# Remove "Trovigo"



## MikeJG (Jul 31, 2013)

Win 7 32bit. Firefox browser (whose controls have all disappeared.)

Is there a way to banish "Trovigo" from my system?

My computer's hit by more advertisements than I thought existed. Many other things are going on such as Yahoo cutting in and virtually disabling my internet browsing. I get a "DNS" page that comes up telling me that what I'm looking for just doesn't exist. I get the impression that Trovigo is at the bottom of all my problems.


----------



## Cookiegal (Aug 27, 2003)

Please download DDS by sUBs to your desktop from the following location:

http://download.bleepingcomputer.com/sUBs/dds.scr

Double-click the *dds.scr* file to run the program.

It will automatically run in silent mode and then you will see the following note:

*"Two logs shall be created on your Desktop".*

The logs will be named *dds.txt* and *attach.txt*.

Wait until the logs appear and then copy and paste their contents in your post.

Please download GMER from: http://www.gmer.net

Click on the "Download EXE" button and save the randomly named .exe file to your desktop.

*Note: You must uninstall any CD Emulation programs that you have before running GMER as they can cause conflicts and give false results.*

Double click the GMER .exe file on your desktop to run the tool and it will automatically do a quick scan.

If the tool warns of rootkit activity and asks if you want to run a full scan, click on No and make sure the following are *unchecked *on the right-hand side:

IAT/EAT
Any drive letter other than the primary system drive (which is generally C).

Click the *Scan *button and when the scan is finished, click *Save* and save the log in Notepad with the name ark.txt to your desktop.

*Note: It's important that all other windows be closed and that you don't touch the mouse or do anything with the computer during the scan as it may cause it to freeze. You should disable your screen saver as if it comes on it may cause the program to freeze.*

Open the ark.txt file and copy and paste the contents of the log here please.


----------



## MikeJG (Jul 31, 2013)

I tried three times to run '1Owr77.exe' after thes scans but it didn't complete. Perhaps I can do it when this lots sorted. Am I doing somethin wrong? Thanks for your help.
Mike.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional 
Boot Device: \Device\HarddiskVolume1
Install Date: 25/04/2010 10:12:59 a.m.
System Uptime: 1/07/2014 12:28:42 p.m. (8 hours ago)
.
Motherboard: TOSHIBA | | Portable PC
Processor: Pentium(R) Dual-Core CPU T4500 @ 2.30GHz | CPU | 2300/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 143 GiB total, 1.383 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 141 GiB total, 139.157 GiB free.
F: is FIXED (NTFS) - 466 GiB total, 371.53 GiB free.
G: is FIXED (NTFS) - 37 GiB total, 29.008 GiB free.
H: is FIXED (FAT32) - 29 GiB total, 15.965 GiB free.
I: is FIXED (FAT32) - 8 GiB total, 7.943 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Teredo Tunneling Adapter
Device ID: ROOT\*TEREDO\0000
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TEREDO\0000
Service: tunnel
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
7-Zip 9.22beta
ACA Screen Recorder 5.30
Acrobat.com
AdFender
Adobe Acrobat Reader 3.01
Adobe Community Help
Adobe Flash Player 13 Plugin
Adobe Flash Player ActiveX
Adobe Photoshop 7.0
Adobe Photoshop CS2
Adobe Photoshop CS5.1
Adobe Photoshop CS6
Adobe Reader XI (11.0.07)
Apple Application Support
Apple Software Update
µTorrent
Browser Extensions
Business Contact Manager for Outlook 2007 SP2
Buzzdock
Canon Easy-WebPrint EX
Canon IJ Scan Utility
Canon MX720 series MP Drivers
Canon MX720 series On-screen Manual
Canon My Printer
Canon Quick Menu
Canon Speed Dial Utility
CCleaner
CombineZP
Compatibility Pack for the 2007 Office system
CyberLink PhotoDirector 4
D3DX10
Debut Video Capture Software
Desktop-Reminder 2
Direct DiscRecorder
Doxillion Document Converter
DVD MovieFactory for TOSHIBA
DX-Ball 1.09
File Type Assistant
Final Video Downloader 2013
FLV.com FLV Downloader 9.2
Foxit Reader
Foxit Reader Free Download Packages
Free RAR Extract Frog
Free Screen Video Recorder version 2.5.34.605
Free Studio version 5.3.5
FUJIFILM Hyper-Utility Software
FUJIFILM USB Driver
GIMP 2.8.10
Gimp Resynthesizer Plugin version 0.16
Google Chrome
Google Earth
Google Update Helper
Greener Web
HP OfficeJet G Series
Hyper-Utility Software Add-On
Hyper-Utility2
Hyper-Utility2 CCD-RAW Plug-In
Hyper-Utility2 CustomRendered Modifier Plug-In
Hyper-Utility2 File Format Plug-In
Hyper-Utility2 FinePixS20Pro SHOOTING Plug-In
Hyper-Utility2 FinePixS2Pro SHOOTING Plug-In
Hyper-Utility2 FinePixS3Pro SHOOTING Plug-In
Hyper-Utility2 Preview Print
Hyper-Utility2 Print/Contact Sheet Output Plug-In
Hyper-Utility2 Slide Show Plug-In
ImageMixer VCD2 for FinePix
Intel(R) Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
Java 7 Update 51
Java Auto Updater
Junk Mail filter update
LSI V92 MOH Application
Malwarebytes Anti-Malware version 1.75.0.1300
McAfee Security Scan Plus
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Camera Codec Pack
Microsoft Image Composite Editor
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office File Validation Add-In
Microsoft Office Professional Edition 2003
Microsoft Office Small Business Connectivity Components
Microsoft Office Suite Activation Assistant
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
MixPad
MotoHelper MergeModules
Mozilla Firefox 30.0 (x86 en-GB)
Mozilla Maintenance Service
Mozilla Thunderbird 24.6.0 (x86 en-US)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MuseScore 1.3
MyPC Backup 
Opera 12.16
Optimizer Pro v3.2
PDF Settings CS5
PDF Settings CS6
PIE Free v6.7
PlayReady PC Runtime x86
PokerStars
Prism Video File Converter
PrnPrint v3.47.10
QuickTime 7
Raw Therapee V4.0.9.50 x86
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Realtek WLAN Driver
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Skype Click to Call
Skype Free Download Packages
Skype™ 6.16
Studio Utility
Studio Utility shooting plug-in
Synaptics Pointing Device Driver
Torntv V9.0
TOSHIBA Assist
TOSHIBA Bulletin Board
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA DVD PLAYER
TOSHIBA eco Utility
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Face Recognition
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
TOSHIBA Internal Modem Region Select Utility
TOSHIBA PC Health Monitor
TOSHIBA Recovery Media Creator
TOSHIBA ReelTime
TOSHIBA SD Memory Utilities
TOSHIBA Service Station
TOSHIBA Software Modem
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
Un-Rar for Windows 9.22beta
VC80CRTRedist - 8.0.50727.6195
VideoPad Video Editor
Visual Studio 2012 x86 Redistributables
VLC media player 2.1.3
VO Package
Wavelet Denoise Gimp Plugin version 0.3.1
WavePad Sound Editor
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinPcap 4.1.2
WorldClock 3.0
Xnet Usage Monitor V1.9.1
.
==== Event Viewer Messages From Past Week ========
.
29/06/2014 9:06:43 a.m., Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Computer Backup (MyPC Backup) service to connect.
29/06/2014 9:06:43 a.m., Error: Service Control Manager [7000] - The Computer Backup (MyPC Backup) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
27/06/2014 5:17:32 p.m., Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TPCHSrv service.
27/06/2014 5:17:02 p.m., Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TOSHIBA eco Utility Service service.
27/06/2014 4:58:13 p.m., Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR3.
27/06/2014 4:03:08 p.m., Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR2.
27/06/2014 3:34:09 p.m., Error: Microsoft-Windows-Application-Experience [205] - The Program Compatibility Assistant service failed to perform the phase two initialization.
26/06/2014 3:52:05 p.m., Error: NetBT [4300] - The driver could not be created.
1/07/2014 4:30:03 p.m., Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR15.
1/07/2014 3:14:35 p.m., Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR14.
1/07/2014 3:09:41 p.m., Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WSearch service.
1/07/2014 3:09:11 p.m., Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LanmanServer service.
1/07/2014 3:07:36 p.m., Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR2.
1/07/2014 2:18:28 p.m., Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
1/07/2014 12:31:24 p.m., Error: Service Control Manager [7023] - The HP Network Devices Support service terminated with the following error: The specified module could not be found.
1/07/2014 12:29:16 p.m., Error: Service Control Manager [7000] - The vToolbarUpdater17.1.2 service failed to start due to the following error: The system cannot find the file specified.
1/07/2014 1:48:10 a.m., Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows 7 (KB2667402).
.
==== End Of File ===========================

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 11.0.9600.17126
Run by new user at 20:49:47 on 2014-07-01
Microsoft Windows 7 Professional 6.1.7601.1.1252.64.1033.18.2940.1219 [GMT 12:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\taskhost.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\MyPC Backup\BackupStack.exe
C:\windows\system32\Dwm.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\taskeng.exe
C:\windows\Explorer.EXE
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\TECO\TEco.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\System32\spool\drivers\w32x86\hpoopm07.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\windows\system32\igfxext.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Users\new user\AppData\Roaming\uTorrent\uTorrent.exe
C:\Users\new user\AppData\Roaming\Browser Extensions\CouponsHelper.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\Desktop-Reminder 2\DesktopReminder2.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\AdFender\AdFender.exe
C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
C:\Program Files\MyPC Backup\MyPC Backup.exe
C:\Program Files\Xnet Usage Monitor\XNetUsage.exe
C:\windows\system32\wbem\unsecapp.exe
C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\wuauclt.exe
C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files\Greener Web\updateGreenerWeb.exe
C:\Program Files\Greener Web\bin\utilGreenerWeb.exe
C:\Program Files\Greener Web\bin\GreenerWeb.PurBrowse.exe
C:\windows\system32\conhost.exe
C:\Program Files\Greener Web\bin\GreenerWeb.BrowserAdapter.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\windows\system32\conhost.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\System32\svchost.exe -k secsvcs
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSAU&bmod=TSAU
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSAU&bmod=TSAU
uDefault_Search_URL = hxxp://www.google.com/ie
uProxyOverride = <-loopback>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - c:\program files\mcafee security scan\3.8.150\McAfeeMSS_IE.dll
BHO: Torntv V9.0: {11111111-1111-1111-1111-110511131190} - c:\program files\torntv v9.0\Torntv V9.0-bho.dll
BHO: Greener Web: {1973d53b-7311-45d7-8270-f44571c041a0} - c:\program files\greener web\EEE42DCB-55EF-4A6A-8747-4D1DE1354399.dll
BHO: Browser Extensions: {34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} - c:\users\new user\appdata\roaming\browser extensions\Coupons.dll
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Jotzey: {cdf368cb-6a2f-460a-8abf-51538de43dec} - 
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [AVG-Secure-Search-Update_1213b] c:\users\new user\appdata\roaming\avg 1213b campaign\AVG-Secure-Search-Update-1213b.exe /PROMPT /mid=bdc94aa2ae6547d0bb06d16f2a8f2122-ad29c238826b6759abc930ef6fcf3cf8345c27b5 /CMPID=1213b
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [uTorrent] "c:\users\new user\appdata\roaming\utorrent\uTorrent.exe" /MINIMIZED
uRun: [Browser Extensions] "c:\users\new user\appdata\roaming\browser extensions\CouponsHelper.exe"
uRun: [DesktopReminder2ByPolenter] "c:\program files\desktop-reminder 2\DesktopReminder2.exe" -silent
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [TPwrMain] c:\program files\toshiba\power saver\TPwrMain.EXE
mRun: [SmoothView] c:\program files\toshiba\smoothview\SmoothView.exe
mRun: [00TCrdMain] c:\program files\toshiba\flashcards\TCrdMain.exe
mRun: [Teco] "c:\program files\toshiba\teco\Teco.exe" /r
mRun: [TosNC] c:\program files\toshiba\bulletinboard\TosNcCore.exe
mRun: [TosReelTimeMonitor] c:\program files\toshiba\reeltime\TosReelTimeMonitor.exe
mRun: [ToshibaServiceStation] "c:\program files\toshiba\toshiba service station\ToshibaServiceStation.exe" /hide:60
mRun: [TosSENotify] c:\program files\toshiba\toshiba hdd ssd alert\TosWaitSrv.exe
mRun: [SmartFaceVWatcher] c:\program files\toshiba\smartfacev\SmartFaceVWatcher.exe
mRun: [TosWaitSrv] c:\program files\toshiba\tphm\TosWaitSrv.exe
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "c:\program files\common files\adobe\cs6servicemanager\CS6ServiceManager.exe" -launchedbylogin
mRun: [AdobeCS5.5ServiceManager] "c:\program files\common files\adobe\cs5.5servicemanager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [CanonQuickMenu] c:\program files\canon\quick menu\CNQMMAIN.EXE /logon
mRun: [mobilegeni daemon] c:\program files\mobogenie\DaemonProcess.exe
mRun: [HPAIO_PrintFolderMgr] c:\windows\system32\spool\drivers\w32x86\hpoopm07.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
StartupFolder: c:\users\newuse~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\users\newuse~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\mypcba~1.lnk - c:\program files\mypc backup\MyPC Backup.exe
StartupFolder: c:\users\newuse~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\xnetus~1.lnk - c:\program files\xnet usage monitor\XNetUsage.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adfender.lnk - c:\program files\adfender\AdFender.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.8.150\SSScheduler.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office11\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\new user\appdata\roaming\dvdvideosoftiehelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\new user\appdata\roaming\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {3B54DEAB-C6D4-48a8-8C32-A70558643400} - c:\program files\finalvideodownloader\fvdRunner.html
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 58.28.5.2 58.28.6.2
TCP: Interfaces\{22954387-82DA-461F-BF7C-C1C4C8D575B7} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{22954387-82DA-461F-BF7C-C1C4C8D575B7}\44C494E4B4 : DHCPNameServer = 10.1.1.1
TCP: Interfaces\{22954387-82DA-461F-BF7C-C1C4C8D575B7}\96D61676F6 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{678A7195-B191-4A9F-8042-51607E67A254} : DHCPNameServer = 58.28.5.2 58.28.6.2
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs= c:\progra~1\optimi~1\optpro~1.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\32.0.1700.76\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\new user\appdata\roaming\mozilla\firefox\profiles\zv8j385y.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo!
FF - prefs.js: browser.startup.homepage - hxxp://www.trovigo.com/?gd=&ctid=CT3324790&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=5&UP=SP392197FB-717B-4AA9-B3A8-95F2ED41276A&SSPV=
FF - prefs.js: keyword.URL - hxxps://au.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=231195&p=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\globalupdate\update\1.3.25.0\npGoogleUpdate4.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_13_0_0_214.dll
FF - plugin: c:\windows\system32\wat\npWatWeb.dll
.
---- FIREFOX POLICIES ----
.
.
.
.
.
.
user_pref(extensions.autoDisableScopes,14);
============= SERVICES / DRIVERS ===============
.
R0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2013-7-30 13560]
R1 {a3f28269-ad17-41a8-b032-3e0313ef8979}w;{a3f28269-ad17-41a8-b032-3e0313ef8979}w;c:\windows\system32\drivers\{a3f28269-ad17-41a8-b032-3e0313ef8979}w.sys [2014-6-12 52928]
R2 BackupStack;Computer Backup (MyPC Backup);c:\program files\mypc backup\BackupStack.exe [2014-3-15 36392]
R2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files\skype\toolbars\autoupdate\SkypeC2CAutoUpdateSvc.exe [2014-4-11 1390720]
R2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files\skype\toolbars\pnrsvc\SkypeC2CPNRSvc.exe [2014-4-11 1764992]
R2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\toshiba\configfree\CFIWmxSvcs.exe [2009-8-11 185712]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2009-3-11 46448]
R2 RSELSVC;TOSHIBA Modem region select service;c:\program files\toshiba\rselect\RSelSvc.exe [2009-7-8 62832]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\toshiba\teco\TecoService.exe [2009-8-12 185712]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\drivers\TVALZFL.sys [2009-6-20 12920]
R2 Update Greener Web;Update Greener Web;c:\program files\greener web\updateGreenerWeb.exe [2014-6-12 318752]
R2 Util Greener Web;Util Greener Web;c:\program files\greener web\bin\utilGreenerWeb.exe [2014-6-12 318752]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2010-4-26 7680]
R3 PGEffect;Pangu effect driver;c:\windows\system32\drivers\PGEffect.sys [2010-4-26 24064]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-11-5 230912]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\drivers\rtl8192se.sys [2010-4-26 1011232]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-14 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-14 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-14 661504]
R3 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2010-4-26 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\toshiba\toshiba hdd ssd alert\TosSmartSrv.exe [2009-8-4 111960]
R3 TPCHSrv;TPCH Service;c:\program files\toshiba\tphm\TPCHSrv.exe [2009-8-7 685424]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 globalUpdate;globalUpdate Update Service (globalUpdate);c:\program files\globalupdate\update\GoogleUpdate.exe [2014-6-13 68608]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-10-23 172192]
S2 vToolbarUpdater17.1.2;vToolbarUpdater17.1.2;c:\program files\common files\avg secure search\vtoolbarupdater\17.1.2\toolbarupdater.exe --> c:\program files\common files\avg secure search\vtoolbarupdater\17.1.2\ToolbarUpdater.exe [?]
S3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;c:\windows\system32\drivers\Apowersoft_AudioDevice.sys [2013-7-5 26032]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys [2013-7-30 41584]
S3 globalUpdatem;globalUpdate Update Service (globalUpdatem);c:\program files\globalupdate\update\GoogleUpdate.exe [2014-6-13 68608]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2014-6-12 108032]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.8.150\McCHSvc.exe [2014-4-10 235696]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-11 4231168]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2010-4-26 171520]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-5-16 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-5-12 1343400]
.
=============== Created Last 30 ================
.
2014-07-01 00:31:46 62576 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{9845082a-2174-4b15-ba30-b83ad6568dd9}\offreg.dll
2014-06-27 23:09:13 8140904 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{9845082a-2174-4b15-ba30-b83ad6568dd9}\mpengine.dll
2014-06-19 08:30:32 46704 ----a-w- c:\program files\mozilla firefox\browser\components\browsercomps.dll
2014-06-17 02:37:53 -------- d-----w- c:\users\new user\appdata\roaming\DesktopReminder
2014-06-17 02:26:28 -------- d-----w- c:\users\new user\appdata\local\Polenter_-_Software_Solut
2014-06-17 02:25:47 -------- d-----w- c:\program files\Desktop-Reminder 2
2014-06-17 02:25:35 -------- dc-h--w- c:\programdata\{6EDBDBF3-ED1B-4CF1-80B9-21175D532D2A}
2014-06-17 02:22:52 -------- d-----w- c:\users\new user\appdata\local\InstallAware Installation Information
2014-06-16 01:18:23 -------- d-----w- c:\program files\Picmeta
2014-06-13 10:44:04 -------- d-----w- c:\program files\WebSpades
2014-06-13 10:43:18 -------- d-----w- c:\program files\Torntv V9.0
2014-06-13 05:11:55 -------- d-----w- c:\users\new user\appdata\roaming\DriverFinder
2014-06-12 10:17:57 52928 ----a-w- c:\windows\system32\drivers\{a3f28269-ad17-41a8-b032-3e0313ef8979}w.sys
2014-06-12 09:16:19 -------- d-----w- c:\program files\Foxit Software
2014-06-12 09:13:37 -------- d-----w- c:\program files\Greener Web
2014-06-12 09:13:05 -------- d-----w- c:\program files\SiteLookup
2014-06-12 09:13:02 -------- d-----w- c:\users\new user\appdata\roaming\SimilarSites
2014-06-12 09:12:58 -------- d-----w- c:\users\new user\appdata\roaming\Plarium
2014-06-12 09:12:39 -------- d-----w- c:\users\new user\appdata\local\Soldiers
2014-06-12 09:12:19 -------- d-----w- c:\users\new user\appdata\local\StormFall
2014-06-11 22:57:59 592896 ----a-w- c:\windows\system32\jscript9diag.dll
2014-06-11 22:57:58 455168 ----a-w- c:\windows\system32\vbscript.dll
2014-06-11 22:57:58 4244992 ----a-w- c:\windows\system32\jscript9.dll
2014-06-11 22:56:16 2048 ----a-w- c:\windows\system32\msxml6r.dll
2014-06-11 22:56:16 2048 ----a-w- c:\windows\system32\msxml3r.dll
2014-06-11 22:56:16 1389056 ----a-w- c:\windows\system32\msxml6.dll
2014-06-11 22:56:16 1237504 ----a-w- c:\windows\system32\msxml3.dll
2014-06-11 22:56:15 626688 ----a-w- c:\windows\system32\usp10.dll
2014-06-11 22:56:15 187840 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2014-06-11 22:56:15 1294272 ----a-w- c:\windows\system32\drivers\tcpip.sys
2014-06-11 04:45:58 -------- d-----w- c:\users\new user\appdata\local\AdFender
2014-06-11 04:45:58 -------- d-----w- c:\programdata\AdFender
2014-06-11 04:45:58 -------- d-----w- c:\program files\AdFender
2014-06-09 04:07:50 -------- d-----w- c:\users\new user\appdata\local\Help
2014-06-09 04:06:03 9216 ----a-w- c:\windows\system32\ftlx0411.dll
2014-06-09 04:06:03 296960 ----a-w- c:\windows\winhlp32.exe
2014-06-09 04:06:03 195072 ----a-w- c:\windows\system32\ftsrch.dll
2014-06-09 04:06:03 10240 ----a-w- c:\windows\system32\ftlx041e.dll
2014-06-05 14:21:09 -------- d-----w- c:\users\new user\appdata\roaming\MusE
2014-06-05 14:21:08 -------- d-----w- c:\users\new user\appdata\local\MusE
2014-06-03 22:25:46 -------- d-----w- c:\users\new user\appdata\local\{E3ED23A9-8D68-48CE-BDFB-510218B75340}
2014-06-03 22:24:02 -------- d-----w- c:\users\new user\appdata\local\{DB4EE76A-0082-4AA4-9122-497E629D695D}
2014-06-03 22:23:11 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2014-06-03 22:21:19 -------- d-----w- c:\users\new user\appdata\local\{265C28A5-82F0-414F-9A63-8AAB3475233B}
2014-06-02 03:15:13 -------- d-----w- c:\program files\McAfee Security Scan
.
==================== Find3M ====================
.
2014-05-30 09:02:39 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-05-30 09:02:03 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-05-30 08:43:06 61952 ----a-w- c:\windows\system32\iesetup.dll
2014-05-30 08:42:16 51200 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-05-30 08:28:33 112128 ----a-w- c:\windows\system32\ieUnatt.exe
2014-05-30 08:28:30 108032 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-05-30 08:21:36 646144 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-05-30 08:10:46 32256 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-05-30 07:50:09 1068032 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-05-30 07:49:38 1964544 ----a-w- c:\windows\system32\inetcpl.cpl
2014-05-30 07:21:10 1790976 ----a-w- c:\windows\system32\wininet.dll
2014-05-23 13:28:21 1793672 ----a-w- c:\program files\amtlib.dll
2014-05-14 09:54:12 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-05-14 09:54:12 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-05-09 07:06:23 369664 ----a-w- c:\windows\system32\aepdu.dll
2014-05-09 07:04:12 302592 ----a-w- c:\windows\system32\aeinv.dll
2014-04-12 02:15:13 67520 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2014-04-12 02:15:13 136640 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2014-04-12 02:12:09 15872 ----a-w- c:\windows\system32\sspisrv.dll
2014-04-12 02:12:09 100352 ----a-w- c:\windows\system32\sspicli.dll
2014-04-12 02:12:06 22016 ----a-w- c:\windows\system32\secur32.dll
2014-04-12 02:11:58 1059840 ----a-w- c:\windows\system32\lsasrv.dll
2014-04-12 02:11:22 22528 ----a-w- c:\windows\system32\lsass.exe
2012-03-17 00:05:26 108544 ----a-w- c:\program files\vlc.exe
1998-12-19 05:01:22 104448 ----a-w- c:\program files\DXBall.exe
.
============= FINISH: 20:51:23.66 ===============

GMER 2.1.19357 - http://www.gmer.net
Rootkit quick scan 2014-07-01 22:42:37
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.PB3O 298.09GB
Running: 1owr77fx.exe; Driver: C:\Users\NEWUSE~1\AppData\Local\Temp\pftoipow.sys

---- Devices - GMER 2.1 ----

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys

---- EOF - GMER 2.1 ----


----------



## Cookiegal (Aug 27, 2003)

Please download ADWCleaner. Click on the *Download Now* button and save it to your desktop.

Close your browser and double-click on the AdwCleaner icon on your desktop to run the program.

Click on the *Scan* button. It may take several minutes to complete. When it is done click on the *Report* button and copy and paste the log here please.


----------



## MikeJG (Jul 31, 2013)

# AdwCleaner v3.214 - Report created 03/07/2014 at 00:35:31
# Updated 29/06/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (32 bits)
# Username : new user - TOSH-2
# Running from : C:\Users\new user\Desktop\Tech Suppport Guy scans\AdwCleaner(1).exe
# Option : Scan

***** [ Services ] *****

Service Found : BackupStack
Service Found : globalUpdate
Service Found : globalUpdatem
Service Found : Update Greener Web
Service Found : Util Greener Web
Service Found : vToolbarUpdater17.1.2

***** [ Files / Folders ] *****

File Found : C:\Users\new user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
File Found : C:\Users\new user\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\user.js
File Found : C:\Users\new user\AppData\Roaming\Mozilla\Firefox\Profiles\zv8j385y.default\searchplugins\bingp.xml
File Found : C:\Users\new user\AppData\Roaming\Mozilla\Firefox\Profiles\zv8j385y.default\searchplugins\trovi-search.xml
File Found : C:\Users\new user\AppData\Roaming\Mozilla\Firefox\Profiles\zv8j385y.default\user.js
File Found : C:\Users\new user\daemonprocess.txt
File Found : C:\Users\NEWUSE~1\AppData\Local\Temp\Uninstall.exe
File Found : C:\windows\System32\Tasks\a7982934-0630-49b5-bdb1-d23d83f53ffd-1
File Found : C:\windows\System32\Tasks\a7982934-0630-49b5-bdb1-d23d83f53ffd-2
File Found : C:\windows\System32\Tasks\a7982934-0630-49b5-bdb1-d23d83f53ffd-4
File Found : C:\windows\System32\Tasks\a7982934-0630-49b5-bdb1-d23d83f53ffd-5
File Found : C:\windows\System32\Tasks\a7982934-0630-49b5-bdb1-d23d83f53ffd-6
File Found : C:\windows\System32\Tasks\a7982934-0630-49b5-bdb1-d23d83f53ffd-7
File Found : C:\windows\System32\Tasks\globalUpdateUpdateTaskMachineCore
File Found : C:\windows\System32\Tasks\globalUpdateUpdateTaskMachineUA
File Found : C:\windows\System32\Tasks\ProgramRefresh-ATFST
File Found : C:\windows\System32\Tasks\ProgramUpdateCheck
File Found : C:\windows\System32\Tasks\YourFile DownloaderUpdate
File Found : C:\windows\Tasks\a7982934-0630-49b5-bdb1-d23d83f53ffd-1.job
File Found : C:\windows\Tasks\a7982934-0630-49b5-bdb1-d23d83f53ffd-2.job
File Found : C:\windows\Tasks\a7982934-0630-49b5-bdb1-d23d83f53ffd-4.job
File Found : C:\windows\Tasks\a7982934-0630-49b5-bdb1-d23d83f53ffd-5.job
File Found : C:\windows\Tasks\a7982934-0630-49b5-bdb1-d23d83f53ffd-6.job
File Found : C:\windows\Tasks\a7982934-0630-49b5-bdb1-d23d83f53ffd-7.job
File Found : C:\windows\Tasks\globalUpdateUpdateTaskMachineCore.job
File Found : C:\windows\Tasks\globalUpdateUpdateTaskMachineUA.job
Folder Found : C:\Program Files\File Type Assistant
Folder Found : C:\Program Files\globalUpdate
Folder Found : C:\Program Files\Greener Web
Folder Found : C:\Program Files\GreenTree Applications
Folder Found : C:\Program Files\MyPC Backup
Folder Found : C:\Program Files\Optimizer Pro
Folder Found : C:\Program Files\PassShow-soft
Folder Found : C:\Program Files\Torntv V9.0
Folder Found : C:\Program Files\WebSpades
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro v3.2
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Cleaner
Folder Found : C:\ProgramData\TicTaCoupOn
Folder Found : C:\ProgramData\tpperfeCTcoupoN
Folder Found : C:\ProgramData\WWoWCouPon
Folder Found : C:\Users\new user\AppData\Local\FileTypeAssistant
Folder Found : C:\Users\new user\AppData\Local\genienext
Folder Found : C:\Users\new user\AppData\Local\globalUpdate
Folder Found : C:\Users\new user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ankeahjchgfahjhompbbomhjkojcmcmm
Folder Found : C:\Users\new user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hacdahacphpjjballkpabdadjkbempgb
Folder Found : C:\Users\new user\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmnbobhffedhdhfpcjkjphcfpeeiocdn
Folder Found : C:\Users\new user\AppData\Local\Mobogenie
Folder Found : C:\Users\new user\AppData\LocalLow\Torntv V9.0
Folder Found : C:\Users\new user\AppData\Roaming\Browser Extensions
Folder Found : C:\Users\new user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
Folder Found : C:\Users\new user\AppData\Roaming\Mozilla\Firefox\Profiles\zv8j385y.default\Extensions\[email protected]
Folder Found : C:\Users\new user\AppData\Roaming\Mozilla\Firefox\Profiles\zv8j385y.default\Extensions\[email protected]c2592d0df.com
Folder Found : C:\Users\new user\AppData\Roaming\Mozilla\Firefox\Profiles\zv8j385y.default\Extensions\[email protected]
Folder Found : C:\Users\new user\AppData\Roaming\Optimizer Pro
Folder Found : C:\Users\new user\AppData\Roaming\PC Cleaner
Folder Found : C:\Users\new user\AppData\Roaming\SimilarSites
Folder Found : C:\Users\new user\AppData\Roaming\VOPackage
Folder Found : C:\Users\NEWUSE~1\AppData\Local\Temp\AtuZi
Folder Found : C:\Users\NEWUSE~1\AppData\Local\Temp\Greener Web
Folder Found : C:\Users\NEWUSE~1\AppData\Local\Temp\WebSpades

***** [ Shortcuts ] *****

***** [ Registry ] *****

Data Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~1\optimi~1\optpro~1.dll
Key Found : HKCU\Software\1ClickDownload
Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\AVG Secure Search
Key Found : HKCU\Software\GoforFiles
Key Found : HKCU\Software\Greener Web
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\installedbrowserextensions
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1973D53B-7311-45D7-8270-F44571C041A0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110511131190}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110511131190}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1973D53B-7311-45D7-8270-F44571C041A0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{3A787631-66A2-4634-B928-A37E73B58FB6}
Key Found : HKCU\Software\Optimizer Pro
Key Found : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511131190}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511131190}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1973D53B-7311-45D7-8270-F44571C041A0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522132290}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0051390.BHO
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0051390.BHO.1
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0051390.Sandbox
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0051390.Sandbox.1
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555135590}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566136690}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D95E57C2-53B3-4C38-BA1E-7980CB5E1803}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{3A1BEABE-0DC5-4615-8099-83973B843C06}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440544134490}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Found : HKLM\Software\GoforFiles
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ehgldbbpchgpcfagfpfjgoomddhccfgh
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\hphehadppenpmajgnkjdcopcfijjegaf
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\oejkcgajlodefenbbjdnaiahmbnnoole
Key Found : HKLM\Software\Greener Web
Key Found : HKLM\Software\installedbrowserextensions
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\biclient_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\biclient_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\LatestDLMgr_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\LatestDLMgr_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\updateJumpFlip_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\updateJumpFlip_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\utilJumpFlip_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\utilJumpFlip_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3886E344-E3C3-4209-967E-E994AF777282}
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3A98CB14-E758-43D3-8486-DDB124097977}
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3FEC3B78-4903-494A-AE57-B7CEACB6130A}
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{476A23AF-0AD5-4795-AFBF-B7D12BECF333}
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5E69F1BF-97F0-435F-8818-65616492E304}
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6E788D77-8F79-4E06-8604-305B3B47C105}
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A4AED76A-9492-402C-92CF-881F8E10BC1D}
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DB7FCCF2-6926-44A8-B142-48378915CA01}
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{EACE8140-12CD-4665-B8E8-8DB685FCA8C0}
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{68A91763-4884-4BFA-88F3-FE5C037D352A}
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{71D7E4E3-DDC2-4B44-BD75-4D3DCAE666A2}
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1EC9510D-A439-4950-9399-B6399EDF9EA7}
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3886E344-E3C3-4209-967E-E994AF777282}
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3A98CB14-E758-43D3-8486-DDB124097977}
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3FEC3B78-4903-494A-AE57-B7CEACB6130A}
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{476A23AF-0AD5-4795-AFBF-B7D12BECF333}
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5E69F1BF-97F0-435F-8818-65616492E304}
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{68A91763-4884-4BFA-88F3-FE5C037D352A}
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6E788D77-8F79-4E06-8604-305B3B47C105}
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{71D7E4E3-DDC2-4B44-BD75-4D3DCAE666A2}
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A4AED76A-9492-402C-92CF-881F8E10BC1D}
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DB7FCCF2-6926-44A8-B142-48378915CA01}
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EACE8140-12CD-4665-B8E8-8DB685FCA8C0}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backup
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511131190}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511131190}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1973D53B-7311-45D7-8270-F44571C041A0}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Greener Web
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
Key Found : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Key Found : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17126

-\\ Mozilla Firefox v30.0 (en-GB)

[ File : C:\Users\new user\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\prefs.js ]

[ File : C:\Users\new user\AppData\Roaming\Mozilla\Firefox\Profiles\zv8j385y.default\prefs.js ]

Line Found : user_pref("browser.startup.homepage", "hxxp://www.trovigo.com/?gd=&ctid=CT3324790&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=5&UP=SP392197FB-717B-4AA9-B3A8-95F2ED41276A&SSPV=");
Line Found : user_pref("extensions.4HjVJT.scode", "(function(){try{var url=window.self.location.href;if(url.indexOf(\"acebook\")>-1||url.indexOf(\"txtlnkusaolp00000800\")>-1||url.indexOf(\"onduit\")>-1||url.match([...]
Line Found : user_pref("extensions.Ph9AtStVX.scode", "(function(){try{var url=window.self.location.href;if(url.indexOf(\"acebook\")>-1||url.indexOf(\"txtlnkusaolp00000800\")>-1||url.indexOf(\"onduit\")>-1||url.mat[...]
Line Found : user_pref("extensions.T4mL.scode", "(function(){try{var url=window.self.location.href;if(url.indexOf(\"acebook\")>-1||url.indexOf(\"txtlnkusaolp00000800\")>-1||url.indexOf(\"onduit\")>-1||url.match(/b[...]
Line Found : user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssf[...]
Line Found : user_pref("extensions.betterff.surfcanyon.ramp.start_time", "1391590666498");
Line Found : user_pref("extensions.crossrider.bic", "146074ed8abe3389d95e03d41681fe27");
Line Found : user_pref("extensions.dmkQFE.scode", "(function(){try{var url=window.self.location.href;if(url.indexOf(\"acebook\")>-1||url.indexOf(\"txtlnkusaolp00000800\")>-1||url.match(/ressbar.com[^f]+fid=65017/)[...]
Line Found : user_pref("extensions.fvd_single.surfcanyon.ramp.start_time", "1394058715809");
Line Found : user_pref("extensions.qAcNdqHXl.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumoro[...]

-\\ Google Chrome v32.0.1700.76

[ File : C:\Users\new user\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found [Search Provider] : hxxp://isearch.avg.com/search?cid={0E6C4E3D-22FC-4D63-A0B1-7F9C9732B89C}&mid=bdc94aa2ae6547d0bb06d16f2a8f2122-ad29c238826b6759abc930ef6fcf3cf8345c27b5&lang=en&ds=pl011&pr=sa&d=2012-03-30 10:22:57&v=11.1.0.12&sap=dsp&q={searchTerms}
Found [Search Provider] : hxxp://isearch.babylon.com/web/{searchTerms}?babsrc=browsersearch
Found [Search Provider] : hxxp://www.trovigo.com/Results.aspx?gd=&ctid=CT3324790&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=5&UP=SP392197FB-717B-4AA9-B3A8-95F2ED41276A&q={searchTerms}&SSPV=
Found [Startup_urls] : hxxp://www.trovigo.com/?gd=&ctid=CT3324790&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=5&UP=SP392197FB-717B-4AA9-B3A8-95F2ED41276A&SSPV=
Found [Homepage] : hxxp://www.trovigo.com/?gd=&ctid=CT3324790&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=5&UP=SP392197FB-717B-4AA9-B3A8-95F2ED41276A&SSPV=
Found [Extension] : ankeahjchgfahjhompbbomhjkojcmcmm
Found [Extension] : eiimolhnbbbdagljikeckdkldgemmmlj
Found [Extension] : hacdahacphpjjballkpabdadjkbempgb
Found [Extension] : hphehadppenpmajgnkjdcopcfijjegaf
Found [Extension] : kdidombaedgpfiiedeimiebkmbilgmlc
Found [Extension] : lmnbobhffedhdhfpcjkjphcfpeeiocdn

*************************

AdwCleaner[R0].txt - [29216 octets] - [01/12/2013 12:44:17]
AdwCleaner[R1].txt - [1314 octets] - [01/12/2013 12:59:08]
AdwCleaner[R2].txt - [1423 octets] - [03/12/2013 06:44:36]
AdwCleaner[R3].txt - [18686 octets] - [03/07/2014 00:35:31]
AdwCleaner[S0].txt - [29791 octets] - [01/12/2013 12:46:25]
AdwCleaner[S1].txt - [1381 octets] - [01/12/2013 12:59:55]
AdwCleaner[S2].txt - [1490 octets] - [03/12/2013 06:49:01]

########## EOF - C:\AdwCleaner\AdwCleaner[R3].txt - [18928 octets] ##########


----------



## Cookiegal (Aug 27, 2003)

Please run AdwCleaner again and this time select the "clean" option and post the new log.


----------



## MikeJG (Jul 31, 2013)

Scan and Clean

# AdwCleaner v3.214 - Report created 03/07/2014 at 10:54:31
# Updated 29/06/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (32 bits)
# Username : new user - TOSH-2
# Running from : C:\Users\new user\Desktop\Tech Suppport Guy scans\AdwCleaner(1).exe
# Option : Clean

***** [ Services ] *****

Service Deleted : BackupStack
[#] Service Deleted : globalUpdate
[#] Service Deleted : globalUpdatem
[#] Service Deleted : Update Greener Web
[#] Service Deleted : Util Greener Web
[#] Service Deleted : vToolbarUpdater17.1.2

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\TicTaCoupOn
Folder Deleted : C:\ProgramData\tpperfeCTcoupoN
Folder Deleted : C:\ProgramData\WWoWCouPon
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro v3.2
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Cleaner
Folder Deleted : C:\Program Files\File Type Assistant
Folder Deleted : C:\Program Files\globalUpdate
[!] Folder Deleted : C:\Program Files\Greener Web
Folder Deleted : C:\Program Files\GreenTree Applications
Folder Deleted : C:\Program Files\MyPC Backup
Folder Deleted : C:\Program Files\Optimizer Pro
Folder Deleted : C:\Program Files\PassShow-soft
Folder Deleted : C:\Program Files\Torntv V9.0
Folder Deleted : C:\Program Files\WebSpades
Folder Deleted : C:\Users\NEWUSE~1\AppData\Local\Temp\AtuZi
Folder Deleted : C:\Users\NEWUSE~1\AppData\Local\Temp\Greener Web
Folder Deleted : C:\Users\NEWUSE~1\AppData\Local\Temp\WebSpades
Folder Deleted : C:\Users\new user\AppData\Local\FileTypeAssistant
Folder Deleted : C:\Users\new user\AppData\Local\genienext
Folder Deleted : C:\Users\new user\AppData\Local\globalUpdate
Folder Deleted : C:\Users\new user\AppData\Local\Mobogenie
Folder Deleted : C:\Users\new user\AppData\LocalLow\Torntv V9.0
Folder Deleted : C:\Users\new user\AppData\Roaming\Browser Extensions
Folder Deleted : C:\Users\new user\AppData\Roaming\Optimizer Pro
Folder Deleted : C:\Users\new user\AppData\Roaming\PC Cleaner
Folder Deleted : C:\Users\new user\AppData\Roaming\SimilarSites
Folder Deleted : C:\Users\new user\AppData\Roaming\VOPackage
Folder Deleted : C:\Users\new user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
Folder Deleted : C:\Users\new user\AppData\Roaming\Mozilla\Firefox\Profiles\zv8j385y.default\Extensions\[email protected]
Folder Deleted : C:\Users\new user\AppData\Roaming\Mozilla\Firefox\Profiles\zv8j385y.default\Extensions\[email protected]
Folder Deleted : C:\Users\new user\AppData\Roaming\Mozilla\Firefox\Profiles\zv8j385y.default\Extensions\[email protected]c2592d0df.com
Folder Deleted : C:\Users\new user\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmnbobhffedhdhfpcjkjphcfpeeiocdn
Folder Deleted : C:\Users\new user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ankeahjchgfahjhompbbomhjkojcmcmm
Folder Deleted : C:\Users\new user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hacdahacphpjjballkpabdadjkbempgb
File Deleted : C:\Users\NEWUSE~1\AppData\Local\Temp\Uninstall.exe
File Deleted : C:\Users\new user\daemonprocess.txt
File Deleted : C:\Users\new user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
File Deleted : C:\Users\new user\AppData\Roaming\Mozilla\Firefox\Profiles\zv8j385y.default\searchplugins\bingp.xml
File Deleted : C:\Users\new user\AppData\Roaming\Mozilla\Firefox\Profiles\zv8j385y.default\searchplugins\trovi-search.xml
File Deleted : C:\Users\new user\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\user.js
File Deleted : C:\Users\new user\AppData\Roaming\Mozilla\Firefox\Profiles\zv8j385y.default\user.js
File Deleted : C:\windows\Tasks\globalUpdateUpdateTaskMachineCore.job
File Deleted : C:\windows\System32\Tasks\globalUpdateUpdateTaskMachineCore
File Deleted : C:\windows\Tasks\globalUpdateUpdateTaskMachineUA.job
File Deleted : C:\windows\System32\Tasks\globalUpdateUpdateTaskMachineUA
File Deleted : C:\windows\System32\Tasks\ProgramRefresh-ATFST
File Deleted : C:\windows\System32\Tasks\ProgramUpdateCheck
File Deleted : C:\windows\System32\Tasks\YourFile DownloaderUpdate
File Deleted : C:\windows\Tasks\a7982934-0630-49b5-bdb1-d23d83f53ffd-1.job
File Deleted : C:\windows\System32\Tasks\a7982934-0630-49b5-bdb1-d23d83f53ffd-1
File Deleted : C:\windows\Tasks\a7982934-0630-49b5-bdb1-d23d83f53ffd-2.job
File Deleted : C:\windows\System32\Tasks\a7982934-0630-49b5-bdb1-d23d83f53ffd-2
File Deleted : C:\windows\Tasks\a7982934-0630-49b5-bdb1-d23d83f53ffd-4.job
File Deleted : C:\windows\System32\Tasks\a7982934-0630-49b5-bdb1-d23d83f53ffd-4
File Deleted : C:\windows\Tasks\a7982934-0630-49b5-bdb1-d23d83f53ffd-5.job
File Deleted : C:\windows\System32\Tasks\a7982934-0630-49b5-bdb1-d23d83f53ffd-5
File Deleted : C:\windows\Tasks\a7982934-0630-49b5-bdb1-d23d83f53ffd-6.job
File Deleted : C:\windows\System32\Tasks\a7982934-0630-49b5-bdb1-d23d83f53ffd-6
File Deleted : C:\windows\Tasks\a7982934-0630-49b5-bdb1-d23d83f53ffd-7.job
File Deleted : C:\windows\System32\Tasks\a7982934-0630-49b5-bdb1-d23d83f53ffd-7

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ehgldbbpchgpcfagfpfjgoomddhccfgh
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\hphehadppenpmajgnkjdcopcfijjegaf
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\oejkcgajlodefenbbjdnaiahmbnnoole
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3FEC3B78-4903-494A-AE57-B7CEACB6130A}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3FEC3B78-4903-494A-AE57-B7CEACB6130A}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{68A91763-4884-4BFA-88F3-FE5C037D352A}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{68A91763-4884-4BFA-88F3-FE5C037D352A}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1EC9510D-A439-4950-9399-B6399EDF9EA7}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{71D7E4E3-DDC2-4B44-BD75-4D3DCAE666A2}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{71D7E4E3-DDC2-4B44-BD75-4D3DCAE666A2}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3A98CB14-E758-43D3-8486-DDB124097977}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3A98CB14-E758-43D3-8486-DDB124097977}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6E788D77-8F79-4E06-8604-305B3B47C105}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6E788D77-8F79-4E06-8604-305B3B47C105}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{476A23AF-0AD5-4795-AFBF-B7D12BECF333}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{476A23AF-0AD5-4795-AFBF-B7D12BECF333}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A4AED76A-9492-402C-92CF-881F8E10BC1D}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A4AED76A-9492-402C-92CF-881F8E10BC1D}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{EACE8140-12CD-4665-B8E8-8DB685FCA8C0}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EACE8140-12CD-4665-B8E8-8DB685FCA8C0}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5E69F1BF-97F0-435F-8818-65616492E304}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5E69F1BF-97F0-435F-8818-65616492E304}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DB7FCCF2-6926-44A8-B142-48378915CA01}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DB7FCCF2-6926-44A8-B142-48378915CA01}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3886E344-E3C3-4209-967E-E994AF777282}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3886E344-E3C3-4209-967E-E994AF777282}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\biclient_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\biclient_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\LatestDLMgr_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\LatestDLMgr_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updateJumpFlip_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updateJumpFlip_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\utilJumpFlip_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\utilJumpFlip_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backup
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0051390.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0051390.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0051390.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0051390.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1973D53B-7311-45D7-8270-F44571C041A0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511131190}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522132290}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D95E57C2-53B3-4C38-BA1E-7980CB5E1803}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555135590}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566136690}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3A1BEABE-0DC5-4615-8099-83973B843C06}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440544134490}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1973D53B-7311-45D7-8270-F44571C041A0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511131190}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1973D53B-7311-45D7-8270-F44571C041A0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110511131190}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1973D53B-7311-45D7-8270-F44571C041A0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\GoforFiles
Key Deleted : HKCU\Software\Greener Web
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\installedbrowserextensions
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\GoforFiles
Key Deleted : HKLM\Software\Greener Web
Key Deleted : HKLM\Software\installedbrowserextensions
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{3A787631-66A2-4634-B928-A37E73B58FB6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Greener Web
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~1\optimi~1\optpro~1.dll

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17126

-\\ Mozilla Firefox v30.0 (en-GB)

[ File : C:\Users\new user\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\prefs.js ]

[ File : C:\Users\new user\AppData\Roaming\Mozilla\Firefox\Profiles\zv8j385y.default\prefs.js ]

Line Deleted : user_pref("browser.startup.homepage", "hxxp://www.trovigo.com/?gd=&ctid=CT3324790&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=5&UP=SP392197FB-717B-4AA9-B3A8-95F2ED41276A&SSPV=");
Line Deleted : user_pref("extensions.4HjVJT.scode", "(function(){try{var url=window.self.location.href;if(url.indexOf(\"acebook\")>-1||url.indexOf(\"txtlnkusaolp00000800\")>-1||url.indexOf(\"onduit\")>-1||url.match([...]
Line Deleted : user_pref("extensions.Ph9AtStVX.scode", "(function(){try{var url=window.self.location.href;if(url.indexOf(\"acebook\")>-1||url.indexOf(\"txtlnkusaolp00000800\")>-1||url.indexOf(\"onduit\")>-1||url.mat[...]
Line Deleted : user_pref("extensions.T4mL.scode", "(function(){try{var url=window.self.location.href;if(url.indexOf(\"acebook\")>-1||url.indexOf(\"txtlnkusaolp00000800\")>-1||url.indexOf(\"onduit\")>-1||url.match(/b[...]
Line Deleted : user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssf[...]
Line Deleted : user_pref("extensions.betterff.surfcanyon.ramp.start_time", "1391590666498");
Line Deleted : user_pref("extensions.crossrider.bic", "146074ed8abe3389d95e03d41681fe27");
Line Deleted : user_pref("extensions.dmkQFE.scode", "(function(){try{var url=window.self.location.href;if(url.indexOf(\"acebook\")>-1||url.indexOf(\"txtlnkusaolp00000800\")>-1||url.match(/ressbar.com[^f]+fid=65017/)[...]
Line Deleted : user_pref("extensions.fvd_single.surfcanyon.ramp.start_time", "1394058715809");
Line Deleted : user_pref("extensions.qAcNdqHXl.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumoro[...]

-\\ Google Chrome v32.0.1700.76

[ File : C:\Users\new user\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://isearch.avg.com/search?cid={0E6C4E3D-22FC-4D63-A0B1-7F9C9732B89C}&mid=bdc94aa2ae6547d0bb06d16f2a8f2122-ad29c238826b6759abc930ef6fcf3cf8345c27b5&lang=en&ds=pl011&pr=sa&d=2012-03-30 10:22:57&v=11.1.0.12&sap=dsp&q={searchTerms}
Deleted [Search Provider] : hxxp://isearch.babylon.com/web/{searchTerms}?babsrc=browsersearch
Deleted [Search Provider] : hxxp://www.trovigo.com/Results.aspx?gd=&ctid=CT3324790&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=5&UP=SP392197FB-717B-4AA9-B3A8-95F2ED41276A&q={searchTerms}&SSPV=
Deleted [Startup_urls] : hxxp://www.trovigo.com/?gd=&ctid=CT3324790&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=5&UP=SP392197FB-717B-4AA9-B3A8-95F2ED41276A&SSPV=
Deleted [Homepage] : hxxp://www.trovigo.com/?gd=&ctid=CT3324790&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=5&UP=SP392197FB-717B-4AA9-B3A8-95F2ED41276A&SSPV=
Deleted [Extension] : ankeahjchgfahjhompbbomhjkojcmcmm
Deleted [Extension] : eiimolhnbbbdagljikeckdkldgemmmlj
Deleted [Extension] : hacdahacphpjjballkpabdadjkbempgb
Deleted [Extension] : hphehadppenpmajgnkjdcopcfijjegaf
Deleted [Extension] : kdidombaedgpfiiedeimiebkmbilgmlc
Deleted [Extension] : lmnbobhffedhdhfpcjkjphcfpeeiocdn

*************************

AdwCleaner[R0].txt - [29216 octets] - [01/12/2013 12:44:17]
AdwCleaner[R1].txt - [1314 octets] - [01/12/2013 12:59:08]
AdwCleaner[R2].txt - [1423 octets] - [03/12/2013 06:44:36]
AdwCleaner[R3].txt - [19009 octets] - [03/07/2014 00:35:31]
AdwCleaner[R4].txt - [19070 octets] - [03/07/2014 10:51:13]
AdwCleaner[S0].txt - [29791 octets] - [01/12/2013 12:46:25]
AdwCleaner[S1].txt - [1381 octets] - [01/12/2013 12:59:55]
AdwCleaner[S2].txt - [1490 octets] - [03/12/2013 06:49:01]
AdwCleaner[S3].txt - [19174 octets] - [03/07/2014 10:54:31]

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [19235 octets] ##########


----------



## Cookiegal (Aug 27, 2003)

OK, that's good.

Please visit *Combofix Guide & Instructions * for instructions for installing the Recovery Console and downloading and running ComboFix.

The only thing different from the instructions there is that when downloading and saving the ComboFix.exe I would like you to rename it to puppy.exe please.

You will also need to disable all of your security programs so they don't interfere with ComboFix. Please visit the following link for more information on how to disable them:

http://www.bleepingcomputer.com/forums/topic114351.html

Be sure to remember to re-enable them right after the scan.

Post the log from ComboFix when you've accomplished that.

Important notes regarding ComboFix:

ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. This can easily be changed once we're finished.

ComboFix also prevents autorun of ALL CDs, floppies and USB devices (don't worry, the keyboard and mouse will still function) to assist with malware removal & increase security. If this is an issue or makes it difficult for you, please let me know. This can be undone manually when we're finished. Read  *HERE * for an article written by dvk01 on why we disable autoruns.


----------



## MikeJG (Jul 31, 2013)

COMBOFIX
I ran the scan without renaming Comboscan before I realized how to do that then ran it under the name of 'puppy.exe'. Also I couldn' find Avast to turn it off. This is the result Hope that's ok.

2nd scan puppy.exe

ComboFix 14-06-30.01 - new user 03/07/2014 16:01:16.2.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.64.1033.18.2940.1586 [GMT 12:00]
Running from: c:\users\new user\Desktop\Tech Suppport Guy scans\puppy.exe.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Java\jre7\bin\jp2ssv.dll
c:\windows\SwSys1.bmp
c:\windows\SwSys2.bmp
c:\windows\system32\Thumbs.db
.
.
((((((((((((((((((((((((( Files Created from 2014-06-03 to 2014-07-03 )))))))))))))))))))))))))))))))
.
.
2014-07-03 04:08 . 2014-07-03 04:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-07-02 23:01 . 2014-07-02 23:01 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{50078D5D-3BF7-4C19-AC27-5453F20ECEB5}\offreg.dll
2014-07-02 12:36 . 2010-08-29 20:34 536576 ----a-w- c:\windows\system32\sqlite3.dll
2014-07-01 22:15 . 2014-06-05 10:54 8140904 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{50078D5D-3BF7-4C19-AC27-5453F20ECEB5}\mpengine.dll
2014-06-17 02:37 . 2014-06-17 02:37 -------- d-----w- c:\users\new user\AppData\Roaming\DesktopReminder
2014-06-17 02:26 . 2014-06-17 02:26 -------- d-----w- c:\users\new user\AppData\Local\Polenter_-_Software_Solut
2014-06-17 02:25 . 2014-06-17 02:25 -------- d-----w- c:\program files\Desktop-Reminder 2
2014-06-17 02:25 . 2014-06-17 02:26 -------- dc-h--w- c:\programdata\{6EDBDBF3-ED1B-4CF1-80B9-21175D532D2A}
2014-06-17 02:22 . 2014-06-17 02:22 -------- d-----w- c:\users\new user\AppData\Local\InstallAware Installation Information
2014-06-16 01:18 . 2014-06-16 01:18 -------- d-----w- c:\program files\Picmeta
2014-06-13 05:11 . 2014-06-13 05:21 -------- d-----w- c:\users\new user\AppData\Roaming\DriverFinder
2014-06-12 10:17 . 2014-06-11 03:34 52928 ----a-w- c:\windows\system32\drivers\{a3f28269-ad17-41a8-b032-3e0313ef8979}w.sys
2014-06-12 09:16 . 2014-06-12 09:16 -------- d-----w- c:\program files\Foxit Software
2014-06-12 09:13 . 2014-07-02 22:55 -------- d-----w- c:\program files\Greener Web
2014-06-12 09:13 . 2014-06-12 09:13 -------- d-----w- c:\program files\SiteLookup
2014-06-12 09:12 . 2014-06-12 09:12 -------- d-----w- c:\users\new user\AppData\Roaming\Plarium
2014-06-12 09:12 . 2014-06-12 09:12 -------- d-----w- c:\users\new user\AppData\Local\Soldiers
2014-06-12 09:12 . 2014-06-12 09:12 -------- d-----w- c:\users\new user\AppData\Local\StormFall
2014-06-11 22:57 . 2014-05-30 08:27 592896 ----a-w- c:\windows\system32\jscript9diag.dll
2014-06-11 22:57 . 2014-05-30 08:44 455168 ----a-w- c:\windows\system32\vbscript.dll
2014-06-11 22:57 . 2014-05-30 07:56 4244992 ----a-w- c:\windows\system32\jscript9.dll
2014-06-11 22:56 . 2014-03-26 14:27 1389056 ----a-w- c:\windows\system32\msxml6.dll
2014-06-11 22:56 . 2014-03-26 14:27 1237504 ----a-w- c:\windows\system32\msxml3.dll
2014-06-11 22:56 . 2014-03-26 14:25 2048 ----a-w- c:\windows\system32\msxml6r.dll
2014-06-11 22:56 . 2014-03-26 14:25 2048 ----a-w- c:\windows\system32\msxml3r.dll
2014-06-11 22:56 . 2014-04-25 02:06 626688 ----a-w- c:\windows\system32\usp10.dll
2014-06-11 22:56 . 2014-04-05 02:25 1294272 ----a-w- c:\windows\system32\drivers\tcpip.sys
2014-06-11 22:56 . 2014-04-05 02:24 187840 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2014-06-11 04:45 . 2014-06-22 07:19 -------- d-----w- c:\program files\AdFender
2014-06-11 04:45 . 2014-06-11 04:47 -------- d-----w- c:\users\new user\AppData\Local\AdFender
2014-06-11 04:45 . 2014-06-11 04:45 -------- d-----w- c:\programdata\AdFender
2014-06-09 04:07 . 2014-06-09 04:12 -------- d-----w- c:\users\new user\AppData\Local\Help
2014-06-09 04:06 . 2009-08-04 17:56 296960 ----a-w- c:\windows\winhlp32.exe
2014-06-09 04:06 . 2009-08-04 17:55 195072 ----a-w- c:\windows\system32\ftsrch.dll
2014-06-09 04:06 . 2009-08-04 17:55 9216 ----a-w- c:\windows\system32\ftlx0411.dll
2014-06-09 04:06 . 2009-08-04 17:55 10240 ----a-w- c:\windows\system32\ftlx041e.dll
2014-06-05 14:21 . 2014-06-05 14:21 -------- d-----w- c:\users\new user\AppData\Roaming\MusE
2014-06-05 14:21 . 2014-06-05 14:21 -------- d-----w- c:\users\new user\AppData\Local\MusE
2014-06-03 22:23 . 2014-06-03 22:23 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2014-06-03 21:54 . 2014-06-03 21:54 -------- d-----w- c:\program files\Common Files\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-23 13:28 . 2012-04-27 06:48 1793672 ----a-w- c:\program files\amtlib.dll
2014-05-14 09:54 . 2013-08-03 03:47 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-05-14 09:54 . 2013-08-03 03:47 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-05-09 07:06 . 2014-05-15 02:25 369664 ----a-w- c:\windows\system32\aepdu.dll
2014-05-09 07:04 . 2014-05-15 02:25 302592 ----a-w- c:\windows\system32\aeinv.dll
2014-04-12 02:15 . 2014-05-15 02:25 67520 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2014-04-12 02:15 . 2014-05-15 02:25 136640 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2014-04-12 02:12 . 2014-05-15 02:25 15872 ----a-w- c:\windows\system32\sspisrv.dll
2014-04-12 02:12 . 2014-05-15 02:25 100352 ----a-w- c:\windows\system32\sspicli.dll
2014-04-12 02:12 . 2014-05-15 02:25 22016 ----a-w- c:\windows\system32\secur32.dll
2014-04-12 02:11 . 2014-05-15 02:25 1059840 ----a-w- c:\windows\system32\lsasrv.dll
2014-04-12 02:11 . 2014-05-15 02:25 22528 ----a-w- c:\windows\system32\lsass.exe
2012-03-17 00:05 . 2012-03-17 00:05 108544 ----a-w- c:\program files\vlc.exe
1998-12-19 05:01 . 2013-01-16 22:37 104448 ----a-w- c:\program files\DXBall.exe
2004-05-07 03:31 . 2014-06-11 03:42 348160 ----a-w- c:\program files\mozilla firefox\components\MSVCR71.DLL
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2014-05-07 21442176]
"uTorrent"="c:\users\new user\AppData\Roaming\uTorrent\uTorrent.exe" [2014-07-02 1322832]
"DesktopReminder2ByPolenter"="c:\program files\Desktop-Reminder 2\DesktopReminder2.exe" [2014-05-19 2826256]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 174104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 151064]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-29 7625248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-21 1545512]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-08-05 476512]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2009-07-28 460088]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2009-08-05 738616]
"Teco"="c:\program files\TOSHIBA\TECO\Teco.exe" [2009-08-11 1324384]
"TosNC"="c:\program files\Toshiba\BulletinBoard\TosNcCore.exe" [2009-08-06 466792]
"TosReelTimeMonitor"="c:\program files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [2009-08-06 29528]
"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-08-17 1294136]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-08-04 611672]
"SmartFaceVWatcher"="c:\program files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [2009-07-29 163840]
"TosWaitSrv"="c:\program files\TOSHIBA\TPHM\TosWaitSrv.exe" [2009-08-07 611672]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-03 446392]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-11 1523360]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-01 254336]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"CanonQuickMenu"="c:\program files\Canon\Quick Menu\CNQMMAIN.EXE" [2012-09-27 1279120]
"HPAIO_PrintFolderMgr"="c:\windows\system32\spool\DRIVERS\W32X86\hpoopm07.exe" [2000-07-25 61440]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-13 59720]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2014-01-17 421888]
.
c:\users\new user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Xnet Usage Monitor.lnk - c:\program files\Xnet Usage Monitor\XNetUsage.exe [2013-1-31 2338304]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AdFender.lnk - c:\program files\AdFender\AdFender.exe -autostart [2013-12-13 3228080]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.150\SSScheduler.exe [2014-4-10 279456]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"REGSHAVE"=c:\program files\REGSHAVE\REGSHAVE.EXE /AUTORUN
.
R0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-10-22 172192]
R3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;c:\windows\system32\drivers\Apowersoft_AudioDevice.sys [2013-06-01 26032]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [x]
R3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys [2013-04-10 41584]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-05-30 108032]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe [2014-04-09 235696]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [x]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [x]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [x]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-08-06 171520]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-05-12 1343400]
S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2013-07-29 13560]
S1 {a3f28269-ad17-41a8-b032-3e0313ef8979}w;{a3f28269-ad17-41a8-b032-3e0313ef8979}w;c:\windows\system32\drivers\{a3f28269-ad17-41a8-b032-3e0313ef8979}w.sys [2014-06-11 52928]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-04-11 1390720]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-04-11 1764992]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [2009-08-11 185712]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]
S2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2011-02-11 35088]
S2 RSELSVC;TOSHIBA Modem region select service;c:\program files\TOSHIBA\RSelect\RSelSvc.exe [2009-07-07 62832]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-08-11 185712]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 12920]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2009-07-07 7680]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-23 24064]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-11-05 230912]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2010-04-26 1011232]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
S3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-08-17 51512]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-08-04 111960]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2009-08-07 685424]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPService REG_MULTI_SZ HPSLPSVC
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-01-14 22:28 1211672 ----a-w- c:\program files\Google\Chrome\Application\32.0.1700.76\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-07-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-03 09:54]
.
2014-07-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-27 07:31]
.
2014-07-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-27 07:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSAU&bmod=TSAU
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = <-loopback>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\OFFICE11\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\new user\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\new user\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 58.28.5.2 58.28.6.2
FF - ProfilePath - c:\users\new user\AppData\Roaming\Mozilla\Firefox\Profiles\zv8j385y.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo!
FF - prefs.js: keyword.URL - hxxps://au.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=231195&p=
FF - prefs.js: network.proxy.type - 0
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2157935053-1210720638-4233388858-1010\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{85A6B1CD-1CCA-CF44-C367-737087D55723}*]
"jajoblafcbkdandnmifb"=hex:6d,61,6a,61,6e,61,68,61,65,64,6b,67,62,61,6e,67,6e,
62,61,67,6f,62,6d,62,6f,6a,00,77
"iamnelhlgmpdijbojh"=hex:63,61,62,63,64,6d,00,00
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000009
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000009
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-07-03 16:10:26
ComboFix-quarantined-files.txt 2014-07-03 04:10
ComboFix2.txt 2014-07-03 03:37
.
Pre-Run: 3,157,331,968 bytes free
Post-Run: 3,091,542,016 bytes free
.
- - End Of File - - 37A2AD122130E068A94FBD420DAA1AFC
5B5E648D12FCADC244C1EC30318E1EB9


----------



## Cookiegal (Aug 27, 2003)

It must be downloaded to the Desktop, not to a folder on the Desktop which is what you've done.

c:\users\new user\Desktop\*Tech Suppport Guy scans*\puppy.exe.exe

Plus you've give the file a double exe extension.

First, please move it from that folder and place it directly on the Desktop.

Then, delete the extra .exe and run a new scan and post the new log.


----------



## MikeJG (Jul 31, 2013)

I think I got it this time. Thanks for your patience

ComboFix 14-07-03.01 - new user 04/07/2014 17:05:02.3.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.64.1033.18.2940.1296 [GMT 12:00]
Running from: c:\users\new user\Desktop\puppy.exe.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2014-06-04 to 2014-07-04 )))))))))))))))))))))))))))))))
.
.
2014-07-04 05:15 . 2014-07-04 05:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-07-04 01:54 . 2014-07-04 01:55 -------- d-----w- c:\users\new user\AppData\Local\FreeFileViewer
2014-07-03 23:23 . 2014-07-02 23:23 52920 ----a-w- c:\windows\system32\drivers\{6fcd6092-9615-4f7f-8898-8df53980e5d2}Gw.sys
2014-07-03 22:24 . 2014-07-03 22:24 -------- d-----w- c:\users\new user\AppData\Roaming\Optimizer Pro
2014-07-03 22:21 . 2014-07-03 22:39 -------- d-----w- c:\users\new user\AppData\Local\FileTypeAssistant
2014-07-03 22:21 . 2014-07-03 22:23 -------- d-----w- c:\program files\File Type Assistant
2014-07-03 22:20 . 2014-07-03 22:20 -------- d-----w- c:\program files\FreeFileViewer
2014-07-03 22:19 . 2014-07-03 23:22 -------- d-----w- c:\program files\NetCrawl
2014-07-03 22:18 . 2014-07-03 22:18 -------- d-----w- c:\program files\Optimizer Pro
2014-07-03 20:33 . 2014-07-03 20:33 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{50078D5D-3BF7-4C19-AC27-5453F20ECEB5}\offreg.dll
2014-07-02 12:36 . 2010-08-29 20:34 536576 ----a-w- c:\windows\system32\sqlite3.dll
2014-07-01 22:15 . 2014-06-05 10:54 8140904 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{50078D5D-3BF7-4C19-AC27-5453F20ECEB5}\mpengine.dll
2014-06-17 02:37 . 2014-06-17 02:37 -------- d-----w- c:\users\new user\AppData\Roaming\DesktopReminder
2014-06-17 02:26 . 2014-06-17 02:26 -------- d-----w- c:\users\new user\AppData\Local\Polenter_-_Software_Solut
2014-06-17 02:25 . 2014-07-03 10:11 -------- d---a-w- c:\program files\Desktop-Reminder 2
2014-06-17 02:25 . 2014-06-17 02:26 -------- dc-h--w- c:\programdata\{6EDBDBF3-ED1B-4CF1-80B9-21175D532D2A}
2014-06-17 02:22 . 2014-06-17 02:22 -------- d-----w- c:\users\new user\AppData\Local\InstallAware Installation Information
2014-06-16 01:18 . 2014-06-16 01:18 -------- d-----w- c:\program files\Picmeta
2014-06-13 05:11 . 2014-06-13 05:21 -------- d-----w- c:\users\new user\AppData\Roaming\DriverFinder
2014-06-12 10:17 . 2014-06-11 03:34 52928 ----a-w- c:\windows\system32\drivers\{a3f28269-ad17-41a8-b032-3e0313ef8979}w.sys
2014-06-12 09:16 . 2014-06-12 09:16 -------- d-----w- c:\program files\Foxit Software
2014-06-12 09:13 . 2014-07-02 22:55 -------- d-----w- c:\program files\Greener Web
2014-06-12 09:13 . 2014-06-12 09:13 -------- d-----w- c:\program files\SiteLookup
2014-06-12 09:12 . 2014-06-12 09:12 -------- d-----w- c:\users\new user\AppData\Roaming\Plarium
2014-06-12 09:12 . 2014-06-12 09:12 -------- d-----w- c:\users\new user\AppData\Local\Soldiers
2014-06-12 09:12 . 2014-06-12 09:12 -------- d-----w- c:\users\new user\AppData\Local\StormFall
2014-06-11 22:57 . 2014-05-30 08:27 592896 ----a-w- c:\windows\system32\jscript9diag.dll
2014-06-11 22:57 . 2014-05-30 08:44 455168 ----a-w- c:\windows\system32\vbscript.dll
2014-06-11 22:57 . 2014-05-30 07:56 4244992 ----a-w- c:\windows\system32\jscript9.dll
2014-06-11 22:56 . 2014-03-26 14:27 1389056 ----a-w- c:\windows\system32\msxml6.dll
2014-06-11 22:56 . 2014-03-26 14:27 1237504 ----a-w- c:\windows\system32\msxml3.dll
2014-06-11 22:56 . 2014-03-26 14:25 2048 ----a-w- c:\windows\system32\msxml6r.dll
2014-06-11 22:56 . 2014-03-26 14:25 2048 ----a-w- c:\windows\system32\msxml3r.dll
2014-06-11 22:56 . 2014-04-25 02:06 626688 ----a-w- c:\windows\system32\usp10.dll
2014-06-11 22:56 . 2014-04-05 02:25 1294272 ----a-w- c:\windows\system32\drivers\tcpip.sys
2014-06-11 22:56 . 2014-04-05 02:24 187840 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2014-06-11 04:45 . 2014-06-22 07:19 -------- d-----w- c:\program files\AdFender
2014-06-11 04:45 . 2014-06-11 04:47 -------- d-----w- c:\users\new user\AppData\Local\AdFender
2014-06-11 04:45 . 2014-06-11 04:45 -------- d-----w- c:\programdata\AdFender
2014-06-09 04:07 . 2014-06-09 04:12 -------- d-----w- c:\users\new user\AppData\Local\Help
2014-06-09 04:06 . 2009-08-04 17:56 296960 ----a-w- c:\windows\winhlp32.exe
2014-06-09 04:06 . 2009-08-04 17:55 195072 ----a-w- c:\windows\system32\ftsrch.dll
2014-06-09 04:06 . 2009-08-04 17:55 9216 ----a-w- c:\windows\system32\ftlx0411.dll
2014-06-09 04:06 . 2009-08-04 17:55 10240 ----a-w- c:\windows\system32\ftlx041e.dll
2014-06-05 14:21 . 2014-06-05 14:21 -------- d-----w- c:\users\new user\AppData\Roaming\MusE
2014-06-05 14:21 . 2014-06-05 14:21 -------- d-----w- c:\users\new user\AppData\Local\MusE
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-23 13:28 . 2012-04-27 06:48 1793672 ----a-w- c:\program files\amtlib.dll
2014-05-14 09:54 . 2013-08-03 03:47 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-05-14 09:54 . 2013-08-03 03:47 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-05-09 07:06 . 2014-05-15 02:25 369664 ----a-w- c:\windows\system32\aepdu.dll
2014-05-09 07:04 . 2014-05-15 02:25 302592 ----a-w- c:\windows\system32\aeinv.dll
2014-04-12 02:15 . 2014-05-15 02:25 67520 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2014-04-12 02:15 . 2014-05-15 02:25 136640 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2014-04-12 02:12 . 2014-05-15 02:25 15872 ----a-w- c:\windows\system32\sspisrv.dll
2014-04-12 02:12 . 2014-05-15 02:25 100352 ----a-w- c:\windows\system32\sspicli.dll
2014-04-12 02:12 . 2014-05-15 02:25 22016 ----a-w- c:\windows\system32\secur32.dll
2014-04-12 02:11 . 2014-05-15 02:25 1059840 ----a-w- c:\windows\system32\lsasrv.dll
2014-04-12 02:11 . 2014-05-15 02:25 22528 ----a-w- c:\windows\system32\lsass.exe
2012-03-17 00:05 . 2012-03-17 00:05 108544 ----a-w- c:\program files\vlc.exe
1998-12-19 05:01 . 2013-01-16 22:37 104448 ----a-w- c:\program files\DXBall.exe
2004-05-07 03:31 . 2014-06-11 03:42 348160 ----a-w- c:\program files\mozilla firefox\components\MSVCR71.DLL
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2014-05-07 21442176]
"uTorrent"="c:\users\new user\AppData\Roaming\uTorrent\uTorrent.exe" [2014-07-02 1322832]
"DesktopReminder2ByPolenter"="c:\program files\Desktop-Reminder 2\DesktopReminder2.exe" [2014-05-19 2826256]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 174104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 151064]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-29 7625248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-21 1545512]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-08-05 476512]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2009-07-28 460088]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2009-08-05 738616]
"Teco"="c:\program files\TOSHIBA\TECO\Teco.exe" [2009-08-11 1324384]
"TosNC"="c:\program files\Toshiba\BulletinBoard\TosNcCore.exe" [2009-08-06 466792]
"TosReelTimeMonitor"="c:\program files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [2009-08-06 29528]
"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-08-17 1294136]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-08-04 611672]
"SmartFaceVWatcher"="c:\program files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [2009-07-29 163840]
"TosWaitSrv"="c:\program files\TOSHIBA\TPHM\TosWaitSrv.exe" [2009-08-07 611672]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-03 446392]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-11 1523360]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-01 254336]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"CanonQuickMenu"="c:\program files\Canon\Quick Menu\CNQMMAIN.EXE" [2012-09-27 1279120]
"HPAIO_PrintFolderMgr"="c:\windows\system32\spool\DRIVERS\W32X86\hpoopm07.exe" [2000-07-25 61440]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-13 59720]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2014-01-17 421888]
.
c:\users\new user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Xnet Usage Monitor.lnk - c:\program files\Xnet Usage Monitor\XNetUsage.exe [2013-1-31 2338304]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AdFender.lnk - c:\program files\AdFender\AdFender.exe -autostart [2013-12-13 3228080]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.150\SSScheduler.exe [2014-4-10 279456]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"REGSHAVE"=c:\program files\REGSHAVE\REGSHAVE.EXE /AUTORUN
.
R0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-10-22 172192]
R3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;c:\windows\system32\drivers\Apowersoft_AudioDevice.sys [2013-06-01 26032]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [x]
R3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys [2013-04-10 41584]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-05-30 108032]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe [2014-04-09 235696]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [x]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [x]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [x]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-08-06 171520]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-05-12 1343400]
S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2013-07-29 13560]
S1 {6fcd6092-9615-4f7f-8898-8df53980e5d2}Gw;{6fcd6092-9615-4f7f-8898-8df53980e5d2}Gw;c:\windows\system32\drivers\{6fcd6092-9615-4f7f-8898-8df53980e5d2}Gw.sys [2014-07-02 52920]
S1 {a3f28269-ad17-41a8-b032-3e0313ef8979}w;{a3f28269-ad17-41a8-b032-3e0313ef8979}w;c:\windows\system32\drivers\{a3f28269-ad17-41a8-b032-3e0313ef8979}w.sys [2014-06-11 52928]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-04-11 1390720]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-04-11 1764992]
S2 ca82e1a5;Optimizer Pro Crash Monitor;c:\windows\system32\rundll32.exe [2009-07-14 44544]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [2009-08-11 185712]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]
S2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2011-02-11 35088]
S2 RSELSVC;TOSHIBA Modem region select service;c:\program files\TOSHIBA\RSelect\RSelSvc.exe [2009-07-07 62832]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-08-11 185712]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 12920]
S2 Update NetCrawl;Update NetCrawl;c:\program files\NetCrawl\updateNetCrawl.exe [2014-07-04 318752]
S2 Util NetCrawl;Util NetCrawl;c:\program files\NetCrawl\bin\utilNetCrawl.exe [2014-07-04 318752]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2009-07-07 7680]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-23 24064]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-11-05 230912]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2010-04-26 1011232]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
S3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-08-17 51512]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-08-04 111960]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2009-08-07 685424]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - {6FCD6092-9615-4F7F-8898-8DF53980E5D2}GW
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPService REG_MULTI_SZ HPSLPSVC
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-01-14 22:28 1211672 ----a-w- c:\program files\Google\Chrome\Application\32.0.1700.76\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-07-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-03 09:54]
.
2014-07-03 c:\windows\Tasks\FreeFileViewerUpdateChecker.job
- c:\program files\FreeFileViewer\FFVCheckForUpdates.exe [2014-07-03 06:24]
.
2014-07-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-27 07:31]
.
2014-07-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-27 07:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSAU&bmod=TSAU
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = <-loopback>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\OFFICE11\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\new user\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\new user\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 58.28.5.2 58.28.6.2
FF - ProfilePath - c:\users\new user\AppData\Roaming\Mozilla\Firefox\Profiles\zv8j385y.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo!
FF - prefs.js: keyword.URL - hxxps://au.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=231195&p=
FF - prefs.js: network.proxy.type - 0
user_pref(extensions.autoDisableScopes,14);
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2157935053-1210720638-4233388858-1010\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{85A6B1CD-1CCA-CF44-C367-737087D55723}*]
"jajoblafcbkdandnmifb"=hex:6d,61,6a,61,6e,61,68,61,65,64,6b,67,62,61,6e,67,6e,
62,61,67,6f,62,6d,62,6f,6a,00,77
"iamnelhlgmpdijbojh"=hex:63,61,62,63,64,6d,00,00
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000009
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000009
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-07-04 17:17:40
ComboFix-quarantined-files.txt 2014-07-04 05:17
ComboFix2.txt 2014-07-03 04:10
ComboFix3.txt 2014-07-03 03:37
.
Pre-Run: 4,456,099,840 bytes free
Post-Run: 5,024,923,648 bytes free
.
- - End Of File - - C2B4B97495C1029D4AA09DEB213D8E7A
5B5E648D12FCADC244C1EC30318E1EB9


----------



## Cookiegal (Aug 27, 2003)

Did you install these intentionally?

FreeFileViewer
Optimizer Pro
File Type Assistant
NetCrawl


----------



## MikeJG (Jul 31, 2013)

I did install FreeFileViewer and File Type Assistant 
I did not install OptimizerPro or NetCrawl.

I have uninstalled all but Fie Type Assistant which shows in Programme files but not in Control Panel. Opening it in Programme Files takes me to 'tsassist' which shows up nowhere so I can't uninstall it. Should it be removed?

I also have Buzzdock which I didn't install and on investigation find it's Adware but it won't uninstall either. Part of the removal requires me to type the characters in the "pcture above" but no picture is shown.

There are a few other programmes I'm suspicious about but their names give no hint as to what their purposes are.

I won't install anything else until this project is solved.

Mike


----------



## Cookiegal (Aug 27, 2003)

Yes, you can uninstall File Type Assistant as well.

We will use another tool to remove some of those leftovers.

Please download *OTL* to your Desktop. 

Double-click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. 
Click the Run Scan button. Do not change any other settings unless otherwise instructed. The scan won't take long. 
When the scan completes, it will open two Notepad windows called *OTL.Txt* and *Extras.Txt*. These are saved in the same location as OTL. 
Please copy and paste the contents of both of these files here in your next reply.


----------



## MikeJG (Jul 31, 2013)

OTL Extras logfile created on: 7/7/2014 12:59:28 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\new user\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17126)
Locale: 00000409 | Country: New Zealand | Language: ENZ | Date Format: d/MM/yyyy

2.87 Gb Total Physical Memory | 1.93 Gb Available Physical Memory | 67.24% Memory free
5.74 Gb Paging File | 4.39 Gb Available in Paging File | 76.52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 143.17 Gb Total Space | 4.64 Gb Free Space | 3.24% Space Free | Partition Type: NTFS
Drive E: | 141.09 Gb Total Space | 139.16 Gb Free Space | 98.63% Space Free | Partition Type: NTFS
Drive F: | 465.76 Gb Total Space | 366.55 Gb Free Space | 78.70% Space Free | Partition Type: NTFS
Drive G: | 37.26 Gb Total Space | 29.94 Gb Free Space | 80.36% Space Free | Partition Type: NTFS
Drive H: | 29.28 Gb Total Space | 15.97 Gb Free Space | 54.53% Space Free | Partition Type: FAT32
Drive I: | 7.94 Gb Total Space | 7.94 Gb Free Space | 99.99% Space Free | Partition Type: FAT32
Drive J: | 1.91 Gb Total Space | 1.90 Gb Free Space | 99.88% Space Free | Partition Type: FAT

Computer Name: TOSH-2 | User Name: new user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6\Bridge.exe "%L"
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PIE Browse] -- C:\Program Files\Picmeta\PIE\PIE.exe %1 (Picmeta Systems)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{045CFF48-EFC6-4A67-A3BB-335930C29DEB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{059E0B0D-34AC-48DE-8ED7-80CECD76BFA5}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{0673AE86-01B2-42A3-9839-C2BA7D26D275}" = rport=138 | protocol=17 | dir=out | app=system | 
"{158B34C4-240A-4C1C-B1E1-38D206DC0C71}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{162B068D-AF71-4A97-98EF-E68885F192AD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{18357A55-072C-44DA-BDF1-32590238C63B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{21CA19D8-7634-4597-882D-B52325BD6F46}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{22EBA38D-BCB2-4839-BFDE-C985285C8BED}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{3194FE3C-4564-49C0-A562-A409B37D3797}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{32C5CCA0-E458-43FB-8DA2-827F05B1010D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{3435AB39-296A-4EB5-AA48-3522F0D2BA74}" = lport=139 | protocol=6 | dir=in | app=system | 
"{3E481A17-A589-493F-91EC-EBB9169642B0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{421FCA3A-FDAE-41A9-9ABF-C35601808229}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{45595918-7A98-4B7D-855F-8E7A2C17A3E4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{531A70D1-F80C-4044-9630-572BB57B60E3}" = rport=137 | protocol=17 | dir=out | app=system | 
"{6507A99F-7F25-4931-A9EC-EEBD6668F121}" = rport=445 | protocol=6 | dir=out | app=system | 
"{71151A57-CB1B-4167-A978-3130DD3C64B8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{72B47A8B-9252-4E81-B564-B9EC5976CF6D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{7CBFA385-6F25-49BC-B7C9-6219196DE992}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{866A568F-9736-4300-86DE-27ACDEA3660E}" = lport=137 | protocol=17 | dir=in | app=system | 
"{8C81D9E3-7C3A-4D46-8C35-B075A9D89C76}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{8DD574DF-837A-4D6C-9420-1DBB69AB1F8C}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{950EC11A-C81A-4B04-989D-8939F2CD4DC2}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{A3B6CC17-EBC3-4998-8047-D78737B59B41}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | 
"{A70B1099-39A1-4275-9C48-5089D56042C7}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{AFCEDF08-E192-43B0-B18B-641F10811B58}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{C641AAF4-83E4-4C1B-A4E9-6E89719673AE}" = lport=445 | protocol=6 | dir=in | app=system | 
"{CEBBB5F0-9F80-4DF0-9888-52ACD98F2FE6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D39A6D48-A0E4-4F53-B200-95AD605DC5A7}" = rport=139 | protocol=6 | dir=out | app=system | 
"{E6B89FEF-3EC8-4770-A1D6-0B5B7264C36D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{EAF01699-06C4-4AD7-AAAC-A458B1FB0AAE}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{F2E4C840-9038-44F1-9635-1558772E2EA8}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{F655F21B-639A-4248-A6A2-DA90ECBCDAE4}" = lport=138 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0212F417-7078-4C20-A5A0-59E64DE7167B}" = protocol=17 | dir=in | app=c:\users\new user\appdata\roaming\utorrent\utorrent.exe | 
"{03C3C11C-31E7-4A5E-8121-6E1A0B445F57}" = dir=in | app=c:\program files\apowersoft\streaming video recorder\apowersoftac.dll | 
"{0A4229AA-D848-400A-BF8D-9AD2D2A0288B}" = protocol=58 | dir=out | [email protected],-28546 | 
"{151A433B-4344-452A-93E3-81938E75C7F5}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe | 
"{160ECE69-773C-4914-9495-A694EF792E5E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{2E4286C8-2A14-44D4-985E-C6D4A06CD7A8}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 
"{2EA340C7-20FD-4E09-B2CA-357A6CDA41AB}" = protocol=6 | dir=in | app=c:\users\new user\appdata\roaming\utorrent\utorrent.exe | 
"{2EFD5444-0E21-4A17-8341-A417DAE2744E}" = protocol=17 | dir=in | app=c:\users\new user\downloads\programs\utorrent.exe | 
"{35A287D0-8FEC-46B3-BAD9-8F9D5F9B2D3A}" = dir=out | app=c:\program files\apowersoft\streaming video recorder\apowersoftdownloaderhelp.dll | 
"{38364164-3479-42D1-969A-2C2B7D93D4BE}" = dir=out | app=c:\program files\apowersoft\streaming video recorder\apowersoftsrv.dll | 
"{43206AC0-3833-4B2B-A796-BFE74E04D3B7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{45AFEB59-7F54-492B-B429-8BCB97F458B7}" = protocol=17 | dir=in | app=c:\users\new user\appdata\local\temp\7zs4328\hppiw.exe | 
"{4EAEE056-E184-4757-B31E-601EBB2A499E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{4FBC8533-C7B8-432A-B12C-B9A7CE0836E0}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 
"{56EE043A-D862-4C18-BAE6-BC225FD9A8A1}" = dir=in | app=c:\program files\apowersoft\streaming video recorder\apowersoftdownloaderhelp.dll | 
"{5F631F54-2071-4B82-8FA6-44B4AAEB0FCB}" = protocol=6 | dir=out | app=system | 
"{60BA7BDE-F3DA-45B9-9B39-2CA1AC679D8B}" = protocol=6 | dir=in | app=c:\users\new user\appdata\local\temp\7zs438a\hppiw.exe | 
"{62B0DF52-621A-4119-B797-6B93AE210F95}" = protocol=17 | dir=in | app=c:\program files\avg\avg2014\avgmfapx.exe | 
"{6A1F1B82-19EB-46B2-92AC-18D38EC1CDDB}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{6ABD816F-7D99-4A8A-8CB0-05C6C54A9350}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{72C84AD1-EF0E-4607-BD42-00F0F6084252}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{74C426FF-571A-402D-B9DE-72E5FBC72510}" = dir=out | app=c:\program files\apowersoft\streaming video recorder\apowersoftdump.dll | 
"{7A4CC5EE-DAE6-419A-81FD-EC57F38A4E2E}" = dir=in | app=c:\program files\apowersoft\streaming video recorder\apowersoftplayer.dll | 
"{7A7C5CA4-E46D-49C4-B18B-A11696323A91}" = dir=in | app=c:\program files\apowersoft\streaming video recorder\apowersoftdump.dll | 
"{869C8692-1DC5-4E14-9D58-A9A3C4C130E6}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe | 
"{87830F40-A148-43B2-984D-3B01ED9552C1}" = protocol=1 | dir=in | [email protected],-28543 | 
"{87C370DC-C714-4BEA-9784-83DC14E15A2F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{8B4AD263-4885-4E9B-B6E8-7B8BDCD87897}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{8DA9884A-5666-4308-ABBB-C70D713AA163}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{8DD0F09A-5077-4CF0-8446-61B59CB9D8AA}" = protocol=6 | dir=in | app=c:\users\new user\appdata\local\temp\7zs4328\hppiw.exe | 
"{920517BF-FACA-42C8-9BD1-DBB5AC928B8C}" = protocol=6 | dir=in | app=c:\program files\avg\avg2014\avgmfapx.exe | 
"{A4CBE391-C1A3-40B1-BDF1-41B89F9342FA}" = dir=in | app=c:\program files\apowersoft\streaming video recorder\apowersoftsrv.dll | 
"{AB6BB150-4582-440E-905C-A0D05CB0B8EF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{ABA10549-203B-481C-A384-6CF60C616BD0}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{AD828004-4BFB-4BBF-A1E9-E9A97EDE1BCD}" = dir=out | app=c:\program files\apowersoft\streaming video recorder\apowersoftac.dll | 
"{B1FF595C-E1EC-46F3-9A4A-3F17C193706B}" = protocol=6 | dir=in | app=c:\users\new user\appdata\local\temp\7zs349d\hppiw.exe | 
"{BCBC4399-7F2B-47E8-86BF-5BF938EDDCEA}" = protocol=6 | dir=in | app=c:\users\new user\appdata\roaming\utorrent\utorrent.exe | 
"{BE564729-9006-4A39-AF42-E8CA53F5882A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{BEA3E034-6956-4063-97E6-BC550A3C5909}" = dir=in | app=c:\program files\apowersoft\streaming video recorder\streaming video recorder.exe | 
"{CE49F3B4-98BF-4CB2-A99C-6698B5F756BD}" = dir=out | app=c:\program files\apowersoft\streaming video recorder\streaming video recorder.exe | 
"{CF0EF8A1-8507-445A-836D-D97CBBD8C3E4}" = protocol=6 | dir=in | app=c:\users\new user\downloads\programs\utorrent.exe | 
"{D5BB0769-1E90-4DDE-B4FB-61B0CC194211}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{D89C33D7-D245-49E2-B33A-D385FE6DFC95}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{D8E82E0D-4016-46A9-AFAB-D342E14C8128}" = protocol=17 | dir=in | app=c:\users\new user\appdata\local\temp\7zs349d\hppiw.exe | 
"{DC9F27A1-79A6-41DE-9E1D-247C861F4CFE}" = dir=out | app=c:\program files\apowersoft\streaming video recorder\apowersoftplayer.dll | 
"{DF6687F9-D486-4CD7-8638-172F8CC11936}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E77C0D21-7FD6-4F45-944B-B029F5F7241F}" = protocol=58 | dir=in | [email protected],-28545 | 
"{ECDBFB5B-27B5-4684-A77C-3750B12DC250}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{F26CE78D-0BA3-413D-A358-088CFF2DCEC2}" = protocol=1 | dir=out | [email protected],-28544 | 
"{F3B7DA76-2E63-4974-8E66-9A0C72B60B09}" = protocol=17 | dir=in | app=c:\users\new user\appdata\roaming\utorrent\utorrent.exe | 
"{F6297928-FAB6-4BBC-AE53-02E26DB12EA2}" = protocol=17 | dir=in | app=c:\users\new user\appdata\local\temp\7zs438a\hppiw.exe | 
"TCP Query User{87D262F5-1280-4A59-8733-24BB2D01C00F}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{93C12056-4022-4BA6-A604-7E9ED5E61B04}C:\users\new user\downloads\programs\utorrent.exe" = protocol=6 | dir=in | app=c:\users\new user\downloads\programs\utorrent.exe | 
"TCP Query User{BD5ABFBA-8F31-4D29-85D7-FD45AF801D08}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe | 
"TCP Query User{C3A176A0-A589-4270-849A-286FEA160B2A}C:\users\new user\appdata\roaming\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\users\new user\appdata\roaming\utorrent\utorrent.exe | 
"UDP Query User{1F060DA5-7102-483C-A0C3-FF223EAB9CBF}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{808B7AB4-B775-45C4-8740-FAC3FBA4C896}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe | 
"UDP Query User{CCC3A348-EB05-4048-8766-A36B644C12B4}C:\users\new user\downloads\programs\utorrent.exe" = protocol=17 | dir=in | app=c:\users\new user\downloads\programs\utorrent.exe | 
"UDP Query User{E9C29D3F-F01C-493D-A7B8-93511B3EB02B}C:\users\new user\appdata\roaming\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\users\new user\appdata\roaming\utorrent\utorrent.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D19B2D8-4FE4-48B2-BBA1-194B82A81230}" = Hyper-Utility2
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0FB630AB-7BD8-40AE-B223-60397D57C3C9}" = Realtek WLAN Driver
"{111EE7DF-FC45-40C7-98A7-753AC46B12FB}" = QuickTime 7
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX720_series" = Canon MX720 series MP Drivers
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{138CEA91-A651-45B0-9C2C-D69A44493E0F}" = Hyper-Utility Software Add-On
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 51
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{288487BA-D8C5-4C81-BD89-C7E49DD48E18}" = Desktop-Reminder 2
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{2D471A31-4FA7-95BA-1880-D441113ED736}" = PraiceDOwnlioadeR
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{342126B2-10D5-409E-884B-245347A497E1}" = TOSHIBA Bulletin Board
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3D599ADA-65D9-4B51-898F-CE718DEC5DBB}" = Microsoft Image Composite Editor
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{42451051-52B5-4D74-920A-BB49861D7253}" = TOSHIBA ReelTime
"{44510C84-AE2A-4079-A75B-D44E68D73B9A}" = CyberLink PhotoDirector 4
"{45634CA5-CFDE-4794-9C1C-65613F2A0E4E}" = Hyper-Utility2 CCD-RAW Plug-In
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{4903D172-DCCB-392F-93A3-34CA9D47FE3D}" = Microsoft .NET Framework 4.5.1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}" = Google Earth
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{50F68032-B5B7-4513-9116-C978DBD8F27A}" = DVD MovieFactory for TOSHIBA
"{53536479-DFB0-47ED-9D10-43F3708C222D}" = TOSHIBA eco Utility
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5490882C-6961-11D5-BAE5-00E0188E010B}" = FUJIFILM USB Driver
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5D063AFD-05EF-4CE8-895A-7817118B1D6A}" = Hyper-Utility2 FinePixS20Pro SHOOTING Plug-In
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
"{5F189DF5-2D05-472B-9091-84D9848AE48B}{64af91bf}" = Fast And Safe
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{628C2C7D-8AD1-E614-E8E2-6EEAD8D5F2D0}" = Acrobat.com
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6DEF11C0-35FF-4160-A543-FDD336C4DAE5}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}" = Adobe Photoshop CS6
"{76583DD5-2BCE-46F7-ACC4-3BF37645F4E0}" = FUJIFILM Hyper-Utility Software
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skype™ 6.16
"{80B3B090-7FE0-487D-9065-5D0B3FB9FC31}" = Studio Utility
"{819A351B-09B9-4AE2-A9E9-EAFBF8952A56}" = Hyper-Utility2 Preview Print
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{89F7D66C-777D-473B-AA11-319C0F190EAC}" = TOSHIBA Internal Modem Region Select Utility
"{8AE68327-FAA7-403D-AEEC-CBBA1DE2DBAD}" = Hyper-Utility2 CustomRendered Modifier Plug-In
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E41D2A5-C0DD-4139-8C7A-2F0E1F20ED24}" = CombineZP
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9158FF30-78D7-40EF-B83E-451AC5334640}" = Adobe Photoshop CS5.1
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{934E9442-D305-4ACF-AD87-A6C11D677CB9}" = ImageMixer VCD2 for FinePix
"{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{A127C3C0-055E-38CF-B38F-1E85F8BBBFFE}" = Adobe Community Help
"{A208044D-A88B-4ACF-AE95-E4F213E6EDC0}" = TOSHIBA Supervisor Password
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{ac225167-00fc-452d-94c5-bb93600e7d9a}" = Buzzdock
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.07)
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B1709DC3-3A8C-4C29-B0E7-F033450A62A0}" = Studio Utility shooting plug-in
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B71E0018-25B9-4093-937E-13E6398B853B}" = Hyper-Utility2 File Format Plug-In
"{BB285C9F-C821-4770-8970-56C4AB52C87E}" = Skype Click to Call
"{BEA19A41-E180-40EE-A083-995A2C6B10C4}" = Hyper-Utility2 Print/Contact Sheet Output Plug-In
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE518445-0054-44F8-8315-2AD45BF3701E}" = Raw Therapee V4.0.9.50 x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0387727-C89D-4774-B643-B9333EAA09DE}" = TOSHIBA Hardware Setup
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{EE548EB1-4CF6-4A37-884D-0EA9DDB0F549}" = Hyper-Utility2 FinePixS3Pro SHOOTING Plug-In
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
"{F20E77B0-F2E0-402B-8868-BDEB5CC2D01B}" = Hyper-Utility2 Slide Show Plug-In
"{F3529665-D75E-4D6D-98F0-745C78C68E9B}" = TOSHIBA ConfigFree
"{F87FF0A2-E55F-4BF8-9D0E-1B9BD846E17B}" = Hyper-Utility2 FinePixS2Pro SHOOTING Plug-In
"{F8AFEA7D-77BD-43F3-ADF7-EF71300BEFD2}" = Microsoft Camera Codec Pack
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.22beta
"Adobe Acrobat Reader 3.01" = Adobe Acrobat Reader 3.01
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 13 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Canon MX720 series On-screen Manual" = Canon MX720 series On-screen Manual
"Canon_IJ_Scan_Utility" = Canon IJ Scan Utility
"CanonMyPrinter" = Canon My Printer
"CanonQuickMenu" = Canon Quick Menu
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Desktop-Reminder 2" = Desktop-Reminder 2
"DX-Ball 1.09" = DX-Ball 1.09
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"FinalVideoDownloader_is1" = Final Video Downloader 2013
"Foxit Reader_is1" = Foxit Reader
"Free RAR Extract Frog" = Free RAR Extract Frog
"Free Screen Video Recorder_is1" = Free Screen Video Recorder version 2.5.34.605
"Free Studio_is1" = Free Studio version 5.3.5
"Gimp Resynthesizer Plugin_is1" = Gimp Resynthesizer Plugin version 0.16
"GIMP-2_is1" = GIMP 2.8.10
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP OfficeJet G Series" = HP OfficeJet G Series
"InstallShield_{342126B2-10D5-409E-884B-245347A497E1}" = TOSHIBA Bulletin Board
"InstallShield_{42451051-52B5-4D74-920A-BB49861D7253}" = TOSHIBA ReelTime
"InstallShield_{44510C84-AE2A-4079-A75B-D44E68D73B9A}" = CyberLink PhotoDirector 4
"InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}" = DVD MovieFactory for TOSHIBA
"InstallShield_{53536479-DFB0-47ED-9D10-43F3708C222D}" = TOSHIBA eco Utility
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{89F7D66C-777D-473B-AA11-319C0F190EAC}" = TOSHIBA Internal Modem Region Select Utility
"InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"LTMOH" = LSI V92 MOH Application
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 30.0 (x86 en-GB)" = Mozilla Firefox 30.0 (x86 en-GB)
"Mozilla Thunderbird 24.6.0 (x86 en-US)" = Mozilla Thunderbird 24.6.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Opera 12.16.1860" = Opera 12.16
"PIE_is1" = PIE Free v6.7
"PokerStars" = PokerStars
"PrnPrint" = PrnPrint v3.47.10
"Speed Dial Utility" = Canon Speed Dial Utility
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Un-Rar for Windows" = Un-Rar for Windows 9.22beta
"VLC media player" = VLC media player 2.1.3
"Wavelet Denoise Gimp Plugin_is1" = Wavelet Denoise Gimp Plugin version 0.3.1
"WH_WorldClock31" = WorldClock 3.0
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.2
"Xnet Usage Monitor_is1" = Xnet Usage Monitor V1.9.1

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Foxit Reader Free Download Packages" = Foxit Reader Free Download Packages
"uTorrent" = µTorrent

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/2/2014 6:50:25 PM | Computer Name = Tosh-2 | Source = Application Hang | ID = 1002
Description = The program WINWORD.EXE version 11.0.8411.0 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1468 Start
Time: 01cf9647ee3a0aa3 Termination Time: 10 Application Path: C:\Program Files\Microsoft
Office\OFFICE11\WINWORD.EXE Report Id: 35e36f38-023b-11e4-a28a-00266c6bc8d1

Error - 7/3/2014 6:19:10 PM | Computer Name = Tosh-2 | Source = Application Error | ID = 1000
Description = Faulting application name: plugin-container.exe, version: 30.0.0.5269,
time stamp: 0x53914233 Faulting module name: mozalloc.dll, version: 30.0.0.5269,
time stamp: 0x53911393 Exception code: 0x80000003 Fault offset: 0x0000141b Faulting
process id: 0x1008 Faulting application start time: 0x01cf9700952b20fd Faulting application
path: C:\Program Files\Mozilla Firefox\plugin-container.exe Faulting module path:
C:\Program Files\Mozilla Firefox\mozalloc.dll Report Id: 0db3700d-0300-11e4-bb56-00266c6bc8d1

Error - 7/4/2014 4:46:28 AM | Computer Name = Tosh-2 | Source = Application Error | ID = 1000
Description = Faulting application name: plugin-container.exe, version: 30.0.0.5269,
time stamp: 0x53914233 Faulting module name: mozalloc.dll, version: 30.0.0.5269,
time stamp: 0x53911393 Exception code: 0x80000003 Fault offset: 0x0000141b Faulting
process id: 0x8e0 Faulting application start time: 0x01cf9747e35cf1df Faulting application
path: C:\Program Files\Mozilla Firefox\plugin-container.exe Faulting module path:
C:\Program Files\Mozilla Firefox\mozalloc.dll Report Id: afc23eef-0357-11e4-bb56-00266c6bc8d1

Error - 7/4/2014 6:52:40 PM | Computer Name = Tosh-2 | Source = Application Error | ID = 1000
Description = Faulting application name: plugin-container.exe, version: 30.0.0.5269,
time stamp: 0x53914233 Faulting module name: mozalloc.dll, version: 30.0.0.5269,
time stamp: 0x53911393 Exception code: 0x80000003 Fault offset: 0x0000141b Faulting
process id: 0x450 Faulting application start time: 0x01cf97d6ec811556 Faulting application
path: C:\Program Files\Mozilla Firefox\plugin-container.exe Faulting module path:
C:\Program Files\Mozilla Firefox\mozalloc.dll Report Id: e63f3dea-03cd-11e4-a7e2-00266c6bc8d1

Error - 7/4/2014 11:41:34 PM | Computer Name = Tosh-2 | Source = Application Hang | ID = 1002
Description = The program WINWORD.EXE version 11.0.8411.0 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: ac0 Start
Time: 01cf98029a907944 Termination Time: 10 Application Path: C:\Program Files\Microsoft
Office\OFFICE11\WINWORD.EXE Report Id: 3c40af2a-03f6-11e4-bca0-00266c6bc8d1

Error - 7/4/2014 11:45:25 PM | Computer Name = Tosh-2 | Source = Application Error | ID = 1000
Description = Faulting application name: Foxit Reader.exe, version: 6.1.4.217, time
stamp: 0x5301d8a7 Faulting module name: Foxit Reader.exe, version: 6.1.4.217, time
stamp: 0x5301d8a7 Exception code: 0xc0000005 Fault offset: 0x00052faa Faulting process
id: 0x102c Faulting application start time: 0x01cf98038c74d270 Faulting application
path: C:\Program Files\Foxit Software\Foxit Reader\Foxit Reader.exe Faulting module
path: C:\Program Files\Foxit Software\Foxit Reader\Foxit Reader.exe Report Id: cbee8e97-03f6-11e4-bca0-00266c6bc8d1

Error - 7/6/2014 6:01:58 AM | Computer Name = Tosh-2 | Source = Application Error | ID = 1000
Description = Faulting application name: thunderbird.exe, version: 24.6.0.5274, 
time stamp: 0x5396c4a8 Faulting module name: xul.dll, version: 24.6.0.5274, time 
stamp: 0x5396c38c Exception code: 0xc0000005 Fault offset: 0x00a4970d Faulting process
id: 0x143c Faulting application start time: 0x01cf990151a47e6d Faulting application
path: C:\Program Files\Mozilla Thunderbird\thunderbird.exe Faulting module path:
C:\Program Files\Mozilla Thunderbird\xul.dll Report Id: 90b2a4fb-04f4-11e4-a316-00266c6bc8d1

Error - 7/6/2014 6:34:53 AM | Computer Name = Tosh-2 | Source = Application Error | ID = 1000
Description = Faulting application name: thunderbird.exe, version: 24.6.0.5274, 
time stamp: 0x5396c4a8 Faulting module name: xul.dll, version: 24.6.0.5274, time 
stamp: 0x5396c38c Exception code: 0xc0000005 Fault offset: 0x00a4970d Faulting process
id: 0x66c Faulting application start time: 0x01cf9905eaca18e8 Faulting application
path: C:\Program Files\Mozilla Thunderbird\thunderbird.exe Faulting module path:
C:\Program Files\Mozilla Thunderbird\xul.dll Report Id: 29b2cac4-04f9-11e4-a316-00266c6bc8d1

Error - 7/6/2014 7:12:31 AM | Computer Name = Tosh-2 | Source = Application Error | ID = 1000
Description = Faulting application name: thunderbird.exe, version: 24.6.0.5274, 
time stamp: 0x5396c4a8 Faulting module name: xul.dll, version: 24.6.0.5274, time 
stamp: 0x5396c38c Exception code: 0xc0000005 Fault offset: 0x00a4970d Faulting process
id: 0x4ac Faulting application start time: 0x01cf990b2cec0ba5 Faulting application
path: C:\Program Files\Mozilla Thunderbird\thunderbird.exe Faulting module path:
C:\Program Files\Mozilla Thunderbird\xul.dll Report Id: 6c0e56b4-04fe-11e4-a316-00266c6bc8d1

Error - 7/6/2014 7:24:11 AM | Computer Name = Tosh-2 | Source = Application Error | ID = 1000
Description = Faulting application name: thunderbird.exe, version: 24.6.0.5274, 
time stamp: 0x5396c4a8 Faulting module name: xul.dll, version: 24.6.0.5274, time 
stamp: 0x5396c38c Exception code: 0xc0000005 Fault offset: 0x00a4970d Faulting process
id: 0x13c8 Faulting application start time: 0x01cf990cce9caf01 Faulting application
path: C:\Program Files\Mozilla Thunderbird\thunderbird.exe Faulting module path:
C:\Program Files\Mozilla Thunderbird\xul.dll Report Id: 0d57375f-0500-11e4-a316-00266c6bc8d1

[ System Events ]
Error - 7/4/2014 1:11:20 AM | Computer Name = Tosh-2 | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 7/4/2014 1:15:40 AM | Computer Name = Tosh-2 | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 7/4/2014 1:58:30 AM | Computer Name = Tosh-2 | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.

Error - 7/4/2014 9:40:53 AM | Computer Name = Tosh-2 | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x8024200d: Security Update for Windows 7 (KB2667402).

Error - 7/4/2014 5:53:10 PM | Computer Name = Tosh-2 | Source = Service Control Manager | ID = 7023
Description = The HP Network Devices Support service terminated with the following
error: %%126

Error - 7/4/2014 6:10:12 PM | Computer Name = Tosh-2 | Source = Service Control Manager | ID = 7031
Description = The Util NetCrawl service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 5000 milliseconds:
Restart the service.

Error - 7/4/2014 6:10:19 PM | Computer Name = Tosh-2 | Source = Service Control Manager | ID = 7031
Description = The Update NetCrawl service terminated unexpectedly. It has done 
this 1 time(s). The following corrective action will be taken in 5000 milliseconds:
Restart the service.

Error - 7/4/2014 7:08:33 PM | Computer Name = Tosh-2 | Source = Service Control Manager | ID = 7023
Description = The HP Network Devices Support service terminated with the following
error: %%126

Error - 7/5/2014 1:53:09 AM | Computer Name = Tosh-2 | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x8024200d: Security Update for Windows 7 (KB2667402).

Error - 7/6/2014 12:21:21 AM | Computer Name = Tosh-2 | Source = Service Control Manager | ID = 7023
Description = The HP Network Devices Support service terminated with the following
error: %%126

< End of report >
-----------------------------------------------------------------------------------

OTL Extras logfile created on: 7/7/2014 12:59:28 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\new user\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17126)
Locale: 00000409 | Country: New Zealand | Language: ENZ | Date Format: d/MM/yyyy

2.87 Gb Total Physical Memory | 1.93 Gb Available Physical Memory | 67.24% Memory free
5.74 Gb Paging File | 4.39 Gb Available in Paging File | 76.52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 143.17 Gb Total Space | 4.64 Gb Free Space | 3.24% Space Free | Partition Type: NTFS
Drive E: | 141.09 Gb Total Space | 139.16 Gb Free Space | 98.63% Space Free | Partition Type: NTFS
Drive F: | 465.76 Gb Total Space | 366.55 Gb Free Space | 78.70% Space Free | Partition Type: NTFS
Drive G: | 37.26 Gb Total Space | 29.94 Gb Free Space | 80.36% Space Free | Partition Type: NTFS
Drive H: | 29.28 Gb Total Space | 15.97 Gb Free Space | 54.53% Space Free | Partition Type: FAT32
Drive I: | 7.94 Gb Total Space | 7.94 Gb Free Space | 99.99% Space Free | Partition Type: FAT32
Drive J: | 1.91 Gb Total Space | 1.90 Gb Free Space | 99.88% Space Free | Partition Type: FAT

Computer Name: TOSH-2 | User Name: new user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6\Bridge.exe "%L"
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PIE Browse] -- C:\Program Files\Picmeta\PIE\PIE.exe %1 (Picmeta Systems)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{045CFF48-EFC6-4A67-A3BB-335930C29DEB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{059E0B0D-34AC-48DE-8ED7-80CECD76BFA5}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{0673AE86-01B2-42A3-9839-C2BA7D26D275}" = rport=138 | protocol=17 | dir=out | app=system | 
"{158B34C4-240A-4C1C-B1E1-38D206DC0C71}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{162B068D-AF71-4A97-98EF-E68885F192AD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{18357A55-072C-44DA-BDF1-32590238C63B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{21CA19D8-7634-4597-882D-B52325BD6F46}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{22EBA38D-BCB2-4839-BFDE-C985285C8BED}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{3194FE3C-4564-49C0-A562-A409B37D3797}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{32C5CCA0-E458-43FB-8DA2-827F05B1010D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{3435AB39-296A-4EB5-AA48-3522F0D2BA74}" = lport=139 | protocol=6 | dir=in | app=system | 
"{3E481A17-A589-493F-91EC-EBB9169642B0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{421FCA3A-FDAE-41A9-9ABF-C35601808229}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{45595918-7A98-4B7D-855F-8E7A2C17A3E4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{531A70D1-F80C-4044-9630-572BB57B60E3}" = rport=137 | protocol=17 | dir=out | app=system | 
"{6507A99F-7F25-4931-A9EC-EEBD6668F121}" = rport=445 | protocol=6 | dir=out | app=system | 
"{71151A57-CB1B-4167-A978-3130DD3C64B8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{72B47A8B-9252-4E81-B564-B9EC5976CF6D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{7CBFA385-6F25-49BC-B7C9-6219196DE992}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{866A568F-9736-4300-86DE-27ACDEA3660E}" = lport=137 | protocol=17 | dir=in | app=system | 
"{8C81D9E3-7C3A-4D46-8C35-B075A9D89C76}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{8DD574DF-837A-4D6C-9420-1DBB69AB1F8C}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{950EC11A-C81A-4B04-989D-8939F2CD4DC2}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{A3B6CC17-EBC3-4998-8047-D78737B59B41}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | 
"{A70B1099-39A1-4275-9C48-5089D56042C7}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{AFCEDF08-E192-43B0-B18B-641F10811B58}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{C641AAF4-83E4-4C1B-A4E9-6E89719673AE}" = lport=445 | protocol=6 | dir=in | app=system | 
"{CEBBB5F0-9F80-4DF0-9888-52ACD98F2FE6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D39A6D48-A0E4-4F53-B200-95AD605DC5A7}" = rport=139 | protocol=6 | dir=out | app=system | 
"{E6B89FEF-3EC8-4770-A1D6-0B5B7264C36D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{EAF01699-06C4-4AD7-AAAC-A458B1FB0AAE}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{F2E4C840-9038-44F1-9635-1558772E2EA8}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{F655F21B-639A-4248-A6A2-DA90ECBCDAE4}" = lport=138 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0212F417-7078-4C20-A5A0-59E64DE7167B}" = protocol=17 | dir=in | app=c:\users\new user\appdata\roaming\utorrent\utorrent.exe | 
"{03C3C11C-31E7-4A5E-8121-6E1A0B445F57}" = dir=in | app=c:\program files\apowersoft\streaming video recorder\apowersoftac.dll | 
"{0A4229AA-D848-400A-BF8D-9AD2D2A0288B}" = protocol=58 | dir=out | [email protected],-28546 | 
"{151A433B-4344-452A-93E3-81938E75C7F5}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe | 
"{160ECE69-773C-4914-9495-A694EF792E5E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{2E4286C8-2A14-44D4-985E-C6D4A06CD7A8}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 
"{2EA340C7-20FD-4E09-B2CA-357A6CDA41AB}" = protocol=6 | dir=in | app=c:\users\new user\appdata\roaming\utorrent\utorrent.exe | 
"{2EFD5444-0E21-4A17-8341-A417DAE2744E}" = protocol=17 | dir=in | app=c:\users\new user\downloads\programs\utorrent.exe | 
"{35A287D0-8FEC-46B3-BAD9-8F9D5F9B2D3A}" = dir=out | app=c:\program files\apowersoft\streaming video recorder\apowersoftdownloaderhelp.dll | 
"{38364164-3479-42D1-969A-2C2B7D93D4BE}" = dir=out | app=c:\program files\apowersoft\streaming video recorder\apowersoftsrv.dll | 
"{43206AC0-3833-4B2B-A796-BFE74E04D3B7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{45AFEB59-7F54-492B-B429-8BCB97F458B7}" = protocol=17 | dir=in | app=c:\users\new user\appdata\local\temp\7zs4328\hppiw.exe | 
"{4EAEE056-E184-4757-B31E-601EBB2A499E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{4FBC8533-C7B8-432A-B12C-B9A7CE0836E0}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 
"{56EE043A-D862-4C18-BAE6-BC225FD9A8A1}" = dir=in | app=c:\program files\apowersoft\streaming video recorder\apowersoftdownloaderhelp.dll | 
"{5F631F54-2071-4B82-8FA6-44B4AAEB0FCB}" = protocol=6 | dir=out | app=system | 
"{60BA7BDE-F3DA-45B9-9B39-2CA1AC679D8B}" = protocol=6 | dir=in | app=c:\users\new user\appdata\local\temp\7zs438a\hppiw.exe | 
"{62B0DF52-621A-4119-B797-6B93AE210F95}" = protocol=17 | dir=in | app=c:\program files\avg\avg2014\avgmfapx.exe | 
"{6A1F1B82-19EB-46B2-92AC-18D38EC1CDDB}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{6ABD816F-7D99-4A8A-8CB0-05C6C54A9350}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{72C84AD1-EF0E-4607-BD42-00F0F6084252}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{74C426FF-571A-402D-B9DE-72E5FBC72510}" = dir=out | app=c:\program files\apowersoft\streaming video recorder\apowersoftdump.dll | 
"{7A4CC5EE-DAE6-419A-81FD-EC57F38A4E2E}" = dir=in | app=c:\program files\apowersoft\streaming video recorder\apowersoftplayer.dll | 
"{7A7C5CA4-E46D-49C4-B18B-A11696323A91}" = dir=in | app=c:\program files\apowersoft\streaming video recorder\apowersoftdump.dll | 
"{869C8692-1DC5-4E14-9D58-A9A3C4C130E6}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe | 
"{87830F40-A148-43B2-984D-3B01ED9552C1}" = protocol=1 | dir=in | [email protected],-28543 | 
"{87C370DC-C714-4BEA-9784-83DC14E15A2F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{8B4AD263-4885-4E9B-B6E8-7B8BDCD87897}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{8DA9884A-5666-4308-ABBB-C70D713AA163}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{8DD0F09A-5077-4CF0-8446-61B59CB9D8AA}" = protocol=6 | dir=in | app=c:\users\new user\appdata\local\temp\7zs4328\hppiw.exe | 
"{920517BF-FACA-42C8-9BD1-DBB5AC928B8C}" = protocol=6 | dir=in | app=c:\program files\avg\avg2014\avgmfapx.exe | 
"{A4CBE391-C1A3-40B1-BDF1-41B89F9342FA}" = dir=in | app=c:\program files\apowersoft\streaming video recorder\apowersoftsrv.dll | 
"{AB6BB150-4582-440E-905C-A0D05CB0B8EF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{ABA10549-203B-481C-A384-6CF60C616BD0}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{AD828004-4BFB-4BBF-A1E9-E9A97EDE1BCD}" = dir=out | app=c:\program files\apowersoft\streaming video recorder\apowersoftac.dll | 
"{B1FF595C-E1EC-46F3-9A4A-3F17C193706B}" = protocol=6 | dir=in | app=c:\users\new user\appdata\local\temp\7zs349d\hppiw.exe | 
"{BCBC4399-7F2B-47E8-86BF-5BF938EDDCEA}" = protocol=6 | dir=in | app=c:\users\new user\appdata\roaming\utorrent\utorrent.exe | 
"{BE564729-9006-4A39-AF42-E8CA53F5882A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{BEA3E034-6956-4063-97E6-BC550A3C5909}" = dir=in | app=c:\program files\apowersoft\streaming video recorder\streaming video recorder.exe | 
"{CE49F3B4-98BF-4CB2-A99C-6698B5F756BD}" = dir=out | app=c:\program files\apowersoft\streaming video recorder\streaming video recorder.exe | 
"{CF0EF8A1-8507-445A-836D-D97CBBD8C3E4}" = protocol=6 | dir=in | app=c:\users\new user\downloads\programs\utorrent.exe | 
"{D5BB0769-1E90-4DDE-B4FB-61B0CC194211}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{D89C33D7-D245-49E2-B33A-D385FE6DFC95}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{D8E82E0D-4016-46A9-AFAB-D342E14C8128}" = protocol=17 | dir=in | app=c:\users\new user\appdata\local\temp\7zs349d\hppiw.exe | 
"{DC9F27A1-79A6-41DE-9E1D-247C861F4CFE}" = dir=out | app=c:\program files\apowersoft\streaming video recorder\apowersoftplayer.dll | 
"{DF6687F9-D486-4CD7-8638-172F8CC11936}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E77C0D21-7FD6-4F45-944B-B029F5F7241F}" = protocol=58 | dir=in | [email protected],-28545 | 
"{ECDBFB5B-27B5-4684-A77C-3750B12DC250}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{F26CE78D-0BA3-413D-A358-088CFF2DCEC2}" = protocol=1 | dir=out | [email protected],-28544 | 
"{F3B7DA76-2E63-4974-8E66-9A0C72B60B09}" = protocol=17 | dir=in | app=c:\users\new user\appdata\roaming\utorrent\utorrent.exe | 
"{F6297928-FAB6-4BBC-AE53-02E26DB12EA2}" = protocol=17 | dir=in | app=c:\users\new user\appdata\local\temp\7zs438a\hppiw.exe | 
"TCP Query User{87D262F5-1280-4A59-8733-24BB2D01C00F}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{93C12056-4022-4BA6-A604-7E9ED5E61B04}C:\users\new user\downloads\programs\utorrent.exe" = protocol=6 | dir=in | app=c:\users\new user\downloads\programs\utorrent.exe | 
"TCP Query User{BD5ABFBA-8F31-4D29-85D7-FD45AF801D08}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe | 
"TCP Query User{C3A176A0-A589-4270-849A-286FEA160B2A}C:\users\new user\appdata\roaming\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\users\new user\appdata\roaming\utorrent\utorrent.exe | 
"UDP Query User{1F060DA5-7102-483C-A0C3-FF223EAB9CBF}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{808B7AB4-B775-45C4-8740-FAC3FBA4C896}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe | 
"UDP Query User{CCC3A348-EB05-4048-8766-A36B644C12B4}C:\users\new user\downloads\programs\utorrent.exe" = protocol=17 | dir=in | app=c:\users\new user\downloads\programs\utorrent.exe | 
"UDP Query User{E9C29D3F-F01C-493D-A7B8-93511B3EB02B}C:\users\new user\appdata\roaming\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\users\new user\appdata\roaming\utorrent\utorrent.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D19B2D8-4FE4-48B2-BBA1-194B82A81230}" = Hyper-Utility2
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0FB630AB-7BD8-40AE-B223-60397D57C3C9}" = Realtek WLAN Driver
"{111EE7DF-FC45-40C7-98A7-753AC46B12FB}" = QuickTime 7
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX720_series" = Canon MX720 series MP Drivers
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{138CEA91-A651-45B0-9C2C-D69A44493E0F}" = Hyper-Utility Software Add-On
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 51
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{288487BA-D8C5-4C81-BD89-C7E49DD48E18}" = Desktop-Reminder 2
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{2D471A31-4FA7-95BA-1880-D441113ED736}" = PraiceDOwnlioadeR
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{342126B2-10D5-409E-884B-245347A497E1}" = TOSHIBA Bulletin Board
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3D599ADA-65D9-4B51-898F-CE718DEC5DBB}" = Microsoft Image Composite Editor
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{42451051-52B5-4D74-920A-BB49861D7253}" = TOSHIBA ReelTime
"{44510C84-AE2A-4079-A75B-D44E68D73B9A}" = CyberLink PhotoDirector 4
"{45634CA5-CFDE-4794-9C1C-65613F2A0E4E}" = Hyper-Utility2 CCD-RAW Plug-In
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{4903D172-DCCB-392F-93A3-34CA9D47FE3D}" = Microsoft .NET Framework 4.5.1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}" = Google Earth
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{50F68032-B5B7-4513-9116-C978DBD8F27A}" = DVD MovieFactory for TOSHIBA
"{53536479-DFB0-47ED-9D10-43F3708C222D}" = TOSHIBA eco Utility
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5490882C-6961-11D5-BAE5-00E0188E010B}" = FUJIFILM USB Driver
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5D063AFD-05EF-4CE8-895A-7817118B1D6A}" = Hyper-Utility2 FinePixS20Pro SHOOTING Plug-In
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
"{5F189DF5-2D05-472B-9091-84D9848AE48B}{64af91bf}" = Fast And Safe
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{628C2C7D-8AD1-E614-E8E2-6EEAD8D5F2D0}" = Acrobat.com
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6DEF11C0-35FF-4160-A543-FDD336C4DAE5}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}" = Adobe Photoshop CS6
"{76583DD5-2BCE-46F7-ACC4-3BF37645F4E0}" = FUJIFILM Hyper-Utility Software
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skype™ 6.16
"{80B3B090-7FE0-487D-9065-5D0B3FB9FC31}" = Studio Utility
"{819A351B-09B9-4AE2-A9E9-EAFBF8952A56}" = Hyper-Utility2 Preview Print
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{89F7D66C-777D-473B-AA11-319C0F190EAC}" = TOSHIBA Internal Modem Region Select Utility
"{8AE68327-FAA7-403D-AEEC-CBBA1DE2DBAD}" = Hyper-Utility2 CustomRendered Modifier Plug-In
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E41D2A5-C0DD-4139-8C7A-2F0E1F20ED24}" = CombineZP
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9158FF30-78D7-40EF-B83E-451AC5334640}" = Adobe Photoshop CS5.1
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{934E9442-D305-4ACF-AD87-A6C11D677CB9}" = ImageMixer VCD2 for FinePix
"{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{A127C3C0-055E-38CF-B38F-1E85F8BBBFFE}" = Adobe Community Help
"{A208044D-A88B-4ACF-AE95-E4F213E6EDC0}" = TOSHIBA Supervisor Password
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{ac225167-00fc-452d-94c5-bb93600e7d9a}" = Buzzdock
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.07)
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B1709DC3-3A8C-4C29-B0E7-F033450A62A0}" = Studio Utility shooting plug-in
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B71E0018-25B9-4093-937E-13E6398B853B}" = Hyper-Utility2 File Format Plug-In
"{BB285C9F-C821-4770-8970-56C4AB52C87E}" = Skype Click to Call
"{BEA19A41-E180-40EE-A083-995A2C6B10C4}" = Hyper-Utility2 Print/Contact Sheet Output Plug-In
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE518445-0054-44F8-8315-2AD45BF3701E}" = Raw Therapee V4.0.9.50 x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0387727-C89D-4774-B643-B9333EAA09DE}" = TOSHIBA Hardware Setup
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{EE548EB1-4CF6-4A37-884D-0EA9DDB0F549}" = Hyper-Utility2 FinePixS3Pro SHOOTING Plug-In
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
"{F20E77B0-F2E0-402B-8868-BDEB5CC2D01B}" = Hyper-Utility2 Slide Show Plug-In
"{F3529665-D75E-4D6D-98F0-745C78C68E9B}" = TOSHIBA ConfigFree
"{F87FF0A2-E55F-4BF8-9D0E-1B9BD846E17B}" = Hyper-Utility2 FinePixS2Pro SHOOTING Plug-In
"{F8AFEA7D-77BD-43F3-ADF7-EF71300BEFD2}" = Microsoft Camera Codec Pack
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.22beta
"Adobe Acrobat Reader 3.01" = Adobe Acrobat Reader 3.01
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 13 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Canon MX720 series On-screen Manual" = Canon MX720 series On-screen Manual
"Canon_IJ_Scan_Utility" = Canon IJ Scan Utility
"CanonMyPrinter" = Canon My Printer
"CanonQuickMenu" = Canon Quick Menu
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Desktop-Reminder 2" = Desktop-Reminder 2
"DX-Ball 1.09" = DX-Ball 1.09
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"FinalVideoDownloader_is1" = Final Video Downloader 2013
"Foxit Reader_is1" = Foxit Reader
"Free RAR Extract Frog" = Free RAR Extract Frog
"Free Screen Video Recorder_is1" = Free Screen Video Recorder version 2.5.34.605
"Free Studio_is1" = Free Studio version 5.3.5
"Gimp Resynthesizer Plugin_is1" = Gimp Resynthesizer Plugin version 0.16
"GIMP-2_is1" = GIMP 2.8.10
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP OfficeJet G Series" = HP OfficeJet G Series
"InstallShield_{342126B2-10D5-409E-884B-245347A497E1}" = TOSHIBA Bulletin Board
"InstallShield_{42451051-52B5-4D74-920A-BB49861D7253}" = TOSHIBA ReelTime
"InstallShield_{44510C84-AE2A-4079-A75B-D44E68D73B9A}" = CyberLink PhotoDirector 4
"InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}" = DVD MovieFactory for TOSHIBA
"InstallShield_{53536479-DFB0-47ED-9D10-43F3708C222D}" = TOSHIBA eco Utility
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{89F7D66C-777D-473B-AA11-319C0F190EAC}" = TOSHIBA Internal Modem Region Select Utility
"InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"LTMOH" = LSI V92 MOH Application
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 30.0 (x86 en-GB)" = Mozilla Firefox 30.0 (x86 en-GB)
"Mozilla Thunderbird 24.6.0 (x86 en-US)" = Mozilla Thunderbird 24.6.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Opera 12.16.1860" = Opera 12.16
"PIE_is1" = PIE Free v6.7
"PokerStars" = PokerStars
"PrnPrint" = PrnPrint v3.47.10
"Speed Dial Utility" = Canon Speed Dial Utility
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Un-Rar for Windows" = Un-Rar for Windows 9.22beta
"VLC media player" = VLC media player 2.1.3
"Wavelet Denoise Gimp Plugin_is1" = Wavelet Denoise Gimp Plugin version 0.3.1
"WH_WorldClock31" = WorldClock 3.0
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.2
"Xnet Usage Monitor_is1" = Xnet Usage Monitor V1.9.1

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Foxit Reader Free Download Packages" = Foxit Reader Free Download Packages
"uTorrent" = µTorrent

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/2/2014 6:50:25 PM | Computer Name = Tosh-2 | Source = Application Hang | ID = 1002
Description = The program WINWORD.EXE version 11.0.8411.0 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1468 Start
Time: 01cf9647ee3a0aa3 Termination Time: 10 Application Path: C:\Program Files\Microsoft
Office\OFFICE11\WINWORD.EXE Report Id: 35e36f38-023b-11e4-a28a-00266c6bc8d1

Error - 7/3/2014 6:19:10 PM | Computer Name = Tosh-2 | Source = Application Error | ID = 1000
Description = Faulting application name: plugin-container.exe, version: 30.0.0.5269,
time stamp: 0x53914233 Faulting module name: mozalloc.dll, version: 30.0.0.5269,
time stamp: 0x53911393 Exception code: 0x80000003 Fault offset: 0x0000141b Faulting
process id: 0x1008 Faulting application start time: 0x01cf9700952b20fd Faulting application
path: C:\Program Files\Mozilla Firefox\plugin-container.exe Faulting module path:
C:\Program Files\Mozilla Firefox\mozalloc.dll Report Id: 0db3700d-0300-11e4-bb56-00266c6bc8d1

Error - 7/4/2014 4:46:28 AM | Computer Name = Tosh-2 | Source = Application Error | ID = 1000
Description = Faulting application name: plugin-container.exe, version: 30.0.0.5269,
time stamp: 0x53914233 Faulting module name: mozalloc.dll, version: 30.0.0.5269,
time stamp: 0x53911393 Exception code: 0x80000003 Fault offset: 0x0000141b Faulting
process id: 0x8e0 Faulting application start time: 0x01cf9747e35cf1df Faulting application
path: C:\Program Files\Mozilla Firefox\plugin-container.exe Faulting module path:
C:\Program Files\Mozilla Firefox\mozalloc.dll Report Id: afc23eef-0357-11e4-bb56-00266c6bc8d1

Error - 7/4/2014 6:52:40 PM | Computer Name = Tosh-2 | Source = Application Error | ID = 1000
Description = Faulting application name: plugin-container.exe, version: 30.0.0.5269,
time stamp: 0x53914233 Faulting module name: mozalloc.dll, version: 30.0.0.5269,
time stamp: 0x53911393 Exception code: 0x80000003 Fault offset: 0x0000141b Faulting
process id: 0x450 Faulting application start time: 0x01cf97d6ec811556 Faulting application
path: C:\Program Files\Mozilla Firefox\plugin-container.exe Faulting module path:
C:\Program Files\Mozilla Firefox\mozalloc.dll Report Id: e63f3dea-03cd-11e4-a7e2-00266c6bc8d1

Error - 7/4/2014 11:41:34 PM | Computer Name = Tosh-2 | Source = Application Hang | ID = 1002
Description = The program WINWORD.EXE version 11.0.8411.0 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: ac0 Start
Time: 01cf98029a907944 Termination Time: 10 Application Path: C:\Program Files\Microsoft
Office\OFFICE11\WINWORD.EXE Report Id: 3c40af2a-03f6-11e4-bca0-00266c6bc8d1

Error - 7/4/2014 11:45:25 PM | Computer Name = Tosh-2 | Source = Application Error | ID = 1000
Description = Faulting application name: Foxit Reader.exe, version: 6.1.4.217, time
stamp: 0x5301d8a7 Faulting module name: Foxit Reader.exe, version: 6.1.4.217, time
stamp: 0x5301d8a7 Exception code: 0xc0000005 Fault offset: 0x00052faa Faulting process
id: 0x102c Faulting application start time: 0x01cf98038c74d270 Faulting application
path: C:\Program Files\Foxit Software\Foxit Reader\Foxit Reader.exe Faulting module
path: C:\Program Files\Foxit Software\Foxit Reader\Foxit Reader.exe Report Id: cbee8e97-03f6-11e4-bca0-00266c6bc8d1

Error - 7/6/2014 6:01:58 AM | Computer Name = Tosh-2 | Source = Application Error | ID = 1000
Description = Faulting application name: thunderbird.exe, version: 24.6.0.5274, 
time stamp: 0x5396c4a8 Faulting module name: xul.dll, version: 24.6.0.5274, time 
stamp: 0x5396c38c Exception code: 0xc0000005 Fault offset: 0x00a4970d Faulting process
id: 0x143c Faulting application start time: 0x01cf990151a47e6d Faulting application
path: C:\Program Files\Mozilla Thunderbird\thunderbird.exe Faulting module path:
C:\Program Files\Mozilla Thunderbird\xul.dll Report Id: 90b2a4fb-04f4-11e4-a316-00266c6bc8d1

Error - 7/6/2014 6:34:53 AM | Computer Name = Tosh-2 | Source = Application Error | ID = 1000
Description = Faulting application name: thunderbird.exe, version: 24.6.0.5274, 
time stamp: 0x5396c4a8 Faulting module name: xul.dll, version: 24.6.0.5274, time 
stamp: 0x5396c38c Exception code: 0xc0000005 Fault offset: 0x00a4970d Faulting process
id: 0x66c Faulting application start time: 0x01cf9905eaca18e8 Faulting application
path: C:\Program Files\Mozilla Thunderbird\thunderbird.exe Faulting module path:
C:\Program Files\Mozilla Thunderbird\xul.dll Report Id: 29b2cac4-04f9-11e4-a316-00266c6bc8d1

Error - 7/6/2014 7:12:31 AM | Computer Name = Tosh-2 | Source = Application Error | ID = 1000
Description = Faulting application name: thunderbird.exe, version: 24.6.0.5274, 
time stamp: 0x5396c4a8 Faulting module name: xul.dll, version: 24.6.0.5274, time 
stamp: 0x5396c38c Exception code: 0xc0000005 Fault offset: 0x00a4970d Faulting process
id: 0x4ac Faulting application start time: 0x01cf990b2cec0ba5 Faulting application
path: C:\Program Files\Mozilla Thunderbird\thunderbird.exe Faulting module path:
C:\Program Files\Mozilla Thunderbird\xul.dll Report Id: 6c0e56b4-04fe-11e4-a316-00266c6bc8d1

Error - 7/6/2014 7:24:11 AM | Computer Name = Tosh-2 | Source = Application Error | ID = 1000
Description = Faulting application name: thunderbird.exe, version: 24.6.0.5274, 
time stamp: 0x5396c4a8 Faulting module name: xul.dll, version: 24.6.0.5274, time 
stamp: 0x5396c38c Exception code: 0xc0000005 Fault offset: 0x00a4970d Faulting process
id: 0x13c8 Faulting application start time: 0x01cf990cce9caf01 Faulting application
path: C:\Program Files\Mozilla Thunderbird\thunderbird.exe Faulting module path:
C:\Program Files\Mozilla Thunderbird\xul.dll Report Id: 0d57375f-0500-11e4-a316-00266c6bc8d1

[ System Events ]
Error - 7/4/2014 1:11:20 AM | Computer Name = Tosh-2 | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 7/4/2014 1:15:40 AM | Computer Name = Tosh-2 | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 7/4/2014 1:58:30 AM | Computer Name = Tosh-2 | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.

Error - 7/4/2014 9:40:53 AM | Computer Name = Tosh-2 | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x8024200d: Security Update for Windows 7 (KB2667402).

Error - 7/4/2014 5:53:10 PM | Computer Name = Tosh-2 | Source = Service Control Manager | ID = 7023
Description = The HP Network Devices Support service terminated with the following
error: %%126

Error - 7/4/2014 6:10:12 PM | Computer Name = Tosh-2 | Source = Service Control Manager | ID = 7031
Description = The Util NetCrawl service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 5000 milliseconds:
Restart the service.

Error - 7/4/2014 6:10:19 PM | Computer Name = Tosh-2 | Source = Service Control Manager | ID = 7031
Description = The Update NetCrawl service terminated unexpectedly. It has done 
this 1 time(s). The following corrective action will be taken in 5000 milliseconds:
Restart the service.

Error - 7/4/2014 7:08:33 PM | Computer Name = Tosh-2 | Source = Service Control Manager | ID = 7023
Description = The HP Network Devices Support service terminated with the following
error: %%126

Error - 7/5/2014 1:53:09 AM | Computer Name = Tosh-2 | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x8024200d: Security Update for Windows 7 (KB2667402).

Error - 7/6/2014 12:21:21 AM | Computer Name = Tosh-2 | Source = Service Control Manager | ID = 7023
Description = The HP Network Devices Support service terminated with the following
error: %%126

< End of report >


----------



## Cookiegal (Aug 27, 2003)

You've posted the Extras log twice. Please post the OTL.txt log.


----------



## Cookiegal (Aug 27, 2003)

I'm sorry but that's the wrong log.


----------



## MikeJG (Jul 31, 2013)

The Reply box won't submit my post .I get a message saying there are too many characters and that I have included an image. I haven't. Don't I just Edit>select all>copy and post to the Reply box?


----------



## MikeJG (Jul 31, 2013)

I have redownloaded the 0TL scanner and scanned the computer and Moved OTL to the desktop and pasted the results directly from there. But no matter what I do the reply will not post. I've tried repeatedly. Ikeep being told that the message is too long and that I've posted an image. I've only done the copy/paste. Help!


----------



## Cookiegal (Aug 27, 2003)

Please upload the log as an attachment then.


----------



## MikeJG (Jul 31, 2013)

I'm trying to upload the file but it won't happen.
I'm following your advice to another member (08-May-2005) on uploading a file:
"Submit reply">"AdditionalOptions">"ManageAttachments".>"browse">"open">"upload"> "submit post".

Once I open the file there is no "Upload" button anywhere that I can find. 
Could it be because I don't yet have entitlement to do that?

When I had this message in the reply box I tried to add the log by copy/paste but was told again that it had too many characters and that I had included an image. ????!

Are you able to explain how I can get this to work?


----------



## Cookiegal (Aug 27, 2003)

The log is attached. I'll paste it here for easier viewing.

OTL logfile created on: 7/7/2014 12:59:28 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\new user\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17126)
Locale: 00000409 | Country: New Zealand | Language: ENZ | Date Format: d/MM/yyyy

2.87 Gb Total Physical Memory | 1.93 Gb Available Physical Memory | 67.24% Memory free
5.74 Gb Paging File | 4.39 Gb Available in Paging File | 76.52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 143.17 Gb Total Space | 4.64 Gb Free Space | 3.24% Space Free | Partition Type: NTFS
Drive E: | 141.09 Gb Total Space | 139.16 Gb Free Space | 98.63% Space Free | Partition Type: NTFS
Drive F: | 465.76 Gb Total Space | 366.55 Gb Free Space | 78.70% Space Free | Partition Type: NTFS
Drive G: | 37.26 Gb Total Space | 29.94 Gb Free Space | 80.36% Space Free | Partition Type: NTFS
Drive H: | 29.28 Gb Total Space | 15.97 Gb Free Space | 54.53% Space Free | Partition Type: FAT32
Drive I: | 7.94 Gb Total Space | 7.94 Gb Free Space | 99.99% Space Free | Partition Type: FAT32
Drive J: | 1.91 Gb Total Space | 1.90 Gb Free Space | 99.88% Space Free | Partition Type: FAT

Computer Name: TOSH-2 | User Name: new user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/07/07 00:56:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\new user\Desktop\OTL.exe
PRC - [2014/07/03 10:47:06 | 001,322,832 | ---- | M] (BitTorrent Inc.) -- C:\Users\new user\AppData\Roaming\uTorrent\uTorrent.exe
PRC - [2014/05/20 06:51:34 | 002,826,256 | ---- | M] (Polenter - Software Solutions) -- C:\Program Files\Desktop-Reminder 2\DesktopReminder2.exe
PRC - [2014/04/11 19:45:50 | 001,764,992 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
PRC - [2014/04/11 19:45:42 | 001,390,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
PRC - [2014/04/10 01:13:04 | 000,279,456 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
PRC - [2013/12/21 18:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/12/13 13:00:00 | 003,228,080 | ---- | M] (AdFender, Inc.) -- C:\Program Files\AdFender\AdFender.exe
PRC - [2012/11/23 14:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/04/04 06:25:00 | 000,295,584 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
PRC - [2011/07/20 10:59:50 | 002,338,304 | ---- | M] (WorldxChange Communications Limited) -- C:\Program Files\Xnet Usage Monitor\XNetUsage.exe
PRC - [2011/02/25 17:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/01/12 07:08:56 | 001,523,360 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe
PRC - [2009/08/18 05:48:46 | 001,294,136 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
PRC - [2009/08/18 05:48:42 | 000,051,512 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
PRC - [2009/08/12 11:09:54 | 000,185,712 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TECO\TecoService.exe
PRC - [2009/08/12 11:09:38 | 001,324,384 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TECO\TEco.exe
PRC - [2009/08/11 14:55:46 | 000,185,712 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
PRC - [2009/08/07 12:05:18 | 000,583,024 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
PRC - [2009/08/07 12:04:56 | 000,685,424 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
PRC - [2009/08/07 10:02:02 | 000,029,528 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
PRC - [2009/08/07 08:06:58 | 000,466,792 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
PRC - [2009/08/06 09:18:50 | 000,464,224 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
PRC - [2009/08/06 09:18:08 | 000,476,512 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
PRC - [2009/08/06 09:04:54 | 000,738,616 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
PRC - [2009/08/04 13:16:50 | 001,021,272 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
PRC - [2009/08/04 13:16:32 | 000,111,960 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
PRC - [2009/07/29 15:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2009/07/29 10:43:04 | 000,128,344 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2009/07/29 09:00:10 | 000,460,088 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
PRC - [2009/07/14 10:24:00 | 000,304,496 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2009/07/08 04:37:32 | 000,062,832 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe
PRC - [2009/03/28 13:10:56 | 000,014,336 | ---- | M] (LSI Corporation) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe
PRC - [2009/03/11 13:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2000/07/26 10:34:48 | 000,061,440 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\hpoopm07.exe

========== Modules (No Company Name) ==========

MOD - [2014/05/15 22:48:55 | 000,785,920 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Ente96d83b35#\ee550c3d485d44c7fbeeafe12a3e318b\System.EnterpriseServices.ni.dll
MOD - [2014/05/15 22:48:55 | 000,250,880 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Ente96d83b35#\ee550c3d485d44c7fbeeafe12a3e318b\System.EnterpriseServices.Wrapper.dll
MOD - [2014/02/28 08:42:24 | 019,693,056 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\24bf0c88c0465485f4b842df043b3f45\System.ServiceModel.ni.dll
MOD - [2014/02/27 23:37:05 | 001,870,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\b85a411ce82ba71cd3d77c8c13794f81\System.Web.Services.ni.dll
MOD - [2014/02/27 23:37:02 | 000,660,992 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\2053b0e14f1e64a5c5d6d1c4d01485a2\System.Transactions.ni.dll
MOD - [2014/02/27 23:36:58 | 001,180,672 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Management\0893e0e7137e3b2da905da6216b75344\System.Management.ni.dll
MOD - [2014/02/27 23:36:54 | 002,542,080 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Linq\7e73e63cf4b8efdf41900b9576489e61\System.Data.Linq.ni.dll
MOD - [2014/02/27 23:36:52 | 007,409,664 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Data\6bbed231aec6fd82547e09474da0b2f9\System.Data.ni.dll
MOD - [2014/02/27 23:36:50 | 012,894,208 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f4f6ee0df2aa4189bf36e6335cb92761\System.Windows.Forms.ni.dll
MOD - [2014/02/27 23:36:41 | 001,644,544 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\5cd2aee5e7c07227c694d89219688ab3\System.Drawing.ni.dll
MOD - [2014/02/27 23:36:39 | 002,825,216 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\f6d7bb59f318c130d68816a89335d05e\System.Runtime.Serialization.ni.dll
MOD - [2014/02/27 23:36:34 | 007,662,080 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bada32953bb6b16a53d653eae23d78dc\System.Xml.ni.dll
MOD - [2014/02/27 23:36:27 | 000,976,384 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\bbc48ec4245e502ae19b0601d3799c9e\System.Configuration.ni.dll
MOD - [2014/02/27 23:36:19 | 006,990,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\dce99d8de14d8a015313db98c72552ee\System.Core.ni.dll
MOD - [2014/02/27 23:36:16 | 003,950,080 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\acf97bfe2a931d4a47253b26b7218991\WindowsBase.ni.dll
MOD - [2014/02/27 23:36:13 | 010,060,800 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System\ff26cc03e6d57d8abd13b990332e67c6\System.ni.dll
MOD - [2014/02/27 23:36:07 | 000,147,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\4c8a153aa66fcd62db6fff269a2ef2b4\System.Numerics.ni.dll
MOD - [2014/02/27 23:36:06 | 000,045,056 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\Accessibility\e7e7e3b82e91028e6ed05189f837ea13\Accessibility.ni.dll
MOD - [2014/02/27 23:36:05 | 016,953,856 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll
MOD - [2014/02/12 20:56:38 | 000,212,992 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\b34b348a9935338b1282fd0c9309eb1f\System.ServiceProcess.ni.dll
MOD - [2014/02/12 20:55:40 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\8bc548587e91ecf0552a40e47bbf99cc\System.Windows.Forms.ni.dll
MOD - [2014/02/12 20:55:32 | 001,593,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5c24d3b0041ebf4f48a93615b9fa3de9\System.Drawing.ni.dll
MOD - [2014/02/12 20:55:07 | 005,464,064 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\217ece46920546d718414291d463bb1c\System.Xml.ni.dll
MOD - [2014/02/12 20:55:02 | 000,978,432 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\5b6ddf934128d538cd5cd77bf4209b93\System.Configuration.ni.dll
MOD - [2014/02/12 20:55:01 | 007,989,760 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll
MOD - [2014/02/12 20:54:49 | 011,499,520 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll
MOD - [2011/01/12 07:08:52 | 000,060,416 | ---- | M] () -- C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\zlib1.dll
MOD - [2010/04/26 04:47:37 | 008,007,680 | ---- | M] () -- C:\windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
MOD - [2009/08/04 13:17:24 | 000,079,192 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
MOD - [2009/07/17 10:27:48 | 000,052,536 | ---- | M] () -- C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
MOD - [2009/07/17 10:27:44 | 007,263,544 | ---- | M] () -- C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
MOD - [2009/07/14 13:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\System32\msjetoledb40.dll
MOD - [2009/03/13 14:08:04 | 000,049,152 | ---- | M] () -- C:\Program Files\TOSHIBA\PCDiag\NotifyPCD.dll
MOD - [2000/07/26 10:34:48 | 000,061,440 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\hpoopm07.exe
MOD - [1998/04/06 13:00:32 | 000,131,072 | ---- | M] () -- G:\PhotoDeluxe BE 1.0\PbeShell.dll

========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Users\new user\AppData\Local\Temp\7zS7DC9\hpslpsvc32.dll -- (HPSLPSVC)
SRV - [2014/06/11 15:42:50 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/05/30 20:28:30 | 000,108,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2014/05/14 21:54:13 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/04/11 19:45:50 | 001,764,992 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe -- (c2cpnrsvc)
SRV - [2014/04/11 19:45:42 | 001,390,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe -- (c2cautoupdatesvc)
SRV - [2014/04/10 01:12:50 | 000,235,696 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe -- (McComponentHostService)
SRV - [2013/12/21 18:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/10/23 07:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/05/27 16:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/05/12 17:05:14 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/08/18 05:48:42 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009/08/12 11:09:54 | 000,185,712 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV - [2009/08/11 14:55:46 | 000,185,712 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe -- (cfWiMAXService)
SRV - [2009/08/07 12:04:56 | 000,685,424 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV - [2009/08/06 09:18:50 | 000,464,224 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2009/08/04 13:16:32 | 000,111,960 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV - [2009/07/29 10:43:04 | 000,128,344 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2009/07/14 13:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/14 13:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 13:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/08 04:37:32 | 000,062,832 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe -- (RSELSVC)
SRV - [2009/03/28 13:10:56 | 000,014,336 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2009/03/11 13:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\vmnetadapter.sys -- (VMnetAdapter)
DRV - File not found [Kernel | Boot | Stopped] -- system32\DRIVERS\vmci.sys -- (vmci)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RtsUCcid.sys -- (USBCCID)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Rts516xIR.sys -- (RtsUIR)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Glary Utilities 3\ProcObsrv.sys -- (ProcObsrv)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motusbdevice.sys -- (motusbdevice)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Motousbnet.sys -- (Motousbnet)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motswch.sys -- (MotoSwitchService)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motmodem.sys -- (motmodem)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motccgpfl.sys -- (motccgpfl)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motccgp.sys -- (motccgp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\NEWUSE~1\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motfilt.sys -- (BTCFilterService)
DRV - [2014/07/03 11:23:20 | 000,052,920 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\System32\drivers\{6fcd6092-9615-4f7f-8898-8df53980e5d2}Gw.sys -- ({6fcd6092-9615-4f7f-8898-8df53980e5d2}Gw)
DRV - [2014/06/11 15:34:48 | 000,052,928 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\System32\drivers\{a3f28269-ad17-41a8-b032-3e0313ef8979}w.sys -- ({a3f28269-ad17-41a8-b032-3e0313ef8979}w)
DRV - [2013/07/30 10:51:30 | 000,013,560 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\gfibto.sys -- (gfibto)
DRV - [2013/06/01 13:56:40 | 000,026,032 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys -- (Apowersoft_AudioDevice)
DRV - [2013/04/11 11:06:45 | 000,041,584 | ---- | M] (ThreatTrack Security) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\gfiark.sys -- (gfiark)
DRV - [2011/02/12 09:23:34 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (npf)
DRV - [2010/11/21 00:30:17 | 000,296,064 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm)
DRV - [2010/11/21 00:30:17 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus)
DRV - [2010/11/20 22:50:38 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb)
DRV - [2010/11/20 22:50:37 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV - [2010/11/20 22:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 21:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/04/28 22:01:09 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\timntr.sys -- (timounter)
DRV - [2010/04/28 22:01:09 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\System32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2010/04/26 17:22:42 | 001,011,232 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se)
DRV - [2009/08/06 14:04:04 | 000,171,520 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/07/31 12:45:56 | 000,022,912 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2009/07/25 10:57:06 | 000,275,536 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
DRV - [2009/07/22 09:18:58 | 001,161,760 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/07/15 10:28:42 | 000,023,512 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2009/07/14 11:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/14 10:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)
DRV - [2009/07/08 03:53:06 | 000,007,680 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2009/06/23 12:04:58 | 000,024,064 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PGEffect.sys -- (PGEffect)
DRV - [2009/06/20 14:31:08 | 000,012,920 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\TVALZFL.sys -- (TVALZFL)
DRV - [2006/11/10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSAU&bmod=TSAU
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{1583BE2E-04F0-4D5F-9233-70D1EC570F9E}: "URL" = https://au.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=231195&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo!"
FF - prefs.js..browser.search.order.3: "Bing "
FF - prefs.js..browser.search.useDBForOrder: "false"

FF - prefs.js..extensions.enabledAddons: exif_viewer%40mozilla.doslash.org:2.00
FF - prefs.js..extensions.enabledAddons: %7B1a5dabbd-0e74-41da-b532-a364bb552cab%7D:1.0.9
FF - prefs.js..extensions.enabledAddons: downloader%40finalvideotools.com:1.0.1
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.15
FF - prefs.js..extensions.enabledAddons: artur.dubovoy%40gmail.com:5.9.1
FF - prefs.js..extensions.enabledAddons: saamazon%40mybrowserbar.com:1.7
FF - prefs.js..extensions.enabledAddons: saebay%40mybrowserbar.com:1.7
FF - prefs.js..extensions.enabledAddons: prositematcher%40prositematcher.com:1.1
FF - prefs.js..extensions.enabledAddons: %7B58d2a791-6199-482f-a9aa-9b725ec61362%7D:2.3
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:30.0
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: File not found
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\FinalVideoDownloader\Firefox [2013/10/01 09:18:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2014/06/11 15:42:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/06/11 15:42:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.6.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2014/05/01 20:19:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.6.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{e4f94d1e-2f53-401e-8885-681602c0ddd8}: C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014/04/04 22:36:14 | 000,010,691 | ---- | M] ()
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 24.6.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2014/05/01 20:19:09 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 24.6.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2012/03/21 22:31:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\new user\AppData\Roaming\mozilla\Extensions
[2014/07/05 10:10:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\new user\AppData\Roaming\mozilla\Firefox\Profiles\extensions
[2014/07/05 10:10:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\new user\AppData\Roaming\mozilla\Firefox\Profiles\extensions\extensions
[2014/05/29 21:28:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\new user\AppData\Roaming\mozilla\Firefox\Profiles\extensions\searchplugins
[2014/07/05 10:52:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\new user\AppData\Roaming\mozilla\Firefox\Profiles\zv8j385y.default\extensions
[2014/07/05 10:52:38 | 000,000,000 | ---D | M] (PruiceDownloadeer) -- C:\Users\new user\AppData\Roaming\mozilla\Firefox\Profiles\zv8j385y.default\extensions\[email protected]
[2014/05/10 21:01:12 | 000,000,000 | ---D | M] ("Flash Video Downloader - Full HD Download") -- C:\Users\new user\AppData\Roaming\mozilla\Firefox\Profiles\zv8j385y.default\extensions\[email protected]
[2014/06/18 16:46:02 | 000,000,000 | ---D | M] ("Site Matcher Pro") -- C:\Users\new user\AppData\Roaming\mozilla\Firefox\Profiles\zv8j385y.default\extensions\[email protected]
[2014/06/12 21:13:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\new user\AppData\Roaming\mozilla\Firefox\Profileszv8j385y.default\extensions
[2014/06/12 21:13:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\new user\AppData\Roaming\mozilla\Firefox\Profileszv8j385y.default\extensions\staged
[2014/01/07 07:32:46 | 000,007,376 | ---- | M] () (No name found) -- C:\Users\new user\AppData\Roaming\mozilla\firefox\profiles\extensions\extensions\[email protected]
[2013/10/16 13:26:14 | 000,230,013 | ---- | M] () (No name found) -- C:\Users\new user\AppData\Roaming\mozilla\firefox\profiles\zv8j385y.default\extensions\[email protected]
[2014/02/14 09:41:07 | 000,384,004 | ---- | M] () (No name found) -- C:\Users\new user\AppData\Roaming\mozilla\firefox\profiles\zv8j385y.default\extensions\[email protected]
[2014/06/28 16:41:37 | 000,094,383 | ---- | M] () (No name found) -- C:\Users\new user\AppData\Roaming\mozilla\firefox\profiles\zv8j385y.default\extensions\[email protected]
[2014/06/07 17:55:25 | 000,007,980 | ---- | M] () (No name found) -- C:\Users\new user\AppData\Roaming\mozilla\firefox\profiles\zv8j385y.default\extensions\[email protected]
[2014/06/07 17:55:25 | 000,007,203 | ---- | M] () (No name found) -- C:\Users\new user\AppData\Roaming\mozilla\firefox\profiles\zv8j385y.default\extensions\[email protected]
[2013/10/16 13:26:14 | 000,027,934 | ---- | M] () (No name found) -- C:\Users\new user\AppData\Roaming\mozilla\firefox\profiles\zv8j385y.default\extensions\{1a5dabbd-0e74-41da-b532-a364bb552cab}.xpi
[2014/06/28 08:44:34 | 000,008,833 | ---- | M] () (No name found) -- C:\Users\new user\AppData\Roaming\mozilla\firefox\profiles\zv8j385y.default\extensions\{58d2a791-6199-482f-a9aa-9b725ec61362}.xpi
[2014/06/30 09:12:01 | 000,967,387 | ---- | M] () (No name found) -- C:\Users\new user\AppData\Roaming\mozilla\firefox\profiles\zv8j385y.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014/02/14 09:59:59 | 000,287,566 | ---- | M] () (No name found) -- C:\Users\new user\AppData\Roaming\mozilla\firefox\profiles\zv8j385y.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2014/05/29 21:44:20 | 000,008,080 | ---- | M] () -- C:\Users\new user\AppData\Roaming\mozilla\firefox\profiles\zv8j385y.default\searchplugins\yahoo_ff.xml
[2014/06/19 20:30:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/06/19 20:30:32 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/10/01 09:18:54 | 000,000,000 | ---D | M] (FinalVideoDownloader plugin for Mozilla Firefox) -- C:\PROGRAM FILES\FINALVIDEODOWNLOADER\FIREFOX
[2004/05/07 15:31:40 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\components\MSVCR71.DLL
CHR - Extension: No name found = C:\Users\new user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\
CHR - Extension: No name found = C:\Users\new user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\new user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\new user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\new user\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.2.15747.10003_0\
CHR - Extension: No name found = C:\Users\new user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\new user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2014/07/03 16:08:53 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (PraiceDOwnlioadeR) - {E9160AFC-ADE0-19DE-6BE9-021F3D768765} - C:\ProgramData\PraiceDOwnlioadeR\vqG.dll ()
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CanonQuickMenu] C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [HPAIO_PrintFolderMgr] C:\Windows\System32\spool\drivers\w32x86\hpoopm07.exe ()
O4 - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKCU..\Run: [DesktopReminder2ByPolenter] C:\Program Files\Desktop-Reminder 2\DesktopReminder2.exe (Polenter - Software Solutions)
O4 - HKCU..\Run: [uTorrent] C:\Users\new user\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\windows\System32\Macromed\Flash\FlashUtil32_13_0_0_214_Plugin.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Users\new user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\new user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xnet Usage Monitor.lnk = C:\Program Files\Xnet Usage Monitor\XNetUsage.exe (WorldxChange Communications Limited)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\new user\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\new user\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Download Video - {3B54DEAB-C6D4-48a8-8C32-A70558643400} - C:\Program Files\FinalVideoDownloader\fvdRunner.html ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 58.28.5.2 58.28.6.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{22954387-82DA-461F-BF7C-C1C4C8D575B7}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{678A7195-B191-4A9F-8042-51607E67A254}: DhcpNameServer = 58.28.5.2 58.28.6.2
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\progra~2\fastan~1\fastan~1.dll) - c:\ProgramData\Fast And Safe\FastAndSafe.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/06/12 23:51:28 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2013/05/25 14:51:19 | 000,000,000 | ---D | M] - G:\AUTORUN -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/07/07 00:56:07 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\new user\Desktop\OTL.exe
[2014/07/06 21:24:44 | 000,000,000 | ---D | C] -- C:\Users\new user\Desktop\Rog & Angelika
[2014/07/06 21:23:30 | 000,000,000 | ---D | C] -- C:\Users\new user\Desktop\Steph
[2014/07/06 17:05:24 | 000,000,000 | ---D | C] -- C:\Users\new user\Desktop\FUJU
[2014/07/05 10:52:29 | 000,000,000 | ---D | C] -- C:\ProgramData\PraiceDOwnlioadeR
[2014/07/05 10:12:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Fast And Safe
[2014/07/05 10:12:08 | 000,000,000 | ---D | C] -- C:\ProgramData\2308189059
[2014/07/04 17:16:29 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014/07/04 16:52:17 | 005,213,907 | R--- | C] (Swearware) -- C:\Users\new user\Desktop\puppy.exe.exe
[2014/07/04 15:06:20 | 000,000,000 | ---D | C] -- C:\Users\new user\Desktop\Pano 3 Penta
[2014/07/04 15:03:56 | 000,000,000 | ---D | C] -- C:\Users\new user\Desktop\pano 2 manual Takunar
[2014/07/04 14:58:38 | 000,000,000 | ---D | C] -- C:\Users\new user\Desktop\pano
[2014/07/04 14:18:44 | 000,000,000 | ---D | C] -- C:\Users\new user\Desktop\101_0407
[2014/07/04 12:16:24 | 000,000,000 | ---D | C] -- C:\Users\new user\Desktop\New folder
[2014/07/04 11:23:24 | 000,052,920 | ---- | C] (StdLib) -- C:\windows\System32\drivers\{6fcd6092-9615-4f7f-8898-8df53980e5d2}Gw.sys
[2014/07/04 10:24:11 | 000,000,000 | ---D | C] -- C:\Users\new user\Documents\Optimizer Pro
[2014/07/04 10:21:03 | 000,000,000 | ---D | C] -- C:\Users\new user\AppData\Local\FileTypeAssistant
[2014/07/04 10:21:01 | 000,000,000 | ---D | C] -- C:\Program Files\File Type Assistant
[2014/07/04 10:18:51 | 000,000,000 | ---D | C] -- C:\Program Files\Optimizer Pro
[2014/07/03 23:17:06 | 000,000,000 | ---D | C] -- C:\Users\new user\Desktop\Ad Blocking
[2014/07/03 22:44:47 | 000,000,000 | ---D | C] -- C:\Users\new user\Desktop\ROG
[2014/07/03 15:22:25 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2014/07/03 15:22:25 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2014/07/03 15:22:25 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2014/07/03 15:22:11 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/07/03 15:21:38 | 000,000,000 | ---D | C] -- C:\windows\erdnt
[2014/07/03 15:18:57 | 005,213,907 | ---- | C] (Swearware) -- C:\Users\new user\Desktop\doggy.exe
[2014/07/03 00:36:16 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\windows\System32\sqlite3.dll
[2014/07/02 10:09:54 | 000,000,000 | ---D | C] -- C:\Users\new user\Desktop\PORK
[2014/07/01 23:18:08 | 000,000,000 | ---D | C] -- C:\windows\Minidump
[2014/07/01 22:09:38 | 000,000,000 | ---D | C] -- C:\Users\new user\Desktop\Tech Suppport Guy scans
[2014/06/25 15:35:57 | 000,000,000 | ---D | C] -- C:\Users\new user\Documents\Adobe Scripts
[2014/06/19 17:50:35 | 000,000,000 | ---D | C] -- C:\Users\new user\Desktop\Ebedded Video Downloader
[2014/06/17 14:37:53 | 000,000,000 | ---D | C] -- C:\Users\new user\AppData\Roaming\DesktopReminder
[2014/06/17 14:26:40 | 000,000,000 | ---D | C] -- C:\Users\new user\Documents\DesktopReminder
[2014/06/17 14:26:28 | 000,000,000 | ---D | C] -- C:\Users\new user\AppData\Local\Polenter_-_Software_Solut
[2014/06/17 14:25:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Desktop-Reminder
[2014/06/17 14:25:47 | 000,000,000 | ---D | C] -- C:\Program Files\Desktop-Reminder 2
[2014/06/17 14:25:35 | 000,000,000 | -H-D | C] -- C:\ProgramData\{6EDBDBF3-ED1B-4CF1-80B9-21175D532D2A}
[2014/06/17 14:22:52 | 000,000,000 | ---D | C] -- C:\Users\new user\AppData\Local\InstallAware Installation Information
[2014/06/16 13:18:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picmeta Systems
[2014/06/16 13:18:23 | 000,000,000 | ---D | C] -- C:\Program Files\Picmeta
[2014/06/13 17:11:55 | 000,000,000 | ---D | C] -- C:\Users\new user\AppData\Roaming\DriverFinder
[2014/06/12 22:17:57 | 000,052,928 | ---- | C] (StdLib) -- C:\windows\System32\drivers\{a3f28269-ad17-41a8-b032-3e0313ef8979}w.sys
[2014/06/12 21:16:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
[2014/06/12 21:16:19 | 000,000,000 | ---D | C] -- C:\Program Files\Foxit Software
[2014/06/12 21:13:37 | 000,000,000 | ---D | C] -- C:\Program Files\Greener Web
[2014/06/12 21:13:05 | 000,000,000 | ---D | C] -- C:\Program Files\SiteLookup
[2014/06/12 21:12:59 | 000,000,000 | ---D | C] -- C:\Users\new user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Plarium
[2014/06/12 21:12:58 | 000,000,000 | ---D | C] -- C:\Users\new user\AppData\Roaming\Plarium
[2014/06/12 21:12:39 | 000,000,000 | ---D | C] -- C:\Users\new user\AppData\Local\Soldiers
[2014/06/12 21:12:19 | 000,000,000 | ---D | C] -- C:\Users\new user\AppData\Local\StormFall
[2014/06/12 10:58:06 | 000,646,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MsSpellCheckingFacility.exe
[2014/06/12 10:58:06 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieetwcollector.exe
[2014/06/12 10:58:06 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieetwproxystub.dll
[2014/06/12 10:58:06 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\JavaScriptCollectionAgent.dll
[2014/06/12 10:58:05 | 002,724,864 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb
[2014/06/12 10:58:05 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll
[2014/06/12 10:58:05 | 000,368,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dxtmsft.dll
[2014/06/12 10:58:05 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieUnatt.exe
[2014/06/12 10:58:05 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll
[2014/06/12 10:58:05 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iernonce.dll
[2014/06/12 10:58:04 | 001,964,544 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inetcpl.cpl
[2014/06/12 10:58:04 | 000,595,968 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ie4uinit.exe
[2014/06/12 10:58:04 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msrating.dll
[2014/06/12 10:58:04 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iesetup.dll
[2014/06/12 10:58:03 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieapfltr.dll
[2014/06/12 10:58:03 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieetwcollectorres.dll
[2014/06/12 10:58:02 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll
[2014/06/12 10:58:02 | 000,242,688 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dxtrans.dll
[2014/06/12 10:58:00 | 001,068,032 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtmlmedia.dll
[2014/06/12 10:57:59 | 000,592,896 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jscript9diag.dll
[2014/06/12 10:57:58 | 004,244,992 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jscript9.dll
[2014/06/12 10:56:16 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msxml6r.dll
[2014/06/12 10:56:16 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msxml3r.dll
[2014/06/12 10:56:15 | 000,187,840 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\FWPKCLNT.SYS
[2014/06/11 17:09:15 | 000,000,000 | ---D | C] -- C:\Users\new user\Documents\DVDVideoSoft
[2014/06/11 16:45:58 | 000,000,000 | ---D | C] -- C:\Users\new user\AppData\Local\AdFender
[2014/06/11 16:45:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AdFender
[2014/06/11 16:45:58 | 000,000,000 | ---D | C] -- C:\ProgramData\AdFender
[2014/06/11 16:45:58 | 000,000,000 | ---D | C] -- C:\Program Files\AdFender
[2014/06/11 15:42:36 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2014/06/09 16:07:50 | 000,000,000 | ---D | C] -- C:\Users\new user\AppData\Roaming\Help
[2014/06/09 16:07:50 | 000,000,000 | ---D | C] -- C:\Users\new user\AppData\Local\Help
[2014/06/09 16:06:03 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\windows\winhlp32.exe
[2014/06/09 16:06:03 | 000,195,072 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ftsrch.dll
[2014/06/09 16:06:03 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ftlx041e.dll
[2014/06/09 16:06:03 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ftlx0411.dll
[2012/04/27 18:48:32 | 001,793,672 | ---- | C] (Adobe Systems, Incorporated) -- C:\Program Files\amtlib.dll
[5 C:\Users\new user\Desktop\*.tmp files -> C:\Users\new user\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/07/07 00:56:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\new user\Desktop\OTL.exe
[2014/07/07 00:54:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2014/07/07 00:28:00 | 000,000,886 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/07/06 23:28:00 | 000,000,882 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/07/06 23:23:12 | 000,055,072 | ---- | M] () -- C:\Users\new user\Desktop\DSCF3967a.jpg
[2014/07/06 23:22:01 | 000,054,039 | ---- | M] () -- C:\Users\new user\Desktop\DSCF3966a.jpg
[2014/07/06 23:12:13 | 000,059,008 | ---- | M] () -- C:\Users\new user\Desktop\DSCF3939a.jpg
[2014/07/06 22:00:18 | 000,052,775 | ---- | M] () -- C:\Users\new user\Desktop\DSCF3926 crop Graham 7cm.jpg
[2014/07/06 16:26:42 | 000,021,472 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/07/06 16:26:42 | 000,021,472 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/07/06 16:18:52 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2014/07/06 16:18:44 | 2312,097,792 | -HS- | M] () -- C:\hiberfil.sys
[2014/07/05 15:49:51 | 000,001,413 | ---- | M] () -- C:\Users\new user\Desktop\423_1314745042-1253836402_manual - Shortcut.lnk
[2014/07/04 16:52:37 | 005,213,907 | R--- | M] (Swearware) -- C:\Users\new user\Desktop\puppy.exe.exe
[2014/07/04 14:07:56 | 002,812,667 | ---- | M] () -- C:\Users\new user\Desktop\IMGP7639.JPG
[2014/07/04 14:07:42 | 003,072,194 | ---- | M] () -- C:\Users\new user\Desktop\IMGP7638.JPG
[2014/07/04 12:17:18 | 000,763,736 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2014/07/04 12:17:18 | 000,164,118 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2014/07/04 11:02:03 | 005,213,907 | ---- | M] (Swearware) -- C:\Users\new user\Desktop\doggy.exe
[2014/07/03 16:08:53 | 000,000,027 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts
[2014/07/03 11:23:20 | 000,052,920 | ---- | M] (StdLib) -- C:\windows\System32\drivers\{6fcd6092-9615-4f7f-8898-8df53980e5d2}Gw.sys
[2014/06/25 18:26:08 | 000,003,471 | ---- | M] () -- C:\Users\new user\AppData\Local\recently-used.xbel
[2014/06/20 14:38:14 | 000,000,132 | ---- | M] () -- C:\Users\new user\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2014/06/19 20:30:36 | 000,001,090 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/06/17 14:25:48 | 000,002,036 | ---- | M] () -- C:\Users\new user\Application Data\Microsoft\Internet Explorer\Quick Launch\Desktop-Reminder 2.lnk
[2014/06/15 11:39:45 | 000,048,377 | ---- | M] () -- C:\Users\new user\Documents\Word Toolbars.JPG
[2014/06/12 21:16:28 | 000,002,017 | ---- | M] () -- C:\Users\new user\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
[2014/06/12 21:12:59 | 000,002,391 | ---- | M] () -- C:\Users\new user\Application Data\Microsoft\Internet Explorer\Quick Launch\Game - Total Domination.lnk
[2014/06/12 19:41:05 | 000,002,031 | ---- | M] () -- C:\Users\new user\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2014/06/11 16:45:59 | 000,001,034 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AdFender.lnk
[2014/06/11 15:34:48 | 000,052,928 | ---- | M] (StdLib) -- C:\windows\System32\drivers\{a3f28269-ad17-41a8-b032-3e0313ef8979}w.sys
[2014/06/10 02:02:50 | 000,041,477 | ---- | M] () -- C:\Users\new user\Documents\Capture5.JPG
[2014/06/10 02:01:21 | 000,014,312 | ---- | M] () -- C:\Users\new user\Documents\Capture4.JPG
[2014/06/10 01:56:42 | 000,064,775 | ---- | M] () -- C:\Users\new user\Documents\Capture 3.JPG
[2014/06/10 01:55:49 | 000,079,136 | ---- | M] () -- C:\Users\new user\Documents\Capture 2.JPG
[2014/06/09 18:05:06 | 000,017,820 | ---- | M] () -- C:\Users\new user\Documents\IMG_20140609_0006.pdf
[2014/06/09 18:02:18 | 000,009,724 | ---- | M] () -- C:\Users\new user\Documents\IMG_20140609_0005.pdf
[2014/06/09 17:57:07 | 000,004,535 | ---- | M] () -- C:\Users\new user\AppData\Roaming\CamStudio.cfg
[2014/06/09 17:57:07 | 000,000,408 | ---- | M] () -- C:\Users\new user\AppData\Roaming\CamShapes.ini
[2014/06/09 17:57:07 | 000,000,408 | ---- | M] () -- C:\Users\new user\AppData\Roaming\CamLayout.ini
[2014/06/09 17:57:07 | 000,000,096 | ---- | M] () -- C:\Users\new user\AppData\Roaming\Camdata.ini
[2014/06/09 17:56:08 | 000,000,096 | ---- | M] () -- C:\Users\new user\AppData\Roaming\version2.xml
[2014/06/09 17:15:31 | 000,005,771 | ---- | M] () -- C:\Users\new user\Documents\IMG_20140609_0004.jpg
[2014/06/09 16:45:30 | 000,255,629 | ---- | M] () -- C:\Users\new user\Documents\IMG_20140609_0003.pdf
[2014/06/09 15:40:00 | 001,158,673 | ---- | M] () -- C:\Users\new user\Documents\IMG_20140609_0002.jpg
[2014/06/09 15:37:55 | 000,251,146 | ---- | M] () -- C:\Users\new user\Documents\IMG_20140609_0001.pdf
[5 C:\Users\new user\Desktop\*.tmp files -> C:\Users\new user\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/07/06 23:20:56 | 000,055,072 | ---- | C] () -- C:\Users\new user\Desktop\DSCF3967a.jpg
[2014/07/06 23:20:47 | 000,054,039 | ---- | C] () -- C:\Users\new user\Desktop\DSCF3966a.jpg
[2014/07/06 23:11:00 | 000,059,008 | ---- | C] () -- C:\Users\new user\Desktop\DSCF3939a.jpg
[2014/07/06 22:00:10 | 000,052,775 | ---- | C] () -- C:\Users\new user\Desktop\DSCF3926 crop Graham 7cm.jpg
[2014/07/05 15:49:51 | 000,001,413 | ---- | C] () -- C:\Users\new user\Desktop\423_1314745042-1253836402_manual - Shortcut.lnk
[2014/07/04 14:07:56 | 002,812,667 | ---- | C] () -- C:\Users\new user\Desktop\IMGP7639.JPG
[2014/07/04 14:07:42 | 003,072,194 | ---- | C] () -- C:\Users\new user\Desktop\IMGP7638.JPG
[2014/07/03 15:22:25 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2014/07/03 15:22:25 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2014/07/03 15:22:25 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2014/07/03 15:22:25 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2014/07/03 15:22:25 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2014/06/25 18:26:08 | 000,003,471 | ---- | C] () -- C:\Users\new user\AppData\Local\recently-used.xbel
[2014/06/19 20:30:36 | 000,001,102 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2014/06/19 20:30:36 | 000,001,090 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/06/17 14:25:48 | 000,002,036 | ---- | C] () -- C:\Users\new user\Application Data\Microsoft\Internet Explorer\Quick Launch\Desktop-Reminder 2.lnk
[2014/06/16 16:50:24 | 000,000,917 | ---- | C] () -- C:\Users\new user\Documents\aaa DOCUMENTS - Now on TOURO -Shortcut.lnk
[2014/06/15 11:39:45 | 000,048,377 | ---- | C] () -- C:\Users\new user\Documents\Word Toolbars.JPG
[2014/06/12 21:16:28 | 000,002,017 | ---- | C] () -- C:\Users\new user\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
[2014/06/12 21:12:59 | 000,002,391 | ---- | C] () -- C:\Users\new user\Application Data\Microsoft\Internet Explorer\Quick Launch\Game - Total Domination.lnk
[2014/06/11 16:45:59 | 000,001,034 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AdFender.lnk
[2014/06/10 02:02:50 | 000,041,477 | ---- | C] () -- C:\Users\new user\Documents\Capture5.JPG
[2014/06/10 02:01:20 | 000,014,312 | ---- | C] () -- C:\Users\new user\Documents\Capture4.JPG
[2014/06/10 01:56:42 | 000,064,775 | ---- | C] () -- C:\Users\new user\Documents\Capture 3.JPG
[2014/06/10 01:55:49 | 000,079,136 | ---- | C] () -- C:\Users\new user\Documents\Capture 2.JPG
[2014/06/09 18:04:51 | 000,017,820 | ---- | C] () -- C:\Users\new user\Documents\IMG_20140609_0006.pdf
[2014/06/09 18:02:09 | 000,009,724 | ---- | C] () -- C:\Users\new user\Documents\IMG_20140609_0005.pdf
[2014/06/09 17:15:31 | 000,005,771 | ---- | C] () -- C:\Users\new user\Documents\IMG_20140609_0004.jpg
[2014/06/09 16:45:30 | 000,255,629 | ---- | C] () -- C:\Users\new user\Documents\IMG_20140609_0003.pdf
[2014/06/09 15:40:00 | 001,158,673 | ---- | C] () -- C:\Users\new user\Documents\IMG_20140609_0002.jpg
[2014/06/09 15:37:44 | 000,251,146 | ---- | C] () -- C:\Users\new user\Documents\IMG_20140609_0001.pdf
[2014/06/06 03:35:30 | 000,004,535 | ---- | C] () -- C:\Users\new user\AppData\Roaming\CamStudio.cfg
[2014/06/06 03:35:30 | 000,000,408 | ---- | C] () -- C:\Users\new user\AppData\Roaming\CamShapes.ini
[2014/06/06 03:35:30 | 000,000,408 | ---- | C] () -- C:\Users\new user\AppData\Roaming\CamLayout.ini
[2014/06/06 03:35:30 | 000,000,096 | ---- | C] () -- C:\Users\new user\AppData\Roaming\Camdata.ini
[2014/06/06 03:34:59 | 000,000,096 | ---- | C] () -- C:\Users\new user\AppData\Roaming\version2.xml
[2014/01/31 12:09:01 | 000,002,446 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2014/01/10 13:44:36 | 000,000,132 | ---- | C] () -- C:\Users\new user\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2013/08/07 15:53:06 | 000,000,175 | ---- | C] () -- C:\windows\System32\drivers\aswVmm.sys.sum
[2013/08/07 15:53:06 | 000,000,175 | ---- | C] () -- C:\windows\System32\drivers\aswSP.sys.sum
[2013/08/07 15:53:06 | 000,000,175 | ---- | C] () -- C:\windows\System32\drivers\aswSnx.sys.sum
[2013/08/03 19:02:05 | 000,003,725 | ---- | C] () -- C:\Program Files\Mozilla Firefoxavg-secure-search.xml
[2013/06/15 22:17:55 | 000,000,195 | ---- | C] () -- C:\Users\new user\.gtk-bookmarks
[2013/06/12 18:15:23 | 000,000,884 | RHS- | C] () -- C:\Users\new user\ntuser.pol
[2013/05/06 02:06:30 | 000,000,000 | ---- | C] () -- C:\windows\PerfectPool.INI
[2013/01/17 10:37:26 | 000,104,448 | ---- | C] () -- C:\Program Files\DXBall.exe
[2012/03/17 12:05:26 | 000,108,544 | ---- | C] () -- C:\Program Files\vlc.exe
[2012/03/10 10:19:47 | 000,003,584 | ---- | C] () -- C:\Users\new user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/19 21:15:29 | 000,020,520 | ---- | C] () -- C:\Program Files\init.dat

========== ZeroAccess Check ==========

[2009/07/14 16:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/25 14:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 00:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 13:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Alternate Data Streams ==========

@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:98181191
@Alternate Data Stream - 128 bytes -> C:\Program Files\Desktop-Reminder 2:{67005600-3500-4800-7000-70004A006400}
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:373E1720

< End of report >


----------



## Cookiegal (Aug 27, 2003)

I don't see an anti-virus program. Are you running one?


----------



## Cookiegal (Aug 27, 2003)

Please run OTL again. Under the *Custom Scans/Fixes* box at the bottom paste in the following:


```
:OTL
SRV - File not found [Auto | Stopped] -- C:\Users\new user\AppData\Local\Temp\7zS7DC9\hpslpsvc32.dll -- (HPSLPSVC)
FF - prefs.js..extensions.enabledAddons: %7B58d2a791-6199-482f-a9aa-9b725ec61362%7D:2.3
FF - prefs.js..extensions.enabledAddons: prositematcher%40prositematcher.com:1.1
[2014/07/05 10:52:38 | 000,000,000 | ---D | M] (PruiceDownloadeer) -- C:\Users\new user\AppData\Roaming\mozilla\Firefox\Profiles\zv8j385y.default\extensions\[email protected]
[2014/05/10 21:01:12 | 000,000,000 | ---D | M] ("Flash Video Downloader - Full HD Download") -- C:\Users\new user\AppData\Roaming\mozilla\Firefox\Profiles\zv8j385y.default\extensions\[email protected]
[2014/06/18 16:46:02 | 000,000,000 | ---D | M] ("Site Matcher Pro") -- C:\Users\new user\AppData\Roaming\mozilla\Firefox\Profiles\zv8j385y.default\extensions\[email protected]
[2014/01/07 07:32:46 | 000,007,376 | ---- | M] () (No name found) -- C:\Users\new user\AppData\Roaming\mozilla\firefox\profiles\extensions\extensions\[email protected]
[2014/06/28 16:41:37 | 000,094,383 | ---- | M] () (No name found) -- C:\Users\new user\AppData\Roaming\mozilla\firefox\profiles\zv8j385y.default\extensions\[email protected]
[2014/06/07 17:55:25 | 000,007,980 | ---- | M] () (No name found) -- C:\Users\new user\AppData\Roaming\mozilla\firefox\profiles\zv8j385y.default\extensions\[email protected]
[2014/06/07 17:55:25 | 000,007,203 | ---- | M] () (No name found) -- C:\Users\new user\AppData\Roaming\mozilla\firefox\profiles\zv8j385y.default\extensions\[email protected]
[2013/10/16 13:26:14 | 000,027,934 | ---- | M] () (No name found) -- C:\Users\new user\AppData\Roaming\mozilla\firefox\profiles\zv8j385y.default\extensions\{1a5dabbd-0e74-41da-b532-a364bb552cab}.xpi
[2014/06/28 08:44:34 | 000,008,833 | ---- | M] () (No name found) -- C:\Users\new user\AppData\Roaming\mozilla\firefox\profiles\zv8j385y.default\extensions\{58d2a791-6199-482f-a9aa-9b725ec61362}.xpi
[2014/06/30 09:12:01 | 000,967,387 | ---- | M] () (No name found) -- C:\Users\new user\AppData\Roaming\mozilla\firefox\profiles\zv8j385y.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014/02/14 09:59:59 | 000,287,566 | ---- | M] () (No name found) -- C:\Users\new user\AppData\Roaming\mozilla\firefox\profiles\zv8j385y.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
O20 - AppInit_DLLs: (c:\progra~2\fastan~1\fastan~1.dll) - c:\ProgramData\Fast And Safe\FastAndSafe.dll ()
[2014/07/05 10:52:29 | 000,000,000 | ---D | C] -- C:\ProgramData\PraiceDOwnlioadeR
[2014/07/05 10:12:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Fast And Safe
[2014/07/05 10:12:08 | 000,000,000 | ---D | C] -- C:\ProgramData\2308189059
[2014/07/04 10:24:11 | 000,000,000 | ---D | C] -- C:\Users\new user\Documents\Optimizer Pro
[2014/07/04 10:18:51 | 000,000,000 | ---D | C] -- C:\Program Files\Optimizer Pro
[5 C:\Users\new user\Desktop\*.tmp files -> C:\Users\new user\Desktop\*.tmp -> ]
[2013/08/03 19:02:05 | 000,003,725 | ---- | C] () -- C:\Program Files\Mozilla Firefoxavg-secure-search.xml
@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:98181191
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:373E1720
```

Then click the *Run Fix* button at the top
Let the program run unhindered. It should reboot when it is done but if it does not, please reboot your system.
Please post the log it produces in your next reply.


----------



## MikeJG (Jul 31, 2013)

I had an antivirus recently that threw popup notices all the time and I uninstalled it before writing to you. Can you adise me on what to get?

I can't see the 'Custom Scans/Fixes box anywhere.I'll see if it'll post here and hope that will be ok.
Mike.

Code:
:OTL SRV - File not found [Auto | Stopped] -- C:\Users\new user\AppData\Local\Temp\7zS7DC9\hpslpsvc32.dll -- (HPSLPSVC) FF - prefs.js..extensions.enabledAddons: %7B58d2a791-6199-482f-a9aa-9b725ec61362%7D:2.3 FF - prefs.js..extensions.enabledAddons: prositematcher%40prositematcher.com:1.1 [2014/07/05 10:52:38 | 000,000,000 | ---D | M] (PruiceDownloadeer) -- C:\Users\new user\AppData\Roaming\mozilla\Firefox\Profiles\zv8j385y.default\extensions\[email protected] [2014/05/10 21:01:12 | 000,000,000 | ---D | M] ("Flash Video Downloader - Full HD Download") -- C:\Users\new user\AppData\Roaming\mozilla\Firefox\Profiles\zv8j385y.default\extensions\[email protected] [2014/06/18 16:46:02 | 000,000,000 | ---D | M] ("Site Matcher Pro") -- C:\Users\new user\AppData\Roaming\mozilla\Firefox\Profiles\zv8j385y.default\extensions\p [email protected] [2014/01/07 07:32:46 | 000,007,376 | ---- | M] () (No name found) -- C:\Users\new user\AppData\Roaming\mozilla\firefox\profiles\extensions\extensions\[email protected] [2014/06/28 16:41:37 | 000,094,383 | ---- | M] () (No name found) -- C:\Users\new user\AppData\Roaming\mozilla\firefox\profiles\zv8j385y.default\extensions\[email protected] [2014/06/07 17:55:25 | 000,007,980 | ---- | M] () (No name found) -- C:\Users\new user\AppData\Roaming\mozilla\firefox\profiles\zv8j385y.default\extensions\[email protected] [2014/06/07 17:55:25 | 000,007,203 | ---- | M] () (No name found) -- C:\Users\new user\AppData\Roaming\mozilla\firefox\profiles\zv8j385y.default\extensions\[email protected] [2013/10/16 13:26:14 | 000,027,934 | ---- | M] () (No name found) -- C:\Users\new user\AppData\Roaming\mozilla\firefox\profiles\zv8j385y.default\extensions\{1a5dabbd-0e74-41da-b532-a364bb552cab}.xpi [2014/06/28 08:44:34 | 000,008,833 | ---- | M] () (No name found) -- C:\Users\new user\AppData\Roaming\mozilla\firefox\profiles\zv8j385y.default\extensions\{58d2a791-6199-482f-a9aa-9b725ec61362}.xpi [2014/06/30 09:12:01 | 000,967,387 | ---- | M] () (No name found) -- C:\Users\new user\AppData\Roaming\mozilla\firefox\profiles\zv8j385y.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014/02/14 09:59:59 | 000,287,566 | ---- | M] () (No name found) -- C:\Users\new user\AppData\Roaming\mozilla\firefox\profiles\zv8j385y.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi O20 - AppInit_DLLs: (c:\progra~2\fastan~1\fastan~1.dll) - c:\ProgramData\Fast And Safe\FastAndSafe.dll () [2014/07/05 10:52:29 | 000,000,000 | ---D | C] -- C:\ProgramData\PraiceDOwnlioadeR [2014/07/05 10:12:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Fast And Safe [2014/07/05 10:12:08 | 000,000,000 | ---D | C] -- C:\ProgramData\2308189059 [2014/07/04 10:24:11 | 000,000,000 | ---D | C] -- C:\Users\new user\Documents\Optimizer Pro [2014/07/04 10:18:51 | 000,000,000 | ---D | C] -- C:\Program Files\Optimizer Pro [5 C:\Users\new user\Desktop\*.tmp files -> C:\Users\new user\Desktop\*.tmp -> ] [2013/08/03 19:02:05 | 000,003,725 | ---- | C] () -- C:\Program Files\Mozilla Firefoxavg-secure-search.xml @Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:98181191 @Alternate Data Stream - 128 bytes -> C:\Program Files\Desktop-Reminder 2:{67005600-3500-4800-7000-70004A006400} @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:37


----------



## Cookiegal (Aug 27, 2003)

It should be there at the bottom. Please post a screenshot of what you're seeing.


----------



## MikeJG (Jul 31, 2013)

That's a big part of tge problem I'm having - I can't post a screen shot. And would you pleases say - at the bottom of WHAT exactly. I'll try to do it now but if you dont get it within the next few minutes would you please walk me through the process?


----------



## Cookiegal (Aug 27, 2003)

At the bottom of OTL. You need to open the OTL program that you have on your Desktop and you should see a blank white box at the bottom under the heading "custom scans/fixes". That's where you paste the fix that I gave you.


----------



## MikeJG (Jul 31, 2013)

Message when I click "Run Fix"


----------



## Cookiegal (Aug 27, 2003)

It looks like you didn't copy and paste the fix into the space before clicking on Run Fix.


----------



## MikeJG (Jul 31, 2013)

Ok. I begin to understand. I take it your post from my uploaded file is tha "fix" I didn't know that. Doing that now. Delighted that my screenshot came through.


----------



## Cookiegal (Aug 27, 2003)

Yes, post no. 24 the instructions were: "Please run OTL again. Under the Custom Scans/Fixes box at the bottom paste in the following:"

The following being the contents of the code box.

BTW, I'm delighted too.


----------



## MikeJG (Jul 31, 2013)

At the bottom of OTL. You need to open the OTL program that you have on your Desktop and you should see a blank white box at the bottom under the heading "custom scans/fixes". That's where you paste the fix that I gave you. __________________

I can't see the blank box.


----------



## Cookiegal (Aug 27, 2003)

It looks like you've opened it too far down on your Desktop. Right-click (and hold the click down) on the upper border of OTL (anywhere around where it says OLT by OldTimer) and drag it further up your Desktop to reveal the bottom portion.


----------



## MikeJG (Jul 31, 2013)

OTL fills my whole screen. I can get the vertical double-headed arrow on the top outside border but the top arrowhead is off the screen and the page won't move up holding left or right mouse button.
The outside edge of the page is a fine white line but the bottom edge is below the screen and I can't move it up. But I can see the very bottom of a tiny bit of script showing under the OTL page exactly under the "LOP Check" blue script. It must be covered by the page but it's inside (above) the bottom edge of the page.


----------



## MikeJG (Jul 31, 2013)

OTL fills my whole screen. I can get the vertical double-headed arrow on the top outside border but the top arrowhead is off the screen and the page won't move up holding left or right mouse button.
The outside edge of the page is a fine white line but the bottom edge is below the screen and I can't move it up. But I can see the very bottom of a tiny bit of script showing under the OTL page exactly under the "LOP Check" blue script. It must be covered by the page but it's inside (above) the bottom edge of the page.
This all remains the case even when I reduce the page. Then I can see the bottom border as I move the page about but that wee bit of script remains covered.


----------



## Cookiegal (Aug 27, 2003)

OTL may have become corrupt. Please delete it and redownload another one and see if that works.

Here's the download link:

http://oldtimer.geekstogo.com/OTL.exe


----------



## MikeJG (Jul 31, 2013)

The page on mmy screen was identical, I've replaced my wide monitor with a square one and that shows the page with more depth. Now I see the name "Purity Check" below the LOP Check which is an inprovement but I can't see below the bottom of those words


----------



## MikeJG (Jul 31, 2013)

Could that be something to do with screen resolution? Not that I'm on speaking terms with that either!


----------



## Cookiegal (Aug 27, 2003)

I was going to ask you. What do you have your screen resolution set to?


----------



## MikeJG (Jul 31, 2013)

I operate a laptop which has its own screen. I also have a 19" Acer monitor which is what I normally use This means both screens are visible and are what I've been using until I replaced the Acer with a square HP monitor.
*Acer Monitor *Al1916w (preferred)
Viewable Size 19 in 
Aspect Ratio Widescreen - 16:10 
Native Resolution 1440 x 900 
*Currently set at 1280 *x *720*

*HP monitor* (17 in diagonal) Native resolution 1280 x 1024 @ 60 Hz(recommended) Dimensions (H x W x D)
*Display head only* 33.0 x 37.5 x 6.4 cm (13.0 x 14.8 x 2.5 in)
*Currently set at 1024 *x *768*


----------



## Cookiegal (Aug 27, 2003)

Can you try setting the monitor to it's native (recommended resolution) please.


----------



## MikeJG (Jul 31, 2013)

I have tried every resolution, but this (where it was set before) is the best. When taking a screenshot the icon bar at the bottom of my screen decides for itself whether it will disappear or not. I got one shot without the bar hiding the bottom of OTL. I'm hoping to include it here. But it makes no difference to what I see of the OTL page,
Could you give me a screenshot of what it looks like to you and what I should be looking for?


----------



## Cookiegal (Aug 27, 2003)

Yup, here it is.


----------



## Cookiegal (Aug 27, 2003)

I think I'm able to reproduce what is wrong.

Try placing your mouse right on the line at the bottom where OTL ends and the cursor changes to an up and down arrow then left-click there and pull the bottom down. It should reveal the box.


----------



## MikeJG (Jul 31, 2013)

That doesn't work. I've tried everything I can think of including moving the task bar to the side. If I "restore Down" the page I can get the double arrow on all the edges and expand the page either way but once it reaches the bottom of the screen it wont go any further. I just can't reveal that empty box or get any where near it


----------



## Cookiegal (Aug 27, 2003)

When you restore down and then stretch the bottom of OTL down is the top of OTL right at the top of your screen as well? It shouldn't be. If not then grab the top border and slide OTL upwards and then you should be able to stretch it further down on the bottom.


----------



## MikeJG (Jul 31, 2013)

But I'll give it another go. Back soon.


----------



## MikeJG (Jul 31, 2013)

I reduce OTL down, pull top edge down and drag OTL up leaving empty screen below, drag bottom border down until the cursor and the page reach the bottom. Nothing goes any further than that. What I've shown you is the best it will do.


----------



## Cookiegal (Aug 27, 2003)

We'll have to use another tool then.

Please download FRST (Farbar Recovery Scan Tool) and save it to your desktop.

*Note*: You need to run the version that's compatible with your system (32-bit or 64-bit).


Double-click FRST to run it. When the tool opens click *Yes* to the disclaimer.
Press the *Scan* button.
It will make a log named (*FRST.txt*) in the same directory the tool is run (which should be on the desktop). Please copy and paste the contents of the log in your reply.
The first time the tool is run it makes a second log named (*Addition.txt*). Please copy and paste the contents of that log as well.


----------



## MikeJG (Jul 31, 2013)

THIS IS THE LOG THAT WAS OPEN ON THE DESKTOP

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:10-07-2014 01
Ran by new user (administrator) on TOSH-2 on 11-07-2014 13:44:09
Running from C:\Users\new user\Desktop
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TEco.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
() C:\Windows\System32\spool\drivers\w32x86\hpoopm07.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(BitTorrent Inc.) C:\Users\new user\AppData\Roaming\uTorrent\uTorrent.exe
(Polenter - Software Solutions) C:\Program Files\Desktop-Reminder 2\DesktopReminder2.exe
(AdFender, Inc.) C:\Program Files\AdFender\AdFender.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(WorldxChange Communications Limited) C:\Program Files\Xnet Usage Monitor\XNetUsage.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agrsmsvc.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7625248 2009-07-29] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1545512 2009-07-21] (Synaptics Incorporated)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [476512 2009-08-06] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [460088 2009-07-29] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [738616 2009-08-06] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1324384 2009-08-12] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [466792 2009-08-07] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [29528 2009-08-07] (TOSHIBA Corporation)
HKLM\...\Run: [ToshibaServiceStation] => C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1294136 2009-08-18] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [611672 2009-08-04] (TOSHIBA Corporation)
HKLM\...\Run: [SmartFaceVWatcher] => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [163840 2009-07-30] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [611672 2009-08-07] (TOSHIBA Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [SwitchBoard] => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS6ServiceManager] => C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-22] (Adobe Systems Incorporated)
HKLM\...\Run: [CanonQuickMenu] => C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE [1279120 2012-09-27] (CANON INC.)
HKLM\...\Run: [HPAIO_PrintFolderMgr] => C:\windows\system32\spool\DRIVERS\W32X86\hpoopm07.exe [61440 2000-07-26] ()
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKU\S-1-5-21-2157935053-1210720638-4233388858-1010\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [21442176 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-2157935053-1210720638-4233388858-1010\...\Run: [uTorrent] => C:\Users\new user\AppData\Roaming\uTorrent\uTorrent.exe [1322832 2014-07-03] (BitTorrent Inc.)
HKU\S-1-5-21-2157935053-1210720638-4233388858-1010\...\Run: [DesktopReminder2ByPolenter] => C:\Program Files\Desktop-Reminder 2\DesktopReminder2.exe [2826256 2014-05-20] (Polenter - Software Solutions)
AppInit_DLLs: c:\progra~2\fastan~1\fastan~1.dll => c:\ProgramData\Fast And Safe\FastAndSafe.dll [4125696 2014-07-05] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AdFender.lnk
ShortcutTarget: AdFender.lnk -> C:\Program Files\AdFender\AdFender.exe (AdFender, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\new user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\new user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xnet Usage Monitor.lnk
ShortcutTarget: Xnet Usage Monitor.lnk -> C:\Program Files\Xnet Usage Monitor\XNetUsage.exe (WorldxChange Communications Limited)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSAU&bmod=TSAU
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - URL http://www.trovigo.com/Results.aspx?gd=&ctid=CT3324790&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=5&UP=SP392197FB-717B-4AA9-B3A8-95F2ED41276A&q={searchTerms}&SSPV=
SearchScopes: HKCU - SuggestionsURL_JSON http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {1583BE2E-04F0-4D5F-9233-70D1EC570F9E} URL = https://au.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=231195&p={searchTerms}
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: PraiceDOwnlioadeR - {E9160AFC-ADE0-19DE-6BE9-021F3D768765} - C:\ProgramData\PraiceDOwnlioadeR\vqG.dll ()
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 58.28.5.2 58.28.6.2

FireFox:
========
FF ProfilePath: C:\Users\new user\AppData\Roaming\Mozilla\Firefox\Profiles\zv8j385y.default
FF DefaultSearchEngine: Yahoo!
FF SearchEngineOrder.3: Bing 
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @microsoft.com/GENUINE - C:\windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\new user\AppData\Roaming\Mozilla\Firefox\Profiles\zv8j385y.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Users\new user\AppData\Roaming\Mozilla\Firefox\Profiles\zv8j385y.default\searchplugins\yahoo_ff.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazon-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\chambers-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-en-GB.xml
FF Extension: No Name - C:\Users\new user\AppData\Roaming\Mozilla\Firefox\profiles\extensions\extensions [2013-07-31]
FF Extension: No Name - C:\Users\new user\AppData\Roaming\Mozilla\Firefox\profiles\extensions\searchplugins [2014-05-29]
FF Extension: PruiceDownloadeer - C:\Users\new user\AppData\Roaming\Mozilla\Firefox\Profiles\zv8j385y.default\Extensions\[email protected] [2014-07-05]
FF Extension: Flash Video Downloader - Full HD Download - C:\Users\new user\AppData\Roaming\Mozilla\Firefox\Profiles\zv8j385y.default\Extensions\[email protected] [2014-05-10]
FF Extension: Site Matcher Pro - C:\Users\new user\AppData\Roaming\Mozilla\Firefox\Profiles\zv8j385y.default\Extensions\[email protected] [2014-06-18]
FF Extension: Exif Viewer - C:\Users\new user\AppData\Roaming\Mozilla\Firefox\Profiles\zv8j385y.default\Extensions\[email protected] [2013-10-16]
FF Extension: Awesome screenshot: Capture and Annotate - C:\Users\new user\AppData\Roaming\Mozilla\Firefox\Profiles\zv8j385y.default\Extensions\[email protected] [2013-10-16]
FF Extension: betterFox - Make your browsing experience 15% faster. - C:\Users\new user\AppData\Roaming\Mozilla\Firefox\Profiles\zv8j385y.default\Extensions\[email protected] [2013-07-24]
FF Extension: Amazon Shopping Assistant by Spigot - C:\Users\new user\AppData\Roaming\Mozilla\Firefox\Profiles\zv8j385y.default\Extensions\[email protected] [2014-06-07]
FF Extension: Ebay Shopping Assistant by Spigot - C:\Users\new user\AppData\Roaming\Mozilla\Firefox\Profiles\zv8j385y.default\Extensions\[email protected] [2014-06-07]
FF Extension: Copy As Plain Text - C:\Users\new user\AppData\Roaming\Mozilla\Firefox\Profiles\zv8j385y.default\Extensions\{1a5dabbd-0e74-41da-b532-a364bb552cab}.xpi [2013-10-16]
FF Extension: Start Page - C:\Users\new user\AppData\Roaming\Mozilla\Firefox\Profiles\zv8j385y.default\Extensions\{58d2a791-6199-482f-a9aa-9b725ec61362}.xpi [2014-06-27]
FF Extension: Adblock Plus - C:\Users\new user\AppData\Roaming\Mozilla\Firefox\Profiles\zv8j385y.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-08-21]
FF Extension: Greasemonkey - C:\Users\new user\AppData\Roaming\Mozilla\Firefox\Profiles\zv8j385y.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2013-07-15]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-06-11]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\FinalVideoDownloader\Firefox
FF Extension: FinalVideoDownloader plugin for Mozilla Firefox - C:\Program Files\FinalVideoDownloader\Firefox [2013-04-10]
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

========================== Services (Whitelisted) =================

R2 64af91bf; c:\ProgramData\Fast And Safe\FastAndSafeSvc.dll [186192 2014-07-05] () [File not signed]
R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 2009-03-28] (LSI Corporation)
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
R2 cfWiMAXService; C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [185712 2009-08-11] (TOSHIBA CORPORATION)
R2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [46448 2009-03-11] (TOSHIBA CORPORATION)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-10] (McAfee, Inc.)
S3 MSSQL$MSSMLBIZ; c:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
R2 RSELSVC; C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe [62832 2009-07-08] (TOSHIBA Corporation)
S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R3 TMachInfo; C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [51512 2009-08-18] (TOSHIBA Corporation)
R2 TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [185712 2009-08-12] (TOSHIBA Corporation)
R3 TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [111960 2009-08-04] (TOSHIBA Corporation)
R3 TPCHSrv; C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [685424 2009-08-07] (TOSHIBA Corporation)
S2 HPSLPSVC; C:\Users\new user\AppData\Local\Temp\7zS7DC9\hpslpsvc32.dll [X]

==================== Drivers (Whitelisted) ====================

R3 Afc; C:\windows\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
S3 Apowersoft_AudioDevice; C:\windows\System32\drivers\Apowersoft_AudioDevice.sys [26032 2013-06-01] (Wondershare)
R3 Dot4Scan; C:\windows\System32\DRIVERS\Dot4Scan.sys [10752 2009-07-14] (Microsoft Corporation)
S3 gfiark; C:\windows\System32\drivers\gfiark.sys [41584 2013-04-11] (ThreatTrack Security)
R0 gfibto; C:\windows\System32\drivers\gfibto.sys [13560 2013-07-30] (GFI Software)
R2 npf; C:\windows\System32\drivers\npf.sys [35088 2011-02-12] (CACE Technologies, Inc.)
R3 PGEffect; C:\windows\System32\DRIVERS\pgeffect.sys [24064 2009-06-23] (TOSHIBA Corporation)
R2 tifsfilter; C:\windows\System32\DRIVERS\tifsfilt.sys [44384 2010-04-28] (Acronis)
R2 TVALZFL; C:\windows\System32\DRIVERS\TVALZFL.sys [12920 2009-06-20] (TOSHIBA Corporation)
S3 usbsermptxp; C:\windows\System32\DRIVERS\usbsermptxp.sys [25600 2011-11-21] (Microsoft Corporation) [File not signed]
R3 vpcbus; C:\windows\System32\DRIVERS\vpchbus.sys [172416 2010-11-21] (Microsoft Corporation)
R1 vpcnfltr; C:\windows\System32\DRIVERS\vpcnfltr.sys [48128 2010-11-20] (Microsoft Corporation)
R3 vpcusb; C:\windows\System32\DRIVERS\vpcusb.sys [78336 2010-11-20] (Microsoft Corporation)
R1 vpcvmm; C:\windows\System32\drivers\vpcvmm.sys [296064 2010-11-21] (Microsoft Corporation)
R1 {6fcd6092-9615-4f7f-8898-8df53980e5d2}Gw; C:\windows\System32\drivers\{6fcd6092-9615-4f7f-8898-8df53980e5d2}Gw.sys [52920 2014-07-03] (StdLib)
R1 {a3f28269-ad17-41a8-b032-3e0313ef8979}w; C:\windows\System32\drivers\{a3f28269-ad17-41a8-b032-3e0313ef8979}w.sys [52928 2014-06-11] (StdLib)
S3 BTCFilterService; system32\DRIVERS\motfilt.sys [X]
S3 catchme; \??\C:\Users\NEWUSE~1\AppData\Local\Temp\catchme.sys [X]
S3 motccgp; system32\DRIVERS\motccgp.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 motmodem; system32\DRIVERS\motmodem.sys [X]
S3 MotoSwitchService; system32\DRIVERS\motswch.sys [X]
S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [X]
S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X]
S3 ProcObsrv; \??\C:\Program Files\Glary Utilities 3\ProcObsrv.sys [X]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
S0 vmci; system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-07-11 13:44 - 2014-07-11 13:44 - 00023025 _____ () C:\Users\new user\Desktop\FRST.txt
2014-07-11 13:41 - 2014-07-11 13:41 - 01075200 _____ (Farbar) C:\Users\new user\Desktop\FRST.exe
2014-07-10 11:31 - 2014-07-10 11:31 - 00602112 _____ (OldTimer Tools) C:\Users\new user\Desktop\OTL.exe
2014-07-10 09:52 - 2014-06-21 07:39 - 00240824 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-07-10 09:52 - 2014-06-19 12:16 - 17276416 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-07-10 09:52 - 2014-06-19 11:56 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-07-10 09:52 - 2014-06-19 11:56 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-07-10 09:52 - 2014-06-19 11:38 - 00455168 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-07-10 09:52 - 2014-06-19 11:37 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-07-10 09:52 - 2014-06-19 11:36 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-07-10 09:52 - 2014-06-19 11:35 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-07-10 09:52 - 2014-06-19 11:32 - 02179072 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-07-10 09:52 - 2014-06-19 11:28 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-07-10 09:52 - 2014-06-19 11:28 - 00032768 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-07-10 09:52 - 2014-06-19 11:25 - 00442368 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-07-10 09:52 - 2014-06-19 11:23 - 00112128 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-07-10 09:52 - 2014-06-19 11:23 - 00108032 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-07-10 09:52 - 2014-06-19 11:22 - 00592896 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-07-10 09:52 - 2014-06-19 11:16 - 00646144 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-07-10 09:52 - 2014-06-19 11:12 - 00367616 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-07-10 09:52 - 2014-06-19 11:06 - 00032256 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-07-10 09:52 - 2014-06-19 11:01 - 00164864 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-07-10 09:52 - 2014-06-19 10:59 - 00069632 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-07-10 09:52 - 2014-06-19 10:58 - 00239616 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-07-10 09:52 - 2014-06-19 10:52 - 04254720 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-07-10 09:52 - 2014-06-19 10:52 - 00595968 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-07-10 09:52 - 2014-06-19 10:49 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-07-10 09:52 - 2014-06-19 10:46 - 01068032 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-07-10 09:52 - 2014-06-19 10:45 - 01964544 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-07-10 09:52 - 2014-06-19 10:35 - 11742208 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-07-10 09:52 - 2014-06-19 10:13 - 01791488 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-07-10 09:52 - 2014-06-19 10:09 - 01139200 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-07-10 09:52 - 2014-06-19 10:07 - 00704512 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-07-10 09:52 - 2014-06-18 13:51 - 00646144 _____ (Microsoft Corporation) C:\windows\system32\osk.exe
2014-07-10 09:52 - 2014-06-18 12:52 - 02350080 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-07-10 09:52 - 2014-06-06 21:44 - 00509440 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2014-07-10 09:52 - 2014-06-06 02:26 - 01059840 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-07-10 09:52 - 2014-05-30 19:52 - 00550912 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-07-10 09:52 - 2014-05-30 19:52 - 00259584 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2014-07-10 09:52 - 2014-05-30 19:52 - 00247808 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-07-10 09:52 - 2014-05-30 19:52 - 00220160 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2014-07-10 09:52 - 2014-05-30 19:52 - 00172032 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2014-07-10 09:52 - 2014-05-30 19:52 - 00065536 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-07-10 09:52 - 2014-05-30 19:52 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-07-10 09:52 - 2014-05-30 18:36 - 00338944 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2014-07-10 00:44 - 2014-07-10 00:54 - 00248882 _____ () C:\Users\new user\Desktop\OTL.Txt
2014-07-08 17:03 - 2014-07-08 17:04 - 10578208 _____ () C:\Users\new user\Downloads\FLV.com FLV Software Downloads.undefined
2014-07-08 17:02 - 2014-07-08 17:02 - 10578208 _____ () C:\Users\new user\Downloads\Setup_FLVDownloader.exe
2014-07-07 10:20 - 2014-07-07 10:21 - 01058200 _____ (Adobe) C:\Users\new user\Downloads\install_flashplayer14x32au_ltr5x32d_awc_aih.exe
2014-07-06 17:05 - 2014-07-07 22:00 - 00000000 ____D () C:\Users\new user\Desktop\FUJU
2014-07-05 15:49 - 2014-07-05 15:49 - 00001413 _____ () C:\Users\new user\Desktop\423_1314745042-1253836402_manual - Shortcut.lnk
2014-07-05 10:52 - 2014-07-05 10:52 - 00000000 ____D () C:\ProgramData\PraiceDOwnlioadeR
2014-07-05 10:12 - 2014-07-05 10:12 - 00000000 ____D () C:\ProgramData\Fast And Safe
2014-07-05 10:12 - 2014-07-05 10:12 - 00000000 ____D () C:\ProgramData\2308189059
2014-07-04 17:17 - 2014-07-04 17:17 - 00018217 _____ () C:\ComboFix.txt
2014-07-04 14:58 - 2014-07-11 11:28 - 00000000 ____D () C:\Users\new user\Desktop\pano
2014-07-04 14:18 - 2014-07-04 14:19 - 00000000 ____D () C:\Users\new user\Desktop\101_0407
2014-07-04 11:23 - 2014-07-03 11:23 - 00052920 _____ (StdLib) C:\windows\system32\Drivers\{6fcd6092-9615-4f7f-8898-8df53980e5d2}Gw.sys
2014-07-04 10:24 - 2014-07-04 10:24 - 00000000 ____D () C:\Users\new user\Documents\Optimizer Pro
2014-07-04 10:21 - 2014-07-05 10:39 - 00000000 ____D () C:\Users\new user\AppData\Local\FileTypeAssistant
2014-07-04 10:21 - 2014-07-05 10:32 - 00000000 ____D () C:\Program Files\File Type Assistant
2014-07-04 10:18 - 2014-07-05 10:12 - 00000000 ____D () C:\Program Files\Optimizer Pro
2014-07-04 10:18 - 2014-07-04 10:17 - 18816752 _____ (Bitberry Software ) C:\Users\new user\Downloads\FreeFileViewerSetup [1].exe
2014-07-04 10:14 - 2014-07-04 10:14 - 00711776 _____ ( ) C:\Users\new user\Downloads\FreeFileViewerSetup.exe
2014-07-03 23:17 - 2014-07-11 09:44 - 00000000 ____D () C:\Users\new user\Desktop\Ad Blocking
2014-07-03 19:11 - 2014-07-03 19:12 - 01079825 _____ () C:\Users\new user\Downloads\autostitch.zip
2014-07-03 15:22 - 2014-07-04 17:17 - 00000000 ____D () C:\Qoobox
2014-07-03 15:22 - 2011-06-26 18:45 - 00256000 _____ () C:\windows\PEV.exe
2014-07-03 15:22 - 2010-11-08 05:20 - 00208896 _____ () C:\windows\MBR.exe
2014-07-03 15:22 - 2009-04-20 16:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2014-07-03 15:22 - 2000-08-31 12:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2014-07-03 15:22 - 2000-08-31 12:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2014-07-03 15:22 - 2000-08-31 12:00 - 00098816 _____ () C:\windows\sed.exe
2014-07-03 15:22 - 2000-08-31 12:00 - 00080412 _____ () C:\windows\grep.exe
2014-07-03 15:22 - 2000-08-31 12:00 - 00068096 _____ () C:\windows\zip.exe
2014-07-03 15:21 - 2014-07-03 15:36 - 00000000 ____D () C:\windows\erdnt
2014-07-03 00:36 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\windows\system32\sqlite3.dll
2014-07-02 12:20 - 2014-07-02 12:20 - 00145632 _____ () C:\windows\Minidump\070214-60029-01.dmp
2014-07-02 11:19 - 2014-07-02 11:19 - 00145632 _____ () C:\windows\Minidump\070214-27814-01.dmp
2014-07-02 10:09 - 2014-07-02 10:15 - 00000000 ____D () C:\Users\new user\Desktop\PORK
2014-07-01 23:59 - 2014-07-01 23:59 - 00145632 _____ () C:\windows\Minidump\070114-19593-01.dmp
2014-07-01 23:18 - 2014-07-02 12:20 - 00000000 ____D () C:\windows\Minidump
2014-07-01 23:18 - 2014-07-01 23:18 - 00145624 _____ () C:\windows\Minidump\070114-26832-01.dmp
2014-07-01 22:09 - 2014-07-08 11:53 - 00000000 ____D () C:\Users\new user\Desktop\Tech Suppport Guy scans
2014-06-30 09:22 - 2014-06-30 09:22 - 01057176 _____ (Adobe) C:\Users\new user\Downloads\install_flashplayer14x32_mssd_aaa_aih.exe
2014-06-26 12:43 - 2014-06-26 12:43 - 09598190 _____ (Udi Fuchs ) C:\Users\new user\Downloads\ufraw-0.19.2-2-setup(1).exe
2014-06-25 23:37 - 2014-06-25 23:38 - 20364804 _____ () C:\Users\new user\Downloads\RawTherapee_WinXP_32_4.0.11.9.zip
2014-06-25 18:26 - 2014-06-25 18:26 - 00003471 _____ () C:\Users\new user\AppData\Local\recently-used.xbel
2014-06-25 15:35 - 2014-06-25 15:35 - 00000000 ____D () C:\Users\new user\Documents\Adobe Scripts
2014-06-22 18:23 - 2014-06-22 18:23 - 01402880 _____ () C:\Users\new user\Downloads\HijackThis.msi
2014-06-19 20:30 - 2014-06-19 20:30 - 00001102 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-06-19 20:30 - 2014-06-19 20:30 - 00001090 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-06-19 20:25 - 2014-06-19 20:26 - 29657144 _____ (Mozilla) C:\Users\new user\Downloads\Firefox Setup 30.0.exe
2014-06-19 17:50 - 2014-06-19 20:29 - 00000000 ____D () C:\Users\new user\Desktop\Ebedded Video Downloader
2014-06-17 14:37 - 2014-06-17 14:37 - 00000000 ____D () C:\Users\new user\AppData\Roaming\DesktopReminder
2014-06-17 14:26 - 2014-07-11 13:36 - 00000000 ____D () C:\Users\new user\Documents\DesktopReminder
2014-06-17 14:26 - 2014-06-17 14:26 - 00000000 ____D () C:\Users\new user\AppData\Local\Polenter_-_Software_Solut
2014-06-17 14:25 - 2014-07-03 22:11 - 00000000 ____D () C:\Program Files\Desktop-Reminder 2
2014-06-17 14:25 - 2014-06-17 14:26 - 00000000 __HDC () C:\ProgramData\{6EDBDBF3-ED1B-4CF1-80B9-21175D532D2A}
2014-06-17 14:25 - 2014-06-17 14:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Desktop-Reminder
2014-06-17 14:22 - 2014-06-17 14:22 - 19448856 _____ (Polenter - Software Solutions ) C:\Users\new user\Downloads\DesktopReminderSetup.exe
2014-06-17 14:22 - 2014-06-17 14:22 - 19448856 _____ (Polenter - Software Solutions ) C:\Users\new user\Downloads\DesktopReminderSetup(1).exe
2014-06-17 14:22 - 2014-06-17 14:22 - 00000000 ____D () C:\Users\new user\AppData\Local\InstallAware Installation Information
2014-06-16 16:50 - 2014-04-15 18:00 - 00000917 _____ () C:\Users\new user\Documents\aaa DOCUMENTS - Now on TOURO -Shortcut.lnk
2014-06-16 13:18 - 2014-06-16 13:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picmeta Systems
2014-06-16 13:18 - 2014-06-16 13:18 - 00000000 ____D () C:\Program Files\Picmeta
2014-06-16 13:16 - 2014-06-16 13:17 - 08597272 _____ (Picmeta Systems ) C:\Users\new user\Downloads\PIEFreeSetup.exe
2014-06-13 17:11 - 2014-06-13 17:21 - 00000000 ____D () C:\Users\new user\AppData\Roaming\DriverFinder
2014-06-13 17:10 - 2014-06-13 17:10 - 00256992 _____ () C:\Users\new user\Downloads\DriverFinder_Setup.exe
2014-06-12 22:17 - 2014-06-11 15:34 - 00052928 _____ (StdLib) C:\windows\system32\Drivers\{a3f28269-ad17-41a8-b032-3e0313ef8979}w.sys
2014-06-12 21:16 - 2014-06-12 21:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2014-06-12 21:16 - 2014-06-12 21:16 - 00000000 ____D () C:\Program Files\Foxit Software
2014-06-12 21:13 - 2014-07-03 10:55 - 00000000 ____D () C:\Program Files\Greener Web
2014-06-12 21:13 - 2014-06-12 21:13 - 00000000 ____D () C:\Program Files\SiteLookup
2014-06-12 21:12 - 2014-06-12 21:12 - 33488656 _____ (Foxit Corporation ) C:\Users\new user\Downloads\FoxitReaderSetup.exe
2014-06-12 21:12 - 2014-06-12 21:12 - 00000000 ____D () C:\Users\new user\AppData\Roaming\Plarium
2014-06-12 21:12 - 2014-06-12 21:12 - 00000000 ____D () C:\Users\new user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Plarium
2014-06-12 21:12 - 2014-06-12 21:12 - 00000000 ____D () C:\Users\new user\AppData\Local\StormFall
2014-06-12 21:12 - 2014-06-12 21:12 - 00000000 ____D () C:\Users\new user\AppData\Local\Soldiers
2014-06-12 10:56 - 2014-04-25 14:06 - 00626688 _____ (Microsoft Corporation) C:\windows\system32\usp10.dll
2014-06-12 10:56 - 2014-04-05 14:25 - 01294272 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2014-06-12 10:56 - 2014-04-05 14:24 - 00187840 _____ (Microsoft Corporation) C:\windows\system32\Drivers\FWPKCLNT.SYS
2014-06-12 10:56 - 2014-03-27 02:27 - 01389056 _____ (Microsoft Corporation) C:\windows\system32\msxml6.dll
2014-06-12 10:56 - 2014-03-27 02:27 - 01237504 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2014-06-12 10:56 - 2014-03-27 02:25 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml6r.dll
2014-06-12 10:56 - 2014-03-27 02:25 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2014-06-11 17:09 - 2014-06-11 17:09 - 00000000 ____D () C:\Users\new user\Documents\DVDVideoSoft
2014-06-11 17:01 - 2014-06-11 17:02 - 25025640 _____ (DVDVideoSoft Ltd. ) C:\Users\new user\Downloads\FreeScreenVideoRecorder.exe
2014-06-11 16:45 - 2014-06-22 19:19 - 00000000 ____D () C:\Program Files\AdFender
2014-06-11 16:45 - 2014-06-11 16:47 - 00000000 ____D () C:\Users\new user\AppData\Local\AdFender
2014-06-11 16:45 - 2014-06-11 16:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AdFender
2014-06-11 16:45 - 2014-06-11 16:45 - 00000000 ____D () C:\ProgramData\AdFender
2014-06-11 16:44 - 2014-06-11 16:45 - 02724616 _____ (AdFender, Inc.) C:\Users\new user\Downloads\Setup(1).exe
2014-06-11 15:42 - 2014-06-19 20:30 - 00000000 ____D () C:\Program Files\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2014-07-11 13:45 - 2014-07-11 13:44 - 00023025 _____ () C:\Users\new user\Desktop\FRST.txt
2014-07-11 13:44 - 2013-12-03 07:24 - 00000000 ____D () C:\FRST
2014-07-11 13:42 - 2009-07-14 16:34 - 00021472 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-11 13:42 - 2009-07-14 16:34 - 00021472 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-11 13:41 - 2014-07-11 13:41 - 01075200 _____ (Farbar) C:\Users\new user\Desktop\FRST.exe
2014-07-11 13:40 - 2013-10-17 14:55 - 00000000 ____D () C:\Users\new user\AppData\Roaming\uTorrent
2014-07-11 13:36 - 2014-06-17 14:26 - 00000000 ____D () C:\Users\new user\Documents\DesktopReminder
2014-07-11 13:36 - 2012-03-23 14:42 - 00000000 ____D () C:\Users\new user\AppData\Roaming\Skype
2014-07-11 13:34 - 2014-04-12 07:44 - 00008176 _____ () C:\windows\setupact.log
2014-07-11 13:34 - 2010-04-27 19:31 - 00000882 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-11 13:34 - 2009-07-14 16:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-07-11 13:28 - 2010-04-27 19:31 - 00000886 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-11 12:54 - 2013-08-03 15:47 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-07-11 12:19 - 2011-12-21 21:24 - 00000000 ____D () C:\Users\new user\AppData\Local\PokerStars
2014-07-11 11:28 - 2014-07-04 14:58 - 00000000 ____D () C:\Users\new user\Desktop\pano
2014-07-11 10:03 - 2010-04-26 04:16 - 01926051 _____ () C:\windows\WindowsUpdate.log
2014-07-11 09:44 - 2014-07-03 23:17 - 00000000 ____D () C:\Users\new user\Desktop\Ad Blocking
2014-07-11 08:40 - 2011-12-11 19:11 - 00000000 ____D () C:\Users\new user\AppData\Local\Adobe
2014-07-11 08:30 - 2009-07-14 16:33 - 03824240 _____ () C:\windows\system32\FNTCACHE.DAT
2014-07-11 08:28 - 2009-07-14 19:49 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-11 01:05 - 2013-07-31 00:43 - 00000000 ____D () C:\windows\system32\MRT
2014-07-11 01:05 - 2010-04-25 20:10 - 93585272 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-07-11 00:59 - 2013-12-09 19:13 - 00000000 ____D () C:\Users\new user\AppData\Roaming\vlc
2014-07-10 11:31 - 2014-07-10 11:31 - 00602112 _____ (OldTimer Tools) C:\Users\new user\Desktop\OTL.exe
2014-07-10 00:54 - 2014-07-10 00:44 - 00248882 _____ () C:\Users\new user\Desktop\OTL.Txt
2014-07-09 19:54 - 2013-08-03 15:47 - 00699056 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2014-07-09 19:54 - 2013-08-03 15:47 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
2014-07-08 17:04 - 2014-07-08 17:03 - 10578208 _____ () C:\Users\new user\Downloads\FLV.com FLV Software Downloads.undefined
2014-07-08 17:02 - 2014-07-08 17:02 - 10578208 _____ () C:\Users\new user\Downloads\Setup_FLVDownloader.exe
2014-07-08 17:00 - 2013-08-20 20:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FLV Downloader
2014-07-08 14:56 - 2014-05-24 22:19 - 00018432 _____ () C:\Users\new user\Documents\Piano Songs.xls
2014-07-08 11:53 - 2014-07-01 22:09 - 00000000 ____D () C:\Users\new user\Desktop\Tech Suppport Guy scans
2014-07-07 22:00 - 2014-07-06 17:05 - 00000000 ____D () C:\Users\new user\Desktop\FUJU
2014-07-07 16:55 - 2009-08-19 22:20 - 00916082 _____ () C:\windows\system32\PerfStringBackup.INI
2014-07-07 10:21 - 2014-07-07 10:20 - 01058200 _____ (Adobe) C:\Users\new user\Downloads\install_flashplayer14x32au_ltr5x32d_awc_aih.exe
2014-07-05 15:49 - 2014-07-05 15:49 - 00001413 _____ () C:\Users\new user\Desktop\423_1314745042-1253836402_manual - Shortcut.lnk
2014-07-05 10:53 - 2014-01-29 19:47 - 00000000 ____D () C:\ProgramData\bcd57b4b288889a8
2014-07-05 10:52 - 2014-07-05 10:52 - 00000000 ____D () C:\ProgramData\PraiceDOwnlioadeR
2014-07-05 10:39 - 2014-07-04 10:21 - 00000000 ____D () C:\Users\new user\AppData\Local\FileTypeAssistant
2014-07-05 10:32 - 2014-07-04 10:21 - 00000000 ____D () C:\Program Files\File Type Assistant
2014-07-05 10:12 - 2014-07-05 10:12 - 00000000 ____D () C:\ProgramData\Fast And Safe
2014-07-05 10:12 - 2014-07-05 10:12 - 00000000 ____D () C:\ProgramData\2308189059
2014-07-05 10:12 - 2014-07-04 10:18 - 00000000 ____D () C:\Program Files\Optimizer Pro
2014-07-05 09:54 - 2009-07-14 14:04 - 00000856 _____ () C:\windows\win.ini
2014-07-05 09:50 - 2014-04-30 09:41 - 00023072 _____ () C:\windows\PFRO.log
2014-07-04 17:17 - 2014-07-04 17:17 - 00018217 _____ () C:\ComboFix.txt
2014-07-04 17:17 - 2014-07-03 15:22 - 00000000 ____D () C:\Qoobox
2014-07-04 17:15 - 2009-07-14 14:04 - 00000215 _____ () C:\windows\system.ini
2014-07-04 14:19 - 2014-07-04 14:18 - 00000000 ____D () C:\Users\new user\Desktop\101_0407
2014-07-04 11:37 - 2013-10-01 09:47 - 00000000 ____D () C:\ProgramData\TEMP
2014-07-04 10:24 - 2014-07-04 10:24 - 00000000 ____D () C:\Users\new user\Documents\Optimizer Pro
2014-07-04 10:17 - 2014-07-04 10:18 - 18816752 _____ (Bitberry Software ) C:\Users\new user\Downloads\FreeFileViewerSetup [1].exe
2014-07-04 10:14 - 2014-07-04 10:14 - 00711776 _____ ( ) C:\Users\new user\Downloads\FreeFileViewerSetup.exe
2014-07-03 22:11 - 2014-06-17 14:25 - 00000000 ____D () C:\Program Files\Desktop-Reminder 2
2014-07-03 19:18 - 2012-06-18 15:34 - 00000000 ____D () C:\Users\new user\.gimp-2.8
2014-07-03 19:12 - 2014-07-03 19:11 - 01079825 _____ () C:\Users\new user\Downloads\autostitch.zip
2014-07-03 15:37 - 2009-07-14 14:37 - 00000000 __RHD () C:\Users\Default
2014-07-03 15:37 - 2009-07-14 14:37 - 00000000 ___RD () C:\Users\Public
2014-07-03 15:36 - 2014-07-03 15:21 - 00000000 ____D () C:\windows\erdnt
2014-07-03 11:23 - 2014-07-04 11:23 - 00052920 _____ (StdLib) C:\windows\system32\Drivers\{6fcd6092-9615-4f7f-8898-8df53980e5d2}Gw.sys
2014-07-03 10:55 - 2014-06-12 21:13 - 00000000 ____D () C:\Program Files\Greener Web
2014-07-03 10:55 - 2013-12-01 12:44 - 00000000 ____D () C:\AdwCleaner
2014-07-02 16:56 - 2012-10-02 11:32 - 00000000 ____D () C:\Users\new user\Documents\ADDRESSES PHONES - copied to Touro
2014-07-02 12:20 - 2014-07-02 12:20 - 00145632 _____ () C:\windows\Minidump\070214-60029-01.dmp
2014-07-02 12:20 - 2014-07-01 23:18 - 00000000 ____D () C:\windows\Minidump
2014-07-02 11:19 - 2014-07-02 11:19 - 00145632 _____ () C:\windows\Minidump\070214-27814-01.dmp
2014-07-02 10:15 - 2014-07-02 10:09 - 00000000 ____D () C:\Users\new user\Desktop\PORK
2014-07-01 23:59 - 2014-07-01 23:59 - 00145632 _____ () C:\windows\Minidump\070114-19593-01.dmp
2014-07-01 23:18 - 2014-07-01 23:18 - 00145624 _____ () C:\windows\Minidump\070114-26832-01.dmp
2014-06-30 09:22 - 2014-06-30 09:22 - 01057176 _____ (Adobe) C:\Users\new user\Downloads\install_flashplayer14x32_mssd_aaa_aih.exe
2014-06-26 12:46 - 2012-05-12 17:24 - 00000000 ___RD () C:\Users\new user\Virtual Machines
2014-06-26 12:43 - 2014-06-26 12:43 - 09598190 _____ (Udi Fuchs ) C:\Users\new user\Downloads\ufraw-0.19.2-2-setup(1).exe
2014-06-26 00:27 - 2011-12-21 21:24 - 00000000 ____D () C:\Program Files\PokerStars
2014-06-25 23:38 - 2014-06-25 23:37 - 20364804 _____ () C:\Users\new user\Downloads\RawTherapee_WinXP_32_4.0.11.9.zip
2014-06-25 18:26 - 2014-06-25 18:26 - 00003471 _____ () C:\Users\new user\AppData\Local\recently-used.xbel
2014-06-25 18:25 - 2014-03-24 16:29 - 00000000 ____D () C:\Users\new user\AppData\Local\gtk-2.0
2014-06-25 15:35 - 2014-06-25 15:35 - 00000000 ____D () C:\Users\new user\Documents\Adobe Scripts
2014-06-22 19:19 - 2014-06-11 16:45 - 00000000 ____D () C:\Program Files\AdFender
2014-06-22 18:23 - 2014-06-22 18:23 - 01402880 _____ () C:\Users\new user\Downloads\HijackThis.msi
2014-06-21 07:39 - 2014-07-10 09:52 - 00240824 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-06-20 14:38 - 2014-01-10 13:44 - 00000132 _____ () C:\Users\new user\AppData\Roaming\Adobe PNG Format CS5 Prefs
2014-06-20 11:55 - 2009-07-14 16:52 - 00000000 ____D () C:\windows\system32\FxsTmp
2014-06-19 22:14 - 2012-08-21 14:01 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-06-19 20:30 - 2014-06-19 20:30 - 00001102 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-06-19 20:30 - 2014-06-19 20:30 - 00001090 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-06-19 20:30 - 2014-06-11 15:42 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-06-19 20:29 - 2014-06-19 17:50 - 00000000 ____D () C:\Users\new user\Desktop\Ebedded Video Downloader
2014-06-19 20:26 - 2014-06-19 20:25 - 29657144 _____ (Mozilla) C:\Users\new user\Downloads\Firefox Setup 30.0.exe
2014-06-19 12:16 - 2014-07-10 09:52 - 17276416 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-06-19 11:56 - 2014-07-10 09:52 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-06-19 11:56 - 2014-07-10 09:52 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-06-19 11:38 - 2014-07-10 09:52 - 00455168 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-06-19 11:37 - 2014-07-10 09:52 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-06-19 11:36 - 2014-07-10 09:52 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-06-19 11:35 - 2014-07-10 09:52 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-06-19 11:32 - 2014-07-10 09:52 - 02179072 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-06-19 11:28 - 2014-07-10 09:52 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-06-19 11:28 - 2014-07-10 09:52 - 00032768 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-06-19 11:25 - 2014-07-10 09:52 - 00442368 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-06-19 11:23 - 2014-07-10 09:52 - 00112128 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-06-19 11:23 - 2014-07-10 09:52 - 00108032 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-06-19 11:22 - 2014-07-10 09:52 - 00592896 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-06-19 11:16 - 2014-07-10 09:52 - 00646144 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-06-19 11:12 - 2014-07-10 09:52 - 00367616 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-06-19 11:06 - 2014-07-10 09:52 - 00032256 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-06-19 11:01 - 2014-07-10 09:52 - 00164864 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-06-19 10:59 - 2014-07-10 09:52 - 00069632 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-06-19 10:58 - 2014-07-10 09:52 - 00239616 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-06-19 10:52 - 2014-07-10 09:52 - 04254720 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-06-19 10:52 - 2014-07-10 09:52 - 00595968 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-06-19 10:49 - 2014-07-10 09:52 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-06-19 10:46 - 2014-07-10 09:52 - 01068032 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-06-19 10:45 - 2014-07-10 09:52 - 01964544 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-06-19 10:35 - 2014-07-10 09:52 - 11742208 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-06-19 10:13 - 2014-07-10 09:52 - 01791488 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-06-19 10:09 - 2014-07-10 09:52 - 01139200 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-06-19 10:07 - 2014-07-10 09:52 - 00704512 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-06-18 13:51 - 2014-07-10 09:52 - 00646144 _____ (Microsoft Corporation) C:\windows\system32\osk.exe
2014-06-18 12:52 - 2014-07-10 09:52 - 02350080 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-06-17 14:37 - 2014-06-17 14:37 - 00000000 ____D () C:\Users\new user\AppData\Roaming\DesktopReminder
2014-06-17 14:26 - 2014-06-17 14:26 - 00000000 ____D () C:\Users\new user\AppData\Local\Polenter_-_Software_Solut
2014-06-17 14:26 - 2014-06-17 14:25 - 00000000 __HDC () C:\ProgramData\{6EDBDBF3-ED1B-4CF1-80B9-21175D532D2A}
2014-06-17 14:25 - 2014-06-17 14:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Desktop-Reminder
2014-06-17 14:22 - 2014-06-17 14:22 - 19448856 _____ (Polenter - Software Solutions ) C:\Users\new user\Downloads\DesktopReminderSetup.exe
2014-06-17 14:22 - 2014-06-17 14:22 - 19448856 _____ (Polenter - Software Solutions ) C:\Users\new user\Downloads\DesktopReminderSetup(1).exe
2014-06-17 14:22 - 2014-06-17 14:22 - 00000000 ____D () C:\Users\new user\AppData\Local\InstallAware Installation Information
2014-06-16 13:20 - 2012-05-22 19:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picmeta Systems (PIE)
2014-06-16 13:18 - 2014-06-16 13:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picmeta Systems
2014-06-16 13:18 - 2014-06-16 13:18 - 00000000 ____D () C:\Program Files\Picmeta
2014-06-16 13:17 - 2014-06-16 13:16 - 08597272 _____ (Picmeta Systems ) C:\Users\new user\Downloads\PIEFreeSetup.exe
2014-06-16 10:01 - 2014-02-10 10:01 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-06-14 10:54 - 2013-07-29 18:34 - 00000000 ____D () C:\windows\rescache
2014-06-13 17:44 - 2013-03-28 06:58 - 00000000 ____D () C:\Users\new user\Documents\AAA SUPER - copied to Touro
2014-06-13 17:21 - 2014-06-13 17:11 - 00000000 ____D () C:\Users\new user\AppData\Roaming\DriverFinder
2014-06-13 17:10 - 2014-06-13 17:10 - 00256992 _____ () C:\Users\new user\Downloads\DriverFinder_Setup.exe
2014-06-12 21:16 - 2014-06-12 21:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2014-06-12 21:16 - 2014-06-12 21:16 - 00000000 ____D () C:\Program Files\Foxit Software
2014-06-12 21:13 - 2014-06-12 21:13 - 00000000 ____D () C:\Program Files\SiteLookup
2014-06-12 21:13 - 2014-01-07 13:58 - 00000000 ____D () C:\Users\new user\AppData\Roaming\1O1L1I1PtF1F1C1N
2014-06-12 21:12 - 2014-06-12 21:12 - 33488656 _____ (Foxit Corporation ) C:\Users\new user\Downloads\FoxitReaderSetup.exe
2014-06-12 21:12 - 2014-06-12 21:12 - 00000000 ____D () C:\Users\new user\AppData\Roaming\Plarium
2014-06-12 21:12 - 2014-06-12 21:12 - 00000000 ____D () C:\Users\new user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Plarium
2014-06-12 21:12 - 2014-06-12 21:12 - 00000000 ____D () C:\Users\new user\AppData\Local\StormFall
2014-06-12 21:12 - 2014-06-12 21:12 - 00000000 ____D () C:\Users\new user\AppData\Local\Soldiers
2014-06-12 19:41 - 2014-05-01 20:19 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-06-12 00:05 - 2013-08-03 18:53 - 00000000 ____D () C:\ProgramData\MFAData
2014-06-11 17:09 - 2014-06-11 17:09 - 00000000 ____D () C:\Users\new user\Documents\DVDVideoSoft
2014-06-11 17:06 - 2012-03-02 22:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-06-11 17:06 - 2012-03-02 22:24 - 00000000 ____D () C:\Program Files\DVDVideoSoft
2014-06-11 17:05 - 2012-03-02 22:24 - 00000000 ____D () C:\Users\new user\AppData\Roaming\DVDVideoSoft
2014-06-11 17:05 - 2012-03-02 22:24 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft
2014-06-11 17:02 - 2014-06-11 17:01 - 25025640 _____ (DVDVideoSoft Ltd. ) C:\Users\new user\Downloads\FreeScreenVideoRecorder.exe
2014-06-11 16:47 - 2014-06-11 16:45 - 00000000 ____D () C:\Users\new user\AppData\Local\AdFender
2014-06-11 16:45 - 2014-06-11 16:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AdFender
2014-06-11 16:45 - 2014-06-11 16:45 - 00000000 ____D () C:\ProgramData\AdFender
2014-06-11 16:45 - 2014-06-11 16:44 - 02724616 _____ (AdFender, Inc.) C:\Users\new user\Downloads\Setup(1).exe
2014-06-11 15:34 - 2014-06-12 22:17 - 00052928 _____ (StdLib) C:\windows\system32\Drivers\{a3f28269-ad17-41a8-b032-3e0313ef8979}w.sys
2014-06-11 12:54 - 2014-01-02 21:59 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-06-11 12:37 - 2009-07-14 16:53 - 00032622 _____ () C:\windows\Tasks\SCHEDLGU.TXT

Some content of TEMP:
====================
C:\Users\new user\AppData\Local\Temp\GreenerWebUntemp.exe

==================== Bamital & volsnap Check =================

C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-07-08 13:24

==================== End Of Log ============================


----------



## MikeJG (Jul 31, 2013)

THIS WAS ENTITLED 'FRST.TXT' ' and had to be opened

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:10-07-2014 01
Ran by new user (administrator) on TOSH-2 on 11-07-2014 13:44:09
Running from C:\Users\new user\Desktop
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TEco.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
() C:\Windows\System32\spool\drivers\w32x86\hpoopm07.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(BitTorrent Inc.) C:\Users\new user\AppData\Roaming\uTorrent\uTorrent.exe
(Polenter - Software Solutions) C:\Program Files\Desktop-Reminder 2\DesktopReminder2.exe
(AdFender, Inc.) C:\Program Files\AdFender\AdFender.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(WorldxChange Communications Limited) C:\Program Files\Xnet Usage Monitor\XNetUsage.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agrsmsvc.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7625248 2009-07-29] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1545512 2009-07-21] (Synaptics Incorporated)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [476512 2009-08-06] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [460088 2009-07-29] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [738616 2009-08-06] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1324384 2009-08-12] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [466792 2009-08-07] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [29528 2009-08-07] (TOSHIBA Corporation)
HKLM\...\Run: [ToshibaServiceStation] => C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1294136 2009-08-18] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [611672 2009-08-04] (TOSHIBA Corporation)
HKLM\...\Run: [SmartFaceVWatcher] => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [163840 2009-07-30] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [611672 2009-08-07] (TOSHIBA Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [SwitchBoard] => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS6ServiceManager] => C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-22] (Adobe Systems Incorporated)
HKLM\...\Run: [CanonQuickMenu] => C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE [1279120 2012-09-27] (CANON INC.)
HKLM\...\Run: [HPAIO_PrintFolderMgr] => C:\windows\system32\spool\DRIVERS\W32X86\hpoopm07.exe [61440 2000-07-26] ()
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKU\S-1-5-21-2157935053-1210720638-4233388858-1010\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [21442176 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-2157935053-1210720638-4233388858-1010\...\Run: [uTorrent] => C:\Users\new user\AppData\Roaming\uTorrent\uTorrent.exe [1322832 2014-07-03] (BitTorrent Inc.)
HKU\S-1-5-21-2157935053-1210720638-4233388858-1010\...\Run: [DesktopReminder2ByPolenter] => C:\Program Files\Desktop-Reminder 2\DesktopReminder2.exe [2826256 2014-05-20] (Polenter - Software Solutions)
AppInit_DLLs: c:\progra~2\fastan~1\fastan~1.dll => c:\ProgramData\Fast And Safe\FastAndSafe.dll [4125696 2014-07-05] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AdFender.lnk
ShortcutTarget: AdFender.lnk -> C:\Program Files\AdFender\AdFender.exe (AdFender, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\new user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\new user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xnet Usage Monitor.lnk
ShortcutTarget: Xnet Usage Monitor.lnk -> C:\Program Files\Xnet Usage Monitor\XNetUsage.exe (WorldxChange Communications Limited)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSAU&bmod=TSAU
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - URL http://www.trovigo.com/Results.aspx?gd=&ctid=CT3324790&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=5&UP=SP392197FB-717B-4AA9-B3A8-95F2ED41276A&q={searchTerms}&SSPV=
SearchScopes: HKCU - SuggestionsURL_JSON http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {1583BE2E-04F0-4D5F-9233-70D1EC570F9E} URL = https://au.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=231195&p={searchTerms}
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: PraiceDOwnlioadeR - {E9160AFC-ADE0-19DE-6BE9-021F3D768765} - C:\ProgramData\PraiceDOwnlioadeR\vqG.dll ()
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 58.28.5.2 58.28.6.2

FireFox:
========
FF ProfilePath: C:\Users\new user\AppData\Roaming\Mozilla\Firefox\Profiles\zv8j385y.default
FF DefaultSearchEngine: Yahoo!
FF SearchEngineOrder.3: Bing 
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @microsoft.com/GENUINE - C:\windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\new user\AppData\Roaming\Mozilla\Firefox\Profiles\zv8j385y.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Users\new user\AppData\Roaming\Mozilla\Firefox\Profiles\zv8j385y.default\searchplugins\yahoo_ff.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazon-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\chambers-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-en-GB.xml
FF Extension: No Name - C:\Users\new user\AppData\Roaming\Mozilla\Firefox\profiles\extensions\extensions [2013-07-31]
FF Extension: No Name - C:\Users\new user\AppData\Roaming\Mozilla\Firefox\profiles\extensions\searchplugins [2014-05-29]
FF Extension: PruiceDownloadeer - C:\Users\new user\AppData\Roaming\Mozilla\Firefox\Profiles\zv8j385y.default\Extensions\[email protected] [2014-07-05]
FF Extension: Flash Video Downloader - Full HD Download - C:\Users\new user\AppData\Roaming\Mozilla\Firefox\Profiles\zv8j385y.default\Extensions\[email protected] [2014-05-10]
FF Extension: Site Matcher Pro - C:\Users\new user\AppData\Roaming\Mozilla\Firefox\Profiles\zv8j385y.default\Extensions\[email protected] [2014-06-18]
FF Extension: Exif Viewer - C:\Users\new user\AppData\Roaming\Mozilla\Firefox\Profiles\zv8j385y.default\Extensions\[email protected] [2013-10-16]
FF Extension: Awesome screenshot: Capture and Annotate - C:\Users\new user\AppData\Roaming\Mozilla\Firefox\Profiles\zv8j385y.default\Extensions\[email protected] [2013-10-16]
FF Extension: betterFox - Make your browsing experience 15% faster. - C:\Users\new user\AppData\Roaming\Mozilla\Firefox\Profiles\zv8j385y.default\Extensions\[email protected] [2013-07-24]
FF Extension: Amazon Shopping Assistant by Spigot - C:\Users\new user\AppData\Roaming\Mozilla\Firefox\Profiles\zv8j385y.default\Extensions\[email protected] [2014-06-07]
FF Extension: Ebay Shopping Assistant by Spigot - C:\Users\new user\AppData\Roaming\Mozilla\Firefox\Profiles\zv8j385y.default\Extensions\[email protected] [2014-06-07]
FF Extension: Copy As Plain Text - C:\Users\new user\AppData\Roaming\Mozilla\Firefox\Profiles\zv8j385y.default\Extensions\{1a5dabbd-0e74-41da-b532-a364bb552cab}.xpi [2013-10-16]
FF Extension: Start Page - C:\Users\new user\AppData\Roaming\Mozilla\Firefox\Profiles\zv8j385y.default\Extensions\{58d2a791-6199-482f-a9aa-9b725ec61362}.xpi [2014-06-27]
FF Extension: Adblock Plus - C:\Users\new user\AppData\Roaming\Mozilla\Firefox\Profiles\zv8j385y.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-08-21]
FF Extension: Greasemonkey - C:\Users\new user\AppData\Roaming\Mozilla\Firefox\Profiles\zv8j385y.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2013-07-15]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-06-11]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\FinalVideoDownloader\Firefox
FF Extension: FinalVideoDownloader plugin for Mozilla Firefox - C:\Program Files\FinalVideoDownloader\Firefox [2013-04-10]
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

========================== Services (Whitelisted) =================

R2 64af91bf; c:\ProgramData\Fast And Safe\FastAndSafeSvc.dll [186192 2014-07-05] () [File not signed]
R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 2009-03-28] (LSI Corporation)
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
R2 cfWiMAXService; C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [185712 2009-08-11] (TOSHIBA CORPORATION)
R2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [46448 2009-03-11] (TOSHIBA CORPORATION)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-10] (McAfee, Inc.)
S3 MSSQL$MSSMLBIZ; c:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
R2 RSELSVC; C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe [62832 2009-07-08] (TOSHIBA Corporation)
S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R3 TMachInfo; C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [51512 2009-08-18] (TOSHIBA Corporation)
R2 TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [185712 2009-08-12] (TOSHIBA Corporation)
R3 TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [111960 2009-08-04] (TOSHIBA Corporation)
R3 TPCHSrv; C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [685424 2009-08-07] (TOSHIBA Corporation)
S2 HPSLPSVC; C:\Users\new user\AppData\Local\Temp\7zS7DC9\hpslpsvc32.dll [X]

==================== Drivers (Whitelisted) ====================

R3 Afc; C:\windows\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
S3 Apowersoft_AudioDevice; C:\windows\System32\drivers\Apowersoft_AudioDevice.sys [26032 2013-06-01] (Wondershare)
R3 Dot4Scan; C:\windows\System32\DRIVERS\Dot4Scan.sys [10752 2009-07-14] (Microsoft Corporation)
S3 gfiark; C:\windows\System32\drivers\gfiark.sys [41584 2013-04-11] (ThreatTrack Security)
R0 gfibto; C:\windows\System32\drivers\gfibto.sys [13560 2013-07-30] (GFI Software)
R2 npf; C:\windows\System32\drivers\npf.sys [35088 2011-02-12] (CACE Technologies, Inc.)
R3 PGEffect; C:\windows\System32\DRIVERS\pgeffect.sys [24064 2009-06-23] (TOSHIBA Corporation)
R2 tifsfilter; C:\windows\System32\DRIVERS\tifsfilt.sys [44384 2010-04-28] (Acronis)
R2 TVALZFL; C:\windows\System32\DRIVERS\TVALZFL.sys [12920 2009-06-20] (TOSHIBA Corporation)
S3 usbsermptxp; C:\windows\System32\DRIVERS\usbsermptxp.sys [25600 2011-11-21] (Microsoft Corporation) [File not signed]
R3 vpcbus; C:\windows\System32\DRIVERS\vpchbus.sys [172416 2010-11-21] (Microsoft Corporation)
R1 vpcnfltr; C:\windows\System32\DRIVERS\vpcnfltr.sys [48128 2010-11-20] (Microsoft Corporation)
R3 vpcusb; C:\windows\System32\DRIVERS\vpcusb.sys [78336 2010-11-20] (Microsoft Corporation)
R1 vpcvmm; C:\windows\System32\drivers\vpcvmm.sys [296064 2010-11-21] (Microsoft Corporation)
R1 {6fcd6092-9615-4f7f-8898-8df53980e5d2}Gw; C:\windows\System32\drivers\{6fcd6092-9615-4f7f-8898-8df53980e5d2}Gw.sys [52920 2014-07-03] (StdLib)
R1 {a3f28269-ad17-41a8-b032-3e0313ef8979}w; C:\windows\System32\drivers\{a3f28269-ad17-41a8-b032-3e0313ef8979}w.sys [52928 2014-06-11] (StdLib)
S3 BTCFilterService; system32\DRIVERS\motfilt.sys [X]
S3 catchme; \??\C:\Users\NEWUSE~1\AppData\Local\Temp\catchme.sys [X]
S3 motccgp; system32\DRIVERS\motccgp.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 motmodem; system32\DRIVERS\motmodem.sys [X]
S3 MotoSwitchService; system32\DRIVERS\motswch.sys [X]
S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [X]
S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X]
S3 ProcObsrv; \??\C:\Program Files\Glary Utilities 3\ProcObsrv.sys [X]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
S0 vmci; system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-07-11 13:44 - 2014-07-11 13:44 - 00023025 _____ () C:\Users\new user\Desktop\FRST.txt
2014-07-11 13:41 - 2014-07-11 13:41 - 01075200 _____ (Farbar) C:\Users\new user\Desktop\FRST.exe
2014-07-10 11:31 - 2014-07-10 11:31 - 00602112 _____ (OldTimer Tools) C:\Users\new user\Desktop\OTL.exe
2014-07-10 09:52 - 2014-06-21 07:39 - 00240824 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-07-10 09:52 - 2014-06-19 12:16 - 17276416 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-07-10 09:52 - 2014-06-19 11:56 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-07-10 09:52 - 2014-06-19 11:56 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-07-10 09:52 - 2014-06-19 11:38 - 00455168 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-07-10 09:52 - 2014-06-19 11:37 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-07-10 09:52 - 2014-06-19 11:36 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-07-10 09:52 - 2014-06-19 11:35 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-07-10 09:52 - 2014-06-19 11:32 - 02179072 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-07-10 09:52 - 2014-06-19 11:28 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-07-10 09:52 - 2014-06-19 11:28 - 00032768 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-07-10 09:52 - 2014-06-19 11:25 - 00442368 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-07-10 09:52 - 2014-06-19 11:23 - 00112128 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-07-10 09:52 - 2014-06-19 11:23 - 00108032 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-07-10 09:52 - 2014-06-19 11:22 - 00592896 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-07-10 09:52 - 2014-06-19 11:16 - 00646144 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-07-10 09:52 - 2014-06-19 11:12 - 00367616 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-07-10 09:52 - 2014-06-19 11:06 - 00032256 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-07-10 09:52 - 2014-06-19 11:01 - 00164864 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-07-10 09:52 - 2014-06-19 10:59 - 00069632 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-07-10 09:52 - 2014-06-19 10:58 - 00239616 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-07-10 09:52 - 2014-06-19 10:52 - 04254720 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-07-10 09:52 - 2014-06-19 10:52 - 00595968 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-07-10 09:52 - 2014-06-19 10:49 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-07-10 09:52 - 2014-06-19 10:46 - 01068032 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-07-10 09:52 - 2014-06-19 10:45 - 01964544 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-07-10 09:52 - 2014-06-19 10:35 - 11742208 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-07-10 09:52 - 2014-06-19 10:13 - 01791488 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-07-10 09:52 - 2014-06-19 10:09 - 01139200 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-07-10 09:52 - 2014-06-19 10:07 - 00704512 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-07-10 09:52 - 2014-06-18 13:51 - 00646144 _____ (Microsoft Corporation) C:\windows\system32\osk.exe
2014-07-10 09:52 - 2014-06-18 12:52 - 02350080 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-07-10 09:52 - 2014-06-06 21:44 - 00509440 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2014-07-10 09:52 - 2014-06-06 02:26 - 01059840 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-07-10 09:52 - 2014-05-30 19:52 - 00550912 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-07-10 09:52 - 2014-05-30 19:52 - 00259584 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2014-07-10 09:52 - 2014-05-30 19:52 - 00247808 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-07-10 09:52 - 2014-05-30 19:52 - 00220160 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2014-07-10 09:52 - 2014-05-30 19:52 - 00172032 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2014-07-10 09:52 - 2014-05-30 19:52 - 00065536 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-07-10 09:52 - 2014-05-30 19:52 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-07-10 09:52 - 2014-05-30 18:36 - 00338944 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2014-07-10 00:44 - 2014-07-10 00:54 - 00248882 _____ () C:\Users\new user\Desktop\OTL.Txt
2014-07-08 17:03 - 2014-07-08 17:04 - 10578208 _____ () C:\Users\new user\Downloads\FLV.com FLV Software Downloads.undefined
2014-07-08 17:02 - 2014-07-08 17:02 - 10578208 _____ () C:\Users\new user\Downloads\Setup_FLVDownloader.exe
2014-07-07 10:20 - 2014-07-07 10:21 - 01058200 _____ (Adobe) C:\Users\new user\Downloads\install_flashplayer14x32au_ltr5x32d_awc_aih.exe
2014-07-06 17:05 - 2014-07-07 22:00 - 00000000 ____D () C:\Users\new user\Desktop\FUJU
2014-07-05 15:49 - 2014-07-05 15:49 - 00001413 _____ () C:\Users\new user\Desktop\423_1314745042-1253836402_manual - Shortcut.lnk
2014-07-05 10:52 - 2014-07-05 10:52 - 00000000 ____D () C:\ProgramData\PraiceDOwnlioadeR
2014-07-05 10:12 - 2014-07-05 10:12 - 00000000 ____D () C:\ProgramData\Fast And Safe
2014-07-05 10:12 - 2014-07-05 10:12 - 00000000 ____D () C:\ProgramData\2308189059
2014-07-04 17:17 - 2014-07-04 17:17 - 00018217 _____ () C:\ComboFix.txt
2014-07-04 14:58 - 2014-07-11 11:28 - 00000000 ____D () C:\Users\new user\Desktop\pano
2014-07-04 14:18 - 2014-07-04 14:19 - 00000000 ____D () C:\Users\new user\Desktop\101_0407
2014-07-04 11:23 - 2014-07-03 11:23 - 00052920 _____ (StdLib) C:\windows\system32\Drivers\{6fcd6092-9615-4f7f-8898-8df53980e5d2}Gw.sys
2014-07-04 10:24 - 2014-07-04 10:24 - 00000000 ____D () C:\Users\new user\Documents\Optimizer Pro
2014-07-04 10:21 - 2014-07-05 10:39 - 00000000 ____D () C:\Users\new user\AppData\Local\FileTypeAssistant
2014-07-04 10:21 - 2014-07-05 10:32 - 00000000 ____D () C:\Program Files\File Type Assistant
2014-07-04 10:18 - 2014-07-05 10:12 - 00000000 ____D () C:\Program Files\Optimizer Pro
2014-07-04 10:18 - 2014-07-04 10:17 - 18816752 _____ (Bitberry Software ) C:\Users\new user\Downloads\FreeFileViewerSetup [1].exe
2014-07-04 10:14 - 2014-07-04 10:14 - 00711776 _____ ( ) C:\Users\new user\Downloads\FreeFileViewerSetup.exe
2014-07-03 23:17 - 2014-07-11 09:44 - 00000000 ____D () C:\Users\new user\Desktop\Ad Blocking
2014-07-03 19:11 - 2014-07-03 19:12 - 01079825 _____ () C:\Users\new user\Downloads\autostitch.zip
2014-07-03 15:22 - 2014-07-04 17:17 - 00000000 ____D () C:\Qoobox
2014-07-03 15:22 - 2011-06-26 18:45 - 00256000 _____ () C:\windows\PEV.exe
2014-07-03 15:22 - 2010-11-08 05:20 - 00208896 _____ () C:\windows\MBR.exe
2014-07-03 15:22 - 2009-04-20 16:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2014-07-03 15:22 - 2000-08-31 12:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2014-07-03 15:22 - 2000-08-31 12:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2014-07-03 15:22 - 2000-08-31 12:00 - 00098816 _____ () C:\windows\sed.exe
2014-07-03 15:22 - 2000-08-31 12:00 - 00080412 _____ () C:\windows\grep.exe
2014-07-03 15:22 - 2000-08-31 12:00 - 00068096 _____ () C:\windows\zip.exe
2014-07-03 15:21 - 2014-07-03 15:36 - 00000000 ____D () C:\windows\erdnt
2014-07-03 00:36 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\windows\system32\sqlite3.dll
2014-07-02 12:20 - 2014-07-02 12:20 - 00145632 _____ () C:\windows\Minidump\070214-60029-01.dmp
2014-07-02 11:19 - 2014-07-02 11:19 - 00145632 _____ () C:\windows\Minidump\070214-27814-01.dmp
2014-07-02 10:09 - 2014-07-02 10:15 - 00000000 ____D () C:\Users\new user\Desktop\PORK
2014-07-01 23:59 - 2014-07-01 23:59 - 00145632 _____ () C:\windows\Minidump\070114-19593-01.dmp
2014-07-01 23:18 - 2014-07-02 12:20 - 00000000 ____D () C:\windows\Minidump
2014-07-01 23:18 - 2014-07-01 23:18 - 00145624 _____ () C:\windows\Minidump\070114-26832-01.dmp
2014-07-01 22:09 - 2014-07-08 11:53 - 00000000 ____D () C:\Users\new user\Desktop\Tech Suppport Guy scans
2014-06-30 09:22 - 2014-06-30 09:22 - 01057176 _____ (Adobe) C:\Users\new user\Downloads\install_flashplayer14x32_mssd_aaa_aih.exe
2014-06-26 12:43 - 2014-06-26 12:43 - 09598190 _____ (Udi Fuchs ) C:\Users\new user\Downloads\ufraw-0.19.2-2-setup(1).exe
2014-06-25 23:37 - 2014-06-25 23:38 - 20364804 _____ () C:\Users\new user\Downloads\RawTherapee_WinXP_32_4.0.11.9.zip
2014-06-25 18:26 - 2014-06-25 18:26 - 00003471 _____ () C:\Users\new user\AppData\Local\recently-used.xbel
2014-06-25 15:35 - 2014-06-25 15:35 - 00000000 ____D () C:\Users\new user\Documents\Adobe Scripts
2014-06-22 18:23 - 2014-06-22 18:23 - 01402880 _____ () C:\Users\new user\Downloads\HijackThis.msi
2014-06-19 20:30 - 2014-06-19 20:30 - 00001102 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-06-19 20:30 - 2014-06-19 20:30 - 00001090 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-06-19 20:25 - 2014-06-19 20:26 - 29657144 _____ (Mozilla) C:\Users\new user\Downloads\Firefox Setup 30.0.exe
2014-06-19 17:50 - 2014-06-19 20:29 - 00000000 ____D () C:\Users\new user\Desktop\Ebedded Video Downloader
2014-06-17 14:37 - 2014-06-17 14:37 - 00000000 ____D () C:\Users\new user\AppData\Roaming\DesktopReminder
2014-06-17 14:26 - 2014-07-11 13:36 - 00000000 ____D () C:\Users\new user\Documents\DesktopReminder
2014-06-17 14:26 - 2014-06-17 14:26 - 00000000 ____D () C:\Users\new user\AppData\Local\Polenter_-_Software_Solut
2014-06-17 14:25 - 2014-07-03 22:11 - 00000000 ____D () C:\Program Files\Desktop-Reminder 2
2014-06-17 14:25 - 2014-06-17 14:26 - 00000000 __HDC () C:\ProgramData\{6EDBDBF3-ED1B-4CF1-80B9-21175D532D2A}
2014-06-17 14:25 - 2014-06-17 14:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Desktop-Reminder
2014-06-17 14:22 - 2014-06-17 14:22 - 19448856 _____ (Polenter - Software Solutions ) C:\Users\new user\Downloads\DesktopReminderSetup.exe
2014-06-17 14:22 - 2014-06-17 14:22 - 19448856 _____ (Polenter - Software Solutions ) C:\Users\new user\Downloads\DesktopReminderSetup(1).exe
2014-06-17 14:22 - 2014-06-17 14:22 - 00000000 ____D () C:\Users\new user\AppData\Local\InstallAware Installation Information
2014-06-16 16:50 - 2014-04-15 18:00 - 00000917 _____ () C:\Users\new user\Documents\aaa DOCUMENTS - Now on TOURO -Shortcut.lnk
2014-06-16 13:18 - 2014-06-16 13:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picmeta Systems
2014-06-16 13:18 - 2014-06-16 13:18 - 00000000 ____D () C:\Program Files\Picmeta
2014-06-16 13:16 - 2014-06-16 13:17 - 08597272 _____ (Picmeta Systems ) C:\Users\new user\Downloads\PIEFreeSetup.exe
2014-06-13 17:11 - 2014-06-13 17:21 - 00000000 ____D () C:\Users\new user\AppData\Roaming\DriverFinder
2014-06-13 17:10 - 2014-06-13 17:10 - 00256992 _____ () C:\Users\new user\Downloads\DriverFinder_Setup.exe
2014-06-12 22:17 - 2014-06-11 15:34 - 00052928 _____ (StdLib) C:\windows\system32\Drivers\{a3f28269-ad17-41a8-b032-3e0313ef8979}w.sys
2014-06-12 21:16 - 2014-06-12 21:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2014-06-12 21:16 - 2014-06-12 21:16 - 00000000 ____D () C:\Program Files\Foxit Software
2014-06-12 21:13 - 2014-07-03 10:55 - 00000000 ____D () C:\Program Files\Greener Web
2014-06-12 21:13 - 2014-06-12 21:13 - 00000000 ____D () C:\Program Files\SiteLookup
2014-06-12 21:12 - 2014-06-12 21:12 - 33488656 _____ (Foxit Corporation ) C:\Users\new user\Downloads\FoxitReaderSetup.exe
2014-06-12 21:12 - 2014-06-12 21:12 - 00000000 ____D () C:\Users\new user\AppData\Roaming\Plarium
2014-06-12 21:12 - 2014-06-12 21:12 - 00000000 ____D () C:\Users\new user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Plarium
2014-06-12 21:12 - 2014-06-12 21:12 - 00000000 ____D () C:\Users\new user\AppData\Local\StormFall
2014-06-12 21:12 - 2014-06-12 21:12 - 00000000 ____D () C:\Users\new user\AppData\Local\Soldiers
2014-06-12 10:56 - 2014-04-25 14:06 - 00626688 _____ (Microsoft Corporation) C:\windows\system32\usp10.dll
2014-06-12 10:56 - 2014-04-05 14:25 - 01294272 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2014-06-12 10:56 - 2014-04-05 14:24 - 00187840 _____ (Microsoft Corporation) C:\windows\system32\Drivers\FWPKCLNT.SYS
2014-06-12 10:56 - 2014-03-27 02:27 - 01389056 _____ (Microsoft Corporation) C:\windows\system32\msxml6.dll
2014-06-12 10:56 - 2014-03-27 02:27 - 01237504 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2014-06-12 10:56 - 2014-03-27 02:25 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml6r.dll
2014-06-12 10:56 - 2014-03-27 02:25 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2014-06-11 17:09 - 2014-06-11 17:09 - 00000000 ____D () C:\Users\new user\Documents\DVDVideoSoft
2014-06-11 17:01 - 2014-06-11 17:02 - 25025640 _____ (DVDVideoSoft Ltd. ) C:\Users\new user\Downloads\FreeScreenVideoRecorder.exe
2014-06-11 16:45 - 2014-06-22 19:19 - 00000000 ____D () C:\Program Files\AdFender
2014-06-11 16:45 - 2014-06-11 16:47 - 00000000 ____D () C:\Users\new user\AppData\Local\AdFender
2014-06-11 16:45 - 2014-06-11 16:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AdFender
2014-06-11 16:45 - 2014-06-11 16:45 - 00000000 ____D () C:\ProgramData\AdFender
2014-06-11 16:44 - 2014-06-11 16:45 - 02724616 _____ (AdFender, Inc.) C:\Users\new user\Downloads\Setup(1).exe
2014-06-11 15:42 - 2014-06-19 20:30 - 00000000 ____D () C:\Program Files\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2014-07-11 13:45 - 2014-07-11 13:44 - 00023025 _____ () C:\Users\new user\Desktop\FRST.txt
2014-07-11 13:44 - 2013-12-03 07:24 - 00000000 ____D () C:\FRST
2014-07-11 13:42 - 2009-07-14 16:34 - 00021472 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-11 13:42 - 2009-07-14 16:34 - 00021472 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-11 13:41 - 2014-07-11 13:41 - 01075200 _____ (Farbar) C:\Users\new user\Desktop\FRST.exe
2014-07-11 13:40 - 2013-10-17 14:55 - 00000000 ____D () C:\Users\new user\AppData\Roaming\uTorrent
2014-07-11 13:36 - 2014-06-17 14:26 - 00000000 ____D () C:\Users\new user\Documents\DesktopReminder
2014-07-11 13:36 - 2012-03-23 14:42 - 00000000 ____D () C:\Users\new user\AppData\Roaming\Skype
2014-07-11 13:34 - 2014-04-12 07:44 - 00008176 _____ () C:\windows\setupact.log
2014-07-11 13:34 - 2010-04-27 19:31 - 00000882 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-11 13:34 - 2009-07-14 16:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-07-11 13:28 - 2010-04-27 19:31 - 00000886 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-11 12:54 - 2013-08-03 15:47 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-07-11 12:19 - 2011-12-21 21:24 - 00000000 ____D () C:\Users\new user\AppData\Local\PokerStars
2014-07-11 11:28 - 2014-07-04 14:58 - 00000000 ____D () C:\Users\new user\Desktop\pano
2014-07-11 10:03 - 2010-04-26 04:16 - 01926051 _____ () C:\windows\WindowsUpdate.log
2014-07-11 09:44 - 2014-07-03 23:17 - 00000000 ____D () C:\Users\new user\Desktop\Ad Blocking
2014-07-11 08:40 - 2011-12-11 19:11 - 00000000 ____D () C:\Users\new user\AppData\Local\Adobe
2014-07-11 08:30 - 2009-07-14 16:33 - 03824240 _____ () C:\windows\system32\FNTCACHE.DAT
2014-07-11 08:28 - 2009-07-14 19:49 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-11 01:05 - 2013-07-31 00:43 - 00000000 ____D () C:\windows\system32\MRT
2014-07-11 01:05 - 2010-04-25 20:10 - 93585272 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-07-11 00:59 - 2013-12-09 19:13 - 00000000 ____D () C:\Users\new user\AppData\Roaming\vlc
2014-07-10 11:31 - 2014-07-10 11:31 - 00602112 _____ (OldTimer Tools) C:\Users\new user\Desktop\OTL.exe
2014-07-10 00:54 - 2014-07-10 00:44 - 00248882 _____ () C:\Users\new user\Desktop\OTL.Txt
2014-07-09 19:54 - 2013-08-03 15:47 - 00699056 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2014-07-09 19:54 - 2013-08-03 15:47 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
2014-07-08 17:04 - 2014-07-08 17:03 - 10578208 _____ () C:\Users\new user\Downloads\FLV.com FLV Software Downloads.undefined
2014-07-08 17:02 - 2014-07-08 17:02 - 10578208 _____ () C:\Users\new user\Downloads\Setup_FLVDownloader.exe
2014-07-08 17:00 - 2013-08-20 20:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FLV Downloader
2014-07-08 14:56 - 2014-05-24 22:19 - 00018432 _____ () C:\Users\new user\Documents\Piano Songs.xls
2014-07-08 11:53 - 2014-07-01 22:09 - 00000000 ____D () C:\Users\new user\Desktop\Tech Suppport Guy scans
2014-07-07 22:00 - 2014-07-06 17:05 - 00000000 ____D () C:\Users\new user\Desktop\FUJU
2014-07-07 16:55 - 2009-08-19 22:20 - 00916082 _____ () C:\windows\system32\PerfStringBackup.INI
2014-07-07 10:21 - 2014-07-07 10:20 - 01058200 _____ (Adobe) C:\Users\new user\Downloads\install_flashplayer14x32au_ltr5x32d_awc_aih.exe
2014-07-05 15:49 - 2014-07-05 15:49 - 00001413 _____ () C:\Users\new user\Desktop\423_1314745042-1253836402_manual - Shortcut.lnk
2014-07-05 10:53 - 2014-01-29 19:47 - 00000000 ____D () C:\ProgramData\bcd57b4b288889a8
2014-07-05 10:52 - 2014-07-05 10:52 - 00000000 ____D () C:\ProgramData\PraiceDOwnlioadeR
2014-07-05 10:39 - 2014-07-04 10:21 - 00000000 ____D () C:\Users\new user\AppData\Local\FileTypeAssistant
2014-07-05 10:32 - 2014-07-04 10:21 - 00000000 ____D () C:\Program Files\File Type Assistant
2014-07-05 10:12 - 2014-07-05 10:12 - 00000000 ____D () C:\ProgramData\Fast And Safe
2014-07-05 10:12 - 2014-07-05 10:12 - 00000000 ____D () C:\ProgramData\2308189059
2014-07-05 10:12 - 2014-07-04 10:18 - 00000000 ____D () C:\Program Files\Optimizer Pro
2014-07-05 09:54 - 2009-07-14 14:04 - 00000856 _____ () C:\windows\win.ini
2014-07-05 09:50 - 2014-04-30 09:41 - 00023072 _____ () C:\windows\PFRO.log
2014-07-04 17:17 - 2014-07-04 17:17 - 00018217 _____ () C:\ComboFix.txt
2014-07-04 17:17 - 2014-07-03 15:22 - 00000000 ____D () C:\Qoobox
2014-07-04 17:15 - 2009-07-14 14:04 - 00000215 _____ () C:\windows\system.ini
2014-07-04 14:19 - 2014-07-04 14:18 - 00000000 ____D () C:\Users\new user\Desktop\101_0407
2014-07-04 11:37 - 2013-10-01 09:47 - 00000000 ____D () C:\ProgramData\TEMP
2014-07-04 10:24 - 2014-07-04 10:24 - 00000000 ____D () C:\Users\new user\Documents\Optimizer Pro
2014-07-04 10:17 - 2014-07-04 10:18 - 18816752 _____ (Bitberry Software ) C:\Users\new user\Downloads\FreeFileViewerSetup [1].exe
2014-07-04 10:14 - 2014-07-04 10:14 - 00711776 _____ ( ) C:\Users\new user\Downloads\FreeFileViewerSetup.exe
2014-07-03 22:11 - 2014-06-17 14:25 - 00000000 ____D () C:\Program Files\Desktop-Reminder 2
2014-07-03 19:18 - 2012-06-18 15:34 - 00000000 ____D () C:\Users\new user\.gimp-2.8
2014-07-03 19:12 - 2014-07-03 19:11 - 01079825 _____ () C:\Users\new user\Downloads\autostitch.zip
2014-07-03 15:37 - 2009-07-14 14:37 - 00000000 __RHD () C:\Users\Default
2014-07-03 15:37 - 2009-07-14 14:37 - 00000000 ___RD () C:\Users\Public
2014-07-03 15:36 - 2014-07-03 15:21 - 00000000 ____D () C:\windows\erdnt
2014-07-03 11:23 - 2014-07-04 11:23 - 00052920 _____ (StdLib) C:\windows\system32\Drivers\{6fcd6092-9615-4f7f-8898-8df53980e5d2}Gw.sys
2014-07-03 10:55 - 2014-06-12 21:13 - 00000000 ____D () C:\Program Files\Greener Web
2014-07-03 10:55 - 2013-12-01 12:44 - 00000000 ____D () C:\AdwCleaner
2014-07-02 16:56 - 2012-10-02 11:32 - 00000000 ____D () C:\Users\new user\Documents\ADDRESSES PHONES - copied to Touro
2014-07-02 12:20 - 2014-07-02 12:20 - 00145632 _____ () C:\windows\Minidump\070214-60029-01.dmp
2014-07-02 12:20 - 2014-07-01 23:18 - 00000000 ____D () C:\windows\Minidump
2014-07-02 11:19 - 2014-07-02 11:19 - 00145632 _____ () C:\windows\Minidump\070214-27814-01.dmp
2014-07-02 10:15 - 2014-07-02 10:09 - 00000000 ____D () C:\Users\new user\Desktop\PORK
2014-07-01 23:59 - 2014-07-01 23:59 - 00145632 _____ () C:\windows\Minidump\070114-19593-01.dmp
2014-07-01 23:18 - 2014-07-01 23:18 - 00145624 _____ () C:\windows\Minidump\070114-26832-01.dmp
2014-06-30 09:22 - 2014-06-30 09:22 - 01057176 _____ (Adobe) C:\Users\new user\Downloads\install_flashplayer14x32_mssd_aaa_aih.exe
2014-06-26 12:46 - 2012-05-12 17:24 - 00000000 ___RD () C:\Users\new user\Virtual Machines
2014-06-26 12:43 - 2014-06-26 12:43 - 09598190 _____ (Udi Fuchs ) C:\Users\new user\Downloads\ufraw-0.19.2-2-setup(1).exe
2014-06-26 00:27 - 2011-12-21 21:24 - 00000000 ____D () C:\Program Files\PokerStars
2014-06-25 23:38 - 2014-06-25 23:37 - 20364804 _____ () C:\Users\new user\Downloads\RawTherapee_WinXP_32_4.0.11.9.zip
2014-06-25 18:26 - 2014-06-25 18:26 - 00003471 _____ () C:\Users\new user\AppData\Local\recently-used.xbel
2014-06-25 18:25 - 2014-03-24 16:29 - 00000000 ____D () C:\Users\new user\AppData\Local\gtk-2.0
2014-06-25 15:35 - 2014-06-25 15:35 - 00000000 ____D () C:\Users\new user\Documents\Adobe Scripts
2014-06-22 19:19 - 2014-06-11 16:45 - 00000000 ____D () C:\Program Files\AdFender
2014-06-22 18:23 - 2014-06-22 18:23 - 01402880 _____ () C:\Users\new user\Downloads\HijackThis.msi
2014-06-21 07:39 - 2014-07-10 09:52 - 00240824 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-06-20 14:38 - 2014-01-10 13:44 - 00000132 _____ () C:\Users\new user\AppData\Roaming\Adobe PNG Format CS5 Prefs
2014-06-20 11:55 - 2009-07-14 16:52 - 00000000 ____D () C:\windows\system32\FxsTmp
2014-06-19 22:14 - 2012-08-21 14:01 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-06-19 20:30 - 2014-06-19 20:30 - 00001102 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-06-19 20:30 - 2014-06-19 20:30 - 00001090 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-06-19 20:30 - 2014-06-11 15:42 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-06-19 20:29 - 2014-06-19 17:50 - 00000000 ____D () C:\Users\new user\Desktop\Ebedded Video Downloader
2014-06-19 20:26 - 2014-06-19 20:25 - 29657144 _____ (Mozilla) C:\Users\new user\Downloads\Firefox Setup 30.0.exe
2014-06-19 12:16 - 2014-07-10 09:52 - 17276416 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-06-19 11:56 - 2014-07-10 09:52 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-06-19 11:56 - 2014-07-10 09:52 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-06-19 11:38 - 2014-07-10 09:52 - 00455168 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-06-19 11:37 - 2014-07-10 09:52 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-06-19 11:36 - 2014-07-10 09:52 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-06-19 11:35 - 2014-07-10 09:52 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-06-19 11:32 - 2014-07-10 09:52 - 02179072 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-06-19 11:28 - 2014-07-10 09:52 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-06-19 11:28 - 2014-07-10 09:52 - 00032768 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-06-19 11:25 - 2014-07-10 09:52 - 00442368 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-06-19 11:23 - 2014-07-10 09:52 - 00112128 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-06-19 11:23 - 2014-07-10 09:52 - 00108032 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-06-19 11:22 - 2014-07-10 09:52 - 00592896 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-06-19 11:16 - 2014-07-10 09:52 - 00646144 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-06-19 11:12 - 2014-07-10 09:52 - 00367616 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-06-19 11:06 - 2014-07-10 09:52 - 00032256 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-06-19 11:01 - 2014-07-10 09:52 - 00164864 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-06-19 10:59 - 2014-07-10 09:52 - 00069632 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-06-19 10:58 - 2014-07-10 09:52 - 00239616 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-06-19 10:52 - 2014-07-10 09:52 - 04254720 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-06-19 10:52 - 2014-07-10 09:52 - 00595968 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-06-19 10:49 - 2014-07-10 09:52 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-06-19 10:46 - 2014-07-10 09:52 - 01068032 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-06-19 10:45 - 2014-07-10 09:52 - 01964544 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-06-19 10:35 - 2014-07-10 09:52 - 11742208 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-06-19 10:13 - 2014-07-10 09:52 - 01791488 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-06-19 10:09 - 2014-07-10 09:52 - 01139200 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-06-19 10:07 - 2014-07-10 09:52 - 00704512 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-06-18 13:51 - 2014-07-10 09:52 - 00646144 _____ (Microsoft Corporation) C:\windows\system32\osk.exe
2014-06-18 12:52 - 2014-07-10 09:52 - 02350080 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-06-17 14:37 - 2014-06-17 14:37 - 00000000 ____D () C:\Users\new user\AppData\Roaming\DesktopReminder
2014-06-17 14:26 - 2014-06-17 14:26 - 00000000 ____D () C:\Users\new user\AppData\Local\Polenter_-_Software_Solut
2014-06-17 14:26 - 2014-06-17 14:25 - 00000000 __HDC () C:\ProgramData\{6EDBDBF3-ED1B-4CF1-80B9-21175D532D2A}
2014-06-17 14:25 - 2014-06-17 14:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Desktop-Reminder
2014-06-17 14:22 - 2014-06-17 14:22 - 19448856 _____ (Polenter - Software Solutions ) C:\Users\new user\Downloads\DesktopReminderSetup.exe
2014-06-17 14:22 - 2014-06-17 14:22 - 19448856 _____ (Polenter - Software Solutions ) C:\Users\new user\Downloads\DesktopReminderSetup(1).exe
2014-06-17 14:22 - 2014-06-17 14:22 - 00000000 ____D () C:\Users\new user\AppData\Local\InstallAware Installation Information
2014-06-16 13:20 - 2012-05-22 19:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picmeta Systems (PIE)
2014-06-16 13:18 - 2014-06-16 13:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picmeta Systems
2014-06-16 13:18 - 2014-06-16 13:18 - 00000000 ____D () C:\Program Files\Picmeta
2014-06-16 13:17 - 2014-06-16 13:16 - 08597272 _____ (Picmeta Systems ) C:\Users\new user\Downloads\PIEFreeSetup.exe
2014-06-16 10:01 - 2014-02-10 10:01 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-06-14 10:54 - 2013-07-29 18:34 - 00000000 ____D () C:\windows\rescache
2014-06-13 17:44 - 2013-03-28 06:58 - 00000000 ____D () C:\Users\new user\Documents\AAA SUPER - copied to Touro
2014-06-13 17:21 - 2014-06-13 17:11 - 00000000 ____D () C:\Users\new user\AppData\Roaming\DriverFinder
2014-06-13 17:10 - 2014-06-13 17:10 - 00256992 _____ () C:\Users\new user\Downloads\DriverFinder_Setup.exe
2014-06-12 21:16 - 2014-06-12 21:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2014-06-12 21:16 - 2014-06-12 21:16 - 00000000 ____D () C:\Program Files\Foxit Software
2014-06-12 21:13 - 2014-06-12 21:13 - 00000000 ____D () C:\Program Files\SiteLookup
2014-06-12 21:13 - 2014-01-07 13:58 - 00000000 ____D () C:\Users\new user\AppData\Roaming\1O1L1I1PtF1F1C1N
2014-06-12 21:12 - 2014-06-12 21:12 - 33488656 _____ (Foxit Corporation ) C:\Users\new user\Downloads\FoxitReaderSetup.exe
2014-06-12 21:12 - 2014-06-12 21:12 - 00000000 ____D () C:\Users\new user\AppData\Roaming\Plarium
2014-06-12 21:12 - 2014-06-12 21:12 - 00000000 ____D () C:\Users\new user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Plarium
2014-06-12 21:12 - 2014-06-12 21:12 - 00000000 ____D () C:\Users\new user\AppData\Local\StormFall
2014-06-12 21:12 - 2014-06-12 21:12 - 00000000 ____D () C:\Users\new user\AppData\Local\Soldiers
2014-06-12 19:41 - 2014-05-01 20:19 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-06-12 00:05 - 2013-08-03 18:53 - 00000000 ____D () C:\ProgramData\MFAData
2014-06-11 17:09 - 2014-06-11 17:09 - 00000000 ____D () C:\Users\new user\Documents\DVDVideoSoft
2014-06-11 17:06 - 2012-03-02 22:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-06-11 17:06 - 2012-03-02 22:24 - 00000000 ____D () C:\Program Files\DVDVideoSoft
2014-06-11 17:05 - 2012-03-02 22:24 - 00000000 ____D () C:\Users\new user\AppData\Roaming\DVDVideoSoft
2014-06-11 17:05 - 2012-03-02 22:24 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft
2014-06-11 17:02 - 2014-06-11 17:01 - 25025640 _____ (DVDVideoSoft Ltd. ) C:\Users\new user\Downloads\FreeScreenVideoRecorder.exe
2014-06-11 16:47 - 2014-06-11 16:45 - 00000000 ____D () C:\Users\new user\AppData\Local\AdFender
2014-06-11 16:45 - 2014-06-11 16:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AdFender
2014-06-11 16:45 - 2014-06-11 16:45 - 00000000 ____D () C:\ProgramData\AdFender
2014-06-11 16:45 - 2014-06-11 16:44 - 02724616 _____ (AdFender, Inc.) C:\Users\new user\Downloads\Setup(1).exe
2014-06-11 15:34 - 2014-06-12 22:17 - 00052928 _____ (StdLib) C:\windows\system32\Drivers\{a3f28269-ad17-41a8-b032-3e0313ef8979}w.sys
2014-06-11 12:54 - 2014-01-02 21:59 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-06-11 12:37 - 2009-07-14 16:53 - 00032622 _____ () C:\windows\Tasks\SCHEDLGU.TXT

Some content of TEMP:
====================
C:\Users\new user\AppData\Local\Temp\GreenerWebUntemp.exe

==================== Bamital & volsnap Check =================

C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-07-08 13:24

==================== End Of Log ============================


----------



## MikeJG (Jul 31, 2013)

Ps - both logs look the same to me but they were definitely seperate. 
But neither is called "Additional.txt" and I can't find anything else
Hope they're ok.


----------



## Cookiegal (Aug 27, 2003)

That's because you've run FRST in the past. I see that you were infected back in December. If you get infected that often you really should review your surfing habits. I see you still have uTorrent and that is likely the source of many of the infections.

Please download the attached *fixlist.txt* file and save it where you saved FRST (which should be the desktop).

*NOTE:* It's important that both files, *FRST* and *fixlist.txt *are in the same location (preferably on the desktop) or the fix will not work.

Run *FRST/FRST64* and press the *Fix* button just once and then wait.

If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after the restart.

*NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.*

The tool will make a log on the Desktop (Fixlog.txt). Please post it in your reply.


----------



## MikeJG (Jul 31, 2013)

Thanls so much Cookiegal. Feels like I'm getting somewhere now.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:10-07-2014 01
Ran by new user at 2014-07-12 10:19:56 Run:1
Running from C:\Users\new user\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - URL http://www.trovigo.com/Results.aspx?gd=&ctid=CT3324790&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=5&UP=SP392197FB-717B-4AA9-B3A8-95F2ED41276A&q={searchTerms}&SSPV=
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {1583BE2E-04F0-4D5F-9233-70D1EC570F9E} URL = https://au.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=231195&p={searchTerms}
BHO: PraiceDOwnlioadeR - {E9160AFC-ADE0-19DE-6BE9-021F3D768765} - C:\ProgramData\PraiceDOwnlioadeR\vqG.dll ()
FF SearchPlugin: C:\Users\new user\AppData\Roaming\Mozilla\Firefox\Profiles\zv8j385y.default\searchplugins\yahoo_ff.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazon-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\chambers-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-en-GB.xml
FF Extension: PruiceDownloadeer - C:\Users\new user\AppData\Roaming\Mozilla\Firefox\Profiles\zv8j385y.default\Extensions\[email protected] [2014-07-05]
FF Extension: Flash Video Downloader - Full HD Download - C:\Users\new user\AppData\Roaming\Mozilla\Firefox\Profiles\zv8j385y.default\Extensions\[email protected] [2014-05-10]
FF Extension: Site Matcher Pro - C:\Users\new user\AppData\Roaming\Mozilla\Firefox\Profiles\zv8j385y.default\Extensions\[email protected] [2014-06-18]
FF Extension: betterFox - Make your browsing experience 15% faster. - C:\Users\new user\AppData\Roaming\Mozilla\Firefox\Profiles\zv8j385y.default\Extensions\[email protected] [2013-07-24]
FF Extension: Amazon Shopping Assistant by Spigot - C:\Users\new user\AppData\Roaming\Mozilla\Firefox\Profiles\zv8j385y.default\Extensions\[email protected] [2014-06-07]
FF Extension: Ebay Shopping Assistant by Spigot - C:\Users\new user\AppData\Roaming\Mozilla\Firefox\Profiles\zv8j385y.default\Extensions\[email protected] [2014-06-07]
FF Extension: Copy As Plain Text - C:\Users\new user\AppData\Roaming\Mozilla\Firefox\Profiles\zv8j385y.default\Extensions\{1a5dabbd-0e74-41da-b532-a364bb552cab}.xpi [2013-10-16]
FF Extension: Start Page - C:\Users\new user\AppData\Roaming\Mozilla\Firefox\Profiles\zv8j385y.default\Extensions\{58d2a791-6199-482f-a9aa-9b725ec61362}.xpi [2014-06-27]
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
2014-07-08 17:03 - 2014-07-08 17:04 - 10578208 _____ () C:\Users\new user\Downloads\FLV.com FLV Software Downloads.undefined
2014-07-08 17:02 - 2014-07-08 17:02 - 10578208 _____ () C:\Users\new user\Downloads\Setup_FLVDownloader.exe
2014-07-05 10:52 - 2014-07-05 10:52 - 00000000 ____D () C:\ProgramData\PraiceDOwnlioadeR
2014-07-05 10:12 - 2014-07-05 10:12 - 00000000 ____D () C:\ProgramData\Fast And Safe
2014-07-05 10:12 - 2014-07-05 10:12 - 00000000 ____D () C:\ProgramData\2308189059
2014-07-04 10:24 - 2014-07-04 10:24 - 00000000 ____D () C:\Users\new user\Documents\Optimizer Pro
2014-07-04 10:18 - 2014-07-05 10:12 - 00000000 ____D () C:\Program Files\Optimizer Pro
2014-07-04 10:18 - 2014-07-04 10:17 - 18816752 _____ (Bitberry Software ) C:\Users\new user\Downloads\FreeFileViewerSetup [1].exe
2014-07-04 10:14 - 2014-07-04 10:14 - 00711776 _____ ( ) C:\Users\new user\Downloads\FreeFileViewerSetup.exe
2014-07-03 23:17 - 2014-07-11 09:44 - 00000000 ____D () C:\Users\new user\Desktop\Ad Blocking
AppInit_DLLs: c:\progra~2\fastan~1\fastan~1.dll => c:\ProgramData\Fast And Safe\FastAndSafe.dll [4125696 2014-07-05] ()

*****************

C:\windows\system32\GroupPolicy\Machine => Moved successfully.
C:\windows\system32\GroupPolicy\GPT.ini => Moved successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\URL => value deleted successfully.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}'=> Key not found.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1583BE2E-04F0-4D5F-9233-70D1EC570F9E}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{1583BE2E-04F0-4D5F-9233-70D1EC570F9E}'=> Key not found.
'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E9160AFC-ADE0-19DE-6BE9-021F3D768765}' => Key deleted successfully.
'HKCR\CLSID\{E9160AFC-ADE0-19DE-6BE9-021F3D768765}' => Key deleted successfully.
C:\Users\new user\AppData\Roaming\Mozilla\Firefox\Profiles\zv8j385y.default\searchplugins\yahoo_ff.xml => Moved successfully.
C:\Program Files\mozilla firefox\browser\searchplugins\amazon-en-GB.xml => Moved successfully.
C:\Program Files\mozilla firefox\browser\searchplugins\chambers-en-GB.xml => Moved successfully.
C:\Program Files\mozilla firefox\browser\searchplugins\eBay-en-GB.xml => Moved successfully.
C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-en-GB.xml => Moved successfully.
C:\Users\new user\AppData\Roaming\Mozilla\Firefox\Profiles\zv8j385y.default\Extensions\[email protected] => Moved successfully.
C:\Users\new user\AppData\Roaming\Mozilla\Firefox\Profiles\zv8j385y.default\Extensions\[email protected] => Moved successfully.
C:\Users\new user\AppData\Roaming\Mozilla\Firefox\Profiles\zv8j385y.default\Extensions\[email protected] => Moved successfully.
C:\Users\new user\AppData\Roaming\Mozilla\Firefox\Profiles\zv8j385y.default\Extensions\[email protected] => Moved successfully.
C:\Users\new user\AppData\Roaming\Mozilla\Firefox\Profiles\zv8j385y.default\Extensions\[email protected] => Moved successfully.
C:\Users\new user\AppData\Roaming\Mozilla\Firefox\Profiles\zv8j385y.default\Extensions\[email protected] => Moved successfully.
C:\Users\new user\AppData\Roaming\Mozilla\Firefox\Profiles\zv8j385y.default\Extensions\{1a5dabbd-0e74-41da-b532-a364bb552cab}.xpi => Moved successfully.
C:\Users\new user\AppData\Roaming\Mozilla\Firefox\Profiles\zv8j385y.default\Extensions\{58d2a791-6199-482f-a9aa-9b725ec61362}.xpi => Moved successfully.
HKCU\Software\Mozilla\Firefox\Extensions\\{e4f94d1e-2f53-401e-8885-681602c0ddd8} => value deleted successfully.
C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi => Moved successfully.
C:\Users\new user\Downloads\FLV.com FLV Software Downloads.undefined => Moved successfully.
C:\Users\new user\Downloads\Setup_FLVDownloader.exe => Moved successfully.
C:\ProgramData\PraiceDOwnlioadeR => Moved successfully.

"C:\ProgramData\Fast And Safe" directory move:

C:\ProgramData\Fast And Safe\FastAndSafe.dll => Moved successfully.
Could not move "C:\ProgramData\Fast And Safe\FastAndSafeSvc.dll" => Scheduled to move on reboot.
Could not move "C:\ProgramData\Fast And Safe" directory. => Scheduled to move on reboot.

C:\ProgramData\2308189059 => Moved successfully.
C:\Users\new user\Documents\Optimizer Pro => Moved successfully.
C:\Program Files\Optimizer Pro => Moved successfully.
C:\Users\new user\Downloads\FreeFileViewerSetup [1].exe => Moved successfully.
C:\Users\new user\Downloads\FreeFileViewerSetup.exe => Moved successfully.
C:\Users\new user\Desktop\Ad Blocking => Moved successfully.
"c:\progra~2\fastan~1\fastan~1.dll" => Value Data removed successfully.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-07-12 10:27:46)<=

C:\ProgramData\Fast And Safe\FastAndSafeSvc.dll => Is moved successfully.
C:\ProgramData\Fast And Safe => Is moved successfully.

==== End of Fixlog ====


----------



## Cookiegal (Aug 27, 2003)

How are things with the computer now?


----------



## MikeJG (Jul 31, 2013)

Thanks so much for your perseverance Cookiegal. I really appreciate what youve done for me.

Trovigo has gone and Firefox now has all its bits and even opens with Google instead of the hated Yahoo search.

After a bit of a look through all the advertising rubbish that was plaguing me seems to have gone.

However  when I was fooling around with the screenresolutions some of the documents on the desktop have had their file names changed so I cant open them  see the screenshot. Some files in My Documents, even though theyre on an external drive, have done the same.

In your post #14 you said Yes, you can uninstall File Type Assistant as well.
We will use another tool to remove some of those leftovers.
Its still in my Programme Files but the other three arent.

You pointed out uTorrent. I dont need it as I used it to download one particular movie. Should I uninstall it?

And lastly  would you have a recommendation for antivrus and anti adware programmes? Theyll need to be freebies Im afraid. And what are the pros and cons of installing more than one of each?

Once again  thank you very much.
Mike.


----------



## MikeJG (Jul 31, 2013)

1- Desktop
2 - Trying to open from desktop


----------



## Cookiegal (Aug 27, 2003)

MikeJG said:


> Thanks so much for your perseverance Cookiegal. I really appreciate what youve done for me.


You're welcome.


> However  when I was fooling around with the screenresolutions some of the documents on the desktop have had their file names changed so I cant open them  see the screenshot. Some files in My Documents, even though theyre on an external drive, have done the same.


They haven't actually changed, they are temporary copies of documents and this is normal. You should still have the original documents unless you deleted them at some point.


> In your post #14 you said Yes, you can uninstall File Type Assistant as well.
> We will use another tool to remove some of those leftovers.
> Its still in my Programme Files but the other three arent.


You can uninstall it from there then.


> You pointed out uTorrent. I dont need it as I used it to download one particular movie. Should I uninstall it?


Yes, I recommend uninstalling it.


> And lastly  would you have a recommendation for antivrus and anti adware programmes? Theyll need to be freebies Im afraid. And what are the pros and cons of installing more than one of each?


I recommend Avast for your anti-virus and then you should also keep MalwareBytes' and update it and run scans periodically just to check on things. You shouldn't have more than one anti-virus program installed even if one is disabled as there may still be components that are active and this can cause conflicts. You can have more than one anti-malware program as long as they don't have real-time protection which the free ones don't and you only use them as on-demand scans.

Here are some final instructions for you.

*Follow these steps to uninstall ComboFix and all of its files and components.*

 Click *START* then *RUN*
 Now type *ComboFix /uninstall* in the run box and click *OK*. Note the *space* between the *x* and the *u*, it needs to be there. 









Please open OTL again and click on the button that says "CleanUp" at the top. This will remove some of the tools we've used and will also uninstall the OTL program.

Now you should turn system restore off to flush out all previous system restore points, then turn it back on and create a new restore point:

Follow the instructions in the link below to turn off system protection. This will delete all existing system restore points to flush them out. Then be sure to turn it back on again:

http://www.sevenforums.com/tutorials/330-system-protection-turn-off.html

Then follow the instructions in the link below to create a new restore point:

http://www.sevenforums.com/tutorials/697-system-restore-point-create.html


----------



## MikeJG (Jul 31, 2013)

The temp files were mostly unwanted and have been deleted.

File Type Installer is as I told you in #14. Opening it in Programme Files brings up a subfolder called - whoops! Can't find it. Hope it's gone. I'll check again later. If all's well I'll mark the thread as Solved.

Avast free is installed and Malwarebytes is still there. I have to check to see if that's working.

ComboFix is gone and the restore point has been done.

The popup ads seem to have disappeared. That's particularly noticeable in my Photography forum and the pages there that were reorganising themselves at will are all behaving beautifully again.

I'm probably going to uninstall uTorrent.

So, once again, THANKS Cookiegal.

Mike.


----------



## MikeJG (Jul 31, 2013)

Avast is offering a firewall. Is is worth installing that?


----------



## Cookiegal (Aug 27, 2003)

I'm not really sure what you're saying about File Type Assist. Post #14 was a post I made.

I read your post no. 13 and you said that it was in Programs but not in the Control Panel and when you clicked on it in programs you got tsassist. Is that still the case?


----------



## Cookiegal (Aug 27, 2003)

MikeJG said:


> Avast is offering a firewall. Is is worth installing that?


On Windows 7 the Windows firewall should be sufficient.


----------



## MikeJG (Jul 31, 2013)

Yes - the same. 
But neither name appears in Control Panel > All Control Panel Items > Programs and Features. (This is an alphbetical list with the option to uninstall or change a programme.)
I've no idea how this comes to be.


----------



## Cookiegal (Aug 27, 2003)

Try using CCleaner to uninstall it.


----------



## MikeJG (Jul 31, 2013)

Thank you. That worked in the end. I ran Ccleanerwithout result. They also recommend running HitmanPro as well so I did. Rebooted and it was still there. But today on booting I see no trace of it. Lots of other annoyances have been cleaned up as well with your help. So again- Thank you very much.
Mike.


----------



## MikeJG (Jul 31, 2013)

I've just had my computer cleaned up but I'm left with documents that have these ads all through them. They were placed there by the above-named bot which has been removed. But its deposits remain in Word documents all through the compter. Is there any way to simply remove them in one hit?


----------



## Cookiegal (Aug 27, 2003)

You're welcome.

Hopefully, you'll be able to do the following with OTL.

Here are some final instructions for you.

*Follow these steps to uninstall ComboFix and all of its files and components.*

 Click *START* then *RUN*
 Now type *ComboFix /uninstall* in the run box and click *OK*. Note the *space* between the *x* and the *u*, it needs to be there. 









Please open OTL again and click on the button that says "CleanUp" at the top. This will remove some of the tools we've used and will also uninstall the OTL program.

Now you should turn system restore off to flush out all previous system restore points, then turn it back on and create a new restore point:

Follow the instructions in the link below to turn off system protection. This will delete all existing system restore points to flush them out. Then be sure to turn it back on again:

http://www.sevenforums.com/tutorials/330-system-protection-turn-off.html

Then follow the instructions in the link below to create a new restore point:

http://www.sevenforums.com/tutorials/697-system-restore-point-create.html


----------



## Cookiegal (Aug 27, 2003)

I've moved your new thread here as you should have just posted in this same thread.

I may have missed something so please do the following:

Please download ADWCleaner. Click on the *Download Now* button and save it to your desktop.

Close your browser and double-click on the AdwCleaner icon on your desktop to run the program.

Click on the *Scan* button. It may take several minutes to complete. When it is done click on the *Report* button and copy and paste the log here please.


----------



## MikeJG (Jul 31, 2013)

Sorry - I thought this thread was finished

# AdwCleaner v3.216 - Report created 18/07/2014 at 11:46:16
# Updated 17/07/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (32 bits)
# Username : new user - TOSH-2
# Running from : C:\Users\new user\Desktop\AdwCleaner(1).exe
# Option : Scan

***** [ Services ] *****

Service Found : 64af91bf

***** [ Files / Folders ] *****

File Found : C:\Users\new user\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\user.js
File Found : C:\Users\new user\AppData\Roaming\Mozilla\Firefox\Profiles\zv8j385y.default\user.js
Folder Found : C:\Program Files\File Type Assistant
Folder Found : C:\Program Files\Greener Web
Folder Found : C:\Users\new user\AppData\Local\FileTypeAssistant

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\GlobalUpdate
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Found : HKLM\Software\GlobalUpdate
Key Found : HKLM\Software\Greener Web
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2D471A31-4FA7-95BA-1880-D441113ED736}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{64af91bf}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Greener Web

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17207

-\\ Mozilla Firefox v30.0 (en-GB)

[ File : C:\Users\new user\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\prefs.js ]

[ File : C:\Users\new user\AppData\Roaming\Mozilla\Firefox\Profiles\zv8j385y.default\prefs.js ]

Line Found : user_pref("extensions.B6y.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo.net[...]
Line Found : user_pref("extensions.betterff.surfcanyon.ramp.start_time", "1404342147935");

-\\ Google Chrome v32.0.1700.76

*************************

AdwCleaner[R0].txt - [29216 octets] - [01/12/2013 12:44:17]
AdwCleaner[R1].txt - [1314 octets] - [01/12/2013 12:59:08]
AdwCleaner[R2].txt - [1423 octets] - [03/12/2013 06:44:36]
AdwCleaner[R3].txt - [19009 octets] - [03/07/2014 00:35:31]
AdwCleaner[R4].txt - [19070 octets] - [03/07/2014 10:51:13]
AdwCleaner[R5].txt - [2527 octets] - [18/07/2014 11:46:16]
AdwCleaner[S0].txt - [29791 octets] - [01/12/2013 12:46:25]
AdwCleaner[S1].txt - [1381 octets] - [01/12/2013 12:59:55]
AdwCleaner[S2].txt - [1490 octets] - [03/12/2013 06:49:01]
AdwCleaner[S3].txt - [19316 octets] - [03/07/2014 10:54:31]

########## EOF - C:\AdwCleaner\AdwCleaner[R5].txt - [2829 octets] ##########


----------



## Cookiegal (Aug 27, 2003)

Please run it again and select "clean" and post the new log.


----------



## MikeJG (Jul 31, 2013)

Somehow I lost the Clean log so I ran Adw again. This is that sacan. It doesn't show what it removed the first time. If you need that log can you help me to find it? I did a search for 'scan log' but came up with nothing.

# AdwCleaner v3.216 - Report created 19/07/2014 at 12:33:37
# Updated 17/07/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (32 bits)
# Username : new user - TOSH-2
# Running from : C:\Users\new user\Desktop\AdwCleaner(1).exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17207

-\\ Mozilla Firefox v30.0 (en-GB)

[ File : C:\Users\new user\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\prefs.js ]

[ File : C:\Users\new user\AppData\Roaming\Mozilla\Firefox\Profiles\zv8j385y.default\prefs.js ]

-\\ Google Chrome v32.0.1700.76

*************************

AdwCleaner[R0].txt - [29216 octets] - [01/12/2013 12:44:17]
AdwCleaner[R1].txt - [1314 octets] - [01/12/2013 12:59:08]
AdwCleaner[R2].txt - [1423 octets] - [03/12/2013 06:44:36]
AdwCleaner[R3].txt - [19009 octets] - [03/07/2014 00:35:31]
AdwCleaner[R4].txt - [19070 octets] - [03/07/2014 10:51:13]
AdwCleaner[R5].txt - [2909 octets] - [18/07/2014 11:46:16]
AdwCleaner[R6].txt - [2811 octets] - [19/07/2014 12:10:39]
AdwCleaner[R7].txt - [1638 octets] - [19/07/2014 12:24:33]
AdwCleaner[R8].txt - [1698 octets] - [19/07/2014 12:29:13]
AdwCleaner[S0].txt - [29791 octets] - [01/12/2013 12:46:25]
AdwCleaner[S1].txt - [1381 octets] - [01/12/2013 12:59:55]
AdwCleaner[S2].txt - [1490 octets] - [03/12/2013 06:49:01]
AdwCleaner[S3].txt - [19316 octets] - [03/07/2014 10:54:31]
AdwCleaner[S4].txt - [2908 octets] - [19/07/2014 12:13:40]
AdwCleaner[S5].txt - [1619 octets] - [19/07/2014 12:33:37]

########## EOF - C:\AdwCleaner\AdwCleaner[S5].txt - [1679 octets] ##########


----------



## MikeJG (Jul 31, 2013)

Is it woth my installing Adw's Antipup programme?


----------



## Cookiegal (Aug 27, 2003)

The reports are contained under the Reports tab of AdwCleaner but I don't need to see another report as this one shows nothing remains.

I wouldn't install anything else as we'll be uninstalling AdwCleaner.

Please download FRST (Farbar Recovery Scan Tool) and save it to your desktop.

*Note*: You need to run the version that's compatible with your system (32-bit or 64-bit).


Double-click FRST to run it. When the tool opens click *Yes* to the disclaimer.
Press the *Scan* button.
It will make a log named (*FRST.txt*) in the same directory the tool is run (which should be on the desktop). Please copy and paste the contents of the log in your reply.
The first time the tool is run it makes a second log named (*Addition.txt*). Please copy and paste the contents of that log as well.

Since we've run FRST before you may only get one log this time.


----------



## MikeJG (Jul 31, 2013)

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:19-07-2014
Ran by new user (administrator) on TOSH-2 on 20-07-2014 11:10:07
Running from C:\Users\new user\Desktop
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Foxit Corporation) C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TEco.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
() C:\Windows\System32\spool\drivers\w32x86\hpoopm07.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
(Polenter - Software Solutions) C:\Program Files\Desktop-Reminder 2\DesktopReminder2.exe
(AdFender, Inc.) C:\Program Files\AdFender\AdFender.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(WorldxChange Communications Limited) C:\Program Files\Xnet Usage Monitor\XNetUsage.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agrsmsvc.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe
(Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe

==================== Registry (Whitelisted) ==================

HKU\S-1-5-21-2157935053-1210720638-4233388858-1010\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [21442176 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-2157935053-1210720638-4233388858-1010\...\Run: [DesktopReminder2ByPolenter] => C:\Program Files\Desktop-Reminder 2\DesktopReminder2.exe [2826256 2014-05-20] (Polenter - Software Solutions)
HKU\S-1-5-21-2157935053-1210720638-4233388858-1010\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [4624152 2014-06-25] (Piriform Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AdFender.lnk
ShortcutTarget: AdFender.lnk -> C:\Program Files\AdFender\AdFender.exe (AdFender, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\new user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\new user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xnet Usage Monitor.lnk
ShortcutTarget: Xnet Usage Monitor.lnk -> C:\Program Files\Xnet Usage Monitor\XNetUsage.exe (WorldxChange Communications Limited)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSAU&bmod=TSAU
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - SuggestionsURL_JSON http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 58.28.5.2 58.28.6.2

FireFox:
========
FF ProfilePath: C:\Users\new user\AppData\Roaming\Mozilla\Firefox\Profiles\zv8j385y.default
FF DefaultSearchEngine: Yahoo!
FF SearchEngineOrder.3: Bing 
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @microsoft.com/GENUINE - C:\windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Extension: No Name - C:\Users\new user\AppData\Roaming\Mozilla\Firefox\profiles\extensions\searchplugins [2014-05-29]
FF Extension: Exif Viewer - C:\Users\new user\AppData\Roaming\Mozilla\Firefox\Profiles\zv8j385y.default\Extensions\[email protected] [2013-10-16]
FF Extension: Awesome screenshot: Capture and Annotate - C:\Users\new user\AppData\Roaming\Mozilla\Firefox\Profiles\zv8j385y.default\Extensions\[email protected] [2013-10-16]
FF Extension: Adblock Plus - C:\Users\new user\AppData\Roaming\Mozilla\Firefox\Profiles\zv8j385y.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-08-21]
FF Extension: Greasemonkey - C:\Users\new user\AppData\Roaming\Mozilla\Firefox\Profiles\zv8j385y.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2013-07-15]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-06-11]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\FinalVideoDownloader\Firefox
FF Extension: FinalVideoDownloader plugin for Mozilla Firefox - C:\Program Files\FinalVideoDownloader\Firefox [2013-04-10]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-07-13]

========================== Services (Whitelisted) =================

R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 2009-03-28] (LSI Corporation)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-13] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [106488 2014-07-15] (AVAST Software)
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
R2 cfWiMAXService; C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [185712 2009-08-11] (TOSHIBA CORPORATION)
R2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [46448 2009-03-11] (TOSHIBA CORPORATION)
R2 FoxitCloudUpdateService; C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [242728 2014-07-01] (Foxit Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 MSSQL$MSSMLBIZ; c:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
R2 RSELSVC; C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe [62832 2009-07-08] (TOSHIBA Corporation)
S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R3 TMachInfo; C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [51512 2009-08-18] (TOSHIBA Corporation)
R2 TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [185712 2009-08-12] (TOSHIBA Corporation)
R3 TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [111960 2009-08-04] (TOSHIBA Corporation)
R3 TPCHSrv; C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [685424 2009-08-07] (TOSHIBA Corporation)
S2 HPSLPSVC; C:\Users\new user\AppData\Local\Temp\7zS7DC9\hpslpsvc32.dll [X]

==================== Drivers (Whitelisted) ====================

R3 Afc; C:\windows\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
S3 Apowersoft_AudioDevice; C:\windows\System32\drivers\Apowersoft_AudioDevice.sys [26032 2013-06-01] (Wondershare)
R2 aswHwid; C:\windows\system32\drivers\aswHwid.sys [24184 2014-07-13] ()
R1 aswKbd; C:\windows\system32\drivers\aswKbd.sys [26136 2014-07-15] (AVAST Software)
R2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [67824 2014-07-13] (AVAST Software)
R0 aswNdisFlt; C:\windows\System32\DRIVERS\aswNdisFlt.sys [270752 2014-07-15] (AVAST Software)
R1 aswRdr; C:\windows\system32\drivers\aswRdr2.sys [81768 2014-07-13] (AVAST Software)
R0 aswRvrt; C:\windows\system32\Drivers\aswRvrt.sys [49944 2014-07-13] ()
R1 aswSnx; C:\windows\system32\drivers\aswSnx.sys [779536 2014-07-13] (AVAST Software)
R1 aswSP; C:\windows\system32\drivers\aswSP.sys [414520 2014-07-13] (AVAST Software)
R2 aswStm; C:\windows\system32\drivers\aswStm.sys [71944 2014-07-13] (AVAST Software)
R0 aswVmm; C:\windows\system32\Drivers\aswVmm.sys [192352 2014-07-13] ()
R3 Dot4Scan; C:\windows\System32\DRIVERS\Dot4Scan.sys [10752 2009-07-14] (Microsoft Corporation)
S3 gfiark; C:\windows\System32\drivers\gfiark.sys [41584 2013-04-11] (ThreatTrack Security)
R0 gfibto; C:\windows\System32\drivers\gfibto.sys [13560 2013-07-30] (GFI Software)
S3 hitmanpro37; C:\windows\system32\drivers\hitmanpro37.sys [30976 2014-07-16] ()
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-07-20] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)
R2 npf; C:\windows\System32\drivers\npf.sys [35088 2011-02-12] (CACE Technologies, Inc.)
R3 PGEffect; C:\windows\System32\DRIVERS\pgeffect.sys [24064 2009-06-23] (TOSHIBA Corporation)
R2 tifsfilter; C:\windows\System32\DRIVERS\tifsfilt.sys [44384 2010-04-28] (Acronis)
R2 TVALZFL; C:\windows\System32\DRIVERS\TVALZFL.sys [12920 2009-06-20] (TOSHIBA Corporation)
S3 usbsermptxp; C:\windows\System32\DRIVERS\usbsermptxp.sys [25600 2011-11-21] (Microsoft Corporation) [File not signed]
R3 vpcbus; C:\windows\System32\DRIVERS\vpchbus.sys [172416 2010-11-21] (Microsoft Corporation)
R1 vpcnfltr; C:\windows\System32\DRIVERS\vpcnfltr.sys [48128 2010-11-20] (Microsoft Corporation)
R3 vpcusb; C:\windows\System32\DRIVERS\vpcusb.sys [78336 2010-11-20] (Microsoft Corporation)
R1 vpcvmm; C:\windows\System32\drivers\vpcvmm.sys [296064 2010-11-21] (Microsoft Corporation)
S3 BTCFilterService; system32\DRIVERS\motfilt.sys [X]
S3 motccgp; system32\DRIVERS\motccgp.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 motmodem; system32\DRIVERS\motmodem.sys [X]
S3 MotoSwitchService; system32\DRIVERS\motswch.sys [X]
S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [X]
S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X]
S3 ProcObsrv; \??\C:\Program Files\Glary Utilities 3\ProcObsrv.sys [X]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
S0 vmci; system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
S1 {a3f28269-ad17-41a8-b032-3e0313ef8979}w; system32\drivers\{a3f28269-ad17-41a8-b032-3e0313ef8979}w.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-07-20 11:10 - 2014-07-20 11:10 - 00018887 _____ () C:\Users\new user\Desktop\FRST.txt
2014-07-20 11:09 - 2014-07-20 11:10 - 00000000 ____D () C:\FRST
2014-07-20 11:05 - 2014-07-20 11:06 - 01079808 _____ (Farbar) C:\Users\new user\Desktop\FRST.exe
2014-07-19 12:17 - 2014-07-19 12:34 - 00006138 _____ () C:\windows\PFRO.log
2014-07-18 23:09 - 2014-07-19 18:38 - 00000000 ____D () C:\Users\new user\Desktop\New folder (3)
2014-07-18 15:56 - 2014-07-18 15:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FastStone Image Viewer
2014-07-18 15:56 - 2014-07-18 15:56 - 00000000 ____D () C:\Program Files\FastStone Image Viewer
2014-07-18 15:54 - 2014-07-18 15:54 - 05621527 _____ () C:\Users\new user\Desktop\FSViewerSetup51.exe
2014-07-18 11:43 - 2014-07-18 11:43 - 01354223 _____ () C:\Users\new user\Desktop\AdwCleaner(1).exe
2014-07-17 18:59 - 2014-07-17 19:00 - 37444312 _____ (Foxit Corporation ) C:\Users\new user\Downloads\FoxitReader621.0618_enu_Setup.exe
2014-07-17 12:53 - 2014-07-17 12:54 - 00509440 _____ (Tech Support Guy System) C:\Users\new user\Desktop\SysInfo(4).exe
2014-07-17 11:50 - 2014-07-17 11:55 - 00000000 ____D () C:\Users\new user\Desktop\New folder (2)
2014-07-17 09:40 - 2014-07-17 09:41 - 00000000 ____D () C:\Users\new user\Desktop\ANTIVIRUS
2014-07-16 23:06 - 2014-07-16 23:06 - 00000000 ____D () C:\Users\new user\Documents\Corel DVD MovieFactory
2014-07-16 12:31 - 2014-07-16 13:33 - 00000000 ____D () C:\Users\new user\Desktop\New folder
2014-07-16 10:33 - 2014-07-20 10:53 - 00000448 _____ () C:\windows\setupact.log
2014-07-16 10:33 - 2014-07-16 10:33 - 00000000 _____ () C:\windows\setuperr.log
2014-07-16 02:21 - 2014-07-16 02:21 - 04814144 _____ (Piriform Ltd) C:\Users\new user\Downloads\ccsetup415pro.exe
2014-07-16 00:09 - 2014-07-16 00:09 - 00030976 _____ () C:\windows\system32\Drivers\hitmanpro37.sys
2014-07-16 00:01 - 2014-07-16 00:01 - 00003954 _____ () C:\windows\system32\.crusader
2014-07-15 23:42 - 2014-07-16 00:00 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-07-15 22:52 - 2014-07-20 10:57 - 00110296 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-15 22:52 - 2014-07-15 22:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-15 22:52 - 2014-07-15 22:52 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-07-15 22:52 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-07-15 22:52 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-07-15 17:45 - 2014-07-15 17:45 - 00270752 _____ (AVAST Software) C:\windows\system32\Drivers\aswNdisFlt.sys
2014-07-15 17:45 - 2014-07-15 17:45 - 00026136 _____ (AVAST Software) C:\windows\system32\Drivers\aswKbd.sys
2014-07-13 17:50 - 2014-07-13 17:50 - 00000000 ____D () C:\Users\new user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-07-13 17:47 - 2014-07-13 17:47 - 00101515 _____ () C:\Users\new user\Downloads\DesktopOK.zip
2014-07-13 14:30 - 2014-07-13 17:50 - 00000000 ____D () C:\Users\new user\AppData\Roaming\Dropbox
2014-07-13 14:20 - 2014-07-13 14:20 - 00000000 ____D () C:\Users\new user\AppData\Roaming\AVAST Software
2014-07-13 14:18 - 2014-07-15 17:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-07-13 14:17 - 2014-07-13 14:18 - 00414520 _____ (AVAST Software) C:\windows\system32\Drivers\aswsp.sys
2014-07-13 14:17 - 2014-07-13 14:17 - 00779536 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys
2014-07-13 14:17 - 2014-07-13 14:17 - 00192352 _____ () C:\windows\system32\Drivers\aswVmm.sys
2014-07-13 14:17 - 2014-07-13 14:17 - 00081768 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2014-07-13 14:17 - 2014-07-13 14:17 - 00071944 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys
2014-07-13 14:17 - 2014-07-13 14:17 - 00067824 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2014-07-13 14:17 - 2014-07-13 14:17 - 00049944 _____ () C:\windows\system32\Drivers\aswRvrt.sys
2014-07-13 14:17 - 2014-07-13 14:17 - 00043152 _____ (AVAST Software) C:\windows\avastSS.scr
2014-07-13 14:17 - 2014-07-13 14:17 - 00024184 _____ () C:\windows\system32\Drivers\aswHwid.sys
2014-07-13 13:34 - 2014-07-13 13:34 - 04862664 _____ (AVAST Software) C:\Users\new user\Downloads\avast_free_antivirus_setup_online.exe
2014-07-12 10:53 - 2014-07-13 12:25 - 00000000 ____D () C:\Users\new user\Desktop\TSG
2014-07-10 09:52 - 2014-06-21 07:39 - 00240824 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-07-10 09:52 - 2014-06-19 12:16 - 17276416 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-07-10 09:52 - 2014-06-19 11:56 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-07-10 09:52 - 2014-06-19 11:56 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-07-10 09:52 - 2014-06-19 11:38 - 00455168 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-07-10 09:52 - 2014-06-19 11:37 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-07-10 09:52 - 2014-06-19 11:36 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-07-10 09:52 - 2014-06-19 11:35 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-07-10 09:52 - 2014-06-19 11:32 - 02179072 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-07-10 09:52 - 2014-06-19 11:28 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-07-10 09:52 - 2014-06-19 11:28 - 00032768 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-07-10 09:52 - 2014-06-19 11:25 - 00442368 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-07-10 09:52 - 2014-06-19 11:23 - 00112128 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-07-10 09:52 - 2014-06-19 11:23 - 00108032 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-07-10 09:52 - 2014-06-19 11:22 - 00592896 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-07-10 09:52 - 2014-06-19 11:16 - 00646144 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-07-10 09:52 - 2014-06-19 11:12 - 00367616 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-07-10 09:52 - 2014-06-19 11:06 - 00032256 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-07-10 09:52 - 2014-06-19 11:01 - 00164864 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-07-10 09:52 - 2014-06-19 10:59 - 00069632 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-07-10 09:52 - 2014-06-19 10:58 - 00239616 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-07-10 09:52 - 2014-06-19 10:52 - 04254720 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-07-10 09:52 - 2014-06-19 10:52 - 00595968 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-07-10 09:52 - 2014-06-19 10:49 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-07-10 09:52 - 2014-06-19 10:46 - 01068032 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-07-10 09:52 - 2014-06-19 10:45 - 01964544 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-07-10 09:52 - 2014-06-19 10:35 - 11742208 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-07-10 09:52 - 2014-06-19 10:13 - 01791488 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-07-10 09:52 - 2014-06-19 10:09 - 01139200 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-07-10 09:52 - 2014-06-19 10:07 - 00704512 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-07-10 09:52 - 2014-06-18 13:51 - 00646144 _____ (Microsoft Corporation) C:\windows\system32\osk.exe
2014-07-10 09:52 - 2014-06-18 12:52 - 02350080 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-07-10 09:52 - 2014-06-06 21:44 - 00509440 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2014-07-10 09:52 - 2014-06-06 02:26 - 01059840 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-07-10 09:52 - 2014-05-30 19:52 - 00550912 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-07-10 09:52 - 2014-05-30 19:52 - 00259584 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2014-07-10 09:52 - 2014-05-30 19:52 - 00247808 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-07-10 09:52 - 2014-05-30 19:52 - 00220160 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2014-07-10 09:52 - 2014-05-30 19:52 - 00172032 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2014-07-10 09:52 - 2014-05-30 19:52 - 00065536 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-07-10 09:52 - 2014-05-30 19:52 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-07-10 09:52 - 2014-05-30 18:36 - 00338944 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2014-07-07 10:20 - 2014-07-07 10:21 - 01058200 _____ (Adobe) C:\Users\new user\Downloads\install_flashplayer14x32au_ltr5x32d_awc_aih.exe
2014-07-03 19:11 - 2014-07-03 19:12 - 01079825 _____ () C:\Users\new user\Downloads\autostitch.zip
2014-07-03 15:21 - 2014-07-03 15:36 - 00000000 ____D () C:\windows\erdnt
2014-07-03 00:36 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\windows\system32\sqlite3.dll
2014-07-02 10:09 - 2014-07-02 10:15 - 00000000 ____D () C:\Users\new user\Desktop\PORK
2014-07-01 23:18 - 2014-07-16 02:26 - 00000000 ____D () C:\windows\Minidump
2014-06-30 09:22 - 2014-06-30 09:22 - 01057176 _____ (Adobe) C:\Users\new user\Downloads\install_flashplayer14x32_mssd_aaa_aih.exe
2014-06-26 12:43 - 2014-06-26 12:43 - 09598190 _____ (Udi Fuchs ) C:\Users\new user\Downloads\ufraw-0.19.2-2-setup(1).exe
2014-06-25 23:37 - 2014-06-25 23:38 - 20364804 _____ () C:\Users\new user\Downloads\RawTherapee_WinXP_32_4.0.11.9.zip
2014-06-25 18:26 - 2014-06-25 18:26 - 00003471 _____ () C:\Users\new user\AppData\Local\recently-used.xbel
2014-06-25 15:35 - 2014-06-25 15:35 - 00000000 ____D () C:\Users\new user\Documents\Adobe Scripts
2014-06-22 18:23 - 2014-06-22 18:23 - 01402880 _____ () C:\Users\new user\Downloads\HijackThis.msi

==================== One Month Modified Files and Folders =======

2014-07-20 11:10 - 2014-07-20 11:10 - 00018887 _____ () C:\Users\new user\Desktop\FRST.txt
2014-07-20 11:10 - 2014-07-20 11:09 - 00000000 ____D () C:\FRST
2014-07-20 11:06 - 2014-07-20 11:05 - 01079808 _____ (Farbar) C:\Users\new user\Desktop\FRST.exe
2014-07-20 11:04 - 2010-04-26 04:16 - 01427635 _____ () C:\windows\WindowsUpdate.log
2014-07-20 11:03 - 2009-07-14 16:34 - 00021472 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-20 11:03 - 2009-07-14 16:34 - 00021472 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-20 10:57 - 2014-07-15 22:52 - 00110296 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-20 10:57 - 2013-08-03 15:47 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-07-20 10:56 - 2014-06-17 14:26 - 00000000 ____D () C:\Users\new user\Documents\DesktopReminder
2014-07-20 10:54 - 2010-04-27 19:31 - 00000882 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-20 10:54 - 2009-07-14 16:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-07-20 10:53 - 2014-07-16 10:33 - 00000448 _____ () C:\windows\setupact.log
2014-07-20 02:35 - 2012-03-23 14:42 - 00000000 ____D () C:\Users\new user\AppData\Roaming\Skype
2014-07-20 02:28 - 2010-04-27 19:31 - 00000886 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-20 02:00 - 2011-12-11 19:11 - 00000000 ____D () C:\Users\new user\AppData\Local\Adobe
2014-07-20 01:42 - 2013-12-09 19:13 - 00000000 ____D () C:\Users\new user\AppData\Roaming\vlc
2014-07-20 00:30 - 2011-12-21 21:24 - 00000000 ____D () C:\Users\new user\AppData\Local\PokerStars
2014-07-20 00:23 - 2013-10-17 14:55 - 00000000 ____D () C:\Users\new user\AppData\Roaming\uTorrent
2014-07-19 18:38 - 2014-07-18 23:09 - 00000000 ____D () C:\Users\new user\Desktop\New folder (3)
2014-07-19 12:34 - 2014-07-19 12:17 - 00006138 _____ () C:\windows\PFRO.log
2014-07-19 12:33 - 2013-12-01 12:44 - 00000000 ____D () C:\AdwCleaner
2014-07-18 16:27 - 2012-12-16 16:32 - 00000000 ____D () C:\Users\new user\Desktop\EDITORS
2014-07-18 16:27 - 2012-05-25 13:50 - 00000000 ____D () C:\Users\new user\Desktop\SHORTCUTS
2014-07-18 15:56 - 2014-07-18 15:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FastStone Image Viewer
2014-07-18 15:56 - 2014-07-18 15:56 - 00000000 ____D () C:\Program Files\FastStone Image Viewer
2014-07-18 15:54 - 2014-07-18 15:54 - 05621527 _____ () C:\Users\new user\Desktop\FSViewerSetup51.exe
2014-07-18 11:43 - 2014-07-18 11:43 - 01354223 _____ () C:\Users\new user\Desktop\AdwCleaner(1).exe
2014-07-17 20:32 - 2014-01-09 15:29 - 00000000 ____D () C:\Users\new user\Desktop\FLYJOBS
2014-07-17 19:00 - 2014-07-17 18:59 - 37444312 _____ (Foxit Corporation ) C:\Users\new user\Downloads\FoxitReader621.0618_enu_Setup.exe
2014-07-17 12:54 - 2014-07-17 12:53 - 00509440 _____ (Tech Support Guy System) C:\Users\new user\Desktop\SysInfo(4).exe
2014-07-17 11:55 - 2014-07-17 11:50 - 00000000 ____D () C:\Users\new user\Desktop\New folder (2)
2014-07-17 10:45 - 2012-10-02 11:32 - 00000000 ____D () C:\Users\new user\Documents\ADDRESSES PHONES - copied to Touro
2014-07-17 09:41 - 2014-07-17 09:40 - 00000000 ____D () C:\Users\new user\Desktop\ANTIVIRUS
2014-07-16 23:06 - 2014-07-16 23:06 - 00000000 ____D () C:\Users\new user\Documents\Corel DVD MovieFactory
2014-07-16 13:33 - 2014-07-16 12:31 - 00000000 ____D () C:\Users\new user\Desktop\New folder
2014-07-16 10:33 - 2014-07-16 10:33 - 00000000 _____ () C:\windows\setuperr.log
2014-07-16 02:26 - 2014-07-01 23:18 - 00000000 ____D () C:\windows\Minidump
2014-07-16 02:24 - 2014-04-11 08:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-07-16 02:24 - 2014-04-11 08:47 - 00000000 ____D () C:\Program Files\CCleaner
2014-07-16 02:21 - 2014-07-16 02:21 - 04814144 _____ (Piriform Ltd) C:\Users\new user\Downloads\ccsetup415pro.exe
2014-07-16 00:09 - 2014-07-16 00:09 - 00030976 _____ () C:\windows\system32\Drivers\hitmanpro37.sys
2014-07-16 00:01 - 2014-07-16 00:01 - 00003954 _____ () C:\windows\system32\.crusader
2014-07-16 00:00 - 2014-07-15 23:42 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-07-15 23:25 - 2009-08-19 22:30 - 00000000 ____D () C:\windows\Panther
2014-07-15 22:52 - 2014-07-15 22:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-15 22:52 - 2014-07-15 22:52 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-07-15 22:52 - 2013-12-02 13:28 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-15 19:20 - 2014-01-29 19:47 - 00000000 ____D () C:\ProgramData\dkaegflhijigdlnfhgflhbpfhclepclp
2014-07-15 17:46 - 2014-07-13 14:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-07-15 17:45 - 2014-07-15 17:45 - 00270752 _____ (AVAST Software) C:\windows\system32\Drivers\aswNdisFlt.sys
2014-07-15 17:45 - 2014-07-15 17:45 - 00026136 _____ (AVAST Software) C:\windows\system32\Drivers\aswKbd.sys
2014-07-13 17:50 - 2014-07-13 17:50 - 00000000 ____D () C:\Users\new user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-07-13 17:50 - 2014-07-13 14:30 - 00000000 ____D () C:\Users\new user\AppData\Roaming\Dropbox
2014-07-13 17:47 - 2014-07-13 17:47 - 00101515 _____ () C:\Users\new user\Downloads\DesktopOK.zip
2014-07-13 14:28 - 2014-03-09 15:36 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-07-13 14:20 - 2014-07-13 14:20 - 00000000 ____D () C:\Users\new user\AppData\Roaming\AVAST Software
2014-07-13 14:18 - 2014-07-13 14:17 - 00414520 _____ (AVAST Software) C:\windows\system32\Drivers\aswsp.sys
2014-07-13 14:17 - 2014-07-13 14:17 - 00779536 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys
2014-07-13 14:17 - 2014-07-13 14:17 - 00192352 _____ () C:\windows\system32\Drivers\aswVmm.sys
2014-07-13 14:17 - 2014-07-13 14:17 - 00081768 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2014-07-13 14:17 - 2014-07-13 14:17 - 00071944 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys
2014-07-13 14:17 - 2014-07-13 14:17 - 00067824 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2014-07-13 14:17 - 2014-07-13 14:17 - 00049944 _____ () C:\windows\system32\Drivers\aswRvrt.sys
2014-07-13 14:17 - 2014-07-13 14:17 - 00043152 _____ (AVAST Software) C:\windows\avastSS.scr
2014-07-13 14:17 - 2014-07-13 14:17 - 00024184 _____ () C:\windows\system32\Drivers\aswHwid.sys
2014-07-13 14:17 - 2013-08-07 15:02 - 00276432 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2014-07-13 14:13 - 2013-08-07 15:00 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-07-13 13:34 - 2014-07-13 13:34 - 04862664 _____ (AVAST Software) C:\Users\new user\Downloads\avast_free_antivirus_setup_online.exe
2014-07-13 12:25 - 2014-07-12 10:53 - 00000000 ____D () C:\Users\new user\Desktop\TSG
2014-07-12 10:22 - 2014-01-31 12:09 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-07-12 10:22 - 2013-06-12 18:15 - 00000008 __RSH () C:\Users\new user\ntuser.pol
2014-07-12 10:19 - 2009-07-14 14:37 - 00000000 ___HD () C:\windows\system32\GroupPolicy
2014-07-12 10:09 - 2014-02-10 10:01 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-07-11 15:42 - 2013-07-29 18:34 - 00000000 ____D () C:\windows\rescache
2014-07-11 08:30 - 2009-07-14 16:33 - 03824240 _____ () C:\windows\system32\FNTCACHE.DAT
2014-07-11 08:28 - 2009-07-14 19:49 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-11 01:08 - 2013-07-31 00:43 - 00000000 ____D () C:\windows\system32\MRT
2014-07-11 01:05 - 2010-04-25 20:10 - 93585272 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-07-09 19:54 - 2013-08-03 15:47 - 00699056 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2014-07-09 19:54 - 2013-08-03 15:47 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
2014-07-08 17:00 - 2013-08-20 20:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FLV Downloader
2014-07-08 14:56 - 2014-05-24 22:19 - 00018432 _____ () C:\Users\new user\Documents\Piano Songs.xls
2014-07-07 16:55 - 2009-08-19 22:20 - 00916082 _____ () C:\windows\system32\PerfStringBackup.INI
2014-07-07 10:21 - 2014-07-07 10:20 - 01058200 _____ (Adobe) C:\Users\new user\Downloads\install_flashplayer14x32au_ltr5x32d_awc_aih.exe
2014-07-05 10:53 - 2014-01-29 19:47 - 00000000 ____D () C:\ProgramData\bcd57b4b288889a8
2014-07-05 09:54 - 2009-07-14 14:04 - 00000856 _____ () C:\windows\win.ini
2014-07-04 17:15 - 2009-07-14 14:04 - 00000215 _____ () C:\windows\system.ini
2014-07-04 11:37 - 2013-10-01 09:47 - 00000000 ____D () C:\ProgramData\TEMP
2014-07-03 22:11 - 2014-06-17 14:25 - 00000000 ____D () C:\Program Files\Desktop-Reminder 2
2014-07-03 19:18 - 2012-06-18 15:34 - 00000000 ____D () C:\Users\new user\.gimp-2.8
2014-07-03 19:12 - 2014-07-03 19:11 - 01079825 _____ () C:\Users\new user\Downloads\autostitch.zip
2014-07-03 15:37 - 2009-07-14 14:37 - 00000000 __RHD () C:\Users\Default
2014-07-03 15:37 - 2009-07-14 14:37 - 00000000 ___RD () C:\Users\Public
2014-07-03 15:36 - 2014-07-03 15:21 - 00000000 ____D () C:\windows\erdnt
2014-07-02 10:15 - 2014-07-02 10:09 - 00000000 ____D () C:\Users\new user\Desktop\PORK
2014-06-30 09:22 - 2014-06-30 09:22 - 01057176 _____ (Adobe) C:\Users\new user\Downloads\install_flashplayer14x32_mssd_aaa_aih.exe
2014-06-26 12:46 - 2012-05-12 17:24 - 00000000 ___RD () C:\Users\new user\Virtual Machines
2014-06-26 12:43 - 2014-06-26 12:43 - 09598190 _____ (Udi Fuchs ) C:\Users\new user\Downloads\ufraw-0.19.2-2-setup(1).exe
2014-06-26 00:27 - 2011-12-21 21:24 - 00000000 ____D () C:\Program Files\PokerStars
2014-06-25 23:38 - 2014-06-25 23:37 - 20364804 _____ () C:\Users\new user\Downloads\RawTherapee_WinXP_32_4.0.11.9.zip
2014-06-25 18:26 - 2014-06-25 18:26 - 00003471 _____ () C:\Users\new user\AppData\Local\recently-used.xbel
2014-06-25 18:25 - 2014-03-24 16:29 - 00000000 ____D () C:\Users\new user\AppData\Local\gtk-2.0
2014-06-25 15:35 - 2014-06-25 15:35 - 00000000 ____D () C:\Users\new user\Documents\Adobe Scripts
2014-06-22 19:19 - 2014-06-11 16:45 - 00000000 ____D () C:\Program Files\AdFender
2014-06-22 18:23 - 2014-06-22 18:23 - 01402880 _____ () C:\Users\new user\Downloads\HijackThis.msi
2014-06-21 07:39 - 2014-07-10 09:52 - 00240824 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-06-20 14:38 - 2014-01-10 13:44 - 00000132 _____ () C:\Users\new user\AppData\Roaming\Adobe PNG Format CS5 Prefs
2014-06-20 11:55 - 2009-07-14 16:52 - 00000000 ____D () C:\windows\system32\FxsTmp

Some content of TEMP:
====================
C:\Users\new user\AppData\Local\Temp\Foxit Updater.exe
C:\Users\new user\AppData\Local\Temp\GreenerWebUntemp.exe
C:\Users\new user\AppData\Local\Temp\Quarantine.exe

==================== Bamital & volsnap Check =================

C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-07-08 13:24

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version:19-07-2014
Ran by new user at 2014-07-20 11:11:31
Running from C:\Users\new user\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

7-Zip 9.22beta (HKLM\...\7-Zip) (Version: - )
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.0.0.0 - Adobe Systems Incorporated)
Acrobat.com (Version: 2.0.0 - Adobe Systems Incorporated) Hidden
Adobe Acrobat Reader 3.01 (HKLM\...\Adobe Acrobat Reader 3.01) (Version: - )
Adobe Community Help (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.5.23 - Adobe Systems Incorporated.)
Adobe Community Help (Version: 3.5.23 - Adobe Systems Incorporated.) Hidden
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 9.0.124.0 - Adobe Systems Incorporated)
Adobe Photoshop CS2 (HKLM\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
Adobe Photoshop CS2 (Version: 9.0 - Adobe Systems, Inc.) Hidden
Adobe Photoshop CS5.1 (HKLM\...\{9158FF30-78D7-40EF-B83E-451AC5334640}) (Version: 12.1 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
avast! Internet Security (HKLM\...\Avast) (Version: 9.0.2021 - AVAST Software)
Business Contact Manager for Outlook 2007 SP2 (Version: 3.0.8619.1 - Microsoft Corporation) Hidden
Buzzdock (HKLM\...\{ac225167-00fc-452d-94c5-bb93600e7d9a}) (Version: - Alactro LLC) <==== ATTENTION
Canon Easy-WebPrint EX (HKLM\...\Easy-WebPrint EX) (Version: 1.4.0.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.)
Canon MX720 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX720_series) (Version: 1.00 - Canon Inc.)
Canon MX720 series On-screen Manual (HKLM\...\Canon MX720 series On-screen Manual) (Version: 7.6.0 - Canon Inc.)
Canon My Printer (HKLM\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
Canon Quick Menu (HKLM\...\CanonQuickMenu) (Version: 2.1.0 - Canon Inc.)
Canon Speed Dial Utility (HKLM\...\Speed Dial Utility) (Version: 1.3.0 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform)
CombineZP (HKLM\...\{8E41D2A5-C0DD-4139-8C7A-2F0E1F20ED24}) (Version: 1.0.0 - Alan Hadley)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CyberLink PhotoDirector 4 (HKLM\...\InstallShield_{44510C84-AE2A-4079-A75B-D44E68D73B9A}) (Version: 4.0.4317.0 - CyberLink Corp.)
CyberLink PhotoDirector 4 (Version: 4.0.4317.0 - CyberLink Corp.) Hidden
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Desktop-Reminder 2 (HKLM\...\Desktop-Reminder 2) (Version: 2.105 - Polenter - Software Solutions)
Desktop-Reminder 2 (Version: 2.105 - Polenter - Software Solutions) Hidden
Direct DiscRecorder (Version: 1.00.0000 - Corel Corporation) Hidden
DVD MovieFactory for TOSHIBA (HKLM\...\InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}) (Version: 7.0.0 - Corel Corporation)
DVD MovieFactory for TOSHIBA (Version: 7.0.0 - Corel Corporation) Hidden
DX-Ball 1.09 (HKLM\...\DX-Ball 1.09) (Version: - )
FastStone Image Viewer 5.1 (HKLM\...\FastStone Image Viewer) (Version: 5.1 - FastStone Soft)
Final Video Downloader 2013 (HKLM\...\FinalVideoDownloader_is1) (Version: - Bitberry Software)
Foxit Cloud (HKLM\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 1.7.140.701 - Foxit Corporation)
Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 6.2.1.618 - Foxit Corporation)
Foxit Reader Free Download Packages (HKCU\...\Foxit Reader Free Download Packages) (Version: - ) <==== ATTENTION
Free RAR Extract Frog (HKLM\...\Free RAR Extract Frog) (Version: 5.00 - Philipp Winterberg)
Free Screen Video Recorder version 2.5.34.605 (HKLM\...\Free Screen Video Recorder_is1) (Version: 2.5.34.605 - DVDVideoSoft Ltd.)
Free Studio version 5.3.5 (HKLM\...\Free Studio_is1) (Version: 5.3.5 - DVDVideoSoft Ltd.)
FUJIFILM Hyper-Utility Software (HKLM\...\{76583DD5-2BCE-46F7-ACC4-3BF37645F4E0}) (Version: - )
FUJIFILM USB Driver (HKLM\...\{5490882C-6961-11D5-BAE5-00E0188E010B}) (Version: - )
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Gimp Resynthesizer Plugin version 0.16 (HKLM\...\Gimp Resynthesizer Plugin_is1) (Version: 0.16 - )
Google Chrome (HKLM\...\Google Chrome) (Version: 32.0.1700.76 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.25.0 - Google Inc.) Hidden
HP OfficeJet G Series (HKLM\...\HP OfficeJet G Series) (Version: - )
Hyper-Utility Software Add-On (HKLM\...\{138CEA91-A651-45B0-9C2C-D69A44493E0F}) (Version: - )
Hyper-Utility2 (HKLM\...\{0D19B2D8-4FE4-48B2-BBA1-194B82A81230}) (Version: - )
Hyper-Utility2 CCD-RAW Plug-In (HKLM\...\{45634CA5-CFDE-4794-9C1C-65613F2A0E4E}) (Version: - )
Hyper-Utility2 CustomRendered Modifier Plug-In (HKLM\...\{8AE68327-FAA7-403D-AEEC-CBBA1DE2DBAD}) (Version: - )
Hyper-Utility2 File Format Plug-In (HKLM\...\{B71E0018-25B9-4093-937E-13E6398B853B}) (Version: - )
Hyper-Utility2 FinePixS20Pro SHOOTING Plug-In (HKLM\...\{5D063AFD-05EF-4CE8-895A-7817118B1D6A}) (Version: - )
Hyper-Utility2 FinePixS2Pro SHOOTING Plug-In (HKLM\...\{F87FF0A2-E55F-4BF8-9D0E-1B9BD846E17B}) (Version: - )
Hyper-Utility2 FinePixS3Pro SHOOTING Plug-In (HKLM\...\{EE548EB1-4CF6-4A37-884D-0EA9DDB0F549}) (Version: - )
Hyper-Utility2 Preview Print (HKLM\...\{819A351B-09B9-4AE2-A9E9-EAFBF8952A56}) (Version: - )
Hyper-Utility2 Print/Contact Sheet Output Plug-In (HKLM\...\{BEA19A41-E180-40EE-A083-995A2C6B10C4}) (Version: - )
Hyper-Utility2 Slide Show Plug-In (HKLM\...\{F20E77B0-F2E0-402B-8868-BDEB5CC2D01B}) (Version: - )
ImageMixer VCD2 for FinePix (HKLM\...\{934E9442-D305-4ACF-AD87-A6C11D677CB9}) (Version: - )
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1883 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LSI V92 MOH Application (HKLM\...\LTMOH) (Version: - LSI Corporation)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Camera Codec Pack (HKLM\...\{F8AFEA7D-77BD-43F3-ADF7-EF71300BEFD2}) (Version: 16.4.1620.0719 - Microsoft Corporation)
Microsoft Image Composite Editor (HKLM\...\{3D599ADA-65D9-4B51-898F-CE718DEC5DBB}) (Version: 1.4.4 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM\...\{90A40409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{91110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Small Business Connectivity Components (HKLM\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) (Version: 9.4.5000.00 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS) (Version: 9.4.5000.00 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 Tools Express Edition (Version: 9.4.5000.00 - Microsoft Corporation) Hidden
Microsoft SQL Server Native Client (HKLM\...\{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{E7084B89-69E0-46B3-A118-8F99D06988CD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86 (Version: 1.00.0000 - Adobe) Hidden
MotoHelper MergeModules (Version: 1.2.0 - Motorola) Hidden
Mozilla Firefox 30.0 (x86 en-GB) (HKLM\...\Mozilla Firefox 30.0 (x86 en-GB)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 en-US) (HKLM\...\Mozilla Thunderbird 24.6.0 (x86 en-US)) (Version: 24.6.0 - Mozilla)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Opera 12.16 (HKLM\...\Opera 12.16.1860) (Version: 12.16.1860 - Opera Software ASA)
PDF Settings CS5 (Version: 10.0 - Adobe Systems Incorporated) Hidden
PDF Settings CS6 (Version: 11.0 - Adobe Systems Incorporated) Hidden
PIE Free v6.7 (HKLM\...\PIE_is1) (Version: - Picmeta Systems)
PlayReady PC Runtime x86 (HKLM\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
PokerStars (HKLM\...\PokerStars) (Version: - PokerStars)
PrnPrint v3.47.10 (HKLM\...\PrnPrint) (Version: v3.47.10 - Russ Wright)
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Raw Therapee V4.0.9.50 x86 (HKLM\...\{CE518445-0054-44F8-8315-2AD45BF3701E}) (Version: 4.0.950 - Raw Therapee Team)
Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0008 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5904 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30101 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM\...\{0FB630AB-7BD8-40AE-B223-60397D57C3C9}) (Version: 2.00.0006 - Realtek)
Skype Click to Call (HKLM\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.2.15747.10003 - Microsoft Corporation)
Skype™ 6.16 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Studio Utility (HKLM\...\{80B3B090-7FE0-487D-9065-5D0B3FB9FC31}) (Version: - )
Studio Utility shooting plug-in (HKLM\...\{B1709DC3-3A8C-4C29-B0E7-F033450A62A0}) (Version: - )
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.6.1 - Synaptics Incorporated)
TOSHIBA Assist (HKLM\...\{12B3A009-A080-4619-9A2A-C6DB151D8D67}) (Version: 2.01.11 - TOSHIBA)
TOSHIBA Bulletin Board (HKLM\...\InstallShield_{342126B2-10D5-409E-884B-245347A497E1}) (Version: 1.0.04.32 - TOSHIBA Corporation)
TOSHIBA Bulletin Board (Version: 1.0.04.32 - TOSHIBA Corporation) Hidden
TOSHIBA ConfigFree (HKLM\...\{F3529665-D75E-4D6D-98F0-745C78C68E9B}) (Version: 8.0.21 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.1 - TOSHIBA Corporation)
TOSHIBA DVD PLAYER (HKLM\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 3.01.0.07-A - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM\...\InstallShield_{53536479-DFB0-47ED-9D10-43F3708C222D}) (Version: 1.1.7.0 - TOSHIBA Corporation)
TOSHIBA eco Utility (Version: 1.1.7.0 - TOSHIBA Corporation) Hidden
TOSHIBA Extended Tiles for Windows Mobility Center (HKLM\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version: 1.01.00 - TOSHIBA Corporation)
TOSHIBA Extended Tiles for Windows Mobility Center (Version: 1.01.00 - TOSHIBA Corporation) Hidden
TOSHIBA Face Recognition (HKLM\...\InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}) (Version: 3.1.0.32 - TOSHIBA Corporation)
TOSHIBA Face Recognition (Version: 3.1.0.32 - TOSHIBA Corporation) Hidden
TOSHIBA Hardware Setup (HKLM\...\{D0387727-C89D-4774-B643-B9333EAA09DE}) (Version: 2.00.11 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.0.0 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (Version: 3.1.0.0 - TOSHIBA Corporation) Hidden
TOSHIBA Internal Modem Region Select Utility (HKLM\...\InstallShield_{89F7D66C-777D-473B-AA11-319C0F190EAC}) (Version: 2.3.0.01 - TOSHIBA Corporation)
TOSHIBA Internal Modem Region Select Utility (Version: 2.3.0.01 - TOSHIBA Corporation) Hidden
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.4.0.0 - TOSHIBA Corporation)
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.3 - TOSHIBA Corporation)
TOSHIBA ReelTime (HKLM\...\InstallShield_{42451051-52B5-4D74-920A-BB49861D7253}) (Version: 1.0.04.32 - TOSHIBA Corporation)
TOSHIBA ReelTime (Version: 1.0.04.32 - TOSHIBA Corporation) Hidden
TOSHIBA SD Memory Utilities (HKLM\...\{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}) (Version: 1.8.1.7 - TOSHIBA)
TOSHIBA Service Station (HKLM\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.33 - TOSHIBA)
TOSHIBA Speech System Applications (HKLM\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version: 1.00.2518 - )
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version: - )
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version: - )
TOSHIBA Supervisor Password (HKLM\...\{A208044D-A88B-4ACF-AE95-E4F213E6EDC0}) (Version: 2.00.09 - TOSHIBA Corporation)
TOSHIBA Value Added Package (HKLM\...\InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}) (Version: 1.2.25 - TOSHIBA Corporation)
TOSHIBA Value Added Package (Version: 1.2.25 - TOSHIBA Corporation) Hidden
TOSHIBA Web Camera Application (HKLM\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.4 - TOSHIBA Corporation)
Un-Rar for Windows 9.22beta (HKLM\...\Un-Rar for Windows) (Version: - )
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Wavelet Denoise Gimp Plugin version 0.3.1 (HKLM\...\Wavelet Denoise Gimp Plugin_is1) (Version: 0.3.1 - )
Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinPcap 4.1.2 (HKLM\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WorldClock 3.0 (HKLM\...\WH_WorldClock31) (Version: - )
Xnet Usage Monitor V1.9.1 (HKLM\...\Xnet Usage Monitor_is1) (Version: - WorldxChange Communications Limited)

==================== Restore Points =========================

==================== Hosts content: ==========================

2009-07-14 14:04 - 2014-07-03 16:08 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {11AADE20-4F14-4BFC-B6C9-56DCC0572657} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-07-13] (AVAST Software)
Task: {188AE9EC-884D-488D-8CB4-172B753D7442} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-04-27] (Google Inc.)
Task: {1B3416CF-55E8-44F3-9A0E-DA5A132BD720} - System32\Tasks\Adobe Flash Player Updater => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
Task: {1C8253F0-DE7A-4E8D-A06B-CC6C46B5C189} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {1CD5F469-2580-40DA-BC8F-424405B49305} - System32\Tasks\{6E198C6D-A05B-4A5B-8601-A029A00CB712} => G:\PhotoDeluxe BE 1.0\PBE - START PHOTODELUXE.exe
Task: {32F5BDE4-5C9E-4F41-B4F2-983D98ED1614} - System32\Tasks\{8841D2BE-6151-4DBF-8EE1-07B8DB212FB0} => Firefox.exe http://ui.skype.com/ui/0/6.6.0.106/en/abandoninstall?page=tsMain
Task: {357A0D5B-4AD0-45C5-B68C-B647048AA74D} - System32\Tasks\{0FB90CDF-146A-4CDC-950E-A548F808257A} => Firefox.exe http://ui.skype.com/ui/0/6.6.0.106/en/abandoninstall?page=tsMain
Task: {41477A69-9FE9-4A3E-BE9E-3D64199C9F4E} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe [2009-07-14] (TOSHIBA CORPORATION)
Task: {42E70B4B-BE9C-453B-8A5E-B5BFB73A1283} - System32\Tasks\{0819487C-1D15-4857-BA02-983D867F885D} => C:\Program Files\Equis\MetaStock\Mswin.exe
Task: {46B54C43-A9EB-408A-A1B3-B23529D6056F} - System32\Tasks\{4E95066B-45EC-409D-8778-31B8A6220518} => C:\Program Files\Equis\MetaStock\Mswin.exe
Task: {62DFA96E-D29E-4FC8-B9A3-9BEF1AC53BAD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-04-27] (Google Inc.)
Task: {6C8A4850-91FD-4CF7-86B0-3CA04CAF2516} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2157935053-1210720638-4233388858-1010 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {8CAC686A-E916-45D9-9246-90E739755F47} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2157935053-1210720638-4233388858-1010 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {99ABE7F7-E976-4327-BF11-CAE05748AAC3} - System32\Tasks\{15D80FC0-562A-4B13-A298-E9661A33A844} => C:\Program Files\Equis\MetaStock\Mswin.exe
Task: {AA4D16A3-9B86-4671-AAA9-F721B93FC654} - System32\Tasks\{B0E303D8-7C7B-4FE5-B1F4-1DBEE6E57443} => C:\Program Files\Equis\MetaStock\Mswin.exe
Task: {B01A901B-DBD5-4092-AE9C-30515331CDF7} - System32\Tasks\AdobeAAMUpdater-1.0-TOSH-2-new user => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04] (Adobe Systems Incorporated)
Task: {CAF1179E-24B2-445B-A875-848C0130E50B} - System32\Tasks\RealCreateProcessScheduledTask137236778S-1-5-21-2157935053-1210720638-4233388858-1010 => C:\Program Files\Real\RealPlayer\realplay.exe
Task: {CE685F2B-CC13-4865-B450-7C49EC38379A} - System32\Tasks\{3961AA2B-BFFC-4044-82A1-6AF878A89FB6} => Firefox.exe http://ui.skype.com/ui/0/6.11.73.102.456/en/abandoninstall?page=tsBing
Task: {F74D007D-BB16-4A80-8E22-38FF91BA33D3} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-06-25] (Piriform Ltd)
Task: {FE73EE14-FFFA-4065-A2EB-219C5BEE49A0} - System32\Tasks\{14DEEC6E-690D-443A-85B4-8883D18F5068} => C:\Program Files\Equis\MetaStock\Mswin.exe
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-07-13 14:17 - 2014-07-13 14:17 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-07-19 10:51 - 2014-07-19 10:51 - 02793472 _____ () C:\Program Files\AVAST Software\Avast\defs\14071801\algo.dll
2014-07-20 10:56 - 2014-07-20 10:56 - 02793472 _____ () C:\Program Files\AVAST Software\Avast\defs\14071901\algo.dll
2009-07-17 10:27 - 2009-07-17 10:27 - 07263544 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2009-07-17 10:27 - 2009-07-17 10:27 - 00052536 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
2009-03-13 14:08 - 2009-03-13 14:08 - 00049152 _____ () C:\Program Files\Toshiba\PCDiag\NotifyPCD.dll
2014-03-05 21:55 - 2000-07-26 10:34 - 00061440 ____N () C:\Windows\System32\spool\drivers\w32x86\hpoopm07.exe
2014-07-13 14:17 - 2014-07-13 14:17 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2009-07-14 09:03 - 2009-07-14 13:15 - 00364544 _____ () C:\Windows\system32\msjetoledb40.dll
2014-04-15 07:41 - 2014-04-15 07:41 - 00039192 _____ () C:\Program Files\CCleaner\branding.dll
2009-08-04 13:17 - 2009-08-04 13:17 - 00079192 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2014-05-01 20:19 - 2014-06-12 19:41 - 03022960 _____ () C:\Program Files\Mozilla Thunderbird\mozjs.dll
2014-05-01 20:19 - 2014-06-12 19:41 - 00158832 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAP32V60.dll
2014-05-01 20:19 - 2014-06-12 19:41 - 00023152 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAPPR32V60.dll
2014-06-11 15:42 - 2014-06-06 16:38 - 03852912 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Program Files\Desktop-Reminder 2:{67005600-3500-4800-7000-70004A006400}
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\ProgramData\TEMP:98181191

==================== Safe Mode (whitelisted) ===================

==================== EXE Association (whitelisted) =============

==================== MSCONFIG/TASK MANAGER disabled items =========

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: {a3f28269-ad17-41a8-b032-3e0313ef8979}w
Description: {a3f28269-ad17-41a8-b032-3e0313ef8979}w
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: {a3f28269-ad17-41a8-b032-3e0313ef8979}w
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

==================== Event log errors: =========================

Application errors:
==================
Error: (07/20/2014 03:10:35 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\windows\servicing\TrustedInstaller.exe; Description = Windows Modules Installer; Error = 0x8004231f).

Error: (07/20/2014 03:10:27 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\windows\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x8004231f).

Error: (07/20/2014 03:00:58 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\windows\servicing\TrustedInstaller.exe; Description = Windows Modules Installer; Error = 0x8004231f).

Error: (07/20/2014 03:00:47 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\windows\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x8004231f).

Error: (07/20/2014 02:33:29 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CS5.5ServiceManager.exe, version: 2.5.0.236, time stamp: 0x4d2dc3bd
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea91c
Exception code: 0xc0000005
Fault offset: 0x00056b0d
Faulting process id: 0x1ce8
Faulting application start time: 0xCS5.5ServiceManager.exe0
Faulting application path: CS5.5ServiceManager.exe1
Faulting module path: CS5.5ServiceManager.exe2
Report Id: CS5.5ServiceManager.exe3

Error: (07/20/2014 02:28:20 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: msiexec.exe, version: 5.0.7601.17514, time stamp: 0x4ce792c4
Faulting module name: RPCRT4.dll, version: 6.1.7601.18205, time stamp: 0x51db96a4
Exception code: 0xc0000005
Fault offset: 0x0001fa4b
Faulting process id: 0x16f0
Faulting application start time: 0xmsiexec.exe0
Faulting application path: msiexec.exe1
Faulting module path: msiexec.exe2
Report Id: msiexec.exe3

Error: (07/20/2014 01:47:18 AM) (Source: MsiInstaller) (EventID: 11706) (User: TOSH-2)
Description: Product: TOSHIBA SD Memory Utilities -- Error 1706.No valid source could be found for product TOSHIBA SD Memory Utilities. The Windows Installer cannot continue.

Error: (07/20/2014 01:37:36 AM) (Source: MsiInstaller) (EventID: 11706) (User: TOSH-2)
Description: Product: TOSHIBA SD Memory Utilities -- Error 1706.No valid source could be found for product TOSHIBA SD Memory Utilities. The Windows Installer cannot continue.

Error: (07/20/2014 00:25:09 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\windows\system32\msiexec.exe /V; Description = Removed Apple Application Support; Error = 0x8004231f).

Error: (07/20/2014 00:11:21 AM) (Source: ESENT) (EventID: 482) (User: )
Description: taskhost (1720) WebCacheLocal: An attempt to write to the file "C:\Users\new user\AppData\Local\Microsoft\Windows\WebCache\V01res00003.jrs" at offset 393216 (0x0000000000060000) for 131072 (0x00020000) bytes failed after taskhost0 seconds with system error 112 (0x00000070): "There is not enough space on the disk. ". The write operation will fail with error -1808 (0xfffff8f0). If this error persists then the file may be damaged and may need to be restored from a previous backup.

System errors:
=============
Error: (07/20/2014 10:57:52 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The HP Network Devices Support service terminated with the following error: 
%%126

Error: (07/20/2014 10:55:28 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
{a3f28269-ad17-41a8-b032-3e0313ef8979}w

Error: (07/20/2014 10:54:45 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MBAMScheduler service failed to start due to the following error: 
%%1053

Error: (07/20/2014 10:54:45 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the MBAMScheduler service to connect.

Error: (07/20/2014 03:10:36 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows 7 (KB2667402).

Error: (07/20/2014 03:03:10 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows 7 (KB2667402).

Error: (07/20/2014 02:28:23 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (07/19/2014 04:09:51 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (07/19/2014 00:38:45 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The HP Network Devices Support service terminated with the following error: 
%%126

Error: (07/19/2014 00:36:42 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
{a3f28269-ad17-41a8-b032-3e0313ef8979}w

Microsoft Office Sessions:
=========================
Error: (07/20/2014 03:10:35 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\windows\servicing\TrustedInstaller.exeWindows Modules Installer0x8004231f

Error: (07/20/2014 03:10:27 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\windows\system32\svchost.exe -k netsvcsWindows Update0x8004231f

Error: (07/20/2014 03:00:58 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\windows\servicing\TrustedInstaller.exeWindows Modules Installer0x8004231f

Error: (07/20/2014 03:00:47 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\windows\system32\svchost.exe -k netsvcsWindows Update0x8004231f

Error: (07/20/2014 02:33:29 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: CS5.5ServiceManager.exe2.5.0.2364d2dc3bdntdll.dll6.1.7601.18247521ea91cc000000500056b0d1ce801cfa35db3d71e2dC:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exeC:\windows\SYSTEM32\ntdll.dlla62be1e8-0f51-11e4-af79-00266c6bc8d1

Error: (07/20/2014 02:28:20 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: msiexec.exe5.0.7601.175144ce792c4RPCRT4.dll6.1.7601.1820551db96a4c00000050001fa4b16f001cfa34c6992baeaC:\windows\system32\msiexec.exeC:\windows\system32\RPCRT4.dllee125d29-0f50-11e4-af79-00266c6bc8d1

Error: (07/20/2014 01:47:18 AM) (Source: MsiInstaller) (EventID: 11706) (User: TOSH-2)
Description: Product: TOSHIBA SD Memory Utilities -- Error 1706.No valid source could be found for product TOSHIBA SD Memory Utilities. The Windows Installer cannot continue.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (07/20/2014 01:37:36 AM) (Source: MsiInstaller) (EventID: 11706) (User: TOSH-2)
Description: Product: TOSHIBA SD Memory Utilities -- Error 1706.No valid source could be found for product TOSHIBA SD Memory Utilities. The Windows Installer cannot continue.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (07/20/2014 00:25:09 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\windows\system32\msiexec.exe /VRemoved Apple Application Support0x8004231f

Error: (07/20/2014 00:11:21 AM) (Source: ESENT) (EventID: 482) (User: )
Description: taskhost1720WebCacheLocal: C:\Users\new user\AppData\Local\Microsoft\Windows\WebCache\V01res00003.jrs393216 (0x0000000000060000)131072 (0x00020000)-1808 (0xfffff8f0)112 (0x00000070)There is not enough space on the disk. 0

==================== Memory info ===========================

Percentage of memory in use: 56%
Total physical RAM: 2939.99 MB
Available physical RAM: 1289.67 MB
Total Pagefile: 5878.27 MB
Available Pagefile: 3789.63 MB
Total Virtual: 2047.88 MB
Available Virtual: 1883.32 MB

==================== Drives ================================

Drive c: (S3A8103D003(computer)) (Fixed) (Total:143.17 GB) (Free:2.73 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (E: WORK (computer)) (Fixed) (Total:141.09 GB) (Free:136.29 GB) NTFS
Drive f: (TOURO) (Fixed) (Total:465.76 GB) (Free:282.3 GB) NTFS
Drive g: (DSE 40 Gb Local Disk) (Fixed) (Total:37.26 GB) (Free:29.63 GB) NTFS
Drive h: (LOOK) (Fixed) (Total:29.28 GB) (Free:15.97 GB) FAT32
Drive i: () (Fixed) (Total:7.94 GB) (Free:7.94 GB) FAT32
Drive j: () (Removable) (Total:7.39 GB) (Free:7.31 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298 GB) (Disk ID: 38B45714)
Partition 1: (Active) - (Size=1 GB) - (Type=27)
Partition 2: (Not Active) - (Size=143 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=141 GB) - (Type=05)
Partition 4: (Not Active) - (Size=12 GB) - (Type=17)

========================================================
Disk: 1 (Size: 37 GB) (Disk ID: 82688268)
Partition 1: (Active) - (Size=37 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 2999FAA4)
Partition 1: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (Size: 7 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

========================================================
Disk: 4 (MBR Code: Windows XP) (Size: 37 GB) (Disk ID: BA7D00B1)
Partition 1: (Not Active) - (Size=29 GB) - (Type=0C)
Partition 2: (Not Active) - (Size=8 GB) - (Type=OF Extended)

==================== End Of Log ============================


----------



## Cookiegal (Aug 27, 2003)

Please navigate to each of the following folders and let me know some of the names of the files they contain or if you recognize them.

C:\ProgramData\*dkaegflhijigdlnfhgflhbpfhclepclp*
C:\ProgramData\*bcd57b4b288889a8*


----------



## Cookiegal (Aug 27, 2003)

Please download the attached *fixlist.txt* file and save it where you saved FRST (which should be the desktop).

*NOTE:* It's important that both files, *FRST* and *fixlist.txt *are in the same location (preferably on the desktop) or the fix will not work.

Run *FRST/FRST64* and press the *Fix* button just once and then wait.

If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after the restart.

*NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.*

The tool will make a log on the Desktop (Fixlog.txt). Please post it in your reply.


----------



## MikeJG (Jul 31, 2013)

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:20-07-2014
Ran by new user at 2014-07-21 09:37:41 Run:1
Running from C:\Users\new user\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - SuggestionsURL_JSON http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
FF DefaultSearchEngine: Yahoo!
S1 {a3f28269-ad17-41a8-b032-3e0313ef8979}w; system32\drivers\{a3f28269-ad17-41a8-b032-3e0313ef8979}w.sys [X]
C:\Users\new user\AppData\Local\Temp\Foxit Updater.exe
C:\Users\new user\AppData\Local\Temp\GreenerWebUntemp.exe
C:\Users\new user\AppData\Local\Temp\Quarantine.exe
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\ProgramData\TEMP:98181191

*****************

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\SuggestionsURL_JSON => value deleted successfully.
Firefox DefaultSearchEngine deleted successfully.
{a3f28269-ad17-41a8-b032-3e0313ef8979}w => Service deleted successfully.
C:\Users\new user\AppData\Local\Temp\Foxit Updater.exe => Moved successfully.
C:\Users\new user\AppData\Local\Temp\GreenerWebUntemp.exe => Moved successfully.
C:\Users\new user\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\ProgramData\TEMP => ":373E1720" ADS removed successfully.
C:\ProgramData\TEMP => ":98181191" ADS removed successfully.

==== End of Fixlog ====


----------



## Cookiegal (Aug 27, 2003)

Please right-click on any of those files that end in .ini and select "open with" and then "Notepad" and copy and paste the contents here. Please do not upload it as an attachment but rather copy and paste the contents.


----------



## MikeJG (Jul 31, 2013)

I don't know what I'm doing here. I'm just taking a wild guess at what your instructions mean. 
Could youi please make your instructions clear to even me? I'm trying to make clear what Ive done. In my post the unsatisfactory attachment has ".ini" files that I can't open. I go to the "Program Data" files but nothing I can find ends with"ini." I've tried everything I can think of and achieved nothing and I'm just getting frustrated because I don't know what you mean. SO ... These are what I can recognize from the attachment, .ini or not. They are in the order you see them in the screen shot.

"bcd" folder containing the following files.

"3ed..."
wau2F9nlZoKV9Xk5wy6V+PP+N4BwxFhNhFzvvG/661PjFTeDGUXJaH9jcpb50jvBaxtM2nuVnkeGxdjSjvyAWP7csXq+As0M3gJtCP+NauXsimojaE23VC132WDZmNhiiRjY7mZylA81zBeOsMSy6qKqUNRkm62pbJXVRC0AfNyJYsogg+VvGNPiFPgJhXw/Dw2jm0mIgRaxObdtz6rVBo0Gyl4Hhn/p/UTdyP8mzSKeBeomIgXX1MvHJZX2KQVDP/89ABnac1a6syHlu0SV/vOgeq4BjSaiZeX6R9enW32WZW3ACXKICuoV3GEaLFuLpTs963Oi3LguNExJ88NjYBtRk4YkHFt9i1wMQHxP+VmwxSNWrjcpHbQjK/4akRXzbYyZv5qj43XW31qjePaiZ03DVndclABuHegsgHXJ9yCtnWsKOCiEUYl5iTyUGoykTlRb2BN/tGI+9FLM6o6kBL52Xe2Y2afZRNSyP8QUlm2+4f29Cw80+ZnTPQ/QJykVmuIspxMDY1rz+zBSbF8GZtldtD9QyPGmvvRov4IscHnyMyLQTJJ/7NLMOj7RzjlLxwAEreL7T/SqvL9JCRsUWAMqEJjIPms/KqLXUCxQxb6VWzI+2R028MKjAOQBGsG5N9ksQm7V+Vw3SEUQRlLFzqgx94FDcz5PjLvVPQXxOf6JLCk3Wtd3YNQr+O272HNFI4srdecAauVfQtEn3rkOrjkb5bZKtSZ828UcwWOozuUNS+kE9VE/BXYt91vFwXztsRGWwxn6H0owtlilbAstcdwYCW9HDdOEjvSedvCe1ZLKJLBQzGfA
--------------------------------------------------------------------------------------------

"15a..."
1AMzvh686c3lLuESUMjx0uviKJ2J4QxdO4j0MD025kH+UoLAxKrrYDpxAOV38fDB00g3XFK6nikWLAhejrEoTN6xFNeK4QNxjxUqCTr5mgK2l55TDpx7rR0R1ILCcpgQCbYUU+Y9gDbNzfpALe0W8cuGV9nRlXhTICfssWR0OmuPGF5bdFclxE72CLIUIbzSDAXBYuFUystVM8TsvBPiAoEn1pbqIfMXRHkknIiQl1y0c1n3rjZin14wd3jc92o/nns3W3NDWnWEC5c3ctUzv3mgJF2c+z4qZkKrmzSxmuBdaC2csqTG0vE2CszGoeVAoc8ZYhkoW61XGV7wZBTHLUBlBjZMVkN9IYG72hIP7Y+GUvB/RAsE66AGj7eR78jiHSSv+gR0bavFvonLJAARuxpHG1n9E9X+JCAPiki4YjbXS8ahG63YfkewuSC0S3Oj8EA7DFt7IgjCeb4D6xyJgESg5HMg7g4k6DSfeTnHo4LklSEQzGfA
-------------------------------------------------------------------------------------------------

"34e..."
C/4TNw14gMzqRpMhabQcl2WQy8K6nEoIKQ5L72uJAbYgqVmjgLhz1FVbJ7f6+pGGfYeIwi1QyKTzBtviFA1uoqbOfMwxw0l+u9IQBubyCOBDug7OOMmUBrqhMDtKJRYPvwvAHwCe3jSPXnZPKS6z5SU1vV8x57VhbtuTsArWuGyM94tPQ4pCBzUbGa5CdSpEcRs1fEuI8jhCV+PKubuoPew2ERdSTFMSF1D81qZgAeDfTXdI13QZqu6AVdjEM6i1gnlXqod1+q8GRkxuu1/CmDLJu9kGV4hFmE41SP3S6LC24hw15fIDZ90ubZDI7uxxbFGAR4cY0gy1E/8D7BvW9Bpgwbj63qfqgs5nuLehaVdpFNNRzhDiqLW7C+//KdcDus9t3GyLbJZ2tioOKK7VmLfDtBCIghDeJU7Ky96F0Pkli2TSNUZ4HQm+fl+rqA+UJ8tkMA8A7rg1lVVsrxIoRezxKfZzeTEDTHZd/yehFI15bi6CW62eHvTRqdS5n2hJHdVN
----------------------------------------------------------------------------------------------------

"87a.."W5VyukbA5bBMHlcMOQh+ZrXLdbR7+2R86KImJTfNnwzpoFyLrHcuSp1jckehpaBNka1G2nc70oMSyCgdSse+KM+MjnRQ+DuQ+hTZJGPnGrlNHp7RsS5WF/hI5LnKSEongUVARO5O9HiM7BmoInmPBphfio/mQK7EvGWXcbYyIlNT1as1xOSFhADuNK4EYcXJn1UXGf4IaqOZ2YtM9Qqdsy7OqbF+lbD1kqLXPg9BGz5TX4j1pvaVOqCNpgOt0osgW+fmHVKLv5Octnki9XJw5yBRKCRyQhZ6DJBCFIzQfkIxTjvJKWx8Fsa0Q8qz3sqVKC1ejf8rJPzmamyUev4TMJuQeSDYiVdnh3tna8nDZf+CyoVbsMsKrod3vnX8+mX/j+9voxbA16OEpM5c/jRJBCUyXPvV7VpMX+dbWZ2EXubtK1afLZ/6WbHYgTj/ts8khSTEg24ewLVNMIH4aROU9wynTHH7z/uE6/AKemxag9f9Vao4Hd8t9hl1M
--------------------------------------------------------------------------------------------------------

"391d..."
mIxhIg5Tv6SiwZefABxeiAEGyC3WZvOImRmVlvgKuFhndgzTuZYX7MsqxKRuINnJWr6/gGnmf3Cf3OqRxYC+VTFLcDfkaL/aHh71JA99s/dE3lQJ/PNw4UYlY6kjffk8txaAaFqakdUPWq0NCcGMuynFonxRqQDJH8tv
--------------------------------------------------------------------------------------------------------

"850d..."
v78R3AcDbsgm3WcVNPgmg/9rSXNTHbgVgY3x2i46AbBfaVf03kYdew+O/IPFj34KUSRLPTmCwhY1OzdH+Dx6pqbPdhCDo4oit/4xbIpLkYCusxCG79d5SyPddDhvirvguV3RBeiB3881++jImh72F/zMMdKhiMttSdZfekZPncVI4SdxtvWutrSUDojF/WPaWd9CRCnRVnw+jNLd2JHg5q0Ldd9dscxTYcuoB86bUtbIEaL3kNYz2181I3zJuPq3HRzEIVvMCQD9zEPJhi7N5NMS3hI+x5GLdRf9GMoolx8YNOQ2ZWqmw0Cbr8qAJuFfbV4ZeHd5elgOVrqX/+GjaVPeuMHYW32jlsoRK7tz4ZIUsp53mjgvCc3SSUr4jHDnRUoXOYCn6T1IAlg4NI9JceTeK0KpPB11OKYbldWIT/yufP86e4ae9jCJ4BAEMuBtnmvmyXjtF0QQRsX0tIXaeNsccAUCXUXqqvzu8TS41jboG7YSibz7N6nMeYHBModIng/K/vO+h1NqVQ4tJQcnOB2fynzOxvP6j8+H48i9EjBhLY9OD/moCbbtRLq+CtZBLzz6ZbjREbt5e2JbKqRPz2VS2NBPC1wlVrFA+KDUnqJXLyL0NhYpxo5HHQc2DWMaF25EFOZ3GW2YsOpvBoqYr13n6oOKfK4yHFb3ms/YDhMzp1Yh39l2ItGTwiebD5k8VNuzuzOpE2cEGv0yOPi6EMo7UunzZmfqXvQ26bxaHu4VgTEBWJjmwnAnU34FYerseSGNPdrf7bZhpnx7KB50gKHwZdvrRw45rMjEbEXFcWmwY9HnDjzYPr/xmqb7onvNQRFKVTDWB14vq
-----------------------------------------------------------------------------------

"5563f..."
5uXF6JQJ8Z68Yjy89/unv+CsmXtisGOJdP7EDeWlvKvgvY3T/yrCdW8rG2ahrz+yhZU6lOpQx1m+eobiKEfXkbtaAAVZn+WT1mdzltab0q8HWev3CXquDYiz0Ua1hNRXIbHqs3+c5NPoMGFHrnbB6zUXY/sTdB1usS8+D9vw/wjDEyittBfRtWPL8TULHAqt9nIzAZvvFSP+Ikyr30+ZucObJRlmdUwz2CZVbDGJyLt+Xo8peIZpLjjhHcgCS/YFM996+VDDH9iaw0JnmIzC2cWRQsdJM4gli/dejn1ue5+w2VnquwJVe+A/YFK74mq9XmWAP576OgGEXhd+8kUOTyJcg3m7YcanZTiMaX2oeiKJI8Zv1p7RlF6deU/jomhU0RHunUZtfYfKGoJSj+qdMQpJT+TtOLRGkpOttSqTnYrRTJ1PF5WJMpFHbabbVHS9pATW9jdLq7gb4EM6FAG1Bu2LpA927rPWSCCZD9ltu/XLKhC6GM1FGwc+OQ5Fbc
-------------------------------------------------------------------------------------

"b6a..."
H2OtqdxjB/OULo+ABCzKjQtso1L/jgNCMReT+QMj3kdncwyCx/7yb9rRQC7X9AY0Kp3cfsa3Q40d99szWd8gzlfNxO7Ntqui7RJG6hM9y4hDxYFcGKGU4lNAeho8PRBo7Fbykq9qMMPEplcyape1utBQA2K0C0ILtF6bhUTSm6h1ylfjbY4rDRi0mtioahMkpK85Re2Tt2I2nl9rxf+pMKflcLaCVJ/sDmAtNfQD2ifSHLgJtK/mF8eQzYBKCJjv7tI09FgcH07x7ST2lzO4zuV3/HQVZ+x8NJ3A2TeGvwLlXp1FbJd9zyuQQ4ZnZSnbPs0TOQU871BQruNgNGs61n288jWavL0M5nlZuzYXcKZjl
----------------------------------------------------------------------------------------

"fe0c..."
lRk79kb5P1GGwdrjlhM2x3vnrxTVVWSgtHiFZ7ca/4gt5lTruYHxPaannOV4icd0LMsme1Q71hw/jyydChAeJXJIOcDFgo2x+K4laQtbpgkt02c+tHCNju1KslgnWeEJvAFDY8QrQd4zY5pQFqJMXH/v160PFNzsmCB7Z9tmfdjbJNCKlYlQxEHzr82KxWAqk+RCcvovmIGxRwpW6ftIFKcaxEskuQBiOSs3hcO7WwT7awoquexsYsbUkLvZxzTmCmTJMAEK2EuP9JZyVbBwz1ZJhODK5eChDw4bE1ruWLUIN9A8S+YGHf5CE7/vaYw2wv7ll64kg+micOTXAompc8xelnb51gtoAe4dwC7SNqLBFtFN8Z8VhtdEPPjFC5mBSmCBCSKffVPwRLW0UTwc+j568P2jbyaJ7ESP9jPHGDF6YYOk6WM88fob7wdvsomo8BNPy9Q+yargYzss/Q8h8rA8sDRuZe7M51CfmNw9K3YQE28Rt6V+5gArod8pQblXA/ScloSUYb2BJlRbf3L2RcARZtLGLs+EduAtkxKdwc8vtJTpaOoHY00v7P3CQMrkBPUujxvqI7/whvWjdDkvzna3rmD0765nxkj2Q6g3+4OcSuPE40vtQ9GKXfmkXNfGEnPLTqT1xo98nCCM+mjiXohLr9ZGpOa/zaZ4TMSYzGA9XN5ZxxqMP/uUDezkUZMzme5rbcu5W//S2w/Pwuiej2wXG9WrHupPvrWYXIPf7W3HrAv3cpHAFHMqEgDCSR6tRRPhRGz0+XjZxkZCfxhewbcQ5kmudMEYNpCqB+esWh3lZ6u/Y3yZdO1lJINiTPL7IKzwaj/QUYVwFH
--------------------------------------------------------------------------------------------


----------



## Cookiegal (Aug 27, 2003)

Now you have me confused. If you look at the Word document you attached, all of the items listed under:

C:\ProgramData\bcd57b4b288889a8

end with an .ini file extension. These types of files can be opened with Notepad.

You said you couldn't open them so I don't understand what is the gibberish that you posted after each of those files. Were you finally able to open them and that is the contents?


----------



## MikeJG (Jul 31, 2013)

C:\ProgramData\*dkaegflhijigdlnfhgflhbpfhclepclp*

*My post # 80* is all the files I found in :
C:\ProgramData\*bcd57b4b288889a8
*Because none of the files was able to be copied directly to the Reply Box I discovered that what you see could be copied from the file to Word but could not be re-copied from Word to the Reply Box. So I then forwarded the Word document to you as an attachment which for some reason you're unable to use. What's particularly strange to me is that there *are no files that show a '.ini' in the Program Data files but showed up when they were copied to Word.
*
I opened each file individually and copied the contents under an abbreviated name - eg *'3ed...' *rather than laboriously typing each one, hoping that would at least help. Can you see the content of those files in #80 and is it of no help to you?


----------



## Cookiegal (Aug 27, 2003)

That's odd that copying the contents of the folder shows the .ini file extension but the actual contents of the folder does not.

It is useful if that is the actual content but sometimes gibberish is created when trying to open files with the wrong program.

I didn't ask you to open the files in this folder:

C:\ProgramData\*dkaegflhijigdlnfhgflhbpfhclepclp*

Anyway, I suggest you delete both of these folders but leave them in the Recycle Bin in case anything cries out for them.

C:\ProgramData\*dkaegflhijigdlnfhgflhbpfhclepclp*
C:\ProgramData\*bcd57b4b288889a8*

Now, let's see if we can get OTL to work properly.

Please download *OTL* to your Desktop. 

Double-click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. 
Click the Run Scan button. Do not change any other settings unless otherwise instructed. The scan won't take long. 
When the scan completes, it will open two Notepad windows called *OTL.Txt* and *Extras.Txt*. These are saved in the same location as OTL. 
Please copy and paste the contents of both of these files here in your next reply. 

Because we've run it before there may not a second log called Extras.txt.


----------



## MikeJG (Jul 31, 2013)

OTL logfile created on: 7/24/2014 6:40:01 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\new user\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17207)
Locale: 00000409 | Country: New Zealand | Language: ENZ | Date Format: d/MM/yyyy

2.87 Gb Total Physical Memory | 1.74 Gb Available Physical Memory | 60.44% Memory free
5.74 Gb Paging File | 4.19 Gb Available in Paging File | 72.95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 143.17 Gb Total Space | 1.22 Gb Free Space | 0.85% Space Free | Partition Type: NTFS
Drive E: | 141.09 Gb Total Space | 139.16 Gb Free Space | 98.63% Space Free | Partition Type: NTFS
Drive F: | 465.76 Gb Total Space | 280.89 Gb Free Space | 60.31% Space Free | Partition Type: NTFS
Drive G: | 37.26 Gb Total Space | 29.63 Gb Free Space | 79.51% Space Free | Partition Type: NTFS
Drive H: | 29.28 Gb Total Space | 15.97 Gb Free Space | 54.53% Space Free | Partition Type: FAT32
Drive I: | 7.94 Gb Total Space | 7.94 Gb Free Space | 99.99% Space Free | Partition Type: FAT32

Computer Name: TOSH-2 | User Name: new user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/07/24 06:34:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\new user\Desktop\OTL.exe
PRC - [2014/07/15 17:45:01 | 000,106,488 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\afwServ.exe
PRC - [2014/07/13 14:17:12 | 004,086,432 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2014/07/13 14:17:12 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014/07/01 15:14:02 | 000,242,728 | ---- | M] (Foxit Corporation) -- C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
PRC - [2014/06/25 02:27:36 | 004,624,152 | ---- | M] (Piriform Ltd) -- C:\Program Files\CCleaner\CCleaner.exe
PRC - [2014/05/20 06:51:34 | 002,826,256 | ---- | M] (Polenter - Software Solutions) -- C:\Program Files\Desktop-Reminder 2\DesktopReminder2.exe
PRC - [2014/05/12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2014/05/12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2014/05/12 07:24:34 | 006,970,168 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
PRC - [2014/04/11 19:45:50 | 001,764,992 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
PRC - [2014/04/11 19:45:42 | 001,390,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
PRC - [2013/12/21 18:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/12/13 13:00:00 | 003,228,080 | ---- | M] (AdFender, Inc.) -- C:\Program Files\AdFender\AdFender.exe
PRC - [2012/11/23 14:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/04/04 06:25:00 | 000,295,584 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
PRC - [2011/07/20 10:59:50 | 002,338,304 | ---- | M] (WorldxChange Communications Limited) -- C:\Program Files\Xnet Usage Monitor\XNetUsage.exe
PRC - [2011/02/25 17:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/08/18 05:48:46 | 001,294,136 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
PRC - [2009/08/18 05:48:42 | 000,051,512 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
PRC - [2009/08/12 11:09:54 | 000,185,712 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TECO\TecoService.exe
PRC - [2009/08/12 11:09:38 | 001,324,384 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TECO\TEco.exe
PRC - [2009/08/11 14:55:46 | 000,185,712 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
PRC - [2009/08/07 12:05:18 | 000,583,024 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
PRC - [2009/08/07 12:04:56 | 000,685,424 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
PRC - [2009/08/07 10:02:02 | 000,029,528 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
PRC - [2009/08/07 08:06:58 | 000,466,792 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
PRC - [2009/08/06 09:18:50 | 000,464,224 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
PRC - [2009/08/06 09:18:08 | 000,476,512 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
PRC - [2009/08/06 09:04:54 | 000,738,616 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
PRC - [2009/08/04 13:16:50 | 001,021,272 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
PRC - [2009/08/04 13:16:32 | 000,111,960 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
PRC - [2009/07/29 15:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2009/07/29 10:43:04 | 000,128,344 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2009/07/29 09:00:10 | 000,460,088 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
PRC - [2009/07/14 10:24:00 | 000,304,496 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2009/07/08 04:37:32 | 000,062,832 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe
PRC - [2009/03/28 13:10:56 | 000,014,336 | ---- | M] (LSI Corporation) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe
PRC - [2009/03/11 13:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2000/07/26 10:34:48 | 000,061,440 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\hpoopm07.exe

========== Modules (No Company Name) ==========

MOD - [2014/07/13 14:17:12 | 019,329,904 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2014/07/13 14:17:12 | 000,301,152 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\aswProperty.dll
MOD - [2014/05/15 22:48:55 | 000,785,920 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Ente96d83b35#\ee550c3d485d44c7fbeeafe12a3e318b\System.EnterpriseServices.ni.dll
MOD - [2014/05/15 22:48:55 | 000,250,880 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Ente96d83b35#\ee550c3d485d44c7fbeeafe12a3e318b\System.EnterpriseServices.Wrapper.dll
MOD - [2014/04/15 07:41:12 | 000,039,192 | ---- | M] () -- C:\Program Files\CCleaner\branding.dll
MOD - [2014/02/28 08:42:24 | 019,693,056 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\24bf0c88c0465485f4b842df043b3f45\System.ServiceModel.ni.dll
MOD - [2014/02/27 23:37:05 | 001,870,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\b85a411ce82ba71cd3d77c8c13794f81\System.Web.Services.ni.dll
MOD - [2014/02/27 23:37:02 | 000,660,992 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\2053b0e14f1e64a5c5d6d1c4d01485a2\System.Transactions.ni.dll
MOD - [2014/02/27 23:36:58 | 001,180,672 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Management\0893e0e7137e3b2da905da6216b75344\System.Management.ni.dll
MOD - [2014/02/27 23:36:54 | 002,542,080 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Linq\7e73e63cf4b8efdf41900b9576489e61\System.Data.Linq.ni.dll
MOD - [2014/02/27 23:36:52 | 007,409,664 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Data\6bbed231aec6fd82547e09474da0b2f9\System.Data.ni.dll
MOD - [2014/02/27 23:36:50 | 012,894,208 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f4f6ee0df2aa4189bf36e6335cb92761\System.Windows.Forms.ni.dll
MOD - [2014/02/27 23:36:41 | 001,644,544 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\5cd2aee5e7c07227c694d89219688ab3\System.Drawing.ni.dll
MOD - [2014/02/27 23:36:39 | 002,825,216 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\f6d7bb59f318c130d68816a89335d05e\System.Runtime.Serialization.ni.dll
MOD - [2014/02/27 23:36:34 | 007,662,080 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bada32953bb6b16a53d653eae23d78dc\System.Xml.ni.dll
MOD - [2014/02/27 23:36:27 | 000,976,384 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\bbc48ec4245e502ae19b0601d3799c9e\System.Configuration.ni.dll
MOD - [2014/02/27 23:36:19 | 006,990,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\dce99d8de14d8a015313db98c72552ee\System.Core.ni.dll
MOD - [2014/02/27 23:36:16 | 003,950,080 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\acf97bfe2a931d4a47253b26b7218991\WindowsBase.ni.dll
MOD - [2014/02/27 23:36:13 | 010,060,800 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System\ff26cc03e6d57d8abd13b990332e67c6\System.ni.dll
MOD - [2014/02/27 23:36:07 | 000,147,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\4c8a153aa66fcd62db6fff269a2ef2b4\System.Numerics.ni.dll
MOD - [2014/02/27 23:36:06 | 000,045,056 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\Accessibility\e7e7e3b82e91028e6ed05189f837ea13\Accessibility.ni.dll
MOD - [2014/02/27 23:36:05 | 016,953,856 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll
MOD - [2014/02/12 20:56:38 | 000,212,992 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\b34b348a9935338b1282fd0c9309eb1f\System.ServiceProcess.ni.dll
MOD - [2014/02/12 20:55:40 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\8bc548587e91ecf0552a40e47bbf99cc\System.Windows.Forms.ni.dll
MOD - [2014/02/12 20:55:32 | 001,593,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5c24d3b0041ebf4f48a93615b9fa3de9\System.Drawing.ni.dll
MOD - [2014/02/12 20:55:07 | 005,464,064 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\217ece46920546d718414291d463bb1c\System.Xml.ni.dll
MOD - [2014/02/12 20:55:02 | 000,978,432 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\5b6ddf934128d538cd5cd77bf4209b93\System.Configuration.ni.dll
MOD - [2014/02/12 20:55:01 | 007,989,760 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll
MOD - [2014/02/12 20:54:49 | 011,499,520 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll
MOD - [2010/04/26 04:47:37 | 008,007,680 | ---- | M] () -- C:\windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
MOD - [2009/08/04 13:17:24 | 000,079,192 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
MOD - [2009/07/17 10:27:48 | 000,052,536 | ---- | M] () -- C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
MOD - [2009/07/17 10:27:44 | 007,263,544 | ---- | M] () -- C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
MOD - [2009/07/14 13:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\System32\msjetoledb40.dll
MOD - [2009/03/13 14:08:04 | 000,049,152 | ---- | M] () -- C:\Program Files\TOSHIBA\PCDiag\NotifyPCD.dll
MOD - [2000/07/26 10:34:48 | 000,061,440 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\hpoopm07.exe

========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Users\new user\AppData\Local\Temp\7zS7DC9\hpslpsvc32.dll -- (HPSLPSVC)
SRV - [2014/07/15 17:45:01 | 000,106,488 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV - [2014/07/13 14:17:12 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2014/07/09 19:54:11 | 000,262,320 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/07/01 15:14:02 | 000,242,728 | ---- | M] (Foxit Corporation) [Auto | Running] -- C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe -- (FoxitCloudUpdateService)
SRV - [2014/06/19 11:23:24 | 000,108,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2014/06/11 15:42:50 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/05/12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/05/12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014/04/11 19:45:50 | 001,764,992 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe -- (c2cpnrsvc)
SRV - [2014/04/11 19:45:42 | 001,390,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe -- (c2cautoupdatesvc)
SRV - [2013/12/21 18:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/10/23 07:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/05/27 16:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/05/12 17:05:14 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/08/18 05:48:42 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009/08/12 11:09:54 | 000,185,712 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV - [2009/08/11 14:55:46 | 000,185,712 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe -- (cfWiMAXService)
SRV - [2009/08/07 12:04:56 | 000,685,424 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV - [2009/08/06 09:18:50 | 000,464,224 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2009/08/04 13:16:32 | 000,111,960 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV - [2009/07/29 10:43:04 | 000,128,344 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2009/07/14 13:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/14 13:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 13:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/08 04:37:32 | 000,062,832 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe -- (RSELSVC)
SRV - [2009/03/28 13:10:56 | 000,014,336 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2009/03/11 13:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\vmnetadapter.sys -- (VMnetAdapter)
DRV - File not found [Kernel | Boot | Stopped] -- system32\DRIVERS\vmci.sys -- (vmci)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RtsUCcid.sys -- (USBCCID)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Rts516xIR.sys -- (RtsUIR)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Glary Utilities 3\ProcObsrv.sys -- (ProcObsrv)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motusbdevice.sys -- (motusbdevice)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Motousbnet.sys -- (Motousbnet)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motswch.sys -- (MotoSwitchService)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motmodem.sys -- (motmodem)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motccgpfl.sys -- (motccgpfl)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motccgp.sys -- (motccgp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motfilt.sys -- (BTCFilterService)
DRV - [2014/07/24 06:22:27 | 000,110,296 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV - [2014/07/16 00:09:29 | 000,030,976 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hitmanpro37.sys -- (hitmanpro37)
DRV - [2014/07/15 17:45:05 | 000,026,136 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswKbd.sys -- (aswKbd)
DRV - [2014/07/15 17:45:01 | 000,270,752 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswNdisFlt.sys -- (aswNdisFlt)
DRV - [2014/07/13 14:18:10 | 000,414,520 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswsp.sys -- (aswSP)
DRV - [2014/07/13 14:17:14 | 000,779,536 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2014/07/13 14:17:14 | 000,192,352 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2014/07/13 14:17:14 | 000,081,768 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2014/07/13 14:17:14 | 000,071,944 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aswStm.sys -- (aswStm)
DRV - [2014/07/13 14:17:14 | 000,067,824 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2014/07/13 14:17:14 | 000,049,944 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2014/07/13 14:17:14 | 000,024,184 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aswHwid.sys -- (aswHwid)
DRV - [2014/05/12 07:26:08 | 000,051,928 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV - [2014/05/12 07:25:54 | 000,023,256 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013/07/30 10:51:30 | 000,013,560 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\gfibto.sys -- (gfibto)
DRV - [2013/06/01 13:56:40 | 000,026,032 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys -- (Apowersoft_AudioDevice)
DRV - [2013/04/11 11:06:45 | 000,041,584 | ---- | M] (ThreatTrack Security) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\gfiark.sys -- (gfiark)
DRV - [2011/02/12 09:23:34 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (npf)
DRV - [2010/11/21 00:30:17 | 000,296,064 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm)
DRV - [2010/11/21 00:30:17 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus)
DRV - [2010/11/20 22:50:38 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb)
DRV - [2010/11/20 22:50:37 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV - [2010/11/20 22:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 21:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/04/28 22:01:09 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\timntr.sys -- (timounter)
DRV - [2010/04/28 22:01:09 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\System32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2010/04/26 17:22:42 | 001,011,232 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se)
DRV - [2009/08/06 14:04:04 | 000,171,520 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/07/31 12:45:56 | 000,022,912 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2009/07/25 10:57:06 | 000,275,536 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
DRV - [2009/07/22 09:18:58 | 001,161,760 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/07/15 10:28:42 | 000,023,512 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2009/07/14 11:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/14 11:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009/07/14 10:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)
DRV - [2009/07/08 03:53:06 | 000,007,680 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2009/06/23 12:04:58 | 000,024,064 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PGEffect.sys -- (PGEffect)
DRV - [2009/06/20 14:31:08 | 000,012,920 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\TVALZFL.sys -- (TVALZFL)
DRV - [2006/11/10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSAU&bmod=TSAU
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>

========== FireFox ==========

FF - prefs.js..browser.search.order.3: "Bing "
FF - prefs.js..browser.search.useDBForOrder: "false"
FF - prefs.js..extensions.enabledAddons: exif_viewer%40mozilla.doslash.org:2.00
FF - prefs.js..extensions.enabledAddons: downloader%40finalvideotools.com:1.0.1
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:2.0
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:9.0.2021.112
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:30.0
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: File not found
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\FinalVideoDownloader\Firefox [2013/10/01 09:18:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/07/15 17:45:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2014/06/11 15:42:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/06/11 15:42:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.6.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2014/05/01 20:19:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.6.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 24.6.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2014/05/01 20:19:09 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 24.6.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2012/03/21 22:31:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\new user\AppData\Roaming\mozilla\Extensions
[2014/07/19 12:33:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\new user\AppData\Roaming\mozilla\Firefox\Profiles\extensions
[2014/05/29 21:28:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\new user\AppData\Roaming\mozilla\Firefox\Profiles\extensions\searchplugins
[2014/07/17 14:01:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\new user\AppData\Roaming\mozilla\Firefox\Profiles\zv8j385y.default\extensions
[2014/06/12 21:13:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\new user\AppData\Roaming\mozilla\Firefox\Profileszv8j385y.default\extensions
[2014/06/12 21:13:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\new user\AppData\Roaming\mozilla\Firefox\Profileszv8j385y.default\extensions\staged
[2013/10/16 13:26:14 | 000,230,013 | ---- | M] () (No name found) -- C:\Users\new user\AppData\Roaming\mozilla\firefox\profiles\zv8j385y.default\extensions\[email protected]
[2014/02/14 09:41:07 | 000,384,004 | ---- | M] () (No name found) -- C:\Users\new user\AppData\Roaming\mozilla\firefox\profiles\zv8j385y.default\extensions\[email protected]
[2014/06/30 09:12:01 | 000,967,387 | ---- | M] () (No name found) -- C:\Users\new user\AppData\Roaming\mozilla\firefox\profiles\zv8j385y.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014/07/12 10:29:40 | 000,293,614 | ---- | M] () (No name found) -- C:\Users\new user\AppData\Roaming\mozilla\firefox\profiles\zv8j385y.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2014/06/19 20:30:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/06/19 20:30:32 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/07/15 17:45:08 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2013/10/01 09:18:54 | 000,000,000 | ---D | M] (FinalVideoDownloader plugin for Mozilla Firefox) -- C:\PROGRAM FILES\FINALVIDEODOWNLOADER\FIREFOX
[2004/05/07 15:31:40 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\components\MSVCR71.DLL
CHR - Extension: No name found = C:\Users\new user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\
CHR - Extension: No name found = C:\Users\new user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\new user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\new user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\new user\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.2.15747.10003_0\
CHR - Extension: No name found = C:\Users\new user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\new user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2014/07/03 16:08:53 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CanonQuickMenu] C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [HPAIO_PrintFolderMgr] C:\Windows\System32\spool\drivers\w32x86\hpoopm07.exe ()
O4 - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKCU..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)
O4 - HKCU..\Run: [DesktopReminder2ByPolenter] C:\Program Files\Desktop-Reminder 2\DesktopReminder2.exe (Polenter - Software Solutions)
O4 - Startup: C:\Users\new user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\new user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xnet Usage Monitor.lnk = C:\Program Files\Xnet Usage Monitor\XNetUsage.exe (WorldxChange Communications Limited)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\new user\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\new user\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Download Video - {3B54DEAB-C6D4-48a8-8C32-A70558643400} - C:\Program Files\FinalVideoDownloader\fvdRunner.html ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 58.28.5.2 58.28.6.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{22954387-82DA-461F-BF7C-C1C4C8D575B7}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{678A7195-B191-4A9F-8042-51607E67A254}: DhcpNameServer = 58.28.5.2 58.28.6.2
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/06/12 23:51:28 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2013/05/25 14:51:19 | 000,000,000 | ---D | M] - G:\AUTORUN -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/07/24 06:34:05 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\new user\Desktop\OTL.exe
[2014/07/20 11:09:55 | 000,000,000 | ---D | C] -- C:\FRST
[2014/07/20 11:05:30 | 001,080,320 | ---- | C] (Farbar) -- C:\Users\new user\Desktop\FRST.exe
[2014/07/18 15:56:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FastStone Image Viewer
[2014/07/18 15:56:18 | 000,000,000 | ---D | C] -- C:\Program Files\FastStone Image Viewer
[2014/07/16 23:06:47 | 000,000,000 | ---D | C] -- C:\Users\new user\Documents\Corel DVD MovieFactory
[2014/07/16 12:31:16 | 000,000,000 | ---D | C] -- C:\Users\new user\Desktop\New folder
[2014/07/15 23:42:15 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2014/07/15 22:52:54 | 000,110,296 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\MBAMSwissArmy.sys
[2014/07/15 22:52:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/07/15 22:52:02 | 000,074,456 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamchameleon.sys
[2014/07/15 22:52:02 | 000,051,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mwac.sys
[2014/07/15 22:52:02 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware
[2014/07/15 17:45:23 | 000,026,136 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswKbd.sys
[2014/07/15 17:45:01 | 000,270,752 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswNdisFlt.sys
[2014/07/13 17:50:37 | 000,000,000 | ---D | C] -- C:\Users\new user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2014/07/13 14:30:41 | 000,000,000 | ---D | C] -- C:\Users\new user\AppData\Roaming\Dropbox
[2014/07/13 14:20:37 | 000,000,000 | ---D | C] -- C:\Users\new user\AppData\Roaming\AVAST Software
[2014/07/13 14:18:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
[2014/07/13 14:17:26 | 000,071,944 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswStm.sys
[2014/07/13 14:17:24 | 000,779,536 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswSnx.sys
[2014/07/13 14:17:22 | 000,414,520 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswsp.sys
[2014/07/13 14:17:21 | 000,081,768 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswRdr2.sys
[2014/07/13 14:17:21 | 000,067,824 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswMonFlt.sys
[2014/07/13 14:17:13 | 000,043,152 | ---- | C] (AVAST Software) -- C:\windows\avastSS.scr
[2014/07/12 10:53:36 | 000,000,000 | ---D | C] -- C:\Users\new user\Desktop\TSG
[2014/07/10 09:52:59 | 000,646,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MsSpellCheckingFacility.exe
[2014/07/10 09:52:59 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieetwcollector.exe
[2014/07/10 09:52:59 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieetwproxystub.dll
[2014/07/10 09:52:59 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iernonce.dll
[2014/07/10 09:52:59 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\JavaScriptCollectionAgent.dll
[2014/07/10 09:52:58 | 002,724,864 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb
[2014/07/10 09:52:58 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieapfltr.dll
[2014/07/10 09:52:58 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll
[2014/07/10 09:52:58 | 000,367,616 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dxtmsft.dll
[2014/07/10 09:52:58 | 000,240,824 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iedkcs32.dll
[2014/07/10 09:52:58 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieUnatt.exe
[2014/07/10 09:52:58 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll
[2014/07/10 09:52:57 | 001,964,544 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inetcpl.cpl
[2014/07/10 09:52:57 | 000,595,968 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ie4uinit.exe
[2014/07/10 09:52:57 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msrating.dll
[2014/07/10 09:52:57 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iesetup.dll
[2014/07/10 09:52:56 | 000,239,616 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dxtrans.dll
[2014/07/10 09:52:56 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieetwcollectorres.dll
[2014/07/10 09:52:55 | 000,442,368 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll
[2014/07/10 09:52:54 | 001,068,032 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtmlmedia.dll
[2014/07/10 09:52:53 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MshtmlDac.dll
[2014/07/10 09:52:52 | 000,592,896 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jscript9diag.dll
[2014/07/10 09:52:51 | 004,254,720 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jscript9.dll
[2014/07/10 09:52:37 | 002,350,080 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys
[2014/07/10 09:52:37 | 000,646,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\osk.exe
[2014/07/10 09:52:29 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\qedit.dll
[2014/07/10 09:52:27 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ncrypt.dll
[2014/07/04 17:16:29 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014/07/03 15:21:38 | 000,000,000 | ---D | C] -- C:\windows\erdnt
[2014/07/03 00:36:16 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\windows\System32\sqlite3.dll
[2014/07/02 10:09:54 | 000,000,000 | ---D | C] -- C:\Users\new user\Desktop\PORK
[2014/07/01 23:18:08 | 000,000,000 | ---D | C] -- C:\windows\Minidump
[2014/06/25 15:35:57 | 000,000,000 | ---D | C] -- C:\Users\new user\Documents\Adobe Scripts

========== Files - Modified Within 30 Days ==========

[2014/07/24 06:34:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\new user\Desktop\OTL.exe
[2014/07/24 06:28:31 | 000,021,472 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/07/24 06:28:31 | 000,021,472 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/07/24 06:28:00 | 000,000,886 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/07/24 06:22:27 | 000,110,296 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\MBAMSwissArmy.sys
[2014/07/24 06:20:15 | 000,000,882 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/07/24 06:19:54 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2014/07/24 06:19:46 | 2312,097,792 | -HS- | M] () -- C:\hiberfil.sys
[2014/07/23 22:54:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2014/07/21 09:34:25 | 001,080,320 | ---- | M] (Farbar) -- C:\Users\new user\Desktop\FRST.exe
[2014/07/20 15:57:17 | 001,088,076 | ---- | M] () -- C:\Users\new user\Documents\fines_20140720_0001.tif
[2014/07/19 13:11:03 | 000,002,107 | ---- | M] () -- C:\Users\new user\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
[2014/07/18 15:54:13 | 005,621,527 | ---- | M] () -- C:\Users\new user\Desktop\FSViewerSetup51.exe
[2014/07/16 00:09:29 | 000,030,976 | ---- | M] () -- C:\windows\System32\drivers\hitmanpro37.sys
[2014/07/16 00:01:09 | 000,003,954 | ---- | M] () -- C:\windows\System32\.crusader
[2014/07/15 17:45:05 | 000,026,136 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswKbd.sys
[2014/07/15 17:45:01 | 000,270,752 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswNdisFlt.sys
[2014/07/13 14:18:10 | 000,414,520 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswsp.sys
[2014/07/13 14:17:14 | 000,779,536 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswSnx.sys
[2014/07/13 14:17:14 | 000,192,352 | ---- | M] () -- C:\windows\System32\drivers\aswVmm.sys
[2014/07/13 14:17:14 | 000,081,768 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswRdr2.sys
[2014/07/13 14:17:14 | 000,071,944 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswStm.sys
[2014/07/13 14:17:14 | 000,067,824 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswMonFlt.sys
[2014/07/13 14:17:14 | 000,049,944 | ---- | M] () -- C:\windows\System32\drivers\aswRvrt.sys
[2014/07/13 14:17:14 | 000,024,184 | ---- | M] () -- C:\windows\System32\drivers\aswHwid.sys
[2014/07/13 14:17:13 | 000,276,432 | ---- | M] (AVAST Software) -- C:\windows\System32\aswBoot.exe
[2014/07/13 14:17:13 | 000,043,152 | ---- | M] (AVAST Software) -- C:\windows\avastSS.scr
[2014/07/12 10:22:47 | 000,000,008 | RHS- | M] () -- C:\Users\new user\ntuser.pol
[2014/07/12 10:22:46 | 000,000,008 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2014/07/11 08:30:31 | 003,824,240 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2014/07/09 19:54:11 | 000,699,056 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerApp.exe
[2014/07/09 19:54:11 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl
[2014/07/07 16:55:03 | 000,763,736 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2014/07/07 16:55:03 | 000,164,118 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2014/07/03 16:08:53 | 000,000,027 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts
[2014/06/25 18:26:08 | 000,003,471 | ---- | M] () -- C:\Users\new user\AppData\Local\recently-used.xbel

========== Files Created - No Company Name ==========

[2014/07/20 15:57:17 | 001,088,076 | ---- | C] () -- C:\Users\new user\Documents\fines_20140720_0001.tif
[2014/07/18 15:54:01 | 005,621,527 | ---- | C] () -- C:\Users\new user\Desktop\FSViewerSetup51.exe
[2014/07/17 19:11:56 | 000,002,107 | ---- | C] () -- C:\Users\new user\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
[2014/07/16 00:09:29 | 000,030,976 | ---- | C] () -- C:\windows\System32\drivers\hitmanpro37.sys
[2014/07/16 00:01:09 | 000,003,954 | ---- | C] () -- C:\windows\System32\.crusader
[2014/07/13 14:17:25 | 000,192,352 | ---- | C] () -- C:\windows\System32\drivers\aswVmm.sys
[2014/07/13 14:17:22 | 000,049,944 | ---- | C] () -- C:\windows\System32\drivers\aswRvrt.sys
[2014/07/13 14:17:21 | 000,024,184 | ---- | C] () -- C:\windows\System32\drivers\aswHwid.sys
[2014/06/25 18:26:08 | 000,003,471 | ---- | C] () -- C:\Users\new user\AppData\Local\recently-used.xbel
[2014/06/06 03:35:30 | 000,004,535 | ---- | C] () -- C:\Users\new user\AppData\Roaming\CamStudio.cfg
[2014/06/06 03:35:30 | 000,000,408 | ---- | C] () -- C:\Users\new user\AppData\Roaming\CamShapes.ini
[2014/06/06 03:35:30 | 000,000,408 | ---- | C] () -- C:\Users\new user\AppData\Roaming\CamLayout.ini
[2014/06/06 03:35:30 | 000,000,096 | ---- | C] () -- C:\Users\new user\AppData\Roaming\Camdata.ini
[2014/06/06 03:34:59 | 000,000,096 | ---- | C] () -- C:\Users\new user\AppData\Roaming\version2.xml
[2014/01/31 12:09:01 | 000,000,008 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2014/01/10 13:44:36 | 000,000,132 | ---- | C] () -- C:\Users\new user\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2013/08/07 15:53:06 | 000,000,175 | ---- | C] () -- C:\windows\System32\drivers\aswVmm.sys.sum
[2013/08/07 15:53:06 | 000,000,175 | ---- | C] () -- C:\windows\System32\drivers\aswSP.sys.sum
[2013/08/07 15:53:06 | 000,000,175 | ---- | C] () -- C:\windows\System32\drivers\aswSnx.sys.sum
[2013/08/03 19:02:05 | 000,003,725 | ---- | C] () -- C:\Program Files\Mozilla Firefoxavg-secure-search.xml
[2013/06/15 22:17:55 | 000,000,195 | ---- | C] () -- C:\Users\new user\.gtk-bookmarks
[2013/06/12 18:15:23 | 000,000,008 | RHS- | C] () -- C:\Users\new user\ntuser.pol
[2013/05/06 02:06:30 | 000,000,000 | ---- | C] () -- C:\windows\PerfectPool.INI
[2013/01/17 10:37:26 | 000,104,448 | ---- | C] () -- C:\Program Files\DXBall.exe
[2012/03/17 12:05:26 | 000,108,544 | ---- | C] () -- C:\Program Files\vlc.exe
[2012/03/10 10:19:47 | 000,003,584 | ---- | C] () -- C:\Users\new user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/19 21:15:29 | 000,020,520 | ---- | C] () -- C:\Program Files\init.dat

========== ZeroAccess Check ==========

[2009/07/14 16:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/25 14:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 00:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 13:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Alternate Data Streams ==========

@Alternate Data Stream - 128 bytes -> C:\Program Files\Desktop-Reminder 2:{67005600-3500-4800-7000-70004A006400}

< End of report >

---------------------------------------------------------------------------

OTL Extras logfile created on: 7/24/2014 6:40:01 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\new user\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17207)
Locale: 00000409 | Country: New Zealand | Language: ENZ | Date Format: d/MM/yyyy

2.87 Gb Total Physical Memory | 1.74 Gb Available Physical Memory | 60.44% Memory free
5.74 Gb Paging File | 4.19 Gb Available in Paging File | 72.95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 143.17 Gb Total Space | 1.22 Gb Free Space | 0.85% Space Free | Partition Type: NTFS
Drive E: | 141.09 Gb Total Space | 139.16 Gb Free Space | 98.63% Space Free | Partition Type: NTFS
Drive F: | 465.76 Gb Total Space | 280.89 Gb Free Space | 60.31% Space Free | Partition Type: NTFS
Drive G: | 37.26 Gb Total Space | 29.63 Gb Free Space | 79.51% Space Free | Partition Type: NTFS
Drive H: | 29.28 Gb Total Space | 15.97 Gb Free Space | 54.53% Space Free | Partition Type: FAT32
Drive I: | 7.94 Gb Total Space | 7.94 Gb Free Space | 99.99% Space Free | Partition Type: FAT32

Computer Name: TOSH-2 | User Name: new user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6\Bridge.exe "%L"
Directory [Browse with FastStone] -- "C:\Program Files\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PIE Browse] -- C:\Program Files\Picmeta\PIE\PIE.exe %1 (Picmeta Systems)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{045CFF48-EFC6-4A67-A3BB-335930C29DEB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{059E0B0D-34AC-48DE-8ED7-80CECD76BFA5}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{0673AE86-01B2-42A3-9839-C2BA7D26D275}" = rport=138 | protocol=17 | dir=out | app=system | 
"{158B34C4-240A-4C1C-B1E1-38D206DC0C71}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{162B068D-AF71-4A97-98EF-E68885F192AD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{18357A55-072C-44DA-BDF1-32590238C63B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{21CA19D8-7634-4597-882D-B52325BD6F46}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{22EBA38D-BCB2-4839-BFDE-C985285C8BED}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{3194FE3C-4564-49C0-A562-A409B37D3797}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{32C5CCA0-E458-43FB-8DA2-827F05B1010D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{3435AB39-296A-4EB5-AA48-3522F0D2BA74}" = lport=139 | protocol=6 | dir=in | app=system | 
"{3E481A17-A589-493F-91EC-EBB9169642B0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{421FCA3A-FDAE-41A9-9ABF-C35601808229}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{45595918-7A98-4B7D-855F-8E7A2C17A3E4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{531A70D1-F80C-4044-9630-572BB57B60E3}" = rport=137 | protocol=17 | dir=out | app=system | 
"{6507A99F-7F25-4931-A9EC-EEBD6668F121}" = rport=445 | protocol=6 | dir=out | app=system | 
"{71151A57-CB1B-4167-A978-3130DD3C64B8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{72B47A8B-9252-4E81-B564-B9EC5976CF6D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{7CBFA385-6F25-49BC-B7C9-6219196DE992}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{866A568F-9736-4300-86DE-27ACDEA3660E}" = lport=137 | protocol=17 | dir=in | app=system | 
"{8C81D9E3-7C3A-4D46-8C35-B075A9D89C76}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{8DD574DF-837A-4D6C-9420-1DBB69AB1F8C}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{950EC11A-C81A-4B04-989D-8939F2CD4DC2}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{A3B6CC17-EBC3-4998-8047-D78737B59B41}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | 
"{A70B1099-39A1-4275-9C48-5089D56042C7}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{AFCEDF08-E192-43B0-B18B-641F10811B58}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{C641AAF4-83E4-4C1B-A4E9-6E89719673AE}" = lport=445 | protocol=6 | dir=in | app=system | 
"{CEBBB5F0-9F80-4DF0-9888-52ACD98F2FE6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D39A6D48-A0E4-4F53-B200-95AD605DC5A7}" = rport=139 | protocol=6 | dir=out | app=system | 
"{E6B89FEF-3EC8-4770-A1D6-0B5B7264C36D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{EAF01699-06C4-4AD7-AAAC-A458B1FB0AAE}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{F2E4C840-9038-44F1-9635-1558772E2EA8}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{F655F21B-639A-4248-A6A2-DA90ECBCDAE4}" = lport=138 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03C3C11C-31E7-4A5E-8121-6E1A0B445F57}" = dir=in | app=c:\program files\apowersoft\streaming video recorder\apowersoftac.dll | 
"{0A4229AA-D848-400A-BF8D-9AD2D2A0288B}" = protocol=58 | dir=out | [email protected],-28546 | 
"{151A433B-4344-452A-93E3-81938E75C7F5}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe | 
"{160ECE69-773C-4914-9495-A694EF792E5E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{2E4286C8-2A14-44D4-985E-C6D4A06CD7A8}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 
"{2EFD5444-0E21-4A17-8341-A417DAE2744E}" = protocol=17 | dir=in | app=c:\users\new user\downloads\programs\utorrent.exe | 
"{35A287D0-8FEC-46B3-BAD9-8F9D5F9B2D3A}" = dir=out | app=c:\program files\apowersoft\streaming video recorder\apowersoftdownloaderhelp.dll | 
"{38364164-3479-42D1-969A-2C2B7D93D4BE}" = dir=out | app=c:\program files\apowersoft\streaming video recorder\apowersoftsrv.dll | 
"{43206AC0-3833-4B2B-A796-BFE74E04D3B7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{45AFEB59-7F54-492B-B429-8BCB97F458B7}" = protocol=17 | dir=in | app=c:\users\new user\appdata\local\temp\7zs4328\hppiw.exe | 
"{4EAEE056-E184-4757-B31E-601EBB2A499E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{4FBC8533-C7B8-432A-B12C-B9A7CE0836E0}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 
"{56EE043A-D862-4C18-BAE6-BC225FD9A8A1}" = dir=in | app=c:\program files\apowersoft\streaming video recorder\apowersoftdownloaderhelp.dll | 
"{5F631F54-2071-4B82-8FA6-44B4AAEB0FCB}" = protocol=6 | dir=out | app=system | 
"{60BA7BDE-F3DA-45B9-9B39-2CA1AC679D8B}" = protocol=6 | dir=in | app=c:\users\new user\appdata\local\temp\7zs438a\hppiw.exe | 
"{62B0DF52-621A-4119-B797-6B93AE210F95}" = protocol=17 | dir=in | app=c:\program files\avg\avg2014\avgmfapx.exe | 
"{6A1F1B82-19EB-46B2-92AC-18D38EC1CDDB}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{6ABD816F-7D99-4A8A-8CB0-05C6C54A9350}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{72C84AD1-EF0E-4607-BD42-00F0F6084252}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{74C426FF-571A-402D-B9DE-72E5FBC72510}" = dir=out | app=c:\program files\apowersoft\streaming video recorder\apowersoftdump.dll | 
"{7A4CC5EE-DAE6-419A-81FD-EC57F38A4E2E}" = dir=in | app=c:\program files\apowersoft\streaming video recorder\apowersoftplayer.dll | 
"{7A7C5CA4-E46D-49C4-B18B-A11696323A91}" = dir=in | app=c:\program files\apowersoft\streaming video recorder\apowersoftdump.dll | 
"{869C8692-1DC5-4E14-9D58-A9A3C4C130E6}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe | 
"{87830F40-A148-43B2-984D-3B01ED9552C1}" = protocol=1 | dir=in | [email protected],-28543 | 
"{87C370DC-C714-4BEA-9784-83DC14E15A2F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{8B4AD263-4885-4E9B-B6E8-7B8BDCD87897}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{8DA9884A-5666-4308-ABBB-C70D713AA163}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{8DD0F09A-5077-4CF0-8446-61B59CB9D8AA}" = protocol=6 | dir=in | app=c:\users\new user\appdata\local\temp\7zs4328\hppiw.exe | 
"{920517BF-FACA-42C8-9BD1-DBB5AC928B8C}" = protocol=6 | dir=in | app=c:\program files\avg\avg2014\avgmfapx.exe | 
"{A4CBE391-C1A3-40B1-BDF1-41B89F9342FA}" = dir=in | app=c:\program files\apowersoft\streaming video recorder\apowersoftsrv.dll | 
"{AB6BB150-4582-440E-905C-A0D05CB0B8EF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{ABA10549-203B-481C-A384-6CF60C616BD0}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{AD828004-4BFB-4BBF-A1E9-E9A97EDE1BCD}" = dir=out | app=c:\program files\apowersoft\streaming video recorder\apowersoftac.dll | 
"{B1FF595C-E1EC-46F3-9A4A-3F17C193706B}" = protocol=6 | dir=in | app=c:\users\new user\appdata\local\temp\7zs349d\hppiw.exe | 
"{BCBC4399-7F2B-47E8-86BF-5BF938EDDCEA}" = protocol=6 | dir=in | app=c:\users\new user\appdata\roaming\utorrent\utorrent.exe | 
"{BE564729-9006-4A39-AF42-E8CA53F5882A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{BEA3E034-6956-4063-97E6-BC550A3C5909}" = dir=in | app=c:\program files\apowersoft\streaming video recorder\streaming video recorder.exe | 
"{CE49F3B4-98BF-4CB2-A99C-6698B5F756BD}" = dir=out | app=c:\program files\apowersoft\streaming video recorder\streaming video recorder.exe | 
"{CF0EF8A1-8507-445A-836D-D97CBBD8C3E4}" = protocol=6 | dir=in | app=c:\users\new user\downloads\programs\utorrent.exe | 
"{D5BB0769-1E90-4DDE-B4FB-61B0CC194211}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{D89C33D7-D245-49E2-B33A-D385FE6DFC95}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{D8E82E0D-4016-46A9-AFAB-D342E14C8128}" = protocol=17 | dir=in | app=c:\users\new user\appdata\local\temp\7zs349d\hppiw.exe | 
"{DC9F27A1-79A6-41DE-9E1D-247C861F4CFE}" = dir=out | app=c:\program files\apowersoft\streaming video recorder\apowersoftplayer.dll | 
"{DF6687F9-D486-4CD7-8638-172F8CC11936}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E77C0D21-7FD6-4F45-944B-B029F5F7241F}" = protocol=58 | dir=in | [email protected],-28545 | 
"{ECDBFB5B-27B5-4684-A77C-3750B12DC250}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{F26CE78D-0BA3-413D-A358-088CFF2DCEC2}" = protocol=1 | dir=out | [email protected],-28544 | 
"{F3B7DA76-2E63-4974-8E66-9A0C72B60B09}" = protocol=17 | dir=in | app=c:\users\new user\appdata\roaming\utorrent\utorrent.exe | 
"{F6297928-FAB6-4BBC-AE53-02E26DB12EA2}" = protocol=17 | dir=in | app=c:\users\new user\appdata\local\temp\7zs438a\hppiw.exe | 
"TCP Query User{87D262F5-1280-4A59-8733-24BB2D01C00F}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{93C12056-4022-4BA6-A604-7E9ED5E61B04}C:\users\new user\downloads\programs\utorrent.exe" = protocol=6 | dir=in | app=c:\users\new user\downloads\programs\utorrent.exe | 
"TCP Query User{BD5ABFBA-8F31-4D29-85D7-FD45AF801D08}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe | 
"TCP Query User{C3A176A0-A589-4270-849A-286FEA160B2A}C:\users\new user\appdata\roaming\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\users\new user\appdata\roaming\utorrent\utorrent.exe | 
"UDP Query User{1F060DA5-7102-483C-A0C3-FF223EAB9CBF}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{808B7AB4-B775-45C4-8740-FAC3FBA4C896}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe | 
"UDP Query User{CCC3A348-EB05-4048-8766-A36B644C12B4}C:\users\new user\downloads\programs\utorrent.exe" = protocol=17 | dir=in | app=c:\users\new user\downloads\programs\utorrent.exe | 
"UDP Query User{E9C29D3F-F01C-493D-A7B8-93511B3EB02B}C:\users\new user\appdata\roaming\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\users\new user\appdata\roaming\utorrent\utorrent.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D19B2D8-4FE4-48B2-BBA1-194B82A81230}" = Hyper-Utility2
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0FB630AB-7BD8-40AE-B223-60397D57C3C9}" = Realtek WLAN Driver
"{111EE7DF-FC45-40C7-98A7-753AC46B12FB}" = QuickTime 7
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX720_series" = Canon MX720 series MP Drivers
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{138CEA91-A651-45B0-9C2C-D69A44493E0F}" = Hyper-Utility Software Add-On
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 51
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{288487BA-D8C5-4C81-BD89-C7E49DD48E18}" = Desktop-Reminder 2
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{342126B2-10D5-409E-884B-245347A497E1}" = TOSHIBA Bulletin Board
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3D599ADA-65D9-4B51-898F-CE718DEC5DBB}" = Microsoft Image Composite Editor
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1" = Foxit Cloud
"{42451051-52B5-4D74-920A-BB49861D7253}" = TOSHIBA ReelTime
"{44510C84-AE2A-4079-A75B-D44E68D73B9A}" = CyberLink PhotoDirector 4
"{45634CA5-CFDE-4794-9C1C-65613F2A0E4E}" = Hyper-Utility2 CCD-RAW Plug-In
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{4903D172-DCCB-392F-93A3-34CA9D47FE3D}" = Microsoft .NET Framework 4.5.1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}" = Google Earth
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{50F68032-B5B7-4513-9116-C978DBD8F27A}" = DVD MovieFactory for TOSHIBA
"{53536479-DFB0-47ED-9D10-43F3708C222D}" = TOSHIBA eco Utility
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5490882C-6961-11D5-BAE5-00E0188E010B}" = FUJIFILM USB Driver
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5D063AFD-05EF-4CE8-895A-7817118B1D6A}" = Hyper-Utility2 FinePixS20Pro SHOOTING Plug-In
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{628C2C7D-8AD1-E614-E8E2-6EEAD8D5F2D0}" = Acrobat.com
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6DEF11C0-35FF-4160-A543-FDD336C4DAE5}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}" = Adobe Photoshop CS6
"{76583DD5-2BCE-46F7-ACC4-3BF37645F4E0}" = FUJIFILM Hyper-Utility Software
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skype™ 6.16
"{80B3B090-7FE0-487D-9065-5D0B3FB9FC31}" = Studio Utility
"{819A351B-09B9-4AE2-A9E9-EAFBF8952A56}" = Hyper-Utility2 Preview Print
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{89F7D66C-777D-473B-AA11-319C0F190EAC}" = TOSHIBA Internal Modem Region Select Utility
"{8AE68327-FAA7-403D-AEEC-CBBA1DE2DBAD}" = Hyper-Utility2 CustomRendered Modifier Plug-In
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E41D2A5-C0DD-4139-8C7A-2F0E1F20ED24}" = CombineZP
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9158FF30-78D7-40EF-B83E-451AC5334640}" = Adobe Photoshop CS5.1
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{934E9442-D305-4ACF-AD87-A6C11D677CB9}" = ImageMixer VCD2 for FinePix
"{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{A127C3C0-055E-38CF-B38F-1E85F8BBBFFE}" = Adobe Community Help
"{A208044D-A88B-4ACF-AE95-E4F213E6EDC0}" = TOSHIBA Supervisor Password
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{ac225167-00fc-452d-94c5-bb93600e7d9a}" = Buzzdock
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.07)
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B1709DC3-3A8C-4C29-B0E7-F033450A62A0}" = Studio Utility shooting plug-in
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B71E0018-25B9-4093-937E-13E6398B853B}" = Hyper-Utility2 File Format Plug-In
"{BB285C9F-C821-4770-8970-56C4AB52C87E}" = Skype Click to Call
"{BEA19A41-E180-40EE-A083-995A2C6B10C4}" = Hyper-Utility2 Print/Contact Sheet Output Plug-In
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE518445-0054-44F8-8315-2AD45BF3701E}" = Raw Therapee V4.0.9.50 x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0387727-C89D-4774-B643-B9333EAA09DE}" = TOSHIBA Hardware Setup
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{EE548EB1-4CF6-4A37-884D-0EA9DDB0F549}" = Hyper-Utility2 FinePixS3Pro SHOOTING Plug-In
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
"{F20E77B0-F2E0-402B-8868-BDEB5CC2D01B}" = Hyper-Utility2 Slide Show Plug-In
"{F3529665-D75E-4D6D-98F0-745C78C68E9B}" = TOSHIBA ConfigFree
"{F87FF0A2-E55F-4BF8-9D0E-1B9BD846E17B}" = Hyper-Utility2 FinePixS2Pro SHOOTING Plug-In
"{F8AFEA7D-77BD-43F3-ADF7-EF71300BEFD2}" = Microsoft Camera Codec Pack
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.22beta
"Adobe Acrobat Reader 3.01" = Adobe Acrobat Reader 3.01
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 14 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Avast" = avast! Internet Security
"Canon MX720 series On-screen Manual" = Canon MX720 series On-screen Manual
"Canon_IJ_Scan_Utility" = Canon IJ Scan Utility
"CanonMyPrinter" = Canon My Printer
"CanonQuickMenu" = Canon Quick Menu
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Desktop-Reminder 2" = Desktop-Reminder 2
"DX-Ball 1.09" = DX-Ball 1.09
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"FastStone Image Viewer" = FastStone Image Viewer 5.1
"FinalVideoDownloader_is1" = Final Video Downloader 2013
"Foxit Reader_is1" = Foxit Reader
"Free RAR Extract Frog" = Free RAR Extract Frog
"Free Screen Video Recorder_is1" = Free Screen Video Recorder version 2.5.34.605
"Free Studio_is1" = Free Studio version 5.3.5
"Gimp Resynthesizer Plugin_is1" = Gimp Resynthesizer Plugin version 0.16
"GIMP-2_is1" = GIMP 2.8.10
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP OfficeJet G Series" = HP OfficeJet G Series
"InstallShield_{342126B2-10D5-409E-884B-245347A497E1}" = TOSHIBA Bulletin Board
"InstallShield_{42451051-52B5-4D74-920A-BB49861D7253}" = TOSHIBA ReelTime
"InstallShield_{44510C84-AE2A-4079-A75B-D44E68D73B9A}" = CyberLink PhotoDirector 4
"InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}" = DVD MovieFactory for TOSHIBA
"InstallShield_{53536479-DFB0-47ED-9D10-43F3708C222D}" = TOSHIBA eco Utility
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{89F7D66C-777D-473B-AA11-319C0F190EAC}" = TOSHIBA Internal Modem Region Select Utility
"InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"LTMOH" = LSI V92 MOH Application
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.2.1012
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 30.0 (x86 en-GB)" = Mozilla Firefox 30.0 (x86 en-GB)
"Mozilla Thunderbird 24.6.0 (x86 en-US)" = Mozilla Thunderbird 24.6.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Opera 12.16.1860" = Opera 12.16
"PIE_is1" = PIE Free v6.7
"PokerStars" = PokerStars
"PrnPrint" = PrnPrint v3.47.10
"Speed Dial Utility" = Canon Speed Dial Utility
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Un-Rar for Windows" = Un-Rar for Windows 9.22beta
"VLC media player" = VLC media player 2.1.3
"Wavelet Denoise Gimp Plugin_is1" = Wavelet Denoise Gimp Plugin version 0.3.1
"WH_WorldClock31" = WorldClock 3.0
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.2
"Xnet Usage Monitor_is1" = Xnet Usage Monitor V1.9.1

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Foxit Reader Free Download Packages" = Foxit Reader Free Download Packages

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/19/2014 9:47:18 AM | Computer Name = Tosh-2 | Source = MsiInstaller | ID = 11706
Description =

Error - 7/19/2014 10:28:20 AM | Computer Name = Tosh-2 | Source = Application Error | ID = 1000
Description = Faulting application name: msiexec.exe, version: 5.0.7601.17514, time
stamp: 0x4ce792c4 Faulting module name: RPCRT4.dll, version: 6.1.7601.18205, time
stamp: 0x51db96a4 Exception code: 0xc0000005 Fault offset: 0x0001fa4b Faulting process
id: 0x16f0 Faulting application start time: 0x01cfa34c6992baea Faulting application
path: C:\windows\system32\msiexec.exe Faulting module path: C:\windows\system32\RPCRT4.dll
Report
Id: ee125d29-0f50-11e4-af79-00266c6bc8d1

Error - 7/19/2014 10:33:29 AM | Computer Name = Tosh-2 | Source = Application Error | ID = 1000
Description = Faulting application name: CS5.5ServiceManager.exe, version: 2.5.0.236,
time stamp: 0x4d2dc3bd Faulting module name: ntdll.dll, version: 6.1.7601.18247,
time stamp: 0x521ea91c Exception code: 0xc0000005 Fault offset: 0x00056b0d Faulting
process id: 0x1ce8 Faulting application start time: 0x01cfa35db3d71e2d Faulting application
path: C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe
Faulting
module path: C:\windows\SYSTEM32\ntdll.dll Report Id: a62be1e8-0f51-11e4-af79-00266c6bc8d1

Error - 7/19/2014 11:00:47 AM | Computer Name = Tosh-2 | Source = System Restore | ID = 8193
Description =

Error - 7/19/2014 11:00:58 AM | Computer Name = Tosh-2 | Source = System Restore | ID = 8193
Description =

Error - 7/19/2014 11:10:27 AM | Computer Name = Tosh-2 | Source = System Restore | ID = 8193
Description =

Error - 7/19/2014 11:10:35 AM | Computer Name = Tosh-2 | Source = System Restore | ID = 8193
Description =

Error - 7/19/2014 11:26:20 PM | Computer Name = Tosh-2 | Source = MsiInstaller | ID = 11706
Description =

Error - 7/21/2014 12:51:17 AM | Computer Name = Tosh-2 | Source = Application Error | ID = 1000
Description = Faulting application name: thunderbird.exe, version: 24.6.0.5274, 
time stamp: 0x5396c4a8 Faulting module name: xul.dll, version: 24.6.0.5274, time 
stamp: 0x5396c38c Exception code: 0xc0000005 Fault offset: 0x00a4970d Faulting process
id: 0x1c70 Faulting application start time: 0x01cfa49f658a050f Faulting application
path: C:\Program Files\Mozilla Thunderbird\thunderbird.exe Faulting module path:
C:\Program Files\Mozilla Thunderbird\xul.dll Report Id: a62d998e-1092-11e4-a940-00266c6bc8d1

Error - 7/23/2014 6:58:33 AM | Computer Name = Tosh-2 | Source = MsiInstaller | ID = 11706
Description =

[ System Events ]
Error - 7/22/2014 9:49:22 PM | Computer Name = Tosh-2 | Source = Service Control Manager | ID = 7023
Description = The HP Network Devices Support service terminated with the following
error: %%126

Error - 7/23/2014 5:42:32 AM | Computer Name = Tosh-2 | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk3\DR7.

Error - 7/23/2014 5:42:33 AM | Computer Name = Tosh-2 | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk3\DR7.

Error - 7/23/2014 5:42:33 AM | Computer Name = Tosh-2 | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk3\DR7.

Error - 7/23/2014 5:45:15 AM | Computer Name = Tosh-2 | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk3\DR8.

Error - 7/23/2014 5:45:15 AM | Computer Name = Tosh-2 | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk3\DR8.

Error - 7/23/2014 5:45:16 AM | Computer Name = Tosh-2 | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk3\DR8.

Error - 7/23/2014 5:45:16 AM | Computer Name = Tosh-2 | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk3\DR8.

Error - 7/23/2014 7:06:14 AM | Computer Name = Tosh-2 | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x8024200d: Security Update for Windows 7 (KB2667402).

Error - 7/23/2014 2:23:23 PM | Computer Name = Tosh-2 | Source = Service Control Manager | ID = 7023
Description = The HP Network Devices Support service terminated with the following
error: %%126

< End of report >


----------



## Cookiegal (Aug 27, 2003)

Before we go any further, do you see the box at the bottom of OTL now where it says Custom Scans/Fixes?


----------



## MikeJG (Jul 31, 2013)

No. I know what I'm looking for now and my screen is the same as the screenshots I sent you. That box is not there.


----------



## Cookiegal (Aug 27, 2003)

OK so OTL is of no use to us. It's the first time in over 10 years of doing this that I've seen anyone with this problem. I'm sure it has something to do with your resolution but you weren't able to fix it before so there's no point trying again.

So let's try another tool.

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.


----------



## MikeJG (Jul 31, 2013)

I have Avast but can't find how to turn it off. Apparently I should get control options by right-clicking the taskbar icon but there seems to be no such option.

I guess the windows firewall doesn't count as 'protection software'? Not that I know how to turn that off either.

I don't think there's any other protection software but how can I check?


----------



## Cookiegal (Aug 27, 2003)

I think when you right-click Avast you have to choose "avast! shields control" and the option to disable it should be there.


----------



## MikeJG (Jul 31, 2013)

I got Avast closed - thanks.

I've run JRT 3 times but there's no result log that I can find anywhere. Shortly after it starts it wants to reboot and it does nothing until it reboots. So I click Y - nothing else I can do.
Is it just me?


----------



## MikeJG (Jul 31, 2013)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Professional x86
Ran by new user on Thu 24/07/2014 at 20:41:37.32
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\new user\appdata\local\{265C28A5-82F0-414F-9A63-8AAB3475233B}
Successfully deleted: [Empty Folder] C:\Users\new user\appdata\local\{DB4EE76A-0082-4AA4-9122-497E629D695D}
Successfully deleted: [Empty Folder] C:\Users\new user\appdata\local\{E3ED23A9-8D68-48CE-BDFB-510218B75340}

~~~ FireFox

Successfully deleted the following from C:\Users\new user\AppData\Roaming\mozilla\firefox\profiles\zv8j385y.default\prefs.js

user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.cookie.testingGaq.value", "%22hxxp%3A//extclickmedia-maynemyltf.netdna-ss
user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.name", "Torntv V9.0");
Emptied folder: C:\Users\new user\AppData\Roaming\mozilla\firefox\profiles\zv8j385y.default\minidumps [216 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 24/07/2014 at 20:49:13.55
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


----------



## Cookiegal (Aug 27, 2003)

OK that's good.

Please run FRST again and post that log. I think there will be a couple of Firefox extensions that I saw in OTL that still have to be removed and we can use FRST for that since we can't get OTL to work.


----------



## MikeJG (Jul 31, 2013)

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:24-07-2014 01
Ran by new user (administrator) on TOSH-2 on 25-07-2014 08:25:26
Running from C:\Users\new user\Desktop
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Foxit Corporation) C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TEco.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Windows\System32\igfxext.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
() C:\Windows\System32\spool\drivers\w32x86\hpoopm07.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Polenter - Software Solutions) C:\Program Files\Desktop-Reminder 2\DesktopReminder2.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
(AdFender, Inc.) C:\Program Files\AdFender\AdFender.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(WorldxChange Communications Limited) C:\Program Files\Xnet Usage Monitor\XNetUsage.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agrsmsvc.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKU\S-1-5-21-2157935053-1210720638-4233388858-1010\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [21442176 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-2157935053-1210720638-4233388858-1010\...\Run: [DesktopReminder2ByPolenter] => C:\Program Files\Desktop-Reminder 2\DesktopReminder2.exe [2826256 2014-05-20] (Polenter - Software Solutions)
HKU\S-1-5-21-2157935053-1210720638-4233388858-1010\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [4624152 2014-06-25] (Piriform Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AdFender.lnk
ShortcutTarget: AdFender.lnk -> C:\Program Files\AdFender\AdFender.exe (AdFender, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\new user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\new user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xnet Usage Monitor.lnk
ShortcutTarget: Xnet Usage Monitor.lnk -> C:\Program Files\Xnet Usage Monitor\XNetUsage.exe (WorldxChange Communications Limited)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSAU&bmod=TSAU
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 58.28.5.2 58.28.6.2

FireFox:
========
FF ProfilePath: C:\Users\new user\AppData\Roaming\Mozilla\Firefox\Profiles\zv8j385y.default
FF SearchEngineOrder.3: Bing 
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @microsoft.com/GENUINE - C:\windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Extension: No Name - C:\Users\new user\AppData\Roaming\Mozilla\Firefox\profiles\extensions\searchplugins [2014-05-29]
FF Extension: Exif Viewer - C:\Users\new user\AppData\Roaming\Mozilla\Firefox\Profiles\zv8j385y.default\Extensions\[email protected] [2013-10-16]
FF Extension: Awesome screenshot: Capture and Annotate - C:\Users\new user\AppData\Roaming\Mozilla\Firefox\Profiles\zv8j385y.default\Extensions\[email protected] [2013-10-16]
FF Extension: Adblock Plus - C:\Users\new user\AppData\Roaming\Mozilla\Firefox\Profiles\zv8j385y.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-08-21]
FF Extension: Greasemonkey - C:\Users\new user\AppData\Roaming\Mozilla\Firefox\Profiles\zv8j385y.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2013-07-15]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-06-11]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\FinalVideoDownloader\Firefox
FF Extension: FinalVideoDownloader plugin for Mozilla Firefox - C:\Program Files\FinalVideoDownloader\Firefox [2013-04-10]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-07-13]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 2009-03-28] (LSI Corporation)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-13] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [106488 2014-07-15] (AVAST Software)
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
R2 cfWiMAXService; C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [185712 2009-08-11] (TOSHIBA CORPORATION)
R2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [46448 2009-03-11] (TOSHIBA CORPORATION)
R2 FoxitCloudUpdateService; C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [242728 2014-07-01] (Foxit Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 MSSQL$MSSMLBIZ; c:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
R2 RSELSVC; C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe [62832 2009-07-08] (TOSHIBA Corporation)
S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R3 TMachInfo; C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [51512 2009-08-18] (TOSHIBA Corporation)
R2 TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [185712 2009-08-12] (TOSHIBA Corporation)
R3 TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [111960 2009-08-04] (TOSHIBA Corporation)
R3 TPCHSrv; C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [685424 2009-08-07] (TOSHIBA Corporation)
S2 HPSLPSVC; C:\Users\new user\AppData\Local\Temp\7zS7DC9\hpslpsvc32.dll [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 Afc; C:\windows\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
S3 Apowersoft_AudioDevice; C:\windows\System32\drivers\Apowersoft_AudioDevice.sys [26032 2013-06-01] (Wondershare)
R2 aswHwid; C:\windows\system32\drivers\aswHwid.sys [24184 2014-07-13] ()
R1 aswKbd; C:\windows\system32\drivers\aswKbd.sys [26136 2014-07-15] (AVAST Software)
R2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [67824 2014-07-13] (AVAST Software)
R0 aswNdisFlt; C:\windows\System32\DRIVERS\aswNdisFlt.sys [270752 2014-07-15] (AVAST Software)
R1 aswRdr; C:\windows\system32\drivers\aswRdr2.sys [81768 2014-07-13] (AVAST Software)
R0 aswRvrt; C:\windows\system32\Drivers\aswRvrt.sys [49944 2014-07-13] ()
R1 aswSnx; C:\windows\system32\drivers\aswSnx.sys [779536 2014-07-13] (AVAST Software)
R1 aswSP; C:\windows\system32\drivers\aswSP.sys [414520 2014-07-13] (AVAST Software)
R2 aswStm; C:\windows\system32\drivers\aswStm.sys [71944 2014-07-13] (AVAST Software)
R0 aswVmm; C:\windows\system32\Drivers\aswVmm.sys [192352 2014-07-13] ()
R3 Dot4Scan; C:\windows\System32\DRIVERS\Dot4Scan.sys [10752 2009-07-14] (Microsoft Corporation)
S3 gfiark; C:\windows\System32\drivers\gfiark.sys [41584 2013-04-11] (ThreatTrack Security)
R0 gfibto; C:\windows\System32\drivers\gfibto.sys [13560 2013-07-30] (GFI Software)
S3 hitmanpro37; C:\windows\system32\drivers\hitmanpro37.sys [30976 2014-07-16] ()
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-07-25] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)
R2 npf; C:\windows\System32\drivers\npf.sys [35088 2011-02-12] (CACE Technologies, Inc.)
R3 PGEffect; C:\windows\System32\DRIVERS\pgeffect.sys [24064 2009-06-23] (TOSHIBA Corporation)
R2 tifsfilter; C:\windows\System32\DRIVERS\tifsfilt.sys [44384 2010-04-28] (Acronis)
R2 TVALZFL; C:\windows\System32\DRIVERS\TVALZFL.sys [12920 2009-06-20] (TOSHIBA Corporation)
S3 usbsermptxp; C:\windows\System32\DRIVERS\usbsermptxp.sys [25600 2011-11-21] (Microsoft Corporation) [File not signed]
R3 vpcbus; C:\windows\System32\DRIVERS\vpchbus.sys [172416 2010-11-21] (Microsoft Corporation)
R1 vpcnfltr; C:\windows\System32\DRIVERS\vpcnfltr.sys [48128 2010-11-20] (Microsoft Corporation)
R3 vpcusb; C:\windows\System32\DRIVERS\vpcusb.sys [78336 2010-11-20] (Microsoft Corporation)
R1 vpcvmm; C:\windows\System32\drivers\vpcvmm.sys [296064 2010-11-21] (Microsoft Corporation)
S3 BTCFilterService; system32\DRIVERS\motfilt.sys [X]
S3 motccgp; system32\DRIVERS\motccgp.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 motmodem; system32\DRIVERS\motmodem.sys [X]
S3 MotoSwitchService; system32\DRIVERS\motswch.sys [X]
S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [X]
S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X]
S3 ProcObsrv; \??\C:\Program Files\Glary Utilities 3\ProcObsrv.sys [X]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
S0 vmci; system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-25 08:25 - 2014-07-25 08:25 - 00019477 _____ () C:\Users\new user\Desktop\FRST.txt
2014-07-25 08:25 - 2014-07-25 08:25 - 00000000 ____D () C:\Users\new user\Desktop\FRST-OlderVersion
2014-07-24 10:35 - 2014-07-24 10:35 - 01016261 _____ (Thisisu) C:\Users\new user\Desktop\JRT(1).exe
2014-07-24 10:30 - 2014-07-24 10:30 - 00016896 _____ () C:\Users\new user\Desktop\k10d cheat sheet.xls
2014-07-24 08:22 - 2014-07-24 08:22 - 00000132 _____ () C:\Users\new user\AppData\Roaming\Adobe BMP Format CS5 Prefs
2014-07-24 06:34 - 2014-07-24 06:34 - 00602112 _____ (OldTimer Tools) C:\Users\new user\Desktop\OTL.exe
2014-07-20 15:57 - 2014-07-20 15:57 - 01088076 _____ () C:\Users\new user\Documents\fines_20140720_0001.tif
2014-07-20 11:09 - 2014-07-25 08:25 - 00000000 ____D () C:\FRST
2014-07-20 11:05 - 2014-07-25 08:25 - 01084416 _____ (Farbar) C:\Users\new user\Desktop\FRST.exe
2014-07-19 12:17 - 2014-07-23 13:45 - 00007156 _____ () C:\windows\PFRO.log
2014-07-18 15:56 - 2014-07-18 15:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FastStone Image Viewer
2014-07-18 15:56 - 2014-07-18 15:56 - 00000000 ____D () C:\Program Files\FastStone Image Viewer
2014-07-17 18:59 - 2014-07-17 19:00 - 37444312 _____ (Foxit Corporation ) C:\Users\new user\Downloads\FoxitReader621.0618_enu_Setup.exe
2014-07-16 23:06 - 2014-07-16 23:06 - 00000000 ____D () C:\Users\new user\Documents\Corel DVD MovieFactory
2014-07-16 12:31 - 2014-07-16 13:33 - 00000000 ____D () C:\Users\new user\Desktop\New folder
2014-07-16 10:33 - 2014-07-25 08:15 - 00000840 _____ () C:\windows\setupact.log
2014-07-16 10:33 - 2014-07-16 10:33 - 00000000 _____ () C:\windows\setuperr.log
2014-07-16 02:21 - 2014-07-16 02:21 - 04814144 _____ (Piriform Ltd) C:\Users\new user\Downloads\ccsetup415pro.exe
2014-07-16 00:09 - 2014-07-16 00:09 - 00030976 _____ () C:\windows\system32\Drivers\hitmanpro37.sys
2014-07-16 00:01 - 2014-07-16 00:01 - 00003954 _____ () C:\windows\system32\.crusader
2014-07-15 23:42 - 2014-07-16 00:00 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-07-15 22:52 - 2014-07-25 08:21 - 00110296 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-15 22:52 - 2014-07-15 22:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-15 22:52 - 2014-07-15 22:52 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-07-15 22:52 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-07-15 22:52 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-07-15 17:45 - 2014-07-15 17:45 - 00270752 _____ (AVAST Software) C:\windows\system32\Drivers\aswNdisFlt.sys
2014-07-15 17:45 - 2014-07-15 17:45 - 00026136 _____ (AVAST Software) C:\windows\system32\Drivers\aswKbd.sys
2014-07-13 17:50 - 2014-07-13 17:50 - 00000000 ____D () C:\Users\new user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-07-13 17:47 - 2014-07-13 17:47 - 00101515 _____ () C:\Users\new user\Downloads\DesktopOK.zip
2014-07-13 14:30 - 2014-07-13 17:50 - 00000000 ____D () C:\Users\new user\AppData\Roaming\Dropbox
2014-07-13 14:20 - 2014-07-13 14:20 - 00000000 ____D () C:\Users\new user\AppData\Roaming\AVAST Software
2014-07-13 14:18 - 2014-07-15 17:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-07-13 14:17 - 2014-07-13 14:18 - 00414520 _____ (AVAST Software) C:\windows\system32\Drivers\aswsp.sys
2014-07-13 14:17 - 2014-07-13 14:17 - 00779536 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys
2014-07-13 14:17 - 2014-07-13 14:17 - 00192352 _____ () C:\windows\system32\Drivers\aswVmm.sys
2014-07-13 14:17 - 2014-07-13 14:17 - 00081768 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2014-07-13 14:17 - 2014-07-13 14:17 - 00071944 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys
2014-07-13 14:17 - 2014-07-13 14:17 - 00067824 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2014-07-13 14:17 - 2014-07-13 14:17 - 00049944 _____ () C:\windows\system32\Drivers\aswRvrt.sys
2014-07-13 14:17 - 2014-07-13 14:17 - 00043152 _____ (AVAST Software) C:\windows\avastSS.scr
2014-07-13 14:17 - 2014-07-13 14:17 - 00024184 _____ () C:\windows\system32\Drivers\aswHwid.sys
2014-07-13 13:34 - 2014-07-13 13:34 - 04862664 _____ (AVAST Software) C:\Users\new user\Downloads\avast_free_antivirus_setup_online.exe
2014-07-12 10:53 - 2014-07-24 21:07 - 00000000 ____D () C:\Users\new user\Desktop\TSG
2014-07-10 09:52 - 2014-06-21 07:39 - 00240824 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-07-10 09:52 - 2014-06-19 12:16 - 17276416 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-07-10 09:52 - 2014-06-19 11:56 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-07-10 09:52 - 2014-06-19 11:56 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-07-10 09:52 - 2014-06-19 11:38 - 00455168 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-07-10 09:52 - 2014-06-19 11:37 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-07-10 09:52 - 2014-06-19 11:36 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-07-10 09:52 - 2014-06-19 11:35 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-07-10 09:52 - 2014-06-19 11:32 - 02179072 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-07-10 09:52 - 2014-06-19 11:28 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-07-10 09:52 - 2014-06-19 11:28 - 00032768 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-07-10 09:52 - 2014-06-19 11:25 - 00442368 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-07-10 09:52 - 2014-06-19 11:23 - 00112128 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-07-10 09:52 - 2014-06-19 11:23 - 00108032 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-07-10 09:52 - 2014-06-19 11:22 - 00592896 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-07-10 09:52 - 2014-06-19 11:16 - 00646144 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-07-10 09:52 - 2014-06-19 11:12 - 00367616 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-07-10 09:52 - 2014-06-19 11:06 - 00032256 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-07-10 09:52 - 2014-06-19 11:01 - 00164864 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-07-10 09:52 - 2014-06-19 10:59 - 00069632 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-07-10 09:52 - 2014-06-19 10:58 - 00239616 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-07-10 09:52 - 2014-06-19 10:52 - 04254720 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-07-10 09:52 - 2014-06-19 10:52 - 00595968 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-07-10 09:52 - 2014-06-19 10:49 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-07-10 09:52 - 2014-06-19 10:46 - 01068032 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-07-10 09:52 - 2014-06-19 10:45 - 01964544 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-07-10 09:52 - 2014-06-19 10:35 - 11742208 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-07-10 09:52 - 2014-06-19 10:13 - 01791488 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-07-10 09:52 - 2014-06-19 10:09 - 01139200 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-07-10 09:52 - 2014-06-19 10:07 - 00704512 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-07-10 09:52 - 2014-06-18 13:51 - 00646144 _____ (Microsoft Corporation) C:\windows\system32\osk.exe
2014-07-10 09:52 - 2014-06-18 12:52 - 02350080 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-07-10 09:52 - 2014-06-06 21:44 - 00509440 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2014-07-10 09:52 - 2014-06-06 02:26 - 01059840 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-07-10 09:52 - 2014-05-30 19:52 - 00550912 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-07-10 09:52 - 2014-05-30 19:52 - 00259584 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2014-07-10 09:52 - 2014-05-30 19:52 - 00247808 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-07-10 09:52 - 2014-05-30 19:52 - 00220160 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2014-07-10 09:52 - 2014-05-30 19:52 - 00172032 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2014-07-10 09:52 - 2014-05-30 19:52 - 00065536 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-07-10 09:52 - 2014-05-30 19:52 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-07-10 09:52 - 2014-05-30 18:36 - 00338944 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2014-07-07 10:20 - 2014-07-07 10:21 - 01058200 _____ (Adobe) C:\Users\new user\Downloads\install_flashplayer14x32au_ltr5x32d_awc_aih.exe
2014-07-03 19:11 - 2014-07-03 19:12 - 01079825 _____ () C:\Users\new user\Downloads\autostitch.zip
2014-07-03 15:21 - 2014-07-03 15:36 - 00000000 ____D () C:\windows\erdnt
2014-07-03 00:36 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\windows\system32\sqlite3.dll
2014-07-02 10:09 - 2014-07-02 10:15 - 00000000 ____D () C:\Users\new user\Desktop\PORK
2014-07-01 23:18 - 2014-07-16 02:26 - 00000000 ____D () C:\windows\Minidump
2014-06-30 09:22 - 2014-06-30 09:22 - 01057176 _____ (Adobe) C:\Users\new user\Downloads\install_flashplayer14x32_mssd_aaa_aih.exe
2014-06-26 12:43 - 2014-06-26 12:43 - 09598190 _____ (Udi Fuchs ) C:\Users\new user\Downloads\ufraw-0.19.2-2-setup(1).exe
2014-06-25 23:37 - 2014-06-25 23:38 - 20364804 _____ () C:\Users\new user\Downloads\RawTherapee_WinXP_32_4.0.11.9.zip
2014-06-25 18:26 - 2014-06-25 18:26 - 00003471 _____ () C:\Users\new user\AppData\Local\recently-used.xbel
2014-06-25 15:35 - 2014-06-25 15:35 - 00000000 ____D () C:\Users\new user\Documents\Adobe Scripts

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-25 08:26 - 2014-07-25 08:25 - 00019477 _____ () C:\Users\new user\Desktop\FRST.txt
2014-07-25 08:26 - 2011-12-11 19:11 - 00000000 ____D () C:\Users\new user\AppData\Local\Adobe
2014-07-25 08:25 - 2014-07-25 08:25 - 00000000 ____D () C:\Users\new user\Desktop\FRST-OlderVersion
2014-07-25 08:25 - 2014-07-20 11:09 - 00000000 ____D () C:\FRST
2014-07-25 08:25 - 2014-07-20 11:05 - 01084416 _____ (Farbar) C:\Users\new user\Desktop\FRST.exe
2014-07-25 08:25 - 2010-04-26 04:16 - 01654979 _____ () C:\windows\WindowsUpdate.log
2014-07-25 08:21 - 2014-07-15 22:52 - 00110296 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-25 08:17 - 2014-06-17 14:26 - 00000000 ____D () C:\Users\new user\Documents\DesktopReminder
2014-07-25 08:15 - 2014-07-16 10:33 - 00000840 _____ () C:\windows\setupact.log
2014-07-25 08:15 - 2014-02-10 16:57 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-25 08:15 - 2010-04-27 19:31 - 00000882 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-25 08:15 - 2009-07-14 16:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-07-25 00:09 - 2014-02-10 16:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-25 00:01 - 2011-12-21 21:24 - 00000000 ____D () C:\Users\new user\AppData\Local\PokerStars
2014-07-24 23:54 - 2013-08-03 15:47 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-07-24 23:28 - 2010-04-27 19:31 - 00000886 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-24 21:07 - 2014-07-12 10:53 - 00000000 ____D () C:\Users\new user\Desktop\TSG
2014-07-24 20:41 - 2014-01-09 15:29 - 00000000 ____D () C:\Users\new user\Desktop\FLYJOBS
2014-07-24 18:40 - 2013-12-09 19:13 - 00000000 ____D () C:\Users\new user\AppData\Roaming\vlc
2014-07-24 11:40 - 2012-10-02 11:32 - 00000000 ____D () C:\Users\new user\Documents\ADDRESSES PHONES - copied to Touro
2014-07-24 11:15 - 2009-07-14 16:34 - 00021472 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-24 11:15 - 2009-07-14 16:34 - 00021472 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-24 10:35 - 2014-07-24 10:35 - 01016261 _____ (Thisisu) C:\Users\new user\Desktop\JRT(1).exe
2014-07-24 10:30 - 2014-07-24 10:30 - 00016896 _____ () C:\Users\new user\Desktop\k10d cheat sheet.xls
2014-07-24 08:22 - 2014-07-24 08:22 - 00000132 _____ () C:\Users\new user\AppData\Roaming\Adobe BMP Format CS5 Prefs
2014-07-24 06:34 - 2014-07-24 06:34 - 00602112 _____ (OldTimer Tools) C:\Users\new user\Desktop\OTL.exe
2014-07-23 14:26 - 2014-01-29 19:47 - 00000000 ____D () C:\ProgramData\dkaegflhijigdlnfhgflhbpfhclepclp
2014-07-23 13:45 - 2014-07-19 12:17 - 00007156 _____ () C:\windows\PFRO.log
2014-07-22 08:18 - 2009-07-14 16:52 - 00000000 ____D () C:\windows\Offline Web Pages
2014-07-21 10:04 - 2012-03-23 14:42 - 00000000 ____D () C:\Users\new user\AppData\Roaming\Skype
2014-07-20 16:13 - 2014-02-10 10:01 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-07-20 15:57 - 2014-07-20 15:57 - 01088076 _____ () C:\Users\new user\Documents\fines_20140720_0001.tif
2014-07-20 00:23 - 2013-10-17 14:55 - 00000000 ____D () C:\Users\new user\AppData\Roaming\uTorrent
2014-07-19 12:33 - 2013-12-01 12:44 - 00000000 ____D () C:\AdwCleaner
2014-07-18 16:27 - 2012-05-25 13:50 - 00000000 ____D () C:\Users\new user\Desktop\SHORTCUTS
2014-07-18 15:56 - 2014-07-18 15:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FastStone Image Viewer
2014-07-18 15:56 - 2014-07-18 15:56 - 00000000 ____D () C:\Program Files\FastStone Image Viewer
2014-07-17 19:00 - 2014-07-17 18:59 - 37444312 _____ (Foxit Corporation ) C:\Users\new user\Downloads\FoxitReader621.0618_enu_Setup.exe
2014-07-16 23:06 - 2014-07-16 23:06 - 00000000 ____D () C:\Users\new user\Documents\Corel DVD MovieFactory
2014-07-16 13:33 - 2014-07-16 12:31 - 00000000 ____D () C:\Users\new user\Desktop\New folder
2014-07-16 10:33 - 2014-07-16 10:33 - 00000000 _____ () C:\windows\setuperr.log
2014-07-16 02:26 - 2014-07-01 23:18 - 00000000 ____D () C:\windows\Minidump
2014-07-16 02:24 - 2014-04-11 08:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-07-16 02:24 - 2014-04-11 08:47 - 00000000 ____D () C:\Program Files\CCleaner
2014-07-16 02:21 - 2014-07-16 02:21 - 04814144 _____ (Piriform Ltd) C:\Users\new user\Downloads\ccsetup415pro.exe
2014-07-16 00:09 - 2014-07-16 00:09 - 00030976 _____ () C:\windows\system32\Drivers\hitmanpro37.sys
2014-07-16 00:01 - 2014-07-16 00:01 - 00003954 _____ () C:\windows\system32\.crusader
2014-07-16 00:00 - 2014-07-15 23:42 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-07-15 23:25 - 2009-08-19 22:30 - 00000000 ____D () C:\windows\Panther
2014-07-15 22:52 - 2014-07-15 22:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-15 22:52 - 2014-07-15 22:52 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-07-15 22:52 - 2013-12-02 13:28 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-15 17:46 - 2014-07-13 14:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-07-15 17:45 - 2014-07-15 17:45 - 00270752 _____ (AVAST Software) C:\windows\system32\Drivers\aswNdisFlt.sys
2014-07-15 17:45 - 2014-07-15 17:45 - 00026136 _____ (AVAST Software) C:\windows\system32\Drivers\aswKbd.sys
2014-07-13 17:50 - 2014-07-13 17:50 - 00000000 ____D () C:\Users\new user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-07-13 17:50 - 2014-07-13 14:30 - 00000000 ____D () C:\Users\new user\AppData\Roaming\Dropbox
2014-07-13 17:47 - 2014-07-13 17:47 - 00101515 _____ () C:\Users\new user\Downloads\DesktopOK.zip
2014-07-13 14:28 - 2014-03-09 15:36 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-07-13 14:20 - 2014-07-13 14:20 - 00000000 ____D () C:\Users\new user\AppData\Roaming\AVAST Software
2014-07-13 14:18 - 2014-07-13 14:17 - 00414520 _____ (AVAST Software) C:\windows\system32\Drivers\aswsp.sys
2014-07-13 14:17 - 2014-07-13 14:17 - 00779536 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys
2014-07-13 14:17 - 2014-07-13 14:17 - 00192352 _____ () C:\windows\system32\Drivers\aswVmm.sys
2014-07-13 14:17 - 2014-07-13 14:17 - 00081768 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2014-07-13 14:17 - 2014-07-13 14:17 - 00071944 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys
2014-07-13 14:17 - 2014-07-13 14:17 - 00067824 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2014-07-13 14:17 - 2014-07-13 14:17 - 00049944 _____ () C:\windows\system32\Drivers\aswRvrt.sys
2014-07-13 14:17 - 2014-07-13 14:17 - 00043152 _____ (AVAST Software) C:\windows\avastSS.scr
2014-07-13 14:17 - 2014-07-13 14:17 - 00024184 _____ () C:\windows\system32\Drivers\aswHwid.sys
2014-07-13 14:17 - 2013-08-07 15:02 - 00276432 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2014-07-13 14:13 - 2013-08-07 15:00 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-07-13 13:34 - 2014-07-13 13:34 - 04862664 _____ (AVAST Software) C:\Users\new user\Downloads\avast_free_antivirus_setup_online.exe
2014-07-12 10:22 - 2014-01-31 12:09 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-07-12 10:22 - 2013-06-12 18:15 - 00000008 __RSH () C:\Users\new user\ntuser.pol
2014-07-12 10:19 - 2009-07-14 14:37 - 00000000 ___HD () C:\windows\system32\GroupPolicy
2014-07-11 15:42 - 2013-07-29 18:34 - 00000000 ____D () C:\windows\rescache
2014-07-11 08:30 - 2009-07-14 16:33 - 03824240 _____ () C:\windows\system32\FNTCACHE.DAT
2014-07-11 08:28 - 2009-07-14 19:49 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-11 01:08 - 2013-07-31 00:43 - 00000000 ____D () C:\windows\system32\MRT
2014-07-11 01:05 - 2010-04-25 20:10 - 93585272 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-07-09 19:54 - 2013-08-03 15:47 - 00699056 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2014-07-09 19:54 - 2013-08-03 15:47 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
2014-07-08 17:00 - 2013-08-20 20:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FLV Downloader
2014-07-08 14:56 - 2014-05-24 22:19 - 00018432 _____ () C:\Users\new user\Documents\Piano Songs.xls
2014-07-07 16:55 - 2009-08-19 22:20 - 00916082 _____ () C:\windows\system32\PerfStringBackup.INI
2014-07-07 10:21 - 2014-07-07 10:20 - 01058200 _____ (Adobe) C:\Users\new user\Downloads\install_flashplayer14x32au_ltr5x32d_awc_aih.exe
2014-07-05 10:53 - 2014-01-29 19:47 - 00000000 ____D () C:\ProgramData\bcd57b4b288889a8
2014-07-05 09:54 - 2009-07-14 14:04 - 00000856 _____ () C:\windows\win.ini
2014-07-04 17:15 - 2009-07-14 14:04 - 00000215 _____ () C:\windows\system.ini
2014-07-04 11:37 - 2013-10-01 09:47 - 00000000 ____D () C:\ProgramData\TEMP
2014-07-03 22:11 - 2014-06-17 14:25 - 00000000 ____D () C:\Program Files\Desktop-Reminder 2
2014-07-03 19:18 - 2012-06-18 15:34 - 00000000 ____D () C:\Users\new user\.gimp-2.8
2014-07-03 19:12 - 2014-07-03 19:11 - 01079825 _____ () C:\Users\new user\Downloads\autostitch.zip
2014-07-03 15:37 - 2009-07-14 14:37 - 00000000 __RHD () C:\Users\Default
2014-07-03 15:37 - 2009-07-14 14:37 - 00000000 ___RD () C:\Users\Public
2014-07-03 15:36 - 2014-07-03 15:21 - 00000000 ____D () C:\windows\erdnt
2014-07-02 10:15 - 2014-07-02 10:09 - 00000000 ____D () C:\Users\new user\Desktop\PORK
2014-06-30 09:22 - 2014-06-30 09:22 - 01057176 _____ (Adobe) C:\Users\new user\Downloads\install_flashplayer14x32_mssd_aaa_aih.exe
2014-06-26 12:46 - 2012-05-12 17:24 - 00000000 ___RD () C:\Users\new user\Virtual Machines
2014-06-26 12:43 - 2014-06-26 12:43 - 09598190 _____ (Udi Fuchs ) C:\Users\new user\Downloads\ufraw-0.19.2-2-setup(1).exe
2014-06-26 00:27 - 2011-12-21 21:24 - 00000000 ____D () C:\Program Files\PokerStars
2014-06-25 23:38 - 2014-06-25 23:37 - 20364804 _____ () C:\Users\new user\Downloads\RawTherapee_WinXP_32_4.0.11.9.zip
2014-06-25 18:26 - 2014-06-25 18:26 - 00003471 _____ () C:\Users\new user\AppData\Local\recently-used.xbel
2014-06-25 18:25 - 2014-03-24 16:29 - 00000000 ____D () C:\Users\new user\AppData\Local\gtk-2.0
2014-06-25 15:35 - 2014-06-25 15:35 - 00000000 ____D () C:\Users\new user\Documents\Adobe Scripts

Some content of TEMP:
====================
C:\Users\new user\AppData\Local\Temp\Foxit Reader Updater.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-07-08 13:24

==================== End Of Log ============================


----------



## Cookiegal (Aug 27, 2003)

Please download the attached *fixlist.txt* file and save it where you saved FRST (which should be the desktop).

*NOTE:* It's important that both files, *FRST* and *fixlist.txt *are in the same location (preferably on the desktop) or the fix will not work.

Run *FRST/FRST64* and press the *Fix* button just once and then wait.

If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after the restart.

*NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.*

The tool will make a log on the Desktop (Fixlog.txt). Please post it in your reply.


----------



## MikeJG (Jul 31, 2013)

I opened the file you attached, saved it (file > save as > desktop) and it sits on the desktop near the FRST scanner. I ran FRST (Run *FRST/FRST64* and press the *Fix* button  does that mean before or after the scan?) and the scan log is on the desktop. Then I opened FRST and clicked FIX. My attachment shows that it wouldnt run. I cant find any way to make it work. 
Im a bit sick of feeling computer-illiterate and stupid.


----------



## Cookiegal (Aug 27, 2003)

You changed the name of the file. You can't change the name. That's why FRST can't find it.


----------



## MikeJG (Jul 31, 2013)

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:24-07-2014 01
Ran by new user at 2014-07-26 10:22:30 Run:2
Running from C:\Users\new user\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
FF Extension: Exif Viewer - C:\Users\new user\AppData\Roaming\Mozilla\Firefox\Profiles\zv8j385y.default\Extensions\[email protected] [2013-10-16]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-06-11]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\FinalVideoDownloader\Firefox
FF Extension: FinalVideoDownloader plugin for Mozilla Firefox - C:\Program Files\FinalVideoDownloader\Firefox [2013-04-10]
2014-07-23 14:26 - 2014-01-29 19:47 - 00000000 ____D () C:\ProgramData\dkaegflhijigdlnfhgflhbpfhclepclp
2014-07-08 17:00 - 2013-08-20 20:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FLV Downloader
2014-07-05 10:53 - 2014-01-29 19:47 - 00000000 ____D () C:\ProgramData\bcd57b4b288889a8

*****************

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Error deleting key. The key could be protected.
"HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
C:\Users\new user\AppData\Roaming\Mozilla\Firefox\Profiles\zv8j385y.default\Extensions\[email protected] => Moved successfully.
C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi => Moved successfully.
HKLM\Software\Mozilla\Firefox\Extensions\\[email protected] => value deleted successfully.
C:\Program Files\FinalVideoDownloader\Firefox => Moved successfully.
C:\ProgramData\dkaegflhijigdlnfhgflhbpfhclepclp => Moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FLV Downloader => Moved successfully.
C:\ProgramData\bcd57b4b288889a8 => Moved successfully.

==== End of Fixlog ====


----------



## Cookiegal (Aug 27, 2003)

How are things with the machine now?


----------



## MikeJG (Jul 31, 2013)

Firefox is all ok and I don't see any of those ads now. As far as I can tell so far all seems well. 
I have Avast working and Firefox is cleaned everytime it's turned off. No cookies or anything.
Is there anything else you think should be done or any other installations I should make or would be usefull?


----------



## Cookiegal (Aug 27, 2003)

Are you running the NoScript add-on for Firefox? That gives another level of protection as it prevents websites from running scripts and other types of potential exploits unless you specifically allow them.

It's also important to make sure all of your software is up to date with the latest version. That includes browsers, Adobe Reader and Flash, Java, etc.


----------



## MikeJG (Jul 31, 2013)

I have installed the NoScript addon in Firefox. Thanks for that. Ive yet to find out what it does. I have found a few Word documents with the TicTacCoupon Ads and Im sure there are more through the computer. They are all filed on an external drive. Is there something I can apply to individual documents as I come across them? Or something that will deal with them computer-wide. Or to a particular drive? There are certainly not as many of them as originally but its quite a job to clean them up manually.


----------



## Cookiegal (Aug 27, 2003)

That looks like a web page that has been copied to Word. If the links were there when you copied it then I don't know of any way to remove them other than editing the documents.

Do you have the same documents on your primary drive?

What website did you copy the information from?


----------



## MikeJG (Jul 31, 2013)

Yes. I'd copy the text and illustrations from a web page to a Word doc. The links were visible on the web page and would copy to the Word doc and still be active there. I'd edit the Word doc to remove them. The page in th screenshot is a public info site about national animal care - safe enough I'd have thought. I can't find the same web pages but when similar sites are opened I don't see those TicTac links. I'm not too bothered by what remains as I know I can fix them. I just thought there might be another way 

But I do find that when I log in and then leave a forum &#8211;TSG &#8211; my login details are not remembered and I have to retype them. Can I get back to automatic login? What programme causes that and are there settings I can make? 

Final Video Downloader had an icon by the toolbar, top left, that could activate Final in one click to download the video I&#8217;m watching with Firefox. That has disappeared but all I can find is info that it should be there. There is an icon on the taskbar but that is a 5-step process. I can&#8217;t find anything to correct it. Are you able to help? 

NoScript (?) seems to make some web pages unreadable. Is that because of a Java requirement that some sites don&#8217;t have? Is Java any use to me on my computer if I&#8217;m not computer programming? I look up the phone directory, for example, and there&#8217;s a tab next to the name saying &#8216;Call us&#8217;. That&#8217;s the phone number I&#8217;m looking for and the link doesn&#8217;t work. Java or NoScript? It looks as though I&#8217;m going to keep on discovering things like this as I go along.


----------



## Cookiegal (Aug 27, 2003)

MikeJG said:


> Yes. I'd copy the text and illustrations from a web page to a Word doc. The links were visible on the web page and would copy to the Word doc and still be active there. I'd edit the Word doc to remove them. The page in th screenshot is a public info site about national animal care - safe enough I'd have thought. I can't find the same web pages but when similar sites are opened I don't see those TicTac links. I'm not too bothered by what remains as I know I can fix them. I just thought there might be another way


Unfortunately, not that I know of after the fact. If the links were there when you copied the text then they will be there and active in the document. But there is a way to remove the links from the text when pasting it into Word. When you paste the text, in the bottom right-hand corner you should see some icons with a few paste options, one of which is "text only". If you hover over that you will see that the links and other formatting disappear and if you click on it it will make the changes permanent. Here's a link explaining it better. Scroll down to "How to Use Paste Special" (You can use that page which has a link to test it out):

http://www.computerhope.com/jargon/p/pastespe.htm



> But I do find that when I log in and then leave a forum TSG  my login details are not remembered and I have to retype them. Can I get back to automatic login? What programme causes that and are there settings I can make?


That could be NoScript. You have to allow techguy.org and tsgstatic.com in NoScript. You should see an S at the top right of your screren with a red circle with a line through it. This is created by NoScript. If you click on it you will see options such as "allow techguy.org" so you just need to click on that to allow the sites you trust.


> Final Video Downloader had an icon by the toolbar, top left, that could activate Final in one click to download the video Im watching with Firefox. That has disappeared but all I can find is info that it should be there. There is an icon on the taskbar but that is a 5-step process. I cant find anything to correct it. Are you able to help?


This program is known to serve up adware and may be the source of your problems, that's why I deleted entries for it that were browser extensions. It's also used to download videos that are not available for download from YouTube and other sites, which violates their TOS. Here are a couple of links that may interest you:

https://www.virustotal.com/en/file/...2c9b2d37a37d432672c893ab/analysis/1387499922/

http://www.herdprotect.com/domain-www.finalvideodownloader.com.aspx



> NoScript (?) seems to make some web pages unreadable. Is that because of a Java requirement that some sites dont have? Is Java any use to me on my computer if Im not computer programming? I look up the phone directory, for example, and theres a tab next to the name saying Call us. Thats the phone number Im looking for and the link doesnt work. Java or NoScript? It looks as though Im going to keep on discovering things like this as I go along.


It's more likely javascript which is blocked by NoScript unless you allow it. But you should research those sites first to make sure they are reliable. Then, if you're sure they are trustworthy, you can temporarily allow them in NoScript. It may take some getting used to but it will protect you from many exploits that are out there.

You probably don't need Java. I deleted it and haven't had a problem. It's subject to many exploits that they can't keep up with the patches so many people get infected that way.

BTW, I edited your post to make it easier to address each point. It would be appreciate if you use paragraphs to separate your points, if you don't mind. It makes it easier to address them.


----------



## MikeJG (Jul 31, 2013)

I have a need to download tutorials in particular and find Final does an excellent job simply and quickly. Is there a good alternative? I never associated Final with problems and was (am) always happy to use it. Also I had another one that would often catch videos that Final wouldn&#8217;t. I can&#8217;t remember its name and during this clean-up it&#8217;s disappeared. I had that on the taskbar and used it quite a lot. Can you tell what it was and if there was a reason to get rid of it? 

If I need Javascript for some purpose do I also need Java? Or will it operate without Java? And what is the purpose of Java? 

One more thing for now. I&#8217;ve always wondered how to satisfy myself about the safety of a website. I wouldn&#8217;t recognise a pink elephant if it was cooking my dinner. Let alone sprinkling viruses around!


----------



## MikeJG (Jul 31, 2013)

Because I was writing this reply over a long period of time I wrote it in Word and then pasted it to the reply box whereupon the paragraphs disappeared. And this time I know I've been logged in all the while but I still can't find a way to edit the reply. So sorry you have to try to sort this lot out. I think I must be jinxed.


----------



## Cookiegal (Aug 27, 2003)

Have you allowed techguy.org and tsgstatic.com in NoScript?


----------



## MikeJG (Jul 31, 2013)

I had Techguy okayed and have done tsgstatic. This is written into the reply box.

New paragraph.

This is written in Word and pasted.


New paragraph.


----------



## Cookiegal (Aug 27, 2003)

MikeJG said:


> I have a need to download tutorials in particular and find Final does an excellent job simply and quickly. Is there a good alternative? I never associated Final with problems and was (am) always happy to use it. Also I had another one that would often catch videos that Final wouldnt. I cant remember its name and during this clean-up its disappeared. I had that on the taskbar and used it quite a lot. Can you tell what it was and if there was a reason to get rid of it?


Do you mean FLV Downloader? I don't use any of these types of programs as they typically bundle adware or other types of malware. If you want you can download them again and just be sure you opt out of any of the "extras" that they hopefully give you the option to opt out of.


> If I need Javascript for some purpose do I also need Java? Or will it operate without Java? And what is the purpose of Java?


They are both programming languages but Java is not used that much these days on websites. I uninstalled it and haven't had any problems. Many sites require that javascript be enabled for some features or functions to work. This is where NoScript comes in handy as you can only allow it on the sites that you trust. After a while it will become second nature to you. If you are on a site and something doesn't work, research the site to be sure it's legitimate and then decide if what you want to view or download is worth the risk of allowing the site to run scripts.


> One more thing for now. Ive always wondered how to satisfy myself about the safety of a website. I wouldnt recognise a pink elephant if it was cooking my dinner. Let alone sprinkling viruses around!


There are some sites that can be helpful but they only identify sites that are know to have exploits or serve malware. Some that I use are:

McAfee Site Advisor:
https://www.siteadvisor.com/

Norton Safe Web:
https://safeweb.norton.com/

Note McAfee and Norton don't analyze the URL in real-time but they return reports on the last time they checked the site.

At Virus Total you can analyze a URL to see if it's infected by hidden exploits:

https://www.virustotal.com/ca/

When in doubt do some research on a specific site before visiting it or downloading anything from it.

When you can don't use downloaders which often come bundled with other garbage. Most of the time you can just download the executable installer and install the program yourself.

You have to be careful of "freeware", even the "good" ones like anti-virus programs as they have to get funding somewhere so they often bundle some form of adware or other unsolicited software with it. Watch when you're installing things and uncheck any unneeded or unwanted extras that may be options.


----------

