18aeaa71d
     File not found: http://www.avg.com/ww.special-uninstallation-feedback-lsf?lic=TlVIRDQtWUg5UEUtTzNQNEUtUVJERUstR0RKWjctVk9YVUw"&"inst=NzctMTIxODUzNjgzOS1GUDkyKzYtQkFSOUcrMS1GTCs5LVhPMzYrMS1DSUExMCsyLVNQMSsxLVNVUCs0LVRVRyszLVNQMVM0KzEtRERUKzAtTFNEKzItREQxMCsxLVNUMTBBUFArMS1QMTBNMTJDKzEtVTEwKzEtVEIrMS1GVUkrMi1QMTBUQisyLUVVTEErMS1TVFAxME0xMkNNKzEtU1QxMkFQUCsx"&"prod=55"&"ver=2012.0.1780"&"mid=84f5bd6a3a24b8b2df974b4dfa68e073-f53cc401da39bf00f11a57d79d9871e18aeaa71d
     

HKLM\SOFTWARE\Classes\Protocols\Handler
   dssrequest
     HKCR\CLSID\{5513F07E-936B-4E52-9B00-067394E91CC5}
     SiteAdvisor
     McAfee, Inc.
     3.6.5.118
     c:\program files\mcafee\siteadvisor\mcieplg.dll
     24/01/2014 21:25
   inbox
     HKCR\CLSID\{37540F19-DD4C-478B-B2DF-C19281BCAF27}
     File not found: C:\PROGRA~1\INBOXT~1\Inbox.dll
     
   linkscanner
     HKCR\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1}
     File not found: C:\Program Files\AVG\AVG2012\avgpp.dll
     
   sacore
     HKCR\CLSID\{5513F07E-936B-4E52-9B00-067394E91CC5}
     SiteAdvisor
     McAfee, Inc.
     3.6.5.118
     c:\program files\mcafee\siteadvisor\mcieplg.dll
     24/01/2014 21:25
   viprotocol
     HKCR\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
     File not found: C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0\ViProtocol.dll
     

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
   McAfee Security Scan Plus.lnk
     C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
     McAfee Security Scanner Scheduler
     McAfee, Inc.
     3.8.141.0
     c:\program files\mcafee security scan\3.8.141\ssscheduler.exe
     16/01/2014 00:31
   Update Agent.lnk
     C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Update Agent.lnk
     3Connect Auto Update
     Birdstep Technology
     2.7.0.16
     c:\program files\3\3connect\autoupdatesrv.exe
     23/02/2009 18:42

HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
   Google Chrome
     "C:\Program Files\Google\Chrome\Application\32.0.1700.102\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
     Google Chrome
     Google Inc.
     32.0.1700.102
     c:\program files\google\chrome\application\32.0.1700.102\installer\chrmstp.exe
     23/01/2014 04:32

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
   TOSCDSPD
     C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
     CD/DVD Drive Acoustic Silencer
     TOSHIBA
     2.2.0.1
     c:\program files\toshiba\toscdspd\toscdspd.exe
     24/04/2008 05:03
   Pando Media Booster
     C:\Program Files\Pando Networks\Media Booster\PMB.exe
     Pando Media Booster
     2.3.6.0
     c:\program files\pando networks\media booster\pmb.exe
     09/06/2011 21:12
   Facebook Update
     "C:\Users\Davis\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
     Facebook Installer
     Facebook Inc.
     1.2.205.0
     c:\users\davis\appdata\local\facebook\update\facebookupdate.exe
     06/07/2012 19:50
   swg
     "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
     GoogleToolbarNotifier
     Google Inc.
     2.0.301.1654
     c:\program files\google\googletoolbarnotifier\googletoolbarnotifier.exe
     01/03/2007 22:23
   Google Update
     "C:\Users\Davis\AppData\Local\Google\Update\GoogleUpdate.exe" /c
     Google Installer
     Google Inc.
     1.3.21.103
     c:\users\davis\appdata\local\google\update\googleupdate.exe
     16/02/2012 02:43

Task Scheduler
   \Adobe Flash Player Updater
     "C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe"
     Adobe© Flash© Player Update Service 12.0 r0
     Adobe Systems Incorporated
     12.0.0.44
     c:\windows\system32\macromed\flash\flashplayerupdateservice.exe
     28/01/2014 01:56
   \FacebookUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1000Core
     "C:\Users\Davis\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
     Facebook Installer
     Facebook Inc.
     1.2.205.0
     c:\users\davis\appdata\local\facebook\update\facebookupdate.exe
     06/07/2012 19:50
   \FacebookUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1000UA
     "C:\Users\Davis\AppData\Local\Facebook\Update\FacebookUpdate.exe" /ua /installsource scheduler
     Facebook Installer
     Facebook Inc.
     1.2.205.0
     c:\users\davis\appdata\local\facebook\update\facebookupdate.exe
     06/07/2012 19:50
   \FacebookUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1003Core
     "C:\Users\Georgia davis\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
     Facebook Installer
     Facebook Inc.
     1.2.205.0
     c:\users\georgia davis\appdata\local\facebook\update\facebookupdate.exe
     02/07/2012 21:07
   \FacebookUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1003UA
     "C:\Users\Georgia davis\AppData\Local\Facebook\Update\FacebookUpdate.exe" /ua /installsource scheduler
     Facebook Installer
     Facebook Inc.
     1.2.205.0
     c:\users\georgia davis\appdata\local\facebook\update\facebookupdate.exe
     02/07/2012 21:07
   \GoogleUpdateTaskMachineCore
     "C:\Program Files\Google\Update\GoogleUpdate.exe" /c
     Google Installer
     Google Inc.
     1.2.183.9
     c:\program files\google\update\googleupdate.exe
     13/10/2009 23:04
   \GoogleUpdateTaskMachineUA
     "C:\Program Files\Google\Update\GoogleUpdate.exe" /ua /installsource scheduler
     Google Installer
     Google Inc.
     1.2.183.9
     c:\program files\google\update\googleupdate.exe
     13/10/2009 23:04
   \GoogleUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1000Core
     "C:\Users\Davis\AppData\Local\Google\Update\GoogleUpdate.exe" /c
     Google Installer
     Google Inc.
     1.3.21.103
     c:\users\davis\appdata\local\google\update\googleupdate.exe
     16/02/2012 02:43
   \GoogleUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1000UA
     "C:\Users\Davis\AppData\Local\Google\Update\GoogleUpdate.exe" /ua /installsource scheduler
     Google Installer
     Google Inc.
     1.3.21.103
     c:\users\davis\appdata\local\google\update\googleupdate.exe
     16/02/2012 02:43
   \GoogleUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1003Core
     "C:\Users\Georgia davis\AppData\Local\Google\Update\GoogleUpdate.exe" /c
     Google Installer
     Google Inc.
     1.3.21.103
     c:\users\georgia davis\appdata\local\google\update\googleupdate.exe
     16/02/2012 02:43
   \GoogleUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1003UA
     "C:\Users\Georgia davis\AppData\Local\Google\Update\GoogleUpdate.exe" /ua /installsource scheduler
     Google Installer
     Google Inc.
     1.3.21.103
     c:\users\georgia davis\appdata\local\google\update\googleupdate.exe
     16/02/2012 02:43
   \Apple\AppleSoftwareUpdate
     "C:\Program Files\Apple Software Update\SoftwareUpdate.exe" -task
     Apple Software Update
     Apple Inc.
     2.1.3.127
     c:\program files\apple software update\softwareupdate.exe
     02/06/2011 00:46
   \Microsoft\Windows\Wired\GatherWiredInfo
     "%windir%\system32\gatherWiredInfo.vbs"
     c:\windows\system32\gatherwiredinfo.vbs
     21/01/2008 02:24
   \Microsoft\Windows\Wireless\GatherWirelessInfo
     "%windir%\system32\gatherWirelessInfo.vbs"
     c:\windows\system32\gatherwirelessinfo.vbs
     21/01/2008 02:23

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
   Adobe PDF Reader Link Helper
     HKCR\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
     Adobe PDF Helper for Internet Explorer
     Adobe Systems Incorporated
     8.0.0.456
     c:\program files\common files\adobe\acrobat\activex\acroiehelper.dll
     23/10/2006 07:08
   MSS+ Identifier
     HKCR\CLSID\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}
     Quick Browser Identifier for MSS+ Tool
     McAfee, Inc.
     3.8.141.0
     c:\program files\mcafee security scan\3.8.141\mcafeemss_ie.dll
     16/01/2014 00:29
   Google Toolbar Helper
     HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}
     Google Toolbar
     Google Inc.
     7.5.4805.320
     c:\program files\google\google toolbar\googletoolbar_32.dll
     05/12/2013 03:47
   McAfee SiteAdvisor BHO
     HKCR\CLSID\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}
     SiteAdvisor
     McAfee, Inc.
     3.6.5.118
     c:\program files\mcafee\siteadvisor\mcieplg.dll
     24/01/2014 21:25
   Java Plug-In 2 SSV Helper
     HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}
     Java Platform SE binary
     Sun Microsystems, Inc.
     6.0.230.5
     c:\program files\java\jre6\bin\jp2ssv.dll
     13/11/2010 02:52
   SMTTB2009 Class
     HKCR\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
     IE Toolbar Engine
     4.2.0.7
     c:\program files\pivot stickfigure toolbar\tbcore3.dll
     16/02/2010 10:52

HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers
   AVG Shell Extension
     HKCR\CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}
     AVG Shell Extension
     AVG Technologies CZ, s.r.o.
     14.0.0.4208
     c:\program files\avg\avg2014\avgse.dll
     07/10/2013 23:38

HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers
   SD Format
     HKCR\CLSID\{932CFB31-6AC9-4FE2-BEAC-A27FAF631D48}
     File not found: \SDFMTEXT.dll
     

HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers
   MBAMShlExt
     HKCR\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}
     Malwarebytes Anti-Malware
     Malwarebytes Corporation
     1.70.0.0
     c:\program files\malwarebytes' anti-malware\mbamext.dll
     28/02/2013 20:39

HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers
   igfxcui
     HKCR\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4}
     igfxpph Module
     Intel Corporation
     7.14.10.1502
     c:\windows\system32\igfxpph.dll
     13/06/2008 01:06

HKLM\Software\Classes\Folder\Shellex\ColumnHandlers
   PDF Shell Extension
     HKCR\CLSID\{F9DB5320-233E-11D1-9F84-707F02C10627}
     PDF Shell Extension
     Adobe Systems, Inc.
     8.1.0.0
     c:\program files\common files\adobe\acrobat\activex\pdfshell.dll
     11/05/2007 06:54

HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers
   AVG Shell Extension
     HKCR\CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}
     AVG Shell Extension
     AVG Technologies CZ, s.r.o.
     14.0.0.4208
     c:\program files\avg\avg2014\avgse.dll
     07/10/2013 23:38
   MBAMShlExt
     HKCR\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}
     Malwarebytes Anti-Malware
     Malwarebytes Corporation
     1.70.0.0
     c:\program files\malwarebytes' anti-malware\mbamext.dll
     28/02/2013 20:39

HKLM\Software\Microsoft\Internet Explorer\Toolbar
   Pivot Stickfigure Toolbar
     HKCR\CLSID\{338B4DFE-2E2C-4338-9E41-E176D497299E}
     IE Toolbar Engine
     4.2.0.7
     c:\program files\pivot stickfigure toolbar\tbcore3.dll
     16/02/2010 10:52
   Google Toolbar
     HKCR\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}
     Google Toolbar
     Google Inc.
     7.5.4805.320
     c:\program files\google\google toolbar\googletoolbar_32.dll
     05/12/2013 03:47
   McAfee SiteAdvisor
     HKCR\CLSID\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}
     SiteAdvisor
     McAfee, Inc.
     3.6.5.118
     c:\program files\mcafee\siteadvisor\mcieplg.dll
     24/01/2014 21:25

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32
   msacm.l3acm
     C:\Windows\System32\l3codeca.acm
     MPEG Layer-3 Audio Codec for MSACM
     Fraunhofer Institut Integrierte Schaltungen IIS
     1.9.0.402
     c:\windows\system32\l3codeca.acm
     21/01/2010 15:05
   vidc.cvid
     iccvid.dll
     Cinepak© Codec
     Radius Inc.
     1.10.0.13
     c:\windows\system32\iccvid.dll
     27/05/2010 20:08
   msacm.dvacm
     C:\PROGRA~1\COMMON~1\ULEADS~1\vio\dvacm.acm
     Ulead DV Audio ACM Driver
     Ulead Systems, Inc.
     8.0.0.0
     c:\program files\common files\ulead systems\vio\dvacm.acm
     06/09/2005 02:54

HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance
   Ulead DV Writer
     HKCR\CLSID\{020019F0-1313-4628-A978-ACDD105F5396}
     ulDVWriter
     Ulead System Inc.
     1.0.0.3
     c:\program files\common files\ulead systems\capture\uldvrite.ax
     05/01/2006 06:35
   Ulead Ogg Parser
     HKCR\CLSID\{08405FD6-CB7C-4EBA-8225-E38A3FF1CA13}
     ulOggParserFilter
     Ulead Systems, Inc.
     1.0.0.2
     c:\program files\common files\ulead systems\mpeg\uloggparserfilter.ax
     18/11/2005 07:13
   InterVideo Stream Buffer Filter
     HKCR\CLSID\{09FE0BA8-B7FA-4D82-8669-C62557470B5B}
     InterVideo Stream Buffer Filter
     InterVideo Inc.
     3.0.85.0
     c:\program files\intervideo\common\bin\smbuffer.ax
     08/06/2007 09:22
   InterVideo Audio Encoder
     HKCR\CLSID\{0CD2E140-8D60-11D3-9C32-00104B3801F6}
     InterVideo?Audio Encoder Filter
     InterVideo Inc.
     3.1.6.0
     c:\program files\intervideo\common\bin\iviaenc.ax
     08/06/2007 09:31
   InterVideo Demux
     HKCR\CLSID\{105808AA-413D-4F32-898B-C15457292D55}
     InterVideo© MPEG System Demultiplexer Filter
     InterVideo Inc.
     3.1.6.0
     c:\program files\intervideo\common\bin\ividemxx.ax
     08/06/2007 09:36
   Ulead Push Source Filter
     HKCR\CLSID\{185C9200-4CF8-4554-B06A-87014703D182}
     Ulead Push Source Filter
     Ulead Systems, Inc.
     1.0.0.0
     c:\program files\common files\ulead systems\mpeg\ulpushsource.ax
     24/11/2003 02:44
   Ulead Sub-Picture Push Source Filter
     HKCR\CLSID\{185C9230-4CF8-4554-B06A-87014703D182}
     Ulead Sub-Picture Push Source Filter
     Ulead Systems, Inc.
     1.0.0.3
     c:\program files\common files\ulead systems\mpeg\ulsubpicpushsource.ax
     10/11/2004 04:29
   InterVideo Time Shift
     HKCR\CLSID\{1D349B41-9B67-11D3-B718-00A0CC502E02}
     InterVideo Time Shifting Filter
     InterVideo Inc.
     3.1.6.0
     c:\program files\intervideo\common\bin\ivits.ax
     08/06/2007 09:29
   DV V/A Source Filter
     HKCR\CLSID\{1E951F23-9C37-11D3-BA52-0000E8497C01}
     Ulead Systems, Inc.
     7.0.0.0
     c:\program files\common files\ulead systems\filters\dvsf.ax
     06/09/2005 04:09
   MPEG2 TS Source
     HKCR\CLSID\{237204D5-8343-400E-8037-B3C20DB2AB22}
     c:\program files\intervideo\common\bin\mpgtsrdr.ax
     08/06/2007 09:17
   TOSHIBA MPEG-2 Video Decoder (DVD)
     HKCR\CLSID\{264D9CAF-3F92-410A-9C26-C2BC0F6C3F98}
     TOSHIBA DVD Video Decoder Filter
     TOSHIBA Corporation
     4.0.0.2
     c:\program files\toshiba\toshiba dvd player\tosmp2dvd.ax
     18/07/2008 12:48
   Intervideo AMR Decoder
     HKCR\CLSID\{2E3E7E8E-D8AA-4D98-8299-92FCF22BFBB3}
     IVI AMR Decoding
     Intervideo, Inc.
     8.1.0.0
     c:\program files\intervideo\common\bin\amrdec.ax
     08/06/2007 09:22
   Ulead DVD Navigator
     HKCR\CLSID\{2E558380-63DF-FFD4-AF96-00105A6FE9A1}
     DVD Navigator filter
     Ulead Systems, Inc.
     1.0.2.1
     c:\program files\common files\ulead systems\dvd\uleaddvdnavigator.ax
     21/01/2005 09:15
   InterVideo Video Encoder
     HKCR\CLSID\{317DDB61-870E-11D3-9C32-00104B3801F6}
     InterVideo© MPEG Video Encoder Filter
     InterVideo Inc.
     3.1.6.0
     c:\program files\intervideo\common\bin\ivivenc.ax
     08/06/2007 09:33
   InterVideo Multiplexer
     HKCR\CLSID\{317DDB63-870E-11D3-9C32-00104B3801F7}
     InterVideo© MPEG System Multiplexer Filter
     InterVideo Inc.
     3.1.6.0
     c:\program files\intervideo\common\bin\ivimux.ax
     08/06/2007 09:35
   Ulead Video Deinterlace Filter
     HKCR\CLSID\{35D8C6F7-7799-4A41-BC05-787442F3A96D}
     Ulead Systems, Inc.
     1.0.2.3
     c:\program files\common files\ulead systems\filters\deinterlace.ax
     24/06/2005 07:10
   DV ACM V/A Source Filter
     HKCR\CLSID\{39AEA79A-BF43-475F-B4F9-15347CFBF2B3}
     Ulead Systems, Inc.
     7.0.0.0
     c:\program files\common files\ulead systems\filters\dvsf.ax
     06/09/2005 04:09
   DV Video Source Filter
     HKCR\CLSID\{46A06300-914A-11D3-BA52-0000E8497C01}
     Ulead Systems, Inc.
     7.0.0.0
     c:\program files\common files\ulead systems\filters\dvsf.ax
     06/09/2005 04:09
   TOSHIBA Audio Rate Converter
     HKCR\CLSID\{5623D5D1-E19A-4AB1-8C09-9901D9DEE730}
     TOSHIBA Audio Rate Converter
     TOSHIBA Corporation
     2.0.1.4
     c:\program files\common files\toshiba shared\tosarc.ax
     13/11/2006 08:32
   InterVideo VBI Decoder
     HKCR\CLSID\{5708A5D4-5DD4-44E4-A665-604BC2F1E921}
     InterVideo VBI Decoder Filter
     InterVideo, Inc.
     1.0.0.0
     c:\program files\intervideo\common\bin\ivvbidec.ax
     08/06/2007 09:16
   InterVideo MPEG4 Video Decoder
     HKCR\CLSID\{604C9C22-F099-4482-A416-A02DC1FB264C}
     InterVideo© MPEG4 Video Decoder Filter
     InterVideo Inc.
     0.8.8.0
     c:\program files\intervideo\common\bin\mp4vdec.ax
     08/06/2007 09:28
   InterVideo Down Scale Filter
     HKCR\CLSID\{61B82E90-51CD-464A-8DA8-19AA6AB6C834}
     InterVideo© Down Scale Filter
     InterVideo Inc.
     3.1.6.0
     c:\program files\intervideo\common\bin\ividowns.ax
     08/06/2007 09:37
   TOSHIBA DVD Navigator
     HKCR\CLSID\{644A066C-D62F-484A-B4F1-CF303314E80B}
     TOSHIBA DVD Navigator
     TOSHIBA Corporation
     1.0.0.71
     c:\program files\toshiba\toshiba dvd player\tdvdnavi.ax
     18/07/2008 12:44
   Ulead DV Scene Detect
     HKCR\CLSID\{67928E40-2811-11D4-867A-0000E84979ED}
     ulDvScDt
     Ulead system Inc.
     1.0.0.6
     c:\program files\common files\ulead systems\capture\uldvscdt.ax
     15/11/2006 06:05
   TOSHIBA Progress Monitor
     HKCR\CLSID\{76C6522B-124B-40CB-A0B9-831D946D202C}
     TOSHIBA Progress Monitor
     TOSHIBA Corporation
     1.0.1.209
     c:\program files\toshiba\toshiba disc creator\tprogmon.ax
     09/02/2006 08:34
   TOSHIBA WAV Converter
     HKCR\CLSID\{777B3831-F9CF-4F26-A534-49B5812C29CA}
     TOSHIBA Wav Converter
     TOSHIBA Corporation
     1.0.0.315
     c:\program files\toshiba\toshiba disc creator\twavconv.ax
     15/03/2005 15:46
   InterVideo Pre-scaling Filter
     HKCR\CLSID\{77829DBC-A0CA-4A8C-A509-680A6D6B96CB}
     InterVideo© PreScale Filter
     InterVideo Inc.
     3.0.88.4
     c:\program files\intervideo\common\bin\iviscale.ax
     08/06/2007 09:34
   Ulead DVD Video decoder 2
     HKCR\CLSID\{7AB72E17-9774-4FEB-AC0F-0025E7209C47}
     DVD Video Decoder with DxVA Support
     Ulead Systems, Inc.
     2.0.0.34
     c:\program files\common files\ulead systems\mpeg\uldvdvideo.ax
     02/03/2007 05:58
   TOSHIBA DVD VR Navigator
     HKCR\CLSID\{7C0F691E-3BF0-4550-B644-CFF545B3EC30}
     TOSHIBA DVD Player
     TOSHIBA Corporation
     1.0.0.1
     c:\program files\toshiba\toshiba dvd player\tvrnavi.ax
     18/07/2008 12:45
   AAC Encoder
     HKCR\CLSID\{7D0A4271-675B-480B-A361-FAB146935C40}
     AACEnc
     InterVider
     1.0.0.1
     c:\program files\intervideo\common\bin\aacenc.ax
     08/06/2007 09:25
   Dib Output
     HKCR\CLSID\{80DB7AC0-5EB4-11D6-A62F-0010B5549630}
     Ulead Systems, Inc.
     8.0.0.0
     c:\program files\common files\ulead systems\filters\diboutput.ax
     06/09/2005 03:16
   Dib Receive
     HKCR\CLSID\{8188FE20-61FC-11D6-A62F-0010B5549630}
     Ulead Systems, Inc.
     8.0.0.0
     c:\program files\common files\ulead systems\filters\dibreceive.ax
     06/09/2005 03:16
   InterVideo PSIP/SI Filter
     HKCR\CLSID\{82801A43-A5CA-4EC6-9CA5-500E336ECCC9}
     InterVideo PSIP/SI Sections/Tables Filter
     InterVideo, Inc.
     1.5.0.1
     c:\program files\intervideo\common\bin\psidecod.ax
     08/06/2007 09:15
   InterVideo DVB Subpicture Filter
     HKCR\CLSID\{82801A43-D6FE-4EDD-9CA5-5020336ECCC9}
     InterVideo DVB Subtitle Decoder
     InterVideo, Inc.
     1.0.0.1
     c:\program files\intervideo\common\bin\dvbspic.ax
     08/06/2007 09:17
   InterVideo DVB DSM-CC Filter
     HKCR\CLSID\{82801A43-E2FE-2ADD-9CA5-502F336ECCC9}
     InterVideo DVB DSM-CC Decoder
     InterVideo, Inc.
     1.0.0.1
     c:\program files\intervideo\common\bin\dvbdsmcc.ax
     08/06/2007 09:16
   InterVideo Transport to Program Stream
     HKCR\CLSID\{82D03B28-1B7E-4806-B5A6-E6677C5D2CC4}
     InterVideo¸ Transport to Program Stream Converter
     InterVideo, Inc.
     1.0.1.0
     c:\program files\intervideo\common\bin\trtoprog.ax
     08/06/2007 09:14
   Ulead OggVorbis Encoder
     HKCR\CLSID\{973784FB-4EA9-47D1-99B8-6F7A4701BB3E}
     ulOggVorbisEncoderFilter
     Ulead Systems, Inc.
     1.0.0.1
     c:\program files\common files\ulead systems\mpeg\uloggvorbisencoderfilter.ax
     29/09/2004 09:46
   Ulead MPEG Transcoder
     HKCR\CLSID\{98BCB417-A0CF-4000-8E35-DD78244A319C}
     ulMPGTrans
     Ulead com
     1.0.0.33
     c:\program files\common files\ulead systems\mpeg\ulmpgtrans.ax
     13/04/2005 07:06
   ULead Infinite Pin Tee
     HKCR\CLSID\{9D35EDAD-0E77-41E6-9F75-E66FFDF5C3A2}
     Ulead Infinite Tee Filter
     Ulead Systems, Inc.
     1.0.0.2
     c:\program files\common files\ulead systems\mpeg\uinftee.ax
     07/01/2003 08:11
   Ulead MPEG-4 Splitter
     HKCR\CLSID\{A136224E-CB5C-42C4-B1D1-DBB8ADC7559D}
     MP4 Splitter Filter
     Ulead Systems, Inc.
     1.0.4.0
     c:\program files\common files\ulead systems\mpeg\ulspmp4.ax
     14/11/2005 04:01
   Ulead MPEG-4 Audio Decoder
     HKCR\CLSID\{A136226E-CB5C-42C4-B1D1-DBB8ADC7559D}
     MP4 AAC Audio Decoder Filter
     Ulead Systems, Inc.
     2.0.1.4
     c:\program files\common files\ulead systems\mpeg\uladmp4.ax
     01/11/2005 07:18
   Ulead MPEG-4 Video Decoder
     HKCR\CLSID\{A136228E-CB5C-42C4-B1D1-DBB8ADC7559D}
     MP4 Video Decoder Filter
     Ulead Systems, Inc.
     2.0.1.5
     c:\program files\common files\ulead systems\mpeg\ulvdmp4.ax
     16/02/2006 08:13
   InterVideo MPEG4 Video Encoder
     HKCR\CLSID\{A7375B02-8639-45A5-9C03-E2EFA88BF91D}
     InterVideo© MPEG4 Video Encoder Filter
     InterVideo Inc.
     0.8.8.0
     c:\program files\intervideo\common\bin\mp4venc.ax
     08/06/2007 09:27
   Ulead DVD Audio Decoder 2
     HKCR\CLSID\{AAB9D072-4326-48E3-A11A-BE93442E5F86}
     Audio Decoder
     Ulead Systems, Inc.
     2.0.0.45
     c:\program files\common files\ulead systems\mpeg\uldvdaudio.ax
     17/08/2005 16:23
   InterVideo Stream Writer
     HKCR\CLSID\{AAD9D04B-4C0F-4149-AD80-828BFF207F48}
     InterVideo¸ Stream File Writer
     InterVideo, Inc.
     1.0.2.0
     c:\program files\intervideo\common\bin\stmrite.ax
     08/06/2007 09:22
   SFVCaptureFilter
     HKCR\CLSID\{AFF3FD47-AD22-4F1E-95FD-6FB78BB64F72}
     SmartFaceVCapt
     2.0.0.0
     c:\windows\system32\smartfacevcapt.dll
     24/04/2008 09:43
   TOSHIBA DualMono
     HKCR\CLSID\{C069585A-56E6-4DD3-A9C4-357C8197AEA8}
     TOSHIBA DualMono
     TOSHIBA Corporation
     2.0.2.0
     c:\program files\common files\toshiba shared\tosdualmono.ax
     30/04/2008 07:22
   InterVideo AAC (XForm) Decoder
     HKCR\CLSID\{CA809AB8-80DB-4649-B95E-B0C87BB36D0A}
     InterVideo AAC Decoder
     InterVideo Inc.
     1.0.0.0
     c:\program files\intervideo\common\bin\iviaacdec.ax
     08/06/2007 09:24
   Ulead MPEG Splitter
     HKCR\CLSID\{CF957F20-77FE-4192-A59F-95CA43BD04BA}
     ULead Mpeg I/II Splitter
     ULead Systems
     1.0.0.105
     c:\program files\common files\ulead systems\mpeg\ulspmpeg.ax
     06/03/2006 12:52
   Ulead MPEG Audio Decoder
     HKCR\CLSID\{CF957F30-77FE-4192-A59F-95CA43BD04BA}
     Audio Decoder
     Ulead Systems, Inc.
     2.0.0.45
     c:\program files\common files\ulead systems\mpeg\uldvdaudio.ax
     17/08/2005 16:23
   Ulead MPEG Video Decoder
     HKCR\CLSID\{CF957F40-77FE-4192-A59F-95CA43BD04BA}
     MPEG Video and Audio Decoder
     ULead Systems
     1.0.0.85
     c:\program files\common files\ulead systems\mpeg\uldsmpeg.ax
     03/05/2007 09:17
   Ulead MPEG Encoder
     HKCR\CLSID\{CF957F50-77FE-4192-A59F-95CA43BD04BA}
     MPEG Encoder and Muxer
     ULead Systems
     1.0.2.49
     c:\program files\common files\ulead systems\mpeg\ulesmpeg.ax
     24/10/2005 06:32
   Ulead MPEG Muxer
     HKCR\CLSID\{CF957F80-77FE-4192-A59F-95CA43BD04BA}
     MPEG Muxer
     ULead Systems
     1.0.1.170
     c:\program files\common files\ulead systems\mpeg\ulmxmpeg.ax
     26/05/2007 00:02
   ULead File Writer
     HKCR\CLSID\{CF957FA0-77FE-4192-A59F-95CA43BD04BA}
     File Dump Filter
     ULead Systems
     1.0.0.2
     c:\program files\common files\ulead systems\filters\uldump.ax
     23/11/2004 06:39
   ULead File Source (Async.)
     HKCR\CLSID\{CF957FA1-77FE-4192-A59F-95CA43BD04BA}
     Ulead Async Filter
     Ulead Systems
     1.0.0.13
     c:\program files\common files\ulead systems\mpeg\ulasync.ax
     26/05/2005 17:06
   InterVideo File Writer
     HKCR\CLSID\{D2288805-7D1E-49D4-9934-6D5B3728E155}
     InterVideo© File Writer Filter
     InterVideo Inc.
     3.1.6.0
     c:\program files\intervideo\common\bin\iviwrite.ax
     08/06/2007 09:30
   InterVideo Still Capture
     HKCR\CLSID\{DB080360-01B9-11D4-898C-00A0CC5211EF}
     InterVideo© Still Capture Filter
     InterVideo Inc.
     3.1.6.0
     c:\program files\intervideo\common\bin\iviscapt.ax
     08/06/2007 09:34
   TOSHIBA Audio Decoder DVD
     HKCR\CLSID\{E107D5ED-A870-4329-A750-74EF51808146}
     TOSHIBA Audio Decoder DVD
     TOSHIBA Corporation
     2.0.1.6
     c:\program files\toshiba\toshiba dvd player\tosauddecl.ax
     18/07/2008 12:40
   Ulead DVB Parser
     HKCR\CLSID\{F0CB4200-B513-43F8-9D05-24D9CE8DEF04}
     Ulead DVB Parser Filter
     Ulead Systems, Inc.
     2.0.0.17
     c:\program files\common files\ulead systems\mpeg\uldvbparser.ax
     26/10/2005 07:27
   Ulead Audio Dual Channel Filter
     HKCR\CLSID\{F16EB735-3E60-4696-88E3-32610C10D669}
     Ulead Audio Dual Channel Filter
     Ulead Systems, Inc.
     1.0.0.2
     c:\program files\common files\ulead systems\mpeg\uaudiodcfilter.ax
     26/04/2004 03:30
   Ulead OggVorbis Decoder
     HKCR\CLSID\{F4453C84-C133-43F2-9E12-A9AB4B1422FE}
     ulOggVorbisDecoderFilter
     Ulead Systems, Inc.
     1.0.0.1
     c:\program files\common files\ulead systems\mpeg\uloggvorbisdecoderfilter.ax
     02/02/2005 03:25
   InterVideo DV Pre-Process
     HKCR\CLSID\{F54FF744-9B63-48FE-9C76-1F1F3B7F1BD7}
     InterVideo DV Pre-Process Filter
     InterVideo
     1.2.3.0
     c:\program files\intervideo\common\bin\dvprocs.ax
     08/06/2007 09:14
   Intervideo AMR Encoder
     HKCR\CLSID\{FF7667A9-586B-499A-B72A-F31445004000}
     IVI AMR Encoding
     Intervideo, Inc.
     8.1.0.0
     c:\program files\intervideo\common\bin\amrenc.ax
     08/06/2007 09:22

==== Empty IE Cache ======================

C:\Users\Davis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Davis\AppData\Local\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Davis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Users\Davis\AppData\Local\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Users\Davis\AppData\Local\Mozilla\Firefox\Profiles\xzk1ljzw.default\Cache emptied successfully

==== Empty Chrome Cache ======================

No Chrome Cache found

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=7684 folders=1853 588794814 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Georgia davis\AppData\Local\Temp emptied successfully
C:\Users\Georgie\AppData\Local\Temp emptied successfully
C:\Users\Guest\AppData\Local\Temp emptied successfully
C:\Users\Mrs georgia bolgar\AppData\Local\Temp emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Users\Davis\AppData\Local\Temp  will be emptied at reboot
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Davis\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Davis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Users\Davis\AppData\Local\Temporary Internet Files\Content.IE5\index.dat" not found

==== EOF on 15/02/2014 at 20:32:20.62 ======================
 

Link to post
Share on other sites

Hi, things like google chrome profile corrupted, outlook still wont run, lots of blank shortcuts everywhere.

Question. Would the computer be fit for me to safely backup all my documents and then do a factory restore.I would like to not have to do that but would it be OK to backup my stuff now?

 

Thanks

Link to post
Share on other sites

If you intend to go for a Factory reset i`d recommend an online scan before anything is backed up. I do not believe you have any major infection remaining, but there is always possibility of remnants....

 

If Google Chrome has problems/issues a clean install is the best option - How to remove Chrome https://support.google.com/chrome/answer/95319?hl=en-GB

 

Regarding the shortcuts, Run RogueKiller again, when the first scan completes look to right hand pane, Select "Fix Shortcuts" tab...

 

For OutLook go here: http://support.microsoft.com/kb/2022778

 

Do the following for online scan :-

 

We need to run an online AV scan to ensure there are no remnants of any infection left on your system that we may have missed. This scan is very thorough and well worth running, it can take several hours please be patient and let it complete:

 

Run Eset Online Scanner

 

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

 

Go to Eset web page http://www.eset.com/us/online-scanner/ to run an online scan from ESET.

 

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    Click Start
  • When asked, allow the add/on to be installed
    Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
  • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
    Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

 

When the scan is complete

 

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

 

If threats were found

 

  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish

 

close program

 

copy and paste the report in next reply

Link to post
Share on other sites

Hi, i have tried the navpane reset for outlook pst repair and scanpst.exe but outlook still not starting, however here are the results for the eset online scan. Lots to see:

 

C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch1.zip    Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch130.zip    Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch132.zip    Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch133.zip    Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch136.zip    Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch140.zip    Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch5.zip    Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch1.zip    Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch130.zip    Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch132.zip    Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch133.zip    Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch136.zip    Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch140.zip    Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch5.zip    Win32/Bagle.gen.zip worm
C:\Users\Davis\AppData\LocalLow\WhiteSmoke\html\english\dictClientDic\index.html    HTML/WhiteSmoke potentially unwanted application
C:\Users\Davis\AppData\LocalLow\WhiteSmoke\html\english\dictClientDic\translator.html    HTML/WhiteSmoke potentially unwanted application
C:\Users\Guest\AppData\LocalLow\WhiteSmoke\html\english\dictClientDic\index.html    HTML/WhiteSmoke potentially unwanted application
C:\Users\Guest\AppData\LocalLow\WhiteSmoke\html\english\dictClientDic\translator.html    HTML/WhiteSmoke potentially unwanted application
C:\Users\Guest\AppData\Roaming\NCH Software\Program Files\Debut\debut.exe    a variant of Win32/Toolbar.Conduit.H potentially unwanted application
C:\Users\Guest\AppData\Roaming\NCH Software\Program Files\Debut\debutsetup_v1.64.exe    a variant of Win32/Toolbar.Conduit.H potentially unwanted application
C:\Users\Guest\AppData\Roaming\NCH Software\Program Files\Debut\uninst.exe    a variant of Win32/Toolbar.Conduit.H potentially unwanted application
C:\Users\Guest\Desktop\ApnToolbarInstaller.exe    a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
C:\Users\Guest\Desktop\pivot_setup2.2.6.exe    Win32/Somoto.F potentially unwanted application
C:\Users\Guest\Downloads\SmileyCentral.exe    a variant of Win32/AdInstaller potentially unwanted application
C:\zoek_backup\C_Users_Guest_AppData_Local_My Web Search Installer(0003b8a4).exe.vir    a variant of Win32/Toolbar.MyWebSearch.K potentially unwanted application
C:\zoek_backup\C_Users_Guest_AppData_Local_My Web Search Installer(00043d4d).exe.vir    a variant of Win32/Toolbar.MyWebSearch.K potentially unwanted application
C:\zoek_backup\C_Users_Guest_AppData_Local_My Web Search Installer(002a5b49).exe.vir    a variant of Win32/Toolbar.MyWebSearch.K potentially unwanted application
C:\zoek_backup\C_Program Files_BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarApp.dll    a variant of Win32/Toolbar.Montiera.A potentially unwanted application
C:\zoek_backup\C_Program Files_Conduit\Community Alerts\Alert.dll    Win32/Toolbar.Conduit.Y potentially unwanted application
C:\zoek_backup\C_Program Files_facemoods.com\facemoods\1.4.17.11\facemoodsApp.dll    a variant of Win32/Toolbar.Montiera.A potentially unwanted application
C:\zoek_backup\C_Program Files_facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe    a variant of Win32/Toolbar.Montiera.A potentially unwanted application
C:\zoek_backup\C_Program Files_Mobogenie\DaemonProcess.exe    a variant of Win32/Mobogenie.A potentially unwanted application
C:\zoek_backup\C_Program Files_Mobogenie\Mobogenie.exe    a variant of Win32/Mobogenie.A potentially unwanted application
C:\zoek_backup\C_Program Files_Mobogenie\nengine.dll    Win32/NextLive.A potentially unwanted application
C:\zoek_backup\C_Program Files_Mobogenie\UpdateMoboGenie.exe    a variant of Win32/Mobogenie.A potentially unwanted application
C:\zoek_backup\C_Program Files_Optimizer Pro\OptimizerPro.exe    a variant of Win32/SpeedingUpMyPC application
C:\zoek_backup\C_Program Files_Optimizer Pro\OptProCrashSvc.dll    a variant of Win32/SProtector.G potentially unwanted application
C:\zoek_backup\C_Program Files_Optimizer Pro\OptProLauncher.exe    a variant of Win32/AdWare.SpeedingUpMyPC.D application
C:\zoek_backup\C_Program Files_Optimizer Pro\OptProSmartScan.exe    a variant of Win32/Adware.SpeedingUpMyPC.C application
C:\zoek_backup\C_Program Files_WhiteSmoke\Registration.exe    probably a variant of Win32/WhiteSmoke potentially unwanted application
C:\zoek_backup\C_Program Files_WhiteSmoke\html\english\dictClientDic\index.html    HTML/WhiteSmoke potentially unwanted application
C:\zoek_backup\C_Program Files_WhiteSmoke\html\english\dictClientDic\translator.html    HTML/WhiteSmoke potentially unwanted application
C:\zoek_backup\C_ProgramData_Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll    a variant of Win32/Adware.Yontoo.B application
C:\zoek_backup\C_Users_Davis_AppData_LocalLow_AskToolbar\setup.exe    a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
C:\zoek_backup\C_Users_Davis_AppData_LocalLow_FunWebProducts\Installr\Cache\0010D3D2.exe    a variant of Win32/Toolbar.MyWebSearch.O potentially unwanted application
C:\zoek_backup\C_Users_Davis_AppData_Local_Babylon\Setup\BExternal.dll    a variant of Win32/Toolbar.Babylon.F potentially unwanted application
C:\zoek_backup\C_Users_Davis_AppData_Local_Babylon\Setup\IECookieLow.dll    a variant of Win32/Toolbar.Babylon.E potentially unwanted application
C:\zoek_backup\C_Users_Davis_AppData_Local_Babylon\Setup\Setup.exe    a variant of Win32/Toolbar.Babylon.H potentially unwanted application
C:\zoek_backup\C_Users_Davis_AppData_Local_Google_Chrome_User Data_Default_Extensions_gaiilaahiahdejapggenmdmafpmbipje\3.0.7.2_0\background.html    Win32/DealPly.J potentially unwanted application
C:\zoek_backup\C_Users_Davis_AppData_Local_Google_Chrome_User Data_Default_Extensions_niapdbllcanepiiimjjndipklodoedlc\1.0.3_0\yl.js    JS/Adware.Yontoo.A application
C:\zoek_backup\C_Users_Davis_AppData_Local_Mobogenie\Version\OldVersion\Mobogenie\DaemonProcess.exe    Win32/Mobogenie.A potentially unwanted application
C:\zoek_backup\C_Users_Davis_AppData_Local_Mobogenie\Version\OldVersion\Mobogenie\Mobogenie.exe    a variant of Win32/Mobogenie.A potentially unwanted application
C:\zoek_backup\C_Users_Davis_AppData_Local_Mobogenie\Version\OldVersion\Mobogenie\New_UpdateMoboGenie.exe    a variant of Win32/Mobogenie.A potentially unwanted application
C:\zoek_backup\C_Users_Georgia davis_AppData_Local_Google_Chrome_User Data_Default_Extensions_gaiilaahiahdejapggenmdmafpmbipje\3.0.7.2_0\background.html    Win32/DealPly.J potentially unwanted application
C:\zoek_backup\C_Users_Georgia davis_AppData_Local_Google_Chrome_User Data_Default_Extensions_niapdbllcanepiiimjjndipklodoedlc\1.0.3_0\yl.js    JS/Adware.Yontoo.A application
C:\zoek_backup\C_Users_Guest_AppData_Local_Google_Chrome_User Data_Default_Extensions_gaiilaahiahdejapggenmdmafpmbipje\3.0.7.2_0\background.html    Win32/DealPly.J potentially unwanted application
C:\zoek_backup\C_Users_Mrs georgia bolgar_AppData_Local_Google_Chrome_User Data_Default_Extensions_gaiilaahiahdejapggenmdmafpmbipje\3.0.7.2_0\background.html    Win32/DealPly.J potentially unwanted application
C:\zoek_backup\C_Users_Mrs georgia bolgar_AppData_Local_Google_Chrome_User Data_Default_Extensions_niapdbllcanepiiimjjndipklodoedlc\1.0.3_0\yl.js    JS/Adware.Yontoo.A application
 

Link to post
Share on other sites

OK, i`d like you to run the two following scans to have another look at your system.... Before that, did you do a fresh install of Chrome, if so does now work ok?

                                                                                                                                                           did you run the shortcut fix with RogueKiller?

 

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Next,

 

Download Farbar Service Scanner from here: http://www.bleepingcomputer.com/download/farbar-service-scanner/dl/62/ and run it on the computer with the issue.

Make sure the following options are checked:

 

  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center/Action Center
  • Windows Update
  • Windows Defender

 

  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

 

Post those logs in next reply...

Link to post
Share on other sites

The profile on Google Chrome wont open still. But its no major problem. I did run the shortcut fixer and i think it fixed a few but most of the shortcuts were to programs / apps that were part of my problem. (Whitesmoke toolbar etc)

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-02-2014
Ran by Davis (administrator) on DAVIS-PC on 17-02-2014 10:16:09
Running from C:\Users\Davis\Desktop
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe
(TOSHIBA) C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.3.124.0\SeaPort.exe
(Google Inc.) C:\Users\Davis\AppData\Local\Temp\{7A7AF753-F5B5-491A-B6A6-EC417E7525F2}\GoogleUpdate.exe
(Google Inc.) C:\Users\Davis\AppData\Local\Temp\{7A7AF753-F5B5-491A-B6A6-EC417E7525F2}\GoogleUpdateSetup.exe
(Google Inc.) C:\Program Files\GUM17F3.tmp\GoogleUpdate.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\saUI.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil32_12_0_0_44_ActiveX.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [] - [X]
HKLM\...\Runonce: [AvgUninstallURL] - cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-lsf?lic=TlVIRDQtWUg5UEUtTzNQNEUtUVJERUstR0RKWjctVk9YVUw"&"inst=NzctMTIxODUzNjgzOS1GUDkyKzYtQkFSOUcrMS1GTCs5LVhPMzYrMS1DSUExMCsyLVNQMSsxLVNVUCs0LVRVRyszLVNQMVM0KzEtRERUKzAtTFNEKzItREQxMCsxLVNUMTBBUFArMS1QMTBNMTJDKzEtVTEwKzEtVEIrMS1GVUkrMi1QMTBUQisyLUVVTEErMS1TVFAxME0xMkNNKzEtU1QxMkFQUCsx"&"prod=55"&"ver=2012.0.1780"&"mid=84f5bd6a3a24b8b2df974b4dfa68e073-f53cc401da39bf00f11a57d79d9871e18aeaa71d
HKLM\...\RunOnce: [!DPLauncher] - "C:\Program Files\Microsoft\DefaultPack\DPLauncher.EXE" partner=p001 comb=12 [60048 2013-12-16] (© 2012 Microsoft Corporation)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-1847146488-4185065798-1427826158-1000\...\Run: [TOSCDSPD] - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [430080 2008-04-24] (TOSHIBA)
HKU\S-1-5-21-1847146488-4185065798-1427826158-1000\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-1847146488-4185065798-1427826158-1000\...\MountPoints2: F - F:\dilaunch.exe
HKU\S-1-5-21-1847146488-4185065798-1427826158-1000\...\MountPoints2: {2ccf1bce-e309-11dd-ad59-001e337f74f4} - D:\AutoRun.exe
HKU\S-1-5-21-1847146488-4185065798-1427826158-1000\...\MountPoints2: {2ccf1be2-e309-11dd-ad59-001e337f74f4} - D:\AutoRun.exe
HKU\S-1-5-21-1847146488-4185065798-1427826158-1000\...\MountPoints2: {3826e3e7-de63-11dd-b592-00216b461096} - D:\AutoRun.exe
HKU\S-1-5-21-1847146488-4185065798-1427826158-1000\...\MountPoints2: {3826e413-de63-11dd-b592-00216b461096} - D:\AutoRun.exe
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Georgie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Mrs georgia bolgar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.co.uk/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - DefaultScope {413EC48B-03FB-4AD2-8F18-1B3525B940BD} URL = http://www.google.com/search?source=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEA;
SearchScopes: HKLM - {413EC48B-03FB-4AD2-8F18-1B3525B940BD} URL = http://www.google.com/search?source=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEA;
SearchScopes: HKCU - DefaultScope {413EC48B-03FB-4AD2-8F18-1B3525B940BD} URL = http://www.google.com/search?source=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEA_en-GBGB308
SearchScopes: HKCU - ToolbarSearchProviderProgress {96bd48dd-741b-41ae-ac4a-aff96ba00f7e}
SearchScopes: HKCU - {413EC48B-03FB-4AD2-8F18-1B3525B940BD} URL = http://www.google.com/search?source=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEA_en-GBGB308
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=1I7TSEA_en-GBGB308
SearchScopes: HKCU - {70D46D94-BF1E-45ED-B567-48701376298E} URL = http://127.0.0.1:4664/search&s=PzUpTmDrCyJO6uiEzcPbAecchFQ?q={searchTerms}
BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: SMTTB2009 Class - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Pivot Stickfigure Toolbar\tbcore3.dll ()
Toolbar: HKLM - Pivot Stickfigure Toolbar - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\Pivot Stickfigure Toolbar\tbcore3.dll ()
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Pivot Stickfigure Toolbar - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\Pivot Stickfigure Toolbar\tbcore3.dll ()
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\PROGRA~1\INBOXT~1\Inbox.dll No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll No File
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: rebinfo - {AF808758-C780-404C-A4EE-4526323FD9B6} -  No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0\ViProtocol.dll No File
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Davis\AppData\Roaming\Mozilla\Firefox\Profiles\xzk1ljzw.default
FF DefaultSearchEngine: AVG Secure Search
FF SearchEngineOrder.1: Secure Search
FF SelectedSearchEngine: AVG Secure Search


FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\17.3.0\\npsitesafety.dll No File
FF Plugin: @checkpoint.com/FFApi - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll No File
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files\Yahoo!\Shared\npYState.dll No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Davis\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Davis\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Davis\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\Davis\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Davis\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Davis\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin ProgramFiles/Appdata: C:\Users\Davis\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Davis\AppData\Roaming\mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin ProgramFiles/Appdata: C:\Users\Davis\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files\McAfee\SiteAdvisor [2013-12-16]

Chrome:
=======
CHR Extension: (Google Docs) - C:\Users\Davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-16]
CHR Extension: (Google Drive) - C:\Users\Davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-16]
CHR Extension: (YouTube) - C:\Users\Davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-16]
CHR Extension: (Google Search) - C:\Users\Davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-16]
CHR Extension: (SiteAdvisor) - C:\Users\Davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2014-02-16]
CHR Extension: (Google Wallet) - C:\Users\Davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-16]
CHR Extension: (Gmail) - C:\Users\Davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-16]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx [2013-12-16]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

R2 avgfws; C:\Program Files\AVG\AVG2014\avgfws.exe [1358944 2013-09-24] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3788816 2014-01-22] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
S4 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2008-04-16] (TOSHIBA CORPORATION)
S4 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-06-14] (Google)
S4 McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [104880 2014-01-22] (McAfee, Inc.)
S4 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [235696 2014-01-16] (McAfee, Inc.)
S4 SmartFaceVWatchSrv; C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe [73728 2008-04-24] (Toshiba)
S4 TempoMonitoringService; C:\Program Files\Toshiba TEMPRO\TempoSVC.exe [99720 2008-04-24] (Toshiba Europe GmbH)
S4 TOSHIBA SMART Log Service; C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [126976 2007-12-03] (TOSHIBA Corporation)
S4 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.)

==================== Drivers (Whitelisted) ====================

R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [120600 2013-11-25] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6x.sys [47928 2013-09-26] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [210712 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [149272 2013-11-25] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [22808 2014-01-19] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [176952 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [222520 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [102712 2013-10-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27448 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [193848 2013-08-01] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [37664 2013-11-13] (AVG Technologies)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [30464 2014-02-14] ()
S3 UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [18432 2007-12-17] (Chicony Electronics Co., Ltd.)
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S1 SASDIFSV; \??\C:\Users\Davis\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV.SYS [X]
S1 SASKUTIL; \??\C:\Users\Davis\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL.SYS [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-17 10:16 - 2014-02-17 10:16 - 00021095 _____ () C:\Users\Davis\Desktop\FRST.txt
2014-02-17 10:14 - 2014-02-17 10:15 - 01141248 _____ (Farbar) C:\Users\Davis\Desktop\FRST.exe
2014-02-17 10:04 - 2014-02-17 10:04 - 00001976 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-17 10:03 - 2014-02-17 10:03 - 49940480 _____ () C:\Program Files\GUT1813.tmp
2014-02-17 10:03 - 2014-02-17 10:03 - 00000000 ____D () C:\Program Files\GUM17F3.tmp
2014-02-17 08:27 - 2014-02-17 08:27 - 00001209 _____ () C:\Users\Davis\Desktop\RKreport[0]_SC_02172014_082701.txt
2014-02-17 08:07 - 2014-02-17 08:07 - 00007818 _____ () C:\Users\Davis\Desktop\Eset online scanner.txt
2014-02-16 20:57 - 2014-02-16 20:57 - 00000000 ____D () C:\Users\Davis\AppData\Local\CrashDumps
2014-02-16 20:49 - 2014-02-16 20:49 - 01070592 _____ () C:\Users\Davis\Downloads\MicrosoftFixit50569(1).msi
2014-02-16 20:45 - 2014-02-16 20:46 - 01070592 _____ () C:\Users\Davis\Downloads\MicrosoftFixit50569.msi
2014-02-16 20:07 - 2014-02-16 20:07 - 01050624 _____ () C:\Users\Davis\Downloads\MicrosoftFixit50511.msi
2014-02-15 22:10 - 2014-02-17 10:16 - 00000000 ____D () C:\FRST
2014-02-15 20:27 - 2013-10-18 01:11 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-02-15 20:26 - 2014-02-15 20:26 - 00000000 ____D () C:\Program Files\HiJackThis
2014-02-15 20:07 - 2014-02-15 20:07 - 00109508 _____ () C:\Users\Public\Desktop\sample_022014_2007.zip
2014-02-15 19:49 - 2014-02-15 20:32 - 00147029 _____ () C:\zoek-results.log
2014-02-15 19:44 - 2014-02-15 20:23 - 00000000 ____D () C:\zoek_backup
2014-02-15 19:40 - 2014-02-15 19:41 - 00000000 ____D () C:\Users\Davis\Desktop\zoek
2014-02-15 19:40 - 2014-02-15 19:38 - 04088082 _____ () C:\Users\Davis\Desktop\zoek.zip
2014-02-15 15:36 - 2014-02-15 15:36 - 00002101 _____ () C:\Users\Davis\Desktop\RKreport[0]_S_02152014_153625.txt
2014-02-15 15:19 - 2014-02-17 08:25 - 00000000 ____D () C:\Users\Davis\Desktop\RK_Quarantine
2014-02-15 15:17 - 2014-02-15 15:08 - 03813376 _____ () C:\Users\Davis\Desktop\RogueKiller.exe
2014-02-15 10:11 - 2014-02-15 10:11 - 372136236 _____ () C:\Windows\MEMORY.DMP
2014-02-15 10:11 - 2014-02-15 10:11 - 00143248 _____ () C:\Windows\Minidump\Mini021514-01.dmp
2014-02-14 22:15 - 2014-02-14 22:15 - 00000000 ____D () C:\Windows\SoftwareDistribution.old
2014-02-14 21:13 - 2014-02-14 21:13 - 00000000 ____D () C:\Users\Davis\AppData\Roaming\SUPERAntiSpyware.com
2014-02-14 21:13 - 2014-02-14 21:13 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-02-14 21:01 - 2014-02-14 21:01 - 00041736 _____ () C:\Windows\system32\.crusader
2014-02-14 20:49 - 2014-02-14 21:10 - 00030464 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2014-02-14 20:49 - 2014-02-14 21:01 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-02-14 20:32 - 2014-02-14 20:32 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-14 20:11 - 2014-02-14 20:11 - 00688992 ____R (Swearware) C:\Users\Davis\Desktop\dds.com
2014-02-14 19:53 - 2014-02-14 19:53 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-02-14 19:23 - 2014-02-14 19:23 - 00000000 ____D () C:\Windows\ERUNT
2014-02-14 18:52 - 2014-02-14 18:55 - 00000087 _____ () C:\Windows\system32\zerobyte_files_deleted.txt
2014-02-14 18:52 - 2014-02-14 18:54 - 00000095 _____ () C:\Windows\zerobyte_files_deleted.txt
2014-02-12 17:49 - 2014-02-12 17:49 - 00000000 ____D () C:\Support
2014-02-11 09:47 - 2014-02-11 09:47 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-02-04 20:13 - 2014-02-04 20:13 - 01069512 _____ (Solid State Networks) C:\Users\Davis\Downloads\install_flashplayer12x32au_mssd_awc_aih.exe
2014-02-04 14:40 - 2014-02-04 14:40 - 00001669 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-02-04 14:39 - 2014-02-04 14:40 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-02-04 14:39 - 2014-02-04 14:40 - 00000000 ____D () C:\Program Files\iTunes
2014-02-04 14:39 - 2014-02-04 14:39 - 00000000 ____D () C:\Program Files\iPod
2014-01-29 21:01 - 2014-02-04 15:12 - 00000000 ____D () C:\ProgramData\toppbuyero
2014-01-29 21:01 - 2014-02-04 15:12 - 00000000 ____D () C:\ProgramData\DeuaalsFiindeorrPro
2014-01-20 16:25 - 2014-01-20 16:26 - 01069512 _____ (Solid State Networks) C:\Users\Davis\Downloads\install_flashplayer12x32au_mssa_awc_aih.exe
2014-01-19 21:46 - 2014-01-19 21:46 - 00022808 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsshimx.sys

==================== One Month Modified Files and Folders =======

2014-02-17 10:16 - 2014-02-17 10:16 - 00021095 _____ () C:\Users\Davis\Desktop\FRST.txt
2014-02-17 10:16 - 2014-02-15 22:10 - 00000000 ____D () C:\FRST
2014-02-17 10:15 - 2014-02-17 10:14 - 01141248 _____ (Farbar) C:\Users\Davis\Desktop\FRST.exe
2014-02-17 10:15 - 2009-09-29 15:06 - 00000422 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{7DB64578-8B9B-4A26-8F64-DF64F6338DB0}.job
2014-02-17 10:12 - 2013-11-17 15:58 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-17 10:12 - 2012-12-10 22:15 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-02-17 10:04 - 2014-02-17 10:04 - 00001976 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-17 10:03 - 2014-02-17 10:03 - 49940480 _____ () C:\Program Files\GUT1813.tmp
2014-02-17 10:03 - 2014-02-17 10:03 - 00000000 ____D () C:\Program Files\GUM17F3.tmp
2014-02-17 10:03 - 2008-07-01 15:13 - 00000000 ____D () C:\Program Files\Google
2014-02-17 10:01 - 2012-05-24 20:05 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-17 10:00 - 2010-01-30 19:08 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-17 09:55 - 2009-09-14 20:51 - 01884319 _____ () C:\Windows\WindowsUpdate.log
2014-02-17 09:35 - 2011-03-02 11:17 - 00000000 ____D () C:\ProgramData\MFAData
2014-02-17 09:31 - 2012-12-11 17:26 - 00000940 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1003UA.job
2014-02-17 09:22 - 2012-12-08 22:05 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1000Core.job
2014-02-17 09:22 - 2010-01-30 19:08 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-17 09:22 - 2006-11-02 13:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-17 09:22 - 2006-11-02 12:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-17 09:22 - 2006-11-02 12:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-17 08:27 - 2014-02-17 08:27 - 00001209 _____ () C:\Users\Davis\Desktop\RKreport[0]_SC_02172014_082701.txt
2014-02-17 08:25 - 2014-02-15 15:19 - 00000000 ____D () C:\Users\Davis\Desktop\RK_Quarantine
2014-02-17 08:19 - 2012-12-08 22:05 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1000UA.job
2014-02-17 08:07 - 2014-02-17 08:07 - 00007818 _____ () C:\Users\Davis\Desktop\Eset online scanner.txt
2014-02-17 07:36 - 2012-01-08 16:05 - 00000926 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1000UA.job
2014-02-17 05:47 - 2012-12-11 17:43 - 00000960 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1003UA.job
2014-02-16 22:36 - 2012-01-08 16:05 - 00000904 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1000Core.job
2014-02-16 20:57 - 2014-02-16 20:57 - 00000000 ____D () C:\Users\Davis\AppData\Local\CrashDumps
2014-02-16 20:56 - 2013-01-23 16:30 - 00000000 ____D () C:\Users\Mrs georgia bolgar
2014-02-16 20:56 - 2012-12-02 09:47 - 00000000 ____D () C:\Users\Georgia davis
2014-02-16 20:56 - 2010-10-15 19:05 - 00000000 ____D () C:\Users\Guest
2014-02-16 20:56 - 2009-09-27 17:59 - 00000000 ____D () C:\Users\Georgie
2014-02-16 20:56 - 2008-12-28 18:57 - 00000000 ____D () C:\Users\Davis
2014-02-16 20:56 - 2006-11-02 11:18 - 00000000 ___RD () C:\Users\Public
2014-02-16 20:49 - 2014-02-16 20:49 - 01070592 _____ () C:\Users\Davis\Downloads\MicrosoftFixit50569(1).msi
2014-02-16 20:46 - 2014-02-16 20:45 - 01070592 _____ () C:\Users\Davis\Downloads\MicrosoftFixit50569.msi
2014-02-16 20:07 - 2014-02-16 20:07 - 01050624 _____ () C:\Users\Davis\Downloads\MicrosoftFixit50511.msi
2014-02-16 09:16 - 2006-11-02 13:01 - 00032614 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-02-16 09:05 - 2011-09-07 17:08 - 00000000 ____D () C:\Users\Davis\AppData\Local\PMB Files
2014-02-16 09:05 - 2011-02-05 14:20 - 00000000 ____D () C:\Windows\pss
2014-02-15 23:09 - 2006-11-02 11:18 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-02-15 20:32 - 2014-02-15 19:49 - 00147029 _____ () C:\zoek-results.log
2014-02-15 20:30 - 2013-01-10 19:39 - 00059246 _____ () C:\Windows\PFRO.log
2014-02-15 20:26 - 2014-02-15 20:26 - 00000000 ____D () C:\Program Files\HiJackThis
2014-02-15 20:23 - 2014-02-15 19:44 - 00000000 ____D () C:\zoek_backup
2014-02-15 20:07 - 2014-02-15 20:07 - 00109508 _____ () C:\Users\Public\Desktop\sample_022014_2007.zip
2014-02-15 19:41 - 2014-02-15 19:40 - 00000000 ____D () C:\Users\Davis\Desktop\zoek
2014-02-15 19:38 - 2014-02-15 19:40 - 04088082 _____ () C:\Users\Davis\Desktop\zoek.zip
2014-02-15 19:35 - 2012-12-11 17:43 - 00000938 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1003Core.job
2014-02-15 19:35 - 2012-12-11 17:26 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1003Core.job
2014-02-15 15:36 - 2014-02-15 15:36 - 00002101 _____ () C:\Users\Davis\Desktop\RKreport[0]_S_02152014_153625.txt
2014-02-15 15:13 - 2010-09-25 09:49 - 00000008 ___RS () C:\Users\Davis\ntuser.pol
2014-02-15 15:08 - 2014-02-15 15:17 - 03813376 _____ () C:\Users\Davis\Desktop\RogueKiller.exe
2014-02-15 10:11 - 2014-02-15 10:11 - 372136236 _____ () C:\Windows\MEMORY.DMP
2014-02-15 10:11 - 2014-02-15 10:11 - 00143248 _____ () C:\Windows\Minidump\Mini021514-01.dmp
2014-02-15 10:11 - 2010-04-09 21:06 - 00000000 ____D () C:\Windows\Minidump
2014-02-15 09:04 - 2006-11-02 12:47 - 00407168 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-02-14 22:43 - 2012-03-13 18:03 - 00115752 _____ () C:\Users\Davis\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-14 22:15 - 2014-02-14 22:15 - 00000000 ____D () C:\Windows\SoftwareDistribution.old
2014-02-14 21:22 - 2011-10-12 16:05 - 00000000 ____D () C:\Program Files\Pivot Stickfigure Toolbar
2014-02-14 21:13 - 2014-02-14 21:13 - 00000000 ____D () C:\Users\Davis\AppData\Roaming\SUPERAntiSpyware.com
2014-02-14 21:13 - 2014-02-14 21:13 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-02-14 21:10 - 2014-02-14 20:49 - 00030464 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2014-02-14 21:01 - 2014-02-14 21:01 - 00041736 _____ () C:\Windows\system32\.crusader
2014-02-14 21:01 - 2014-02-14 20:49 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-02-14 20:42 - 2008-07-01 15:05 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-02-14 20:37 - 2006-11-02 10:33 - 00005526 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-14 20:32 - 2014-02-14 20:32 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-14 20:32 - 2013-04-05 18:48 - 00005604 _____ () C:\Windows\setupact.log
2014-02-14 20:11 - 2014-02-14 20:11 - 00688992 ____R (Swearware) C:\Users\Davis\Desktop\dds.com
2014-02-14 19:53 - 2014-02-14 19:53 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-02-14 19:53 - 2012-03-13 12:24 - 00000911 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-14 19:23 - 2014-02-14 19:23 - 00000000 ____D () C:\Windows\ERUNT
2014-02-14 18:55 - 2014-02-14 18:52 - 00000087 _____ () C:\Windows\system32\zerobyte_files_deleted.txt
2014-02-14 18:55 - 2006-11-02 11:18 - 00000000 __RHD () C:\Users\Default
2014-02-14 18:54 - 2014-02-14 18:52 - 00000095 _____ () C:\Windows\zerobyte_files_deleted.txt
2014-02-14 18:14 - 2013-10-01 15:27 - 00000847 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-02-14 17:17 - 2013-01-29 21:00 - 00006144 _____ () C:\Users\Mrs georgia bolgar\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-02-14 16:56 - 2006-11-02 11:18 - 00000000 ____D () C:\Windows\system32\CatRoot2.old
2014-02-12 17:49 - 2014-02-12 17:49 - 00000000 ____D () C:\Support
2014-02-11 15:42 - 2013-12-16 19:57 - 00000000 ____D () C:\Program Files\McAfee
2014-02-11 09:47 - 2014-02-11 09:47 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-02-11 09:47 - 2012-12-04 16:01 - 00001924 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2014-02-08 12:35 - 2012-05-24 20:05 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-02-08 12:35 - 2011-12-13 09:18 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-02-04 20:13 - 2014-02-04 20:13 - 01069512 _____ (Solid State Networks) C:\Users\Davis\Downloads\install_flashplayer12x32au_mssd_awc_aih.exe
2014-02-04 15:12 - 2014-01-29 21:01 - 00000000 ____D () C:\ProgramData\toppbuyero
2014-02-04 15:12 - 2014-01-29 21:01 - 00000000 ____D () C:\ProgramData\DeuaalsFiindeorrPro
2014-02-04 14:40 - 2014-02-04 14:40 - 00001669 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-02-04 14:40 - 2014-02-04 14:39 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-02-04 14:40 - 2014-02-04 14:39 - 00000000 ____D () C:\Program Files\iTunes
2014-02-04 14:39 - 2014-02-04 14:39 - 00000000 ____D () C:\Program Files\iPod
2014-02-04 14:39 - 2010-02-27 17:48 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-02-04 14:33 - 2010-02-27 17:48 - 00000000 ____D () C:\ProgramData\Apple
2014-01-26 16:20 - 2012-12-08 22:06 - 00000000 ____D () C:\Users\Davis\AppData\Roaming\Mozilla
2014-01-26 16:20 - 2008-12-28 19:03 - 00000000 ____D () C:\Users\Davis\AppData\Local\Google
2014-01-24 20:23 - 2013-01-23 16:30 - 00000949 _____ () C:\Users\Mrs georgia bolgar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-01-20 16:26 - 2014-01-20 16:25 - 01069512 _____ (Solid State Networks) C:\Users\Davis\Downloads\install_flashplayer12x32au_mssa_awc_aih.exe
2014-01-19 21:46 - 2014-01-19 21:46 - 00022808 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsshimx.sys

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-17 09:29

==================== End Of Log ============================

 

Farbar Service Scanner Version: 16-02-2014
Ran by Davis (administrator) on 17-02-2014 at 10:20:49
Running from "C:\Users\Davis\Desktop"
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2013-08-19 13:37] - [2013-07-05 03:20] - 0914880 ____A (Microsoft Corporation) 6D0D344F643E28B31262AC2682109A3C

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

 

I have had to post the additions txt. Every time i went to attach it wouldnt an error in pink high light came up.

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 16-02-2014
Ran by Davis at 2014-02-17 10:16:44
Running from C:\Users\Davis\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: AVG Internet Security 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Internet Security 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2014 (Enabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}

==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958) (Version:  - Microsoft)
3Connect (Version: 2.0.0 - 3 Mobile Broadband)
Activation Assistant for the 2007 Microsoft Office suites (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe AIR (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe AIR (Version: 2.5.1.17730 - Adobe Systems Inc.) Hidden
Adobe Flash Player 12 ActiveX (Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Media Player (Version: 1.6 - Adobe Systems Incorporated)
Adobe Reader 8.1.3 (Version: 8.1.3 - Adobe Systems Incorporated)
Apple Application Support (Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (Version: 2.1.3.127 - Apple Inc.)
AusLogics Disk Defrag (Version: version 1.4 - Auslogics Software Pty Ltd)
AVG 2014 (Version: 14.0.3615 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.3705 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4335 - AVG Technologies) Hidden
AVG 2014 (Version: 2014.0.4335 - AVG Technologies)
AVG Security Toolbar (Version: 17.3.0.49 - AVG Technologies)
Babylon toolbar on IE (Version:  - ) <==== ATTENTION
Bing Bar (Version: 7.3.124.0 - Microsoft Corporation)
Bluetooth Stack for Windows by Toshiba (Version: v6.10.07.2(T) - TOSHIBA CORPORATION)
Bonjour (Version: 3.0.0.10 - Apple Inc.)
Camera Assistant Software for Toshiba (Version: 1.7.193.0508L - Chicony Electronics Co.,Ltd.)
CCleaner (remove only) (Version:  - )
CD/DVD Drive Acoustic Silencer (Version: 2.02.03 - TOSHIBA)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000 - Microsoft Corporation)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DeuaalsFiindeorrPro (Version:  - DealSoFindderPurO)
DVD MovieFactory for TOSHIBA (Version: 5.51 - Ulead Systems, Inc.)
Facebook Video Calling 1.2.0.287 (Version: 1.2.287 - Skype Limited)
Facebook Video Calling 2.0.0.447 (Version: 2.0.447 - Skype Limited)
Facemoods Toolbar (Version:  - ) <==== ATTENTION
Google Chrome (Version: 32.0.1700.107 - Google Inc.)
Google Chrome Packages (HKCU Version:  - ) <==== ATTENTION
Google Desktop (Version: 5.9.1005.12335 - Google)
Google Earth (Version: 7.1.2.2041 - Google)
Google Talk Plugin (Version: 3.10.2.10212 - Google)
Google Talk Plugin (Version: 4.9.1.16010 - Google)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (Version: 7.5.4805.320 - Google Inc.)
Google Update Helper (Version: 1.3.22.3 - Google Inc.) Hidden
HDMI Control Manager (Version: 1.7 - TOSHIBA)
Huawei modem (Version:  - )
Inbox Toolbar (Version: 1.0.0 - Inbox.com, Inc.)
Intel® Matrix Storage Manager (Version:  - Intel Corporation)
iTunes (Version: 11.1.4.62 - Apple Inc.)
Java Auto Updater (Version: 2.0.2.4 - Sun Microsystems, Inc.) Hidden
Java 6 Update 23 (Version: 6.0.230 - Sun Microsystems, Inc.)
Java 6 Update 6 (Version: 1.6.0.60 - Sun Microsystems, Inc.)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300 - Malwarebytes Corporation)
MathmosScreensaver (Version:  - )
McAfee Security Scan Plus (Version: 3.8.141.11 - McAfee, Inc.)
McAfee SiteAdvisor (Version: 3.6.135 - McAfee, Inc.)
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook Connector (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (Version: 9.7.0621 - Microsoft Corporation)
Microsoft XML Parser (Version: 8.20.8730.4 - Microsoft Corporation) Hidden
Mozilla Firefox 27.0.1 (x86 en-US) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (Version: 27.0.1 - Mozilla)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0 - Microsoft Corporation)
myphotobook 3.5 (Version: 3.5 - myphotobook)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
Pando Media Booster (Version: 2.3.6.0 - Pando Networks Inc.)
ParetoLogic PC Health Advisor (Version: 3.1.4.0 - ParetoLogic, Inc.)
Picasa 2 (Version: 2.0 - Google, Inc.)
Pivot Stickfigure Animator version 2.2.6 (Version: 2.2.6 - )
Pivot Stickfigure Toolbar (Version:  - )
QuickTime (Version: 7.74.80.86 - Apple Inc.)
Realtek 8169 8168 8101E 8102E Ethernet Driver (Version: 1.00.0000 - Realtek)
Realtek High Definition Audio Driver (Version: 6.0.1.5599 - Realtek Semiconductor Corp.)
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.02 (Version: 3.54.02 - )
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Spelling Dictionaries Support For Adobe Reader 8 (Version: 8.0.0 - Adobe Systems)
Synaptics Pointing Device Driver (Version: 10.1.8.0 - Synaptics)
toppbuyero (Version:  - toppBuuyer)
TOSHIBA Assist (Version: 2.01.04 - TOSHIBA)
TOSHIBA ConfigFree (Version: 7.2.13 - TOSHIBA Corporation)
TOSHIBA Disc Creator (Version: 2.0.1.3 - TOSHIBA Corporation)
TOSHIBA DVD PLAYER (Version: 1.31.14 - TOSHIBA Corporation)
TOSHIBA Extended Tiles for Windows Mobility Center (Version: 1.01.00 - TOSHIBA Corporation)
TOSHIBA Extended Tiles for Windows Mobility Center (Version: 1.01.00 - TOSHIBA Corporation) Hidden
TOSHIBA Face Recognition (Version: 2.0.2.32 - TOSHIBA)
TOSHIBA Face Recognition (Version: 2.0.2.32 - TOSHIBA) Hidden
TOSHIBA Hardware Setup (Version: 2.00.08 - )
TOSHIBA Manuals (Version: 7.40 - TOSHIBA)
Toshiba Online Product Information (Version: 1.00.0012 - TOSHIBA)
TOSHIBA Recovery Disc Creator (Version: 2.0.0.1b - TOSHIBA Corporation)
TOSHIBA SD Memory Utilities (Version: 1.8.1.3 - TOSHIBA)
TOSHIBA Software Modem (Version: 2.1.77 (SM2177ALD04) - Agere Systems)
TOSHIBA Supervisor Password (Version: 2.00.04 - )
Toshiba TEMPRO (Version: 1.1 - Toshiba Europe GmbH)
TOSHIBA Value Added Package (Version: 1.1.19 - TOSHIBA Corporation)
TOSHIBA Value Added Package (Version: 1.1.19 - TOSHIBA Corporation) Hidden
TRDCReminder (Version: 1.00.0015 - TOSHIBA)
TRDCReminder (Version: 1.00.0015 - TOSHIBA) Hidden
TRORDCLauncher (Version: 1.0.0.1 - TOSHIBA)
TRORDCLauncher (Version: 1.0.0.1 - TOSHIBA) Hidden
Update for 2007 Microsoft Office System (KB967642) (Version:  - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (Version:  - Microsoft)
Update for Microsoft Office Infopath 2007 Help (KB963662) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (Version:  - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (Version:  - Microsoft)
Visual Studio 2012 x86 Redistributables (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Family Safety (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Media Encoder 9 Series (Version:  - )
Windows Media Encoder 9 Series (Version: 9.00.3374 - Microsoft Corporation) Hidden
Yahoo! Messenger (Version:  - Yahoo! Inc.)
Yahoo! Toolbar (Version:  - )

==================== Restore Points  =========================

14-02-2014 22:19:36 D7 Automatic Restore Point
15-02-2014 19:49:58 zoek.exe restore point
16-02-2014 20:08:26 Installed Microsoft Fix it 50511
16-02-2014 20:46:26 Installed Microsoft Fix it 50569
17-02-2014 09:59:34 Scheduled Checkpoint

==================== Hosts content: ==========================

2006-11-02 10:23 - 2006-09-18 21:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {02A4E6F1-AA4D-4754-845A-55C6689AE0CB} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1000Core => C:\Users\Davis\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-11] (Facebook Inc.)
Task: {06B560B5-A314-47C7-8C6C-2AC7B7595928} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-30] (Google Inc.)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {2560A82A-F2F3-4C3C-BDE0-19FA730E4540} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1003UA => C:\Users\Georgia davis\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-17] (Google Inc.)
Task: {266A7279-4868-4DBF-927E-31A2DFE2CC8C} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1000UA => C:\Users\Davis\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-11] (Facebook Inc.)
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {33E86F53-2D79-43AD-AE86-A03AB8A358E4} - \Scheduled Update for Ask Toolbar No Task File
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {420FBBC6-0B3F-4C90-9CC5-82BD76665CF8} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {52ECF0AC-66F0-4E35-BEFE-052558A6BF29} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1000Core => C:\Users\Davis\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-17] (Google Inc.)
Task: {5CCAFB2A-03CA-47DE-BD8E-637EB99D5073} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-30] (Google Inc.)
Task: {84A4B13D-BB77-49A5-8CBF-E7CEAC6EF480} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1003UA => C:\Users\Georgia davis\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-11] (Facebook Inc.)
Task: {8D00947C-618E-4A44-8892-EC731179BD4E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {97097F62-DE6A-43C9-9688-A5AE9BA9F2ED} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-08] (Adobe Systems Incorporated)
Task: {9F44DF2E-7412-4ED0-A98A-CA6ADB373EB3} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1000UA => C:\Users\Davis\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-17] (Google Inc.)
Task: {B693CFDD-969A-40A0-B38E-C22B5A54BCE4} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Davis => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-11] (Microsoft Corporation)
Task: {C605864F-6899-4629-A990-E3845F2B26B7} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1003Core => C:\Users\Georgia davis\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-17] (Google Inc.)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: {F0A380A3-ED6D-402C-BD83-B49308391B62} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1003Core => C:\Users\Georgia davis\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-11] (Facebook Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1000Core.job => C:\Users\Davis\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1000UA.job => C:\Users\Davis\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1003Core.job => C:\Users\Georgia davis\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1003UA.job => C:\Users\Georgia davis\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1000Core.job => C:\Users\Davis\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1000UA.job => C:\Users\Davis\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1003Core.job => C:\Users\Georgia davis\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1003UA.job => C:\Users\Georgia davis\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{7DB64578-8B9B-4A26-8F64-DF64F6338DB0}.job => C:\Windows\system32\msfeedssync.exe

==================== Loaded Modules (whitelisted) =============

2013-11-17 15:58 - 2014-02-17 10:12 - 03578992 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:373E1720

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"

==================== Disabled items from MSCONFIG ==============

MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AgereModemAudio => 2
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: ConfigFree Service => 2
MSCONFIG\Services: GoogleDesktopManager-051210-111108 => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: McAfee SiteAdvisor Service => 2
MSCONFIG\Services: McComponentHostService => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: SmartFaceVWatchSrv => 3
MSCONFIG\Services: TempoMonitoringService => 2
MSCONFIG\Services: TNaviSrv => 2
MSCONFIG\Services: TODDSrv => 2
MSCONFIG\Services: TosCoSrv => 2
MSCONFIG\Services: TOSHIBA SMART Log Service => 2
MSCONFIG\Services: UleadBurningHelper => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Update Agent.lnk => C:\Windows\pss\Update Agent.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Davis^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Media Player.lnk => C:\Windows\pss\Adobe Media Player.lnk.Startup
MSCONFIG\startupreg: 00TCrdMain => %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: AVG_UI => "C:\Program Files\AVG\AVG2014\avgui.exe" /TRAYONLY
MSCONFIG\startupreg: Camera Assistant Software => "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
MSCONFIG\startupreg: cfFncEnabler.exe => cfFncEnabler.exe
MSCONFIG\startupreg: ctfmon.exe => C:\WINDOWS\system32\ctfmon.exe
MSCONFIG\startupreg: ehTray.exe => C:\Windows\ehome\ehTray.exe
MSCONFIG\startupreg: Facebook Update => "C:\Users\Davis\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: Google Desktop Search => "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
MSCONFIG\startupreg: Google EULA Launcher => c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe IE PA
MSCONFIG\startupreg: Google Update => "C:\Users\Davis\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: HDMICtrlMan => C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: HSON => %ProgramFiles%\TOSHIBA\TBS\HSON.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: mobilegeni daemon => C:\Program Files\Mobogenie\DaemonProcess.exe
MSCONFIG\startupreg: NDSTray.exe => NDSTray.exe
MSCONFIG\startupreg: Pando Media Booster => C:\Program Files\Pando Networks\Media Booster\PMB.exe
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RtHDVCpl => RtHDVCpl.exe
MSCONFIG\startupreg: Skytel => Skytel.exe
MSCONFIG\startupreg: SmoothView => %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: swg => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: SynTPEnh => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: topi => C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
MSCONFIG\startupreg: Toshiba Registration => C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
MSCONFIG\startupreg: Toshiba TEMPO => C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe
MSCONFIG\startupreg: TPwrMain => %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
MSCONFIG\startupreg: vProt => "C:\Program Files\AVG Secure Search\vprot.exe"
MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide
MSCONFIG\startupreg: WMPNSCFG => C:\Program Files\Windows Media Player\WMPNSCFG.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/17/2014 10:16:03 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: -583

Error: (02/17/2014 10:16:03 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: -583

Error: (02/17/2014 10:16:03 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: -583

Error: (02/17/2014 10:16:03 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: -583

Error: (02/17/2014 10:15:54 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: -583

Error: (02/17/2014 10:15:54 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: -583

Error: (02/17/2014 10:05:21 AM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service has failed to create the SystemIndex search index. Internal error <4, 0x8004117f, Failed to add project: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects>.

Error: (02/17/2014 10:05:21 AM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service cannot open the Jet property store.


Details:
    The content index server cannot update or access information because of a database error.  Stop and restart the search service.  If the problem persists, reset and recrawl the content index.  In some cases it may be necessary to delete and recreate the content index.   (0x8004117f)

Error: (02/17/2014 10:05:19 AM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service has failed to create the SystemIndex search index. Internal error <4, 0x8004117f, Failed to add project: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects>.

Error: (02/17/2014 10:05:19 AM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service cannot open the Jet property store.


Details:
    The content index server cannot update or access information because of a database error.  Stop and restart the search service.  If the problem persists, reset and recrawl the content index.  In some cases it may be necessary to delete and recreate the content index.   (0x8004117f)


System errors:
=============
Error: (02/17/2014 10:05:21 AM) (Source: Service Control Manager) (User: )
Description: Windows Search13

Error: (02/17/2014 10:05:21 AM) (Source: Service Control Manager) (User: )
Description: Windows Search2147749155 (0x80040D23)

Error: (02/17/2014 10:05:19 AM) (Source: Service Control Manager) (User: )
Description: Windows Search12

Error: (02/17/2014 10:05:19 AM) (Source: Service Control Manager) (User: )
Description: Windows Search2147749155 (0x80040D23)

Error: (02/17/2014 10:05:17 AM) (Source: Service Control Manager) (User: )
Description: Windows Search11

Error: (02/17/2014 10:05:17 AM) (Source: Service Control Manager) (User: )
Description: Windows Search2147749155 (0x80040D23)

Error: (02/17/2014 10:05:14 AM) (Source: Service Control Manager) (User: )
Description: Windows Search10

Error: (02/17/2014 10:05:14 AM) (Source: Service Control Manager) (User: )
Description: Windows Search2147749155 (0x80040D23)

Error: (02/17/2014 10:05:12 AM) (Source: Service Control Manager) (User: )
Description: Windows Search9

Error: (02/17/2014 10:05:12 AM) (Source: Service Control Manager) (User: )
Description: Windows Search2147749155 (0x80040D23)


Microsoft Office Sessions:
=========================
Error: (05/15/2011 05:59:32 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 22 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (11/08/2010 08:43:53 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (11/08/2010 08:43:11 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1145 seconds with 420 seconds of active time.  This session ended with a crash.

Error: (09/27/2010 06:33:40 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 9893 seconds with 2580 seconds of active time.  This session ended with a crash.

Error: (09/25/2010 09:39:25 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 41752 seconds with 2160 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2014-02-17 10:16:33.732
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\hitmanpro37.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-17 10:16:33.436
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\hitmanpro37.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-17 10:16:33.139
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\hitmanpro37.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-17 10:16:32.843
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\hitmanpro37.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-17 10:16:32.547
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\hitmanpro37.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-17 10:16:32.250
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\hitmanpro37.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-17 10:16:31.954
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\hitmanpro37.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-17 10:16:31.657
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\hitmanpro37.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-17 10:16:17.025
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\hitmanpro37.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-17 10:16:16.728
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\hitmanpro37.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 52%
Total physical RAM: 2939.26 MB
Available physical RAM: 1397.25 MB
Total Pagefile: 6088.75 MB
Available Pagefile: 4743.39 MB
Total Virtual: 2047.88 MB
Available Virtual: 1918.45 MB

==================== Drives ================================

Drive c: (Vista) (Fixed) (Total:232.64 GB) (Free:155.39 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (Data) (Fixed) (Total:230.84 GB) (Free:225.41 GB) NTFS
Drive f: (BEYONCE) (CDROM) (Total:4.14 GB) (Free:0 GB) UDF
Drive g: (D7 PREMIUM) (Removable) (Total:1.87 GB) (Free:0.72 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: 8F1901FC)
Partition 1: (Not Active) - (Size=2 GB) - (Type=27)
Partition 2: (Active) - (Size=233 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=231 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 2 GB) (Disk ID: 13CCC2B5)
Partition 1: (Not Active) - (Size=2 GB) - (Type=06)

==================== End Of Log ============================

 

 

Thanks

Link to post
Share on other sites

The profile on Google Chrome wont open still. But its no major problem. I did run the shortcut fixer and i think it fixed a few but most of the shortcuts were to programs / apps that were part of my problem. (Whitesmoke toolbar etc)

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-02-2014
Ran by Davis (administrator) on DAVIS-PC on 17-02-2014 10:16:09
Running from C:\Users\Davis\Desktop
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe
(TOSHIBA) C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.3.124.0\SeaPort.exe
(Google Inc.) C:\Users\Davis\AppData\Local\Temp\{7A7AF753-F5B5-491A-B6A6-EC417E7525F2}\GoogleUpdate.exe
(Google Inc.) C:\Users\Davis\AppData\Local\Temp\{7A7AF753-F5B5-491A-B6A6-EC417E7525F2}\GoogleUpdateSetup.exe
(Google Inc.) C:\Program Files\GUM17F3.tmp\GoogleUpdate.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\saUI.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil32_12_0_0_44_ActiveX.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [] - [X]
HKLM\...\Runonce: [AvgUninstallURL] - cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-lsf?lic=TlVIRDQtWUg5UEUtTzNQNEUtUVJERUstR0RKWjctVk9YVUw"&"inst=NzctMTIxODUzNjgzOS1GUDkyKzYtQkFSOUcrMS1GTCs5LVhPMzYrMS1DSUExMCsyLVNQMSsxLVNVUCs0LVRVRyszLVNQMVM0KzEtRERUKzAtTFNEKzItREQxMCsxLVNUMTBBUFArMS1QMTBNMTJDKzEtVTEwKzEtVEIrMS1GVUkrMi1QMTBUQisyLUVVTEErMS1TVFAxME0xMkNNKzEtU1QxMkFQUCsx"&"prod=55"&"ver=2012.0.1780"&"mid=84f5bd6a3a24b8b2df974b4dfa68e073-f53cc401da39bf00f11a57d79d9871e18aeaa71d
HKLM\...\RunOnce: [!DPLauncher] - "C:\Program Files\Microsoft\DefaultPack\DPLauncher.EXE" partner=p001 comb=12 [60048 2013-12-16] (© 2012 Microsoft Corporation)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-1847146488-4185065798-1427826158-1000\...\Run: [TOSCDSPD] - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [430080 2008-04-24] (TOSHIBA)
HKU\S-1-5-21-1847146488-4185065798-1427826158-1000\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-1847146488-4185065798-1427826158-1000\...\MountPoints2: F - F:\dilaunch.exe
HKU\S-1-5-21-1847146488-4185065798-1427826158-1000\...\MountPoints2: {2ccf1bce-e309-11dd-ad59-001e337f74f4} - D:\AutoRun.exe
HKU\S-1-5-21-1847146488-4185065798-1427826158-1000\...\MountPoints2: {2ccf1be2-e309-11dd-ad59-001e337f74f4} - D:\AutoRun.exe
HKU\S-1-5-21-1847146488-4185065798-1427826158-1000\...\MountPoints2: {3826e3e7-de63-11dd-b592-00216b461096} - D:\AutoRun.exe
HKU\S-1-5-21-1847146488-4185065798-1427826158-1000\...\MountPoints2: {3826e413-de63-11dd-b592-00216b461096} - D:\AutoRun.exe
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Georgie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Mrs georgia bolgar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.co.uk/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - DefaultScope {413EC48B-03FB-4AD2-8F18-1B3525B940BD} URL = http://www.google.com/search?source=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEA;
SearchScopes: HKLM - {413EC48B-03FB-4AD2-8F18-1B3525B940BD} URL = http://www.google.com/search?source=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEA;
SearchScopes: HKCU - DefaultScope {413EC48B-03FB-4AD2-8F18-1B3525B940BD} URL = http://www.google.com/search?source=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEA_en-GBGB308
SearchScopes: HKCU - ToolbarSearchProviderProgress {96bd48dd-741b-41ae-ac4a-aff96ba00f7e}
SearchScopes: HKCU - {413EC48B-03FB-4AD2-8F18-1B3525B940BD} URL = http://www.google.com/search?source=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEA_en-GBGB308
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=1I7TSEA_en-GBGB308
SearchScopes: HKCU - {70D46D94-BF1E-45ED-B567-48701376298E} URL = http://127.0.0.1:4664/search&s=PzUpTmDrCyJO6uiEzcPbAecchFQ?q={searchTerms}
BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: SMTTB2009 Class - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Pivot Stickfigure Toolbar\tbcore3.dll ()
Toolbar: HKLM - Pivot Stickfigure Toolbar - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\Pivot Stickfigure Toolbar\tbcore3.dll ()
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Pivot Stickfigure Toolbar - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\Pivot Stickfigure Toolbar\tbcore3.dll ()
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\PROGRA~1\INBOXT~1\Inbox.dll No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll No File
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: rebinfo - {AF808758-C780-404C-A4EE-4526323FD9B6} -  No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0\ViProtocol.dll No File
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Davis\AppData\Roaming\Mozilla\Firefox\Profiles\xzk1ljzw.default
FF DefaultSearchEngine: AVG Secure Search
FF SearchEngineOrder.1: Secure Search
FF SelectedSearchEngine: AVG Secure Search


FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\17.3.0\\npsitesafety.dll No File
FF Plugin: @checkpoint.com/FFApi - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll No File
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files\Yahoo!\Shared\npYState.dll No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Davis\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Davis\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Davis\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\Davis\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Davis\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Davis\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin ProgramFiles/Appdata: C:\Users\Davis\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Davis\AppData\Roaming\mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin ProgramFiles/Appdata: C:\Users\Davis\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files\McAfee\SiteAdvisor [2013-12-16]

Chrome:
=======
CHR Extension: (Google Docs) - C:\Users\Davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-16]
CHR Extension: (Google Drive) - C:\Users\Davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-16]
CHR Extension: (YouTube) - C:\Users\Davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-16]
CHR Extension: (Google Search) - C:\Users\Davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-16]
CHR Extension: (SiteAdvisor) - C:\Users\Davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2014-02-16]
CHR Extension: (Google Wallet) - C:\Users\Davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-16]
CHR Extension: (Gmail) - C:\Users\Davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-16]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx [2013-12-16]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

R2 avgfws; C:\Program Files\AVG\AVG2014\avgfws.exe [1358944 2013-09-24] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3788816 2014-01-22] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
S4 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2008-04-16] (TOSHIBA CORPORATION)
S4 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-06-14] (Google)
S4 McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [104880 2014-01-22] (McAfee, Inc.)
S4 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [235696 2014-01-16] (McAfee, Inc.)
S4 SmartFaceVWatchSrv; C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe [73728 2008-04-24] (Toshiba)
S4 TempoMonitoringService; C:\Program Files\Toshiba TEMPRO\TempoSVC.exe [99720 2008-04-24] (Toshiba Europe GmbH)
S4 TOSHIBA SMART Log Service; C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [126976 2007-12-03] (TOSHIBA Corporation)
S4 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.)

==================== Drivers (Whitelisted) ====================

R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [120600 2013-11-25] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6x.sys [47928 2013-09-26] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [210712 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [149272 2013-11-25] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [22808 2014-01-19] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [176952 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [222520 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [102712 2013-10-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27448 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [193848 2013-08-01] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [37664 2013-11-13] (AVG Technologies)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [30464 2014-02-14] ()
S3 UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [18432 2007-12-17] (Chicony Electronics Co., Ltd.)
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S1 SASDIFSV; \??\C:\Users\Davis\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV.SYS [X]
S1 SASKUTIL; \??\C:\Users\Davis\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL.SYS [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-17 10:16 - 2014-02-17 10:16 - 00021095 _____ () C:\Users\Davis\Desktop\FRST.txt
2014-02-17 10:14 - 2014-02-17 10:15 - 01141248 _____ (Farbar) C:\Users\Davis\Desktop\FRST.exe
2014-02-17 10:04 - 2014-02-17 10:04 - 00001976 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-17 10:03 - 2014-02-17 10:03 - 49940480 _____ () C:\Program Files\GUT1813.tmp
2014-02-17 10:03 - 2014-02-17 10:03 - 00000000 ____D () C:\Program Files\GUM17F3.tmp
2014-02-17 08:27 - 2014-02-17 08:27 - 00001209 _____ () C:\Users\Davis\Desktop\RKreport[0]_SC_02172014_082701.txt
2014-02-17 08:07 - 2014-02-17 08:07 - 00007818 _____ () C:\Users\Davis\Desktop\Eset online scanner.txt
2014-02-16 20:57 - 2014-02-16 20:57 - 00000000 ____D () C:\Users\Davis\AppData\Local\CrashDumps
2014-02-16 20:49 - 2014-02-16 20:49 - 01070592 _____ () C:\Users\Davis\Downloads\MicrosoftFixit50569(1).msi
2014-02-16 20:45 - 2014-02-16 20:46 - 01070592 _____ () C:\Users\Davis\Downloads\MicrosoftFixit50569.msi
2014-02-16 20:07 - 2014-02-16 20:07 - 01050624 _____ () C:\Users\Davis\Downloads\MicrosoftFixit50511.msi
2014-02-15 22:10 - 2014-02-17 10:16 - 00000000 ____D () C:\FRST
2014-02-15 20:27 - 2013-10-18 01:11 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-02-15 20:26 - 2014-02-15 20:26 - 00000000 ____D () C:\Program Files\HiJackThis
2014-02-15 20:07 - 2014-02-15 20:07 - 00109508 _____ () C:\Users\Public\Desktop\sample_022014_2007.zip
2014-02-15 19:49 - 2014-02-15 20:32 - 00147029 _____ () C:\zoek-results.log
2014-02-15 19:44 - 2014-02-15 20:23 - 00000000 ____D () C:\zoek_backup
2014-02-15 19:40 - 2014-02-15 19:41 - 00000000 ____D () C:\Users\Davis\Desktop\zoek
2014-02-15 19:40 - 2014-02-15 19:38 - 04088082 _____ () C:\Users\Davis\Desktop\zoek.zip
2014-02-15 15:36 - 2014-02-15 15:36 - 00002101 _____ () C:\Users\Davis\Desktop\RKreport[0]_S_02152014_153625.txt
2014-02-15 15:19 - 2014-02-17 08:25 - 00000000 ____D () C:\Users\Davis\Desktop\RK_Quarantine
2014-02-15 15:17 - 2014-02-15 15:08 - 03813376 _____ () C:\Users\Davis\Desktop\RogueKiller.exe
2014-02-15 10:11 - 2014-02-15 10:11 - 372136236 _____ () C:\Windows\MEMORY.DMP
2014-02-15 10:11 - 2014-02-15 10:11 - 00143248 _____ () C:\Windows\Minidump\Mini021514-01.dmp
2014-02-14 22:15 - 2014-02-14 22:15 - 00000000 ____D () C:\Windows\SoftwareDistribution.old
2014-02-14 21:13 - 2014-02-14 21:13 - 00000000 ____D () C:\Users\Davis\AppData\Roaming\SUPERAntiSpyware.com
2014-02-14 21:13 - 2014-02-14 21:13 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-02-14 21:01 - 2014-02-14 21:01 - 00041736 _____ () C:\Windows\system32\.crusader
2014-02-14 20:49 - 2014-02-14 21:10 - 00030464 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2014-02-14 20:49 - 2014-02-14 21:01 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-02-14 20:32 - 2014-02-14 20:32 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-14 20:11 - 2014-02-14 20:11 - 00688992 ____R (Swearware) C:\Users\Davis\Desktop\dds.com
2014-02-14 19:53 - 2014-02-14 19:53 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-02-14 19:23 - 2014-02-14 19:23 - 00000000 ____D () C:\Windows\ERUNT
2014-02-14 18:52 - 2014-02-14 18:55 - 00000087 _____ () C:\Windows\system32\zerobyte_files_deleted.txt
2014-02-14 18:52 - 2014-02-14 18:54 - 00000095 _____ () C:\Windows\zerobyte_files_deleted.txt
2014-02-12 17:49 - 2014-02-12 17:49 - 00000000 ____D () C:\Support
2014-02-11 09:47 - 2014-02-11 09:47 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-02-04 20:13 - 2014-02-04 20:13 - 01069512 _____ (Solid State Networks) C:\Users\Davis\Downloads\install_flashplayer12x32au_mssd_awc_aih.exe
2014-02-04 14:40 - 2014-02-04 14:40 - 00001669 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-02-04 14:39 - 2014-02-04 14:40 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-02-04 14:39 - 2014-02-04 14:40 - 00000000 ____D () C:\Program Files\iTunes
2014-02-04 14:39 - 2014-02-04 14:39 - 00000000 ____D () C:\Program Files\iPod
2014-01-29 21:01 - 2014-02-04 15:12 - 00000000 ____D () C:\ProgramData\toppbuyero
2014-01-29 21:01 - 2014-02-04 15:12 - 00000000 ____D () C:\ProgramData\DeuaalsFiindeorrPro
2014-01-20 16:25 - 2014-01-20 16:26 - 01069512 _____ (Solid State Networks) C:\Users\Davis\Downloads\install_flashplayer12x32au_mssa_awc_aih.exe
2014-01-19 21:46 - 2014-01-19 21:46 - 00022808 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsshimx.sys

==================== One Month Modified Files and Folders =======

2014-02-17 10:16 - 2014-02-17 10:16 - 00021095 _____ () C:\Users\Davis\Desktop\FRST.txt
2014-02-17 10:16 - 2014-02-15 22:10 - 00000000 ____D () C:\FRST
2014-02-17 10:15 - 2014-02-17 10:14 - 01141248 _____ (Farbar) C:\Users\Davis\Desktop\FRST.exe
2014-02-17 10:15 - 2009-09-29 15:06 - 00000422 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{7DB64578-8B9B-4A26-8F64-DF64F6338DB0}.job
2014-02-17 10:12 - 2013-11-17 15:58 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-17 10:12 - 2012-12-10 22:15 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-02-17 10:04 - 2014-02-17 10:04 - 00001976 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-17 10:03 - 2014-02-17 10:03 - 49940480 _____ () C:\Program Files\GUT1813.tmp
2014-02-17 10:03 - 2014-02-17 10:03 - 00000000 ____D () C:\Program Files\GUM17F3.tmp
2014-02-17 10:03 - 2008-07-01 15:13 - 00000000 ____D () C:\Program Files\Google
2014-02-17 10:01 - 2012-05-24 20:05 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-17 10:00 - 2010-01-30 19:08 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-17 09:55 - 2009-09-14 20:51 - 01884319 _____ () C:\Windows\WindowsUpdate.log
2014-02-17 09:35 - 2011-03-02 11:17 - 00000000 ____D () C:\ProgramData\MFAData
2014-02-17 09:31 - 2012-12-11 17:26 - 00000940 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1003UA.job
2014-02-17 09:22 - 2012-12-08 22:05 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1000Core.job
2014-02-17 09:22 - 2010-01-30 19:08 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-17 09:22 - 2006-11-02 13:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-17 09:22 - 2006-11-02 12:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-17 09:22 - 2006-11-02 12:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-17 08:27 - 2014-02-17 08:27 - 00001209 _____ () C:\Users\Davis\Desktop\RKreport[0]_SC_02172014_082701.txt
2014-02-17 08:25 - 2014-02-15 15:19 - 00000000 ____D () C:\Users\Davis\Desktop\RK_Quarantine
2014-02-17 08:19 - 2012-12-08 22:05 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1000UA.job
2014-02-17 08:07 - 2014-02-17 08:07 - 00007818 _____ () C:\Users\Davis\Desktop\Eset online scanner.txt
2014-02-17 07:36 - 2012-01-08 16:05 - 00000926 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1000UA.job
2014-02-17 05:47 - 2012-12-11 17:43 - 00000960 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1003UA.job
2014-02-16 22:36 - 2012-01-08 16:05 - 00000904 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1000Core.job
2014-02-16 20:57 - 2014-02-16 20:57 - 00000000 ____D () C:\Users\Davis\AppData\Local\CrashDumps
2014-02-16 20:56 - 2013-01-23 16:30 - 00000000 ____D () C:\Users\Mrs georgia bolgar
2014-02-16 20:56 - 2012-12-02 09:47 - 00000000 ____D () C:\Users\Georgia davis
2014-02-16 20:56 - 2010-10-15 19:05 - 00000000 ____D () C:\Users\Guest
2014-02-16 20:56 - 2009-09-27 17:59 - 00000000 ____D () C:\Users\Georgie
2014-02-16 20:56 - 2008-12-28 18:57 - 00000000 ____D () C:\Users\Davis
2014-02-16 20:56 - 2006-11-02 11:18 - 00000000 ___RD () C:\Users\Public
2014-02-16 20:49 - 2014-02-16 20:49 - 01070592 _____ () C:\Users\Davis\Downloads\MicrosoftFixit50569(1).msi
2014-02-16 20:46 - 2014-02-16 20:45 - 01070592 _____ () C:\Users\Davis\Downloads\MicrosoftFixit50569.msi
2014-02-16 20:07 - 2014-02-16 20:07 - 01050624 _____ () C:\Users\Davis\Downloads\MicrosoftFixit50511.msi
2014-02-16 09:16 - 2006-11-02 13:01 - 00032614 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-02-16 09:05 - 2011-09-07 17:08 - 00000000 ____D () C:\Users\Davis\AppData\Local\PMB Files
2014-02-16 09:05 - 2011-02-05 14:20 - 00000000 ____D () C:\Windows\pss
2014-02-15 23:09 - 2006-11-02 11:18 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-02-15 20:32 - 2014-02-15 19:49 - 00147029 _____ () C:\zoek-results.log
2014-02-15 20:30 - 2013-01-10 19:39 - 00059246 _____ () C:\Windows\PFRO.log
2014-02-15 20:26 - 2014-02-15 20:26 - 00000000 ____D () C:\Program Files\HiJackThis
2014-02-15 20:23 - 2014-02-15 19:44 - 00000000 ____D () C:\zoek_backup
2014-02-15 20:07 - 2014-02-15 20:07 - 00109508 _____ () C:\Users\Public\Desktop\sample_022014_2007.zip
2014-02-15 19:41 - 2014-02-15 19:40 - 00000000 ____D () C:\Users\Davis\Desktop\zoek
2014-02-15 19:38 - 2014-02-15 19:40 - 04088082 _____ () C:\Users\Davis\Desktop\zoek.zip
2014-02-15 19:35 - 2012-12-11 17:43 - 00000938 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1003Core.job
2014-02-15 19:35 - 2012-12-11 17:26 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1003Core.job
2014-02-15 15:36 - 2014-02-15 15:36 - 00002101 _____ () C:\Users\Davis\Desktop\RKreport[0]_S_02152014_153625.txt
2014-02-15 15:13 - 2010-09-25 09:49 - 00000008 ___RS () C:\Users\Davis\ntuser.pol
2014-02-15 15:08 - 2014-02-15 15:17 - 03813376 _____ () C:\Users\Davis\Desktop\RogueKiller.exe
2014-02-15 10:11 - 2014-02-15 10:11 - 372136236 _____ () C:\Windows\MEMORY.DMP
2014-02-15 10:11 - 2014-02-15 10:11 - 00143248 _____ () C:\Windows\Minidump\Mini021514-01.dmp
2014-02-15 10:11 - 2010-04-09 21:06 - 00000000 ____D () C:\Windows\Minidump
2014-02-15 09:04 - 2006-11-02 12:47 - 00407168 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-02-14 22:43 - 2012-03-13 18:03 - 00115752 _____ () C:\Users\Davis\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-14 22:15 - 2014-02-14 22:15 - 00000000 ____D () C:\Windows\SoftwareDistribution.old
2014-02-14 21:22 - 2011-10-12 16:05 - 00000000 ____D () C:\Program Files\Pivot Stickfigure Toolbar
2014-02-14 21:13 - 2014-02-14 21:13 - 00000000 ____D () C:\Users\Davis\AppData\Roaming\SUPERAntiSpyware.com
2014-02-14 21:13 - 2014-02-14 21:13 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-02-14 21:10 - 2014-02-14 20:49 - 00030464 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2014-02-14 21:01 - 2014-02-14 21:01 - 00041736 _____ () C:\Windows\system32\.crusader
2014-02-14 21:01 - 2014-02-14 20:49 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-02-14 20:42 - 2008-07-01 15:05 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-02-14 20:37 - 2006-11-02 10:33 - 00005526 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-14 20:32 - 2014-02-14 20:32 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-14 20:32 - 2013-04-05 18:48 - 00005604 _____ () C:\Windows\setupact.log
2014-02-14 20:11 - 2014-02-14 20:11 - 00688992 ____R (Swearware) C:\Users\Davis\Desktop\dds.com
2014-02-14 19:53 - 2014-02-14 19:53 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-02-14 19:53 - 2012-03-13 12:24 - 00000911 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-14 19:23 - 2014-02-14 19:23 - 00000000 ____D () C:\Windows\ERUNT
2014-02-14 18:55 - 2014-02-14 18:52 - 00000087 _____ () C:\Windows\system32\zerobyte_files_deleted.txt
2014-02-14 18:55 - 2006-11-02 11:18 - 00000000 __RHD () C:\Users\Default
2014-02-14 18:54 - 2014-02-14 18:52 - 00000095 _____ () C:\Windows\zerobyte_files_deleted.txt
2014-02-14 18:14 - 2013-10-01 15:27 - 00000847 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-02-14 17:17 - 2013-01-29 21:00 - 00006144 _____ () C:\Users\Mrs georgia bolgar\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-02-14 16:56 - 2006-11-02 11:18 - 00000000 ____D () C:\Windows\system32\CatRoot2.old
2014-02-12 17:49 - 2014-02-12 17:49 - 00000000 ____D () C:\Support
2014-02-11 15:42 - 2013-12-16 19:57 - 00000000 ____D () C:\Program Files\McAfee
2014-02-11 09:47 - 2014-02-11 09:47 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-02-11 09:47 - 2012-12-04 16:01 - 00001924 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2014-02-08 12:35 - 2012-05-24 20:05 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-02-08 12:35 - 2011-12-13 09:18 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-02-04 20:13 - 2014-02-04 20:13 - 01069512 _____ (Solid State Networks) C:\Users\Davis\Downloads\install_flashplayer12x32au_mssd_awc_aih.exe
2014-02-04 15:12 - 2014-01-29 21:01 - 00000000 ____D () C:\ProgramData\toppbuyero
2014-02-04 15:12 - 2014-01-29 21:01 - 00000000 ____D () C:\ProgramData\DeuaalsFiindeorrPro
2014-02-04 14:40 - 2014-02-04 14:40 - 00001669 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-02-04 14:40 - 2014-02-04 14:39 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-02-04 14:40 - 2014-02-04 14:39 - 00000000 ____D () C:\Program Files\iTunes
2014-02-04 14:39 - 2014-02-04 14:39 - 00000000 ____D () C:\Program Files\iPod
2014-02-04 14:39 - 2010-02-27 17:48 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-02-04 14:33 - 2010-02-27 17:48 - 00000000 ____D () C:\ProgramData\Apple
2014-01-26 16:20 - 2012-12-08 22:06 - 00000000 ____D () C:\Users\Davis\AppData\Roaming\Mozilla
2014-01-26 16:20 - 2008-12-28 19:03 - 00000000 ____D () C:\Users\Davis\AppData\Local\Google
2014-01-24 20:23 - 2013-01-23 16:30 - 00000949 _____ () C:\Users\Mrs georgia bolgar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-01-20 16:26 - 2014-01-20 16:25 - 01069512 _____ (Solid State Networks) C:\Users\Davis\Downloads\install_flashplayer12x32au_mssa_awc_aih.exe
2014-01-19 21:46 - 2014-01-19 21:46 - 00022808 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsshimx.sys

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-17 09:29

==================== End Of Log ============================

 

Farbar Service Scanner Version: 16-02-2014
Ran by Davis (administrator) on 17-02-2014 at 10:20:49
Running from "C:\Users\Davis\Desktop"
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2013-08-19 13:37] - [2013-07-05 03:20] - 0914880 ____A (Microsoft Corporation) 6D0D344F643E28B31262AC2682109A3C

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

Link to post
Share on other sites

I`ve attached a zip file named WinDefend.zip, d/l and extract to you Desktop. You should now have a registry file named WinDefend.reg. Double click to run that file, accept any alerts. Reboot and see if Windows Defender now works....

 

Next,

 

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Next,

 

Download Services Repair tool, available here - http://kb.eset.com/library/ESET/KB%20Team%20Only/Malware/ServicesRepair.exe and Save it to your Desktop. Right click on it and select Run As Administrator, follow the prompts. It should reboot when it finishes. If not reboot it yourself.

 

When the re-boot completes check your system and see how it responds, what issues concerns remain etc...

 

Kevin

fixlist.txt

WinDefend.zip

Link to post
Share on other sites

Hi, ive run all that, defender starts now but wont update. error message Code 0xc000247 i have got avg internet security installed so i dont believe defender is important, but thats the error message.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 16-02-2014
Ran by Davis at 2014-02-17 13:52:10 Run:2
Running from C:\Users\Davis\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
HKU\S-1-5-21-1847146488-4185065798-1427826158-1000\...\MountPoints2: F - F:\dilaunch.exe
HKU\S-1-5-21-1847146488-4185065798-1427826158-1000\...\MountPoints2: {2ccf1bce-e309-11dd-ad59-001e337f74f4} - D:\AutoRun.exe
HKU\S-1-5-21-1847146488-4185065798-1427826158-1000\...\MountPoints2: {2ccf1be2-e309-11dd-ad59-001e337f74f4} - D:\AutoRun.exe
HKU\S-1-5-21-1847146488-4185065798-1427826158-1000\...\MountPoints2: {3826e3e7-de63-11dd-b592-00216b461096} - D:\AutoRun.exe
HKU\S-1-5-21-1847146488-4185065798-1427826158-1000\...\MountPoints2: {3826e413-de63-11dd-b592-00216b461096} - D:\AutoRun.exe
Toolbar: HKLM - Pivot Stickfigure Toolbar - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\Pivot Stickfigure Toolbar\tbcore3.dll ()
Toolbar: HKCU - Pivot Stickfigure Toolbar - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\Pivot Stickfigure Toolbar\tbcore3.dll ()
C:\Program Files\Pivot Stickfigure Toolbar
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S1 SASDIFSV; \??\C:\Users\Davis\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV.SYS [X]
S1 SASKUTIL; \??\C:\Users\Davis\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL.SYS [X]
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
End
*****************

HKU\1\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\S-1-5-21-1847146488-4185065798-1427826158-1000 => Key not found.
HKU\1\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2ccf1bce-e309-11dd-ad59-001e337f74f4} => Key not found.
HKCR\CLSID\{2ccf1bce-e309-11dd-ad59-001e337f74f4} => Key not found.
HKU\1\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2ccf1be2-e309-11dd-ad59-001e337f74f4} => Key not found.
HKCR\CLSID\{2ccf1be2-e309-11dd-ad59-001e337f74f4} => Key not found.
HKU\1\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3826e3e7-de63-11dd-b592-00216b461096} => Key not found.
HKCR\CLSID\{3826e3e7-de63-11dd-b592-00216b461096} => Key not found.
HKU\1\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3826e413-de63-11dd-b592-00216b461096} => Key not found.
HKCR\CLSID\{3826e413-de63-11dd-b592-00216b461096} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{338B4DFE-2E2C-4338-9E41-E176D497299E} => Value deleted successfully.
HKCR\CLSID\{338B4DFE-2E2C-4338-9E41-E176D497299E} => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{338B4DFE-2E2C-4338-9E41-E176D497299E} => Value deleted successfully.
HKCR\CLSID\{338B4DFE-2E2C-4338-9E41-E176D497299E} => Key not found.
C:\Program Files\Pivot Stickfigure Toolbar => Moved successfully.
HKLM\SOFTWARE\Policies\Google => Key deleted successfully.
hwdatacard => Service deleted successfully.
IpInIp => Service deleted successfully.
NwlnkFlt => Service deleted successfully.
NwlnkFwd => Service deleted successfully.
SASDIFSV => Service deleted successfully.
SASKUTIL => Service deleted successfully.
C:\ProgramData\TEMP => ":373E1720" ADS removed successfully.

==== End of Fixlog ====

 

Thanks

Link to post
Share on other sites

Run the following, post its log when complete,

 

Please download Portable Windows Repair (all in one) from one of the following:

 

http://www.tweaking.com/content/page/windows_repair_all_in_one.html

http://www.majorgeeks.com/Tweaking.com_-_Windows_Repair_Portable_d7222.html

http://www.bleepingcomputer.com/download/windows-repair-all-in-one-portable/

 

Unzip the contents into a newly created folder on your desktop.

 

Open the folder, run the tool by right click on Repair_Windows (icon with red briefcase) select "Run as Administrator"

 

 

Tweak1_zps10f67b3e.jpg

 

 

From the main GUI do the following:

 

 

Select Tab 3 and allow it to run SFC

 

 

Tweak3_zps64a1b448.jpg

 

 

Select Tab 4 and Create System Restore Point

 

 

Tweak4_zps98ef6707.jpg

 

 

Select Repairs tab => Click the Start

 

 

Tweak5_zps71b85f1c.jpg

 

 

The repairs window will open, Check the boxes as indicated, also the "Restart" options, the select Start...

 

 

Tweak9-1.png

 

DON'T use the computer while each scan is in progress.

 

Post the log, to access select “settings” tab > “open log folder” tab, log will be named _Windows_Repair_Log

Link to post
Share on other sites

Hi, here is the log from windows repair.

 

System Variables
--------------------------------------------------------------------------------
OS: Windows Vista Home Premium
OS Architecture: 32-bit
OS Version: 6.0.6002
OS Service Pack: Service Pack 2
Computer Name: DAVIS-PC
Windows Drive: C:\
Windows Path: C:\Windows
Current Profile: C:\Users\Davis
Current Profile SID: S-1-5-21-1847146488-4185065798-1427826158-1000
Current Profile Classes: S-1-5-21-1847146488-4185065798-1427826158-1000_Classes
Profiles Location: C:\Users
Profiles Location 2: C:\Windows\ServiceProfiles
Local Settings AppData: C:\Users\Davis\AppData\Local
--------------------------------------------------------------------------------

Starting Repairs...
   Start (18/02/2014 09:41:49)

01 - Reset Registry Permissions 01/03
   HKEY_CURRENT_USER & Sub Keys
   Start (18/02/2014 09:41:49)
   Running Repair Under Current User Account
   Done (18/02/2014 09:41:54)

01 - Reset Registry Permissions 02/03
   HKEY_LOCAL_MACHINE & Sub Keys
   Start (18/02/2014 09:41:54)
   Running Repair Under System Account
   Done (18/02/2014 09:46:12)

01 - Reset Registry Permissions 03/03
   HKEY_CLASSES_ROOT & Sub Keys
   Start (18/02/2014 09:46:12)
   Running Repair Under System Account
   Done (18/02/2014 09:47:11)

02 - Reset File Permissions 01/12
   C:\$AVG & Sub Folders
   Start (18/02/2014 09:47:11)
   Running Repair Under System Account
   Done (18/02/2014 09:47:21)

02 - Reset File Permissions 02/12
   C:\Boot & Sub Folders
   Start (18/02/2014 09:47:21)
   Running Repair Under System Account
   Done (18/02/2014 09:47:24)

02 - Reset File Permissions 03/12
   C:\FRST & Sub Folders
   Start (18/02/2014 09:47:24)
   Running Repair Under System Account
   Done (18/02/2014 09:47:26)

02 - Reset File Permissions 04/12
   C:\Intel & Sub Folders
   Start (18/02/2014 09:47:26)
   Running Repair Under System Account
   Done (18/02/2014 09:47:29)

02 - Reset File Permissions 05/12
   C:\MSOCache & Sub Folders
   Start (18/02/2014 09:47:29)
   Running Repair Under System Account
   Done (18/02/2014 09:47:31)

02 - Reset File Permissions 06/12
   C:\Program Files & Sub Folders
   Start (18/02/2014 09:47:31)
   Running Repair Under System Account
   Done (18/02/2014 09:49:15)

02 - Reset File Permissions 07/12
   C:\ProgramData & Sub Folders
   Start (18/02/2014 09:49:15)
   Running Repair Under System Account
   Done (18/02/2014 09:49:40)

02 - Reset File Permissions 08/12
   C:\Support & Sub Folders
   Start (18/02/2014 09:49:40)
   Running Repair Under System Account
   Done (18/02/2014 09:49:42)

02 - Reset File Permissions 09/12
   C:\Toshiba & Sub Folders
   Start (18/02/2014 09:49:42)
   Running Repair Under System Account
   Done (18/02/2014 09:49:49)

02 - Reset File Permissions 10/12
   C:\Windows & Sub Folders
   Start (18/02/2014 09:49:49)
   Running Repair Under System Account
   Done (18/02/2014 09:55:06)

02 - Reset File Permissions 11/12
   C:\Works & Sub Folders
   Start (18/02/2014 09:55:06)
   Running Repair Under System Account
   Done (18/02/2014 09:55:12)

02 - Reset File Permissions 12/12
   C:\zoek_backup & Sub Folders
   Start (18/02/2014 09:55:12)
   Running Repair Under System Account
   Done (18/02/2014 09:55:29)

02 - Reset File Permissions 01/05
   E:\aafc74bbf5b4ac77b32fe4 & Sub Folders
   Start (18/02/2014 09:55:29)
   Running Repair Under System Account
   Done (18/02/2014 09:55:31)

02 - Reset File Permissions 02/05
   E:\Firefox & Sub Folders
   Start (18/02/2014 09:55:32)
   Running Repair Under System Account
   Done (18/02/2014 09:55:34)

02 - Reset File Permissions 03/05
   E:\Georgia & Sub Folders
   Start (18/02/2014 09:55:34)
   Running Repair Under System Account
   Done (18/02/2014 09:55:36)

02 - Reset File Permissions 04/05
   E:\Google Desktop Data & Sub Folders
   Start (18/02/2014 09:55:36)
   Running Repair Under System Account
   Done (18/02/2014 09:55:39)

02 - Reset File Permissions 05/05
   E:\HDDRecovery & Sub Folders
   Start (18/02/2014 09:55:39)
   Running Repair Under System Account
   Done (18/02/2014 09:55:41)

02 - Reset File Permissions: Cleanup
    & Sub Folders
   Start (18/02/2014 09:55:41)
   Running Repair Under System Account
Processing ACL of: <\\?\C:\Documents and Settings>

SetACL finished successfully.
Processing ACL of: <\\?\C:\ProgramData\Application Data>

SetACL finished successfully.
Processing ACL of: <\\?\C:\ProgramData\Desktop>

SetACL finished successfully.
Processing ACL of: <\\?\C:\ProgramData\Documents>

SetACL finished successfully.
Processing ACL of: <\\?\C:\ProgramData\Favorites>

SetACL finished successfully.
Processing ACL of: <\\?\C:\ProgramData\Start Menu>

SetACL finished successfully.
Processing ACL of: <\\?\C:\ProgramData\Templates>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\All Users\Application Data>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\All Users\Desktop>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\All Users\Documents>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\All Users\Favorites>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\All Users\Start Menu>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\All Users\Templates>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default User>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\Application Data>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\Cookies>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\Local Settings>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\My Documents>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\NetHood>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\PrintHood>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\Recent>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\SendTo>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\Start Menu>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\Templates>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\AppData\Local\Application Data>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\AppData\Local\History>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\AppData\Local\Temporary Internet Files>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\Documents\My Music>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\Documents\My Pictures>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\Documents\My Videos>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Davis\Application Data>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Davis\Cookies>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Davis\Local Settings>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Davis\My Documents>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Davis\NetHood>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Davis\PrintHood>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Davis\Recent>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Davis\SendTo>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Davis\Start Menu>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Davis\Templates>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Davis\AppData\Local\Application Data>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Davis\AppData\Local\History>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Davis\AppData\Local\Temporary Internet Files>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Davis\Documents\My Music>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Davis\Documents\My Pictures>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Davis\Documents\My Videos>

SetACL finished successfully.
   Done (18/02/2014 09:55:46)

03 - Register System Files
   Start (18/02/2014 09:55:46)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (18/02/2014 09:56:10)

04 - Repair WMI
   Start (18/02/2014 09:56:10)
   Running Repair Under Current User Account
   Done (18/02/2014 09:58:23)

05 - Repair Windows Firewall
   Start (18/02/2014 09:58:23)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (18/02/2014 09:59:03)

06 - Repair Internet Explorer
   Start (18/02/2014 09:59:03)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (18/02/2014 09:59:27)

07 - Repair MDAC/MS Jet
   Start (18/02/2014 09:59:27)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (18/02/2014 09:59:48)

08 - Repair Hosts File
   Start (18/02/2014 09:59:48)
   Running Repair Under System Account
   Done (18/02/2014 09:59:51)

09 - Remove Policies Set By Infections
   Start (18/02/2014 09:59:51)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (18/02/2014 09:59:55)

10 - Repair Missing Start Menu Icons Removed By Infections
   Start (18/02/2014 09:59:55)
   Running Repair Under System Account
   Done (18/02/2014 09:59:58)

11 - Repair Icons
   Start (18/02/2014 09:59:58)
   Running Repair Under System Account
   Done (18/02/2014 10:00:00)

12 - Repair Winsock & DNS Cache
   Start (18/02/2014 10:00:00)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (18/02/2014 10:00:13)

13 - Remove Temp Files
   Start (18/02/2014 10:00:13)
   Running Repair Under System Account
   Done (18/02/2014 10:00:16)

14 - Repair Proxy Settings
   Start (18/02/2014 10:00:16)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (18/02/2014 10:00:20)

15 - Unhide Non System Files
   Start (18/02/2014 10:00:20)
   C:\ - Total Files Unhidden: 277 - Check Unhidden_Files.txt for list of files unhidden
   E:\ - Total Files Unhidden: 0 - Check Unhidden_Files.txt for list of files unhidden
   Done (18/02/2014 10:02:43)

16 - Repair Windows Updates
   Start (18/02/2014 10:02:43)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (18/02/2014 10:03:09)

17 - Repair CD/DVD Missing/Not Working
   Start (18/02/2014 10:03:09)
   iTunes was found, adding UpperFilters for iTunes Reg Key
   UpperFilters added?: True
   Done (18/02/2014 10:03:09)

18 - Repair Volume Shadow Copy Service
   Start (18/02/2014 10:03:09)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (18/02/2014 10:03:24)

19 - Repair Windows Sidebar/Gadgets
   Start (18/02/2014 10:03:24)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (18/02/2014 10:03:29)

20 - Repair MSI (Windows Installer)
   Start (18/02/2014 10:03:29)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (18/02/2014 10:03:40)

21 - Repair Windows Snipping Tool
   Start (18/02/2014 10:03:40)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (18/02/2014 10:03:45)

22.01 - Repair bat Association
   Start (18/02/2014 10:03:45)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (18/02/2014 10:03:50)

22.02 - Repair cmd Association
   Start (18/02/2014 10:03:50)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (18/02/2014 10:03:54)

22.03 - Repair com Association
   Start (18/02/2014 10:03:54)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (18/02/2014 10:03:59)

22.04 - Repair Directory Association
   Start (18/02/2014 10:03:59)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (18/02/2014 10:04:04)

22.05 - Repair Drive Association
   Start (18/02/2014 10:04:04)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (18/02/2014 10:04:09)

22.06 - Repair exe Association
   Start (18/02/2014 10:04:09)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (18/02/2014 10:04:13)

22.07 - Repair Folder Association
   Start (18/02/2014 10:04:13)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (18/02/2014 10:04:18)

22.08 - Repair inf Association
   Start (18/02/2014 10:04:18)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (18/02/2014 10:04:23)

22.09 - Repair lnk (Shortcuts) Association
   Start (18/02/2014 10:04:23)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (18/02/2014 10:04:28)

22.10 - Repair msc Association
   Start (18/02/2014 10:04:28)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (18/02/2014 10:04:33)

22.11 - Repair reg Association
   Start (18/02/2014 10:04:33)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (18/02/2014 10:04:37)

22.12 - Repair scr Association
   Start (18/02/2014 10:04:37)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (18/02/2014 10:04:42)

23 - Repair Windows Safe Mode
   Start (18/02/2014 10:04:42)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (18/02/2014 10:04:49)

24 - Repair Print Spooler
   Start (18/02/2014 10:04:49)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (18/02/2014 10:05:02)

25 - Restore Important Windows Services
   Start (18/02/2014 10:05:02)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (18/02/2014 10:05:19)

26 - Set Windows Services To Default Startup
   Start (18/02/2014 10:05:19)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (18/02/2014 10:05:30)

Cleaning up empty logs...

All Selected Repairs Done.
   Done (18/02/2014 10:05:30)
   Total Repair Time: 00:23:41


...YOU MUST RESTART YOUR SYSTEM...
   Running Repair Under Current User Account
 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×