jeffdavis Posted February 15, 2014 ID:791540 Share Posted February 15, 2014 Hi, i hope you can help me. i have a laptop that seems to be very badly infected with malware, viruses etc. I have tried to run DDS but it gets stuck at about 3/4 done and then the laptop shuts down suddenly and restarts with windows recovered from an unexpected shutdown message, i am not on it at the moment as web pages shut suddenly and redirect to random sites whle surfing. So no logs im afraid to show you. I did run a program called rkill to stop malware running but it took ages and DDS still didnt complete afterwards. I was intending to reformat and start again but dont know if any malware is hidden in my documents if i were to back them up. Regards Jeff Link to post Share on other sites More sharing options...
kevinf80 Posted February 15, 2014 ID:791576 Share Posted February 15, 2014 What version of Windows do you have installed. Link to post Share on other sites More sharing options...
jeffdavis Posted February 15, 2014 Author ID:791577 Share Posted February 15, 2014 Its windows vista, i have tried to run as administrator by right clicking but the option isnt there. Thanks Link to post Share on other sites More sharing options...
kevinf80 Posted February 15, 2014 ID:791579 Share Posted February 15, 2014 If you have USB memory stick do the following and post the produced log.. Please download Farbar Recovery Scan Tool from here: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/save it to a USB flash drive. Ensure to get the correct version for your system, 32 bit or 64 bit Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. Plug the flash drive into the infected PC. If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt Here: http://www.bleepingcomputer.com/tutorials/windows-8-recovery-environment-command-prompt/ to enter System Recovery Command prompt. If you are using Vista or Windows 7 enter System Recovery Options. Plug the flashdrive into the infected PC. Enter System Recovery Options I give two methods, use whichever is convenient for you. To enter System Recovery Options from the Advanced Boot Options: Restart the computer. As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears. Use the arrow keys to select the Repair your computer menu item. Select Your Country as the keyboard language settings, and then click Next. Select the operating system you want to repair, and then click Next. Select your user account an click Next. To enter System Recovery Options by using Windows installation disc: Insert the installation disc. Restart your computer. If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings. Click Repair your computer. Select Your Country as the keyboard language settings, and then click Next. Select the operating system you want to repair, and then click Next. Select your user account and click Next. On the System Recovery Options menu you will get the following options:Startup RepairSystem RestoreWindows Complete PC RestoreWindows Memory Diagnostic ToolCommand Prompt Select Command Prompt In the command window type in notepad and press Enter. The notepad opens. Under File menu select Open. Select "Computer" and find your flash drive letter and close the notepad. In the command window type e:\frst64 or e:\frst depending on your version. Press Enter Note: Replace letter e with the drive letter of your flash drive. The tool will start to run. When the tool opens click Yes to disclaimer. Press Scan button. It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply. Kevin Link to post Share on other sites More sharing options...
jeffdavis Posted February 15, 2014 Author ID:791591 Share Posted February 15, 2014 Hi this is the scan result. Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-02-2014 01Ran by SYSTEM on MINWINPC on 15-02-2014 14:10:53Running from G:\Windows Vista Home Premium Service Pack 1 (X86) OS Language: English(US)Internet Explorer Version 9Boot Mode: RecoveryThe current controlset is ControlSet001ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.The only official download link for FRST:Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/==================== Registry (Whitelisted) ==================HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1029416 2007-12-06] (Synaptics, Inc.)HKLM\...\Run: [NDSTray.exe] - NDSTray.exeHKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [6037504 2008-04-08] (Realtek Semiconductor)HKLM\...\Run: [skytel] - C:\Windows\Skytel.exe [1826816 2007-11-20] (Realtek Semiconductor Corp.)HKLM\...\Run: [HDMICtrlMan] - C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe [716800 2008-04-26] (TOSHIBA Corporation.)HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [431456 2008-01-17] (TOSHIBA Corporation)HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)HKLM\...\Run: [Toshiba TEMPO] - C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe [103824 2008-04-24] (Toshiba Europe GmbH)HKLM\...\Run: [] - [X]HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-01-20] (Apple Inc.)HKLM\...\Run: [vProt] - C:\Program Files\AVG Secure Search\vprot.exe [2552856 2014-02-04] ()HKLM\...\Run: [AVG_UI] - C:\Program Files\AVG\AVG2014\avgui.exe [4962320 2014-01-22] (AVG Technologies CZ, s.r.o.)HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-04-30] (Apple Inc.)HKLM\...\Run: [mobilegeni daemon] - C:\Program Files\Mobogenie\DaemonProcess.exe [738496 2013-10-18] ()HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-01-20] (Apple Inc.)HKLM\...\Runonce: [AvgUninstallURL] - cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-lsf?lic=TlVIRDQtWUg5UEUtTzNQNEUtUVJERUstR0RKWjctVk9YVUw"&"inst=NzctMTIxODUzNjgzOS1GUDkyKzYtQkFSOUcrMS1GTCs5LVhPMzYrMS1DSUExMCsyLVNQMSsxLVNVUCs0LVRVRyszLVNQMVM0KzEtRERUKzAtTFNEKzItREQxMCsxLVNUMTBBUFArMS1QMTBNMTJDKzEtVTEwKzEtVEIrMS1GVUkrMi1QMTBUQisyLUVVTEErMS1TVFAxME0xMkNNKzEtU1QxMkFQUCsx"&"prod=55"&"ver=2012.0.1780"&"mid=84f5bd6a3a24b8b2df974b4dfa68e073-f53cc401da39bf00f11a57d79d9871e18aeaa71dHKU\Davis\...\Run: [TOSCDSPD] - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [430080 2008-04-24] (TOSHIBA)HKU\Davis\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)HKU\Davis\...\Run: [Pando Media Booster] - C:\Program Files\Pando Networks\Media Booster\PMB.exe [3077528 2011-09-07] ()HKU\Davis\...\Run: [Facebook Update] - C:\Users\Davis\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-11] (Facebook Inc.)HKU\Davis\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2008-07-01] (Google Inc.)HKU\Davis\...\Run: [Google Update] - C:\Users\Davis\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-09-17] (Google Inc.)HKU\Davis\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation)HKU\Davis\...\Policies\system: [LogonHoursAction] 2HKU\Davis\...\Policies\system: [DontDisplayLogonHoursWarnings] 1HKU\Davis\...\Policies\Explorer: [HideSCAHealth] 1HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenterHKU\Default\...\Run: [TOSCDSPD] - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [430080 2008-04-24] (TOSHIBA)HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenterHKU\Default User\...\Run: [TOSCDSPD] - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [430080 2008-04-24] (TOSHIBA)HKU\Georgia davis\...\Run: [TOSCDSPD] - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [430080 2008-04-24] (TOSHIBA)HKU\Georgia davis\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2008-07-01] (Google Inc.)HKU\Georgia davis\...\Run: [Google Update] - C:\Users\Georgia davis\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-09-17] (Google Inc.)HKU\Georgia davis\...\Run: [Facebook Update] - C:\Users\Georgia davis\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-12-11] (Facebook Inc.)HKU\Georgia davis\...\Policies\system: [LogonHoursAction] 2HKU\Georgia davis\...\Policies\system: [DontDisplayLogonHoursWarnings] 1HKU\Georgie\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenterHKU\Georgie\...\Run: [TOSCDSPD] - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [430080 2008-04-24] (TOSHIBA)HKU\Georgie\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2008-07-01] (Google Inc.)HKU\Georgie\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)HKU\Georgie\...\RunOnce: [spchecker] - "C:\Program Files\AVG\AVG10\Notification\SPCheckerTE.exe"HKU\Georgie\...\Policies\system: [LogonHoursAction] 2HKU\Georgie\...\Policies\system: [DontDisplayLogonHoursWarnings] 1HKU\Guest\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenterHKU\Guest\...\Run: [TOSCDSPD] - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [430080 2008-04-24] (TOSHIBA)HKU\Guest\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2008-07-01] (Google Inc.)HKU\Guest\...\Run: [Facebook Update] - C:\Users\Guest\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-11] (Facebook Inc.)HKU\Guest\...\Run: [msnmsgr] - C:\Program Files\Windows Live\Messenger\msnmsgr.exe [4280184 2012-03-08] (Microsoft Corporation)HKU\Mrs georgia bolgar\...\Run: [TOSCDSPD] - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [430080 2008-04-24] (TOSHIBA)HKU\Mrs georgia bolgar\...\Policies\system: [LogonHoursAction] 2HKU\Mrs georgia bolgar\...\Policies\system: [DontDisplayLogonHoursWarnings] 1Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnkShortcutTarget: TRDCReminder.lnk -> C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnkShortcutTarget: TRDCReminder.lnk -> C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)Startup: C:\Users\Georgie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnkShortcutTarget: TRDCReminder.lnk -> C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnkShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)Startup: C:\Users\Mrs georgia bolgar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnkShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)GroupPolicyUsers\S-1-5-21-1847146488-4185065798-1427826158-1004\User: Group Policy restriction detected <======= ATTENTION========================== Services (Whitelisted) =================S2 avgfws; C:\Program Files\AVG\AVG2014\avgfws.exe [1358944 2013-09-23] (AVG Technologies CZ, s.r.o.)S2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3788816 2014-01-22] (AVG Technologies CZ, s.r.o.)S2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-23] (AVG Technologies CZ, s.r.o.)S2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2008-04-16] (TOSHIBA CORPORATION)S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-06-14] (Google)S2 McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [104880 2014-01-22] (McAfee, Inc.)S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [235696 2014-01-15] (McAfee, Inc.)S3 SmartFaceVWatchSrv; C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe [73728 2008-04-24] (Toshiba)S2 TempoMonitoringService; C:\Program Files\Toshiba TEMPRO\TempoSVC.exe [99720 2008-04-24] (Toshiba Europe GmbH)S2 TOSHIBA SMART Log Service; C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [126976 2007-12-03] (TOSHIBA Corporation)S2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.)S2 vToolbarUpdater17.3.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe [1771544 2014-01-10] (AVG Secure Search)==================== Drivers (Whitelisted) ====================S1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [120600 2013-11-25] (AVG Technologies CZ, s.r.o.)S1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6x.sys [47928 2013-09-26] (AVG Technologies CZ, s.r.o.)S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [210712 2013-11-25] (AVG Technologies CZ, s.r.o.)S0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [149272 2013-11-25] (AVG Technologies CZ, s.r.o.)S1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [22808 2014-01-19] (AVG Technologies CZ, s.r.o.)S1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [176952 2013-10-31] (AVG Technologies CZ, s.r.o.)S0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [222520 2013-10-31] (AVG Technologies CZ, s.r.o.)S0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [102712 2013-09-30] (AVG Technologies CZ, s.r.o.)S0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27448 2013-09-09] (AVG Technologies CZ, s.r.o.)S1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [193848 2013-08-01] (AVG Technologies CZ, s.r.o.)S1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [37664 2013-11-13] (AVG Technologies)S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [30464 2014-02-14] ()S3 UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [18432 2007-12-17] (Chicony Electronics Co., Ltd.)S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]S3 IpInIp; system32\DRIVERS\ipinip.sys [X]S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]S1 SASDIFSV; \??\C:\Users\Davis\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV.SYS [X]S1 SASKUTIL; \??\C:\Users\Davis\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL.SYS [X]==================== NetSvcs (Whitelisted) ======================================= One Month Created Files and Folders ========2014-02-15 14:10 - 2014-02-15 14:10 - 00000000 ____D () C:\FRST2014-02-15 02:11 - 2014-02-15 02:11 - 372136236 _____ () C:\Windows\MEMORY.DMP2014-02-15 02:11 - 2014-02-15 02:11 - 00143248 _____ () C:\Windows\Minidump\Mini021514-01.dmp2014-02-14 14:15 - 2014-02-14 14:15 - 00000000 ____D () C:\Windows\SoftwareDistribution.old2014-02-14 13:13 - 2014-02-14 13:13 - 00000000 ____D () C:\Users\Davis\AppData\Roaming\SUPERAntiSpyware.com2014-02-14 13:13 - 2014-02-14 13:13 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com2014-02-14 13:01 - 2014-02-14 13:01 - 00041736 _____ () C:\Windows\System32\.crusader2014-02-14 12:49 - 2014-02-14 13:10 - 00030464 _____ () C:\Windows\System32\Drivers\hitmanpro37.sys2014-02-14 12:49 - 2014-02-14 13:01 - 00000000 ____D () C:\ProgramData\HitmanPro2014-02-14 12:32 - 2014-02-14 12:32 - 00000000 _____ () C:\Windows\setuperr.log2014-02-14 12:11 - 2014-02-14 12:11 - 00688992 ____R (Swearware) C:\Users\Davis\Desktop\dds.com2014-02-14 11:53 - 2014-02-14 11:53 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware2014-02-14 11:23 - 2014-02-14 11:23 - 00000000 ____D () C:\Windows\ERUNT2014-02-14 10:52 - 2014-02-14 10:55 - 00000087 _____ () C:\Windows\System32\zerobyte_files_deleted.txt2014-02-14 10:52 - 2014-02-14 10:54 - 00000095 _____ () C:\Windows\zerobyte_files_deleted.txt2014-02-12 09:49 - 2014-02-12 09:49 - 00000000 ____D () C:\Support2014-02-12 07:51 - 2014-02-14 09:37 - 00000058 _____ () C:\Users\Public\Desktop\Daves Support.url2014-02-11 01:47 - 2014-02-11 01:47 - 00000000 ____D () C:\Program Files\McAfee Security Scan2014-02-04 12:13 - 2014-02-04 12:13 - 01069512 _____ (Solid State Networks) C:\Users\Davis\Downloads\install_flashplayer12x32au_mssd_awc_aih.exe2014-02-04 06:40 - 2014-02-04 06:40 - 00001669 _____ () C:\Users\Public\Desktop\iTunes.lnk2014-02-04 06:39 - 2014-02-04 06:40 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E12014-02-04 06:39 - 2014-02-04 06:40 - 00000000 ____D () C:\Program Files\iTunes2014-02-04 06:39 - 2014-02-04 06:39 - 00000000 ____D () C:\Program Files\iPod2014-01-29 13:01 - 2014-02-04 07:12 - 00000000 ____D () C:\ProgramData\toppbuyero2014-01-29 13:01 - 2014-02-04 07:12 - 00000000 ____D () C:\ProgramData\DeuaalsFiindeorrPro2014-01-29 13:01 - 2014-01-29 13:01 - 00000000 ____D () C:\ProgramData\8e9effbdffc0dc742014-01-29 13:00 - 2014-01-29 13:00 - 00000000 ____D () C:\ProgramData\kejpoiceniffgnaigllabnhnpiiiigng2014-01-20 08:25 - 2014-01-20 08:26 - 01069512 _____ (Solid State Networks) C:\Users\Davis\Downloads\install_flashplayer12x32au_mssa_awc_aih.exe2014-01-19 13:46 - 2014-01-19 13:46 - 00022808 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgidsshimx.sys==================== One Month Modified Files and Folders =======2014-02-15 14:10 - 2014-02-15 14:10 - 00000000 ____D () C:\FRST2014-02-15 05:56 - 2011-09-07 09:08 - 00000000 ____D () C:\Users\Davis\AppData\Local\PMB Files2014-02-15 05:56 - 2009-09-14 12:51 - 01797425 _____ () C:\Windows\WindowsUpdate.log2014-02-15 05:51 - 2006-11-02 04:47 - 00003216 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A02014-02-15 05:51 - 2006-11-02 04:47 - 00003216 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A02014-02-15 02:11 - 2014-02-15 02:11 - 372136236 _____ () C:\Windows\MEMORY.DMP2014-02-15 02:11 - 2014-02-15 02:11 - 00143248 _____ () C:\Windows\Minidump\Mini021514-01.dmp2014-02-15 02:11 - 2010-04-09 13:06 - 00000000 ____D () C:\Windows\Minidump2014-02-15 01:44 - 2011-03-02 03:17 - 00000000 ____D () C:\ProgramData\MFAData2014-02-15 01:16 - 2013-12-16 11:59 - 00004975 _____ () C:\Users\Davis\daemonprocess.txt2014-02-15 01:04 - 2006-11-02 04:47 - 00407168 _____ () C:\Windows\System32\FNTCACHE.DAT2014-02-14 14:43 - 2012-03-13 10:03 - 00115752 _____ () C:\Users\Davis\AppData\Local\GDIPFONTCACHEV1.DAT2014-02-14 14:15 - 2014-02-14 14:15 - 00000000 ____D () C:\Windows\SoftwareDistribution.old2014-02-14 13:24 - 2013-01-10 11:39 - 00058622 _____ () C:\Windows\PFRO.log2014-02-14 13:22 - 2011-10-12 08:05 - 00000000 ____D () C:\Program Files\Pivot Stickfigure Toolbar2014-02-14 13:13 - 2014-02-14 13:13 - 00000000 ____D () C:\Users\Davis\AppData\Roaming\SUPERAntiSpyware.com2014-02-14 13:13 - 2014-02-14 13:13 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com2014-02-14 13:10 - 2014-02-14 12:49 - 00030464 _____ () C:\Windows\System32\Drivers\hitmanpro37.sys2014-02-14 13:01 - 2014-02-14 13:01 - 00041736 _____ () C:\Windows\System32\.crusader2014-02-14 13:01 - 2014-02-14 12:49 - 00000000 ____D () C:\ProgramData\HitmanPro2014-02-14 13:01 - 2012-12-10 14:09 - 00000000 ____D () C:\Program Files\Yontoo2014-02-14 12:42 - 2008-07-01 07:05 - 00000000 ___HD () C:\Windows\msdownld.tmp2014-02-14 12:37 - 2006-11-02 02:33 - 00005526 _____ () C:\Windows\System32\PerfStringBackup.INI2014-02-14 12:32 - 2014-02-14 12:32 - 00000000 _____ () C:\Windows\setuperr.log2014-02-14 12:32 - 2013-04-05 10:48 - 00005604 _____ () C:\Windows\setupact.log2014-02-14 12:22 - 2013-12-31 05:36 - 00000000 ____D () C:\Users\Davis\AppData\Local\genienext2014-02-14 12:22 - 2011-10-12 10:17 - 00000000 ____D () C:\Program Files\Inbox Toolbar2014-02-14 12:11 - 2014-02-14 12:11 - 00688992 ____R (Swearware) C:\Users\Davis\Desktop\dds.com2014-02-14 11:53 - 2014-02-14 11:53 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware2014-02-14 11:53 - 2012-03-13 04:24 - 00000911 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-02-14 11:23 - 2014-02-14 11:23 - 00000000 ____D () C:\Windows\ERUNT2014-02-14 10:55 - 2014-02-14 10:52 - 00000087 _____ () C:\Windows\System32\zerobyte_files_deleted.txt2014-02-14 10:55 - 2013-01-23 08:30 - 00000000 ____D () C:\users\Mrs georgia bolgar2014-02-14 10:55 - 2012-12-02 01:47 - 00000000 ____D () C:\users\Georgia davis2014-02-14 10:55 - 2010-10-15 11:05 - 00000000 ____D () C:\users\Guest2014-02-14 10:55 - 2009-09-27 09:59 - 00000000 ____D () C:\users\Georgie2014-02-14 10:55 - 2006-11-02 03:18 - 00000000 __RHD () C:\users\Default2014-02-14 10:54 - 2014-02-14 10:52 - 00000095 _____ () C:\Windows\zerobyte_files_deleted.txt2014-02-14 10:28 - 2008-12-28 10:57 - 00000000 ____D () C:\users\Davis2014-02-14 10:21 - 2013-12-16 13:20 - 00000896 _____ () C:\Users\Mrs georgia bolgar\daemonprocess.txt2014-02-14 10:14 - 2013-10-01 07:27 - 00000847 _____ () C:\Users\Public\Desktop\AVG 2014.lnk2014-02-14 09:37 - 2014-02-12 07:51 - 00000058 _____ () C:\Users\Public\Desktop\Daves Support.url2014-02-14 09:17 - 2013-01-29 13:00 - 00006144 _____ () C:\Users\Mrs georgia bolgar\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini2014-02-14 08:56 - 2006-11-02 03:18 - 00000000 ____D () C:\Windows\System32\CatRoot2.old2014-02-12 09:49 - 2014-02-12 09:49 - 00000000 ____D () C:\Support2014-02-12 07:52 - 2013-12-16 11:59 - 00000000 ____D () C:\users\wangzhisong2014-02-12 07:52 - 2006-11-02 03:18 - 00000000 ___RD () C:\users\Public2014-02-11 07:42 - 2013-12-16 11:57 - 00000000 ____D () C:\Program Files\McAfee2014-02-11 01:47 - 2014-02-11 01:47 - 00000000 ____D () C:\Program Files\McAfee Security Scan2014-02-11 01:47 - 2012-12-04 08:01 - 00001924 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk2014-02-08 04:35 - 2012-05-24 12:05 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe2014-02-08 04:35 - 2011-12-13 01:18 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl2014-02-04 12:13 - 2014-02-04 12:13 - 01069512 _____ (Solid State Networks) C:\Users\Davis\Downloads\install_flashplayer12x32au_mssd_awc_aih.exe2014-02-04 07:12 - 2014-01-29 13:01 - 00000000 ____D () C:\ProgramData\toppbuyero2014-02-04 07:12 - 2014-01-29 13:01 - 00000000 ____D () C:\ProgramData\DeuaalsFiindeorrPro2014-02-04 06:40 - 2014-02-04 06:40 - 00001669 _____ () C:\Users\Public\Desktop\iTunes.lnk2014-02-04 06:40 - 2014-02-04 06:39 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E12014-02-04 06:40 - 2014-02-04 06:39 - 00000000 ____D () C:\Program Files\iTunes2014-02-04 06:39 - 2014-02-04 06:39 - 00000000 ____D () C:\Program Files\iPod2014-02-04 06:39 - 2010-02-27 09:48 - 00000000 ____D () C:\Program Files\Common Files\Apple2014-02-04 06:33 - 2010-02-27 09:48 - 00000000 ____D () C:\ProgramData\Apple2014-02-04 06:10 - 2012-04-29 13:59 - 00000000 ____D () C:\Users\Davis\AppData\Local\AVG Secure Search2014-02-04 06:05 - 2013-07-27 03:44 - 00000000 ____D () C:\Program Files\AVG Secure Search2014-02-01 05:50 - 2013-12-16 11:58 - 00000000 ____D () C:\Program Files\Optimizer Pro2014-01-29 13:01 - 2014-01-29 13:01 - 00000000 ____D () C:\ProgramData\8e9effbdffc0dc742014-01-29 13:00 - 2014-01-29 13:00 - 00000000 ____D () C:\ProgramData\kejpoiceniffgnaigllabnhnpiiiigng2014-01-26 08:20 - 2012-12-08 14:06 - 00000000 ____D () C:\Users\Davis\AppData\Roaming\Mozilla2014-01-26 08:20 - 2008-12-28 11:03 - 00000000 ____D () C:\Users\Davis\AppData\Local\Google2014-01-20 08:26 - 2014-01-20 08:25 - 01069512 _____ (Solid State Networks) C:\Users\Davis\Downloads\install_flashplayer12x32au_mssa_awc_aih.exe2014-01-19 13:46 - 2014-01-19 13:46 - 00022808 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgidsshimx.sys==================== Known DLLs (Whitelisted) ================================ Bamital & volsnap Check =================C:\Windows\explorer.exe => MD5 is legitC:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\System32\rpcss.dll => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit==================== EXE ASSOCIATION =====================HKLM\...\.exe: exefile => OKHKLM\...\exefile\DefaultIcon: %1 => OKHKLM\...\exefile\open\command: "%1" %* => OK==================== Restore Points =========================Restore point made on: 2014-02-14 14:19:56==================== Memory info ===========================Percentage of memory in use: 17%Total physical RAM: 2939.26 MBAvailable physical RAM: 2413.3 MBTotal Pagefile: 2654.21 MBAvailable Pagefile: 2505.24 MBTotal Virtual: 2047.88 MBAvailable Virtual: 1963.36 MB==================== Drives ================================Drive c: (Vista) (Fixed) (Total:232.64 GB) (Free:156.16 GB) NTFS ==>[Drive with boot components (obtained from BCD)]Drive d: (Data) (Fixed) (Total:230.84 GB) (Free:225.41 GB) NTFSDrive e: (BEYONCE) (CDROM) (Total:4.14 GB) (Free:0 GB) UDFDrive f: (WinRE) (Fixed) (Total:2.28 GB) (Free:2.04 GB) NTFSDrive g: (Lexar 64GB) (Removable) (Total:59.62 GB) (Free:59.62 GB) exFATDrive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS==================== MBR & Partition Table ==========================================================================Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: 8F1901FC)Partition 1: (Not Active) - (Size=2 GB) - (Type=27)Partition 2: (Active) - (Size=233 GB) - (Type=07 NTFS)Partition 3: (Not Active) - (Size=231 GB) - (Type=07 NTFS)========================================================Disk: 1 (MBR Code: Windows 7 or 8) (Size: 60 GB) (Disk ID: 00000000)Partition 1: (Not Active) - (Size=60 GB) - (Type=07 NTFS)LastRegBack: 2014-02-15 02:18==================== End Of Log ============================ Link to post Share on other sites More sharing options...
kevinf80 Posted February 15, 2014 ID:791603 Share Posted February 15, 2014 Save the attached file fixlist.txt to your flash drive, same place as FRST.Now please enter System Recovery Options as you did to get the log. Run FRST and press the Fix button just once and wait.The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply. Does you system boot ok to normal mode now, if so see if the following will run... Please download RogueKiller from here:http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe'>http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe <- 32 bit versionhttp://www.sur-la-toile.com/RogueKiller/RogueKillerX64.exe'>http://www.sur-la-toile.com/RogueKiller/RogueKillerX64.exe <- 64 bit version Make sure to get the correct version for your system. Quit all running programs Please disconnect any USB or external drives from the computer before you run this scan! For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe Wait until Prescan has finished... The following EULA will appear, please select accept Ensure MBR scan, Check faked and AntiRootkit are checked Select Scan When the scan completes select Report, copy and paste that to your reply. The log should be found in RKreport[?].txt on your Desktop Exit/Close RogueKiller fixlist.txt Link to post Share on other sites More sharing options...
jeffdavis Posted February 15, 2014 Author ID:791629 Share Posted February 15, 2014 System booted OK and ran program OK. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 12-02-2014 01Ran by SYSTEM at 2014-02-15 15:09:58 Run:1Running from G:\Boot Mode: Recovery==============================================Content of fixlist:*****************StartGroupPolicyUsers\S-1-5-21-1847146488-4185065798-1427826158-1004\User: Group Policy restriction detected <======= ATTENTION2014-01-29 13:01 - 2014-01-29 13:01 - 00000000 ____D () C:\ProgramData\8e9effbdffc0dc742014-01-29 13:00 - 2014-01-29 13:00 - 00000000 ____D () C:\ProgramData\kejpoiceniffgnaigllabnhnpiiiigngEnd*****************C:\Windows\System32\GroupPolicyUsers\S-1-5-21-1847146488-4185065798-1427826158-1004\User => Moved successfully.C:\Windows\System32\GroupPolicy\GPT.ini => Moved successfully.C:\ProgramData\8e9effbdffc0dc74 => Moved successfully.C:\ProgramData\kejpoiceniffgnaigllabnhnpiiiigng => Moved successfully.==== End of Fixlog ==== RogueKiller V8.8.7 [Feb 11 2014] by Tigzymail : tigzyRK<at>gmail<dot>comFeedback : http://forum.adlice.comWebsite : http://www.adlice.com/softwares/roguekiller/Blog : http://www.adlice.comOperating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits versionStarted in : Normal modeUser : Davis [Admin rights]Mode : Scan -- Date : 02/15/2014 15:36:25| ARK || FAK || MBR |¤¤¤ Bad processes : 0 ¤¤¤¤¤¤ Registry Entries : 4 ¤¤¤[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND¤¤¤ Scheduled tasks : 0 ¤¤¤¤¤¤ Startup Entries : 0 ¤¤¤¤¤¤ Web browsers : 0 ¤¤¤¤¤¤ Browser Addons : 0 ¤¤¤¤¤¤ Particular Files / Folders: ¤¤¤¤¤¤ Driver : [LOADED] ¤¤¤[inline] EAT @explorer.exe (FwDoNothingOnObject) : FirewallAPI.DLL -> HOOKED (Unknown @ 0x356A2266)[inline] EAT @explorer.exe (FwEnableMemTracing) : FirewallAPI.DLL -> HOOKED (Unknown @ 0x356A2266)[inline] EAT @explorer.exe (FwSetMemLeakPolicy) : FirewallAPI.DLL -> HOOKED (Unknown @ 0x356A2266)¤¤¤ External Hives: ¤¤¤¤¤¤ Infection : ¤¤¤¤¤¤ HOSTS File: ¤¤¤--> %SystemRoot%\System32\drivers\etc\hosts127.0.0.1 localhost::1 localhost¤¤¤ MBR Check: ¤¤¤+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST500LM012 HN-M500MBB +++++--- User ---[MBR] 6488c7a8aeb4bfe22d6b6930529605b2[bSP] 8b362d57a304770837d447dbce50b01b : Windows Vista MBR CodePartition table:0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 2338 Mo1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 4790272 | Size: 238222 Mo2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 492668928 | Size: 236379 MoUser = LL1 ... OK!User = LL2 ... OK!Finished : << RKreport[0]_S_02152014_153625.txt >>Thanks Link to post Share on other sites More sharing options...
kevinf80 Posted February 15, 2014 ID:791688 Share Posted February 15, 2014 Ok we continue.. Download Zoek.zip from here http://www.hijackthis.nl/smeenk/220813/zoek.zip and save that zip file to your Desktop. Make sure to select direct on the word “Zip” Double click zip file and extract to your Desktop: you will now have 3 versions of the tool on the Desktop: http://i121.photobucket.com/albums/o239/kevinf80/Zoek%20Scanner/Zoeke.jpg[/img] Before running Zoek make sure all Browsers are closed and Security is turned OFF. Check at the following link: http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/] Double click on each in turn until one version of Zoek will run (accept UAC) The following window will open: Copy and paste the following script from the code box and paste into the field. standardsearch;autoruns;autoclean;emptyclsid;emptyalltemp;installedprogs; Select the "Run Script" tab. The following window will open: Please be patient and do not use the PC when the scan is in progress. When complete you maybe asked to re-boot your PC, if so please do Post the produced log in your next reply…..Also give an update on any remaining issues or concerns.... Kevin Link to post Share on other sites More sharing options...
jeffdavis Posted February 15, 2014 Author ID:791747 Share Posted February 15, 2014 Hi, i have the results below. Windows defender still wont start, outlook wont start, i have tried opening word and it stopped responding. Eventually the scren went blank and then a message popped up "Logon process has failed to create the security options dialogue" And had a white cross in a red circle saying "Failure - Security Options" Log results below. Zoek.exe v5.0.0.0 Updated 15-February-2014Tool run by Davis on 15/02/2014 at 19:44:05.61.Microsoft® Windows Vista™ Home Premium 6.0.6002 Service Pack 2 x86Running in: Normal Mode Internet Access DetectedLaunched: C:\Users\Davis\Desktop\zoek\zoek.com [scan all users] [script inserted]==== System Restore Info ======================15/02/2014 19:50:14 Zoek.exe System Restore Point Created Succesfully.==== Creating Sample_022014_2007.zip ====================== Process rundll32.exe killedCopied file C:\Users\Guest\AppData\Local\My Web Search Installer(0003b8a4).exe to sample\My Web Search Installer(0003b8a4).exeCopied file C:\Users\Guest\AppData\Local\My Web Search Installer(00043d4d).exe to sample\My Web Search Installer(00043d4d).exeCopied file C:\Users\Guest\AppData\Local\My Web Search Installer(002a5b49).exe to sample\My Web Search Installer(002a5b49).exesample\My Web Search Installer(0003b8a4).exe renamed to C86C315D57C6FFF86C90172BBB97B7E5sample\My Web Search Installer(00043d4d).exe renamed to 23A48B0CBDFE460FF1F946C092D95A1Asample\My Web Search Installer(002a5b49).exe renamed to C86C315D57C6FFF86C90172BBB97B7E5C:\Users\Public\Desktop\sample_022014_2007.zip created successfully==== Deleting CLSID Registry Keys ======================HKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A} deleted successfullyHKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfullyHKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1000\Software\Microsoft\Internet Explorer\SearchScopes\{7D90F210-925A-0367-D5DC-118BF7CE73F4} deleted successfullyHKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1000\Software\Microsoft\Internet Explorer\SearchScopes\{839A7CA3-273C-4130-AFF3-7A4766001684} deleted successfullyHKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfullyHKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfullyHKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfullyHKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfullyHKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfullyHKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfullyHKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfullyHKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e} deleted successfullyHKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1000\Software\Microsoft\Internet Explorer\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e} deleted successfullyHKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1004\Software\Microsoft\Internet Explorer\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e} deleted successfullyHKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} deleted successfullyHKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1000\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} deleted successfullyHKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1000\Software\Microsoft\Internet Explorer\SearchScopes\{BB023032-3702-4A9E-8D83-0527144C8ABD} deleted successfullyHKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1000\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6} deleted successfullyHKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1000\Software\Microsoft\Internet Explorer\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4} deleted successfullyHKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfullyHKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfullyHKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfullyHKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfullyHKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfullyHKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfullyHKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} deleted successfullyHKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} deleted successfullyHKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} deleted successfullyHKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} deleted successfullyHKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} deleted successfullyHKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} deleted successfullyHKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4efb-9B51-7695ECA05670} deleted successfullyHKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4efb-9B51-7695ECA05670} deleted successfullyHKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4efb-9B51-7695ECA05670} deleted successfullyHKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4efb-9B51-7695ECA05670} deleted successfullyHKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4efb-9B51-7695ECA05670} deleted successfullyHKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4efb-9B51-7695ECA05670} deleted successfullyHKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0} deleted successfullyHKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0} deleted successfullyHKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{33AA308B-B565-4376-AC66-59EE9B6AD13E} deleted successfullyHKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{33AA308B-B565-4376-AC66-59EE9B6AD13E} deleted successfullyHKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} deleted successfullyHKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} deleted successfullyHKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} deleted successfullyHKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} deleted successfullyHKEY_CLASSES_ROOT\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfullyHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfullyHKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfullyHKEY_CLASSES_ROOT\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfullyHKEY_CLASSES_ROOT\CLSID\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} deleted successfullyHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} deleted successfullyHKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4efb-9B51-7695ECA05670} deleted successfullyHKEY_CLASSES_ROOT\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} deleted successfullyHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670} deleted successfully==== Deleting CLSID Registry Values ======================HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Approved Extensions\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfullyHKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Approved Extensions\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfullyHKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Approved Extensions\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} deleted successfullyHKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1004\Software\Microsoft\Internet Explorer\Approved Extensions\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} deleted successfullyHKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Approved Extensions\{02478D38-C3F9-4efb-9B51-7695ECA05670} deleted successfullyHKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1004\Software\Microsoft\Internet Explorer\Approved Extensions\{9D717F81-9148-4F12-8568-69135F087DB0} deleted successfullyHKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1004\Software\Microsoft\Internet Explorer\Approved Extensions\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} deleted successfullyHKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1004\Software\Microsoft\Internet Explorer\Approved Extensions\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} deleted successfullyHKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfullyHKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} deleted successfullyHKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1000\Software\Mozilla\Firefox\Extensions\{ED76C299-85BC-4891-9237-74A140C28832} deleted successfullyHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfullyHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfullyHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfullyHKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\virtualKeyboard@kaspersky.ru deleted successfullyHKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\KavAntiBanner@Kaspersky.ru deleted successfullyHKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\linkfilter@kaspersky.ru deleted successfully==== Installed Programs ====================== Update for Microsoft Office 2007 (KB2508958) 3Connect Activation Assistant for the 2007 Microsoft Office suites Adobe AIR Adobe Flash Player 12 ActiveX Adobe Flash Player 12 Plugin Adobe Media Player Adobe Reader 8.1.3 Apple Application Support Apple Mobile Device Support Apple Software Update AusLogics Disk Defrag AVG 2014 AVG Security Toolbar Babylon toolbar on IE Bing Bar Bluetooth Stack for Windows by Toshiba Bonjour Camera Assistant Software for Toshiba CCleaner (remove only) CD/DVD Drive Acoustic Silencer Compatibility Pack for the 2007 Office system D3DX10 DeuaalsFiindeorrPro DVD MovieFactory for TOSHIBA Facebook Video Calling 1.2.0.287 Facebook Video Calling 2.0.0.447 Facemoods Toolbar Google Chrome Google Chrome Packages Google Desktop Google Earth Google Talk Plugin Google Toolbar for Internet Explorer Google Update Helper HDMI Control Manager Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Huawei modem iLivid Inbox Toolbar Intel© Matrix Storage Manager iTunes Java Auto Updater Java 6 Update 23 Java 6 Update 6 Junk Mail filter update Malwarebytes Anti-Malware version 1.75.0.1300 MathmosScreensaver McAfee Security Scan Plus McAfee SiteAdvisor Mesh Runtime Messenger Companion Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office Groove MUI (English) 2007 Microsoft Office Groove Setup Metadata MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook Connector Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Works Microsoft XML Parser Mobogenie Mozilla Firefox 26.0 (x86 en-US) Mozilla Maintenance Service MSVCRT MSXML 4.0 SP2 (KB941833) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) myphotobook 3.5 OGA Notifier 2.0.0048.0 Optimizer Pro v3.2 Pando Media Booster ParetoLogic PC Health Advisor Picasa 2 Pivot Stickfigure Animator version 2.2.6 Pivot Stickfigure Toolbar QuickTime Realtek 8169 8168 8101E 8102E Ethernet Driver Realtek High Definition Audio Driver RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.02 Search-Results Toolbar SearchYa Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576) Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407) Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188) Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2837615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office Outlook 2007 (KB2825644) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2837617) 32-Bit Edition Security Update for Windows Media Encoder (KB2447961) Security Update for Windows Media Encoder (KB954156) Security Update for Windows Media Encoder (KB979332) Segoe UI Spelling Dictionaries Support For Adobe Reader 8 Synaptics Pointing Device Driver toppbuyero TOSHIBA Assist TOSHIBA ConfigFree TOSHIBA Disc Creator TOSHIBA DVD PLAYER TOSHIBA Extended Tiles for Windows Mobility Center TOSHIBA Face Recognition TOSHIBA Hardware Setup TOSHIBA Manuals Toshiba Online Product Information TOSHIBA Recovery Disc Creator TOSHIBA SD Memory Utilities TOSHIBA Software Modem TOSHIBA Supervisor Password Toshiba TEMPRO TOSHIBA Value Added Package TRDCReminder TRORDCLauncher Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition Update for Microsoft Office Access 2007 Help (KB963663) Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office Infopath 2007 Help (KB963662) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition Update for Microsoft Office Outlook 2007 Help (KB963677) Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Publisher 2007 Help (KB963667) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) Visual Studio 2012 x86 Redistributables WhiteSmoke Windows Live Communications Platform Windows Live Essentials Windows Live Family Safety Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live Messenger Companion Core Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Windows Media Encoder 9 Series Yahoo Messenger Yahoo Toolbar Yontoo 1.10.03 ==== Running Processes ======================C:\Windows\System32\smss.exeC:\Windows\system32\csrss.exeC:\Windows\system32\wininit.exeC:\Windows\system32\csrss.exeC:\Windows\system32\services.exeC:\Windows\system32\lsass.exeC:\Windows\system32\lsm.exeC:\Windows\system32\winlogon.exeC:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exeC:\Windows\system32\SLsvc.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\agrsmsvc.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\AVG\AVG2014\avgfws.exeC:\Program Files\AVG\AVG2014\avgwdsvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exec:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exeC:\Program Files\Toshiba TEMPRO\TempoSVC.exeC:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exeC:\Windows\system32\TODDSrv.exeC:\Program Files\Toshiba\Power Saver\TosCoSrv.exeC:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exeC:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exeC:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\loggingserver.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Windows\system32\taskeng.exeC:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\Dwm.exeC:\Windows\system32\taskeng.exeC:\Windows\Explorer.EXEC:\Program Files\Google\Update\GoogleUpdate.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\Toshiba\ConfigFree\NDSTray.exeC:\Windows\System32\igfxpers.exeC:\Windows\RtHDVCpl.exeC:\Program Files\Toshiba\HDMICtrlMan\HDMICtrlMan.exeC:\Program Files\Toshiba\Power Saver\TPwrMain.exeC:\Program Files\Microsoft Office\Office12\GrooveMonitor.exeC:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exeC:\Program Files\AVG Secure Search\vprot.exeC:\Program Files\AVG\AVG2014\avgui.exeC:\Program Files\Mobogenie\DaemonProcess.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exeC:\Windows\ehome\ehtray.exeC:\Users\Davis\AppData\Local\Google\Update\GoogleUpdate.exeC:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exeC:\Windows\system32\igfxsrvc.exeC:\Windows\ehome\ehmsas.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Windows\system32\igfxext.exeC:\Program Files\Toshiba\HDMICtrlMan\HCMSoundChanger.exeC:\Program Files\Toshiba\ConfigFree\CFSwMgr.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\Synaptics\SynTP\SynTPHelper.exeC:\Program Files\Microsoft\BingBar\7.3.124.0\SeaPort.exeC:\Windows\system32\taskeng.exeC:\Windows\System32\mobsync.exeC:\Program Files\Mobogenie\mgusb.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k GPSvcGroupC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Windows\system32\svchost.exe -k imgsvcC:\Windows\System32\svchost.exe -k WerSvcGroupC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation==== Deleting Services ======================HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vToolbarUpdater17.3.0 deleted successfullyHKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\vToolbarUpdater17.3.0 deleted successfully==== FireFox Fix ======================ProfilePath: C:\Users\Davis\AppData\Roaming\Mozilla\Firefox\Profiles\xzk1ljzw.defaultuser.js not found---- Lines mysearch removed from prefs.js ----user_pref("avg.userPreferences.URLBarFocus.whiteList", "bing\\.com|google\\.\\w+|yahoo\\.\\w+|gmail\\.\\w+|hotmail\\.\\w+|live\\.\\w+|isearch\\.avg\\.---- Lines extensions.5fBDRXI2 removed from prefs.js ----user_pref("extensions.5fBDRXI2.epoch", "1392496057");user_pref("extensions.5fBDRXI2.url", "http://veteranusashare.ru/sync2/?q=hfZ9ofmEgShEAen0rihTB6lKDzt4okDctNtVh7n0rjnErjs4rTwErdnFtMFHhd9FqdaGrjnGrds6r---- Lines extensions.egn5ak9lWYJ removed from prefs.js ----user_pref("extensions.egn5ak9lWYJ.epoch", "1392496057");user_pref("extensions.egn5ak9lWYJ.url", "http://veteranusashare.ru/sync2/?q=hfZ9oemMCchEAen0rihTB6lKDzt4okDctNtVh7n0rjnErjs4rTwErjaHtMFHhd9FqdaGrjnGrd---- FireFox user.js and prefs.js backups ----prefs_022014_2011_.backup==== Deleting Files \ Folders ======================C:\Program Files\facemoods.com deletedC:\Users\Davis\appdata\locallow\facemoods.com deletedC:\Users\Davis\AppData\Local\genienext deletedC:\Users\Davis\.android deletedC:\Users\Mrs georgia bolgar\daemonprocess.txt deletedC:\Program Files\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml deletedC:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml deletedC:\Program Files\Inbox Toolbar deletedC:\Program Files\Conduit deletedC:\Program Files\Productivity_3.1 deletedC:\Program Files\ParetoLogic deletedC:\Program Files\Common Files\ParetoLogic deletedC:\Program Files\BabylonToolbar deletedC:\Program Files\iLivid deletedC:\Program Files\Yahoo! deletedC:\Program Files\Optimizer Pro deletedC:\Program Files\Yontoo deletedC:\Program Files\SearchYa! deletedC:\Program Files\WhiteSmoke deletedC:\Program Files\Ask.com deletedC:\found.000 deletedC:\found.001 deletedC:\found.002 deletedC:\Users\Davis\AppData\Roaming\Yahoo! deletedC:\Users\Davis\AppData\Roaming\ParetoLogic deletedC:\Users\Davis\AppData\Roaming\DriverCure deletedC:\Users\Davis\AppData\Roaming\Babylon deletedC:\Users\Davis\AppData\Roaming\Optimizer Pro deletedC:\Users\Georgia davis\AppData\Roaming\Yahoo! deletedC:\Users\Georgie\AppData\Roaming\Yahoo! deletedC:\Users\Guest\AppData\Roaming\PCPowerSpeed deletedC:\Users\Guest\AppData\Roaming\Yahoo! deletedC:\Users\Mrs georgia bolgar\AppData\Roaming\Yahoo! deletedC:\Windows\system32\config\systemprofile\AppData\Roaming\Yahoo! deletedC:\ProgramData\Yahoo! deletedC:\ProgramData\Yahoo! Companion deletedC:\ProgramData\boost_interprocess deletedC:\ProgramData\ParetoLogic deletedC:\ProgramData\AVG Secure Search deletedC:\ProgramData\Tarma Installer deletedC:\ProgramData\Babylon deletedC:\Users\Davis\AppData\Local\Ilivid Player deletedC:\Users\Davis\AppData\Local\speeddial.crx deletedC:\Users\Davis\AppData\Local\Wajam deletedC:\Users\Davis\AppData\Local\Mobogenie deletedC:\Users\Davis\AppData\Local\cache deletedC:\Users\Davis\AppData\Local\Babylon deletedC:\Users\Davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc deletedC:\Users\Georgia davis\AppData\Local\AVG Secure Search deletedC:\Users\Georgia davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc deletedC:\Users\Guest\AppData\Local\AVG Secure Search deletedC:\Users\Mrs georgia bolgar\AppData\Local\AVG Secure Search deletedC:\Users\Mrs georgia bolgar\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc deletedC:\Users\wangzhisong\AppData\Local\Mobogenie deletedC:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly deletedC:\ProgramData\Microsoft\Windows\Start Menu\Programs\AppGraffiti deletedC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2 deletedC:\Users\Davis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie deletedC:\Users\Davis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic deletedC:\Users\Davis\AppData\LocalLow\AVG Security Toolbar deletedC:\Users\Davis\AppData\LocalLow\AVG Secure Search deletedC:\Users\Davis\AppData\LocalLow\AppGraffiti deletedC:\Users\Davis\AppData\LocalLow\searchqutoolbar deletedC:\Users\Davis\AppData\LocalLow\MyWebSearch deletedC:\Users\Davis\AppData\LocalLow\AskToolbar deletedC:\Users\Davis\AppData\LocalLow\DataMngr deletedC:\Users\Davis\AppData\LocalLow\Conduit deletedC:\Users\Davis\AppData\LocalLow\FunWebProducts deletedC:\Users\Davis\AppData\LocalLow\Toolbar4 deletedC:\Users\Georgia davis\AppData\LocalLow\AppGraffiti deletedC:\Users\Georgia davis\AppData\LocalLow\AskToolbar deletedC:\Users\Georgia davis\AppData\LocalLow\facemoods.com deletedC:\Users\Georgia davis\AppData\LocalLow\BabylonToolbar deletedC:\Users\Georgia davis\AppData\LocalLow\Toolbar4 deletedC:\Users\Guest\AppData\LocalLow\AVG Security Toolbar deletedC:\Users\Guest\AppData\LocalLow\AVG Secure Search deletedC:\Users\Guest\AppData\LocalLow\searchqutoolbar deletedC:\Users\Guest\AppData\LocalLow\MyWebSearch deletedC:\Users\Guest\AppData\LocalLow\facemoods.com deletedC:\Users\Guest\AppData\LocalLow\Conduit deletedC:\Users\Guest\AppData\LocalLow\FunWebProducts deletedC:\Users\Mrs georgia bolgar\AppData\LocalLow\AVG Secure Search deletedC:\Users\Mrs georgia bolgar\AppData\LocalLow\AppGraffiti deletedC:\Users\Mrs georgia bolgar\AppData\LocalLow\AskToolbar deletedC:\Users\Mrs georgia bolgar\AppData\LocalLow\facemoods.com deletedC:\Users\Mrs georgia bolgar\AppData\LocalLow\BabylonToolbar deletedC:\Users\Mrs georgia bolgar\AppData\LocalLow\Toolbar4 deletedC:\Windows\system32\config\systemprofile\AppData\LocalLow\AVG Secure Search deletedC:\Windows\system32\config\systemprofile\AppData\LocalLow\AppGraffiti deletedC:\Windows\system32\config\systemprofile\AppData\LocalLow\AskToolbar deletedC:\Windows\system32\config\systemprofile\AppData\LocalLow\facemoods.com deletedC:\Windows\system32\config\systemprofile\AppData\LocalLow\BabylonToolbar deletedC:\Windows\system32\config\systemprofile\AppData\LocalLow\Toolbar4 deletedC:\Windows\tasks\ParetoLogic Registration3.job deletedC:\Windows\tasks\ParetoLogic Update Version3 Startup Task.job deletedC:\Windows\tasks\ParetoLogic Update Version3.job deletedC:\Windows\tasks\PC Health Advisor Defrag.job deletedC:\Windows\tasks\PC Health Advisor.job deletedC:\user.js deletedC:\prefs.js deletedC:\END deletedC:\Users\wangzhisong deletedC:\Users\Davis\Documents\Optimizer Pro deletedC:\Users\Davis\Documents\Mobogenie deletedC:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE} deletedC:\Users\Davis\Desktop\Optimizer Pro.lnk deletedC:\Users\Davis\Desktop\Mobogenie.lnk deletedC:\Program Files\Mozilla Firefox\searchplugins\fcmdSrch.xml deletedC:\Users\Guest\AppData\Local\My Web Search Installer(0003b8a4).exe deletedC:\Users\Guest\AppData\Local\My Web Search Installer(00043d4d).exe deletedC:\Users\Guest\AppData\Local\My Web Search Installer(002a5b49).exe deletedC:\Users\Davis\AppData\Roaming\Mozilla\Firefox\Profiles\xzk1ljzw.default\extensions\eacoeye@cqaeox.co.uk deletedC:\Users\Davis\AppData\Roaming\Mozilla\Firefox\Profiles\xzk1ljzw.default\extensions\xrttrtit@yeiignn.edu deleted"C:\Windows\Installer\25b66ae.msi" deleted"C:\ProgramData\352723942" deleted"C:\Users\Davis\daemonprocess.txt" deleted"C:\Users\Davis\AppData\Roaming\Cuuqlu\neun.tmp" deleted"C:\Users\Davis\AppData\Roaming\Ducovu\voluo.sik" deleted"C:\Users\Davis\AppData\Roaming\Firiso\feyp.ass" deleted"C:\Program Files\Mobogenie\DaemonProcess.exe" deleted"C:\Program Files\Mobogenie\libeay32.dll" deleted"C:\Program Files\Mobogenie\msvcp100.dll" deleted"C:\Program Files\Mobogenie\msvcr100.dll" deleted"C:\Program Files\Mobogenie\QtCore4.dll" deleted"C:\Program Files\Mobogenie\QtGui4.dll" deleted"C:\Program Files\Mobogenie\QtNetwork4.dll" deleted"C:\Program Files\Mobogenie\QtSql4.dll" deleted"C:\Program Files\Mobogenie\QtWebKit4.dll" deleted"C:\Program Files\Mobogenie\ssleay32.dll" deleted"C:\Program Files\AVG Secure Search\vprot.exe" deleted"C:\Program Files\AVG Secure Search\vprot.exe" deleted"C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\17.3.0\SiteSafety.dll" deleted"C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\log4cplusU.dll" deleted"C:\Users\Davis\AppData\Roaming\Wowe" deleted"C:\Users\Davis\AppData\Roaming\Eqegv" deleted"C:\Users\Davis\AppData\Roaming\Mekoh" deleted"C:\Users\Davis\AppData\Roaming\Atebus" deleted"C:\Users\Davis\AppData\Roaming\Cuuqlu" deleted"C:\Users\Davis\AppData\Roaming\Ducovu" deleted"C:\Users\Davis\AppData\Roaming\Firiso" deleted"C:\Program Files\Mobogenie" deleted"C:\Program Files\AVG Secure Search" deleted"C:\Program Files\AVG Secure Search" deleted"C:\Program Files\Common Files\AVG Secure Search" deleted"C:\Users\Davis\AppData\Local\AVG Secure Search" deleted"C:\Users\Davis\AppData\Local\AVG Secure Search" deleted"C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller" deleted"C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater" deleted"C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\17.3.0" deleted"C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0" deleted"C:\Users\Davis\AppData\Local\AVG Secure Search\Chrome" deleted"C:\Users\Davis\AppData\Local\AVG Secure Search\Chrome\Default" deleted"C:\Users\Davis\AppData\Local\AVG Secure Search\Chrome" deleted"C:\Users\Davis\AppData\Local\AVG Secure Search\Chrome\Default" deleted==== System Specs ======================Windows: Windows Vista Home Premium Edition Service Pack 2 (Build 6002)Memory (RAM): 2940 MBCPU Info: Intel® Core2 Duo CPU T5800 @ 2.00GHzCPU Speed: 1520.2 MHzSound Card: Speakers (Realtek High Definiti |Realtek Digital Output (Realtek |Display Adapters: Mobile Intel® 4 Series Express Chipset Family | Mobile Intel® 4 Series Express Chipset Family | RDPDD Chained DD | RDP Encoder Mirror DriverMonitors: 1x; Generic PnP Monitor |Screen Resolution: 1280 X 800 - 32 bitNetwork: Network PresentNetwork Adapters: Intel® Wireless WiFi Link 5100 | Realtek RTL8102E Family PCI-E Fast Ethernet NIC (NDIS 6.0)CD / DVD Drives: 1x (F: | ) F: PIONEER DVD-RW DVRTD08APorts: COM3 LPT Port NOT Present.Mouse: 5 Button Wheel Mouse PresentHard Disks: C: 232.6GB | E: 230.8GBHard Disks - Free: C: 155.2GB | E: 225.4GBManufacturer *: INSYDEBIOS Info: AT/AT COMPATIBLE | 10/14/08 | TOSINV - 1Time Zone: GMT Standard TimeMotherboard *: TOSHIBA Portable PCCountry: United KingdomLanguage: ENG==== System Specs (Software) ======================Anti-Virus: AVG Internet Security 2014 On-access scanning disabled (Outdated)Anti-Spyware: Windows Defender disabled (Outdated)Anti-Spyware: AVG Internet Security 2014 disabled (Outdated)Firewall: AVG Internet Security 2014 disabledDefault Browser: Firefox 26.0Internet Explorer Version: 9.0.8112.16421Mozilla Firefox version: 26.0 (x86 en-US)Google Chrome version: 32.0.1700.102Adobe Reader version: 8.1.0.2007051100Sun Java version: 1.6.0_23 (32-bit)Flash Player version: 12.0.0.44==== Files Recently Created / Modified ============================ C:\Windows ====2014-02-15 10:11:16 8C87A1CCF34BF92413B19A63EB84ECD2 372136236 ----a-w- C:\Windows\MEMORY.DMP2014-02-14 18:52:59 9F1BB18CA23ABBBA591EB931BDF2E885 95 ----a-w- C:\Windows\zerobyte_files_deleted.txt====== C:\Users\Davis\AppData\Local\Temp ====2014-02-15 15:34:52 B9FDFF876B0E7B4FECBAA5708C6ED616 1205168 ----a-w- C:\Users\Davis\AppData\Local\Temp\ntdll_dump.dll2014-02-15 10:31:10 9109344E0DD07369654ADFEDD840845D 1042 ----a-w- C:\Users\Davis\AppData\Local\Temp\nsm47EA.tmp\notifykeysC.com2014-02-15 10:30:37 ACC2B699EDFEA5BF5AAE45ABA3A41E96 6656 ----a-w- C:\Users\Davis\AppData\Local\Temp\nsm47EA.tmp\nsExec.dll2014-02-15 10:30:28 C17103AE9072A06DA581DEC998343FC1 11264 ----a-w- C:\Users\Davis\AppData\Local\Temp\nsm47EA.tmp\System.dll2014-02-15 10:30:28 7579ADE7AE1747A31960A228CE02E666 4096 ----a-w- C:\Users\Davis\AppData\Local\Temp\nsm47EA.tmp\UserInfo.dll2014-02-15 10:03:27 6AC365B716BF5C77A64708F9A5AA004A 25088 ----a-w- C:\Users\Davis\AppData\Local\Temp\mbr.sys2014-02-15 10:03:24 9109344E0DD07369654ADFEDD840845D 1042 ----a-w- C:\Users\Davis\AppData\Local\Temp\nsoFD34.tmp\notifykeysC.com2014-02-15 10:02:25 ACC2B699EDFEA5BF5AAE45ABA3A41E96 6656 ----a-w- C:\Users\Davis\AppData\Local\Temp\nsoFD34.tmp\nsExec.dll2014-02-15 10:02:22 C17103AE9072A06DA581DEC998343FC1 11264 ----a-w- C:\Users\Davis\AppData\Local\Temp\nsoFD34.tmp\System.dll2014-02-15 10:02:22 7579ADE7AE1747A31960A228CE02E666 4096 ----a-w- C:\Users\Davis\AppData\Local\Temp\nsoFD34.tmp\UserInfo.dll2014-02-15 09:17:35 9109344E0DD07369654ADFEDD840845D 1042 ----a-w- C:\Users\Davis\AppData\Local\Temp\nsf7C33.tmp\notifykeysC.com2014-02-15 09:16:49 ACC2B699EDFEA5BF5AAE45ABA3A41E96 6656 ----a-w- C:\Users\Davis\AppData\Local\Temp\nsf7C33.tmp\nsExec.dll2014-02-15 09:16:44 C17103AE9072A06DA581DEC998343FC1 11264 ----a-w- C:\Users\Davis\AppData\Local\Temp\nsf7C33.tmp\System.dll2014-02-15 09:16:44 7579ADE7AE1747A31960A228CE02E666 4096 ----a-w- C:\Users\Davis\AppData\Local\Temp\nsf7C33.tmp\UserInfo.dll====== Java Cache =========== C:\Windows\system32 =====2014-02-14 21:01:50 C775BF17BAA95275679A5FFD1676F27B 41736 ----a-w- C:\Windows\System32\.crusader2014-02-14 18:52:59 4391A2A136D3104A82E0CBDFBA1D2945 87 ----a-w- C:\Windows\System32\zerobyte_files_deleted.txt====== C:\Windows\system32\drivers =====2014-02-14 20:49:07 05E0D8EE7D6FAB5CB672FEC3AAD93AA0 30464 ----a-w- C:\Windows\System32\drivers\hitmanpro37.sys2014-01-19 21:46:54 18B3FFED808F032E037ED7F54A838053 22808 ----a-w- C:\Windows\System32\drivers\avgidsshimx.sys====== C:\Windows\Tasks ============ C:\Windows\Temp ============= C:\Program Files =====2014-02-04 14:39:23 -------- d-----w- C:\Program Files\iPod2014-02-04 14:39:21 -------- d-----w- C:\Program Files\iTunes======= C: =========== C:\Users\Davis\AppData\Roaming ======2014-02-14 21:13:29 -------- d-----w- C:\Users\Davis\AppData\Roaming\SUPERAntiSpyware.com2014-02-14 18:22:31 -------- d-----w- C:\Windows\system32\config\systemprofile\AppData\Local\Temp2014-02-14 18:22:29 -------- d-----w- C:\Users\Mrs georgia bolgar\AppData\Local\Temp2014-02-14 18:22:08 -------- d-----w- C:\Users\Guest\AppData\Local\Temp2014-02-14 18:21:42 -------- d-----w- C:\Users\Georgie\AppData\Local\Temp2014-02-14 18:21:30 -------- d-----w- C:\Users\Georgia davis\AppData\Local\Temp2014-02-14 18:21:26 -------- d-----w- C:\Users\Default\AppData\Local\Temp2014-02-14 18:21:26 -------- d-----w- C:\Users\Default User\AppData\Local\Temp2014-01-29 21:01:03 -------- d-----w- C:\Windows\system32\config\systemprofile\AppData\Roaming\Mozilla2014-01-29 21:01:03 -------- d-----w- C:\Windows\system32\config\systemprofile\AppData\Local\Mozilla2014-01-21 19:32:28 -------- d-----w- C:\Users\Mrs georgia bolgar\AppData\Locallow\Sun====== C:\Users\Davis ======2014-02-15 15:17:26 444D1016CF8768D83B05DCFB9974D001 3813376 ----a-w- C:\Users\Davis\Desktop\RogueKiller.exe2014-02-14 21:13:29 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com2014-02-14 20:49:07 -------- d-----w- C:\ProgramData\HitmanPro2014-02-14 20:11:29 8B968045D75783A09592C3105F2865DA 688992 ------r- C:\Users\Davis\Desktop\dds.com2014-02-14 18:54:53 -------- d-----w- C:\Windows\system32\config\systemprofile\cookies2014-02-14 18:54:39 -------- d-----w- C:\Users\Mrs georgia bolgar\cookies2014-02-14 18:54:19 -------- d-----w- C:\Users\Guest\cookies2014-02-14 18:54:14 -------- d-----w- C:\Users\Georgie\cookies2014-02-14 18:54:08 -------- d-----w- C:\Users\Georgia davis\cookies2014-02-14 18:54:05 -------- d---a-w- C:\Users\Default\cookies2014-02-14 18:14:55 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG2014-02-04 20:13:10 B29E83869C302164E81F3B3D1DC51A90 1069512 ----a-w- C:\Users\Davis\Downloads\install_flashplayer12x32au_mssd_awc_aih.exe2014-02-04 14:40:39 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes2014-02-04 14:39:21 -------- d-----w- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E12014-01-29 21:01:15 -------- d-----w- C:\ProgramData\DeuaalsFiindeorrPro2014-01-29 21:01:02 -------- d-----w- C:\ProgramData\toppbuyero====== C: exe-files ==2014-02-15 15:17:26 444D1016CF8768D83B05DCFB9974D001 3813376 ----a-w- C:\Users\Davis\Desktop\RogueKiller.exe2014-02-14 20:48:40 65C622BEC80214257477E7EEA5202634 9237392 ----a-w- C:\Users\Davis\AppData\Local\Temporary Internet Files\Content.IE5\0ZPWR73Q\HitmanPro[1].exe2014-02-14 20:48:40 65C622BEC80214257477E7EEA5202634 9237392 ----a-w- C:\Users\Davis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0ZPWR73Q\HitmanPro[1].exe2014-02-14 18:08:35 9658D51C4BF63614F8A4FECA5B2E2065 6059888 ----a-w- C:\Program Files\AVG\AVG2014\avgmfapx.exe2014-02-09 13:00:10 210A979AD7DDAE41F7C67890F4D126DE 5508656 ----a-w- C:\Program Files\AVG\AVG2014\avgcremx.exe=== C: other files ==2014-02-15 20:07:48 FEE78C814A473A5D49DDAE84E70E0442 109508 ----a-w- C:\Users\Public\Desktop\sample_022014_2007.zip2014-02-15 10:31:10 9109344E0DD07369654ADFEDD840845D 1042 ----a-w- C:\Users\Davis\AppData\Local\Temp\nsm47EA.tmp\notifykeysC.com2014-02-15 10:16:02 25F17E048A428044BBDECFD72C3BC614 709 ----a-w- C:\Users\Davis\AppData\Local\Temporary Internet Files\Content.IE5\L78J2XQ7\FoolishUpdates[2].zip2014-02-15 10:16:02 25F17E048A428044BBDECFD72C3BC614 709 ----a-w- C:\Users\Davis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L78J2XQ7\FoolishUpdates[2].zip2014-02-15 10:13:21 6DCD5D0BF29F3B83A880517ECE374E50 2474772 ----a-w- C:\Users\Davis\AppData\Local\Temporary Internet Files\Content.IE5\VSPA2X55\d7_modules[1].zip2014-02-15 10:13:21 6DCD5D0BF29F3B83A880517ECE374E50 2474772 ----a-w- C:\Users\Davis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VSPA2X55\d7_modules[1].zip2014-02-15 10:03:27 6AC365B716BF5C77A64708F9A5AA004A 25088 ----a-w- C:\Users\Davis\AppData\Local\Temp\mbr.sys2014-02-15 10:03:24 9109344E0DD07369654ADFEDD840845D 1042 ----a-w- C:\Users\Davis\AppData\Local\Temp\nsoFD34.tmp\notifykeysC.com2014-02-15 09:42:33 25F17E048A428044BBDECFD72C3BC614 709 ----a-w- C:\Users\Davis\AppData\Local\Temporary Internet Files\Content.IE5\L78J2XQ7\FoolishUpdates[1].zip2014-02-15 09:42:33 25F17E048A428044BBDECFD72C3BC614 709 ----a-w- C:\Users\Davis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L78J2XQ7\FoolishUpdates[1].zip2014-02-15 09:41:49 6DCD5D0BF29F3B83A880517ECE374E50 2474772 ----a-w- C:\Users\Davis\AppData\Local\Temporary Internet Files\Content.IE5\0ZPWR73Q\d7_modules[1].zip2014-02-15 09:41:49 6DCD5D0BF29F3B83A880517ECE374E50 2474772 ----a-w- C:\Users\Davis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0ZPWR73Q\d7_modules[1].zip2014-02-15 09:17:35 9109344E0DD07369654ADFEDD840845D 1042 ----a-w- C:\Users\Davis\AppData\Local\Temp\nsf7C33.tmp\notifykeysC.com2014-02-14 21:11:31 FFB26724FC744EDB50D079DC5038ABC4 14702304 ----a-w- C:\Users\Davis\AppData\Local\Temporary Internet Files\Content.IE5\L78J2XQ7\SAS_019E716[1].COM2014-02-14 21:11:31 FFB26724FC744EDB50D079DC5038ABC4 14702304 ----a-w- C:\Users\Davis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L78J2XQ7\SAS_019E716[1].COM2014-02-14 21:05:03 6FE786A824FD9B4914520801290E2680 6202810 ----a-w- C:\ProgramData\AVG2014\IDS\outbox\tmp_7851bc69-8bc6-47d2-b5aa-d1682da2f965.zip2014-02-14 21:00:00 324F5F9431487FAF29A973DE958C332D 6204393 ----a-w- C:\ProgramData\AVG2014\IDS\outbox\tmp_8dd4c258-8bc5-47d2-ae2c-d1682da2f965.zip2014-02-14 20:49:07 05E0D8EE7D6FAB5CB672FEC3AAD93AA0 30464 ----a-w- C:\Windows\System32\drivers\hitmanpro37.sys2014-02-14 20:11:29 8B968045D75783A09592C3105F2865DA 688992 ------r- C:\Users\Davis\Desktop\dds.com2014-02-14 17:22:50 E4F0F25727407BC26A70895B7F7CE4E5 641612 ----a-w- C:\ProgramData\AVG2014\IDS\outbox\tmp_b2adc180-8ba4-47d2-a8e2-d1682da2f965.zip2014-02-12 15:53:29 185BDF49783912DA91809DE5AC3EB276 54175 ----a-w- C:\ProgramData\AVG2014\IDS\outbox\tmp_3af4b3b6-8a17-47d2-a86a-d1682da2f965.zip2014-02-12 10:51:47 B98AF63EFFE27AD2B898768C7ABCBC97 710413 ----a-w- C:\ProgramData\AVG2014\IDS\outbox\tmp_f99952f1-85ee-47d2-bb85-d1682da2f965.zip==== Startup Registry Enabled ======================[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]"WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter""Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem"[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]"WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter""Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem"[HKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1000\Software\Microsoft\Windows\CurrentVersion\Run]"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe""ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe""ehTray.exe"="C:\Windows\ehome\ehTray.exe""Pando Media Booster"="C:\Program Files\Pando Networks\Media Booster\PMB.exe""Facebook Update"="C:\Users\Davis\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver""swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe""Google Update"="C:\Users\Davis\AppData\Local\Google\Update\GoogleUpdate.exe /c""WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe"[HKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1004\Software\Microsoft\Windows\CurrentVersion\Run]"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun""TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe""NDSTray.exe"="NDSTray.exe""Persistence"="C:\Windows\system32\igfxpers.exe""RtHDVCpl"="RtHDVCpl.exe""Skytel"="Skytel.exe""HDMICtrlMan"="C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe""GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe""Toshiba TEMPO"="C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe""APSDaemon"="C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe""vProt"="C:\Program Files\AVG Secure Search\vprot.exe""AVG_UI"="C:\Program Files\AVG\AVG2014\avgui.exe /TRAYONLY""QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe -atboottime""mobilegeni daemon"="C:\Program Files\Mobogenie\DaemonProcess.exe""iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe""Windows Defender"="%ProgramFiles%\Windows Defender\MSASCui.exe -hide""TPwrMain"="%ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]"AvgUninstallURL"="cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-lsf?lic=TlVIRDQtWUg5UEUtTzNQNEUtUVJERUstR0RKWjctVk9YVUw&inst=NzctMTIxODUzNjgzOS1GUDkyKzYtQkFSOUcrMS1GTCs5LVhPMzYrMS1DSUExMCsyLVNQMSsxLVNVUCs0LVRVRyszLVNQMVM0KzEtRERUKzAtTFNEKzItREQxMCsxLVNUMTBBUFArMS1QMTBNMTJDKzEtVTEwKzEtVEIrMS1GVUkrMi1QMTBUQisyLUVVTEErMS1TVFAxME0xMkNNKzEtU1QxMkFQUCsx∏=55&ver=2012.0.1780&mid=84f5bd6a3a24b8b2df974b4dfa68e073-f53cc401da39bf00f11a57d79d9871e18aeaa71d"[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe""ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe""ehTray.exe"="C:\Windows\ehome\ehTray.exe""Pando Media Booster"="C:\Program Files\Pando Networks\Media Booster\PMB.exe""Facebook Update"="C:\Users\Davis\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver""swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe""Google Update"="C:\Users\Davis\AppData\Local\Google\Update\GoogleUpdate.exe /c""WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe"==== Startup Registry Disabled ======================[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\00TCrdMain]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="00TCrdMain""hkey"="HKLM""command"="%ProgramFiles%\\TOSHIBA\\FlashCards\\TCrdMain.exe"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Reader Speed Launcher]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="Adobe Reader Speed Launcher""hkey"="HKLM""command"="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\""[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Camera Assistant Software]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="Camera Assistant Software""hkey"="HKLM""command"="\"C:\\Program Files\\Camera Assistant Software for Toshiba\\traybar.exe\" /start"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cfFncEnabler.exe]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="cfFncEnabler.exe""hkey"="HKLM""command"="cfFncEnabler.exe"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ehTray.exe]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="ehTray.exe""hkey"="HKCU""command"="C:\\Windows\\ehome\\ehTray.exe"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Google Desktop Search]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="Google Desktop Search""hkey"="HKLM""command"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Google EULA Launcher]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="Google EULA Launcher""hkey"="HKLM""command"="c:\\Program Files\\Google\\Google EULA\\GoogleEULALauncher.exe IE PA"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HotKeysCmds]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="HotKeysCmds""hkey"="HKLM""command"="C:\\Windows\\system32\\hkcmd.exe" Post is in three part, wont post all due to length. Link to post Share on other sites More sharing options...
jeffdavis Posted February 15, 2014 Author ID:791749 Share Posted February 15, 2014 2nd Part [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HSON]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="HSON""hkey"="HKLM""command"="%ProgramFiles%\\TOSHIBA\\TBS\\HSON.exe"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IgfxTray]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="IgfxTray""hkey"="HKLM""command"="C:\\Windows\\system32\\igfxtray.exe"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="iTunesHelper""hkey"="HKLM""command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Messenger (Yahoo!)]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="Messenger (Yahoo!)""hkey"="HKCU""command"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="QuickTime Task""hkey"="HKLM""command"="\"C:\\Program Files\\QuickTime\\QTTask.exe\" -atboottime"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SmoothView]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="SmoothView""hkey"="HKLM""command"="%ProgramFiles%\\Toshiba\\SmoothView\\SmoothView.exe"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="SunJavaUpdateSched""hkey"="HKLM""command"="\"C:\\Program Files\\Common Files\\Java\\Java Update\\jusched.exe\""[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\swg]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="swg""hkey"="HKCU""command"="\"C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe\""[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\topi]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="topi""hkey"="HKLM""command"="C:\\Program Files\\TOSHIBA\\Toshiba Online Product Information\\topi.exe -startup"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Toshiba Registration]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="Toshiba Registration""hkey"="HKLM""command"="C:\\Program Files\\Toshiba\\Registration\\ToshibaRegistration.exe"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Toshiba TEMPO]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="Toshiba TEMPO""hkey"="HKLM""command"="C:\\Program Files\\Toshiba TEMPRO\\Toshiba.Tempo.UI.TrayApplication.exe"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WMPNSCFG]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="WMPNSCFG""hkey"="HKCU""command"="C:\\Program Files\\Windows Media Player\\WMPNSCFG.exe"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Davis^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Media Player.lnk]"path"="C:\\Users\\Davis\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Adobe Media Player.lnk""backup"="C:\\Windows\\pss\\Adobe Media Player.lnk.Startup""backupExtension"=".Startup""command"="C:\\PROGRA~1\\ADOBEM~1\\ADOBEM~1.EXE ""item"="Adobe Media Player"==== Startup Folders ======================2008-07-01 15:08:20 1835 ----a-w- C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk2008-07-01 15:08:20 1835 ----a-w- C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk2009-09-27 17:59:29 1833 ----a-w- C:\Users\Georgie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk2011-01-05 18:37:11 1116 ----a-w- C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk2013-10-22 19:38:54 1116 ----a-w- C:\Users\Mrs georgia bolgar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk2012-12-04 16:01:49 1924 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk2009-01-09 15:45:23 641 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Update Agent.lnk==== Task Scheduler Jobs ======================C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [08/02/2014 12:35]C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1000Core.job --a------ C:\Users\Davis\AppData\Local\Facebook\Update\FacebookUpdate.exe [11/07/2012 21:31]C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1000UA.job --a------ C:\Users\Davis\AppData\Local\Facebook\Update\FacebookUpdate.exe [11/07/2012 21:31]C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1003Core.job --a------ C:\Users\Georgia davis\AppData\Local\Facebook\Update\FacebookUpdate.exe [11/12/2012 17:42]C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1003UA.job --a------ C:\Users\Georgia davis\AppData\Local\Facebook\Update\FacebookUpdate.exe [11/12/2012 17:42]C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [30/01/2010 19:08]C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [30/01/2010 19:08]C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1000Core.job --a------ C:\Users\Davis\AppData\Local\Google\Update\GoogleUpdate.exe [17/09/2012 19:10]C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1000UA.job --a------ C:\Users\Davis\AppData\Local\Google\Update\GoogleUpdate.exe [17/09/2012 19:10]C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1003Core.job --a------ C:\Users\Georgia davis\AppData\Local\Google\Update\GoogleUpdate.exe [17/09/2012 19:10]C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1003UA.job --a------ C:\Users\Georgia davis\AppData\Local\Google\Update\GoogleUpdate.exe [17/09/2012 19:10]C:\Windows\tasks\User_Feed_Synchronization-{7DB64578-8B9B-4A26-8F64-DF64F6338DB0}.job --ah----- C:\Windows\system32\msfeedssync.exe [16/06/2011 22:22]==== Other Scheduled Tasks ======================"C:\Windows\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe]"C:\Windows\system32\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe]"C:\Windows\system32\tasks\FacebookUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1000Core" [C:\Users\Davis\AppData\Local\Facebook\Update\FacebookUpdate.exe]"C:\Windows\system32\tasks\FacebookUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1000UA" [C:\Users\Davis\AppData\Local\Facebook\Update\FacebookUpdate.exe]"C:\Windows\system32\tasks\FacebookUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1003Core" [C:\Users\Georgia davis\AppData\Local\Facebook\Update\FacebookUpdate.exe]"C:\Windows\system32\tasks\FacebookUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1003UA" [C:\Users\Georgia davis\AppData\Local\Facebook\Update\FacebookUpdate.exe]"C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe]"C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe]"C:\Windows\system32\tasks\GoogleUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1000Core" [C:\Users\Davis\AppData\Local\Google\Update\GoogleUpdate.exe]"C:\Windows\system32\tasks\GoogleUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1000UA" [C:\Users\Davis\AppData\Local\Google\Update\GoogleUpdate.exe]"C:\Windows\system32\tasks\GoogleUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1003Core" [C:\Users\Georgia davis\AppData\Local\Google\Update\GoogleUpdate.exe]"C:\Windows\system32\tasks\GoogleUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1003UA" [C:\Users\Georgia davis\AppData\Local\Google\Update\GoogleUpdate.exe]"C:\Windows\system32\tasks\User_Feed_Synchronization-{7DB64578-8B9B-4A26-8F64-DF64F6338DB0}" [C:\Windows\system32\msfeedssync.exe]"C:\Windows\system32\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files\Apple Software Update\SoftwareUpdate.exe]==== Firefox Extensions Registry ======================[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]"{4ED1F68A-5463-4931-9384-8FFF5ED91D92}"="C:\Program Files\McAfee\SiteAdvisor" [11/02/2014 15:41]==== Firefox Extensions ======================ProfilePath: C:\Users\Davis\AppData\Roaming\Mozilla\Firefox\Profiles\xzk1ljzw.default- Undetermined - C:\ProgramData\AVG Secure Search\FireFoxExt\17.3.0.49AppDir: C:\Program Files\Mozilla Firefox- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}==== Firefox Plugins ======================Profilepath: C:\Users\Davis\AppData\Roaming\Mozilla\Firefox\Profiles\xzk1ljzw.defaultFD6ACD9D85177259D442A0C4AC15F7B8 - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_44.dll - Shockwave Flash63EE2015B877A2E472CC59E05291AA39 - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMSS.dll - McAfee Security Scanner +49CFBB2130C682FFDF2CEBEE9A2D556E - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll - iTunes Application DetectorC36444D7301A8C881FC7296B092609C7 - C:\Users\Davis\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll - Google UpdateC36444D7301A8C881FC7296B092609C7 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll - Google UpdateFF0D6F82A0EC13952E83B9439100E45D - C:\Users\Davis\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin68BCBB241EF254BC5100D9E6C06ECC71 - C:\Users\Davis\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll - Google Talk Plugin Video Accelerator99FE6AFE80EB7FE3EEB75DC504A326A3 - C:\Users\Davis\AppData\Roaming\Mozilla\plugins\npo1d.dll - Google Talk Plugin Video RendererAF42019A3B0EDBFA6878F75B9377A792 - C:\Users\Davis\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll - Google Talk PluginEEEB86077BB4682B3FCFEDA5AED3E396 - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll - QuickTime Plug-in 7.7.4BADFB0DCCD9B7E9F2F6EB7954D24EED1 - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll - QuickTime Plug-in 7.7.41153F58FACBC9731AF6CDF313F76DF29 - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll - QuickTime Plug-in 7.7.49E4F520270BF7301CC24E8FA67791C22 - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll - QuickTime Plug-in 7.7.4E50A1DB5DE70D656287511297B42F9F2 - C:\Program Files\QuickTime\Plugins\npqtplugin.dll - QuickTime Plug-in 7.7.45B92CB0A3EEE50F6B9AE036B4F9B0F0C - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll - Google Earth PluginBE501CBC29B2025A263D80D399F1797A - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll - Silverlight Plug-InC517E5EA7CEE783F3681F62D2A362E5B - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Windows Live? Photo Gallery0EFA66E9384DBCED4D639FB9BDD97536 - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll - Pando Web Plugin44CD19D98995CB3056F406113B175820 - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll - Java Deployment Toolkit 6.0.230.5EA8FCF30D2961369435C84CE3B3063F1 - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll - Java Platform SE 6 U238130FF8214221BA5AC764909587E161A - C:\Program Files\Adobe\Reader 8.0\Reader\browser\nppdf32.dll - Adobe AcrobatAB87EEFFD18F2BAAFC274E7075EA6C67 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation FoundationB27CCB1168B1960AEC6E9D3E0E0F0D2A - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrlui.dll - Microsoft® Silverlight==== Chrome Look ======================HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensionsbopakagnckmlgajfccecajhnimjiiedh - No path found[]fheoggkfdfchfphceeifdbepaooicaho - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx[02/02/2014 08:58]gaiilaahiahdejapggenmdmafpmbipje - C:\Program Files\DealPly\DealPly.crx[]ihflimipbcaljfnojhhknppphnnciiif - C:\Program Files\facemoods.com\facemoods\1.4.17.11\facemoods.crx[]jpmbfleldcgkldadpdinhjjopdfpjfjp - C:\Users\Davis\AppData\Local\Wajam\Chrome\wajam.crx[]niapdbllcanepiiimjjndipklodoedlc - C:\Program Files\Yontoo\YontooLayers.crx[]HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensionsgaiilaahiahdejapggenmdmafpmbipje - C:\Program Files\DealPly\DealPly.crx[]New Tab - Davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehojDealPly - Davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipjeFacemoods - Davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiifDeuaalsFiindeorrPro - Davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbjidnnbnonlmanfgmfghkcnhbkndlebAVG Safe Search - Davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahlaAVG Secure Search - Davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblofGoogle Drive - Georgia davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalfYouTube - Georgia davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeoGoogle Search - Georgia davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpfDealPly - Georgia davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipjeFacemoods - Georgia davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiifAVG Safe Search - Georgia davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahlaAVG Secure Search - Georgia davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblofGmail - Georgia davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaediaEntanglement - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefdDealPly - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipjeFacemoods - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiifDeuaalsFiindeorrPro - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbjidnnbnonlmanfgmfghkcnhbkndlebAVG Safe Search - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahlaPoppit - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmiAVG Secure Search - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblofDealPly - Mrs georgia bolgar\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipjeFacemoods - Mrs georgia bolgar\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiifDeuaalsFiindeorrPro - Mrs georgia bolgar\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbjidnnbnonlmanfgmfghkcnhbkndlebAVG Security Toolbar - Mrs georgia bolgar\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblofInstagram for Chrome - Mrs georgia bolgar\AppData\Local\Google\Chrome\User Data\Default\Extensions\opnbmdkdflhjiclaoiiifmheknpccalb==== Chrome Fix ======================C:\Users\Davis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.wajam.com_0.localstorage deleted successfullyC:\Users\Davis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.wajam.com_0.localstorage-journal deleted successfullyC:\Users\Davis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.getpricepeep.com_0.localstorage deleted successfullyC:\Users\Davis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.getpricepeep.com_0.localstorage-journal deleted successfullyC:\Users\Davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje deleted successfullyC:\Users\Georgia davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje deleted successfullyC:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje deleted successfullyC:\Users\Mrs georgia bolgar\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje deleted successfullyC:\Users\Davis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gaiilaahiahdejapggenmdmafpmbipje_0.localstorage deleted successfullyC:\Users\Davis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gaiilaahiahdejapggenmdmafpmbipje_0.localstorage-journal deleted successfullyC:\Users\Davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif deleted successfullyC:\Users\Georgia davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif deleted successfullyC:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif deleted successfullyC:\Users\Mrs georgia bolgar\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif deleted successfullyC:\Users\Davis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ihflimipbcaljfnojhhknppphnnciiif_0.localstorage deleted successfullyC:\Users\Davis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ihflimipbcaljfnojhhknppphnnciiif_0.localstorage-journal deleted successfullyC:\Users\Georgia davis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ihflimipbcaljfnojhhknppphnnciiif_0.localstorage deleted successfullyC:\Users\Georgia davis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ihflimipbcaljfnojhhknppphnnciiif_0.localstorage-journal deleted successfullyC:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ihflimipbcaljfnojhhknppphnnciiif_0.localstorage deleted successfullyC:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ihflimipbcaljfnojhhknppphnnciiif_0.localstorage-journal deleted successfullyC:\Users\Davis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_jpmbfleldcgkldadpdinhjjopdfpjfjp_0.localstorage deleted successfullyC:\Users\Davis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_jpmbfleldcgkldadpdinhjjopdfpjfjp_0.localstorage-journal deleted successfullyC:\Users\Davis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_niapdbllcanepiiimjjndipklodoedlc_0.localstorage deleted successfullyC:\Users\Davis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_niapdbllcanepiiimjjndipklodoedlc_0.localstorage-journal deleted successfullyC:\Users\Georgia davis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_niapdbllcanepiiimjjndipklodoedlc_0.localstorage deleted successfullyC:\Users\Georgia davis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_niapdbllcanepiiimjjndipklodoedlc_0.localstorage-journal deleted successfullyC:\Users\Davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbjidnnbnonlmanfgmfghkcnhbkndleb deleted successfullyC:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbjidnnbnonlmanfgmfghkcnhbkndleb deleted successfullyC:\Users\Mrs georgia bolgar\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbjidnnbnonlmanfgmfghkcnhbkndleb deleted successfullyC:\Users\Davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof deleted successfullyC:\Users\Georgia davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof deleted successfullyC:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof deleted successfullyC:\Users\Mrs georgia bolgar\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof deleted successfullyC:\Users\Davis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ndibdjnfmopecpmkdieinmbadjfpblof_0.localstorage deleted successfullyC:\Users\Davis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ndibdjnfmopecpmkdieinmbadjfpblof_0.localstorage-journal deleted successfullyC:\Users\Georgia davis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ndibdjnfmopecpmkdieinmbadjfpblof_0.localstorage deleted successfullyC:\Users\Georgia davis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ndibdjnfmopecpmkdieinmbadjfpblof_0.localstorage-journal deleted successfullyC:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ndibdjnfmopecpmkdieinmbadjfpblof_0.localstorage deleted successfullyC:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ndibdjnfmopecpmkdieinmbadjfpblof_0.localstorage-journal deleted successfully==== Set IE to Default ======================Old Values:[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]"Start Page"="http://www.ebay.co.uk/""Default_Page_URL"="http://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA;""Search Bar"="http://www.google.com/"[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]"Default_Page_URL"="http://uk.yahoo.com""Start Page"="http://www.searchya.com/?s=0&a=foxtab&chnl=tc-100&cd=2XzuyEtN2Y1L1QzutDtDtBtCyC0ByEyCtCtDzyyCzztByE0AtN0D0Tzu0StAtDtDtN1L2XzutBtFtBtFtCtFtAyDyD&cr=480137568"[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]@="http://uk.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://uk.search.yahoo.com"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]"Tabs"="http://www.searchya.com/?s=2&a=foxtab&chnl=tc-100&cd=2XzuyEtN2Y1L1QzutDtDtBtCyC0ByEyCtCtDzyyCzztByE0AtN0D0Tzu0StAtDtDtN1L2XzutBtFtBtFtCtFtAyDyD&cr=480137568"[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]"DefaultScope"="{839A7CA3-273C-4130-AFF3-7A4766001684}"[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{839A7CA3-273C-4130-AFF3-7A4766001684}] not foundNew Values:[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896""Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157""Start Page"="http://www.ebay.co.uk/"[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157""Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]"(Default)"="http://search.msn.com/results.asp?q=%s"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs][HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"==== All HKCU SearchScopes ======================HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"{413EC48B-03FB-4AD2-8F18-1B3525B940BD} Google Url="http://www.google.com/search?source=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7GGLL_en-GB"{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"{70D46D94-BF1E-45ED-B567-48701376298E} Google Desktop Url="http://127.0.0.1:4664/search&s=PzUpTmDrCyJO6uiEzcPbAecchFQ?q={searchTerms}"==== Deleting CLSID Registry Keys ======================HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} deleted successfullyHKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} deleted successfullyHKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} deleted successfullyHKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} deleted successfullyHKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} deleted successfullyHKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} deleted successfullyHKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfullyHKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfullyHKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfullyHKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfullyHKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfullyHKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfullyHKEY_CLASSES_ROOT\CLSID\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} deleted successfullyHKEY_CLASSES_ROOT\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfullyHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfullyHKEY_CLASSES_ROOT\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC} deleted successfully==== Deleting CLSID Registry Values ======================HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Approved Extensions\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} deleted successfullyHKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfullyHKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfullyHKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfullyHKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Approved Extensions\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfullyHKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1004\Software\Microsoft\Internet Explorer\Approved Extensions\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfullyHKEY_USERS\S-1-5-21-1847146488-4185065798-1427826158-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\{00000000-6E41-4FD3-8538-502F5495E5FC} deleted successfullyHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} deleted successfullyHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfullyHKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\avg@toolbar deleted successfully==== Deleting Registry Keys ======================HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF deleted successfullyHKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh deleted successfullyHKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje deleted successfullyHKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\ihflimipbcaljfnojhhknppphnnciiif deleted successfullyHKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp deleted successfullyHKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc deleted successfullyHKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje deleted successfullyHKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\iLivid deleted successfullyHKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Mobogenie deleted successfullyHKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\searchya deleted successfullyHKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\WhiteSmoke deleted successfullyHKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE} deleted successfullyHKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B} deleted successfullyHKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1 deleted successfullyHKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF deleted successfully==== HijackThis Entries ======================R3 - Default URLSearchHook is missingO1 - Hosts: ::1 localhostO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dllO2 - BHO: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files\Microsoft\BingBar\7.3.124.0\BingExt.dllO2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dllO2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dllO2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dllO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllO2 - BHO: SMTTB2009 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Pivot Stickfigure Toolbar\tbcore3.dllO3 - Toolbar: Pivot Stickfigure Toolbar - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\Pivot Stickfigure Toolbar\tbcore3.dllO3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dllO3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dllO3 - Toolbar: Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files\Microsoft\BingBar\7.3.124.0\BingExt.dllO4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hideO4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exeO4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exeO4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exeO4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exeO4 - HKLM\..\Run: [skytel] Skytel.exeO4 - HKLM\..\Run: [HDMICtrlMan] C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exeO4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXEO4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"O4 - HKLM\..\Run: [Toshiba TEMPO] C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exeO4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2014\avgui.exe" /TRAYONLYO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottimeO4 - HKLM\..\Run: [mobilegeni daemon] C:\Program Files\Mobogenie\DaemonProcess.exeO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-lsf?lic=TlVIRDQtWUg5UEUtTzNQNEUtUVJERUstR0RKWjctVk9YVUw"&"inst=NzctMTIxODUzNjgzOS1GUDkyKzYtQkFSOUcrMS1GTCs5LVhPMzYrMS1DSUExMCsyLVNQMSsxLVNVUCs0LVRVRyszLVNQMVM0KzEtRERUKzAtTFNEKzItREQxMCsxLVNUMTBBUFArMS1QMTBNMTJDKzEtVTEwKzEtVEIrMS1GVUkrMi1QMTBUQisyLUVVTEErMS1TVFAxME0xMkNNKzEtU1QxMkFQUCsx"&"prod=55"&"ver=2012.0.1780"&"mid=84f5bd6a3a24b8b2df974b4dfa68e073-f53cc401da39bf00f11a57d79d9871e18aeaa71dO4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exeO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exeO4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exeO4 - HKCU\..\Run: [Facebook Update] "C:\Users\Davis\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserverO4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"O4 - HKCU\..\Run: [Google Update] "C:\Users\Davis\AppData\Local\Google\Update\GoogleUpdate.exe" /cO4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exeO4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-21-1847146488-4185065798-1427826158-1004\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Mrs georgia bolgar')O4 - S-1-5-21-1847146488-4185065798-1427826158-1004 Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Mrs georgia bolgar')O4 - S-1-5-21-1847146488-4185065798-1427826158-1004 User Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Mrs georgia bolgar')O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (User 'Default user')O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exeO4 - Global Startup: Update Agent.lnk = ?O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dllO9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dllO9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dllO9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLLO11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphicsO16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cabO18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dllO18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dllO18 - Protocol: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\PROGRA~1\INBOXT~1\Inbox.dll (file missing)O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (file missing)O18 - Protocol: rebinfo - {AF808758-C780-404C-A4EE-4526323FD9B6} - (no file)O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dllO18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0\ViProtocol.dll (file missing)O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllO22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dllO23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exeO23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exeO23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeO23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2014\avgfws.exeO23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2014\avgidsagent.exeO23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2014\avgwdsvc.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exeO23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exeO23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exeO23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exeO23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exeO23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exeO23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exeO23 - Service: SmartFaceVWatchSrv - Toshiba - C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exeO23 - Service: Notebook Performance Tuning Service (TempoMonitoringService) - Toshiba Europe GmbH - C:\Program Files\Toshiba TEMPRO\TempoSVC.exeO23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exeO23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exeO23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exeO23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exeO23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe==== Sysinternals Autoruns Log ======================HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute bootdelete bootdelete File not found: bootdelete C:\Users\Davis\AppData\Local\Microsoft\Windows Sidebar\Settings.ini Search eBay C:\Program Files\windows sidebar\shared gadgets\eBaySearch.Gadget Quick search eBay eBay Inc. C:\Program Files\windows sidebar\shared gadgets\eBaySearch.Gadget\Gadget.xml 01/07/2008 15:14 Amazon.co.uk - Online Shopping C:\Program Files\windows sidebar\shared gadgets\amazonSearch.Gadget Amazon EU S.a.r.l. C:\Program Files\windows sidebar\shared gadgets\amazonSearch.Gadget\Gadget.xml 01/07/2008 15:14HKLM\System\CurrentControlSet\Services AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes. Adobe Systems Incorporated 12.0.0.44 c:\windows\system32\macromed\flash\flashplayerupdateservice.exe 28/01/2014 01:56 AgereModemAudio C:\Windows\system32\agrsmsvc.exe Agere Soft Modem Call Progress Service Agere Systems 1.0.0.4 c:\windows\system32\agrsmsvc.exe 05/10/2006 17:10 Apple Mobile Device "C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe" Provides the interface to Apple mobile devices. Apple Inc. 17.327.4.11 c:\program files\common files\apple\mobile device support\applemobiledeviceservice.exe 07/12/2013 04:16 avgfws "C:\Program Files\AVG\AVG2014\avgfws.exe" AVG Firewall Service AVG Technologies CZ, s.r.o. 14.0.0.4204 c:\program files\avg\avg2014\avgfws.exe 23/09/2013 23:34 AVGIDSAgent "C:\Program Files\AVG\AVG2014\avgidsagent.exe" Provides Identity Protection Against Cyber Crime. AVG Technologies CZ, s.r.o. 14.0.0.4330 c:\program files\avg\avg2014\avgidsagent.exe 22/01/2014 11:19 avgwd "C:\Program Files\AVG\AVG2014\avgwdsvc.exe" AVG Watchdog Service AVG Technologies CZ, s.r.o. 14.0.0.4204 c:\program files\avg\avg2014\avgwdsvc.exe 23/09/2013 23:33 Bonjour Service "C:\Program Files\Bonjour\mDNSResponder.exe" Enables hardware devices and software services to automatically configure themselves on the network and advertise their presence. Apple Inc. 3.0.0.10 c:\program files\bonjour\mdnsresponder.exe 31/08/2011 05:40 ConfigFree Service "C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe" You can't stop this service, if you want to keep ConfigFree functionality fine. TOSHIBA CORPORATION 7.0.1.6 c:\program files\toshiba\configfree\cfsvcs.exe 16/04/2008 15:19 GoogleDesktopManager-051210-111108 "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" Updates Google Desktop with the latest security fixes, enhancements and features. This service only runs occasionally and thus does not affect your computer's performance. If this service is stopped or disabled, Google Desktop may not function correctly. Google 5.9.1005.12335 c:\program files\google\google desktop search\googledesktop.exe 12/05/2010 18:47 gupdate "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it. Google Inc. 1.2.183.9 c:\program files\google\update\googleupdate.exe 13/10/2009 23:04 gupdatem "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it. Google Inc. 1.2.183.9 c:\program files\google\update\googleupdate.exe 13/10/2009 23:04 gusvc "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" Google Updater keeps your Google software up to date. If Google Updater Service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. Google 2.4.2617.4952 c:\program files\google\common\google updater\googleupdaterservice.exe 02/03/2012 21:13 iPod Service "C:\Program Files\iPod\bin\iPodService.exe" iPod hardware management services Apple Inc. 11.1.4.62 c:\program files\ipod\bin\ipodservice.exe 21/01/2014 00:03 McAfee SiteAdvisor Service c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe McAfee SiteAdvisor Service McAfee, Inc. 3.6.5.103 c:\program files\mcafee\siteadvisor\mcsacore.exe 22/01/2014 21:44 McComponentHostService "C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe" McAfee Security Scan Component Host Service McAfee, Inc. 3.8.141.0 c:\program files\mcafee security scan\3.8.141\mcchsvc.exe 16/01/2014 00:29 MozillaMaintenance "C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe" The Mozilla Maintenance Service ensures that you have the latest and most secure version of Mozilla Firefox on your computer. Keeping Firefox up to date is very important for your online security, and Mozilla strongly recommends that you keep this service enabled. Mozilla Foundation 26.0.0.5087 c:\program files\mozilla maintenance service\maintenanceservice.exe 05/12/2013 17:09 SmartFaceVWatchSrv "C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe" Service for SmartFaceV Toshiba 2.0.2.0 c:\program files\toshiba\smartfacev\smartfacevwatchsrv.exe 24/04/2008 09:35 TempoMonitoringService "C:\Program Files\Toshiba TEMPRO\TempoSVC.exe" Toshiba Notebook Performance Tuning Service Toshiba Europe GmbH 1.1.0.0 c:\program files\toshiba tempro\temposvc.exe 04/04/2008 01:30 TNaviSrv C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe TOSHIBA Navi Support Service TOSHIBA Corporation 1.0.0.3 c:\program files\toshiba\toshiba dvd player\tnavisrv.exe 18/07/2008 09:56 TODDSrv C:\Windows\system32\TODDSrv.exe TDCSrv Application TOSHIBA Corporation 1.0.0.5 c:\windows\system32\toddsrv.exe 21/11/2007 07:53 TosCoSrv "C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe" TOSHIBA Power Saver manages power saving settings supported by TOSHIBA. These settings will not work if the service has stopped. TOSHIBA Corporation 1.0.0.1 c:\program files\toshiba\power saver\toscosrv.exe 11/01/2008 01:57 TOSHIBA SMART Log Service "C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe" TosIPCSrv.exe TOSHIBA Corporation 1.0.0.1 Link to post Share on other sites More sharing options...
jeffdavis Posted February 15, 2014 Author ID:791750 Share Posted February 15, 2014 3rd part c:\program files\toshiba\smartlogservice\tosipcsrv.exe 03/12/2007 08:03 UleadBurningHelper C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe ULCDRSvr Ulead Systems, Inc. 1.0.0.4 c:\program files\common files\ulead systems\dvd\ulcdrsvr.exe 12/03/2004 20:04HKLM\System\CurrentControlSet\Services AgereSoftModem system32\DRIVERS\AGRSM.sys SoftModem Device Driver Agere Systems 2.1.77.0 c:\windows\system32\drivers\agrsm.sys 28/11/2006 20:10 Avgdiskx system32\DRIVERS\avgdiskx.sys AVG File Vault Driver AVG Technologies CZ, s.r.o. 14.0.0.4302 c:\windows\system32\drivers\avgdiskx.sys 25/11/2013 20:49 Avgfwfd system32\DRIVERS\avgfwd6x.sys AVG network filter driver AVG Technologies CZ, s.r.o. 14.0.0.4143 c:\windows\system32\drivers\avgfwd6x.sys 26/09/2013 07:44 AVGIDSDriver system32\DRIVERS\avgidsdriverx.sys AVG Technologies IDS Application Activity Monitor Driver AVG Technologies CZ, s.r.o. 14.0.0.4302 c:\windows\system32\drivers\avgidsdriverx.sys 25/11/2013 20:56 AVGIDSHX system32\DRIVERS\avgidshx.sys AVG Technologies IDS Application Activity Monitor Helper Driver AVG Technologies CZ, s.r.o. 14.0.0.4302 c:\windows\system32\drivers\avgidshx.sys 25/11/2013 20:56 AVGIDSShim system32\DRIVERS\avgidsshimx.sys AVG Technologies IDS Application Activity Monitor Shim Loader Driver AVG Technologies CZ, s.r.o. 14.0.0.4329 c:\windows\system32\drivers\avgidsshimx.sys 19/01/2014 20:46 Avgldx86 system32\DRIVERS\avgldx86.sys AVG AVI Loader Driver AVG Technologies CZ, s.r.o. 14.0.0.4219 c:\windows\system32\drivers\avgldx86.sys 31/10/2013 22:00 Avglogx system32\DRIVERS\avglogx.sys AVG Logging Driver AVG Technologies CZ, s.r.o. 14.0.0.4219 c:\windows\system32\drivers\avglogx.sys 31/10/2013 21:30 Avgmfx86 system32\DRIVERS\avgmfx86.sys AVG Resident Shield Minifilter Driver AVG Technologies CZ, s.r.o. 14.0.0.4206 c:\windows\system32\drivers\avgmfx86.sys 30/09/2013 22:49 Avgrkx86 system32\DRIVERS\avgrkx86.sys AVG Anti-Rootkit Driver AVG Technologies CZ, s.r.o. 14.0.0.4202 c:\windows\system32\drivers\avgrkx86.sys 09/09/2013 22:43 Avgtdix system32\DRIVERS\avgtdix.sys AVG Network connection watcher AVG Technologies CZ, s.r.o. 14.0.0.4089 c:\windows\system32\drivers\avgtdix.sys 01/08/2013 14:07 avgtp \??\C:\Windows\system32\drivers\avgtpx86.sys AVG Technologies 17.0.0.3 c:\windows\system32\drivers\avgtpx86.sys 29/08/2013 07:26 BrFiltLo \SystemRoot\system32\drivers\brfiltlo.sys Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver Brother Industries, Ltd. 1.10.0.2 c:\windows\system32\drivers\brfiltlo.sys 06/08/2006 21:33 BrFiltUp \SystemRoot\system32\drivers\brfiltup.sys Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver Brother Industries, Ltd. 1.4.0.1 c:\windows\system32\drivers\brfiltup.sys 06/08/2006 21:33 BrUsbSer \SystemRoot\system32\drivers\brusbser.sys Brother USB Serial Driver Brother Industries Ltd. 1.0.1.3 c:\windows\system32\drivers\brusbser.sys 09/08/2006 12:02 E1G60 system32\DRIVERS\E1G60I32.sys Intel® PRO/1000 Adapter NDIS 6 deserialized driver Intel Corporation 8.3.2.8 c:\windows\system32\drivers\e1g60i32.sys 07/08/2007 16:14 FwLnk system32\DRIVERS\FwLnk.sys TOSHIBA Firmware Linkage 32-bit Driver TOSHIBA Corporation 1.0.0.3 c:\windows\system32\drivers\fwlnk.sys 19/11/2006 14:11 GEARAspiWDM system32\DRIVERS\GEARAspiWDM.sys CD DVD Filter GEAR Software Inc. 2.2.3.0 c:\windows\system32\drivers\gearaspiwdm.sys 03/05/2012 19:55 hitmanpro37 \??\C:\Windows\system32\drivers\hitmanpro37.sys HitmanPro 3.7 Support Driver 1.3.7.6 c:\windows\system32\drivers\hitmanpro37.sys 11/04/2013 14:47 hwdatacard system32\DRIVERS\ewusbmdm.sys File not found: system32\DRIVERS\ewusbmdm.sys iaStor system32\DRIVERS\iaStor.sys Intel Matrix Storage Manager driver - ia32 Intel Corporation 8.0.0.1039 c:\windows\system32\drivers\iastor.sys 16/04/2008 00:07 igfx system32\DRIVERS\igdkmd32.sys Intel Graphics Kernel Mode Driver Intel Corporation 7.15.10.1502 c:\windows\system32\drivers\igdkmd32.sys 13/06/2008 01:43 IntcAzAudAddService system32\drivers\RTKVHDA.sys Realtek® High Definition Audio Function Driver Realtek Semiconductor Corp. 6.0.1.5599 c:\windows\system32\drivers\rtkvhda.sys 09/04/2008 09:59 IntcHdmiAddService system32\drivers\IntcHdmi.sys Intel® High Definition Audio HDMI Intel® Corporation 6.10.1.2059 c:\windows\system32\drivers\intchdmi.sys 20/06/2008 19:37 IpInIp system32\DRIVERS\ipinip.sys IP in IP Tunnel Driver File not found: system32\DRIVERS\ipinip.sys Netaapl system32\DRIVERS\netaapl.sys Apple Mobile Device Ethernet Apple Inc. 1.8.5.1 c:\windows\system32\drivers\netaapl.sys 15/07/2013 22:38 NETw5v32 system32\DRIVERS\NETw5v32.sys Intel© Wireless WiFi Link Driver Intel Corporation 12.0.0.73 c:\windows\system32\drivers\netw5v32.sys 28/04/2008 13:29 NwlnkFlt system32\DRIVERS\nwlnkflt.sys IPX Traffic Filter Driver File not found: system32\DRIVERS\nwlnkflt.sys NwlnkFwd system32\DRIVERS\nwlnkfwd.sys IPX Traffic Forwarder Driver File not found: system32\DRIVERS\nwlnkfwd.sys PxHelp20 System32\Drivers\PxHelp20.sys Px Engine Device Driver for Windows 2000/XP Sonic Solutions 3.0.67.0 c:\windows\system32\drivers\pxhelp20.sys 20/06/2007 22:26 rimmptsk system32\DRIVERS\rimmptsk.sys RICOH SD Driver REDC 6.0.3.5 c:\windows\system32\drivers\rimmptsk.sys 15/02/2008 09:01 rimsptsk system32\DRIVERS\rimsptsk.sys RICOH MS Driver REDC 6.0.1.11 c:\windows\system32\drivers\rimsptsk.sys 30/07/2007 01:42 rismxdp system32\DRIVERS\rixdptsk.sys RICOH XD SM Driver REDC 6.0.1.13 c:\windows\system32\drivers\rixdptsk.sys 30/07/2007 02:54 RTL8169 system32\DRIVERS\Rtlh86.sys Realtek 8101E/8168/8169 NDIS6 32-bit Driver Realtek Corporation 6.205.403.2008 c:\windows\system32\drivers\rtlh86.sys 15/04/2008 02:05 SASDIFSV \??\C:\Users\Davis\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV.SYS File not found: C:\Users\Davis\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV.SYS SASKUTIL \??\C:\Users\Davis\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL.SYS File not found: C:\Users\Davis\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL.SYS secdrv secdrv Macrovision SECURITY Driver Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. 4.3.86.0 c:\windows\system32\drivers\secdrv.sys 13/09/2006 13:18 SynTP system32\DRIVERS\SynTP.sys Synaptics Touchpad Driver Synaptics, Inc. 10.1.8.0 c:\windows\system32\drivers\syntp.sys 07/12/2007 01:41 tdcmdpst system32\DRIVERS\tdcmdpst.sys Toshiba ODD Writing Driver For x86. TOSHIBA Corporation. 2.0.0.0 c:\windows\system32\drivers\tdcmdpst.sys 18/10/2006 02:50 tosrfec system32\DRIVERS\tosrfec.sys TOSHIBA Bluetooth EC Driver TOSHIBA Corporation 5.0.1023.0 c:\windows\system32\drivers\tosrfec.sys 23/10/2006 07:32 tos_sps32 system32\DRIVERS\tos_sps32.sys tos_sps2 TOSHIBA Corporation 4.0.2007.1115 c:\windows\system32\drivers\tos_sps32.sys 15/11/2007 02:49 TVALZ system32\DRIVERS\TVALZ_O.SYS TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver TOSHIBA Corporation 2.0.0.1 c:\windows\system32\drivers\tvalz_o.sys 09/11/2007 03:07 USBAAPL System32\Drivers\usbaapl.sys Apple Mobile Device USB Driver Apple, Inc. 1.64.0.0 c:\windows\system32\drivers\usbaapl.sys 27/11/2012 23:37 UVCFTR System32\Drivers\UVCFTR_S.SYS UVCFTR_S.sys Chicony Electronics Co., Ltd. 1.1.1.238 c:\windows\system32\drivers\uvcftr_s.sys 27/11/2007 10:38HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers {B65F237C-AAFF-4df7-8872-91B65663E41F} HKCR\CLSID\{B65F237C-AAFF-4df7-8872-91B65663E41F} c:\windows\system32\smartfacevcp.dll 24/04/2008 09:42HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify igfxcui igfxdev.dll igfxdev Module Intel Corporation 7.14.10.1502 c:\windows\system32\igfxdev.dll 13/06/2008 01:06HKCU\Control Panel\Desktop\Scrnsave.exe C:\Windows\system32\MATHMO~1.SCR C:\Windows\system32\MATHMO~1.SCR ScreenTime Screensaver Engine ScreenTime Media 3.5.4.0 c:\windows\system32\mathmosscreensaver.scr 11/10/2007 22:33HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors PCL hpz3llhn hpz3llhn.dll LanguageMonitor Hewlett-Packard Company 61.53.25.9 c:\windows\system32\hpz3llhn.dll 19/01/2008 07:29 Toshiba Bluetooth Monitor tbtmon.dll TOSHIBA CORPORATION. 5.0.1208.0 c:\windows\system32\tbtmon.dll 08/12/2006 02:05HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries mdnsNSP C:\Program Files\Bonjour\mdnsNSP.dll Bonjour Namespace Provider Apple Inc. 3.0.0.10 c:\program files\bonjour\mdnsnsp.dll 31/08/2011 05:44HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms rdpclip rdpclip File not found: rdpclip HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run SynTPEnh C:\Program Files\Synaptics\SynTP\SynTPEnh.exe Synaptics TouchPad Enhancements Synaptics, Inc. 10.1.8.0 c:\program files\synaptics\syntp\syntpenh.exe 07/12/2007 01:20 NDSTray.exe NDSTray.exe ConfigFree Task tray menu TOSHIBA CORPORATION 7.0.1.12 C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe 16/04/2008 15:21 Persistence C:\Windows\system32\igfxpers.exe persistence Module Intel Corporation 7.14.10.1502 c:\windows\system32\igfxpers.exe 13/06/2008 01:06 RtHDVCpl RtHDVCpl.exe HD Audio Control Panel Realtek Semiconductor 1.0.0.166 c:\windows\rthdvcpl.exe 08/04/2008 07:14 Skytel Skytel.exe Realtek Voice Manager Realtek Semiconductor Corp. 2.0.2.0 c:\windows\skytel.exe 20/11/2007 10:15 HDMICtrlMan C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe HDMICtrlMan.exe TOSHIBA Corporation. 1.6.0.0 c:\program files\toshiba\hdmictrlman\hdmictrlman.exe 26/04/2008 06:57 TPwrMain %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE TOSHIBA Power Saver TOSHIBA Corporation 1.0.0.1 c:\program files\toshiba\power saver\tpwrmain.exe 11/01/2008 01:57 Toshiba TEMPO C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe Toshiba TEMPRO Toshiba Europe GmbH 1.1.0.0 c:\program files\toshiba tempro\toshiba.tempo.ui.trayapplication.exe 23/04/2008 15:44 APSDaemon "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" Apple Push Apple Inc. 2.3.4.24 c:\program files\common files\apple\apple application support\apsdaemon.exe 07/12/2013 04:16 vProt "C:\Program Files\AVG Secure Search\vprot.exe" File not found: C:\Program Files\AVG Secure Search\vprot.exe AVG_UI "C:\Program Files\AVG\AVG2014\avgui.exe" /TRAYONLY AVG User Interface AVG Technologies CZ, s.r.o. 14.0.0.4330 c:\program files\avg\avg2014\avgui.exe 22/01/2014 11:17 QuickTime Task "C:\Program Files\QuickTime\QTTask.exe" -atboottime QuickTime Task Apple Inc. 7.7.4.0 c:\program files\quicktime\qttask.exe 01/05/2013 10:42 mobilegeni daemon C:\Program Files\Mobogenie\DaemonProcess.exe File not found: C:\Program Files\Mobogenie\DaemonProcess.exe iTunesHelper "C:\Program Files\iTunes\iTunesHelper.exe" iTunesHelper Apple Inc. 11.1.4.62 c:\program files\itunes\ituneshelper.exe 21/01/2014 00:03HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce AvgUninstallURL cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-lsf?lic=TlVIRDQtWUg5UEUtTzNQNEUtUVJERUstR0RKWjctVk9YVUw"&"inst=NzctMTIxODUzNjgzOS1GUDkyKzYtQkFSOUcrMS1GTCs5LVhPMzYrMS1DSUExMCsyLVNQMSsxLVNVUCs0LVRVRyszLVNQMVM0KzEtRERUKzAtTFNEKzItREQxMCsxLVNUMTBBUFArMS1QMTBNMTJDKzEtVTEwKzEtVEIrMS1GVUkrMi1QMTBUQisyLUVVTEErMS1TVFAxME0xMkNNKzEtU1QxMkFQUCsx"&"prod=55"&"ver=2012.0.1780"&"mid=84f5bd6a3a24b8b2df974b4dfa68e073-f53cc401da39bf00f11a57d79d9871e18aeaa71d File not found: http://www.avg.com/ww.special-uninstallation-feedback-lsf?lic=TlVIRDQtWUg5UEUtTzNQNEUtUVJERUstR0RKWjctVk9YVUw"&"inst=NzctMTIxODUzNjgzOS1GUDkyKzYtQkFSOUcrMS1GTCs5LVhPMzYrMS1DSUExMCsyLVNQMSsxLVNVUCs0LVRVRyszLVNQMVM0KzEtRERUKzAtTFNEKzItREQxMCsxLVNUMTBBUFArMS1QMTBNMTJDKzEtVTEwKzEtVEIrMS1GVUkrMi1QMTBUQisyLUVVTEErMS1TVFAxME0xMkNNKzEtU1QxMkFQUCsx"&"prod=55"&"ver=2012.0.1780"&"mid=84f5bd6a3a24b8b2df974b4dfa68e073-f53cc401da39bf00f11a57d79d9871e18aeaa71d HKLM\SOFTWARE\Classes\Protocols\Handler dssrequest HKCR\CLSID\{5513F07E-936B-4E52-9B00-067394E91CC5} SiteAdvisor McAfee, Inc. 3.6.5.118 c:\program files\mcafee\siteadvisor\mcieplg.dll 24/01/2014 21:25 inbox HKCR\CLSID\{37540F19-DD4C-478B-B2DF-C19281BCAF27} File not found: C:\PROGRA~1\INBOXT~1\Inbox.dll linkscanner HKCR\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} File not found: C:\Program Files\AVG\AVG2012\avgpp.dll sacore HKCR\CLSID\{5513F07E-936B-4E52-9B00-067394E91CC5} SiteAdvisor McAfee, Inc. 3.6.5.118 c:\program files\mcafee\siteadvisor\mcieplg.dll 24/01/2014 21:25 viprotocol HKCR\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9} File not found: C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0\ViProtocol.dll C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup McAfee Security Scan Plus.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk McAfee Security Scanner Scheduler McAfee, Inc. 3.8.141.0 c:\program files\mcafee security scan\3.8.141\ssscheduler.exe 16/01/2014 00:31 Update Agent.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Update Agent.lnk 3Connect Auto Update Birdstep Technology 2.7.0.16 c:\program files\3\3connect\autoupdatesrv.exe 23/02/2009 18:42HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components Google Chrome "C:\Program Files\Google\Chrome\Application\32.0.1700.102\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome Google Chrome Google Inc. 32.0.1700.102 c:\program files\google\chrome\application\32.0.1700.102\installer\chrmstp.exe 23/01/2014 04:32HKCU\Software\Microsoft\Windows\CurrentVersion\Run TOSCDSPD C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe CD/DVD Drive Acoustic Silencer TOSHIBA 2.2.0.1 c:\program files\toshiba\toscdspd\toscdspd.exe 24/04/2008 05:03 Pando Media Booster C:\Program Files\Pando Networks\Media Booster\PMB.exe Pando Media Booster 2.3.6.0 c:\program files\pando networks\media booster\pmb.exe 09/06/2011 21:12 Facebook Update "C:\Users\Davis\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver Facebook Installer Facebook Inc. 1.2.205.0 c:\users\davis\appdata\local\facebook\update\facebookupdate.exe 06/07/2012 19:50 swg "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" GoogleToolbarNotifier Google Inc. 2.0.301.1654 c:\program files\google\googletoolbarnotifier\googletoolbarnotifier.exe 01/03/2007 22:23 Google Update "C:\Users\Davis\AppData\Local\Google\Update\GoogleUpdate.exe" /c Google Installer Google Inc. 1.3.21.103 c:\users\davis\appdata\local\google\update\googleupdate.exe 16/02/2012 02:43Task Scheduler \Adobe Flash Player Updater "C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe" Adobe© Flash© Player Update Service 12.0 r0 Adobe Systems Incorporated 12.0.0.44 c:\windows\system32\macromed\flash\flashplayerupdateservice.exe 28/01/2014 01:56 \FacebookUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1000Core "C:\Users\Davis\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver Facebook Installer Facebook Inc. 1.2.205.0 c:\users\davis\appdata\local\facebook\update\facebookupdate.exe 06/07/2012 19:50 \FacebookUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1000UA "C:\Users\Davis\AppData\Local\Facebook\Update\FacebookUpdate.exe" /ua /installsource scheduler Facebook Installer Facebook Inc. 1.2.205.0 c:\users\davis\appdata\local\facebook\update\facebookupdate.exe 06/07/2012 19:50 \FacebookUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1003Core "C:\Users\Georgia davis\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver Facebook Installer Facebook Inc. 1.2.205.0 c:\users\georgia davis\appdata\local\facebook\update\facebookupdate.exe 02/07/2012 21:07 \FacebookUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1003UA "C:\Users\Georgia davis\AppData\Local\Facebook\Update\FacebookUpdate.exe" /ua /installsource scheduler Facebook Installer Facebook Inc. 1.2.205.0 c:\users\georgia davis\appdata\local\facebook\update\facebookupdate.exe 02/07/2012 21:07 \GoogleUpdateTaskMachineCore "C:\Program Files\Google\Update\GoogleUpdate.exe" /c Google Installer Google Inc. 1.2.183.9 c:\program files\google\update\googleupdate.exe 13/10/2009 23:04 \GoogleUpdateTaskMachineUA "C:\Program Files\Google\Update\GoogleUpdate.exe" /ua /installsource scheduler Google Installer Google Inc. 1.2.183.9 c:\program files\google\update\googleupdate.exe 13/10/2009 23:04 \GoogleUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1000Core "C:\Users\Davis\AppData\Local\Google\Update\GoogleUpdate.exe" /c Google Installer Google Inc. 1.3.21.103 c:\users\davis\appdata\local\google\update\googleupdate.exe 16/02/2012 02:43 \GoogleUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1000UA "C:\Users\Davis\AppData\Local\Google\Update\GoogleUpdate.exe" /ua /installsource scheduler Google Installer Google Inc. 1.3.21.103 c:\users\davis\appdata\local\google\update\googleupdate.exe 16/02/2012 02:43 \GoogleUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1003Core "C:\Users\Georgia davis\AppData\Local\Google\Update\GoogleUpdate.exe" /c Google Installer Google Inc. 1.3.21.103 c:\users\georgia davis\appdata\local\google\update\googleupdate.exe 16/02/2012 02:43 \GoogleUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1003UA "C:\Users\Georgia davis\AppData\Local\Google\Update\GoogleUpdate.exe" /ua /installsource scheduler Google Installer Google Inc. 1.3.21.103 c:\users\georgia davis\appdata\local\google\update\googleupdate.exe 16/02/2012 02:43 \Apple\AppleSoftwareUpdate "C:\Program Files\Apple Software Update\SoftwareUpdate.exe" -task Apple Software Update Apple Inc. 2.1.3.127 c:\program files\apple software update\softwareupdate.exe 02/06/2011 00:46 \Microsoft\Windows\Wired\GatherWiredInfo "%windir%\system32\gatherWiredInfo.vbs" c:\windows\system32\gatherwiredinfo.vbs 21/01/2008 02:24 \Microsoft\Windows\Wireless\GatherWirelessInfo "%windir%\system32\gatherWirelessInfo.vbs" c:\windows\system32\gatherwirelessinfo.vbs 21/01/2008 02:23HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects Adobe PDF Reader Link Helper HKCR\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} Adobe PDF Helper for Internet Explorer Adobe Systems Incorporated 8.0.0.456 c:\program files\common files\adobe\acrobat\activex\acroiehelper.dll 23/10/2006 07:08 MSS+ Identifier HKCR\CLSID\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01} Quick Browser Identifier for MSS+ Tool McAfee, Inc. 3.8.141.0 c:\program files\mcafee security scan\3.8.141\mcafeemss_ie.dll 16/01/2014 00:29 Google Toolbar Helper HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7} Google Toolbar Google Inc. 7.5.4805.320 c:\program files\google\google toolbar\googletoolbar_32.dll 05/12/2013 03:47 McAfee SiteAdvisor BHO HKCR\CLSID\{B164E929-A1B6-4A06-B104-2CD0E90A88FF} SiteAdvisor McAfee, Inc. 3.6.5.118 c:\program files\mcafee\siteadvisor\mcieplg.dll 24/01/2014 21:25 Java Plug-In 2 SSV Helper HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} Java Platform SE binary Sun Microsystems, Inc. 6.0.230.5 c:\program files\java\jre6\bin\jp2ssv.dll 13/11/2010 02:52 SMTTB2009 Class HKCR\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18} IE Toolbar Engine 4.2.0.7 c:\program files\pivot stickfigure toolbar\tbcore3.dll 16/02/2010 10:52HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers AVG Shell Extension HKCR\CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} AVG Shell Extension AVG Technologies CZ, s.r.o. 14.0.0.4208 c:\program files\avg\avg2014\avgse.dll 07/10/2013 23:38HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers SD Format HKCR\CLSID\{932CFB31-6AC9-4FE2-BEAC-A27FAF631D48} File not found: \SDFMTEXT.dll HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers MBAMShlExt HKCR\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3} Malwarebytes Anti-Malware Malwarebytes Corporation 1.70.0.0 c:\program files\malwarebytes' anti-malware\mbamext.dll 28/02/2013 20:39HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers igfxcui HKCR\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} igfxpph Module Intel Corporation 7.14.10.1502 c:\windows\system32\igfxpph.dll 13/06/2008 01:06HKLM\Software\Classes\Folder\Shellex\ColumnHandlers PDF Shell Extension HKCR\CLSID\{F9DB5320-233E-11D1-9F84-707F02C10627} PDF Shell Extension Adobe Systems, Inc. 8.1.0.0 c:\program files\common files\adobe\acrobat\activex\pdfshell.dll 11/05/2007 06:54HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers AVG Shell Extension HKCR\CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} AVG Shell Extension AVG Technologies CZ, s.r.o. 14.0.0.4208 c:\program files\avg\avg2014\avgse.dll 07/10/2013 23:38 MBAMShlExt HKCR\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3} Malwarebytes Anti-Malware Malwarebytes Corporation 1.70.0.0 c:\program files\malwarebytes' anti-malware\mbamext.dll 28/02/2013 20:39HKLM\Software\Microsoft\Internet Explorer\Toolbar Pivot Stickfigure Toolbar HKCR\CLSID\{338B4DFE-2E2C-4338-9E41-E176D497299E} IE Toolbar Engine 4.2.0.7 c:\program files\pivot stickfigure toolbar\tbcore3.dll 16/02/2010 10:52 Google Toolbar HKCR\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F} Google Toolbar Google Inc. 7.5.4805.320 c:\program files\google\google toolbar\googletoolbar_32.dll 05/12/2013 03:47 McAfee SiteAdvisor HKCR\CLSID\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} SiteAdvisor McAfee, Inc. 3.6.5.118 c:\program files\mcafee\siteadvisor\mcieplg.dll 24/01/2014 21:25HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 msacm.l3acm C:\Windows\System32\l3codeca.acm MPEG Layer-3 Audio Codec for MSACM Fraunhofer Institut Integrierte Schaltungen IIS 1.9.0.402 c:\windows\system32\l3codeca.acm 21/01/2010 15:05 vidc.cvid iccvid.dll Cinepak© Codec Radius Inc. 1.10.0.13 c:\windows\system32\iccvid.dll 27/05/2010 20:08 msacm.dvacm C:\PROGRA~1\COMMON~1\ULEADS~1\vio\dvacm.acm Ulead DV Audio ACM Driver Ulead Systems, Inc. 8.0.0.0 c:\program files\common files\ulead systems\vio\dvacm.acm 06/09/2005 02:54HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance Ulead DV Writer HKCR\CLSID\{020019F0-1313-4628-A978-ACDD105F5396} ulDVWriter Ulead System Inc. 1.0.0.3 c:\program files\common files\ulead systems\capture\uldvrite.ax 05/01/2006 06:35 Ulead Ogg Parser HKCR\CLSID\{08405FD6-CB7C-4EBA-8225-E38A3FF1CA13} ulOggParserFilter Ulead Systems, Inc. 1.0.0.2 c:\program files\common files\ulead systems\mpeg\uloggparserfilter.ax 18/11/2005 07:13 InterVideo Stream Buffer Filter HKCR\CLSID\{09FE0BA8-B7FA-4D82-8669-C62557470B5B} InterVideo Stream Buffer Filter InterVideo Inc. 3.0.85.0 c:\program files\intervideo\common\bin\smbuffer.ax 08/06/2007 09:22 InterVideo Audio Encoder HKCR\CLSID\{0CD2E140-8D60-11D3-9C32-00104B3801F6} InterVideo?Audio Encoder Filter InterVideo Inc. 3.1.6.0 c:\program files\intervideo\common\bin\iviaenc.ax 08/06/2007 09:31 InterVideo Demux HKCR\CLSID\{105808AA-413D-4F32-898B-C15457292D55} InterVideo© MPEG System Demultiplexer Filter InterVideo Inc. 3.1.6.0 c:\program files\intervideo\common\bin\ividemxx.ax 08/06/2007 09:36 Ulead Push Source Filter HKCR\CLSID\{185C9200-4CF8-4554-B06A-87014703D182} Ulead Push Source Filter Ulead Systems, Inc. 1.0.0.0 c:\program files\common files\ulead systems\mpeg\ulpushsource.ax 24/11/2003 02:44 Ulead Sub-Picture Push Source Filter HKCR\CLSID\{185C9230-4CF8-4554-B06A-87014703D182} Ulead Sub-Picture Push Source Filter Ulead Systems, Inc. 1.0.0.3 c:\program files\common files\ulead systems\mpeg\ulsubpicpushsource.ax 10/11/2004 04:29 InterVideo Time Shift HKCR\CLSID\{1D349B41-9B67-11D3-B718-00A0CC502E02} InterVideo Time Shifting Filter InterVideo Inc. 3.1.6.0 c:\program files\intervideo\common\bin\ivits.ax 08/06/2007 09:29 DV V/A Source Filter HKCR\CLSID\{1E951F23-9C37-11D3-BA52-0000E8497C01} Ulead Systems, Inc. 7.0.0.0 c:\program files\common files\ulead systems\filters\dvsf.ax 06/09/2005 04:09 MPEG2 TS Source HKCR\CLSID\{237204D5-8343-400E-8037-B3C20DB2AB22} c:\program files\intervideo\common\bin\mpgtsrdr.ax 08/06/2007 09:17 TOSHIBA MPEG-2 Video Decoder (DVD) HKCR\CLSID\{264D9CAF-3F92-410A-9C26-C2BC0F6C3F98} TOSHIBA DVD Video Decoder Filter TOSHIBA Corporation 4.0.0.2 c:\program files\toshiba\toshiba dvd player\tosmp2dvd.ax 18/07/2008 12:48 Intervideo AMR Decoder HKCR\CLSID\{2E3E7E8E-D8AA-4D98-8299-92FCF22BFBB3} IVI AMR Decoding Intervideo, Inc. 8.1.0.0 c:\program files\intervideo\common\bin\amrdec.ax 08/06/2007 09:22 Ulead DVD Navigator HKCR\CLSID\{2E558380-63DF-FFD4-AF96-00105A6FE9A1} DVD Navigator filter Ulead Systems, Inc. 1.0.2.1 c:\program files\common files\ulead systems\dvd\uleaddvdnavigator.ax 21/01/2005 09:15 InterVideo Video Encoder HKCR\CLSID\{317DDB61-870E-11D3-9C32-00104B3801F6} InterVideo© MPEG Video Encoder Filter InterVideo Inc. 3.1.6.0 c:\program files\intervideo\common\bin\ivivenc.ax 08/06/2007 09:33 InterVideo Multiplexer HKCR\CLSID\{317DDB63-870E-11D3-9C32-00104B3801F7} InterVideo© MPEG System Multiplexer Filter InterVideo Inc. 3.1.6.0 c:\program files\intervideo\common\bin\ivimux.ax 08/06/2007 09:35 Ulead Video Deinterlace Filter HKCR\CLSID\{35D8C6F7-7799-4A41-BC05-787442F3A96D} Ulead Systems, Inc. 1.0.2.3 c:\program files\common files\ulead systems\filters\deinterlace.ax 24/06/2005 07:10 DV ACM V/A Source Filter HKCR\CLSID\{39AEA79A-BF43-475F-B4F9-15347CFBF2B3} Ulead Systems, Inc. 7.0.0.0 c:\program files\common files\ulead systems\filters\dvsf.ax 06/09/2005 04:09 DV Video Source Filter HKCR\CLSID\{46A06300-914A-11D3-BA52-0000E8497C01} Ulead Systems, Inc. 7.0.0.0 c:\program files\common files\ulead systems\filters\dvsf.ax 06/09/2005 04:09 TOSHIBA Audio Rate Converter HKCR\CLSID\{5623D5D1-E19A-4AB1-8C09-9901D9DEE730} TOSHIBA Audio Rate Converter TOSHIBA Corporation 2.0.1.4 c:\program files\common files\toshiba shared\tosarc.ax 13/11/2006 08:32 InterVideo VBI Decoder HKCR\CLSID\{5708A5D4-5DD4-44E4-A665-604BC2F1E921} InterVideo VBI Decoder Filter InterVideo, Inc. 1.0.0.0 c:\program files\intervideo\common\bin\ivvbidec.ax 08/06/2007 09:16 InterVideo MPEG4 Video Decoder HKCR\CLSID\{604C9C22-F099-4482-A416-A02DC1FB264C} InterVideo© MPEG4 Video Decoder Filter InterVideo Inc. 0.8.8.0 c:\program files\intervideo\common\bin\mp4vdec.ax 08/06/2007 09:28 InterVideo Down Scale Filter HKCR\CLSID\{61B82E90-51CD-464A-8DA8-19AA6AB6C834} InterVideo© Down Scale Filter InterVideo Inc. 3.1.6.0 c:\program files\intervideo\common\bin\ividowns.ax 08/06/2007 09:37 TOSHIBA DVD Navigator HKCR\CLSID\{644A066C-D62F-484A-B4F1-CF303314E80B} TOSHIBA DVD Navigator TOSHIBA Corporation 1.0.0.71 c:\program files\toshiba\toshiba dvd player\tdvdnavi.ax 18/07/2008 12:44 Ulead DV Scene Detect HKCR\CLSID\{67928E40-2811-11D4-867A-0000E84979ED} ulDvScDt Ulead system Inc. 1.0.0.6 c:\program files\common files\ulead systems\capture\uldvscdt.ax 15/11/2006 06:05 TOSHIBA Progress Monitor HKCR\CLSID\{76C6522B-124B-40CB-A0B9-831D946D202C} TOSHIBA Progress Monitor TOSHIBA Corporation 1.0.1.209 c:\program files\toshiba\toshiba disc creator\tprogmon.ax 09/02/2006 08:34 TOSHIBA WAV Converter HKCR\CLSID\{777B3831-F9CF-4F26-A534-49B5812C29CA} TOSHIBA Wav Converter TOSHIBA Corporation 1.0.0.315 c:\program files\toshiba\toshiba disc creator\twavconv.ax 15/03/2005 15:46 InterVideo Pre-scaling Filter HKCR\CLSID\{77829DBC-A0CA-4A8C-A509-680A6D6B96CB} InterVideo© PreScale Filter InterVideo Inc. 3.0.88.4 c:\program files\intervideo\common\bin\iviscale.ax 08/06/2007 09:34 Ulead DVD Video decoder 2 HKCR\CLSID\{7AB72E17-9774-4FEB-AC0F-0025E7209C47} DVD Video Decoder with DxVA Support Ulead Systems, Inc. 2.0.0.34 c:\program files\common files\ulead systems\mpeg\uldvdvideo.ax 02/03/2007 05:58 TOSHIBA DVD VR Navigator HKCR\CLSID\{7C0F691E-3BF0-4550-B644-CFF545B3EC30} TOSHIBA DVD Player TOSHIBA Corporation 1.0.0.1 c:\program files\toshiba\toshiba dvd player\tvrnavi.ax 18/07/2008 12:45 AAC Encoder HKCR\CLSID\{7D0A4271-675B-480B-A361-FAB146935C40} AACEnc InterVider 1.0.0.1 c:\program files\intervideo\common\bin\aacenc.ax 08/06/2007 09:25 Dib Output HKCR\CLSID\{80DB7AC0-5EB4-11D6-A62F-0010B5549630} Ulead Systems, Inc. 8.0.0.0 c:\program files\common files\ulead systems\filters\diboutput.ax 06/09/2005 03:16 Dib Receive HKCR\CLSID\{8188FE20-61FC-11D6-A62F-0010B5549630} Ulead Systems, Inc. 8.0.0.0 c:\program files\common files\ulead systems\filters\dibreceive.ax 06/09/2005 03:16 InterVideo PSIP/SI Filter HKCR\CLSID\{82801A43-A5CA-4EC6-9CA5-500E336ECCC9} InterVideo PSIP/SI Sections/Tables Filter InterVideo, Inc. 1.5.0.1 c:\program files\intervideo\common\bin\psidecod.ax 08/06/2007 09:15 InterVideo DVB Subpicture Filter HKCR\CLSID\{82801A43-D6FE-4EDD-9CA5-5020336ECCC9} InterVideo DVB Subtitle Decoder InterVideo, Inc. 1.0.0.1 c:\program files\intervideo\common\bin\dvbspic.ax 08/06/2007 09:17 InterVideo DVB DSM-CC Filter HKCR\CLSID\{82801A43-E2FE-2ADD-9CA5-502F336ECCC9} InterVideo DVB DSM-CC Decoder InterVideo, Inc. 1.0.0.1 c:\program files\intervideo\common\bin\dvbdsmcc.ax 08/06/2007 09:16 InterVideo Transport to Program Stream HKCR\CLSID\{82D03B28-1B7E-4806-B5A6-E6677C5D2CC4} InterVideo¸ Transport to Program Stream Converter InterVideo, Inc. 1.0.1.0 c:\program files\intervideo\common\bin\trtoprog.ax 08/06/2007 09:14 Ulead OggVorbis Encoder HKCR\CLSID\{973784FB-4EA9-47D1-99B8-6F7A4701BB3E} ulOggVorbisEncoderFilter Ulead Systems, Inc. 1.0.0.1 c:\program files\common files\ulead systems\mpeg\uloggvorbisencoderfilter.ax 29/09/2004 09:46 Ulead MPEG Transcoder HKCR\CLSID\{98BCB417-A0CF-4000-8E35-DD78244A319C} ulMPGTrans Ulead com 1.0.0.33 c:\program files\common files\ulead systems\mpeg\ulmpgtrans.ax 13/04/2005 07:06 ULead Infinite Pin Tee HKCR\CLSID\{9D35EDAD-0E77-41E6-9F75-E66FFDF5C3A2} Ulead Infinite Tee Filter Ulead Systems, Inc. 1.0.0.2 c:\program files\common files\ulead systems\mpeg\uinftee.ax 07/01/2003 08:11 Ulead MPEG-4 Splitter HKCR\CLSID\{A136224E-CB5C-42C4-B1D1-DBB8ADC7559D} MP4 Splitter Filter Ulead Systems, Inc. 1.0.4.0 c:\program files\common files\ulead systems\mpeg\ulspmp4.ax 14/11/2005 04:01 Ulead MPEG-4 Audio Decoder HKCR\CLSID\{A136226E-CB5C-42C4-B1D1-DBB8ADC7559D} MP4 AAC Audio Decoder Filter Ulead Systems, Inc. 2.0.1.4 c:\program files\common files\ulead systems\mpeg\uladmp4.ax 01/11/2005 07:18 Ulead MPEG-4 Video Decoder HKCR\CLSID\{A136228E-CB5C-42C4-B1D1-DBB8ADC7559D} MP4 Video Decoder Filter Ulead Systems, Inc. 2.0.1.5 c:\program files\common files\ulead systems\mpeg\ulvdmp4.ax 16/02/2006 08:13 InterVideo MPEG4 Video Encoder HKCR\CLSID\{A7375B02-8639-45A5-9C03-E2EFA88BF91D} InterVideo© MPEG4 Video Encoder Filter InterVideo Inc. 0.8.8.0 c:\program files\intervideo\common\bin\mp4venc.ax 08/06/2007 09:27 Ulead DVD Audio Decoder 2 HKCR\CLSID\{AAB9D072-4326-48E3-A11A-BE93442E5F86} Audio Decoder Ulead Systems, Inc. 2.0.0.45 c:\program files\common files\ulead systems\mpeg\uldvdaudio.ax 17/08/2005 16:23 InterVideo Stream Writer HKCR\CLSID\{AAD9D04B-4C0F-4149-AD80-828BFF207F48} InterVideo¸ Stream File Writer InterVideo, Inc. 1.0.2.0 c:\program files\intervideo\common\bin\stmrite.ax 08/06/2007 09:22 SFVCaptureFilter HKCR\CLSID\{AFF3FD47-AD22-4F1E-95FD-6FB78BB64F72} SmartFaceVCapt 2.0.0.0 c:\windows\system32\smartfacevcapt.dll 24/04/2008 09:43 TOSHIBA DualMono HKCR\CLSID\{C069585A-56E6-4DD3-A9C4-357C8197AEA8} TOSHIBA DualMono TOSHIBA Corporation 2.0.2.0 c:\program files\common files\toshiba shared\tosdualmono.ax 30/04/2008 07:22 InterVideo AAC (XForm) Decoder HKCR\CLSID\{CA809AB8-80DB-4649-B95E-B0C87BB36D0A} InterVideo AAC Decoder InterVideo Inc. 1.0.0.0 c:\program files\intervideo\common\bin\iviaacdec.ax 08/06/2007 09:24 Ulead MPEG Splitter HKCR\CLSID\{CF957F20-77FE-4192-A59F-95CA43BD04BA} ULead Mpeg I/II Splitter ULead Systems 1.0.0.105 c:\program files\common files\ulead systems\mpeg\ulspmpeg.ax 06/03/2006 12:52 Ulead MPEG Audio Decoder HKCR\CLSID\{CF957F30-77FE-4192-A59F-95CA43BD04BA} Audio Decoder Ulead Systems, Inc. 2.0.0.45 c:\program files\common files\ulead systems\mpeg\uldvdaudio.ax 17/08/2005 16:23 Ulead MPEG Video Decoder HKCR\CLSID\{CF957F40-77FE-4192-A59F-95CA43BD04BA} MPEG Video and Audio Decoder ULead Systems 1.0.0.85 c:\program files\common files\ulead systems\mpeg\uldsmpeg.ax 03/05/2007 09:17 Ulead MPEG Encoder HKCR\CLSID\{CF957F50-77FE-4192-A59F-95CA43BD04BA} MPEG Encoder and Muxer ULead Systems 1.0.2.49 c:\program files\common files\ulead systems\mpeg\ulesmpeg.ax 24/10/2005 06:32 Ulead MPEG Muxer HKCR\CLSID\{CF957F80-77FE-4192-A59F-95CA43BD04BA} MPEG Muxer ULead Systems 1.0.1.170 c:\program files\common files\ulead systems\mpeg\ulmxmpeg.ax 26/05/2007 00:02 ULead File Writer HKCR\CLSID\{CF957FA0-77FE-4192-A59F-95CA43BD04BA} File Dump Filter ULead Systems 1.0.0.2 c:\program files\common files\ulead systems\filters\uldump.ax 23/11/2004 06:39 ULead File Source (Async.) HKCR\CLSID\{CF957FA1-77FE-4192-A59F-95CA43BD04BA} Ulead Async Filter Ulead Systems 1.0.0.13 c:\program files\common files\ulead systems\mpeg\ulasync.ax 26/05/2005 17:06 InterVideo File Writer HKCR\CLSID\{D2288805-7D1E-49D4-9934-6D5B3728E155} InterVideo© File Writer Filter InterVideo Inc. 3.1.6.0 c:\program files\intervideo\common\bin\iviwrite.ax 08/06/2007 09:30 InterVideo Still Capture HKCR\CLSID\{DB080360-01B9-11D4-898C-00A0CC5211EF} InterVideo© Still Capture Filter InterVideo Inc. 3.1.6.0 c:\program files\intervideo\common\bin\iviscapt.ax 08/06/2007 09:34 TOSHIBA Audio Decoder DVD HKCR\CLSID\{E107D5ED-A870-4329-A750-74EF51808146} TOSHIBA Audio Decoder DVD TOSHIBA Corporation 2.0.1.6 c:\program files\toshiba\toshiba dvd player\tosauddecl.ax 18/07/2008 12:40 Ulead DVB Parser HKCR\CLSID\{F0CB4200-B513-43F8-9D05-24D9CE8DEF04} Ulead DVB Parser Filter Ulead Systems, Inc. 2.0.0.17 c:\program files\common files\ulead systems\mpeg\uldvbparser.ax 26/10/2005 07:27 Ulead Audio Dual Channel Filter HKCR\CLSID\{F16EB735-3E60-4696-88E3-32610C10D669} Ulead Audio Dual Channel Filter Ulead Systems, Inc. 1.0.0.2 c:\program files\common files\ulead systems\mpeg\uaudiodcfilter.ax 26/04/2004 03:30 Ulead OggVorbis Decoder HKCR\CLSID\{F4453C84-C133-43F2-9E12-A9AB4B1422FE} ulOggVorbisDecoderFilter Ulead Systems, Inc. 1.0.0.1 c:\program files\common files\ulead systems\mpeg\uloggvorbisdecoderfilter.ax 02/02/2005 03:25 InterVideo DV Pre-Process HKCR\CLSID\{F54FF744-9B63-48FE-9C76-1F1F3B7F1BD7} InterVideo DV Pre-Process Filter InterVideo 1.2.3.0 c:\program files\intervideo\common\bin\dvprocs.ax 08/06/2007 09:14 Intervideo AMR Encoder HKCR\CLSID\{FF7667A9-586B-499A-B72A-F31445004000} IVI AMR Encoding Intervideo, Inc. 8.1.0.0 c:\program files\intervideo\common\bin\amrenc.ax 08/06/2007 09:22==== Empty IE Cache ======================C:\Users\Davis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfullyC:\Users\Davis\AppData\Local\Temporary Internet Files\Low\Content.IE5 emptied successfullyC:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfullyC:\Windows\system32\config\systemprofile\AppData\Local\Temporary Internet Files\Content.IE5 emptied successfullyC:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfullyC:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfullyC:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfullyC:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfullyC:\Windows\system32\config\systemprofile\AppData\Local\Temporary Internet Files\Content.IE5 emptied successfullyC:\Users\Davis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at rebootC:\Users\Davis\AppData\Local\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot==== Empty FireFox Cache ======================C:\Users\Davis\AppData\Local\Mozilla\Firefox\Profiles\xzk1ljzw.default\Cache emptied successfully==== Empty Chrome Cache ======================No Chrome Cache found==== Empty All Flash Cache ======================Flash Cache Emptied Successfully==== Empty All Java Cache ======================Java Cache cleared successfully==== C:\zoek_backup content ======================C:\zoek_backup (files=7684 folders=1853 588794814 bytes)==== Empty Temp Folders ======================C:\Users\Default\AppData\Local\Temp emptied successfullyC:\Users\Default User\AppData\Local\Temp emptied successfullyC:\Users\Georgia davis\AppData\Local\Temp emptied successfullyC:\Users\Georgie\AppData\Local\Temp emptied successfullyC:\Users\Guest\AppData\Local\Temp emptied successfullyC:\Users\Mrs georgia bolgar\AppData\Local\Temp emptied successfullyC:\Windows\system32\config\systemprofile\AppData\Local\Temp emptied successfullyC:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfullyC:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfullyC:\Users\Davis\AppData\Local\Temp will be emptied at rebootC:\Windows\Temp will be emptied at reboot==== After Reboot ========================== Empty Temp Folders ======================C:\Windows\Temp successfully emptiedC:\Users\Davis\AppData\Local\Temp successfully emptied==== Empty Recycle Bin ======================C:\$RECYCLE.BIN successfully emptied==== Deleting Files / Folders ======================"C:\Users\Davis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found"C:\Users\Davis\AppData\Local\Temporary Internet Files\Content.IE5\index.dat" not found==== EOF on 15/02/2014 at 20:32:20.62 ====================== Link to post Share on other sites More sharing options...
kevinf80 Posted February 15, 2014 ID:791778 Share Posted February 15, 2014 Go here: http://support.microsoft.com/kb/929135 expand the option for Vista, follow the instruction and run your system in a "Clean Boot" mode. How does your system respond now, any improvement? Link to post Share on other sites More sharing options...
jeffdavis Posted February 16, 2014 Author ID:791931 Share Posted February 16, 2014 Hi, things like google chrome profile corrupted, outlook still wont run, lots of blank shortcuts everywhere.Question. Would the computer be fit for me to safely backup all my documents and then do a factory restore.I would like to not have to do that but would it be OK to backup my stuff now? Thanks Link to post Share on other sites More sharing options...
kevinf80 Posted February 16, 2014 ID:791959 Share Posted February 16, 2014 If you intend to go for a Factory reset i`d recommend an online scan before anything is backed up. I do not believe you have any major infection remaining, but there is always possibility of remnants.... If Google Chrome has problems/issues a clean install is the best option - How to remove Chrome https://support.google.com/chrome/answer/95319?hl=en-GB Regarding the shortcuts, Run RogueKiller again, when the first scan completes look to right hand pane, Select "Fix Shortcuts" tab... For OutLook go here: http://support.microsoft.com/kb/2022778 Do the following for online scan :- We need to run an online AV scan to ensure there are no remnants of any infection left on your system that we may have missed. This scan is very thorough and well worth running, it can take several hours please be patient and let it complete: Run Eset Online Scanner **Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin Go to Eset web page http://www.eset.com/us/online-scanner/ to run an online scan from ESET. Turn off the real time scanner of any existing antivirus program while performing the online scan click on the Run ESET Online Scanner button Tick the box next to YES, I accept the Terms of Use.Click Start When asked, allow the add/on to be installedClick Start Make sure that the option Remove found threats is unticked Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.Click Scan wait for the virus definitions to be downloaded Wait for the scan to finish When the scan is complete If no threats were found put a checkmark in "Uninstall application on close" close program report to me that nothing was found If threats were found click on "list of threats found" click on "export to text file" and save it as ESET SCAN and save to the desktop Click on back put a checkmark in "Uninstall application on close" click on finish close program copy and paste the report in next reply Link to post Share on other sites More sharing options...
jeffdavis Posted February 17, 2014 Author ID:792366 Share Posted February 17, 2014 Hi, i have tried the navpane reset for outlook pst repair and scanpst.exe but outlook still not starting, however here are the results for the eset online scan. Lots to see: C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch1.zip Win32/Bagle.gen.zip wormC:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch130.zip Win32/Bagle.gen.zip wormC:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch132.zip Win32/Bagle.gen.zip wormC:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch133.zip Win32/Bagle.gen.zip wormC:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch136.zip Win32/Bagle.gen.zip wormC:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch140.zip Win32/Bagle.gen.zip wormC:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch5.zip Win32/Bagle.gen.zip wormC:\Users\All Users\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch1.zip Win32/Bagle.gen.zip wormC:\Users\All Users\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch130.zip Win32/Bagle.gen.zip wormC:\Users\All Users\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch132.zip Win32/Bagle.gen.zip wormC:\Users\All Users\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch133.zip Win32/Bagle.gen.zip wormC:\Users\All Users\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch136.zip Win32/Bagle.gen.zip wormC:\Users\All Users\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch140.zip Win32/Bagle.gen.zip wormC:\Users\All Users\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch5.zip Win32/Bagle.gen.zip wormC:\Users\Davis\AppData\LocalLow\WhiteSmoke\html\english\dictClientDic\index.html HTML/WhiteSmoke potentially unwanted applicationC:\Users\Davis\AppData\LocalLow\WhiteSmoke\html\english\dictClientDic\translator.html HTML/WhiteSmoke potentially unwanted applicationC:\Users\Guest\AppData\LocalLow\WhiteSmoke\html\english\dictClientDic\index.html HTML/WhiteSmoke potentially unwanted applicationC:\Users\Guest\AppData\LocalLow\WhiteSmoke\html\english\dictClientDic\translator.html HTML/WhiteSmoke potentially unwanted applicationC:\Users\Guest\AppData\Roaming\NCH Software\Program Files\Debut\debut.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted applicationC:\Users\Guest\AppData\Roaming\NCH Software\Program Files\Debut\debutsetup_v1.64.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted applicationC:\Users\Guest\AppData\Roaming\NCH Software\Program Files\Debut\uninst.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted applicationC:\Users\Guest\Desktop\ApnToolbarInstaller.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe applicationC:\Users\Guest\Desktop\pivot_setup2.2.6.exe Win32/Somoto.F potentially unwanted applicationC:\Users\Guest\Downloads\SmileyCentral.exe a variant of Win32/AdInstaller potentially unwanted applicationC:\zoek_backup\C_Users_Guest_AppData_Local_My Web Search Installer(0003b8a4).exe.vir a variant of Win32/Toolbar.MyWebSearch.K potentially unwanted applicationC:\zoek_backup\C_Users_Guest_AppData_Local_My Web Search Installer(00043d4d).exe.vir a variant of Win32/Toolbar.MyWebSearch.K potentially unwanted applicationC:\zoek_backup\C_Users_Guest_AppData_Local_My Web Search Installer(002a5b49).exe.vir a variant of Win32/Toolbar.MyWebSearch.K potentially unwanted applicationC:\zoek_backup\C_Program Files_BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarApp.dll a variant of Win32/Toolbar.Montiera.A potentially unwanted applicationC:\zoek_backup\C_Program Files_Conduit\Community Alerts\Alert.dll Win32/Toolbar.Conduit.Y potentially unwanted applicationC:\zoek_backup\C_Program Files_facemoods.com\facemoods\1.4.17.11\facemoodsApp.dll a variant of Win32/Toolbar.Montiera.A potentially unwanted applicationC:\zoek_backup\C_Program Files_facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe a variant of Win32/Toolbar.Montiera.A potentially unwanted applicationC:\zoek_backup\C_Program Files_Mobogenie\DaemonProcess.exe a variant of Win32/Mobogenie.A potentially unwanted applicationC:\zoek_backup\C_Program Files_Mobogenie\Mobogenie.exe a variant of Win32/Mobogenie.A potentially unwanted applicationC:\zoek_backup\C_Program Files_Mobogenie\nengine.dll Win32/NextLive.A potentially unwanted applicationC:\zoek_backup\C_Program Files_Mobogenie\UpdateMoboGenie.exe a variant of Win32/Mobogenie.A potentially unwanted applicationC:\zoek_backup\C_Program Files_Optimizer Pro\OptimizerPro.exe a variant of Win32/SpeedingUpMyPC applicationC:\zoek_backup\C_Program Files_Optimizer Pro\OptProCrashSvc.dll a variant of Win32/SProtector.G potentially unwanted applicationC:\zoek_backup\C_Program Files_Optimizer Pro\OptProLauncher.exe a variant of Win32/AdWare.SpeedingUpMyPC.D applicationC:\zoek_backup\C_Program Files_Optimizer Pro\OptProSmartScan.exe a variant of Win32/Adware.SpeedingUpMyPC.C applicationC:\zoek_backup\C_Program Files_WhiteSmoke\Registration.exe probably a variant of Win32/WhiteSmoke potentially unwanted applicationC:\zoek_backup\C_Program Files_WhiteSmoke\html\english\dictClientDic\index.html HTML/WhiteSmoke potentially unwanted applicationC:\zoek_backup\C_Program Files_WhiteSmoke\html\english\dictClientDic\translator.html HTML/WhiteSmoke potentially unwanted applicationC:\zoek_backup\C_ProgramData_Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll a variant of Win32/Adware.Yontoo.B applicationC:\zoek_backup\C_Users_Davis_AppData_LocalLow_AskToolbar\setup.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe applicationC:\zoek_backup\C_Users_Davis_AppData_LocalLow_FunWebProducts\Installr\Cache\0010D3D2.exe a variant of Win32/Toolbar.MyWebSearch.O potentially unwanted applicationC:\zoek_backup\C_Users_Davis_AppData_Local_Babylon\Setup\BExternal.dll a variant of Win32/Toolbar.Babylon.F potentially unwanted applicationC:\zoek_backup\C_Users_Davis_AppData_Local_Babylon\Setup\IECookieLow.dll a variant of Win32/Toolbar.Babylon.E potentially unwanted applicationC:\zoek_backup\C_Users_Davis_AppData_Local_Babylon\Setup\Setup.exe a variant of Win32/Toolbar.Babylon.H potentially unwanted applicationC:\zoek_backup\C_Users_Davis_AppData_Local_Google_Chrome_User Data_Default_Extensions_gaiilaahiahdejapggenmdmafpmbipje\3.0.7.2_0\background.html Win32/DealPly.J potentially unwanted applicationC:\zoek_backup\C_Users_Davis_AppData_Local_Google_Chrome_User Data_Default_Extensions_niapdbllcanepiiimjjndipklodoedlc\1.0.3_0\yl.js JS/Adware.Yontoo.A applicationC:\zoek_backup\C_Users_Davis_AppData_Local_Mobogenie\Version\OldVersion\Mobogenie\DaemonProcess.exe Win32/Mobogenie.A potentially unwanted applicationC:\zoek_backup\C_Users_Davis_AppData_Local_Mobogenie\Version\OldVersion\Mobogenie\Mobogenie.exe a variant of Win32/Mobogenie.A potentially unwanted applicationC:\zoek_backup\C_Users_Davis_AppData_Local_Mobogenie\Version\OldVersion\Mobogenie\New_UpdateMoboGenie.exe a variant of Win32/Mobogenie.A potentially unwanted applicationC:\zoek_backup\C_Users_Georgia davis_AppData_Local_Google_Chrome_User Data_Default_Extensions_gaiilaahiahdejapggenmdmafpmbipje\3.0.7.2_0\background.html Win32/DealPly.J potentially unwanted applicationC:\zoek_backup\C_Users_Georgia davis_AppData_Local_Google_Chrome_User Data_Default_Extensions_niapdbllcanepiiimjjndipklodoedlc\1.0.3_0\yl.js JS/Adware.Yontoo.A applicationC:\zoek_backup\C_Users_Guest_AppData_Local_Google_Chrome_User Data_Default_Extensions_gaiilaahiahdejapggenmdmafpmbipje\3.0.7.2_0\background.html Win32/DealPly.J potentially unwanted applicationC:\zoek_backup\C_Users_Mrs georgia bolgar_AppData_Local_Google_Chrome_User Data_Default_Extensions_gaiilaahiahdejapggenmdmafpmbipje\3.0.7.2_0\background.html Win32/DealPly.J potentially unwanted applicationC:\zoek_backup\C_Users_Mrs georgia bolgar_AppData_Local_Google_Chrome_User Data_Default_Extensions_niapdbllcanepiiimjjndipklodoedlc\1.0.3_0\yl.js JS/Adware.Yontoo.A application Link to post Share on other sites More sharing options...
kevinf80 Posted February 17, 2014 ID:792372 Share Posted February 17, 2014 If you intend a reformat and reinstall of the Operating System there is nothing in the ESET log to worry about. The majority of entries are already in Quarantine, the rest are unwanted adware which will go during the re-install process. Let me know how you how you prefer to continue... Link to post Share on other sites More sharing options...
jeffdavis Posted February 17, 2014 Author ID:792384 Share Posted February 17, 2014 Hi, i would like to get it back to normal if possible, that would give me the option of a clean instal if its not posible. At least i would be able to back my documents up with full confidence.Can we contnue please. Thanks Link to post Share on other sites More sharing options...
kevinf80 Posted February 17, 2014 ID:792395 Share Posted February 17, 2014 OK, i`d like you to run the two following scans to have another look at your system.... Before that, did you do a fresh install of Chrome, if so does now work ok? did you run the shortcut fix with RogueKiller? Download Farbar Recovery Scan Tool and save it to your desktop. Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.Double-click to run it. When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply. Next, Download Farbar Service Scanner from here: http://www.bleepingcomputer.com/download/farbar-service-scanner/dl/62/ and run it on the computer with the issue.Make sure the following options are checked: Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows Defender Press "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Post those logs in next reply... Link to post Share on other sites More sharing options...
jeffdavis Posted February 17, 2014 Author ID:792420 Share Posted February 17, 2014 The profile on Google Chrome wont open still. But its no major problem. I did run the shortcut fixer and i think it fixed a few but most of the shortcuts were to programs / apps that were part of my problem. (Whitesmoke toolbar etc) Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-02-2014Ran by Davis (administrator) on DAVIS-PC on 17-02-2014 10:16:09Running from C:\Users\Davis\DesktopMicrosoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English(US)Internet Explorer Version 9Boot Mode: NormalThe only official download link for FRST:Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/==================== Processes (Whitelisted) =================(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgrsx.exe(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe(Microsoft Corporation) C:\Windows\system32\SLsvc.exe(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgfws.exe(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe(TOSHIBA) C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe(Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.3.124.0\SeaPort.exe(Google Inc.) C:\Users\Davis\AppData\Local\Temp\{7A7AF753-F5B5-491A-B6A6-EC417E7525F2}\GoogleUpdate.exe(Google Inc.) C:\Users\Davis\AppData\Local\Temp\{7A7AF753-F5B5-491A-B6A6-EC417E7525F2}\GoogleUpdateSetup.exe(Google Inc.) C:\Program Files\GUM17F3.tmp\GoogleUpdate.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe(McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\saUI.exe(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil32_12_0_0_44_ActiveX.exe==================== Registry (Whitelisted) ==================HKLM\...\Run: [] - [X]HKLM\...\Runonce: [AvgUninstallURL] - cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-lsf?lic=TlVIRDQtWUg5UEUtTzNQNEUtUVJERUstR0RKWjctVk9YVUw"&"inst=NzctMTIxODUzNjgzOS1GUDkyKzYtQkFSOUcrMS1GTCs5LVhPMzYrMS1DSUExMCsyLVNQMSsxLVNVUCs0LVRVRyszLVNQMVM0KzEtRERUKzAtTFNEKzItREQxMCsxLVNUMTBBUFArMS1QMTBNMTJDKzEtVTEwKzEtVEIrMS1GVUkrMi1QMTBUQisyLUVVTEErMS1TVFAxME0xMkNNKzEtU1QxMkFQUCsx"&"prod=55"&"ver=2012.0.1780"&"mid=84f5bd6a3a24b8b2df974b4dfa68e073-f53cc401da39bf00f11a57d79d9871e18aeaa71dHKLM\...\RunOnce: [!DPLauncher] - "C:\Program Files\Microsoft\DefaultPack\DPLauncher.EXE" partner=p001 comb=12 [60048 2013-12-16] (© 2012 Microsoft Corporation)HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenterHKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenterHKU\S-1-5-21-1847146488-4185065798-1427826158-1000\...\Run: [TOSCDSPD] - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [430080 2008-04-24] (TOSHIBA)HKU\S-1-5-21-1847146488-4185065798-1427826158-1000\...\Policies\Explorer: [HideSCAHealth] 1HKU\S-1-5-21-1847146488-4185065798-1427826158-1000\...\MountPoints2: F - F:\dilaunch.exeHKU\S-1-5-21-1847146488-4185065798-1427826158-1000\...\MountPoints2: {2ccf1bce-e309-11dd-ad59-001e337f74f4} - D:\AutoRun.exeHKU\S-1-5-21-1847146488-4185065798-1427826158-1000\...\MountPoints2: {2ccf1be2-e309-11dd-ad59-001e337f74f4} - D:\AutoRun.exeHKU\S-1-5-21-1847146488-4185065798-1427826158-1000\...\MountPoints2: {3826e3e7-de63-11dd-b592-00216b461096} - D:\AutoRun.exeHKU\S-1-5-21-1847146488-4185065798-1427826158-1000\...\MountPoints2: {3826e413-de63-11dd-b592-00216b461096} - D:\AutoRun.exeStartup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnkShortcutTarget: TRDCReminder.lnk -> C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnkShortcutTarget: TRDCReminder.lnk -> C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)Startup: C:\Users\Georgie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnkShortcutTarget: TRDCReminder.lnk -> C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnkShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)Startup: C:\Users\Mrs georgia bolgar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnkShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)==================== Internet (Whitelisted) ====================HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.co.uk/HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchURLSearchHook: ATTENTION ==> Default URLSearchHook is missing.StartMenuInternet: IEXPLORE.EXE - iexplore.exeSearchScopes: HKLM - DefaultScope {413EC48B-03FB-4AD2-8F18-1B3525B940BD} URL = http://www.google.com/search?source=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEA;SearchScopes: HKLM - {413EC48B-03FB-4AD2-8F18-1B3525B940BD} URL = http://www.google.com/search?source=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEA;SearchScopes: HKCU - DefaultScope {413EC48B-03FB-4AD2-8F18-1B3525B940BD} URL = http://www.google.com/search?source=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEA_en-GBGB308SearchScopes: HKCU - ToolbarSearchProviderProgress {96bd48dd-741b-41ae-ac4a-aff96ba00f7e}SearchScopes: HKCU - {413EC48B-03FB-4AD2-8F18-1B3525B940BD} URL = http://www.google.com/search?source=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEA_en-GBGB308SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=1I7TSEA_en-GBGB308SearchScopes: HKCU - {70D46D94-BF1E-45ED-B567-48701376298E} URL = http://127.0.0.1:4664/search&s=PzUpTmDrCyJO6uiEzcPbAecchFQ?q={searchTerms}BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)BHO: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)BHO: SMTTB2009 Class - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Pivot Stickfigure Toolbar\tbcore3.dll ()Toolbar: HKLM - Pivot Stickfigure Toolbar - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\Pivot Stickfigure Toolbar\tbcore3.dll ()Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)Toolbar: HKCU - Pivot Stickfigure Toolbar - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\Pivot Stickfigure Toolbar\tbcore3.dll ()Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No FileDPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cabDPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cabDPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cabDPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cabHandler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\PROGRA~1\INBOXT~1\Inbox.dll No FileHandler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll No FileHandler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)Handler: rebinfo - {AF808758-C780-404C-A4EE-4526323FD9B6} - No FileHandler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0\ViProtocol.dll No FileWinsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)Tcpip\Parameters: [DhcpNameServer] 192.168.1.1FireFox:========FF ProfilePath: C:\Users\Davis\AppData\Roaming\Mozilla\Firefox\Profiles\xzk1ljzw.defaultFF DefaultSearchEngine: AVG Secure SearchFF SearchEngineOrder.1: Secure SearchFF SelectedSearchEngine: AVG Secure SearchFF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_44.dll ()FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\17.3.0\\npsitesafety.dll No FileFF Plugin: @checkpoint.com/FFApi - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll No FileFF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files\Yahoo!\Shared\npYState.dll No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Davis\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Davis\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Davis\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\Davis\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Davis\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Davis\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)FF Plugin ProgramFiles/Appdata: C:\Users\Davis\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)FF Plugin ProgramFiles/Appdata: C:\Users\Davis\AppData\Roaming\mozilla\plugins\npgtpo3dautoplugin.dll ()FF Plugin ProgramFiles/Appdata: C:\Users\Davis\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\McSiteAdvisor.xmlFF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisorFF Extension: McAfee SiteAdvisor - C:\Program Files\McAfee\SiteAdvisor [2013-12-16]Chrome:=======CHR Extension: (Google Docs) - C:\Users\Davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-16]CHR Extension: (Google Drive) - C:\Users\Davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-16]CHR Extension: (YouTube) - C:\Users\Davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-16]CHR Extension: (Google Search) - C:\Users\Davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-16]CHR Extension: (SiteAdvisor) - C:\Users\Davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2014-02-16]CHR Extension: (Google Wallet) - C:\Users\Davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-16]CHR Extension: (Gmail) - C:\Users\Davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-16]CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx [2013-12-16]CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION========================== Services (Whitelisted) =================R2 avgfws; C:\Program Files\AVG\AVG2014\avgfws.exe [1358944 2013-09-24] (AVG Technologies CZ, s.r.o.)R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3788816 2014-01-22] (AVG Technologies CZ, s.r.o.)R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)S4 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2008-04-16] (TOSHIBA CORPORATION)S4 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-06-14] (Google)S4 McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [104880 2014-01-22] (McAfee, Inc.)S4 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [235696 2014-01-16] (McAfee, Inc.)S4 SmartFaceVWatchSrv; C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe [73728 2008-04-24] (Toshiba)S4 TempoMonitoringService; C:\Program Files\Toshiba TEMPRO\TempoSVC.exe [99720 2008-04-24] (Toshiba Europe GmbH)S4 TOSHIBA SMART Log Service; C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [126976 2007-12-03] (TOSHIBA Corporation)S4 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.)==================== Drivers (Whitelisted) ====================R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [120600 2013-11-25] (AVG Technologies CZ, s.r.o.)R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6x.sys [47928 2013-09-26] (AVG Technologies CZ, s.r.o.)R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [210712 2013-11-25] (AVG Technologies CZ, s.r.o.)R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [149272 2013-11-25] (AVG Technologies CZ, s.r.o.)R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [22808 2014-01-19] (AVG Technologies CZ, s.r.o.)R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [176952 2013-10-31] (AVG Technologies CZ, s.r.o.)R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [222520 2013-10-31] (AVG Technologies CZ, s.r.o.)R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [102712 2013-10-01] (AVG Technologies CZ, s.r.o.)R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27448 2013-09-10] (AVG Technologies CZ, s.r.o.)R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [193848 2013-08-01] (AVG Technologies CZ, s.r.o.)R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [37664 2013-11-13] (AVG Technologies)S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [30464 2014-02-14] ()S3 UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [18432 2007-12-17] (Chicony Electronics Co., Ltd.)S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]S3 IpInIp; system32\DRIVERS\ipinip.sys [X]S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]S1 SASDIFSV; \??\C:\Users\Davis\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV.SYS [X]S1 SASKUTIL; \??\C:\Users\Davis\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL.SYS [X]==================== NetSvcs (Whitelisted) ======================================= One Month Created Files and Folders ========2014-02-17 10:16 - 2014-02-17 10:16 - 00021095 _____ () C:\Users\Davis\Desktop\FRST.txt2014-02-17 10:14 - 2014-02-17 10:15 - 01141248 _____ (Farbar) C:\Users\Davis\Desktop\FRST.exe2014-02-17 10:04 - 2014-02-17 10:04 - 00001976 _____ () C:\Users\Public\Desktop\Google Chrome.lnk2014-02-17 10:03 - 2014-02-17 10:03 - 49940480 _____ () C:\Program Files\GUT1813.tmp2014-02-17 10:03 - 2014-02-17 10:03 - 00000000 ____D () C:\Program Files\GUM17F3.tmp2014-02-17 08:27 - 2014-02-17 08:27 - 00001209 _____ () C:\Users\Davis\Desktop\RKreport[0]_SC_02172014_082701.txt2014-02-17 08:07 - 2014-02-17 08:07 - 00007818 _____ () C:\Users\Davis\Desktop\Eset online scanner.txt2014-02-16 20:57 - 2014-02-16 20:57 - 00000000 ____D () C:\Users\Davis\AppData\Local\CrashDumps2014-02-16 20:49 - 2014-02-16 20:49 - 01070592 _____ () C:\Users\Davis\Downloads\MicrosoftFixit50569(1).msi2014-02-16 20:45 - 2014-02-16 20:46 - 01070592 _____ () C:\Users\Davis\Downloads\MicrosoftFixit50569.msi2014-02-16 20:07 - 2014-02-16 20:07 - 01050624 _____ () C:\Users\Davis\Downloads\MicrosoftFixit50511.msi2014-02-15 22:10 - 2014-02-17 10:16 - 00000000 ____D () C:\FRST2014-02-15 20:27 - 2013-10-18 01:11 - 00024064 _____ () C:\Windows\zoek-delete.exe2014-02-15 20:26 - 2014-02-15 20:26 - 00000000 ____D () C:\Program Files\HiJackThis2014-02-15 20:07 - 2014-02-15 20:07 - 00109508 _____ () C:\Users\Public\Desktop\sample_022014_2007.zip2014-02-15 19:49 - 2014-02-15 20:32 - 00147029 _____ () C:\zoek-results.log2014-02-15 19:44 - 2014-02-15 20:23 - 00000000 ____D () C:\zoek_backup2014-02-15 19:40 - 2014-02-15 19:41 - 00000000 ____D () C:\Users\Davis\Desktop\zoek2014-02-15 19:40 - 2014-02-15 19:38 - 04088082 _____ () C:\Users\Davis\Desktop\zoek.zip2014-02-15 15:36 - 2014-02-15 15:36 - 00002101 _____ () C:\Users\Davis\Desktop\RKreport[0]_S_02152014_153625.txt2014-02-15 15:19 - 2014-02-17 08:25 - 00000000 ____D () C:\Users\Davis\Desktop\RK_Quarantine2014-02-15 15:17 - 2014-02-15 15:08 - 03813376 _____ () C:\Users\Davis\Desktop\RogueKiller.exe2014-02-15 10:11 - 2014-02-15 10:11 - 372136236 _____ () C:\Windows\MEMORY.DMP2014-02-15 10:11 - 2014-02-15 10:11 - 00143248 _____ () C:\Windows\Minidump\Mini021514-01.dmp2014-02-14 22:15 - 2014-02-14 22:15 - 00000000 ____D () C:\Windows\SoftwareDistribution.old2014-02-14 21:13 - 2014-02-14 21:13 - 00000000 ____D () C:\Users\Davis\AppData\Roaming\SUPERAntiSpyware.com2014-02-14 21:13 - 2014-02-14 21:13 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com2014-02-14 21:01 - 2014-02-14 21:01 - 00041736 _____ () C:\Windows\system32\.crusader2014-02-14 20:49 - 2014-02-14 21:10 - 00030464 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys2014-02-14 20:49 - 2014-02-14 21:01 - 00000000 ____D () C:\ProgramData\HitmanPro2014-02-14 20:32 - 2014-02-14 20:32 - 00000000 _____ () C:\Windows\setuperr.log2014-02-14 20:11 - 2014-02-14 20:11 - 00688992 ____R (Swearware) C:\Users\Davis\Desktop\dds.com2014-02-14 19:53 - 2014-02-14 19:53 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware2014-02-14 19:23 - 2014-02-14 19:23 - 00000000 ____D () C:\Windows\ERUNT2014-02-14 18:52 - 2014-02-14 18:55 - 00000087 _____ () C:\Windows\system32\zerobyte_files_deleted.txt2014-02-14 18:52 - 2014-02-14 18:54 - 00000095 _____ () C:\Windows\zerobyte_files_deleted.txt2014-02-12 17:49 - 2014-02-12 17:49 - 00000000 ____D () C:\Support2014-02-11 09:47 - 2014-02-11 09:47 - 00000000 ____D () C:\Program Files\McAfee Security Scan2014-02-04 20:13 - 2014-02-04 20:13 - 01069512 _____ (Solid State Networks) C:\Users\Davis\Downloads\install_flashplayer12x32au_mssd_awc_aih.exe2014-02-04 14:40 - 2014-02-04 14:40 - 00001669 _____ () C:\Users\Public\Desktop\iTunes.lnk2014-02-04 14:39 - 2014-02-04 14:40 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E12014-02-04 14:39 - 2014-02-04 14:40 - 00000000 ____D () C:\Program Files\iTunes2014-02-04 14:39 - 2014-02-04 14:39 - 00000000 ____D () C:\Program Files\iPod2014-01-29 21:01 - 2014-02-04 15:12 - 00000000 ____D () C:\ProgramData\toppbuyero2014-01-29 21:01 - 2014-02-04 15:12 - 00000000 ____D () C:\ProgramData\DeuaalsFiindeorrPro2014-01-20 16:25 - 2014-01-20 16:26 - 01069512 _____ (Solid State Networks) C:\Users\Davis\Downloads\install_flashplayer12x32au_mssa_awc_aih.exe2014-01-19 21:46 - 2014-01-19 21:46 - 00022808 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsshimx.sys==================== One Month Modified Files and Folders =======2014-02-17 10:16 - 2014-02-17 10:16 - 00021095 _____ () C:\Users\Davis\Desktop\FRST.txt2014-02-17 10:16 - 2014-02-15 22:10 - 00000000 ____D () C:\FRST2014-02-17 10:15 - 2014-02-17 10:14 - 01141248 _____ (Farbar) C:\Users\Davis\Desktop\FRST.exe2014-02-17 10:15 - 2009-09-29 15:06 - 00000422 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{7DB64578-8B9B-4A26-8F64-DF64F6338DB0}.job2014-02-17 10:12 - 2013-11-17 15:58 - 00000000 ____D () C:\Program Files\Mozilla Firefox2014-02-17 10:12 - 2012-12-10 22:15 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service2014-02-17 10:04 - 2014-02-17 10:04 - 00001976 _____ () C:\Users\Public\Desktop\Google Chrome.lnk2014-02-17 10:03 - 2014-02-17 10:03 - 49940480 _____ () C:\Program Files\GUT1813.tmp2014-02-17 10:03 - 2014-02-17 10:03 - 00000000 ____D () C:\Program Files\GUM17F3.tmp2014-02-17 10:03 - 2008-07-01 15:13 - 00000000 ____D () C:\Program Files\Google2014-02-17 10:01 - 2012-05-24 20:05 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job2014-02-17 10:00 - 2010-01-30 19:08 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2014-02-17 09:55 - 2009-09-14 20:51 - 01884319 _____ () C:\Windows\WindowsUpdate.log2014-02-17 09:35 - 2011-03-02 11:17 - 00000000 ____D () C:\ProgramData\MFAData2014-02-17 09:31 - 2012-12-11 17:26 - 00000940 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1003UA.job2014-02-17 09:22 - 2012-12-08 22:05 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1000Core.job2014-02-17 09:22 - 2010-01-30 19:08 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2014-02-17 09:22 - 2006-11-02 13:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-02-17 09:22 - 2006-11-02 12:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A02014-02-17 09:22 - 2006-11-02 12:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A02014-02-17 08:27 - 2014-02-17 08:27 - 00001209 _____ () C:\Users\Davis\Desktop\RKreport[0]_SC_02172014_082701.txt2014-02-17 08:25 - 2014-02-15 15:19 - 00000000 ____D () C:\Users\Davis\Desktop\RK_Quarantine2014-02-17 08:19 - 2012-12-08 22:05 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1000UA.job2014-02-17 08:07 - 2014-02-17 08:07 - 00007818 _____ () C:\Users\Davis\Desktop\Eset online scanner.txt2014-02-17 07:36 - 2012-01-08 16:05 - 00000926 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1000UA.job2014-02-17 05:47 - 2012-12-11 17:43 - 00000960 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1003UA.job2014-02-16 22:36 - 2012-01-08 16:05 - 00000904 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1000Core.job2014-02-16 20:57 - 2014-02-16 20:57 - 00000000 ____D () C:\Users\Davis\AppData\Local\CrashDumps2014-02-16 20:56 - 2013-01-23 16:30 - 00000000 ____D () C:\Users\Mrs georgia bolgar2014-02-16 20:56 - 2012-12-02 09:47 - 00000000 ____D () C:\Users\Georgia davis2014-02-16 20:56 - 2010-10-15 19:05 - 00000000 ____D () C:\Users\Guest2014-02-16 20:56 - 2009-09-27 17:59 - 00000000 ____D () C:\Users\Georgie2014-02-16 20:56 - 2008-12-28 18:57 - 00000000 ____D () C:\Users\Davis2014-02-16 20:56 - 2006-11-02 11:18 - 00000000 ___RD () C:\Users\Public2014-02-16 20:49 - 2014-02-16 20:49 - 01070592 _____ () C:\Users\Davis\Downloads\MicrosoftFixit50569(1).msi2014-02-16 20:46 - 2014-02-16 20:45 - 01070592 _____ () C:\Users\Davis\Downloads\MicrosoftFixit50569.msi2014-02-16 20:07 - 2014-02-16 20:07 - 01050624 _____ () C:\Users\Davis\Downloads\MicrosoftFixit50511.msi2014-02-16 09:16 - 2006-11-02 13:01 - 00032614 _____ () C:\Windows\Tasks\SCHEDLGU.TXT2014-02-16 09:05 - 2011-09-07 17:08 - 00000000 ____D () C:\Users\Davis\AppData\Local\PMB Files2014-02-16 09:05 - 2011-02-05 14:20 - 00000000 ____D () C:\Windows\pss2014-02-15 23:09 - 2006-11-02 11:18 - 00000000 ___HD () C:\Windows\system32\GroupPolicy2014-02-15 20:32 - 2014-02-15 19:49 - 00147029 _____ () C:\zoek-results.log2014-02-15 20:30 - 2013-01-10 19:39 - 00059246 _____ () C:\Windows\PFRO.log2014-02-15 20:26 - 2014-02-15 20:26 - 00000000 ____D () C:\Program Files\HiJackThis2014-02-15 20:23 - 2014-02-15 19:44 - 00000000 ____D () C:\zoek_backup2014-02-15 20:07 - 2014-02-15 20:07 - 00109508 _____ () C:\Users\Public\Desktop\sample_022014_2007.zip2014-02-15 19:41 - 2014-02-15 19:40 - 00000000 ____D () C:\Users\Davis\Desktop\zoek2014-02-15 19:38 - 2014-02-15 19:40 - 04088082 _____ () C:\Users\Davis\Desktop\zoek.zip2014-02-15 19:35 - 2012-12-11 17:43 - 00000938 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1003Core.job2014-02-15 19:35 - 2012-12-11 17:26 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1003Core.job2014-02-15 15:36 - 2014-02-15 15:36 - 00002101 _____ () C:\Users\Davis\Desktop\RKreport[0]_S_02152014_153625.txt2014-02-15 15:13 - 2010-09-25 09:49 - 00000008 ___RS () C:\Users\Davis\ntuser.pol2014-02-15 15:08 - 2014-02-15 15:17 - 03813376 _____ () C:\Users\Davis\Desktop\RogueKiller.exe2014-02-15 10:11 - 2014-02-15 10:11 - 372136236 _____ () C:\Windows\MEMORY.DMP2014-02-15 10:11 - 2014-02-15 10:11 - 00143248 _____ () C:\Windows\Minidump\Mini021514-01.dmp2014-02-15 10:11 - 2010-04-09 21:06 - 00000000 ____D () C:\Windows\Minidump2014-02-15 09:04 - 2006-11-02 12:47 - 00407168 _____ () C:\Windows\system32\FNTCACHE.DAT2014-02-14 22:43 - 2012-03-13 18:03 - 00115752 _____ () C:\Users\Davis\AppData\Local\GDIPFONTCACHEV1.DAT2014-02-14 22:15 - 2014-02-14 22:15 - 00000000 ____D () C:\Windows\SoftwareDistribution.old2014-02-14 21:22 - 2011-10-12 16:05 - 00000000 ____D () C:\Program Files\Pivot Stickfigure Toolbar2014-02-14 21:13 - 2014-02-14 21:13 - 00000000 ____D () C:\Users\Davis\AppData\Roaming\SUPERAntiSpyware.com2014-02-14 21:13 - 2014-02-14 21:13 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com2014-02-14 21:10 - 2014-02-14 20:49 - 00030464 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys2014-02-14 21:01 - 2014-02-14 21:01 - 00041736 _____ () C:\Windows\system32\.crusader2014-02-14 21:01 - 2014-02-14 20:49 - 00000000 ____D () C:\ProgramData\HitmanPro2014-02-14 20:42 - 2008-07-01 15:05 - 00000000 ___HD () C:\Windows\msdownld.tmp2014-02-14 20:37 - 2006-11-02 10:33 - 00005526 _____ () C:\Windows\system32\PerfStringBackup.INI2014-02-14 20:32 - 2014-02-14 20:32 - 00000000 _____ () C:\Windows\setuperr.log2014-02-14 20:32 - 2013-04-05 18:48 - 00005604 _____ () C:\Windows\setupact.log2014-02-14 20:11 - 2014-02-14 20:11 - 00688992 ____R (Swearware) C:\Users\Davis\Desktop\dds.com2014-02-14 19:53 - 2014-02-14 19:53 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware2014-02-14 19:53 - 2012-03-13 12:24 - 00000911 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-02-14 19:23 - 2014-02-14 19:23 - 00000000 ____D () C:\Windows\ERUNT2014-02-14 18:55 - 2014-02-14 18:52 - 00000087 _____ () C:\Windows\system32\zerobyte_files_deleted.txt2014-02-14 18:55 - 2006-11-02 11:18 - 00000000 __RHD () C:\Users\Default2014-02-14 18:54 - 2014-02-14 18:52 - 00000095 _____ () C:\Windows\zerobyte_files_deleted.txt2014-02-14 18:14 - 2013-10-01 15:27 - 00000847 _____ () C:\Users\Public\Desktop\AVG 2014.lnk2014-02-14 17:17 - 2013-01-29 21:00 - 00006144 _____ () C:\Users\Mrs georgia bolgar\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini2014-02-14 16:56 - 2006-11-02 11:18 - 00000000 ____D () C:\Windows\system32\CatRoot2.old2014-02-12 17:49 - 2014-02-12 17:49 - 00000000 ____D () C:\Support2014-02-11 15:42 - 2013-12-16 19:57 - 00000000 ____D () C:\Program Files\McAfee2014-02-11 09:47 - 2014-02-11 09:47 - 00000000 ____D () C:\Program Files\McAfee Security Scan2014-02-11 09:47 - 2012-12-04 16:01 - 00001924 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk2014-02-08 12:35 - 2012-05-24 20:05 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe2014-02-08 12:35 - 2011-12-13 09:18 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl2014-02-04 20:13 - 2014-02-04 20:13 - 01069512 _____ (Solid State Networks) C:\Users\Davis\Downloads\install_flashplayer12x32au_mssd_awc_aih.exe2014-02-04 15:12 - 2014-01-29 21:01 - 00000000 ____D () C:\ProgramData\toppbuyero2014-02-04 15:12 - 2014-01-29 21:01 - 00000000 ____D () C:\ProgramData\DeuaalsFiindeorrPro2014-02-04 14:40 - 2014-02-04 14:40 - 00001669 _____ () C:\Users\Public\Desktop\iTunes.lnk2014-02-04 14:40 - 2014-02-04 14:39 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E12014-02-04 14:40 - 2014-02-04 14:39 - 00000000 ____D () C:\Program Files\iTunes2014-02-04 14:39 - 2014-02-04 14:39 - 00000000 ____D () C:\Program Files\iPod2014-02-04 14:39 - 2010-02-27 17:48 - 00000000 ____D () C:\Program Files\Common Files\Apple2014-02-04 14:33 - 2010-02-27 17:48 - 00000000 ____D () C:\ProgramData\Apple2014-01-26 16:20 - 2012-12-08 22:06 - 00000000 ____D () C:\Users\Davis\AppData\Roaming\Mozilla2014-01-26 16:20 - 2008-12-28 19:03 - 00000000 ____D () C:\Users\Davis\AppData\Local\Google2014-01-24 20:23 - 2013-01-23 16:30 - 00000949 _____ () C:\Users\Mrs georgia bolgar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk2014-01-20 16:26 - 2014-01-20 16:25 - 01069512 _____ (Solid State Networks) C:\Users\Davis\Downloads\install_flashplayer12x32au_mssa_awc_aih.exe2014-01-19 21:46 - 2014-01-19 21:46 - 00022808 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsshimx.sys==================== Bamital & volsnap Check =================C:\Windows\explorer.exe => MD5 is legitC:\Windows\system32\winlogon.exe => MD5 is legitC:\Windows\system32\wininit.exe => MD5 is legitC:\Windows\system32\svchost.exe => MD5 is legitC:\Windows\system32\services.exe => MD5 is legitC:\Windows\system32\User32.dll => MD5 is legitC:\Windows\system32\userinit.exe => MD5 is legitC:\Windows\system32\rpcss.dll => MD5 is legitC:\Windows\system32\Drivers\volsnap.sys => MD5 is legitLastRegBack: 2014-02-17 09:29==================== End Of Log ============================ Farbar Service Scanner Version: 16-02-2014Ran by Davis (administrator) on 17-02-2014 at 10:20:49Running from "C:\Users\Davis\Desktop"Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)Boot Mode: Normal****************************************************************Internet Services:============Connection Status:==============Localhost is accessible.LAN connected.Google IP is accessible.Google.com is accessible.Yahoo.com is accessible.Windows Firewall:=============Firewall Disabled Policy:==================[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]"EnableFirewall"=DWORD:0System Restore:============System Restore Disabled Policy:========================Security Center:============Windows Update:============Windows Autoupdate Disabled Policy:============================Windows Defender:==============WinDefend Service is not running. Checking service configuration:Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.Other Services:==============File Check:========C:\Windows\system32\nsisvc.dll => MD5 is legitC:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legitC:\Windows\system32\dhcpcsvc.dll => MD5 is legitC:\Windows\system32\Drivers\afd.sys => MD5 is legitC:\Windows\system32\Drivers\tdx.sys => MD5 is legitC:\Windows\system32\Drivers\tcpip.sys[2013-08-19 13:37] - [2013-07-05 03:20] - 0914880 ____A (Microsoft Corporation) 6D0D344F643E28B31262AC2682109A3CC:\Windows\system32\dnsrslvr.dll => MD5 is legitC:\Windows\system32\mpssvc.dll => MD5 is legitC:\Windows\system32\bfe.dll => MD5 is legitC:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legitC:\Windows\system32\SDRSVC.dll => MD5 is legitC:\Windows\system32\vssvc.exe => MD5 is legitC:\Windows\system32\wscsvc.dll => MD5 is legitC:\Windows\system32\wbem\WMIsvc.dll => MD5 is legitC:\Windows\system32\wuaueng.dll => MD5 is legitC:\Windows\system32\qmgr.dll => MD5 is legitC:\Windows\system32\es.dll => MD5 is legitC:\Windows\system32\cryptsvc.dll => MD5 is legitC:\Program Files\Windows Defender\MpSvc.dll => MD5 is legitC:\Windows\system32\svchost.exe => MD5 is legitC:\Windows\system32\rpcss.dll => MD5 is legit**** End of log **** I have had to post the additions txt. Every time i went to attach it wouldnt an error in pink high light came up. Additional scan result of Farbar Recovery Scan Tool (x86) Version: 16-02-2014Ran by Davis at 2014-02-17 10:16:44Running from C:\Users\Davis\DesktopBoot Mode: Normal============================================================================== Security Center ========================AV: AVG Internet Security 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: AVG Internet Security 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}FW: AVG Internet Security 2014 (Enabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}==================== Installed Programs ====================== Update for Microsoft Office 2007 (KB2508958) (Version: - Microsoft)3Connect (Version: 2.0.0 - 3 Mobile Broadband)Activation Assistant for the 2007 Microsoft Office suites (Version: - Microsoft Corporation)Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) HiddenAdobe AIR (Version: 2.5.1.17730 - Adobe Systems Inc.)Adobe AIR (Version: 2.5.1.17730 - Adobe Systems Inc.) HiddenAdobe Flash Player 12 ActiveX (Version: 12.0.0.44 - Adobe Systems Incorporated)Adobe Flash Player 12 Plugin (Version: 12.0.0.44 - Adobe Systems Incorporated)Adobe Media Player (Version: 1.6 - Adobe Systems Incorporated)Adobe Reader 8.1.3 (Version: 8.1.3 - Adobe Systems Incorporated)Apple Application Support (Version: 3.0 - Apple Inc.)Apple Mobile Device Support (Version: 7.1.0.32 - Apple Inc.)Apple Software Update (Version: 2.1.3.127 - Apple Inc.)AusLogics Disk Defrag (Version: version 1.4 - Auslogics Software Pty Ltd)AVG 2014 (Version: 14.0.3615 - AVG Technologies) HiddenAVG 2014 (Version: 14.0.3705 - AVG Technologies) HiddenAVG 2014 (Version: 14.0.4335 - AVG Technologies) HiddenAVG 2014 (Version: 2014.0.4335 - AVG Technologies)AVG Security Toolbar (Version: 17.3.0.49 - AVG Technologies)Babylon toolbar on IE (Version: - ) <==== ATTENTIONBing Bar (Version: 7.3.124.0 - Microsoft Corporation)Bluetooth Stack for Windows by Toshiba (Version: v6.10.07.2(T) - TOSHIBA CORPORATION)Bonjour (Version: 3.0.0.10 - Apple Inc.)Camera Assistant Software for Toshiba (Version: 1.7.193.0508L - Chicony Electronics Co.,Ltd.)CCleaner (remove only) (Version: - )CD/DVD Drive Acoustic Silencer (Version: 2.02.03 - TOSHIBA)Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000 - Microsoft Corporation)D3DX10 (Version: 15.4.2368.0902 - Microsoft) HiddenDeuaalsFiindeorrPro (Version: - DealSoFindderPurO)DVD MovieFactory for TOSHIBA (Version: 5.51 - Ulead Systems, Inc.)Facebook Video Calling 1.2.0.287 (Version: 1.2.287 - Skype Limited)Facebook Video Calling 2.0.0.447 (Version: 2.0.447 - Skype Limited)Facemoods Toolbar (Version: - ) <==== ATTENTIONGoogle Chrome (Version: 32.0.1700.107 - Google Inc.)Google Chrome Packages (HKCU Version: - ) <==== ATTENTIONGoogle Desktop (Version: 5.9.1005.12335 - Google)Google Earth (Version: 7.1.2.2041 - Google)Google Talk Plugin (Version: 3.10.2.10212 - Google)Google Talk Plugin (Version: 4.9.1.16010 - Google)Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) HiddenGoogle Toolbar for Internet Explorer (Version: 7.5.4805.320 - Google Inc.)Google Update Helper (Version: 1.3.22.3 - Google Inc.) HiddenHDMI Control Manager (Version: 1.7 - TOSHIBA)Huawei modem (Version: - )Inbox Toolbar (Version: 1.0.0 - Inbox.com, Inc.)Intel® Matrix Storage Manager (Version: - Intel Corporation)iTunes (Version: 11.1.4.62 - Apple Inc.)Java Auto Updater (Version: 2.0.2.4 - Sun Microsystems, Inc.) HiddenJava 6 Update 23 (Version: 6.0.230 - Sun Microsystems, Inc.)Java 6 Update 6 (Version: 1.6.0.60 - Sun Microsystems, Inc.)Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) HiddenMalwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300 - Malwarebytes Corporation)MathmosScreensaver (Version: - )McAfee Security Scan Plus (Version: 3.8.141.11 - McAfee, Inc.)McAfee SiteAdvisor (Version: 3.6.135 - McAfee, Inc.)Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) HiddenMessenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) HiddenMicrosoft .NET Framework 3.5 SP1 (Version: - Microsoft Corporation)Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) HiddenMicrosoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) HiddenMicrosoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) HiddenMicrosoft Office 2007 Service Pack 3 (SP3) (Version: - Microsoft) HiddenMicrosoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation)Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office File Validation Add-In (Version: 14.0.5130.5003 - Microsoft Corporation)Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Outlook Connector (Version: 14.0.5118.5000 - Microsoft Corporation)Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000 - Microsoft Corporation)Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) HiddenMicrosoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version: - Microsoft) HiddenMicrosoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000 - Microsoft Corporation)Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)Microsoft Works (Version: 9.7.0621 - Microsoft Corporation)Microsoft XML Parser (Version: 8.20.8730.4 - Microsoft Corporation) HiddenMozilla Firefox 27.0.1 (x86 en-US) (Version: 27.0.1 - Mozilla)Mozilla Maintenance Service (Version: 27.0.1 - Mozilla)MSVCRT (Version: 15.4.2862.0708 - Microsoft) HiddenMSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0 - Microsoft Corporation)myphotobook 3.5 (Version: 3.5 - myphotobook)OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) HiddenPando Media Booster (Version: 2.3.6.0 - Pando Networks Inc.)ParetoLogic PC Health Advisor (Version: 3.1.4.0 - ParetoLogic, Inc.)Picasa 2 (Version: 2.0 - Google, Inc.)Pivot Stickfigure Animator version 2.2.6 (Version: 2.2.6 - )Pivot Stickfigure Toolbar (Version: - )QuickTime (Version: 7.74.80.86 - Apple Inc.)Realtek 8169 8168 8101E 8102E Ethernet Driver (Version: 1.00.0000 - Realtek)Realtek High Definition Audio Driver (Version: 6.0.1.5599 - Realtek Semiconductor Corp.)RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.02 (Version: 3.54.02 - )Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) HiddenSpelling Dictionaries Support For Adobe Reader 8 (Version: 8.0.0 - Adobe Systems)Synaptics Pointing Device Driver (Version: 10.1.8.0 - Synaptics)toppbuyero (Version: - toppBuuyer)TOSHIBA Assist (Version: 2.01.04 - TOSHIBA)TOSHIBA ConfigFree (Version: 7.2.13 - TOSHIBA Corporation)TOSHIBA Disc Creator (Version: 2.0.1.3 - TOSHIBA Corporation)TOSHIBA DVD PLAYER (Version: 1.31.14 - TOSHIBA Corporation)TOSHIBA Extended Tiles for Windows Mobility Center (Version: 1.01.00 - TOSHIBA Corporation)TOSHIBA Extended Tiles for Windows Mobility Center (Version: 1.01.00 - TOSHIBA Corporation) HiddenTOSHIBA Face Recognition (Version: 2.0.2.32 - TOSHIBA)TOSHIBA Face Recognition (Version: 2.0.2.32 - TOSHIBA) HiddenTOSHIBA Hardware Setup (Version: 2.00.08 - )TOSHIBA Manuals (Version: 7.40 - TOSHIBA)Toshiba Online Product Information (Version: 1.00.0012 - TOSHIBA)TOSHIBA Recovery Disc Creator (Version: 2.0.0.1b - TOSHIBA Corporation)TOSHIBA SD Memory Utilities (Version: 1.8.1.3 - TOSHIBA)TOSHIBA Software Modem (Version: 2.1.77 (SM2177ALD04) - Agere Systems)TOSHIBA Supervisor Password (Version: 2.00.04 - )Toshiba TEMPRO (Version: 1.1 - Toshiba Europe GmbH)TOSHIBA Value Added Package (Version: 1.1.19 - TOSHIBA Corporation)TOSHIBA Value Added Package (Version: 1.1.19 - TOSHIBA Corporation) HiddenTRDCReminder (Version: 1.00.0015 - TOSHIBA)TRDCReminder (Version: 1.00.0015 - TOSHIBA) HiddenTRORDCLauncher (Version: 1.0.0.1 - TOSHIBA)TRORDCLauncher (Version: 1.0.0.1 - TOSHIBA) HiddenUpdate for 2007 Microsoft Office System (KB967642) (Version: - Microsoft)Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1 - Microsoft Corporation)Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1 - Microsoft Corporation)Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1 - Microsoft Corporation)Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1 - Microsoft Corporation)Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1 - Microsoft Corporation)Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3 - Microsoft Corporation)Update for Microsoft Office 2007 Help for Common Features (KB963673) (Version: - Microsoft)Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (Version: - Microsoft)Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (Version: - Microsoft)Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (Version: - Microsoft)Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (Version: - Microsoft)Update for Microsoft Office Access 2007 Help (KB963663) (Version: - Microsoft)Update for Microsoft Office Excel 2007 Help (KB963678) (Version: - Microsoft)Update for Microsoft Office Infopath 2007 Help (KB963662) (Version: - Microsoft)Update for Microsoft Office OneNote 2007 Help (KB963670) (Version: - Microsoft)Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (Version: - Microsoft)Update for Microsoft Office Outlook 2007 Help (KB963677) (Version: - Microsoft)Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition (Version: - Microsoft)Update for Microsoft Office Powerpoint 2007 Help (KB963669) (Version: - Microsoft)Update for Microsoft Office Publisher 2007 Help (KB963667) (Version: - Microsoft)Update for Microsoft Office Script Editor Help (KB963671) (Version: - Microsoft)Update for Microsoft Office Word 2007 Help (KB963665) (Version: - Microsoft)Visual Studio 2012 x86 Redistributables (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Essentials (Version: 15.4.3555.0308 - Microsoft Corporation)Windows Live Family Safety (Version: 15.4.3555.0308 - Microsoft Corporation) HiddenWindows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) HiddenWindows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Mail (Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Mesh (Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2 - Microsoft Corporation)Windows Live Messenger (Version: 15.4.3538.0513 - Microsoft Corporation) HiddenWindows Live Messenger Companion Core (Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live PIMT Platform (Version: 15.4.3508.1109 - Microsoft Corporation) HiddenWindows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) HiddenWindows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) HiddenWindows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) HiddenWindows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) HiddenWindows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) HiddenWindows Live Writer (Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Writer Resources (Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Media Encoder 9 Series (Version: - )Windows Media Encoder 9 Series (Version: 9.00.3374 - Microsoft Corporation) HiddenYahoo! Messenger (Version: - Yahoo! Inc.)Yahoo! Toolbar (Version: - )==================== Restore Points =========================14-02-2014 22:19:36 D7 Automatic Restore Point15-02-2014 19:49:58 zoek.exe restore point16-02-2014 20:08:26 Installed Microsoft Fix it 5051116-02-2014 20:46:26 Installed Microsoft Fix it 5056917-02-2014 09:59:34 Scheduled Checkpoint==================== Hosts content: ==========================2006-11-02 10:23 - 2006-09-18 21:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts127.0.0.1 localhost::1 localhost==================== Scheduled Tasks (whitelisted) =============Task: {02A4E6F1-AA4D-4754-845A-55C6689AE0CB} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1000Core => C:\Users\Davis\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-11] (Facebook Inc.)Task: {06B560B5-A314-47C7-8C6C-2AC7B7595928} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-30] (Google Inc.)Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMMTask: {2560A82A-F2F3-4C3C-BDE0-19FA730E4540} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1003UA => C:\Users\Georgia davis\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-17] (Google Inc.)Task: {266A7279-4868-4DBF-927E-31A2DFE2CC8C} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1000UA => C:\Users\Davis\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-11] (Facebook Inc.)Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UITask: {33E86F53-2D79-43AD-AE86-A03AB8A358E4} - \Scheduled Update for Ask Toolbar No Task FileTask: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPagesTask: {420FBBC6-0B3F-4C90-9CC5-82BD76665CF8} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)Task: {52ECF0AC-66F0-4E35-BEFE-052558A6BF29} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1000Core => C:\Users\Davis\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-17] (Google Inc.)Task: {5CCAFB2A-03CA-47DE-BD8E-637EB99D5073} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-30] (Google Inc.)Task: {84A4B13D-BB77-49A5-8CBF-E7CEAC6EF480} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1003UA => C:\Users\Georgia davis\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-11] (Facebook Inc.)Task: {8D00947C-618E-4A44-8892-EC731179BD4E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)Task: {97097F62-DE6A-43C9-9688-A5AE9BA9F2ED} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-08] (Adobe Systems Incorporated)Task: {9F44DF2E-7412-4ED0-A98A-CA6ADB373EB3} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1000UA => C:\Users\Davis\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-17] (Google Inc.)Task: {B693CFDD-969A-40A0-B38E-C22B5A54BCE4} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Davis => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-11] (Microsoft Corporation)Task: {C605864F-6899-4629-A990-E3845F2B26B7} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1003Core => C:\Users\Georgia davis\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-17] (Google Inc.)Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()Task: {F0A380A3-ED6D-402C-BD83-B49308391B62} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1003Core => C:\Users\Georgia davis\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-11] (Facebook Inc.)Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1000Core.job => C:\Users\Davis\AppData\Local\Facebook\Update\FacebookUpdate.exeTask: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1000UA.job => C:\Users\Davis\AppData\Local\Facebook\Update\FacebookUpdate.exeTask: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1003Core.job => C:\Users\Georgia davis\AppData\Local\Facebook\Update\FacebookUpdate.exeTask: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1003UA.job => C:\Users\Georgia davis\AppData\Local\Facebook\Update\FacebookUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1000Core.job => C:\Users\Davis\AppData\Local\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1000UA.job => C:\Users\Davis\AppData\Local\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1003Core.job => C:\Users\Georgia davis\AppData\Local\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1003UA.job => C:\Users\Georgia davis\AppData\Local\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\User_Feed_Synchronization-{7DB64578-8B9B-4A26-8F64-DF64F6338DB0}.job => C:\Windows\system32\msfeedssync.exe==================== Loaded Modules (whitelisted) =============2013-11-17 15:58 - 2014-02-17 10:12 - 03578992 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll==================== Alternate Data Streams (whitelisted) =========AlternateDataStreams: C:\ProgramData\TEMP:373E1720==================== Safe Mode (whitelisted) ===================HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"==================== Disabled items from MSCONFIG ==============MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3MSCONFIG\Services: AgereModemAudio => 2MSCONFIG\Services: Apple Mobile Device => 2MSCONFIG\Services: Bonjour Service => 2MSCONFIG\Services: ConfigFree Service => 2MSCONFIG\Services: GoogleDesktopManager-051210-111108 => 3MSCONFIG\Services: gupdate => 2MSCONFIG\Services: gupdatem => 3MSCONFIG\Services: gusvc => 3MSCONFIG\Services: iPod Service => 3MSCONFIG\Services: McAfee SiteAdvisor Service => 2MSCONFIG\Services: McComponentHostService => 3MSCONFIG\Services: MozillaMaintenance => 3MSCONFIG\Services: SmartFaceVWatchSrv => 3MSCONFIG\Services: TempoMonitoringService => 2MSCONFIG\Services: TNaviSrv => 2MSCONFIG\Services: TODDSrv => 2MSCONFIG\Services: TosCoSrv => 2MSCONFIG\Services: TOSHIBA SMART Log Service => 2MSCONFIG\Services: UleadBurningHelper => 2MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartupMSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Update Agent.lnk => C:\Windows\pss\Update Agent.lnk.CommonStartupMSCONFIG\startupfolder: C:^Users^Davis^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Media Player.lnk => C:\Windows\pss\Adobe Media Player.lnk.StartupMSCONFIG\startupreg: 00TCrdMain => %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exeMSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"MSCONFIG\startupreg: AVG_UI => "C:\Program Files\AVG\AVG2014\avgui.exe" /TRAYONLYMSCONFIG\startupreg: Camera Assistant Software => "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /startMSCONFIG\startupreg: cfFncEnabler.exe => cfFncEnabler.exeMSCONFIG\startupreg: ctfmon.exe => C:\WINDOWS\system32\ctfmon.exeMSCONFIG\startupreg: ehTray.exe => C:\Windows\ehome\ehTray.exeMSCONFIG\startupreg: Facebook Update => "C:\Users\Davis\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserverMSCONFIG\startupreg: Google Desktop Search => "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startupMSCONFIG\startupreg: Google EULA Launcher => c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe IE PAMSCONFIG\startupreg: Google Update => "C:\Users\Davis\AppData\Local\Google\Update\GoogleUpdate.exe" /cMSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"MSCONFIG\startupreg: HDMICtrlMan => C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exeMSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exeMSCONFIG\startupreg: HSON => %ProgramFiles%\TOSHIBA\TBS\HSON.exeMSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exeMSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quietMSCONFIG\startupreg: mobilegeni daemon => C:\Program Files\Mobogenie\DaemonProcess.exeMSCONFIG\startupreg: NDSTray.exe => NDSTray.exeMSCONFIG\startupreg: Pando Media Booster => C:\Program Files\Pando Networks\Media Booster\PMB.exeMSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exeMSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottimeMSCONFIG\startupreg: RtHDVCpl => RtHDVCpl.exeMSCONFIG\startupreg: Skytel => Skytel.exeMSCONFIG\startupreg: SmoothView => %ProgramFiles%\Toshiba\SmoothView\SmoothView.exeMSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"MSCONFIG\startupreg: swg => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"MSCONFIG\startupreg: SynTPEnh => C:\Program Files\Synaptics\SynTP\SynTPEnh.exeMSCONFIG\startupreg: topi => C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startupMSCONFIG\startupreg: Toshiba Registration => C:\Program Files\Toshiba\Registration\ToshibaRegistration.exeMSCONFIG\startupreg: Toshiba TEMPO => C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exeMSCONFIG\startupreg: TPwrMain => %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXEMSCONFIG\startupreg: vProt => "C:\Program Files\AVG Secure Search\vprot.exe"MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hideMSCONFIG\startupreg: WMPNSCFG => C:\Program Files\Windows Media Player\WMPNSCFG.exe==================== Faulty Device Manager Devices ================================= Event log errors: =========================Application errors:==================Error: (02/17/2014 10:16:03 AM) (Source: Microsoft-Windows-CAPI2) (User: )Description: -583Error: (02/17/2014 10:16:03 AM) (Source: Microsoft-Windows-CAPI2) (User: )Description: -583Error: (02/17/2014 10:16:03 AM) (Source: Microsoft-Windows-CAPI2) (User: )Description: -583Error: (02/17/2014 10:16:03 AM) (Source: Microsoft-Windows-CAPI2) (User: )Description: -583Error: (02/17/2014 10:15:54 AM) (Source: Microsoft-Windows-CAPI2) (User: )Description: -583Error: (02/17/2014 10:15:54 AM) (Source: Microsoft-Windows-CAPI2) (User: )Description: -583Error: (02/17/2014 10:05:21 AM) (Source: Windows Search Service) (User: )Description: The Windows Search Service has failed to create the SystemIndex search index. Internal error <4, 0x8004117f, Failed to add project: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects>.Error: (02/17/2014 10:05:21 AM) (Source: Windows Search Service) (User: )Description: The Windows Search Service cannot open the Jet property store.Details: The content index server cannot update or access information because of a database error. Stop and restart the search service. If the problem persists, reset and recrawl the content index. In some cases it may be necessary to delete and recreate the content index. (0x8004117f)Error: (02/17/2014 10:05:19 AM) (Source: Windows Search Service) (User: )Description: The Windows Search Service has failed to create the SystemIndex search index. Internal error <4, 0x8004117f, Failed to add project: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects>.Error: (02/17/2014 10:05:19 AM) (Source: Windows Search Service) (User: )Description: The Windows Search Service cannot open the Jet property store.Details: The content index server cannot update or access information because of a database error. Stop and restart the search service. If the problem persists, reset and recrawl the content index. In some cases it may be necessary to delete and recreate the content index. (0x8004117f)System errors:=============Error: (02/17/2014 10:05:21 AM) (Source: Service Control Manager) (User: )Description: Windows Search13Error: (02/17/2014 10:05:21 AM) (Source: Service Control Manager) (User: )Description: Windows Search2147749155 (0x80040D23)Error: (02/17/2014 10:05:19 AM) (Source: Service Control Manager) (User: )Description: Windows Search12Error: (02/17/2014 10:05:19 AM) (Source: Service Control Manager) (User: )Description: Windows Search2147749155 (0x80040D23)Error: (02/17/2014 10:05:17 AM) (Source: Service Control Manager) (User: )Description: Windows Search11Error: (02/17/2014 10:05:17 AM) (Source: Service Control Manager) (User: )Description: Windows Search2147749155 (0x80040D23)Error: (02/17/2014 10:05:14 AM) (Source: Service Control Manager) (User: )Description: Windows Search10Error: (02/17/2014 10:05:14 AM) (Source: Service Control Manager) (User: )Description: Windows Search2147749155 (0x80040D23)Error: (02/17/2014 10:05:12 AM) (Source: Service Control Manager) (User: )Description: Windows Search9Error: (02/17/2014 10:05:12 AM) (Source: Service Control Manager) (User: )Description: Windows Search2147749155 (0x80040D23)Microsoft Office Sessions:=========================Error: (05/15/2011 05:59:32 PM) (Source: Microsoft Office 12 Sessions)(User: )Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 22 seconds with 0 seconds of active time. This session ended with a crash.Error: (11/08/2010 08:43:53 PM) (Source: Microsoft Office 12 Sessions)(User: )Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0 seconds with 0 seconds of active time. This session ended with a crash.Error: (11/08/2010 08:43:11 PM) (Source: Microsoft Office 12 Sessions)(User: )Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1145 seconds with 420 seconds of active time. This session ended with a crash.Error: (09/27/2010 06:33:40 PM) (Source: Microsoft Office 12 Sessions)(User: )Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 9893 seconds with 2580 seconds of active time. This session ended with a crash.Error: (09/25/2010 09:39:25 PM) (Source: Microsoft Office 12 Sessions)(User: )Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 41752 seconds with 2160 seconds of active time. This session ended with a crash.CodeIntegrity Errors:=================================== Date: 2014-02-17 10:16:33.732 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\hitmanpro37.sys because the set of per-page image hashes could not be found on the system. Date: 2014-02-17 10:16:33.436 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\hitmanpro37.sys because the set of per-page image hashes could not be found on the system. Date: 2014-02-17 10:16:33.139 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\hitmanpro37.sys because the set of per-page image hashes could not be found on the system. Date: 2014-02-17 10:16:32.843 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\hitmanpro37.sys because the set of per-page image hashes could not be found on the system. Date: 2014-02-17 10:16:32.547 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\hitmanpro37.sys because the set of per-page image hashes could not be found on the system. Date: 2014-02-17 10:16:32.250 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\hitmanpro37.sys because the set of per-page image hashes could not be found on the system. Date: 2014-02-17 10:16:31.954 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\hitmanpro37.sys because the set of per-page image hashes could not be found on the system. Date: 2014-02-17 10:16:31.657 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\hitmanpro37.sys because the set of per-page image hashes could not be found on the system. Date: 2014-02-17 10:16:17.025 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\hitmanpro37.sys because the set of per-page image hashes could not be found on the system. Date: 2014-02-17 10:16:16.728 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\hitmanpro37.sys because the set of per-page image hashes could not be found on the system.==================== Memory info ===========================Percentage of memory in use: 52%Total physical RAM: 2939.26 MBAvailable physical RAM: 1397.25 MBTotal Pagefile: 6088.75 MBAvailable Pagefile: 4743.39 MBTotal Virtual: 2047.88 MBAvailable Virtual: 1918.45 MB==================== Drives ================================Drive c: (Vista) (Fixed) (Total:232.64 GB) (Free:155.39 GB) NTFS ==>[Drive with boot components (obtained from BCD)]Drive e: (Data) (Fixed) (Total:230.84 GB) (Free:225.41 GB) NTFSDrive f: (BEYONCE) (CDROM) (Total:4.14 GB) (Free:0 GB) UDFDrive g: (D7 PREMIUM) (Removable) (Total:1.87 GB) (Free:0.72 GB) FAT==================== MBR & Partition Table ==========================================================================Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: 8F1901FC)Partition 1: (Not Active) - (Size=2 GB) - (Type=27)Partition 2: (Active) - (Size=233 GB) - (Type=07 NTFS)Partition 3: (Not Active) - (Size=231 GB) - (Type=07 NTFS)========================================================Disk: 1 (Size: 2 GB) (Disk ID: 13CCC2B5)Partition 1: (Not Active) - (Size=2 GB) - (Type=06)==================== End Of Log ============================ Thanks Link to post Share on other sites More sharing options...
jeffdavis Posted February 17, 2014 Author ID:792433 Share Posted February 17, 2014 The profile on Google Chrome wont open still. But its no major problem. I did run the shortcut fixer and i think it fixed a few but most of the shortcuts were to programs / apps that were part of my problem. (Whitesmoke toolbar etc) Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-02-2014Ran by Davis (administrator) on DAVIS-PC on 17-02-2014 10:16:09Running from C:\Users\Davis\DesktopMicrosoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English(US)Internet Explorer Version 9Boot Mode: NormalThe only official download link for FRST:Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/==================== Processes (Whitelisted) =================(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgrsx.exe(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe(Microsoft Corporation) C:\Windows\system32\SLsvc.exe(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgfws.exe(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe(TOSHIBA) C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe(Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.3.124.0\SeaPort.exe(Google Inc.) C:\Users\Davis\AppData\Local\Temp\{7A7AF753-F5B5-491A-B6A6-EC417E7525F2}\GoogleUpdate.exe(Google Inc.) C:\Users\Davis\AppData\Local\Temp\{7A7AF753-F5B5-491A-B6A6-EC417E7525F2}\GoogleUpdateSetup.exe(Google Inc.) C:\Program Files\GUM17F3.tmp\GoogleUpdate.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe(McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\saUI.exe(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil32_12_0_0_44_ActiveX.exe==================== Registry (Whitelisted) ==================HKLM\...\Run: [] - [X]HKLM\...\Runonce: [AvgUninstallURL] - cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-lsf?lic=TlVIRDQtWUg5UEUtTzNQNEUtUVJERUstR0RKWjctVk9YVUw"&"inst=NzctMTIxODUzNjgzOS1GUDkyKzYtQkFSOUcrMS1GTCs5LVhPMzYrMS1DSUExMCsyLVNQMSsxLVNVUCs0LVRVRyszLVNQMVM0KzEtRERUKzAtTFNEKzItREQxMCsxLVNUMTBBUFArMS1QMTBNMTJDKzEtVTEwKzEtVEIrMS1GVUkrMi1QMTBUQisyLUVVTEErMS1TVFAxME0xMkNNKzEtU1QxMkFQUCsx"&"prod=55"&"ver=2012.0.1780"&"mid=84f5bd6a3a24b8b2df974b4dfa68e073-f53cc401da39bf00f11a57d79d9871e18aeaa71dHKLM\...\RunOnce: [!DPLauncher] - "C:\Program Files\Microsoft\DefaultPack\DPLauncher.EXE" partner=p001 comb=12 [60048 2013-12-16] (© 2012 Microsoft Corporation)HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenterHKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenterHKU\S-1-5-21-1847146488-4185065798-1427826158-1000\...\Run: [TOSCDSPD] - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [430080 2008-04-24] (TOSHIBA)HKU\S-1-5-21-1847146488-4185065798-1427826158-1000\...\Policies\Explorer: [HideSCAHealth] 1HKU\S-1-5-21-1847146488-4185065798-1427826158-1000\...\MountPoints2: F - F:\dilaunch.exeHKU\S-1-5-21-1847146488-4185065798-1427826158-1000\...\MountPoints2: {2ccf1bce-e309-11dd-ad59-001e337f74f4} - D:\AutoRun.exeHKU\S-1-5-21-1847146488-4185065798-1427826158-1000\...\MountPoints2: {2ccf1be2-e309-11dd-ad59-001e337f74f4} - D:\AutoRun.exeHKU\S-1-5-21-1847146488-4185065798-1427826158-1000\...\MountPoints2: {3826e3e7-de63-11dd-b592-00216b461096} - D:\AutoRun.exeHKU\S-1-5-21-1847146488-4185065798-1427826158-1000\...\MountPoints2: {3826e413-de63-11dd-b592-00216b461096} - D:\AutoRun.exeStartup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnkShortcutTarget: TRDCReminder.lnk -> C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnkShortcutTarget: TRDCReminder.lnk -> C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)Startup: C:\Users\Georgie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnkShortcutTarget: TRDCReminder.lnk -> C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnkShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)Startup: C:\Users\Mrs georgia bolgar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnkShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)==================== Internet (Whitelisted) ====================HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.co.uk/HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchURLSearchHook: ATTENTION ==> Default URLSearchHook is missing.StartMenuInternet: IEXPLORE.EXE - iexplore.exeSearchScopes: HKLM - DefaultScope {413EC48B-03FB-4AD2-8F18-1B3525B940BD} URL = http://www.google.com/search?source=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEA;SearchScopes: HKLM - {413EC48B-03FB-4AD2-8F18-1B3525B940BD} URL = http://www.google.com/search?source=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEA;SearchScopes: HKCU - DefaultScope {413EC48B-03FB-4AD2-8F18-1B3525B940BD} URL = http://www.google.com/search?source=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEA_en-GBGB308SearchScopes: HKCU - ToolbarSearchProviderProgress {96bd48dd-741b-41ae-ac4a-aff96ba00f7e}SearchScopes: HKCU - {413EC48B-03FB-4AD2-8F18-1B3525B940BD} URL = http://www.google.com/search?source=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEA_en-GBGB308SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=1I7TSEA_en-GBGB308SearchScopes: HKCU - {70D46D94-BF1E-45ED-B567-48701376298E} URL = http://127.0.0.1:4664/search&s=PzUpTmDrCyJO6uiEzcPbAecchFQ?q={searchTerms}BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)BHO: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)BHO: SMTTB2009 Class - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Pivot Stickfigure Toolbar\tbcore3.dll ()Toolbar: HKLM - Pivot Stickfigure Toolbar - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\Pivot Stickfigure Toolbar\tbcore3.dll ()Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)Toolbar: HKCU - Pivot Stickfigure Toolbar - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\Pivot Stickfigure Toolbar\tbcore3.dll ()Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No FileDPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cabDPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cabDPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cabDPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cabHandler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\PROGRA~1\INBOXT~1\Inbox.dll No FileHandler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll No FileHandler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)Handler: rebinfo - {AF808758-C780-404C-A4EE-4526323FD9B6} - No FileHandler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0\ViProtocol.dll No FileWinsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)Tcpip\Parameters: [DhcpNameServer] 192.168.1.1FireFox:========FF ProfilePath: C:\Users\Davis\AppData\Roaming\Mozilla\Firefox\Profiles\xzk1ljzw.defaultFF DefaultSearchEngine: AVG Secure SearchFF SearchEngineOrder.1: Secure SearchFF SelectedSearchEngine: AVG Secure SearchFF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_44.dll ()FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\17.3.0\\npsitesafety.dll No FileFF Plugin: @checkpoint.com/FFApi - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll No FileFF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files\Yahoo!\Shared\npYState.dll No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Davis\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Davis\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Davis\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\Davis\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Davis\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Davis\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)FF Plugin ProgramFiles/Appdata: C:\Users\Davis\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)FF Plugin ProgramFiles/Appdata: C:\Users\Davis\AppData\Roaming\mozilla\plugins\npgtpo3dautoplugin.dll ()FF Plugin ProgramFiles/Appdata: C:\Users\Davis\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\McSiteAdvisor.xmlFF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisorFF Extension: McAfee SiteAdvisor - C:\Program Files\McAfee\SiteAdvisor [2013-12-16]Chrome:=======CHR Extension: (Google Docs) - C:\Users\Davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-16]CHR Extension: (Google Drive) - C:\Users\Davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-16]CHR Extension: (YouTube) - C:\Users\Davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-16]CHR Extension: (Google Search) - C:\Users\Davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-16]CHR Extension: (SiteAdvisor) - C:\Users\Davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2014-02-16]CHR Extension: (Google Wallet) - C:\Users\Davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-16]CHR Extension: (Gmail) - C:\Users\Davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-16]CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx [2013-12-16]CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION========================== Services (Whitelisted) =================R2 avgfws; C:\Program Files\AVG\AVG2014\avgfws.exe [1358944 2013-09-24] (AVG Technologies CZ, s.r.o.)R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3788816 2014-01-22] (AVG Technologies CZ, s.r.o.)R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)S4 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2008-04-16] (TOSHIBA CORPORATION)S4 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-06-14] (Google)S4 McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [104880 2014-01-22] (McAfee, Inc.)S4 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [235696 2014-01-16] (McAfee, Inc.)S4 SmartFaceVWatchSrv; C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe [73728 2008-04-24] (Toshiba)S4 TempoMonitoringService; C:\Program Files\Toshiba TEMPRO\TempoSVC.exe [99720 2008-04-24] (Toshiba Europe GmbH)S4 TOSHIBA SMART Log Service; C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [126976 2007-12-03] (TOSHIBA Corporation)S4 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.)==================== Drivers (Whitelisted) ====================R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [120600 2013-11-25] (AVG Technologies CZ, s.r.o.)R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6x.sys [47928 2013-09-26] (AVG Technologies CZ, s.r.o.)R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [210712 2013-11-25] (AVG Technologies CZ, s.r.o.)R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [149272 2013-11-25] (AVG Technologies CZ, s.r.o.)R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [22808 2014-01-19] (AVG Technologies CZ, s.r.o.)R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [176952 2013-10-31] (AVG Technologies CZ, s.r.o.)R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [222520 2013-10-31] (AVG Technologies CZ, s.r.o.)R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [102712 2013-10-01] (AVG Technologies CZ, s.r.o.)R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27448 2013-09-10] (AVG Technologies CZ, s.r.o.)R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [193848 2013-08-01] (AVG Technologies CZ, s.r.o.)R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [37664 2013-11-13] (AVG Technologies)S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [30464 2014-02-14] ()S3 UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [18432 2007-12-17] (Chicony Electronics Co., Ltd.)S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]S3 IpInIp; system32\DRIVERS\ipinip.sys [X]S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]S1 SASDIFSV; \??\C:\Users\Davis\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV.SYS [X]S1 SASKUTIL; \??\C:\Users\Davis\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL.SYS [X]==================== NetSvcs (Whitelisted) ======================================= One Month Created Files and Folders ========2014-02-17 10:16 - 2014-02-17 10:16 - 00021095 _____ () C:\Users\Davis\Desktop\FRST.txt2014-02-17 10:14 - 2014-02-17 10:15 - 01141248 _____ (Farbar) C:\Users\Davis\Desktop\FRST.exe2014-02-17 10:04 - 2014-02-17 10:04 - 00001976 _____ () C:\Users\Public\Desktop\Google Chrome.lnk2014-02-17 10:03 - 2014-02-17 10:03 - 49940480 _____ () C:\Program Files\GUT1813.tmp2014-02-17 10:03 - 2014-02-17 10:03 - 00000000 ____D () C:\Program Files\GUM17F3.tmp2014-02-17 08:27 - 2014-02-17 08:27 - 00001209 _____ () C:\Users\Davis\Desktop\RKreport[0]_SC_02172014_082701.txt2014-02-17 08:07 - 2014-02-17 08:07 - 00007818 _____ () C:\Users\Davis\Desktop\Eset online scanner.txt2014-02-16 20:57 - 2014-02-16 20:57 - 00000000 ____D () C:\Users\Davis\AppData\Local\CrashDumps2014-02-16 20:49 - 2014-02-16 20:49 - 01070592 _____ () C:\Users\Davis\Downloads\MicrosoftFixit50569(1).msi2014-02-16 20:45 - 2014-02-16 20:46 - 01070592 _____ () C:\Users\Davis\Downloads\MicrosoftFixit50569.msi2014-02-16 20:07 - 2014-02-16 20:07 - 01050624 _____ () C:\Users\Davis\Downloads\MicrosoftFixit50511.msi2014-02-15 22:10 - 2014-02-17 10:16 - 00000000 ____D () C:\FRST2014-02-15 20:27 - 2013-10-18 01:11 - 00024064 _____ () C:\Windows\zoek-delete.exe2014-02-15 20:26 - 2014-02-15 20:26 - 00000000 ____D () C:\Program Files\HiJackThis2014-02-15 20:07 - 2014-02-15 20:07 - 00109508 _____ () C:\Users\Public\Desktop\sample_022014_2007.zip2014-02-15 19:49 - 2014-02-15 20:32 - 00147029 _____ () C:\zoek-results.log2014-02-15 19:44 - 2014-02-15 20:23 - 00000000 ____D () C:\zoek_backup2014-02-15 19:40 - 2014-02-15 19:41 - 00000000 ____D () C:\Users\Davis\Desktop\zoek2014-02-15 19:40 - 2014-02-15 19:38 - 04088082 _____ () C:\Users\Davis\Desktop\zoek.zip2014-02-15 15:36 - 2014-02-15 15:36 - 00002101 _____ () C:\Users\Davis\Desktop\RKreport[0]_S_02152014_153625.txt2014-02-15 15:19 - 2014-02-17 08:25 - 00000000 ____D () C:\Users\Davis\Desktop\RK_Quarantine2014-02-15 15:17 - 2014-02-15 15:08 - 03813376 _____ () C:\Users\Davis\Desktop\RogueKiller.exe2014-02-15 10:11 - 2014-02-15 10:11 - 372136236 _____ () C:\Windows\MEMORY.DMP2014-02-15 10:11 - 2014-02-15 10:11 - 00143248 _____ () C:\Windows\Minidump\Mini021514-01.dmp2014-02-14 22:15 - 2014-02-14 22:15 - 00000000 ____D () C:\Windows\SoftwareDistribution.old2014-02-14 21:13 - 2014-02-14 21:13 - 00000000 ____D () C:\Users\Davis\AppData\Roaming\SUPERAntiSpyware.com2014-02-14 21:13 - 2014-02-14 21:13 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com2014-02-14 21:01 - 2014-02-14 21:01 - 00041736 _____ () C:\Windows\system32\.crusader2014-02-14 20:49 - 2014-02-14 21:10 - 00030464 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys2014-02-14 20:49 - 2014-02-14 21:01 - 00000000 ____D () C:\ProgramData\HitmanPro2014-02-14 20:32 - 2014-02-14 20:32 - 00000000 _____ () C:\Windows\setuperr.log2014-02-14 20:11 - 2014-02-14 20:11 - 00688992 ____R (Swearware) C:\Users\Davis\Desktop\dds.com2014-02-14 19:53 - 2014-02-14 19:53 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware2014-02-14 19:23 - 2014-02-14 19:23 - 00000000 ____D () C:\Windows\ERUNT2014-02-14 18:52 - 2014-02-14 18:55 - 00000087 _____ () C:\Windows\system32\zerobyte_files_deleted.txt2014-02-14 18:52 - 2014-02-14 18:54 - 00000095 _____ () C:\Windows\zerobyte_files_deleted.txt2014-02-12 17:49 - 2014-02-12 17:49 - 00000000 ____D () C:\Support2014-02-11 09:47 - 2014-02-11 09:47 - 00000000 ____D () C:\Program Files\McAfee Security Scan2014-02-04 20:13 - 2014-02-04 20:13 - 01069512 _____ (Solid State Networks) C:\Users\Davis\Downloads\install_flashplayer12x32au_mssd_awc_aih.exe2014-02-04 14:40 - 2014-02-04 14:40 - 00001669 _____ () C:\Users\Public\Desktop\iTunes.lnk2014-02-04 14:39 - 2014-02-04 14:40 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E12014-02-04 14:39 - 2014-02-04 14:40 - 00000000 ____D () C:\Program Files\iTunes2014-02-04 14:39 - 2014-02-04 14:39 - 00000000 ____D () C:\Program Files\iPod2014-01-29 21:01 - 2014-02-04 15:12 - 00000000 ____D () C:\ProgramData\toppbuyero2014-01-29 21:01 - 2014-02-04 15:12 - 00000000 ____D () C:\ProgramData\DeuaalsFiindeorrPro2014-01-20 16:25 - 2014-01-20 16:26 - 01069512 _____ (Solid State Networks) C:\Users\Davis\Downloads\install_flashplayer12x32au_mssa_awc_aih.exe2014-01-19 21:46 - 2014-01-19 21:46 - 00022808 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsshimx.sys==================== One Month Modified Files and Folders =======2014-02-17 10:16 - 2014-02-17 10:16 - 00021095 _____ () C:\Users\Davis\Desktop\FRST.txt2014-02-17 10:16 - 2014-02-15 22:10 - 00000000 ____D () C:\FRST2014-02-17 10:15 - 2014-02-17 10:14 - 01141248 _____ (Farbar) C:\Users\Davis\Desktop\FRST.exe2014-02-17 10:15 - 2009-09-29 15:06 - 00000422 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{7DB64578-8B9B-4A26-8F64-DF64F6338DB0}.job2014-02-17 10:12 - 2013-11-17 15:58 - 00000000 ____D () C:\Program Files\Mozilla Firefox2014-02-17 10:12 - 2012-12-10 22:15 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service2014-02-17 10:04 - 2014-02-17 10:04 - 00001976 _____ () C:\Users\Public\Desktop\Google Chrome.lnk2014-02-17 10:03 - 2014-02-17 10:03 - 49940480 _____ () C:\Program Files\GUT1813.tmp2014-02-17 10:03 - 2014-02-17 10:03 - 00000000 ____D () C:\Program Files\GUM17F3.tmp2014-02-17 10:03 - 2008-07-01 15:13 - 00000000 ____D () C:\Program Files\Google2014-02-17 10:01 - 2012-05-24 20:05 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job2014-02-17 10:00 - 2010-01-30 19:08 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2014-02-17 09:55 - 2009-09-14 20:51 - 01884319 _____ () C:\Windows\WindowsUpdate.log2014-02-17 09:35 - 2011-03-02 11:17 - 00000000 ____D () C:\ProgramData\MFAData2014-02-17 09:31 - 2012-12-11 17:26 - 00000940 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1003UA.job2014-02-17 09:22 - 2012-12-08 22:05 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1000Core.job2014-02-17 09:22 - 2010-01-30 19:08 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2014-02-17 09:22 - 2006-11-02 13:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-02-17 09:22 - 2006-11-02 12:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A02014-02-17 09:22 - 2006-11-02 12:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A02014-02-17 08:27 - 2014-02-17 08:27 - 00001209 _____ () C:\Users\Davis\Desktop\RKreport[0]_SC_02172014_082701.txt2014-02-17 08:25 - 2014-02-15 15:19 - 00000000 ____D () C:\Users\Davis\Desktop\RK_Quarantine2014-02-17 08:19 - 2012-12-08 22:05 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1000UA.job2014-02-17 08:07 - 2014-02-17 08:07 - 00007818 _____ () C:\Users\Davis\Desktop\Eset online scanner.txt2014-02-17 07:36 - 2012-01-08 16:05 - 00000926 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1000UA.job2014-02-17 05:47 - 2012-12-11 17:43 - 00000960 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1003UA.job2014-02-16 22:36 - 2012-01-08 16:05 - 00000904 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1000Core.job2014-02-16 20:57 - 2014-02-16 20:57 - 00000000 ____D () C:\Users\Davis\AppData\Local\CrashDumps2014-02-16 20:56 - 2013-01-23 16:30 - 00000000 ____D () C:\Users\Mrs georgia bolgar2014-02-16 20:56 - 2012-12-02 09:47 - 00000000 ____D () C:\Users\Georgia davis2014-02-16 20:56 - 2010-10-15 19:05 - 00000000 ____D () C:\Users\Guest2014-02-16 20:56 - 2009-09-27 17:59 - 00000000 ____D () C:\Users\Georgie2014-02-16 20:56 - 2008-12-28 18:57 - 00000000 ____D () C:\Users\Davis2014-02-16 20:56 - 2006-11-02 11:18 - 00000000 ___RD () C:\Users\Public2014-02-16 20:49 - 2014-02-16 20:49 - 01070592 _____ () C:\Users\Davis\Downloads\MicrosoftFixit50569(1).msi2014-02-16 20:46 - 2014-02-16 20:45 - 01070592 _____ () C:\Users\Davis\Downloads\MicrosoftFixit50569.msi2014-02-16 20:07 - 2014-02-16 20:07 - 01050624 _____ () C:\Users\Davis\Downloads\MicrosoftFixit50511.msi2014-02-16 09:16 - 2006-11-02 13:01 - 00032614 _____ () C:\Windows\Tasks\SCHEDLGU.TXT2014-02-16 09:05 - 2011-09-07 17:08 - 00000000 ____D () C:\Users\Davis\AppData\Local\PMB Files2014-02-16 09:05 - 2011-02-05 14:20 - 00000000 ____D () C:\Windows\pss2014-02-15 23:09 - 2006-11-02 11:18 - 00000000 ___HD () C:\Windows\system32\GroupPolicy2014-02-15 20:32 - 2014-02-15 19:49 - 00147029 _____ () C:\zoek-results.log2014-02-15 20:30 - 2013-01-10 19:39 - 00059246 _____ () C:\Windows\PFRO.log2014-02-15 20:26 - 2014-02-15 20:26 - 00000000 ____D () C:\Program Files\HiJackThis2014-02-15 20:23 - 2014-02-15 19:44 - 00000000 ____D () C:\zoek_backup2014-02-15 20:07 - 2014-02-15 20:07 - 00109508 _____ () C:\Users\Public\Desktop\sample_022014_2007.zip2014-02-15 19:41 - 2014-02-15 19:40 - 00000000 ____D () C:\Users\Davis\Desktop\zoek2014-02-15 19:38 - 2014-02-15 19:40 - 04088082 _____ () C:\Users\Davis\Desktop\zoek.zip2014-02-15 19:35 - 2012-12-11 17:43 - 00000938 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1003Core.job2014-02-15 19:35 - 2012-12-11 17:26 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1847146488-4185065798-1427826158-1003Core.job2014-02-15 15:36 - 2014-02-15 15:36 - 00002101 _____ () C:\Users\Davis\Desktop\RKreport[0]_S_02152014_153625.txt2014-02-15 15:13 - 2010-09-25 09:49 - 00000008 ___RS () C:\Users\Davis\ntuser.pol2014-02-15 15:08 - 2014-02-15 15:17 - 03813376 _____ () C:\Users\Davis\Desktop\RogueKiller.exe2014-02-15 10:11 - 2014-02-15 10:11 - 372136236 _____ () C:\Windows\MEMORY.DMP2014-02-15 10:11 - 2014-02-15 10:11 - 00143248 _____ () C:\Windows\Minidump\Mini021514-01.dmp2014-02-15 10:11 - 2010-04-09 21:06 - 00000000 ____D () C:\Windows\Minidump2014-02-15 09:04 - 2006-11-02 12:47 - 00407168 _____ () C:\Windows\system32\FNTCACHE.DAT2014-02-14 22:43 - 2012-03-13 18:03 - 00115752 _____ () C:\Users\Davis\AppData\Local\GDIPFONTCACHEV1.DAT2014-02-14 22:15 - 2014-02-14 22:15 - 00000000 ____D () C:\Windows\SoftwareDistribution.old2014-02-14 21:22 - 2011-10-12 16:05 - 00000000 ____D () C:\Program Files\Pivot Stickfigure Toolbar2014-02-14 21:13 - 2014-02-14 21:13 - 00000000 ____D () C:\Users\Davis\AppData\Roaming\SUPERAntiSpyware.com2014-02-14 21:13 - 2014-02-14 21:13 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com2014-02-14 21:10 - 2014-02-14 20:49 - 00030464 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys2014-02-14 21:01 - 2014-02-14 21:01 - 00041736 _____ () C:\Windows\system32\.crusader2014-02-14 21:01 - 2014-02-14 20:49 - 00000000 ____D () C:\ProgramData\HitmanPro2014-02-14 20:42 - 2008-07-01 15:05 - 00000000 ___HD () C:\Windows\msdownld.tmp2014-02-14 20:37 - 2006-11-02 10:33 - 00005526 _____ () C:\Windows\system32\PerfStringBackup.INI2014-02-14 20:32 - 2014-02-14 20:32 - 00000000 _____ () C:\Windows\setuperr.log2014-02-14 20:32 - 2013-04-05 18:48 - 00005604 _____ () C:\Windows\setupact.log2014-02-14 20:11 - 2014-02-14 20:11 - 00688992 ____R (Swearware) C:\Users\Davis\Desktop\dds.com2014-02-14 19:53 - 2014-02-14 19:53 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware2014-02-14 19:53 - 2012-03-13 12:24 - 00000911 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-02-14 19:23 - 2014-02-14 19:23 - 00000000 ____D () C:\Windows\ERUNT2014-02-14 18:55 - 2014-02-14 18:52 - 00000087 _____ () C:\Windows\system32\zerobyte_files_deleted.txt2014-02-14 18:55 - 2006-11-02 11:18 - 00000000 __RHD () C:\Users\Default2014-02-14 18:54 - 2014-02-14 18:52 - 00000095 _____ () C:\Windows\zerobyte_files_deleted.txt2014-02-14 18:14 - 2013-10-01 15:27 - 00000847 _____ () C:\Users\Public\Desktop\AVG 2014.lnk2014-02-14 17:17 - 2013-01-29 21:00 - 00006144 _____ () C:\Users\Mrs georgia bolgar\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini2014-02-14 16:56 - 2006-11-02 11:18 - 00000000 ____D () C:\Windows\system32\CatRoot2.old2014-02-12 17:49 - 2014-02-12 17:49 - 00000000 ____D () C:\Support2014-02-11 15:42 - 2013-12-16 19:57 - 00000000 ____D () C:\Program Files\McAfee2014-02-11 09:47 - 2014-02-11 09:47 - 00000000 ____D () C:\Program Files\McAfee Security Scan2014-02-11 09:47 - 2012-12-04 16:01 - 00001924 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk2014-02-08 12:35 - 2012-05-24 20:05 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe2014-02-08 12:35 - 2011-12-13 09:18 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl2014-02-04 20:13 - 2014-02-04 20:13 - 01069512 _____ (Solid State Networks) C:\Users\Davis\Downloads\install_flashplayer12x32au_mssd_awc_aih.exe2014-02-04 15:12 - 2014-01-29 21:01 - 00000000 ____D () C:\ProgramData\toppbuyero2014-02-04 15:12 - 2014-01-29 21:01 - 00000000 ____D () C:\ProgramData\DeuaalsFiindeorrPro2014-02-04 14:40 - 2014-02-04 14:40 - 00001669 _____ () C:\Users\Public\Desktop\iTunes.lnk2014-02-04 14:40 - 2014-02-04 14:39 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E12014-02-04 14:40 - 2014-02-04 14:39 - 00000000 ____D () C:\Program Files\iTunes2014-02-04 14:39 - 2014-02-04 14:39 - 00000000 ____D () C:\Program Files\iPod2014-02-04 14:39 - 2010-02-27 17:48 - 00000000 ____D () C:\Program Files\Common Files\Apple2014-02-04 14:33 - 2010-02-27 17:48 - 00000000 ____D () C:\ProgramData\Apple2014-01-26 16:20 - 2012-12-08 22:06 - 00000000 ____D () C:\Users\Davis\AppData\Roaming\Mozilla2014-01-26 16:20 - 2008-12-28 19:03 - 00000000 ____D () C:\Users\Davis\AppData\Local\Google2014-01-24 20:23 - 2013-01-23 16:30 - 00000949 _____ () C:\Users\Mrs georgia bolgar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk2014-01-20 16:26 - 2014-01-20 16:25 - 01069512 _____ (Solid State Networks) C:\Users\Davis\Downloads\install_flashplayer12x32au_mssa_awc_aih.exe2014-01-19 21:46 - 2014-01-19 21:46 - 00022808 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsshimx.sys==================== Bamital & volsnap Check =================C:\Windows\explorer.exe => MD5 is legitC:\Windows\system32\winlogon.exe => MD5 is legitC:\Windows\system32\wininit.exe => MD5 is legitC:\Windows\system32\svchost.exe => MD5 is legitC:\Windows\system32\services.exe => MD5 is legitC:\Windows\system32\User32.dll => MD5 is legitC:\Windows\system32\userinit.exe => MD5 is legitC:\Windows\system32\rpcss.dll => MD5 is legitC:\Windows\system32\Drivers\volsnap.sys => MD5 is legitLastRegBack: 2014-02-17 09:29==================== End Of Log ============================ Farbar Service Scanner Version: 16-02-2014Ran by Davis (administrator) on 17-02-2014 at 10:20:49Running from "C:\Users\Davis\Desktop"Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)Boot Mode: Normal****************************************************************Internet Services:============Connection Status:==============Localhost is accessible.LAN connected.Google IP is accessible.Google.com is accessible.Yahoo.com is accessible.Windows Firewall:=============Firewall Disabled Policy:==================[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]"EnableFirewall"=DWORD:0System Restore:============System Restore Disabled Policy:========================Security Center:============Windows Update:============Windows Autoupdate Disabled Policy:============================Windows Defender:==============WinDefend Service is not running. Checking service configuration:Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.Other Services:==============File Check:========C:\Windows\system32\nsisvc.dll => MD5 is legitC:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legitC:\Windows\system32\dhcpcsvc.dll => MD5 is legitC:\Windows\system32\Drivers\afd.sys => MD5 is legitC:\Windows\system32\Drivers\tdx.sys => MD5 is legitC:\Windows\system32\Drivers\tcpip.sys[2013-08-19 13:37] - [2013-07-05 03:20] - 0914880 ____A (Microsoft Corporation) 6D0D344F643E28B31262AC2682109A3CC:\Windows\system32\dnsrslvr.dll => MD5 is legitC:\Windows\system32\mpssvc.dll => MD5 is legitC:\Windows\system32\bfe.dll => MD5 is legitC:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legitC:\Windows\system32\SDRSVC.dll => MD5 is legitC:\Windows\system32\vssvc.exe => MD5 is legitC:\Windows\system32\wscsvc.dll => MD5 is legitC:\Windows\system32\wbem\WMIsvc.dll => MD5 is legitC:\Windows\system32\wuaueng.dll => MD5 is legitC:\Windows\system32\qmgr.dll => MD5 is legitC:\Windows\system32\es.dll => MD5 is legitC:\Windows\system32\cryptsvc.dll => MD5 is legitC:\Program Files\Windows Defender\MpSvc.dll => MD5 is legitC:\Windows\system32\svchost.exe => MD5 is legitC:\Windows\system32\rpcss.dll => MD5 is legit**** End of log **** Link to post Share on other sites More sharing options...
kevinf80 Posted February 17, 2014 ID:792453 Share Posted February 17, 2014 I`ve attached a zip file named WinDefend.zip, d/l and extract to you Desktop. You should now have a registry file named WinDefend.reg. Double click to run that file, accept any alerts. Reboot and see if Windows Defender now works.... Next, Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work. Run FRST and press the Fix button just once and wait.The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply. Next, Download Services Repair tool, available here - http://kb.eset.com/library/ESET/KB%20Team%20Only/Malware/ServicesRepair.exe and Save it to your Desktop. Right click on it and select Run As Administrator, follow the prompts. It should reboot when it finishes. If not reboot it yourself. When the re-boot completes check your system and see how it responds, what issues concerns remain etc... Kevinfixlist.txtWinDefend.zip Link to post Share on other sites More sharing options...
jeffdavis Posted February 17, 2014 Author ID:792470 Share Posted February 17, 2014 Hi, ive run all that, defender starts now but wont update. error message Code 0xc000247 i have got avg internet security installed so i dont believe defender is important, but thats the error message. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 16-02-2014Ran by Davis at 2014-02-17 13:52:10 Run:2Running from C:\Users\Davis\DesktopBoot Mode: Normal==============================================Content of fixlist:*****************StartHKU\S-1-5-21-1847146488-4185065798-1427826158-1000\...\MountPoints2: F - F:\dilaunch.exeHKU\S-1-5-21-1847146488-4185065798-1427826158-1000\...\MountPoints2: {2ccf1bce-e309-11dd-ad59-001e337f74f4} - D:\AutoRun.exeHKU\S-1-5-21-1847146488-4185065798-1427826158-1000\...\MountPoints2: {2ccf1be2-e309-11dd-ad59-001e337f74f4} - D:\AutoRun.exeHKU\S-1-5-21-1847146488-4185065798-1427826158-1000\...\MountPoints2: {3826e3e7-de63-11dd-b592-00216b461096} - D:\AutoRun.exeHKU\S-1-5-21-1847146488-4185065798-1427826158-1000\...\MountPoints2: {3826e413-de63-11dd-b592-00216b461096} - D:\AutoRun.exeToolbar: HKLM - Pivot Stickfigure Toolbar - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\Pivot Stickfigure Toolbar\tbcore3.dll ()Toolbar: HKCU - Pivot Stickfigure Toolbar - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\Pivot Stickfigure Toolbar\tbcore3.dll ()C:\Program Files\Pivot Stickfigure ToolbarCHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTIONS3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]S3 IpInIp; system32\DRIVERS\ipinip.sys [X]S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]S1 SASDIFSV; \??\C:\Users\Davis\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV.SYS [X]S1 SASKUTIL; \??\C:\Users\Davis\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL.SYS [X]AlternateDataStreams: C:\ProgramData\TEMP:373E1720End*****************HKU\1\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\S-1-5-21-1847146488-4185065798-1427826158-1000 => Key not found.HKU\1\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2ccf1bce-e309-11dd-ad59-001e337f74f4} => Key not found.HKCR\CLSID\{2ccf1bce-e309-11dd-ad59-001e337f74f4} => Key not found.HKU\1\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2ccf1be2-e309-11dd-ad59-001e337f74f4} => Key not found.HKCR\CLSID\{2ccf1be2-e309-11dd-ad59-001e337f74f4} => Key not found.HKU\1\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3826e3e7-de63-11dd-b592-00216b461096} => Key not found.HKCR\CLSID\{3826e3e7-de63-11dd-b592-00216b461096} => Key not found.HKU\1\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3826e413-de63-11dd-b592-00216b461096} => Key not found.HKCR\CLSID\{3826e413-de63-11dd-b592-00216b461096} => Key not found.HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{338B4DFE-2E2C-4338-9E41-E176D497299E} => Value deleted successfully.HKCR\CLSID\{338B4DFE-2E2C-4338-9E41-E176D497299E} => Key deleted successfully.HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{338B4DFE-2E2C-4338-9E41-E176D497299E} => Value deleted successfully.HKCR\CLSID\{338B4DFE-2E2C-4338-9E41-E176D497299E} => Key not found.C:\Program Files\Pivot Stickfigure Toolbar => Moved successfully.HKLM\SOFTWARE\Policies\Google => Key deleted successfully.hwdatacard => Service deleted successfully.IpInIp => Service deleted successfully.NwlnkFlt => Service deleted successfully.NwlnkFwd => Service deleted successfully.SASDIFSV => Service deleted successfully.SASKUTIL => Service deleted successfully.C:\ProgramData\TEMP => ":373E1720" ADS removed successfully.==== End of Fixlog ==== Thanks Link to post Share on other sites More sharing options...
kevinf80 Posted February 17, 2014 ID:792677 Share Posted February 17, 2014 Run the following, post its log when complete, Please download Portable Windows Repair (all in one) from one of the following: http://www.tweaking.com/content/page/windows_repair_all_in_one.htmlhttp://www.majorgeeks.com/Tweaking.com_-_Windows_Repair_Portable_d7222.htmlhttp://www.bleepingcomputer.com/download/windows-repair-all-in-one-portable/ Unzip the contents into a newly created folder on your desktop. Open the folder, run the tool by right click on Repair_Windows (icon with red briefcase) select "Run as Administrator" From the main GUI do the following: Select Tab 3 and allow it to run SFC Select Tab 4 and Create System Restore Point Select Repairs tab => Click the Start The repairs window will open, Check the boxes as indicated, also the "Restart" options, the select Start... DON'T use the computer while each scan is in progress. Post the log, to access select “settings” tab > “open log folder” tab, log will be named _Windows_Repair_Log Link to post Share on other sites More sharing options...
jeffdavis Posted February 18, 2014 Author ID:792893 Share Posted February 18, 2014 Hi, here is the log from windows repair. System Variables--------------------------------------------------------------------------------OS: Windows Vista Home PremiumOS Architecture: 32-bitOS Version: 6.0.6002OS Service Pack: Service Pack 2Computer Name: DAVIS-PCWindows Drive: C:\Windows Path: C:\WindowsCurrent Profile: C:\Users\DavisCurrent Profile SID: S-1-5-21-1847146488-4185065798-1427826158-1000Current Profile Classes: S-1-5-21-1847146488-4185065798-1427826158-1000_ClassesProfiles Location: C:\UsersProfiles Location 2: C:\Windows\ServiceProfilesLocal Settings AppData: C:\Users\Davis\AppData\Local--------------------------------------------------------------------------------Starting Repairs... Start (18/02/2014 09:41:49)01 - Reset Registry Permissions 01/03 HKEY_CURRENT_USER & Sub Keys Start (18/02/2014 09:41:49) Running Repair Under Current User Account Done (18/02/2014 09:41:54)01 - Reset Registry Permissions 02/03 HKEY_LOCAL_MACHINE & Sub Keys Start (18/02/2014 09:41:54) Running Repair Under System Account Done (18/02/2014 09:46:12)01 - Reset Registry Permissions 03/03 HKEY_CLASSES_ROOT & Sub Keys Start (18/02/2014 09:46:12) Running Repair Under System Account Done (18/02/2014 09:47:11)02 - Reset File Permissions 01/12 C:\$AVG & Sub Folders Start (18/02/2014 09:47:11) Running Repair Under System Account Done (18/02/2014 09:47:21)02 - Reset File Permissions 02/12 C:\Boot & Sub Folders Start (18/02/2014 09:47:21) Running Repair Under System Account Done (18/02/2014 09:47:24)02 - Reset File Permissions 03/12 C:\FRST & Sub Folders Start (18/02/2014 09:47:24) Running Repair Under System Account Done (18/02/2014 09:47:26)02 - Reset File Permissions 04/12 C:\Intel & Sub Folders Start (18/02/2014 09:47:26) Running Repair Under System Account Done (18/02/2014 09:47:29)02 - Reset File Permissions 05/12 C:\MSOCache & Sub Folders Start (18/02/2014 09:47:29) Running Repair Under System Account Done (18/02/2014 09:47:31)02 - Reset File Permissions 06/12 C:\Program Files & Sub Folders Start (18/02/2014 09:47:31) Running Repair Under System Account Done (18/02/2014 09:49:15)02 - Reset File Permissions 07/12 C:\ProgramData & Sub Folders Start (18/02/2014 09:49:15) Running Repair Under System Account Done (18/02/2014 09:49:40)02 - Reset File Permissions 08/12 C:\Support & Sub Folders Start (18/02/2014 09:49:40) Running Repair Under System Account Done (18/02/2014 09:49:42)02 - Reset File Permissions 09/12 C:\Toshiba & Sub Folders Start (18/02/2014 09:49:42) Running Repair Under System Account Done (18/02/2014 09:49:49)02 - Reset File Permissions 10/12 C:\Windows & Sub Folders Start (18/02/2014 09:49:49) Running Repair Under System Account Done (18/02/2014 09:55:06)02 - Reset File Permissions 11/12 C:\Works & Sub Folders Start (18/02/2014 09:55:06) Running Repair Under System Account Done (18/02/2014 09:55:12)02 - Reset File Permissions 12/12 C:\zoek_backup & Sub Folders Start (18/02/2014 09:55:12) Running Repair Under System Account Done (18/02/2014 09:55:29)02 - Reset File Permissions 01/05 E:\aafc74bbf5b4ac77b32fe4 & Sub Folders Start (18/02/2014 09:55:29) Running Repair Under System Account Done (18/02/2014 09:55:31)02 - Reset File Permissions 02/05 E:\Firefox & Sub Folders Start (18/02/2014 09:55:32) Running Repair Under System Account Done (18/02/2014 09:55:34)02 - Reset File Permissions 03/05 E:\Georgia & Sub Folders Start (18/02/2014 09:55:34) Running Repair Under System Account Done (18/02/2014 09:55:36)02 - Reset File Permissions 04/05 E:\Google Desktop Data & Sub Folders Start (18/02/2014 09:55:36) Running Repair Under System Account Done (18/02/2014 09:55:39)02 - Reset File Permissions 05/05 E:\HDDRecovery & Sub Folders Start (18/02/2014 09:55:39) Running Repair Under System Account Done (18/02/2014 09:55:41)02 - Reset File Permissions: Cleanup & Sub Folders Start (18/02/2014 09:55:41) Running Repair Under System AccountProcessing ACL of: <\\?\C:\Documents and Settings>SetACL finished successfully.Processing ACL of: <\\?\C:\ProgramData\Application Data>SetACL finished successfully.Processing ACL of: <\\?\C:\ProgramData\Desktop>SetACL finished successfully.Processing ACL of: <\\?\C:\ProgramData\Documents>SetACL finished successfully.Processing ACL of: <\\?\C:\ProgramData\Favorites>SetACL finished successfully.Processing ACL of: <\\?\C:\ProgramData\Start Menu>SetACL finished successfully.Processing ACL of: <\\?\C:\ProgramData\Templates>SetACL finished successfully.Processing ACL of: <\\?\C:\Users\All Users\Application Data>SetACL finished successfully.Processing ACL of: <\\?\C:\Users\All Users\Desktop>SetACL finished successfully.Processing ACL of: <\\?\C:\Users\All Users\Documents>SetACL finished successfully.Processing ACL of: <\\?\C:\Users\All Users\Favorites>SetACL finished successfully.Processing ACL of: <\\?\C:\Users\All Users\Start Menu>SetACL finished successfully.Processing ACL of: <\\?\C:\Users\All Users\Templates>SetACL finished successfully.Processing ACL of: <\\?\C:\Users\Default User>SetACL finished successfully.Processing ACL of: <\\?\C:\Users\Default\Application Data>SetACL finished successfully.Processing ACL of: <\\?\C:\Users\Default\Cookies>SetACL finished successfully.Processing ACL of: <\\?\C:\Users\Default\Local Settings>SetACL finished successfully.Processing ACL of: <\\?\C:\Users\Default\My Documents>SetACL finished successfully.Processing ACL of: <\\?\C:\Users\Default\NetHood>SetACL finished successfully.Processing ACL of: <\\?\C:\Users\Default\PrintHood>SetACL finished successfully.Processing ACL of: <\\?\C:\Users\Default\Recent>SetACL finished successfully.Processing ACL of: <\\?\C:\Users\Default\SendTo>SetACL finished successfully.Processing ACL of: <\\?\C:\Users\Default\Start Menu>SetACL finished successfully.Processing ACL of: <\\?\C:\Users\Default\Templates>SetACL finished successfully.Processing ACL of: <\\?\C:\Users\Default\AppData\Local\Application Data>SetACL finished successfully.Processing ACL of: <\\?\C:\Users\Default\AppData\Local\History>SetACL finished successfully.Processing ACL of: <\\?\C:\Users\Default\AppData\Local\Temporary Internet Files>SetACL finished successfully.Processing ACL of: <\\?\C:\Users\Default\Documents\My Music>SetACL finished successfully.Processing ACL of: <\\?\C:\Users\Default\Documents\My Pictures>SetACL finished successfully.Processing ACL of: <\\?\C:\Users\Default\Documents\My Videos>SetACL finished successfully.Processing ACL of: <\\?\C:\Users\Davis\Application Data>SetACL finished successfully.Processing ACL of: <\\?\C:\Users\Davis\Cookies>SetACL finished successfully.Processing ACL of: <\\?\C:\Users\Davis\Local Settings>SetACL finished successfully.Processing ACL of: <\\?\C:\Users\Davis\My Documents>SetACL finished successfully.Processing ACL of: <\\?\C:\Users\Davis\NetHood>SetACL finished successfully.Processing ACL of: <\\?\C:\Users\Davis\PrintHood>SetACL finished successfully.Processing ACL of: <\\?\C:\Users\Davis\Recent>SetACL finished successfully.Processing ACL of: <\\?\C:\Users\Davis\SendTo>SetACL finished successfully.Processing ACL of: <\\?\C:\Users\Davis\Start Menu>SetACL finished successfully.Processing ACL of: <\\?\C:\Users\Davis\Templates>SetACL finished successfully.Processing ACL of: <\\?\C:\Users\Davis\AppData\Local\Application Data>SetACL finished successfully.Processing ACL of: <\\?\C:\Users\Davis\AppData\Local\History>SetACL finished successfully.Processing ACL of: <\\?\C:\Users\Davis\AppData\Local\Temporary Internet Files>SetACL finished successfully.Processing ACL of: <\\?\C:\Users\Davis\Documents\My Music>SetACL finished successfully.Processing ACL of: <\\?\C:\Users\Davis\Documents\My Pictures>SetACL finished successfully.Processing ACL of: <\\?\C:\Users\Davis\Documents\My Videos>SetACL finished successfully. Done (18/02/2014 09:55:46)03 - Register System Files Start (18/02/2014 09:55:46) Running Repair Under Current User Account Running Repair Under System Account Done (18/02/2014 09:56:10)04 - Repair WMI Start (18/02/2014 09:56:10) Running Repair Under Current User Account Done (18/02/2014 09:58:23)05 - Repair Windows Firewall Start (18/02/2014 09:58:23) Running Repair Under Current User Account Running Repair Under System Account Done (18/02/2014 09:59:03)06 - Repair Internet Explorer Start (18/02/2014 09:59:03) Running Repair Under Current User Account Running Repair Under System Account Done (18/02/2014 09:59:27)07 - Repair MDAC/MS Jet Start (18/02/2014 09:59:27) Running Repair Under Current User Account Running Repair Under System Account Done (18/02/2014 09:59:48)08 - Repair Hosts File Start (18/02/2014 09:59:48) Running Repair Under System Account Done (18/02/2014 09:59:51)09 - Remove Policies Set By Infections Start (18/02/2014 09:59:51) Running Repair Under Current User Account Running Repair Under System Account Done (18/02/2014 09:59:55)10 - Repair Missing Start Menu Icons Removed By Infections Start (18/02/2014 09:59:55) Running Repair Under System Account Done (18/02/2014 09:59:58)11 - Repair Icons Start (18/02/2014 09:59:58) Running Repair Under System Account Done (18/02/2014 10:00:00)12 - Repair Winsock & DNS Cache Start (18/02/2014 10:00:00) Running Repair Under Current User Account Running Repair Under System Account Done (18/02/2014 10:00:13)13 - Remove Temp Files Start (18/02/2014 10:00:13) Running Repair Under System Account Done (18/02/2014 10:00:16)14 - Repair Proxy Settings Start (18/02/2014 10:00:16) Running Repair Under Current User Account Running Repair Under System Account Done (18/02/2014 10:00:20)15 - Unhide Non System Files Start (18/02/2014 10:00:20) C:\ - Total Files Unhidden: 277 - Check Unhidden_Files.txt for list of files unhidden E:\ - Total Files Unhidden: 0 - Check Unhidden_Files.txt for list of files unhidden Done (18/02/2014 10:02:43)16 - Repair Windows Updates Start (18/02/2014 10:02:43) Running Repair Under Current User Account Running Repair Under System Account Done (18/02/2014 10:03:09)17 - Repair CD/DVD Missing/Not Working Start (18/02/2014 10:03:09) iTunes was found, adding UpperFilters for iTunes Reg Key UpperFilters added?: True Done (18/02/2014 10:03:09)18 - Repair Volume Shadow Copy Service Start (18/02/2014 10:03:09) Running Repair Under Current User Account Running Repair Under System Account Done (18/02/2014 10:03:24)19 - Repair Windows Sidebar/Gadgets Start (18/02/2014 10:03:24) Running Repair Under Current User Account Running Repair Under System Account Done (18/02/2014 10:03:29)20 - Repair MSI (Windows Installer) Start (18/02/2014 10:03:29) Running Repair Under Current User Account Running Repair Under System Account Done (18/02/2014 10:03:40)21 - Repair Windows Snipping Tool Start (18/02/2014 10:03:40) Running Repair Under Current User Account Running Repair Under System Account Done (18/02/2014 10:03:45)22.01 - Repair bat Association Start (18/02/2014 10:03:45) Running Repair Under Current User Account Running Repair Under System Account Done (18/02/2014 10:03:50)22.02 - Repair cmd Association Start (18/02/2014 10:03:50) Running Repair Under Current User Account Running Repair Under System Account Done (18/02/2014 10:03:54)22.03 - Repair com Association Start (18/02/2014 10:03:54) Running Repair Under Current User Account Running Repair Under System Account Done (18/02/2014 10:03:59)22.04 - Repair Directory Association Start (18/02/2014 10:03:59) Running Repair Under Current User Account Running Repair Under System Account Done (18/02/2014 10:04:04)22.05 - Repair Drive Association Start (18/02/2014 10:04:04) Running Repair Under Current User Account Running Repair Under System Account Done (18/02/2014 10:04:09)22.06 - Repair exe Association Start (18/02/2014 10:04:09) Running Repair Under Current User Account Running Repair Under System Account Done (18/02/2014 10:04:13)22.07 - Repair Folder Association Start (18/02/2014 10:04:13) Running Repair Under Current User Account Running Repair Under System Account Done (18/02/2014 10:04:18)22.08 - Repair inf Association Start (18/02/2014 10:04:18) Running Repair Under Current User Account Running Repair Under System Account Done (18/02/2014 10:04:23)22.09 - Repair lnk (Shortcuts) Association Start (18/02/2014 10:04:23) Running Repair Under Current User Account Running Repair Under System Account Done (18/02/2014 10:04:28)22.10 - Repair msc Association Start (18/02/2014 10:04:28) Running Repair Under Current User Account Running Repair Under System Account Done (18/02/2014 10:04:33)22.11 - Repair reg Association Start (18/02/2014 10:04:33) Running Repair Under Current User Account Running Repair Under System Account Done (18/02/2014 10:04:37)22.12 - Repair scr Association Start (18/02/2014 10:04:37) Running Repair Under Current User Account Running Repair Under System Account Done (18/02/2014 10:04:42)23 - Repair Windows Safe Mode Start (18/02/2014 10:04:42) Running Repair Under Current User Account Running Repair Under System Account Done (18/02/2014 10:04:49)24 - Repair Print Spooler Start (18/02/2014 10:04:49) Running Repair Under Current User Account Running Repair Under System Account Done (18/02/2014 10:05:02)25 - Restore Important Windows Services Start (18/02/2014 10:05:02) Running Repair Under Current User Account Running Repair Under System Account Done (18/02/2014 10:05:19)26 - Set Windows Services To Default Startup Start (18/02/2014 10:05:19) Running Repair Under Current User Account Running Repair Under System Account Done (18/02/2014 10:05:30)Cleaning up empty logs...All Selected Repairs Done. Done (18/02/2014 10:05:30) Total Repair Time: 00:23:41...YOU MUST RESTART YOUR SYSTEM... Running Repair Under Current User Account Link to post Share on other sites More sharing options...
kevinf80 Posted February 18, 2014 ID:792904 Share Posted February 18, 2014 Re-boot after the repair completes. What is the current status now, any improvement... Link to post Share on other sites More sharing options...
Recommended Posts