Jump to content

trojan.ransom.gend and blocked software


Recommended Posts

Hi

 

I ran a quick scan and found 2 files that started Trojan.ransom.gend, I then restarted my computer but was unable to access malwarebytes or Avast.  I received a message saying that the files were blocked.  I could not re-install malwarebytes etc.  However, I was able to restore my computer to a previous date and then update to the latest malwarebytes and run a full scan.  Have I managed to get rid of this virus fully?

 

I attach the FRST and Addition logs for your perusal.

 

Although a competent MSOffice user I am a novice at how computers work so please explain things carefully if I need to follow further instructions. :)

 

Hoping someone can assist me.  Thank you!

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:25-05-2014 01
Ran by Linda Austin (administrator) on LINDAAUSTIN-PC on 25-05-2014 18:05:26
Running from C:\Users\Linda Austin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UNHE9ZD0
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Agere Systems) C:\Windows\System32\agrsmsvc.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
() C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
(Interactive Digital Media) C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Toshiba) C:\Program Files\TOSHIBA\Registration\ToshibaRegistration.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(TOSHIBA) C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynToshiba.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
(Microsoft Corporation) C:\Program Files\Windows Mail\WinMail.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_11_9_900_117_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-18] (Microsoft Corporation)
HKLM\...\Run: [KeNotify] => C:\Program Files\TOSHIBA\Utilities\KeNotify.exe [34352 2006-11-06] ()
HKLM\...\Run: [sVPWUTIL] => C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe [438272 2006-03-22] (TOSHIBA)
HKLM\...\Run: [HWSetup] => \HWSetup.exe hwSetUP
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4702208 2007-09-03] (Realtek Semiconductor)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [411192 2007-03-29] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [55416 2006-12-07] (TOSHIBA Corporation)
HKLM\...\Run: [smoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [509496 2007-04-03] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [538744 2007-05-22] (TOSHIBA Corporation)
HKLM\...\Run: [NDSTray.exe] => NDSTray.exe
HKLM\...\Run: [Desktop SMS] => C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe [1507328 2007-06-18] (Interactive Digital Media)
HKLM\...\Run: [topi] => C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe [581632 2007-07-10] (TOSHIBA)
HKLM\...\Run: [skytel] => C:\Windows\Skytel.exe [1826816 2007-08-03] (Realtek Semiconductor Corp.)
HKLM\...\Run: [synTPStart] => C:\Program Files\Synaptics\SynTP\SynTPStart.exe [204800 2007-07-27] (Synaptics, Inc.)
HKLM\...\Run: [Toshiba Registration] => C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe [571024 2007-02-19] (Toshiba)
HKLM\...\Run: [iAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [174872 2007-02-12] (Intel Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3568312 2013-11-24] (AVAST Software)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-27] (Adobe Systems Incorporated)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-3024585940-1028860982-1363955008-1000\...\Run: [TOSCDSPD] => C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [413696 2006-11-13] (TOSHIBA)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.uk/
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co.uk
SearchScopes: HKLM - DefaultScope {9778DFF1-C6C9-4E56-B409-2805DDCD21A1} URL = http://www.google.co.uk/search?q={searchTerms}&rls=com.microsoft:*:IE-SearchBox&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7;
SearchScopes: HKLM - {9778DFF1-C6C9-4E56-B409-2805DDCD21A1} URL = http://www.google.co.uk/search?q={searchTerms}&rls=com.microsoft:*:IE-SearchBox&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7;
SearchScopes: HKCU - DefaultScope {9778DFF1-C6C9-4E56-B409-2805DDCD21A1} URL = http://www.google.co.uk/search?q={searchTerms}&rls=com.microsoft:*:IE-SearchBox&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7;&rlz=
SearchScopes: HKCU - {9778DFF1-C6C9-4E56-B409-2805DDCD21A1} URL = http://www.google.co.uk/search?q={searchTerms}&rls=com.microsoft:*:IE-SearchBox&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7;&rlz=
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []

Chrome:
=======
CHR HomePage: hxxp://start.mysearchdial.com/?f=1&a=dnldstr0103&cd=2XzuyEtN2Y1L1QzutDtDtC0Bzy0EyDyB0B0CzztB0AtAyDyCtN0D0Tzu0SyByDzztN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=1523163677&ir=
CHR RestoreOnStartup: "hxxp://start.mysearchdial.com/?f=1&a=dnldstr0103&cd=2XzuyEtN2Y1L1QzutDtDtC0Bzy0EyDyB0B0CzztB0AtAyDyCtN0D0Tzu0SyByDzztN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=1523163677&ir=",  "hxxp://www.google.com/"
CHR DefaultSearchProvider:       "name": "Mysearchdial"
CHR Extension: (Google Docs) - C:\Users\Linda Austin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-24]
CHR Extension: (Google Drive) - C:\Users\Linda Austin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-24]
CHR Extension: (YouTube) - C:\Users\Linda Austin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-24]
CHR Extension: (Google Search) - C:\Users\Linda Austin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-24]
CHR Extension: (Google Wallet) - C:\Users\Linda Austin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-24]
CHR Extension: (Gmail) - C:\Users\Linda Austin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-24]

========================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2013-11-24] (AVAST Software)
R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.)

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [35656 2013-11-24] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2013-11-24] (AVAST Software)
R1 AswRdr; C:\Windows\system32\drivers\aswRdr.sys [54832 2013-11-24] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2013-11-24] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [774392 2013-11-24] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [403440 2013-11-24] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57672 2013-11-24] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [178304 2013-11-24] ()
S4 CplIR; C:\Windows\system32\DRIVERS\CplIR.SYS [14848 2007-03-06] (COMPAL ELECTRONIC INC.)
R0 LPCFilter; C:\Windows\System32\DRIVERS\LPCFilter.sys [19456 2006-07-28] (COMPAL ELECTRONIC INC.)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 Tosrfcom; No ImagePath
S3 TpChoice; system32\DRIVERS\TpChoice.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-05-25 18:04 - 2014-05-25 18:05 - 00000000 ____D () C:\FRST
2014-05-25 11:26 - 2014-03-08 00:20 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-25 11:26 - 2014-03-08 00:12 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-25 11:26 - 2014-03-08 00:03 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-25 11:26 - 2014-03-08 00:02 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-25 11:26 - 2014-03-08 00:02 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-25 11:26 - 2014-03-08 00:00 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-05-25 11:26 - 2014-03-07 23:59 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-25 11:26 - 2014-03-07 23:57 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-05-25 11:26 - 2014-03-07 23:57 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-25 11:26 - 2014-03-07 23:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-25 11:26 - 2014-03-07 23:54 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-25 11:26 - 2014-03-07 23:53 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-25 11:26 - 2014-03-07 23:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-25 11:25 - 2014-05-06 00:32 - 12347392 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-25 11:25 - 2014-05-06 00:14 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-25 11:25 - 2014-05-06 00:14 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-25 11:24 - 2013-10-11 03:08 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2014-05-25 11:24 - 2013-10-11 03:08 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2014-05-25 11:24 - 2013-10-11 03:08 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wshcon.dll
2014-05-25 11:24 - 2013-10-11 01:35 - 00155648 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2014-05-25 11:24 - 2013-10-11 01:35 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2014-05-25 11:23 - 2014-03-25 14:26 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-25 11:23 - 2014-02-07 11:38 - 02050560 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-05-25 11:23 - 2014-02-06 02:56 - 00894464 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-05-25 11:23 - 2014-02-03 11:37 - 00505344 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-05-25 11:23 - 2014-01-30 08:46 - 00876032 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-05-25 11:23 - 2013-12-05 03:12 - 01248768 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-05-25 11:23 - 2013-11-13 01:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-05-25 11:23 - 2013-10-30 03:12 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll
2014-05-25 11:23 - 2013-10-30 02:43 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2014-05-25 11:23 - 2013-10-30 01:43 - 00167936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2014-05-25 11:23 - 2013-10-22 08:19 - 00158208 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2014-05-25 11:05 - 2014-05-25 11:05 - 00000000 ____D () C:\Program Files\sweetpacks bundle uninstaller_CCleaner_1552246

==================== One Month Modified Files and Folders =======

2014-05-25 18:05 - 2014-05-25 18:04 - 00000000 ____D () C:\FRST
2014-05-25 18:01 - 2013-11-24 15:28 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-25 17:35 - 2006-11-02 11:33 - 00690960 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-25 17:30 - 2013-09-20 16:35 - 01707659 _____ () C:\Windows\WindowsUpdate.log
2014-05-25 17:27 - 2013-11-24 15:28 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-25 17:27 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-25 17:27 - 2006-11-02 13:47 - 00003568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-25 17:27 - 2006-11-02 13:47 - 00003568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-25 17:26 - 2006-11-02 14:01 - 00032646 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-25 12:51 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-05-25 11:54 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\rescache
2014-05-25 11:37 - 2006-11-02 13:47 - 00372920 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-25 11:35 - 2007-04-13 16:35 - 00000000 ____D () C:\Windows\system32\RTCOM
2014-05-25 11:29 - 2013-09-20 18:48 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-25 11:05 - 2014-05-25 11:05 - 00000000 ____D () C:\Program Files\sweetpacks bundle uninstaller_CCleaner_1552246
2014-05-25 06:50 - 2013-09-20 21:15 - 00001878 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-05-25 06:45 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\Msdtc
2014-05-25 06:44 - 2013-11-17 17:51 - 00000000 ____D () C:\Program Files\CCleaner
2014-05-25 06:44 - 2013-09-20 16:55 - 00000000 ____D () C:\Users\Linda Austin
2014-05-25 06:44 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\spool
2014-05-25 06:44 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\registration
2014-05-25 06:44 - 2006-11-02 11:22 - 44040192 _____ () C:\Windows\system32\config\components_previous
2014-05-25 06:44 - 2006-11-02 11:22 - 31195136 _____ () C:\Windows\system32\config\software_previous
2014-05-25 06:44 - 2006-11-02 11:22 - 22806528 _____ () C:\Windows\system32\config\system_previous
2014-05-25 06:44 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\system32\config\security_previous
2014-05-25 06:44 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\system32\config\sam_previous
2014-05-25 06:44 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\system32\config\default_previous
2014-05-11 20:13 - 2013-10-01 18:09 - 00000000 ____D () C:\Users\Linda Austin\Documents\Home
2014-05-06 00:32 - 2014-05-25 11:25 - 12347392 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 00:14 - 2014-05-25 11:25 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 00:14 - 2014-05-25 11:25 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-04 17:14 - 2006-11-02 11:24 - 90547776 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-05-25 17:33

==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:25-05-2014 01
Ran by Linda Austin at 2014-05-25 18:05:51
Running from C:\Users\Linda Austin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UNHE9ZD0
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.9.900.117 - Adobe Systems Incorporated)
Adobe Reader X (10.1.4) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.4 - Adobe Systems Incorporated)
Atheros Driver Installation Program (HKLM\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 7.1 - Atheros)
avast! Free Antivirus (HKLM\...\avast) (Version: 9.0.2008 - Avast Software)
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v5.10.06(T) - )
CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform)
CD/DVD Drive Acoustic Silencer (HKLM\...\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}) (Version: 2.00.02 - TOSHIBA)
Desktop SMS (HKLM\...\{5980B928-1C95-4B3E-957B-B02D8147FF9E}) (Version: 1.2.0 - IDM)
DVD MovieFactory for TOSHIBA (HKLM\...\{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}) (Version: 5.3 - Ulead Systems, Inc.)
Emdedded IR Driver (HKLM\...\InstallShield_{A6D4234C-CB02-4048-AC3E-AD09404FA35A}) (Version: 0.0.0.6C - Compal Electronics, Inc.)
Emdedded IR Driver (Version: 0.0.0.6C - Compal Electronics, Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
Intel Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - )
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - )
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft Office 2000 Disc 2 (HKLM\...\{00040409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft Office 2000 Professional (HKLM\...\{00010409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft XML Parser (Version: 8.20.8730.4 - Microsoft Corporation) Hidden
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
myphotobook 3.1 (HKLM\...\myphotobook) (Version: 3.1 - myphotobook)
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5477 - Realtek Semiconductor Corp.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 10.0.9.0 - Synaptics)
Texas Instruments PCIxx21/x515/xx12 drivers. (HKLM\...\InstallShield_{DB780B85-B4B5-4864-A49C-9B706B169C93}) (Version: 2.00.0001 - Texas Instruments Inc.)
TIPCI (Version: 2.00.0001 - Texas Instruments Inc.) Hidden
TOSHIBA Assist (HKLM\...\{12B3A009-A080-4619-9A2A-C6DB151D8D67}) (Version: 2.01.02 - )
TOSHIBA ConfigFree (HKLM\...\{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}) (Version: 7.00.32 - TOSHIBA)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.0.0.8 - TOSHIBA Corporation)
TOSHIBA DVD PLAYER (HKLM\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 1.10.13 - TOSHIBA Corporation)
TOSHIBA Extended Tiles for Windows Mobility Center (HKLM\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version: 1.01.00 - TOSHIBA Corporation)
TOSHIBA Extended Tiles for Windows Mobility Center (Version: 1.01.00 - TOSHIBA Corporation) Hidden
TOSHIBA Flash Cards Support Utility (HKLM\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.48.0.3C - TOSHIBA)
TOSHIBA Flash Cards Support Utility (Version: 1.48.0.3C - TOSHIBA) Hidden
TOSHIBA Hardware Setup (HKLM\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.48.0.11C - TOSHIBA)
TOSHIBA Hardware Setup (Version: 1.48.0.11C - TOSHIBA) Hidden
Toshiba Online Product Information (HKLM\...\{2290A680-4083-410A-ADCC-7092C67FC052}) (Version: 1.00.0012 - TOSHIBA)
TOSHIBA SD Memory Utilities (HKLM\...\{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}) (Version: 1.8.1.1 - TOSHIBA)
TOSHIBA Software Modem (HKLM\...\TOSHIBA Software Modem) (Version: 2.1.77 (SM2177ALD04) - Agere Systems)
TOSHIBA Supervisor Password (HKLM\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.48.0.8C - TOSHIBA)
TOSHIBA Supervisor Password (Version: 1.48.0.8C - TOSHIBA) Hidden
TOSHIBA Value Added Package (HKLM\...\InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}) (Version: 1.0.28 - TOSHIBA Corporation)
TOSHIBA Value Added Package (Version: 1.0.28 - TOSHIBA Corporation) Hidden
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Utility Common Driver (Version: 0.0.1.1C - TOSHIBA) Hidden
Windows Media Encoder 9 Series (HKLM\...\Windows Media Encoder 9) (Version:  - )
Windows Media Encoder 9 Series (Version: 9.00.3374 - Microsoft Corporation) Hidden

==================== Restore Points  =========================

17-02-2014 21:50:18 Removed Adobe Reader 7.0.9
23-04-2014 17:15:10 Scheduled Checkpoint
02-05-2014 21:15:23 Scheduled Checkpoint
25-05-2014 05:41:46 Restore Operation
25-05-2014 05:45:57 avast! antivirus system restore point
25-05-2014 10:24:19 Windows Update

==================== Hosts content: ==========================

2006-11-02 11:23 - 2006-09-18 22:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {2450CAF7-9BDE-4287-99DF-43ED3EDA1FCE} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-11-24] (AVAST Software)
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-18] (Microsoft Corporation)
Task: {53BE789E-EEFA-41CD-99DD-8314B0533519} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-10-27] (Google Inc.)
Task: {7FB67404-957B-4A19-8F93-D8BC0FE41E95} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\VistaSP1CEIP => C:\Windows\servicing\vsp1ceip.exe [2008-01-18] (Microsoft Corporation)
Task: {8776DE37-7ABC-4D09-910C-941C142740DC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-10-27] (Google Inc.)
Task: {883F42FF-F9CF-4096-BC09-71A8F5D4F747} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {B8B14D68-EB69-4E7B-BBF0-13CC2B9F92F2} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-03-18] (Piriform Ltd)
Task: {D8DD55A7-F094-47FA-B1FB-DC60CC99ED35} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2013-09-20] ()
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-05-25 17:29 - 2014-05-25 13:31 - 02255872 _____ () C:\Program Files\AVAST Software\Avast\defs\14052500\algo.dll
2007-10-10 15:12 - 2007-09-13 08:11 - 00249856 _____ () C:\Windows\system32\igfxTMM.dll
2007-01-18 09:30 - 2007-01-18 09:30 - 00094208 _____ () C:\Program Files\IDM\Desktop SMS\oehook.dll
2006-11-06 17:14 - 2006-11-06 17:14 - 00034352 _____ () C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
2006-11-09 18:27 - 2006-11-09 18:27 - 00090112 _____ () C:\Program Files\TOSHIBA\FlashCards\TWarnMsg\TWarnMsg.dll
2007-07-10 17:12 - 2006-10-10 11:44 - 00009728 _____ () C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll
2006-11-08 19:08 - 2006-11-08 19:08 - 00009216 _____ () C:\Program Files\Toshiba\PCDiag\NotifyPCD.dll
2006-10-07 12:57 - 2006-10-07 12:57 - 00053248 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
2006-12-01 18:55 - 2006-12-01 18:55 - 00009216 _____ () C:\Program Files\Toshiba\TBS\NotifyTBS.dll
2013-11-24 14:52 - 2013-11-24 14:52 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

==================== EXE Association (whitelisted) =============

==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk => C:\Windows\pss\Microsoft Office.lnk.CommonStartup
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (05/25/2014 06:45:55 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {97624cb3-b506-40f1-ae95-35b2c3004e91}

Error: (05/24/2014 10:14:31 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 9.0.8112.16520 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 1164
Start Time: 01cf779209e18797
Termination Time: 62

Error: (05/21/2014 10:40:59 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 9.0.8112.16520 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 135c
Start Time: 01cf753abeda1b6b
Termination Time: 16

Error: (05/18/2014 06:29:19 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 9.0.8112.16520 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 155c
Start Time: 01cf72be1cce8150
Termination Time: 39

Error: (04/24/2014 07:49:06 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 9.0.8112.16520 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 118c
Start Time: 01cf5fedbb4f4c30
Termination Time: 62

Error: (04/21/2014 08:31:24 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 9.0.8112.16520 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: bf4
Start Time: 01cf5d974d0f9004
Termination Time: 593

Error: (03/05/2014 00:57:57 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 9.0.8112.16520 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: a0c
Start Time: 01cf3869fe806af6
Termination Time: 15

Error: (02/17/2014 10:50:48 PM) (Source: MsiInstaller) (EventID: 1013) (User: LindaAustin-PC)
Description: Product: Adobe Reader 7.0.9 -- A process is running that cannot be safely shut down by Adobe Reader. Please restart your computer and try again.

Error: (02/17/2014 10:27:25 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 9.0.8112.16520 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: e5c
Start Time: 01cf2c266de2dfdb
Termination Time: 95

Error: (02/15/2014 02:35:46 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 9.0.8112.16520 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: ff4
Start Time: 01cf2a51b5f78990
Termination Time: 25

System errors:
=============
Error: (05/25/2014 05:29:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Error: (05/25/2014 05:26:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Error: (05/25/2014 05:22:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Error: (05/25/2014 11:38:32 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Error: (05/25/2014 11:35:09 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {C2BFE331-6739-4270-86C9-493D9A04CD38}

Error: (05/25/2014 10:59:44 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Error: (05/25/2014 10:51:56 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Error: (05/25/2014 06:49:45 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Windows Font Cache Service%%1053

Error: (05/25/2014 06:49:45 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Windows Font Cache Service

Error: (05/25/2014 06:47:00 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Microsoft Office Sessions:
=========================
Error: (05/25/2014 06:45:55 AM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {97624cb3-b506-40f1-ae95-35b2c3004e91}

Error: (05/24/2014 10:14:31 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe9.0.8112.16520116401cf779209e1879762

Error: (05/21/2014 10:40:59 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe9.0.8112.16520135c01cf753abeda1b6b16

Error: (05/18/2014 06:29:19 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe9.0.8112.16520155c01cf72be1cce815039

Error: (04/24/2014 07:49:06 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe9.0.8112.16520118c01cf5fedbb4f4c3062

Error: (04/21/2014 08:31:24 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe9.0.8112.16520bf401cf5d974d0f9004593

Error: (03/05/2014 00:57:57 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe9.0.8112.16520a0c01cf3869fe806af615

Error: (02/17/2014 10:50:48 PM) (Source: MsiInstaller) (EventID: 1013) (User: LindaAustin-PC)
Description: Product: Adobe Reader 7.0.9 -- A process is running that cannot be safely shut down by Adobe Reader. Please restart your computer and try again.(NULL)(NULL)(NULL)(NULL)

Error: (02/17/2014 10:27:25 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe9.0.8112.16520e5c01cf2c266de2dfdb95

Error: (02/15/2014 02:35:46 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe9.0.8112.16520ff401cf2a51b5f7899025

CodeIntegrity Errors:
===================================
  Date: 2014-05-25 07:43:44.955
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-25 07:43:44.518
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-25 07:43:44.128
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-25 07:43:43.691
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-25 07:43:43.301
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-25 07:43:42.911
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-25 07:43:42.365
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_b34d67897fc6850f\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-25 07:43:41.960
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_b34d67897fc6850f\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-25 07:43:41.523
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_b34d67897fc6850f\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-25 07:43:41.133
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_b34d67897fc6850f\tcpip.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Percentage of memory in use: 58%
Total physical RAM: 2037.69 MB
Available physical RAM: 845.14 MB
Total Pagefile: 4314.63 MB
Available Pagefile: 2882.01 MB
Total Virtual: 2047.88 MB
Available Virtual: 1902.58 MB

==================== Drives ================================

Drive c: (Vista) (Fixed) (Total:55.66 GB) (Free:23.95 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (Data) (Fixed) (Total:54.66 GB) (Free:54.5 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 112 GB) (Disk ID: 959F01D2)
Partition 1: (Not Active) - (Size=1 GB) - (Type=27)
Partition 2: (Active) - (Size=56 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=55 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

 

Link to post
Share on other sites

Hello and post-32477-1261866970.gif

 

P2P/Piracy Warning:

 

   

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

There still appears to be a hijacker running in Google Chrome, run the following:

 

Download AdwCleaner by Xplode onto your Desktop.


Double click on Adwcleaner.exe to run the tool.
Click on Scan
Once the scan is done, click on the Clean button.
You will get a prompt asking to close all programs. Click OK.
Click OK again to reboot your computer.
A text file will open after the restart. Please post the content of that logfile in your reply.
You can also find the logfile at C:\AdwCleaner[sn].txt.

 

Next,

 

thisisujrt.gif Please download Junkware Removal Tool to your desktop.


Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

 

Next,

 

Malwarebytes ver: 1.75 "Quick scan"

 

Run Malwarebytes,  Open: Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

 

Please Update and run a Quick scan

 

Make sure that everything is checked, and click Remove Selected on any found items.

 

Post the produced log...

 

Let me see those logs, also let me know if any remaining issues or concerns....

 

Thank you,

 

Kevin

Link to post
Share on other sites

Hi Kevin

 

Thanks for the reply.  Although competent MSOffice user I am a novice on how computers work  :) , when you say under the junkware removal tool section - Shut down your protection software now to avoid potential conflicts.  How do I do this?  Or is this just a response I have to give to a box that comes up?  As well as what protection windows has on my computer I also have Avast and malwarebytes.

 

Thanks

Link to post
Share on other sites

Hi Kevin

 

I think I have carried out your instructions ok and please see the logs below:-

 

# AdwCleaner v3.210 - Report created 25/05/2014 at 21:34:46
# Updated 19/05/2014 by Xplode
# Operating System : Windows Vista Home Premium Service Pack 2 (32 bits)
# Username : Linda Austin - LINDAAUSTIN-PC
# Running from : C:\Users\Linda Austin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UNHE9ZD0\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Linda Austin\AppData\Roaming\UpdaterEX

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKCU\Software\Conduit

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16545

-\\ Google Chrome v

[ File : C:\Users\Linda Austin\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [search Provider] : hxxp://uk.ask.com/web?q={searchTerms}
Deleted [search Provider] : hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldstr0103&cd=2XzuyEtN2Y1L1QzutDtDtC0Bzy0EyDyB0B0CzztB0AtAyDyCtN0D0Tzu0SyByDzztN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=1523163677&ir=
Deleted [Homepage] : hxxp://start.mysearchdial.com/?f=1&a=dnldstr0103&cd=2XzuyEtN2Y1L1QzutDtDtC0Bzy0EyDyB0B0CzztB0AtAyDyCtN0D0Tzu0SyByDzztN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=1523163677&ir=
Deleted [Extension] : pflphaooapbgpeakohlggbpidpppgdff

*************************

AdwCleaner[R0].txt - [1643 octets] - [25/05/2014 21:33:35]
AdwCleaner[s0].txt - [1580 octets] - [25/05/2014 21:34:46]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1640 octets] ##########

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows Vista Home Premium x86
Ran by Linda Austin on 25/05/2014 at 22:31:59.17
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

 

~~~ Files

 

~~~ Folders

 

~~~ Event Viewer Logs were cleared

 

 

 

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.05.25.01

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Linda Austin :: LINDAAUSTIN-PC [administrator]

25/05/2014 22:37:45
mbam-log-2014-05-25 (22-37-45).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 221986
Time elapsed: 6 minute(s), 28 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 25/05/2014 at 22:36:01.86
End of JRT log

 

 

Thank you for all your assistance.

Link to post
Share on other sites

Run the following to see if any remaining issues...

 

Download OTLI.gifOTL from any of the following links and save to your Desktop:

 

http://oldtimer.geekstogo.com/OTL.exe

http://itxassociates.com/OT-Tools/OTL.com

http://www.itxassociates.com/OT-Tools/OTL.scr

 

 

  •  

       

  • Double click on the icon otlDesktopIcon.png to run it, Vista  or Windows 7 users right click and select Run as Administartor. Make sure all other windows are closed and to let it run uninterrupted.

     

       

  • When the window appears, underneath Output at the top, make sure Standard output is selected.

     

       

  • Select Scan all users <<--Very important

     

       

  • Under the Extra Registry section, check Use SafeList

     

       

  • In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".

     

       

  • Click the runscanbutton.png button. Do not change any settings unless otherwise told to do so. The scan wont take long.

     

       

  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

     

       

  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them in your reply

     

     

Link to post
Share on other sites

Hi Kevin

 

Here are the Log files from the OTL scan.

 

 

OTL logfile created on: 26/05/2014 10:16:45 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Linda Austin\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
1.99 Gb Total Physical Memory | 0.95 Gb Available Physical Memory | 47.77% Memory free
4.22 Gb Paging File | 2.99 Gb Available in Paging File | 71.05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 55.66 Gb Total Space | 23.76 Gb Free Space | 42.69% Space Free | Partition Type: NTFS
Drive E: | 54.66 Gb Total Space | 54.50 Gb Free Space | 99.71% Space Free | Partition Type: NTFS
 
Computer Name: LINDAAUSTIN-PC | User Name: Linda Austin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/05/26 10:13:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Linda Austin\Downloads\OTL.exe
PRC - [2013/11/24 14:52:24 | 003,568,312 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/11/24 14:52:23 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/10/28 22:35:21 | 000,829,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_9_900_117_ActiveX.exe
PRC - [2012/07/27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2009/04/10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/18 23:38:40 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008/01/18 23:33:38 | 000,397,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Mail\WinMail.exe
PRC - [2007/09/19 11:01:12 | 000,077,824 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2007/09/03 11:39:22 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/07/27 07:36:38 | 000,200,704 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynToshiba.exe
PRC - [2007/07/20 20:45:16 | 001,372,160 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2007/06/19 15:28:32 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2007/06/18 10:51:10 | 001,507,328 | ---- | M] (Interactive Digital Media) -- C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe
PRC - [2007/05/22 16:32:52 | 000,538,744 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
PRC - [2007/04/03 16:52:22 | 000,509,496 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
PRC - [2007/03/29 10:39:00 | 000,427,576 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
PRC - [2007/03/29 10:39:00 | 000,411,192 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
PRC - [2007/02/19 15:00:26 | 000,571,024 | ---- | M] (Toshiba) -- C:\Program Files\TOSHIBA\Registration\ToshibaRegistration.exe
PRC - [2007/02/12 13:38:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/02/12 13:37:58 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2006/11/14 20:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2006/11/13 09:06:54 | 000,413,696 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
PRC - [2006/11/06 17:14:44 | 000,034,352 | ---- | M] () -- C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
PRC - [2006/10/05 05:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2006/08/23 16:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2006/05/25 19:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/05/25 11:48:20 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\c5213af29d521ee19cc55983f8c2037c\System.Management.ni.dll
MOD - [2014/05/25 11:45:28 | 000,519,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\TCrdMain\0a9a2c8cbcefd7f4101be77fe3f206a2\TCrdMain.ni.exe
MOD - [2014/05/25 11:45:21 | 000,978,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\d17ceca243fabda73eefb21d9bd072df\System.Configuration.ni.dll
MOD - [2014/05/25 11:41:00 | 005,462,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f87e71868aedbc6c4e8fe7160d17c4ab\System.Xml.ni.dll
MOD - [2014/05/25 11:40:38 | 012,434,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d2b605fc7deda872727d1ed37710420e\System.Windows.Forms.ni.dll
MOD - [2014/05/25 11:40:25 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8e6265a54260bddfc05951e764f5bc48\System.Drawing.ni.dll
MOD - [2014/05/25 11:39:52 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\71e362b114f878201540696b6d66bf45\PresentationFramework.Aero.ni.dll
MOD - [2014/05/25 11:39:50 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\b46f1c203d1e4bec4597adf684ec1d41\PresentationFramework.ni.dll
MOD - [2014/05/25 11:39:26 | 012,218,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\07d57714fff9db216537473f4a777f22\PresentationCore.ni.dll
MOD - [2014/05/25 11:39:08 | 003,325,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d981bccab40fbbdc1d35bf2a58c947b7\WindowsBase.ni.dll
MOD - [2014/05/25 11:39:01 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\957628d9dd7b3bf370a56dca7835a997\System.ni.dll
MOD - [2014/05/25 11:38:51 | 011,497,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\694a37a84dee2cd2609a1dfab27c0433\mscorlib.ni.dll
MOD - [2013/11/24 14:52:28 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2007/09/13 08:11:18 | 000,249,856 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll
MOD - [2007/01/18 09:30:00 | 000,094,208 | ---- | M] () -- C:\Program Files\IDM\Desktop SMS\oehook.dll
MOD - [2006/12/01 18:55:42 | 000,009,216 | ---- | M] () -- C:\Program Files\TOSHIBA\TBS\NotifyTBS.dll
MOD - [2006/11/09 18:27:00 | 000,090,112 | ---- | M] () -- C:\Program Files\TOSHIBA\FlashCards\TWarnMsg\TWarnMsg.dll
MOD - [2006/11/08 19:08:30 | 000,009,216 | ---- | M] () -- C:\Program Files\TOSHIBA\PCDiag\NotifyPCD.dll
MOD - [2006/11/06 17:14:44 | 000,034,352 | ---- | M] () -- C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
MOD - [2006/10/10 11:44:16 | 000,009,728 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll
MOD - [2006/10/07 12:57:04 | 000,053,248 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013/11/24 14:52:23 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/07/27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2008/01/18 23:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/09/19 11:01:12 | 000,077,824 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2007/03/29 10:39:00 | 000,427,576 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2007/02/12 13:38:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2006/11/14 20:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2006/10/05 05:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/08/23 16:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2006/05/25 19:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\TpChoice.sys -- (TpChoice)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (Tosrfcom)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2013/11/24 14:52:32 | 000,774,392 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013/11/24 14:52:32 | 000,403,440 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2013/11/24 14:52:32 | 000,178,304 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013/11/24 14:52:32 | 000,057,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013/11/24 14:52:32 | 000,049,944 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013/11/24 14:52:31 | 000,070,384 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013/11/24 14:52:31 | 000,054,832 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2013/11/24 14:52:31 | 000,035,656 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2007/07/26 16:18:04 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
DRV - [2007/06/18 18:03:32 | 000,737,280 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007/04/30 06:42:14 | 000,081,408 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007/03/06 15:01:04 | 000,014,848 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\CplIR.sys -- (CplIR)
DRV - [2007/01/24 13:44:06 | 000,290,304 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21)
DRV - [2007/01/18 15:47:18 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\KR10N.sys -- (KR10N)
DRV - [2007/01/18 15:40:56 | 000,219,392 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\KR10I.sys -- (KR10I)
DRV - [2006/11/28 08:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/10/23 16:32:20 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2006/10/18 12:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2006/10/05 22:22:14 | 000,016,768 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2006/07/28 16:25:26 | 000,019,456 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\LPCFilter.sys -- (LPCFilter)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co.uk
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{9778DFF1-C6C9-4E56-B409-2805DDCD21A1}: "URL" = http://www.google.co.uk/search?q={searchTerms}&rls=com.microsoft:*:IE-SearchBox&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7;
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-3024585940-1028860982-1363955008-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.uk/
IE - HKU\S-1-5-21-3024585940-1028860982-1363955008-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3024585940-1028860982-1363955008-1000\..\SearchScopes,DefaultScope = {9778DFF1-C6C9-4E56-B409-2805DDCD21A1}
IE - HKU\S-1-5-21-3024585940-1028860982-1363955008-1000\..\SearchScopes\{9778DFF1-C6C9-4E56-B409-2805DDCD21A1}: "URL" = http://www.google.co.uk/search?q={searchTerms}&rls=com.microsoft:*:IE-SearchBox&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7;&rlz=
IE - HKU\S-1-5-21-3024585940-1028860982-1363955008-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Mysearchdial ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.google.com/
CHR - Extension: Google Docs = C:\Users\Linda Austin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Linda Austin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Linda Austin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Linda Austin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Wallet = C:\Users\Linda Austin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: Gmail = C:\Users\Linda Austin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Desktop SMS] C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe (Interactive Digital Media)
O4 - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [HWSetup] \HWSetup.exe hwSetUP File not found
O4 - HKLM..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe ()
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [smoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [sVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKLM..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA)
O4 - HKLM..\Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaRegistration.exe (Toshiba)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3024585940-1028860982-1363955008-1000..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O9 - Extra Button: eBay.co.uk - Buy It Sell It Love It - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/710-44557-9400-3/4 File not found
O9 - Extra Button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/redirect-home?tag=Toshibaukbholink-21&site=home File not found
O9 - Extra Button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?EN File not found
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{199E9D58-2D83-46F4-8D98-5F2852DCF474}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img27.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img27.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/05/25 22:11:15 | 000,172,032 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxres.dll
[2014/05/25 22:02:23 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/05/25 21:34:00 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\System32\sqlite3.dll
[2014/05/25 21:33:32 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/05/25 18:04:19 | 000,000,000 | ---D | C] -- C:\FRST
[2014/05/25 11:26:21 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2014/05/25 11:26:20 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2014/05/25 11:26:20 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2014/05/25 11:26:19 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2014/05/25 11:26:17 | 001,806,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2014/05/25 11:26:17 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2014/05/25 11:26:15 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2014/05/25 11:25:18 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2014/05/25 11:24:04 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe
[2014/05/25 11:24:03 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshcon.dll
[2014/05/25 11:23:49 | 000,505,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll
[2014/05/25 11:23:49 | 000,335,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SysFxUI.dll
[2014/05/25 11:23:49 | 000,167,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\portcls.sys
[2014/05/25 11:23:49 | 000,130,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\drmk.sys
[2014/05/25 11:23:48 | 002,050,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2014/05/25 11:23:41 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2014/05/25 11:23:32 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wer.dll
[2014/05/25 11:05:49 | 000,000,000 | ---D | C] -- C:\Program Files\sweetpacks bundle uninstaller_CCleaner_1552246
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/05/26 10:14:05 | 000,000,535 | ---- | M] () -- C:\Users\Linda Austin\Desktop\OTL - Shortcut.lnk
[2014/05/26 10:06:33 | 000,600,378 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/05/26 10:06:33 | 000,105,852 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/05/26 10:00:40 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/05/26 09:59:08 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/05/26 09:59:01 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/05/26 09:59:01 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/05/26 09:58:47 | 2137,448,448 | -HS- | M] () -- C:\hiberfil.sys
[2014/05/25 11:37:48 | 000,372,920 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014/05/25 06:50:19 | 000,001,878 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2014/05/06 00:14:12 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/05/26 10:14:05 | 000,000,535 | ---- | C] () -- C:\Users\Linda Austin\Desktop\OTL - Shortcut.lnk
[2013/11/27 22:37:06 | 000,003,584 | ---- | C] () -- C:\Users\Linda Austin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/09/23 22:15:38 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2013/09/21 08:39:05 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2013/09/21 08:37:23 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2013/09/21 08:37:22 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2013/09/20 21:15:00 | 000,178,304 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/09/20 21:15:00 | 000,049,944 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
 
========== ZeroAccess Check ==========
 
[2006/11/02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/25 14:26:04 | 011,587,584 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/10 23:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/10 23:28:26 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013/10/27 21:26:10 | 000,000,000 | ---D | M] -- C:\Users\Linda Austin\AppData\Roaming\AVAST Software
 
========== Purity Check ==========
 
 

< End of report >

 

 

 

 

Next File

 

 

 

OTL Extras logfile created on: 26/05/2014 10:16:45 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Linda Austin\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
1.99 Gb Total Physical Memory | 0.95 Gb Available Physical Memory | 47.77% Memory free
4.22 Gb Paging File | 2.99 Gb Available in Paging File | 71.05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 55.66 Gb Total Space | 23.76 Gb Free Space | 42.69% Space Free | Partition Type: NTFS
Drive E: | 54.66 Gb Total Space | 54.50 Gb Free Space | 99.71% Space Free | Partition Type: NTFS
 
Computer Name: LINDAAUSTIN-PC | User Name: Linda Austin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
"{00040409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Disc 2
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{5980B928-1C95-4B3E-957B-B02D8147FF9E}" = Desktop SMS
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Matrix Storage Manager
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A6D4234C-CB02-4048-AC3E-AD09404FA35A}" = Emdedded IR Driver
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{DB780B85-B4B5-4864-A49C-9B706B169C93}" = TIPCI
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"avast" = avast! Free Antivirus
"CCleaner" = CCleaner
"HDMI" = Intel® Graphics Media Accelerator Driver
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{A6D4234C-CB02-4048-AC3E-AD09404FA35A}" = Emdedded IR Driver
"InstallShield_{DB780B85-B4B5-4864-A49C-9B706B169C93}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"myphotobook" = myphotobook 3.1
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
 
========== Last 20 Event Log Errors ==========
 
[ System Events ]
Error - 26/05/2014 05:00:29 | Computer Name = LindaAustin-PC | Source = Service Control Manager | ID = 7000
Description =
 
 
< End of report >
 

 

 

Kind regards

Linda

Link to post
Share on other sites

Thanks for the logs, we continue:

 

Re-Run otlDesktopIcon.png  by double left click, Vista and Widows 7 users accept UAC alert. if applicable.

  • Under the customFix.png box at the bottom, paste in the following, start with and include the colon plus OTL . :OTL

    :OTLCHR - default_search_provider: Mysearchdial ()CHR - default_search_provider: search_url =CHR - default_search_provider: suggest_url =CHR - Extension: Google Wallet = C:\Users\Linda Austin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\O9 - Extra Button: eBay.co.uk - Buy It Sell It Love It - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.co...-44557-9400-3/4 File not foundO9 - Extra Button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co...nk-21&site=home File not foundO9 - Extra Button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch...acker_url.pl?EN File not found[2014/05/25 11:05:49 | 000,000,000 | ---D | C] -- C:\Program Files\sweetpacks bundle uninstaller_CCleaner_1552246[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]:Filesipconfig /flushdns /c:Commands[emptytemp][CREATERESTOREPOINT]
  • Then click runFixbutton.png button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply.



Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start > All Programs > Accessories > Notepad), click File > Open, in the File Name box enter  *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
 

Finally,

 

We need to run an online AV scan to ensure there are no remnants of any infection left on your system that may have been missed. This scan is very thorough and well worth running, it can take several hours please be patient and let it complete:

 

Run Eset Online Scanner

 

**Note** You will need to use Internet explorer for this scan - Vista and Windows 7/8 right click on IE shortcut and run as admin

 

Go to Eset web page http://www.eset.com/us/online-scanner/ to run an online scan from ESET.

 


Turn off the real time scanner of any existing antivirus program while performing the online scan
click on the Run ESET Online Scanner button
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the add/on to be installed
Click Start
Make sure that the option "Remove found threats"  is ticked
Click on Advanced Settings, ensure the options
Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
Click Scan
wait for the virus definitions to be downloaded
Wait for the scan to finish

 

When the scan is complete

 


If no threats were found
put a checkmark in "Uninstall application on close"
close program
report to me that nothing was found

 

If threats were found

 


click on "list of threats found"
click on "export to text file" and save it as ESET SCAN and save to the desktop
Click on back
put a checkmark in "Uninstall application on close"
click on finish

 

close program

 

Copy and paste the report in next reply.

 

Let me see those two logs, also give an update on any remaining issues or concerns....

 

Thank you,

 

Kevin

Link to post
Share on other sites

Hi Kevin

 

Here are the latest files

 

 

All processes killed
========== OTL ==========
Use Chrome's Settings page to remove the default_search_provider items.
Use Chrome's Settings page to remove the default_search_provider items.
Use Chrome's Settings page to remove the default_search_provider items.
C:\Users\Linda Austin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\_locales\zh_TW folder moved successfully.
C:\Users\Linda Austin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\_locales\zh_CN folder moved successfully.
C:\Users\Linda Austin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\_locales\vi folder moved successfully.
C:\Users\Linda Austin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\_locales\uk folder moved successfully.
C:\Users\Linda Austin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\_locales\tr folder moved successfully.
C:\Users\Linda Austin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\_locales\th folder moved successfully.
C:\Users\Linda Austin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\_locales\sv folder moved successfully.
C:\Users\Linda Austin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\_locales\sr folder moved successfully.
C:\Users\Linda Austin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\_locales\sl folder moved successfully.
C:\Users\Linda Austin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\_locales\sk folder moved successfully.
C:\Users\Linda Austin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\_locales\ru folder moved successfully.
C:\Users\Linda Austin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\_locales\ro folder moved successfully.
C:\Users\Linda Austin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\_locales\pt_PT folder moved successfully.
C:\Users\Linda Austin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\_locales\pt_BR folder moved successfully.
C:\Users\Linda Austin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\_locales\pl folder moved successfully.
C:\Users\Linda Austin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\_locales\nl folder moved successfully.
C:\Users\Linda Austin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\_locales\nb folder moved successfully.
C:\Users\Linda Austin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\_locales\lv folder moved successfully.
C:\Users\Linda Austin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\_locales\lt folder moved successfully.
C:\Users\Linda Austin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\_locales\ko folder moved successfully.
C:\Users\Linda Austin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\_locales\ja folder moved successfully.
C:\Users\Linda Austin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\_locales\it folder moved successfully.
C:\Users\Linda Austin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\_locales\id folder moved successfully.
C:\Users\Linda Austin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\_locales\hu folder moved successfully.
C:\Users\Linda Austin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\_locales\hr folder moved successfully.
C:\Users\Linda Austin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\_locales\hi folder moved successfully.
C:\Users\Linda Austin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\_locales\fr folder moved successfully.
C:\Users\Linda Austin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\_locales\fil folder moved successfully.
C:\Users\Linda Austin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\_locales\fi folder moved successfully.
C:\Users\Linda Austin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\_locales\et folder moved successfully.
C:\Users\Linda Austin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\_locales\es_419 folder moved successfully.
C:\Users\Linda Austin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\_locales\es folder moved successfully.
C:\Users\Linda Austin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\_locales\en_GB folder moved successfully.
C:\Users\Linda Austin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\_locales\en folder moved successfully.
C:\Users\Linda Austin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\_locales\el folder moved successfully.
C:\Users\Linda Austin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\_locales\de folder moved successfully.
C:\Users\Linda Austin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\_locales\da folder moved successfully.
C:\Users\Linda Austin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\_locales\cs folder moved successfully.
C:\Users\Linda Austin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\_locales\ca folder moved successfully.
C:\Users\Linda Austin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\_locales\bg folder moved successfully.
C:\Users\Linda Austin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\_locales folder moved successfully.
C:\Users\Linda Austin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\images folder moved successfully.
C:\Users\Linda Austin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\html folder moved successfully.
C:\Users\Linda Austin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\css folder moved successfully.
C:\Users\Linda Austin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0 folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{76577871-04EC-495E-A12B-91F7C3600AFA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{76577871-04EC-495E-A12B-91F7C3600AFA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{8A918C1D-E123-4E36-B562-5C1519E434CE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A918C1D-E123-4E36-B562-5C1519E434CE}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C08CAF1D-C0A3-40D5-9970-06D067EAC017}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C08CAF1D-C0A3-40D5-9970-06D067EAC017}\ not found.
C:\Program Files\sweetpacks bundle uninstaller_CCleaner_1552246 folder moved successfully.
C:\Windows\msdownld.tmp folder deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Linda Austin\Downloads\cmd.bat deleted successfully.
C:\Users\Linda Austin\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Linda Austin
->Temp folder emptied: 6891831 bytes
->Temporary Internet Files folder emptied: 32387869 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 602 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 8628 bytes
RecycleBin emptied: 641 bytes
 
Total Files Cleaned = 37.00 mb
 
Restore point Set: OTL Restore Point
 
OTL by OldTimer - Version 3.2.69.0 log created on 05262014_131827

Files\Folders moved on Reboot...
File\Folder C:\Users\Linda Austin\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\ZXOVKGOL\lse;loc=ibzbfczbgjzc;uuid=6f93a7c4-6c9f-11e2-953f-00144feab49a;ts=20140312144231;cc=n;kw=gwp_lse;pt=ind;pos=hlfmpu;bht=false;rfrsh=false;tile=6;ord=9122634027956774[1].js not found!
File\Folder C:\Users\Linda Austin\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\ZXOVKGOL\p_lse;loc=ibzbfczbgjzc;uuid=6f93a7c4-6c9f-11e2-953f-00144feab49a;ts=20140312144230;cc=n;kw=gwp_lse;pt=ind;pos=banlb;bht=false;rfrsh=false;tile=3;ord=9122634027956774[1].js not found!
File\Folder C:\Users\Linda Austin\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\ZXOVKGOL\sz=336x60;kw=gwp_lse;uuid=6f93a7c4-6c9f-11e2-953f-00144feab49a;ts=20140312143234;cc=n;kw=gwp_lse;pt=ind;pos=tlbxrib;bht=false;rfrsh=false;tile=5;ord=6178887128406116[1].js not found!
File\Folder C:\Users\Linda Austin\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\ZXOVKGOL\z=239x90;kw=gwp_lse;uuid=6f93a7c4-6c9f-11e2-953f-00144feab49a;ts=20140312143234;cc=n;kw=gwp_lse;pt=ind;pos=newssubs;bht=false;rfrsh=false;tile=4;ord=6178887128406116[1].js not found!
File\Folder C:\Users\Linda Austin\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\YQKACWB4\0,300x1050;kw=gwp_lse;uuid=6f93a7c4-6c9f-11e2-953f-00144feab49a;ts=20140222213037;cc=n;kw=gwp_lse;pt=ind;pos=hlfmpu;bht=false;rfrsh=false;tile=6;ord=3603842935616481[1].js not found!
File\Folder C:\Users\Linda Austin\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\YQKACWB4\1d098228a;s=i0;s=i1;s=i3;s=i4;s=i5;s=i6;s=i7;s=i8;s=i9;s=m1;s=m4;s=u24;s=u5;s=u9;s=u16;z=1618;s=1972;s=1139;s=36;s=1140;s=1382;s=1383;s=1803;dc_ref=http___www.amazon[1].js not found!
File\Folder C:\Users\Linda Austin\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\YQKACWB4\2e;s=i0;s=i1;s=i3;s=i4;s=i5;s=i6;s=i7;s=i8;s=i9;s=m1;s=m4;s=u24;s=u5;s=u9;s=u16;z=1155;z=1139;s=1972;s=1139;s=36;s=1140;s=1382;s=1383;s=1803;dc_ref=http___www.amazon[1].js not found!
File\Folder C:\Users\Linda Austin\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\YQKACWB4\3b62;s=i0;s=i1;s=i3;s=i4;s=i5;s=i6;s=i7;s=i8;s=i9;s=m1;s=m4;s=u24;s=u5;s=u9;s=u16;z=826;z=810;s=1972;s=1139;s=36;s=1140;s=1382;s=1383;s=1803;dc_ref=http___www.amazon[1].js not found!
File\Folder C:\Users\Linda Austin\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\YQKACWB4\41c0e0619;s=i0;s=i1;s=i3;s=i4;s=i5;s=i6;s=i7;s=i8;s=i9;s=m1;s=m4;s=u24;s=u5;s=u9;s=u16;z=1618;s=1972;s=1139;s=36;s=1140;s=1382;s=1383;s=1803;dc_ref=http___www.amazon[1].js not found!
File\Folder C:\Users\Linda Austin\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\YQKACWB4\484e9163f;s=i0;s=i1;s=i3;s=i4;s=i5;s=i6;s=i7;s=i8;s=i9;s=m1;s=m4;s=u24;s=u5;s=u9;s=u16;z=1618;s=1972;s=1139;s=36;s=1140;s=1382;s=1383;s=1803;dc_ref=http___www.amazon[1].js not found!
File\Folder C:\Users\Linda Austin\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\YQKACWB4\66e38eeda;s=i0;s=i1;s=i3;s=i4;s=i5;s=i6;s=i7;s=i8;s=i9;s=m1;s=m4;s=u24;s=u5;s=u9;s=u16;z=1139;s=1972;s=1139;s=36;s=1140;s=1382;s=1383;s=1803;dc_ref=http___www.amazon[1].js not found!
File\Folder C:\Users\Linda Austin\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\YQKACWB4\6c8056370;s=i0;s=i1;s=i3;s=i4;s=i5;s=i6;s=i7;s=i8;s=i9;s=m1;s=m4;s=u24;s=u5;s=u9;s=u16;z=1139;s=1972;s=1139;s=36;s=1140;s=1382;s=1383;s=1803;dc_ref=http___www.amazon[1].js not found!
File\Folder C:\Users\Linda Austin\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\YQKACWB4\72273d331;s=i0;s=i1;s=i3;s=i4;s=i5;s=i6;s=i7;s=i8;s=i9;s=m1;s=m4;s=u24;s=u5;s=u9;s=u16;z=1139;s=1972;s=1139;s=36;s=1140;s=1382;s=1383;s=1803;dc_ref=http___www.amazon[10].js not found!
File\Folder C:\Users\Linda Austin\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\YQKACWB4\72273d331;s=i0;s=i1;s=i3;s=i4;s=i5;s=i6;s=i7;s=i8;s=i9;s=m1;s=m4;s=u24;s=u5;s=u9;s=u16;z=1139;s=1972;s=1139;s=36;s=1140;s=1382;s=1383;s=1803;dc_ref=http___www.amazon[1].js not found!
File\Folder C:\Users\Linda Austin\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\YQKACWB4\72273d331;s=i0;s=i1;s=i3;s=i4;s=i5;s=i6;s=i7;s=i8;s=i9;s=m1;s=m4;s=u24;s=u5;s=u9;s=u16;z=1139;s=1972;s=1139;s=36;s=1140;s=1382;s=1383;s=1803;dc_ref=http___www.amazon[2].js not found!
File\Folder C:\Users\Linda Austin\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\YQKACWB4\72273d331;s=i0;s=i1;s=i3;s=i4;s=i5;s=i6;s=i7;s=i8;s=i9;s=m1;s=m4;s=u24;s=u5;s=u9;s=u16;z=1139;s=1972;s=1139;s=36;s=1140;s=1382;s=1383;s=1803;dc_ref=http___www.amazon[3].js not found!
File\Folder C:\Users\Linda Austin\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\YQKACWB4\72273d331;s=i0;s=i1;s=i3;s=i4;s=i5;s=i6;s=i7;s=i8;s=i9;s=m1;s=m4;s=u24;s=u5;s=u9;s=u16;z=1139;s=1972;s=1139;s=36;s=1140;s=1382;s=1383;s=1803;dc_ref=http___www.amazon[4].js not found!
File\Folder C:\Users\Linda Austin\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\YQKACWB4\72273d331;s=i0;s=i1;s=i3;s=i4;s=i5;s=i6;s=i7;s=i8;s=i9;s=m1;s=m4;s=u24;s=u5;s=u9;s=u16;z=1139;s=1972;s=1139;s=36;s=1140;s=1382;s=1383;s=1803;dc_ref=http___www.amazon[5].js not found!
File\Folder C:\Users\Linda Austin\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\YQKACWB4\72273d331;s=i0;s=i1;s=i3;s=i4;s=i5;s=i6;s=i7;s=i8;s=i9;s=m1;s=m4;s=u24;s=u5;s=u9;s=u16;z=1139;s=1972;s=1139;s=36;s=1140;s=1382;s=1383;s=1803;dc_ref=http___www.amazon[6].js not found!
File\Folder C:\Users\Linda Austin\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\YQKACWB4\72273d331;s=i0;s=i1;s=i3;s=i4;s=i5;s=i6;s=i7;s=i8;s=i9;s=m1;s=m4;s=u24;s=u5;s=u9;s=u16;z=1139;s=1972;s=1139;s=36;s=1140;s=1382;s=1383;s=1803;dc_ref=http___www.amazon[7].js not found!
File\Folder C:\Users\Linda Austin\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\YQKACWB4\72273d331;s=i0;s=i1;s=i3;s=i4;s=i5;s=i6;s=i7;s=i8;s=i9;s=m1;s=m4;s=u24;s=u5;s=u9;s=u16;z=1139;s=1972;s=1139;s=36;s=1140;s=1382;s=1383;s=1803;dc_ref=http___www.amazon[8].js not found!
File\Folder C:\Users\Linda Austin\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\YQKACWB4\72273d331;s=i0;s=i1;s=i3;s=i4;s=i5;s=i6;s=i7;s=i8;s=i9;s=m1;s=m4;s=u24;s=u5;s=u9;s=u16;z=1139;s=1972;s=1139;s=36;s=1140;s=1382;s=1383;s=1803;dc_ref=http___www.amazon[9].js not found!
File\Folder C:\Users\Linda Austin\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\YQKACWB4\7d;s=i0;s=i1;s=i3;s=i4;s=i5;s=i6;s=i7;s=i8;s=i9;s=m1;s=m4;s=u24;s=u5;s=u9;s=u16;z=1155;z=1139;s=1972;s=1139;s=36;s=1140;s=1382;s=1383;s=1803;dc_ref=http___www.amazon[1].js not found!
File\Folder C:\Users\Linda Austin\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\YQKACWB4\865e;s=i0;s=i1;s=i3;s=i4;s=i5;s=i6;s=i7;s=i8;s=i9;s=m1;s=m4;s=u24;s=u5;s=u9;s=u16;z=826;z=810;s=1972;s=1139;s=36;s=1140;s=1382;s=1383;s=1803;dc_ref=http___www.amazon[1].js not found!
File\Folder C:\Users\Linda Austin\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\YQKACWB4\8971;s=i0;s=i1;s=i3;s=i4;s=i5;s=i6;s=i7;s=i8;s=i9;s=m1;s=m4;s=u24;s=u5;s=u9;s=u16;z=826;z=810;s=1972;s=1139;s=36;s=1140;s=1382;s=1383;s=1803;dc_ref=http___www.amazon[1].js not found!
File\Folder C:\Users\Linda Austin\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\YQKACWB4\8x90,970x90;kw=gwp_lse;uuid=6f93a7c4-6c9f-11e2-953f-00144feab49a;ts=20140222213036;cc=n;kw=gwp_lse;pt=ind;pos=banlb;bht=false;rfrsh=false;tile=3;ord=3603842935616481[1].js not found!
File\Folder C:\Users\Linda Austin\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\YQKACWB4\92;s=i0;s=i1;s=i3;s=i4;s=i5;s=i6;s=i7;s=i8;s=i9;s=m1;s=m4;s=u24;s=u5;s=u9;s=u16;z=1155;z=1139;s=1972;s=1139;s=36;s=1140;s=1382;s=1383;s=1803;dc_ref=http___www.amazon[1].js not found!
File\Folder C:\Users\Linda Austin\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\YQKACWB4\=i0;s=i1;s=i3;s=i4;s=i5;s=i6;s=i7;s=i8;s=i9;s=m1;s=m4;s=u24;s=u5;s=u9;s=u16;z=826;z=810;z=830;s=1972;s=1139;s=36;s=1140;s=1382;s=1383;s=1803;dc_ref=http___www.amazon[1].js not found!
File\Folder C:\Users\Linda Austin\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\YQKACWB4\=i0;s=i1;s=i3;s=i4;s=i5;s=i6;s=i7;s=i8;s=i9;s=m1;s=m4;s=u24;s=u5;s=u9;s=u16;z=830;z=826;z=810;s=1972;s=1139;s=36;s=1140;s=1382;s=1383;s=1803;dc_ref=http___www.amazon[1].js not found!
File\Folder C:\Users\Linda Austin\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\YQKACWB4\=s__Decorating-Cakes-Occasion-Triumphs-Australian_dp_174245285X_ref=sr_1_10_uedata_unsticky_275-2960057-3605328_Detail_ntpoffrw_staticb&id=0VVN50FZ6NMB0JA23HJK_1000[1].gif not found!
File\Folder C:\Users\Linda Austin\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\YQKACWB4\f328f101c9;s=i0;s=i1;s=i3;s=i4;s=i5;s=i6;s=i7;s=i8;s=i9;s=m1;s=m4;s=u24;s=u5;s=u9;s=u16;z=810;s=1972;s=1139;s=36;s=1140;s=1382;s=1383;s=1803;dc_ref=http___www.amazon[1].js not found!
File\Folder C:\Users\Linda Austin\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\YQKACWB4\f9de;s=i0;s=i1;s=i3;s=i4;s=i5;s=i6;s=i7;s=i8;s=i9;s=m1;s=m4;s=u24;s=u5;s=u9;s=u16;z=826;z=810;s=1972;s=1139;s=36;s=1140;s=1382;s=1383;s=1803;dc_ref=http___www.amazon[1].js not found!
File\Folder C:\Users\Linda Austin\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\YQKACWB4\i0;s=i1;s=i3;s=i4;s=i5;s=i6;s=i7;s=i8;s=i9;s=m1;s=m4;s=u24;s=u5;s=u9;s=u16;z=1752;z=826;z=810;s=1972;s=1139;s=36;s=1140;s=1382;s=1383;s=1803;dc_ref=http___www.amazon[1].js not found!
File\Folder C:\Users\Linda Austin\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\YQKACWB4\i0;s=i1;s=i3;s=i4;s=i5;s=i6;s=i7;s=i8;s=i9;s=m1;s=m4;s=u24;s=u5;s=u9;s=u16;z=1752;z=826;z=810;s=1972;s=1139;s=36;s=1140;s=1382;s=1383;s=1803;dc_ref=http___www.amazon[2].js not found!
File\Folder C:\Users\Linda Austin\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\YQKACWB4\p_1,1849493286@ref=pd_rhf_cr_s_cp_2,1446302377@ref=pd_rhf_cr_s_cp_3,1844488640@ref=pd_rhf_cr_s_cp_4,1844488322@ref=pd_rhf_cr_s_cp_5_action=view,p=1,isRHFLoaded=true[1].gif not found!
File\Folder C:\Users\Linda Austin\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\VCPSQY2W\0,300x1050;kw=gwp_lse;uuid=6f93a7c4-6c9f-11e2-953f-00144feab49a;ts=20140312143234;cc=n;kw=gwp_lse;pt=ind;pos=hlfmpu;bht=false;rfrsh=false;tile=6;ord=6178887128406116[1].js not found!
File\Folder C:\Users\Linda Austin\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\VCPSQY2W\=200x28;kw=gwp_lse;uuid=6f93a7c4-6c9f-11e2-953f-00144feab49a;ts=20140312143231;cc=n;kw=gwp_lse;pt=ind;pos=searchbox;bht=false;rfrsh=false;tile=2;ord=6178887128406116[1].js not found!
File\Folder C:\Users\Linda Austin\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\VCPSQY2W\lse;loc=ibzbfczbgjzc;uuid=6f93a7c4-6c9f-11e2-953f-00144feab49a;ts=20140312144231;cc=n;kw=gwp_lse;pt=ind;pos=tlbxrib;bht=false;rfrsh=false;tile=5;ord=9122634027956774[1].js not found!
File\Folder C:\Users\Linda Austin\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\VCPSQY2W\se;loc=ibzbfczbgjzc;uuid=6f93a7c4-6c9f-11e2-953f-00144feab49a;ts=20140312144231;cc=n;kw=gwp_lse;pt=ind;pos=newssubs;bht=false;rfrsh=false;tile=4;ord=9122634027956774[1].js not found!
File\Folder C:\Users\Linda Austin\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\UNPKHCQY\p_lse;loc=ibzbfczbgjzc;uuid=6f93a7c4-6c9f-11e2-953f-00144feab49a;ts=20140312144229;cc=n;kw=gwp_lse;pt=ind;pos=intro;bht=false;rfrsh=false;tile=1;ord=9122634027956774[1].js not found!
File\Folder C:\Users\Linda Austin\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\TB5HUUTI\lse;loc=ibzbfezizji;uuid=6f93a7c4-6c9f-11e2-953f-00144feab49a;ts=20131106202405;cc=n;kw=gwp_lse;pt=ind;pos=newssubs;bht=false;rfrsh=false;tile=4;ord=8857627451960357[1].js not found!
File\Folder C:\Users\Linda Austin\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\TB5HUUTI\_lse;loc=ibzbfezizji;uuid=6f93a7c4-6c9f-11e2-953f-00144feab49a;ts=20131106202407;cc=n;kw=gwp_lse;pt=ind;pos=refresh;bht=false;rfrsh=false;tile=7;ord=8857627451960357[1].js not found!
File\Folder C:\Users\Linda Austin\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\SSPZ162C\0e46;s=i0;s=i1;s=i3;s=i4;s=i5;s=i6;s=i7;s=i8;s=i9;s=m1;s=m4;s=u24;s=u5;s=u9;s=u16;z=826;z=810;s=1972;s=1139;s=36;s=1140;s=1382;s=1383;s=1803;dc_ref=http___www.amazon[1].js not found!
File\Folder C:\Users\Linda Austin\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\SSPZ162C\10e34e051;s=i0;s=i1;s=i3;s=i4;s=i5;s=i6;s=i7;s=i8;s=i9;s=m1;s=m4;s=u24;s=u5;s=u9;s=u16;z=1139;s=1972;s=1139;s=36;s=1140;s=1382;s=1383;s=1803;dc_ref=http___www.amazon[1].js not found!
File\Folder C:\Users\Linda Austin\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\SSPZ162C\2f;s=i0;s=i1;s=i3;s=i4;s=i5;s=i6;s=i7;s=i8;s=i9;s=m1;s=m4;s=u24;s=u5;s=u9;s=u16;z=1155;z=1139;s=1972;s=1139;s=36;s=1140;s=1382;s=1383;s=1803;dc_ref=http___www.amazon[1].js not found!
File\Folder C:\Users\Linda Austin\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\SSPZ162C\484e9163f;s=i0;s=i1;s=i3;s=i4;s=i5;s=i6;s=i7;s=i8;s=i9;s=m1;s=m4;s=u24;s=u5;s=u9;s=u16;z=1618;s=1972;s=1139;s=36;s=1140;s=1382;s=1383;s=1803;dc_ref=http___www.amazon[1].js not found!
File\Folder C:\Users\Linda Austin\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\SSPZ162C\4dd0c58fd;s=i0;s=i1;s=i3;s=i4;s=i5;s=i6;s=i7;s=i8;s=i9;s=m1;s=m4;s=u24;s=u5;s=u9;s=u16;z=1139;s=1972;s=1139;s=36;s=1140;s=1382;s=1383;s=1803;dc_ref=http___www.amazon[1].js not found!
File\Folder C:\Users\Linda Austin\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\SSPZ162C\55ab;s=i0;s=i1;s=i3;s=i4;s=i5;s=i6;s=i7;s=i8;s=i9;s=m1;s=m4;s=u24;s=u5;s=u9;s=u16;z=826;z=810;s=1972;s=1139;s=36;s=1140;s=1382;s=1383;s=1803;dc_ref=http___www.amazon[1].js not found!
File\Folder C:\Users\Linda Austin\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\SSPZ162C\6d;s=i0;s=i1;s=i3;s=i4;s=i5;s=i6;s=i7;s=i8;s=i9;s=m1;s=m4;s=u24;s=u5;s=u9;s=u16;z=1155;z=1139;s=1972;s=1139;s=36;s=1140;s=1382;s=1383;s=1803;dc_ref=http___www.amazon[1].js not found!
File\Folder C:\Users\Linda Austin\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\SSPZ162C\6ece;s=i0;s=i1;s=i3;s=i4;s=i5;s=i6;s=i7;s=i8;s=i9;s=m1;s=m4;s=u24;s=u5;s=u9;s=u16;z=826;z=810;s=1972;s=1139;s=36;s=1140;s=1382;s=1383;s=1803;dc_ref=http___www.amazon[1].js not found!
File\Folder C:\Users\Linda Austin\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\SSPZ162C\72273d331;s=i0;s=i1;s=i3;s=i4;s=i5;s=i6;s=i7;s=i8;s=i9;s=m1;s=m4;s=u24;s=u5;s=u9;s=u16;z=1139;s=1972;s=1139;s=36;s=1140;s=1382;s=1383;s=1803;dc_ref=http___www.amazon[1].js not found!
File\Folder C:\Users\Linda Austin\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\SSPZ162C\72273d331;s=i0;s=i1;s=i3;s=i4;s=i5;s=i6;s=i7;s=i8;s=i9;s=m1;s=m4;s=u24;s=u5;s=u9;s=u16;z=1139;s=1972;s=1139;s=36;s=1140;s=1382;s=1383;s=1803;dc_ref=http___www.amazon[2].js not found!
File\Folder C:\Users\Linda Austin\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\SSPZ162C\72273d331;s=i0;s=i1;s=i3;s=i4;s=i5;s=i6;s=i7;s=i8;s=i9;s=m1;s=m4;s=u24;s=u5;s=u9;s=u16;z=1139;s=1972;s=1139;s=36;s=1140;s=1382;s=1383;s=1803;dc_ref=http___www.amazon[3].js not found!
File\Folder C:\Users\Linda Austin\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\SSPZ162C\72273d331;s=i0;s=i1;s=i3;s=i4;s=i5;s=i6;s=i7;s=i8;s=i9;s=m1;s=m4;s=u24;s=u5;s=u9;s=u16;z=1139;s=1972;s=1139;s=36;s=1140;s=1382;s=1383;s=1803;dc_ref=http___www.amazon[4].js not found!
File\Folder C:\Users\Linda Austin\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\SSPZ162C\72273d331;s=i0;s=i1;s=i3;s=i4;s=i5;s=i6;s=i7;s=i8;s=i9;s=m1;s=m4;s=u24;s=u5;s=u9;s=u16;z=1139;s=1972;s=1139;s=36;s=1140;s=1382;s=1383;s=1803;dc_ref=http___www.amazon[5].js not found!
File\Folder C:\Users\Linda Austin\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\SSPZ162C\76299b6a6;s=i0;s=i1;s=i3;s=i4;s=i5;s=i6;s=i7;s=i8;s=i9;s=m1;s=m4;s=u24;s=u5;s=u9;s=u16;z=1139;s=1972;s=1139;s=36;s=1140;s=1382;s=1383;s=1803;dc_ref=http___www.amazon[1].js not found!
File\Folder C:\Users\Linda Austin\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\SSPZ162C\7cc55d98f;s=i0;s=i1;s=i3;s=i4;s=i5;s=i6;s=i7;s=i8;s=i9;s=m1;s=m4;s=u24;s=u5;s=u9;s=u16;z=1139;s=1972;s=1139;s=36;s=1140;s=1382;s=1383;s=1803;dc_ref=http___www.amazon[1].js not found!
File\Folder C:\Users\Linda Austin\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\SSPZ162C\7d82466f0;s=i0;s=i1;s=i3;s=i4;s=i5;s=i6;s=i7;s=i8;s=i9;s=m1;s=m4;s=u24;s=u5;s=u9;s=u16;z=1139;s=1972;s=1139;s=36;s=1140;s=1382;s=1383;s=1803;dc_ref=http___www.amazon[1].js not found!
File\Folder C:\Users\Linda Austin\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\SSPZ162C\7dec51b54;s=i0;s=i1;s=i3;s=i4;s=i5;s=i6;s=i7;s=i8;s=i9;s=m1;s=m4;s=u24;s=u5;s=u9;s=u16;z=1618;s=1972;s=1139;s=36;s=1140;s=1382;s=1383;s=1803;dc_ref=http___www.amazon[1].js not found!
File\Folder C:\Users\Linda Austin\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\SSPZ162C\7f9f7a477;s=i0;s=i1;s=i3;s=i4;s=i5;s=i6;s=i7;s=i8;s=i9;s=m1;s=m4;s=u24;s=u5;s=u9;s=u16;z=1139;s=1972;s=1139;s=36;s=1140;s=1382;s=1383;s=1803;dc_ref=http___www.amazon[1].js not found!
File\Folder C:\Users\Linda Austin\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\SSPZ162C\837c;s=i0;s=i1;s=i3;s=i4;s=i5;s=i6;s=i7;s=i8;s=i9;s=m1;s=m4;s=u24;s=u5;s=u9;s=u16;z=826;z=810;s=1972;s=1139;s=36;s=1140;s=1382;s=1383;s=1803;dc_ref=http___www.amazon[1].js not found!
File\Folder C:\Users\Linda Austin\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\SSPZ162C\8a;s=i0;s=i1;s=i3;s=i4;s=i5;s=i6;s=i7;s=i8;s=i9;s=m1;s=m4;s=u24;s=u5;s=u9;s=u16;z=1155;z=1139;s=1972;s=1139;s=36;s=1140;s=1382;s=1383;s=1803;dc_ref=http___www.amazon[1].js not found!
File\Folder C:\Users\Linda Austin\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\SSPZ162C\8c3b719dce;s=i0;s=i1;s=i3;s=i4;s=i5;s=i6;s=i7;s=i8;s=i9;s=m1;s=m4;s=u24;s=u5;s=u9;s=u16;z=810;s=1972;s=1139;s=36;s=1140;s=1382;s=1383;s=1803;dc_ref=http___www.amazon[1].js not found!
File\Folder C:\Users\Linda Austin\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\SSPZ162C\9041c8f43;s=i0;s=i1;s=i3;s=i4;s=i5;s=i6;s=i7;s=i8;s=i9;s=m1;s=m4;s=u24;s=u5;s=u9;s=u16;z=1618;s=1972;s=1139;s=36;s=1140;s=1382;s=1383;s=1803;dc_ref=http___www.amazon[1].js not found!
File\Folder C:\Users\Linda Austin\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\SSPZ162C\9cf6;s=i0;s=i1;s=i3;s=i4;s=i5;s=i6;s=i7;s=i8;s=i9;s=m1;s=m4;s=u24;s=u5;s=u9;s=u16;z=826;z=810;s=1972;s=1139;s=36;s=1140;s=1382;s=1383;s=1803;dc_ref=http___www.amazon[1].js not found!
File\Folder C:\Users\Linda Austin\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\SSPZ162C\=200x28;kw=gwp_lse;uuid=6f93a7c4-6c9f-11e2-953f-00144feab49a;ts=20140222213034;cc=n;kw=gwp_lse;pt=ind;pos=searchbox;bht=false;rfrsh=false;tile=2;ord=3603842935616481[1].js not found!
File\Folder C:\Users\Linda Austin\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\SSPZ162C\=i0;s=i1;s=i3;s=i4;s=i5;s=i6;s=i7;s=i8;s=i9;s=m1;s=m4;s=u24;s=u5;s=u9;s=u16;z=826;z=830;z=810;s=1972;s=1139;s=36;s=1140;s=1382;s=1383;s=1803;dc_ref=http___www.amazon[1].js not found!
File\Folder C:\Users\Linda Austin\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\SSPZ162C\a00bf3fcf;s=i0;s=i1;s=i3;s=i4;s=i5;s=i6;s=i7;s=i8;s=i9;s=m1;s=m4;s=u24;s=u5;s=u9;s=u16;z=1618;s=1972;s=1139;s=36;s=1140;s=1382;s=1383;s=1803;dc_ref=http___www.amazon[1].js not found!
File\Folder C:\Users\Linda Austin\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\SSPZ162C\b9176c217;s=i0;s=i1;s=i3;s=i4;s=i5;s=i6;s=i7;s=i8;s=i9;s=m1;s=m4;s=u24;s=u5;s=u9;s=u16;z=1139;s=1972;s=1139;s=36;s=1140;s=1382;s=1383;s=1803;dc_ref=http___www.amazon[1].js not found!
File\Folder C:\Users\Linda Austin\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\SSPZ162C\c08f;s=i0;s=i1;s=i3;s=i4;s=i5;s=i6;s=i7;s=i8;s=i9;s=m1;s=m4;s=u24;s=u5;s=u9;s=u16;z=826;z=810;s=1972;s=1139;s=36;s=1140;s=1382;s=1383;s=1803;dc_ref=http___www.amazon[1].js not found!
File\Folder C:\Users\Linda Austin\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\SSPZ162C\e9;s=i0;s=i1;s=i3;s=i4;s=i5;s=i6;s=i7;s=i8;s=i9;s=m1;s=m4;s=u24;s=u5;s=u9;s=u16;z=1155;z=1139;s=1972;s=1139;s=36;s=1140;s=1382;s=1383;s=1803;dc_ref=http___www.amazon[1].js not found!
File\Folder C:\Users\Linda Austin\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\SSPZ162C\ea9b5f3ff;s=i0;s=i1;s=i3;s=i4;s=i5;s=i6;s=i7;s=i8;s=i9;s=m1;s=m4;s=u24;s=u5;s=u9;s=u16;z=1139;s=1972;s=1139;s=36;s=1140;s=1382;s=1383;s=1803;dc_ref=http___www.amazon[1].js not found!
File\Folder C:\Users\Linda Austin\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\SSPZ162C\f590f91a9;s=i0;s=i1;s=i3;s=i4;s=i5;s=i6;s=i7;s=i8;s=i9;s=m1;s=m4;s=u24;s=u5;s=u9;s=u16;z=1139;s=1972;s=1139;s=36;s=1140;s=1382;s=1383;s=1803;dc_ref=http___www.amazon[1].js not found!
File\Folder C:\Users\Linda Austin\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\SSPZ162C\p_1,1446302725@ref=pd_rhf_cr_s_cp_2,1844488446@ref=pd_rhf_cr_s_cp_3,1621137600@ref=pd_rhf_cr_s_cp_4,0715338382@ref=pd_rhf_cr_s_cp_5_action=view,p=1,isRHFLoaded=true[1].gif not found!
File\Folder C:\Users\Linda Austin\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\SSPZ162C\s_1,B009JVOAM0@ref=pd_rhf_se_s_ts_2,B009SV1YCU@ref=pd_rhf_se_s_ts_3,B00GS3VDQS@ref=pd_rhf_se_s_ts_4,B00GL9R9SK@ref=pd_rhf_se_s_ts_5_action=view,p=1,isRHFLoaded=true[1].gif not found!
File\Folder C:\Users\Linda Austin\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\SSPZ162C\z=239x90;kw=gwp_lse;uuid=6f93a7c4-6c9f-11e2-953f-00144feab49a;ts=20140222213036;cc=n;kw=gwp_lse;pt=ind;pos=newssubs;bht=false;rfrsh=false;tile=4;ord=3603842935616481[1].js not found!
File\Folder C:\Users\Linda Austin\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\SAGGLNJL\S&SOURCE=MANUAL&CHEF=Food_Network_Kitchens&DIFFICULTY=Intermediate&CUISINE=American&INGREDIENT=Oranges&OCCASION=Holiday&MEALPART=Dessert&TECHNIQUE=Simmer&PREPTIME=25[1].js not found!
File\Folder C:\Users\Linda Austin\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\SAGGLNJL\se;loc=ibzbfezizji;uuid=6f93a7c4-6c9f-11e2-953f-00144feab49a;ts=20131106202359;cc=n;kw=gwp_lse;pt=ind;pos=searchbox;bht=false;rfrsh=false;tile=2;ord=8857627451960357[1].js not found!
File\Folder C:\Users\Linda Austin\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\SAGGLNJL\wp_lse;loc=ibzbfezizji;uuid=6f93a7c4-6c9f-11e2-953f-00144feab49a;ts=20131106202401;cc=n;kw=gwp_lse;pt=ind;pos=banlb;bht=false;rfrsh=false;tile=3;ord=8857627451960357[1].js not found!
File\Folder C:\Users\Linda Austin\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\SAGGLNJL\_lse;loc=ibzbfezizji;uuid=6f93a7c4-6c9f-11e2-953f-00144feab49a;ts=20131106202406;cc=n;kw=gwp_lse;pt=ind;pos=tlbxrib;bht=false;rfrsh=false;tile=5;ord=8857627451960357[1].js not found!
File\Folder C:\Users\Linda Austin\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\M9AE2OIH\1;dcopt=ist;kw=gwp_lse;uuid=6f93a7c4-6c9f-11e2-953f-00144feab49a;ts=20140312143231;cc=n;kw=gwp_lse;pt=ind;pos=intro;bht=false;rfrsh=false;tile=1;ord=6178887128406116[1].js not found!
File\Folder C:\Users\Linda Austin\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\M9AE2OIH\8x90,970x90;kw=gwp_lse;uuid=6f93a7c4-6c9f-11e2-953f-00144feab49a;ts=20140312143233;cc=n;kw=gwp_lse;pt=ind;pos=banlb;bht=false;rfrsh=false;tile=3;ord=6178887128406116[1].js not found!
File\Folder C:\Users\Linda Austin\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\M9AE2OIH\e;loc=ibzbfczbgjzc;uuid=6f93a7c4-6c9f-11e2-953f-00144feab49a;ts=20140312144229;cc=n;kw=gwp_lse;pt=ind;pos=searchbox;bht=false;rfrsh=false;tile=2;ord=9122634027956774[1].js not found!
File\Folder C:\Users\Linda Austin\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\M9AE2OIH\lse;loc=ibzbfczbgjzc;uuid=6f93a7c4-6c9f-11e2-953f-00144feab49a;ts=20140312144232;cc=n;kw=gwp_lse;pt=ind;pos=refresh;bht=false;rfrsh=false;tile=7;ord=9122634027956774[1].js not found!
File\Folder C:\Users\Linda Austin\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\M9AE2OIH\ts;sz=1x1;kw=gwp_lse;uuid=6f93a7c4-6c9f-11e2-953f-00144feab49a;ts=20140312143234;cc=n;kw=gwp_lse;pt=ind;pos=refresh;bht=false;rfrsh=false;tile=7;ord=6178887128406116[1].js not found!
File\Folder C:\Users\Linda Austin\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\FGD5HT98\011de647b;s=i0;s=i1;s=i3;s=i4;s=i5;s=i6;s=i7;s=i8;s=i9;s=m1;s=m4;s=u24;s=u5;s=u9;s=u16;z=1618;s=1972;s=1139;s=36;s=1140;s=1382;s=1383;s=1803;dc_ref=http___www.amazon[1].js not found!
File\Folder C:\Users\Linda Austin\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\FGD5HT98\1;dcopt=ist;kw=gwp_lse;uuid=6f93a7c4-6c9f-11e2-953f-00144feab49a;ts=20140222213034;cc=n;kw=gwp_lse;pt=ind;pos=intro;bht=false;rfrsh=false;tile=1;ord=3603842935616481[1].js not found!
File\Folder C:\Users\Linda Austin\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\FGD5HT98\1f;s=i0;s=i1;s=i3;s=i4;s=i5;s=i6;s=i7;s=i8;s=i9;s=m1;s=m4;s=u24;s=u5;s=u9;s=u16;z=1155;z=1139;s=1972;s=1139;s=36;s=1140;s=1382;s=1383;s=1803;dc_ref=http___www.amazon[1].js not found!
File\Folder C:\Users\Linda Austin\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\FGD5HT98\2866e146f;s=i0;s=i1;s=i3;s=i4;s=i5;s=i6;s=i7;s=i8;s=i9;s=m1;s=m4;s=u24;s=u5;s=u9;s=u16;z=1139;s=1972;s=1139;s=36;s=1140;s=1382;s=1383;s=1803;dc_ref=http___www.amazon[1].js not found!
File\Folder C:\Users\Linda Austin\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\FGD5HT98\35;s=i0;s=i1;s=i3;s=i4;s=i5;s=i6;s=i7;s=i8;s=i9;s=m1;s=m4;s=u24;s=u5;s=u9;s=u16;z=1155;z=1139;s=1972;s=1139;s=36;s=1140;s=1382;s=1383;s=1803;dc_ref=http___www.amazon[1].js not found!
File\Folder C:\Users\Linda Austin\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\FGD5HT98\36c7;s=i0;s=i1;s=i3;s=i4;s=i5;s=i6;s=i7;s=i8;s=i9;s=m1;s=m4;s=u24;s=u5;s=u9;s=u16;z=826;z=810;s=1972;s=1139;s=36;s=1140;s=1382;s=1383;s=1803;dc_ref=http___www.amazon[1].js not found!
File\Folder C:\Users\Linda Austin\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\FGD5HT98\39442ebc1;s=i0;s=i1;s=i3;s=i4;s=i5;s=i6;s=i7;s=i8;s=i9;s=m1;s=m4;s=u24;s=u5;s=u9;s=u16;z=1139;s=1972;s=1139;s=36;s=1140;s=1382;s=1383;s=1803;dc_ref=http___www.amazon[1].js not found!
File\Folder C:\Users\Linda Austin\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\FGD5HT98\3dfc;s=i0;s=i1;s=i3;s=i4;s=i5;s=i6;s=i7;s=i8;s=i9;s=m1;s=m4;s=u24;s=u5;s=u9;s=u16;z=826;z=810;s=1972;s=1139;s=36;s=1140;s=1382;s=1383;s=1803;dc_ref=http___www.amazon[1].js not found!
File\Folder C:\Users\Linda Austin\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\FGD5HT98\40;s=i0;s=i1;s=i3;s=i4;s=i5;s=i6;s=i7;s=i8;s=i9;s=m1;s=m4;s=u24;s=u5;s=u9;s=u16;z=1155;z=1139;s=1972;s=1139;s=36;s=1140;s=1382;s=1383;s=1803;dc_ref=http___www.amazon[1].js not found!
File\Folder C:\Users\Linda Austin\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\FGD5HT98\5db2;s=i0;s=i1;s=i3;s=i4;s=i5;s=i6;s=i7;s=i8;s=i9;s=m1;s=m4;s=u24;s=u5;s=u9;s=u16;z=826;z=810;s=1972;s=1139;s=36;s=1140;s=1382;s=1383;s=1803;dc_ref=http___www.amazon[1].js not found!
File\Folder C:\Users\Linda Austin\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\FGD5HT98\5f274cab4;s=i0;s=i1;s=i3;s=i4;s=i5;s=i6;s=i7;s=i8;s=i9;s=m1;s=m4;s=u24;s=u5;s=u9;s=u16;z=1139;s=1972;s=1139;s=36;s=1140;s=1382;s=1383;s=1803;dc_ref=http___www.amazon[1].js not found!
File\Folder C:\Users\Linda Austin\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\FGD5HT98\7dec51b54;s=i0;s=i1;s=i3;s=i4;s=i5;s=i6;s=i7;s=i8;s=i9;s=m1;s=m4;s=u24;s=u5;s=u9;s=u16;z=1618;s=1972;s=1139;s=36;s=1140;s=1382;s=1383;s=1803;dc_ref=http___www.amazon[1].js not found!
File\Folder C:\Users\Linda Austin\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\FGD5HT98\833d;s=i0;s=i1;s=i3;s=i4;s=i5;s=i6;s=i7;s=i8;s=i9;s=m1;s=m4;s=u24;s=u5;s=u9;s=u16;z=826;z=810;s=1972;s=1139;s=36;s=1140;s=1382;s=1383;s=1803;dc_ref=http___www.amazon[1].js not found!
File\Folder C:\Users\Linda Austin\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\FGD5HT98\9e;s=i0;s=i1;s=i3;s=i4;s=i5;s=i6;s=i7;s=i8;s=i9;s=m1;s=m4;s=u24;s=u5;s=u9;s=u16;z=1155;z=1139;s=1972;s=1139;s=36;s=1140;s=1382;s=1383;s=1803;dc_ref=http___www.amazon[1].js not found!
File\Folder C:\Users\Linda Austin\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\FGD5HT98\=i0;s=i1;s=i3;s=i4;s=i5;s=i6;s=i7;s=i8;s=i9;s=m1;s=m4;s=u24;s=u5;s=u9;s=u16;z=830;z=826;z=810;s=1972;s=1139;s=36;s=1140;s=1382;s=1383;s=1803;dc_ref=http___www.amazon[1].js not found!
File\Folder C:\Users\Linda Austin\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\FGD5HT98\b0;s=i0;s=i1;s=i3;s=i4;s=i5;s=i6;s=i7;s=i8;s=i9;s=m1;s=m4;s=u24;s=u5;s=u9;s=u16;z=1155;z=1139;s=1972;s=1139;s=36;s=1140;s=1382;s=1383;s=1803;dc_ref=http___www.amazon[1].js not found!
File\Folder C:\Users\Linda Austin\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\FGD5HT98\b33108f2d;s=i0;s=i1;s=i3;s=i4;s=i5;s=i6;s=i7;s=i8;s=i9;s=m1;s=m4;s=u24;s=u5;s=u9;s=u16;z=3417;s=1972;s=1139;s=36;s=1140;s=1382;s=1383;s=1803;dc_ref=http___www.amazon[1].js not found!
File\Folder C:\Users\Linda Austin\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\FGD5HT98\b763a6079;s=i0;s=i1;s=i3;s=i4;s=i5;s=i6;s=i7;s=i8;s=i9;s=m1;s=m4;s=u24;s=u5;s=u9;s=u16;z=1139;s=1972;s=1139;s=36;s=1140;s=1382;s=1383;s=1803;dc_ref=http___www.amazon[1].js not found!
File\Folder C:\Users\Linda Austin\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\FGD5HT98\dfc2b462b;s=i0;s=i1;s=i3;s=i4;s=i5;s=i6;s=i7;s=i8;s=i9;s=m1;s=m4;s=u24;s=u5;s=u9;s=u16;z=1139;s=1972;s=1139;s=36;s=1140;s=1382;s=1383;s=1803;dc_ref=http___www.amazon[1].js not found!
File\Folder C:\Users\Linda Austin\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\FGD5HT98\e388758785;s=i0;s=i1;s=i3;s=i4;s=i5;s=i6;s=i7;s=i8;s=i9;s=m1;s=m4;s=u24;s=u5;s=u9;s=u16;z=810;s=1972;s=1139;s=36;s=1140;s=1382;s=1383;s=1803;dc_ref=http___www.amazon[1].js not found!
File\Folder C:\Users\Linda Austin\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\FGD5HT98\e3;s=i0;s=i1;s=i3;s=i4;s=i5;s=i6;s=i7;s=i8;s=i9;s=m1;s=m4;s=u24;s=u5;s=u9;s=u16;z=1155;z=1139;s=1972;s=1139;s=36;s=1140;s=1382;s=1383;s=1803;dc_ref=http___www.amazon[1].js not found!
File\Folder C:\Users\Linda Austin\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\FGD5HT98\fd;s=i0;s=i1;s=i3;s=i4;s=i5;s=i6;s=i7;s=i8;s=i9;s=m1;s=m4;s=u24;s=u5;s=u9;s=u16;z=1155;z=1139;s=1972;s=1139;s=36;s=1140;s=1382;s=1383;s=1803;dc_ref=http___www.amazon[1].js not found!
File\Folder C:\Users\Linda Austin\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\FGD5HT98\ffa8;s=i0;s=i1;s=i3;s=i4;s=i5;s=i6;s=i7;s=i8;s=i9;s=m1;s=m4;s=u24;s=u5;s=u9;s=u16;z=826;z=810;s=1972;s=1139;s=36;s=1140;s=1382;s=1383;s=1803;dc_ref=http___www.amazon[1].js not found!
File\Folder C:\Users\Linda Austin\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\FGD5HT98\p_1,1849493286@ref=pd_rhf_cr_s_cp_2,1446302377@ref=pd_rhf_cr_s_cp_3,1844488640@ref=pd_rhf_cr_s_cp_4,1844488322@ref=pd_rhf_cr_s_cp_5_action=view,p=1,isRHFLoaded=true[1].gif not found!
File\Folder C:\Users\Linda Austin\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\FGD5HT98\sz=336x60;kw=gwp_lse;uuid=6f93a7c4-6c9f-11e2-953f-00144feab49a;ts=20140222213036;cc=n;kw=gwp_lse;pt=ind;pos=tlbxrib;bht=false;rfrsh=false;tile=5;ord=3603842935616481[1].js not found!
File\Folder C:\Users\Linda Austin\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\CIVSHJLJ\=Food_Network_Kitchens&DIFFICULTY=Intermediate&CUISINE=American&INGREDIENT=Oranges&OCCASION=Holiday&MEALPART=Dessert&TECHNIQUE=Simmer&PREPTIME=25&topic2=NGUIDREPLAY[1].htm not found!
File\Folder C:\Users\Linda Austin\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\CIVSHJLJ\lse;loc=ibzbfezizji;uuid=6f93a7c4-6c9f-11e2-953f-00144feab49a;ts=20131106202406;cc=n;kw=gwp_lse;pt=ind;pos=hlfmpu;bht=false;rfrsh=false;tile=6;ord=8857627451960357[1].js not found!
File\Folder C:\Users\Linda Austin\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\6TDNINZO\wp_lse;loc=ibzbfezizji;uuid=6f93a7c4-6c9f-11e2-953f-00144feab49a;ts=20131106202359;cc=n;kw=gwp_lse;pt=ind;pos=intro;bht=false;rfrsh=false;tile=1;ord=8857627451960357[1].js not found!
File\Folder C:\Users\Linda Austin\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\45HC5E5F\21;s=i0;s=i1;s=i3;s=i4;s=i5;s=i6;s=i7;s=i8;s=i9;s=m1;s=m4;s=u24;s=u5;s=u9;s=u16;z=1155;z=1139;s=1972;s=1139;s=36;s=1140;s=1382;s=1383;s=1803;dc_ref=http___www.amazon[1].js not found!
File\Folder C:\Users\Linda Austin\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\45HC5E5F\2d3cba1c1;s=i0;s=i1;s=i3;s=i4;s=i5;s=i6;s=i7;s=i8;s=i9;s=m1;s=m4;s=u24;s=u5;s=u9;s=u16;z=1139;s=1972;s=1139;s=36;s=1140;s=1382;s=1383;s=1803;dc_ref=http___www.amazon[1].js not found!
File\Folder C:\Users\Linda Austin\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\45HC5E5F\375c;s=i0;s=i1;s=i3;s=i4;s=i5;s=i6;s=i7;s=i8;s=i9;s=m1;s=m4;s=u24;s=u5;s=u9;s=u16;z=826;z=810;s=1972;s=1139;s=36;s=1140;s=1382;s=1383;s=1803;dc_ref=http___www.amazon[1].js not found!
File\Folder C:\Users\Linda Austin\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\45HC5E5F\3c95;s=i0;s=i1;s=i3;s=i4;s=i5;s=i6;s=i7;s=i8;s=i9;s=m1;s=m4;s=u24;s=u5;s=u9;s=u16;z=826;z=810;s=1972;s=1139;s=36;s=1140;s=1382;s=1383;s=1803;dc_ref=http___www.amazon[1].js not found!
File\Folder C:\Users\Linda Austin\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\45HC5E5F\43;s=i0;s=i1;s=i3;s=i4;s=i5;s=i6;s=i7;s=i8;s=i9;s=m1;s=m4;s=u24;s=u5;s=u9;s=u16;z=1155;z=1139;s=1972;s=1139;s=36;s=1140;s=1382;s=1383;s=1803;dc_ref=http___www.amazon[1].js not found!
File\Folder C:\Users\Linda Austin\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\45HC5E5F\4641;s=i0;s=i1;s=i3;s=i4;s=i5;s=i6;s=i7;s=i8;s=i9;s=m1;s=m4;s=u24;s=u5;s=u9;s=u16;z=826;z=810;s=1972;s=1139;s=36;s=1140;s=1382;s=1383;s=1803;dc_ref=http___www.amazon[1].js not found!
File\Folder C:\Users\Linda Austin\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\45HC5E5F\6bbcab4336;s=i0;s=i1;s=i3;s=i4;s=i5;s=i6;s=i7;s=i8;s=i9;s=m1;s=m4;s=u24;s=u5;s=u9;s=u16;z=810;s=1972;s=1139;s=36;s=1140;s=1382;s=1383;s=1803;dc_ref=http___www.amazon[1].js not found!
File\Folder C:\Users\Linda Austin\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\45HC5E5F\72273d331;s=i0;s=i1;s=i3;s=i4;s=i5;s=i6;s=i7;s=i8;s=i9;s=m1;s=m4;s=u24;s=u5;s=u9;s=u16;z=1139;s=1972;s=1139;s=36;s=1140;s=1382;s=1383;s=1803;dc_ref=http___www.amazon[1].js not found!
File\Folder C:\Users\Linda Austin\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\45HC5E5F\72273d331;s=i0;s=i1;s=i3;s=i4;s=i5;s=i6;s=i7;s=i8;s=i9;s=m1;s=m4;s=u24;s=u5;s=u9;s=u16;z=1139;s=1972;s=1139;s=36;s=1140;s=1382;s=1383;s=1803;dc_ref=http___www.amazon[2].js not found!
File\Folder C:\Users\Linda Austin\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\45HC5E5F\7dec51b54;s=i0;s=i1;s=i3;s=i4;s=i5;s=i6;s=i7;s=i8;s=i9;s=m1;s=m4;s=u24;s=u5;s=u9;s=u16;z=1618;s=1972;s=1139;s=36;s=1140;s=1382;s=1383;s=1803;dc_ref=http___www.amazon[1].js not found!
File\Folder C:\Users\Linda Austin\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\45HC5E5F\841c;s=i0;s=i1;s=i3;s=i4;s=i5;s=i6;s=i7;s=i8;s=i9;s=m1;s=m4;s=u24;s=u5;s=u9;s=u16;z=826;z=810;s=1972;s=1139;s=36;s=1140;s=1382;s=1383;s=1803;dc_ref=http___www.amazon[1].js not found!
File\Folder C:\Users\Linda Austin\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\45HC5E5F\8c70;s=i0;s=i1;s=i3;s=i4;s=i5;s=i6;s=i7;s=i8;s=i9;s=m1;s=m4;s=u24;s=u5;s=u9;s=u16;z=826;z=810;s=1972;s=1139;s=36;s=1140;s=1382;s=1383;s=1803;dc_ref=http___www.amazon[1].js not found!
File\Folder C:\Users\Linda Austin\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\45HC5E5F\a00bf3fcf;s=i0;s=i1;s=i3;s=i4;s=i5;s=i6;s=i7;s=i8;s=i9;s=m1;s=m4;s=u24;s=u5;s=u9;s=u16;z=1618;s=1972;s=1139;s=36;s=1140;s=1382;s=1383;s=1803;dc_ref=http___www.amazon[1].js not found!
File\Folder C:\Users\Linda Austin\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\45HC5E5F\a1;s=i0;s=i1;s=i3;s=i4;s=i5;s=i6;s=i7;s=i8;s=i9;s=m1;s=m4;s=u24;s=u5;s=u9;s=u16;z=1155;z=1139;s=1972;s=1139;s=36;s=1140;s=1382;s=1383;s=1803;dc_ref=http___www.amazon[1].js not found!
File\Folder C:\Users\Linda Austin\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\45HC5E5F\p_1,1908714085@ref=pd_rhf_cr_s_cp_2,1446302377@ref=pd_rhf_cr_s_cp_3,1905113404@ref=pd_rhf_cr_s_cp_4,1446302849@ref=pd_rhf_cr_s_cp_5_action=view,p=1,isRHFLoaded=true[1].gif not found!
File\Folder C:\Users\Linda Austin\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\45HC5E5F\ts;sz=1x1;kw=gwp_lse;uuid=6f93a7c4-6c9f-11e2-953f-00144feab49a;ts=20140222213039;cc=n;kw=gwp_lse;pt=ind;pos=refresh;bht=false;rfrsh=false;tile=7;ord=3603842935616481[1].js not found!
C:\Users\Linda Austin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Linda Austin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U4NWNCHY\dgdTycPTSRj[2].htm moved successfully.
C:\Users\Linda Austin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U4NWNCHY\postmessageRelay[1].htm moved successfully.
C:\Users\Linda Austin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\961B50XT\index[1].htm moved successfully.
C:\Users\Linda Austin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\451PXIVA\fastbutton[1].htm moved successfully.
C:\Users\Linda Austin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\451PXIVA\like[1].htm moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

 

 

 

ESET SCAN

 

 

C:\Program Files\myphotobook\xtras\process.exe Win32/PrcView potentially unsafe application deleted - quarantined
 

 

Thanks

Linda

Link to post
Share on other sites

Hello Linda,

 

What is the current status of your system, do you have any remaining issues or concerns... If none run the following;

 

Download "Delfix by Xplode" and save it to your desktop.

 

"Delfix link mirror"

 

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

 

Make Sure the following items are checked:

 


    Activate UAC
    Remove disinfection tools
    Create registry backup
    Purge System Restore
    Reset system settings

 

Now click on "Run" and wait patiently until the tool has completed.

 

The tool will create a log when it has completed. We don't need you to post this.

 

Part of the routine will be to create a registry back up with ERUNT,  the back up will be created here:

 

C:\Windows\ERUNT

 

When all is known to be well with your system you can delete that back up folder if you consider it as not needed...

 

Next,

 

Read the following link to fully understand PC security and best practices, you may find it useful....

 

http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry2316629

 

Kevin

Link to post
Share on other sites

Kevin

 

I am not aware of any further issues.  My computer appears to be running normally.  Just wanted to ensure had got rid of trojan.ransom.gend fully.

 

I will do as you instruct above and read the link you suggest.

 

I am grateful for all your help.

 

Kind regards

Linda

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.