Usporen rad i AVG detekcija MalSign.Generic u Sistem Volume Information

1

Usporen rad i AVG detekcija MalSign.Generic u Sistem Volume Information

offline
  • Pridružio: 14 Maj 2012
  • Poruke: 89

Naime skido sam nesto i uz to i pored decekiranja se nakacilo malwera.
Skeniro sa MBAM-om koji je naso preko 300 stavki od kojih vecinu PUP a dvije detekcije su bile na Trojan downloader i Trojan Droper uklonio al AVG i dalje povremeno javlja detekciju. Nazalost nisam sacuvao izvjestaje od MBAM-a.
a evo trazenih logova:




Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-05-2015 01
Ran by ibm (administrator) on COMPUTER_1 on 28-05-2015 12:59:02
Running from C:\Documents and Settings\ibm\Desktop
Loaded Profiles: ibm (Available Profiles: ibm)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG2015\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgcsrvx.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(PixArt Imaging Incorporation) C:\WINDOWS\PixArt\Pac7302\Monitor.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgui.exe
(MyCity) C:\Program Files\MCShield\MCShieldRTM.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgwdsvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgemcx.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [PAC7302_Monitor] => C:\WINDOWS\PixArt\PAC7302\Monitor.exe [319488 2006-11-03] (PixArt Imaging Incorporation)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2015\avgui.exe [3745744 2015-05-18] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll [2010-02-11] (ATI Technologies Inc.)
HKU\S-1-5-21-515967899-854245398-1644491937-1003\...\Run: [MCShield Monitor] => C:\Program Files\MCShield\mcshieldrtm.exe [650816 2014-04-11] (MyCity)
HKU\S-1-5-21-515967899-854245398-1644491937-1003\...\Run: [Viber] => "C:\Documents and Settings\ibm\Local Settings\Application Data\Viber\Viber.exe"
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG2015\avgrsx.exe /sync /restart

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-515967899-854245398-1644491937-1003\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-515967899-854245398-1644491937-1003\Software\Microsoft\Internet Explorer\Main,Search Page = microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-25] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-25] (Oracle Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\j2tzdyds.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-14] ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-25] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-25] (Oracle Corporation)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eudict.xml [2014-11-18]
FF Extension: YouTube™ Flash® Player - C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\j2tzdyds.default\Extensions\jid1-HAV2inXAnQPIeA@jetpack.xpi [2014-11-18]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [602112 2010-02-11] (ATI Technologies Inc.) [File not signed]
S2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [593920 2010-02-10] () [File not signed]
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2015\avgidsagent.exe [3438544 2015-05-18] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [311792 2015-05-18] (AVG Technologies CZ, s.r.o.)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 WPFFontCache_v0400; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [3565056 2010-02-11] (ATI Technologies Inc.) [File not signed]
R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [132576 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriverl; C:\WINDOWS\System32\DRIVERS\avgidsdriverlx.sys [211424 2015-04-27] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [191968 2015-05-07] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [29664 2015-05-14] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [206816 2015-04-15] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [290272 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [166880 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [35808 2015-03-20] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [213984 2015-05-04] (AVG Technologies CZ, s.r.o.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R3 PAC7302; C:\WINDOWS\System32\DRIVERS\PAC7302.SYS [457856 2007-06-14] (PixArt Imaging Inc.)
R0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [320120 2015-03-02] (Duplex Secure Ltd.)
U1 WS2IFSL; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-28 12:59 - 2015-05-28 12:59 - 00007670 _____ () C:\Documents and Settings\ibm\Desktop\FRST.txt
2015-05-28 12:58 - 2015-05-28 12:59 - 00000000 ____D () C:\FRST
2015-05-28 12:55 - 2015-05-28 12:55 - 00000000 ____D () C:\Documents and Settings\ibm\Desktop\MalSign.Generic
2015-05-28 12:52 - 2015-05-28 12:52 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2868626$
2015-05-28 12:51 - 2015-05-28 12:51 - 01147392 _____ (Farbar) C:\Documents and Settings\ibm\Desktop\FRST.exe
2015-05-28 12:51 - 2015-05-28 12:51 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB960859$
2015-05-28 12:51 - 2015-05-28 12:51 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB959426$
2015-05-28 12:51 - 2015-05-28 12:51 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB952954$
2015-05-28 12:51 - 2015-05-28 12:51 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2922229$
2015-05-28 12:51 - 2015-05-28 12:51 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2712808$
2015-05-28 12:50 - 2015-05-28 12:50 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2916036$
2015-05-28 12:50 - 2015-05-28 12:50 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2479943$
2015-05-28 12:50 - 2015-05-28 12:50 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2478971$
2015-05-28 12:49 - 2015-05-28 12:49 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2847311$
2015-05-28 12:49 - 2015-05-28 12:49 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2691442$
2015-05-28 12:49 - 2015-05-28 12:49 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2631813$
2015-05-28 12:49 - 2015-05-28 12:49 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2585542$
2015-05-28 12:49 - 2015-05-28 12:49 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2544893-v2$
2015-05-28 12:49 - 2015-05-28 12:49 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2115168$
2015-05-28 12:48 - 2015-05-28 12:54 - 00000254 _____ () C:\WINDOWS\Tasks\WGASetup.job
2015-05-28 12:48 - 2015-05-28 12:48 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB974318$
2015-05-28 12:48 - 2015-05-28 12:48 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB969059$
2015-05-28 12:48 - 2015-05-28 12:48 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB951978$
2015-05-28 12:48 - 2015-05-28 12:48 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2443105$
2015-05-28 12:48 - 2015-05-28 12:48 - 00000000 ____D () C:\WINDOWS\system32\KB905474
2015-05-28 12:47 - 2015-05-28 12:47 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB950974$
2015-05-28 12:47 - 2015-05-28 12:47 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2898715$
2015-05-28 12:47 - 2015-05-28 12:47 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2802968$
2015-05-28 12:47 - 2015-05-28 12:47 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2655992$
2015-05-28 12:46 - 2015-05-28 12:46 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB982132$
2015-05-28 12:46 - 2015-05-28 12:46 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB971657$
2015-05-28 12:46 - 2015-05-28 12:46 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2929961$
2015-05-28 12:46 - 2015-05-28 12:46 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2598479$
2015-05-28 12:45 - 2015-05-28 12:45 - 00008152 _____ () C:\WINDOWS\KB2423089.log
2015-05-28 12:45 - 2015-05-28 12:45 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2780091$
2015-05-28 12:45 - 2015-05-28 12:45 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2423089$
2015-05-28 10:08 - 2015-05-28 12:54 - 00000218 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2015-05-28 10:08 - 2015-05-28 12:54 - 00000212 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2015-05-28 10:08 - 2015-05-28 10:08 - 00000000 __SHD () C:\Documents and Settings\ibm\IETldCache
2015-05-28 09:51 - 2015-05-28 09:51 - 00070765 _____ () C:\WINDOWS\KB946648.log
2015-05-28 09:51 - 2015-05-28 09:51 - 00070700 _____ () C:\WINDOWS\KB951376-v2.log
2015-05-28 09:51 - 2015-05-28 09:51 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB951376-v2$
2015-05-28 09:51 - 2015-05-28 09:51 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB946648$
2015-05-28 09:51 - 2015-05-28 09:51 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2387149$
2015-05-28 09:50 - 2015-05-28 09:51 - 00071389 _____ () C:\WINDOWS\KB2387149.log
2015-05-28 09:50 - 2015-05-28 09:50 - 00082761 _____ () C:\WINDOWS\KB2909921-IE8.log
2015-05-28 09:50 - 2015-05-28 09:50 - 00076108 _____ () C:\WINDOWS\KB2598845-IE8.log
2015-05-28 09:50 - 2014-02-06 01:26 - 00522240 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsdbgui.dll
2015-05-28 09:50 - 2011-08-16 12:45 - 00006144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iecompat.dll
2015-05-28 09:49 - 2015-05-28 09:50 - 00075468 _____ () C:\WINDOWS\KB2467659.log
2015-05-28 09:49 - 2015-05-28 09:50 - 00000000 ____D () C:\WINDOWS\ie8updates
2015-05-28 09:49 - 2015-05-28 09:49 - 00092768 _____ () C:\WINDOWS\KB982381-IE8.log
2015-05-28 09:49 - 2015-05-28 09:49 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2467659$
2015-05-28 09:49 - 2014-02-06 01:26 - 11113472 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieframe.dll
2015-05-28 09:49 - 2014-02-06 01:26 - 02006016 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iertutil.dll
2015-05-28 09:49 - 2014-02-06 01:26 - 00743424 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedvtool.dll
2015-05-28 09:49 - 2014-02-06 01:26 - 00630272 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeeds.dll
2015-05-28 09:49 - 2014-02-06 01:26 - 00247808 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieproxy.dll
2015-05-28 09:49 - 2014-02-06 01:26 - 00055296 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2015-05-28 09:49 - 2014-02-06 01:26 - 00012800 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xpshims.dll
2015-05-28 09:48 - 2015-05-28 10:06 - 00065536 _____ () C:\WINDOWS\system32\config\Internet.evt
2015-05-28 09:47 - 2015-05-28 09:48 - 00087135 _____ () C:\WINDOWS\ie8.log
2015-05-28 09:47 - 2015-05-28 09:48 - 00000000 __HDC () C:\WINDOWS\ie8
2015-05-28 09:47 - 2015-05-28 09:48 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-CS
2015-05-28 09:41 - 2015-04-30 10:07 - 137310008 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-05-28 09:40 - 2015-05-28 09:50 - 00081353 _____ () C:\WINDOWS\ie8_main.log
2015-05-28 09:40 - 2015-05-28 09:40 - 00035946 _____ () C:\WINDOWS\KB2659262.log
2015-05-28 09:40 - 2015-05-28 09:40 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2659262$
2015-05-28 09:39 - 2015-05-28 09:40 - 00033748 _____ () C:\WINDOWS\KB2564958.log
2015-05-28 09:39 - 2015-05-28 09:40 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2564958$
2015-05-28 09:39 - 2015-05-28 09:39 - 00036732 _____ () C:\WINDOWS\KB955759.log
2015-05-28 09:39 - 2015-05-28 09:39 - 00036641 _____ () C:\WINDOWS\KB975558.log
2015-05-28 09:39 - 2015-05-28 09:39 - 00036598 _____ () C:\WINDOWS\KB2536276-v2.log
2015-05-28 09:39 - 2015-05-28 09:39 - 00034220 _____ () C:\WINDOWS\KB2378111.log
2015-05-28 09:39 - 2015-05-28 09:39 - 00033920 _____ () C:\WINDOWS\KB2296011.log
2015-05-28 09:39 - 2015-05-28 09:39 - 00033879 _____ () C:\WINDOWS\KB2934207.log
2015-05-28 09:39 - 2015-05-28 09:39 - 00033770 _____ () C:\WINDOWS\KB2834886.log
2015-05-28 09:39 - 2015-05-28 09:39 - 00033192 _____ () C:\WINDOWS\KB2900986.log
2015-05-28 09:39 - 2015-05-28 09:39 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB975558_WM8$
2015-05-28 09:39 - 2015-05-28 09:39 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB955759$
2015-05-28 09:39 - 2015-05-28 09:39 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2934207$
2015-05-28 09:39 - 2015-05-28 09:39 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2900986$
2015-05-28 09:39 - 2015-05-28 09:39 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2834886$
2015-05-28 09:39 - 2015-05-28 09:39 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2536276-v2$
2015-05-28 09:39 - 2015-05-28 09:39 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2378111_WM9$
2015-05-28 09:39 - 2015-05-28 09:39 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2296011$
2015-05-28 09:38 - 2015-05-28 09:39 - 00035200 _____ () C:\WINDOWS\KB2229593.log
2015-05-28 09:38 - 2015-05-28 09:38 - 00035289 _____ () C:\WINDOWS\KB2686509.log
2015-05-28 09:38 - 2015-05-28 09:38 - 00034781 _____ () C:\WINDOWS\KB2485663.log
2015-05-28 09:38 - 2015-05-28 09:38 - 00033518 _____ () C:\WINDOWS\KB2862335.log
2015-05-28 09:38 - 2015-05-28 09:38 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB978338$
2015-05-28 09:38 - 2015-05-28 09:38 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB975713$
2015-05-28 09:38 - 2015-05-28 09:38 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2862335$
2015-05-28 09:38 - 2015-05-28 09:38 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2686509$
2015-05-28 09:38 - 2015-05-28 09:38 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2485663$
2015-05-28 09:38 - 2015-05-28 09:38 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2481109$
2015-05-28 09:38 - 2015-05-28 09:38 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2229593$
2015-05-28 09:37 - 2015-05-28 09:38 - 00033744 _____ () C:\WINDOWS\KB954155.log
2015-05-28 09:37 - 2015-05-28 09:38 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB954155_WM9$
2015-05-28 09:37 - 2015-05-28 09:37 - 00036472 _____ () C:\WINDOWS\KB956572.log
2015-05-28 09:37 - 2015-05-28 09:37 - 00029215 _____ () C:\WINDOWS\KB2904266.log
2015-05-28 09:37 - 2015-05-28 09:37 - 00006640 _____ () C:\WINDOWS\system32\TZLog.log
2015-05-28 09:37 - 2015-05-28 09:37 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB974112$
2015-05-28 09:37 - 2015-05-28 09:37 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB972270$
2015-05-28 09:37 - 2015-05-28 09:37 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB956572$
2015-05-28 09:37 - 2015-05-28 09:37 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2904266$
2015-05-28 09:37 - 2015-05-28 09:37 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2510581$
2015-05-28 09:37 - 2015-05-28 09:37 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2347290$
2015-05-28 09:36 - 2015-05-28 09:36 - 00030854 _____ () C:\WINDOWS\KB956844.log
2015-05-28 09:36 - 2015-05-28 09:36 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB979687$
2015-05-28 09:36 - 2015-05-28 09:36 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB956844$
2015-05-28 09:36 - 2015-05-28 09:36 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2930275$
2015-05-28 09:36 - 2015-05-28 09:36 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2876217$
2015-05-28 09:36 - 2015-05-28 09:36 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2483185$
2015-05-28 09:35 - 2015-05-28 09:35 - 00029977 _____ () C:\WINDOWS\KB973869.log
2015-05-28 09:35 - 2015-05-28 09:35 - 00029087 _____ () C:\WINDOWS\KB2592799.log
2015-05-28 09:35 - 2015-05-28 09:35 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB975025$
2015-05-28 09:35 - 2015-05-28 09:35 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB974571$
2015-05-28 09:35 - 2015-05-28 09:35 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB973869$
2015-05-28 09:35 - 2015-05-28 09:35 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB952004$
2015-05-28 09:35 - 2015-05-28 09:35 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2864063$
2015-05-28 09:35 - 2015-05-28 09:35 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2862152$
2015-05-28 09:35 - 2015-05-28 09:35 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2719985$
2015-05-28 09:35 - 2015-05-28 09:35 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2592799$
2015-05-28 09:34 - 2015-05-28 09:35 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB975560$
2015-05-28 09:34 - 2015-05-28 09:34 - 00028904 _____ () C:\WINDOWS\KB950762.log
2015-05-28 09:34 - 2015-05-28 09:34 - 00028863 _____ () C:\WINDOWS\KB2535512.log
2015-05-28 09:34 - 2015-05-28 09:34 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB977816$
2015-05-28 09:34 - 2015-05-28 09:34 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB973507$
2015-05-28 09:34 - 2015-05-28 09:34 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB950762$
2015-05-28 09:34 - 2015-05-28 09:34 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2876331$
2015-05-28 09:34 - 2015-05-28 09:34 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2850869$
2015-05-28 09:34 - 2015-05-28 09:34 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2770660$
2015-05-28 09:34 - 2015-05-28 09:34 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2535512$
2015-05-28 09:33 - 2015-05-28 09:33 - 00028649 _____ () C:\WINDOWS\KB2807986.log
2015-05-28 09:33 - 2015-05-28 09:33 - 00028131 _____ () C:\WINDOWS\KB2570947.log
2015-05-28 09:33 - 2015-05-28 09:33 - 00028073 _____ () C:\WINDOWS\KB952287.log
2015-05-28 09:33 - 2015-05-28 09:33 - 00027646 _____ () C:\WINDOWS\KB2603381.log
2015-05-28 09:33 - 2015-05-28 09:33 - 00027014 _____ () C:\WINDOWS\KB2868038.log
2015-05-28 09:33 - 2015-05-28 09:33 - 00025990 _____ () C:\WINDOWS\KB978695.log
2015-05-28 09:33 - 2015-05-28 09:33 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB978695_WM9$
2015-05-28 09:33 - 2015-05-28 09:33 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB952287$
2015-05-28 09:33 - 2015-05-28 09:33 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2868038$
2015-05-28 09:33 - 2015-05-28 09:33 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2859537$
2015-05-28 09:33 - 2015-05-28 09:33 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2820917$
2015-05-28 09:33 - 2015-05-28 09:33 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2807986$
2015-05-28 09:33 - 2015-05-28 09:33 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2603381$
2015-05-28 09:33 - 2015-05-28 09:33 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2570947$
2015-05-28 09:32 - 2015-05-28 10:09 - 00008792 _____ () C:\WINDOWS\spupdsvc.log
2015-05-28 09:32 - 2015-05-28 09:33 - 00028572 _____ () C:\WINDOWS\KB973904.log
2015-05-28 09:32 - 2015-05-28 09:32 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB974392$
2015-05-28 09:32 - 2015-05-28 09:32 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB973904$
2015-05-28 09:32 - 2015-05-28 09:32 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB973540_WM9$
2015-05-28 09:32 - 2015-05-28 09:32 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2893294$
2015-05-28 09:32 - 2015-05-28 09:32 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2757638$
2015-05-28 09:32 - 2015-05-28 09:32 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2653956$
2015-05-28 09:32 - 2015-05-28 09:32 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2508429$
2015-05-28 09:32 - 2015-05-28 09:32 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2419632$
2015-05-28 09:31 - 2015-05-28 09:31 - 00020840 _____ () C:\WINDOWS\KB952069.log
2015-05-28 09:31 - 2015-05-28 09:31 - 00015397 _____ () C:\WINDOWS\KB2803821-v2.log
2015-05-28 09:31 - 2015-05-28 09:31 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB977914$
2015-05-28 09:31 - 2015-05-28 09:31 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB971029$
2015-05-28 09:31 - 2015-05-28 09:31 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB952069_WM9$
2015-05-28 09:31 - 2015-05-28 09:31 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2803821-v2_WM9$
2015-05-28 09:31 - 2015-05-28 09:31 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2749655$
2015-05-28 09:31 - 2015-05-28 09:31 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2506212$
2015-05-28 09:30 - 2015-05-28 09:31 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2892075$
2015-05-28 09:30 - 2015-05-28 09:30 - 00020666 _____ () C:\WINDOWS\KB2698365.log
2015-05-28 09:30 - 2015-05-28 09:30 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB979482$
2015-05-28 09:30 - 2015-05-28 09:30 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB979309$
2015-05-28 09:30 - 2015-05-28 09:30 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB978706$
2015-05-28 09:30 - 2015-05-28 09:30 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB978542$
2015-05-28 09:30 - 2015-05-28 09:30 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2727528$
2015-05-28 09:30 - 2015-05-28 09:30 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2705219-v2$
2015-05-28 09:30 - 2015-05-28 09:30 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2698365$
2015-05-28 09:30 - 2015-05-28 09:30 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2619339$
2015-05-28 09:29 - 2015-05-28 09:30 - 00018415 _____ () C:\WINDOWS\KB981997.log
2015-05-28 09:29 - 2015-05-28 09:30 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB981997$
2015-05-28 09:29 - 2015-05-28 09:29 - 00019032 _____ () C:\WINDOWS\KB2723135-v2.log
2015-05-28 09:29 - 2015-05-28 09:29 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB973815$
2015-05-28 09:29 - 2015-05-28 09:29 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB960803$
2015-05-28 09:29 - 2015-05-28 09:29 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2862330$
2015-05-28 09:29 - 2015-05-28 09:29 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2813345$
2015-05-28 09:29 - 2015-05-28 09:29 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2723135-v2$
2015-05-28 09:29 - 2015-05-28 09:29 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2509553$
2015-05-28 09:28 - 2015-05-28 09:28 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB982665$
2015-05-28 09:28 - 2015-05-28 09:28 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2676562$
2015-05-28 09:28 - 2015-05-28 09:28 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2478960$
2015-05-28 09:27 - 2015-05-28 09:28 - 00018324 _____ () C:\WINDOWS\KB2393802.log
2015-05-28 09:27 - 2015-05-28 09:27 - 00016634 _____ () C:\WINDOWS\KB923561.log
2015-05-28 09:27 - 2015-05-28 09:27 - 00014875 _____ () C:\WINDOWS\KB2566454.log
2015-05-28 09:27 - 2015-05-28 09:27 - 00014665 _____ () C:\WINDOWS\KB2661637.log
2015-05-28 09:27 - 2015-05-28 09:27 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB923561$
2015-05-28 09:27 - 2015-05-28 09:27 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2661637$
2015-05-28 09:27 - 2015-05-28 09:27 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2620712$
2015-05-28 09:27 - 2015-05-28 09:27 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2566454$
2015-05-28 09:27 - 2015-05-28 09:27 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2393802$
2015-05-28 09:26 - 2015-05-28 09:26 - 00012472 _____ () C:\WINDOWS\KB2914368.log
2015-05-28 09:26 - 2015-05-28 09:26 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB975467$
2015-05-28 09:26 - 2015-05-28 09:26 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2914368$
2015-05-28 09:26 - 2015-05-28 09:26 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2584146$
2015-05-28 09:25 - 2015-05-28 12:52 - 00053438 _____ () C:\WINDOWS\updspapi.log
2015-05-28 09:25 - 2015-05-28 09:25 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB968389$
2015-05-27 23:03 - 2015-05-28 12:52 - 00054074 _____ () C:\WINDOWS\KB2922229.log
2015-05-27 23:02 - 2015-05-28 12:52 - 00054702 _____ () C:\WINDOWS\KB2868626.log
2015-05-27 23:02 - 2015-05-28 12:51 - 00056270 _____ () C:\WINDOWS\KB952954.log
2015-05-27 23:02 - 2015-05-28 12:51 - 00055604 _____ () C:\WINDOWS\KB959426.log
2015-05-27 23:02 - 2015-05-28 12:50 - 00053340 _____ () C:\WINDOWS\KB2916036.log
2015-05-27 23:02 - 2015-05-28 12:49 - 00054807 _____ () C:\WINDOWS\KB2585542.log
2015-05-27 23:02 - 2014-02-26 03:59 - 00013312 ____N (Microsoft Corporation) C:\WINDOWS\system32\xp_eos.exe
2015-05-27 23:02 - 2014-02-26 03:59 - 00013312 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xp_eos.exe
2015-05-27 23:02 - 2008-06-13 13:05 - 00272128 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2015-05-27 23:02 - 2008-06-13 13:05 - 00272128 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\bthport.sys
2015-05-27 23:01 - 2015-05-28 12:51 - 00055256 _____ () C:\WINDOWS\KB2712808.log
2015-05-27 23:01 - 2015-05-28 12:51 - 00054918 _____ () C:\WINDOWS\KB960859.log
2015-05-27 23:01 - 2015-05-28 12:50 - 00054817 _____ () C:\WINDOWS\KB2479943.log
2015-05-27 23:01 - 2015-05-28 12:50 - 00054627 _____ () C:\WINDOWS\KB2478971.log
2015-05-27 23:01 - 2015-05-28 12:49 - 00053998 _____ () C:\WINDOWS\KB2544893-v2.log
2015-05-27 23:01 - 2011-07-15 15:29 - 00456320 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mrxsmb.sys
2015-05-27 23:00 - 2015-05-28 12:49 - 00053586 _____ () C:\WINDOWS\KB2691442.log
2015-05-27 23:00 - 2015-05-28 12:49 - 00053368 _____ () C:\WINDOWS\KB2631813.log
2015-05-27 23:00 - 2015-05-28 12:46 - 00049140 _____ () C:\WINDOWS\KB2780091.log
2015-05-27 23:00 - 2015-05-28 12:46 - 00047236 _____ () C:\WINDOWS\KB2929961.log
2015-05-27 23:00 - 2013-07-03 04:12 - 00025088 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hidparse.sys
2015-05-27 23:00 - 2013-07-03 03:59 - 00014976 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbscan.sys
2015-05-27 22:59 - 2015-05-28 12:49 - 00052624 _____ () C:\WINDOWS\KB2115168.log
2015-05-27 22:59 - 2015-05-28 12:49 - 00050377 _____ () C:\WINDOWS\KB2847311.log
2015-05-27 22:59 - 2015-05-28 12:47 - 00052303 _____ () C:\WINDOWS\KB2655992.log
2015-05-27 22:59 - 2015-05-28 12:47 - 00048856 _____ () C:\WINDOWS\KB2898715.log
2015-05-27 22:59 - 2015-05-27 22:59 - 00008392 _____ () C:\WINDOWS\KB2909212.log
2015-05-27 22:59 - 2015-05-27 22:59 - 00008200 _____ () C:\WINDOWS\KB2888505.log
2015-05-27 22:58 - 2015-05-28 12:48 - 00052672 _____ () C:\WINDOWS\KB974318.log
2015-05-27 22:58 - 2015-05-28 12:48 - 00052234 _____ () C:\WINDOWS\KB951978.log
2015-05-27 22:58 - 2015-05-28 12:48 - 00051240 _____ () C:\WINDOWS\KB969059.log
2015-05-27 22:58 - 2015-05-28 12:47 - 00051628 _____ () C:\WINDOWS\KB2802968.log
2015-05-27 22:58 - 2015-05-28 12:46 - 00050097 _____ () C:\WINDOWS\KB2598479.log
2015-05-27 22:58 - 2015-05-27 22:58 - 00007747 _____ () C:\WINDOWS\KB2507938.log
2015-05-27 22:57 - 2015-05-28 12:48 - 00051243 _____ () C:\WINDOWS\KB2443105.log
2015-05-27 22:57 - 2015-05-28 12:47 - 00050730 _____ () C:\WINDOWS\KB950974.log
2015-05-27 22:57 - 2015-05-28 12:46 - 00049025 _____ () C:\WINDOWS\KB982132.log
2015-05-27 22:57 - 2015-05-28 12:46 - 00018724 _____ () C:\WINDOWS\KB971657.log
2015-05-27 22:57 - 2015-05-28 09:38 - 00045846 _____ () C:\WINDOWS\KB2481109.log
2015-05-27 22:57 - 2015-05-28 09:38 - 00044334 _____ () C:\WINDOWS\KB978338.log
2015-05-27 22:57 - 2015-05-28 09:37 - 00045901 _____ () C:\WINDOWS\KB2510581.log
2015-05-27 22:56 - 2015-05-28 09:38 - 00044388 _____ () C:\WINDOWS\KB975713.log
2015-05-27 22:56 - 2015-05-28 09:37 - 00042873 _____ () C:\WINDOWS\KB974112.log
2015-05-27 22:56 - 2015-05-28 09:36 - 00038243 _____ () C:\WINDOWS\KB2876217.log
2015-05-27 22:55 - 2015-05-28 09:36 - 00040801 _____ () C:\WINDOWS\KB2483185.log
2015-05-27 22:54 - 2015-05-28 09:36 - 00040776 _____ () C:\WINDOWS\KB979687.log
2015-05-27 22:53 - 2015-05-28 09:36 - 00037779 _____ () C:\WINDOWS\KB2930275.log
2015-05-27 22:53 - 2015-05-28 09:36 - 00036986 _____ () C:\WINDOWS\KB2864063.log
2015-05-27 22:53 - 2015-05-28 09:35 - 00038323 _____ () C:\WINDOWS\KB975025.log
2015-05-27 22:53 - 2015-05-28 09:34 - 00036012 _____ () C:\WINDOWS\KB2859537.log
2015-05-27 22:53 - 2015-05-28 09:34 - 00035098 _____ () C:\WINDOWS\KB2876331.log
2015-05-27 22:53 - 2013-08-09 02:55 - 00144128 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbport.sys
2015-05-27 22:53 - 2013-08-09 02:55 - 00005376 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbd.sys
2015-05-27 22:53 - 2013-07-17 02:58 - 00123008 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbvideo.sys
2015-05-27 22:53 - 2013-07-17 02:58 - 00046848 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\irbus.sys
2015-05-27 22:53 - 2013-02-12 02:32 - 00012928 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usb8023x.sys
2015-05-27 22:53 - 2009-03-18 13:02 - 00030336 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbehci.sys
2015-05-27 22:52 - 2015-05-28 09:35 - 00038963 _____ () C:\WINDOWS\KB952004.log
2015-05-27 22:52 - 2015-05-28 09:35 - 00038777 _____ () C:\WINDOWS\KB2719985.log
2015-05-27 22:52 - 2015-05-28 09:35 - 00037397 _____ () C:\WINDOWS\KB974571.log
2015-05-27 22:52 - 2015-05-28 09:35 - 00035157 _____ () C:\WINDOWS\KB2862152.log
2015-05-27 22:52 - 2015-05-28 09:33 - 00036311 _____ () C:\WINDOWS\KB2820917.log
2015-05-27 22:52 - 2015-05-28 09:30 - 00028162 _____ () C:\WINDOWS\KB2705219-v2.log
2015-05-27 22:52 - 2015-05-28 09:30 - 00026292 _____ () C:\WINDOWS\KB2727528.log
2015-05-27 22:51 - 2015-05-28 09:34 - 00036633 _____ () C:\WINDOWS\KB973507.log
2015-05-27 22:51 - 2015-05-28 09:34 - 00034117 _____ () C:\WINDOWS\KB2850869.log
2015-05-27 22:51 - 2015-05-28 09:32 - 00035499 _____ () C:\WINDOWS\KB2757638.log
2015-05-27 22:51 - 2015-05-28 09:32 - 00033159 _____ () C:\WINDOWS\KB2893294.log
2015-05-27 22:51 - 2015-05-28 09:29 - 00027205 _____ () C:\WINDOWS\KB2813345.log
2015-05-27 22:50 - 2015-05-28 09:34 - 00035997 _____ () C:\WINDOWS\KB977816.log
2015-05-27 22:50 - 2015-05-28 09:31 - 00028518 _____ () C:\WINDOWS\KB2749655.log
2015-05-27 22:50 - 2015-05-28 09:31 - 00024758 _____ () C:\WINDOWS\KB2892075.log
2015-05-27 22:50 - 2015-05-28 09:30 - 00025521 _____ () C:\WINDOWS\KB979482.log
2015-05-27 22:49 - 2015-05-28 09:32 - 00029666 _____ () C:\WINDOWS\KB2508429.log
2015-05-27 22:49 - 2015-05-28 09:31 - 00027773 _____ () C:\WINDOWS\KB971029.log
2015-05-27 22:49 - 2015-05-28 09:29 - 00027692 _____ () C:\WINDOWS\KB2676562.log
2015-05-27 22:49 - 2015-05-28 09:29 - 00026820 _____ () C:\WINDOWS\KB2509553.log
2015-05-27 22:48 - 2015-05-28 09:31 - 00027895 _____ () C:\WINDOWS\KB977914.log
2015-05-27 22:48 - 2015-05-28 09:30 - 00025192 _____ () C:\WINDOWS\KB978706.log
2015-05-27 22:48 - 2015-05-28 09:28 - 00022592 _____ () C:\WINDOWS\KB982665.log
2015-05-27 22:47 - 2015-05-28 09:32 - 00028176 _____ () C:\WINDOWS\KB2653956.log
2015-05-27 22:47 - 2015-05-28 09:32 - 00027707 _____ () C:\WINDOWS\KB974392.log
2015-05-27 22:47 - 2015-05-28 09:31 - 00026167 _____ () C:\WINDOWS\KB2506212.log
2015-05-27 22:47 - 2015-05-28 09:30 - 00025393 _____ () C:\WINDOWS\KB2619339.log
2015-05-27 22:47 - 2015-05-28 09:30 - 00024571 _____ () C:\WINDOWS\KB978542.log
2015-05-27 22:46 - 2015-05-28 09:32 - 00035464 _____ () C:\WINDOWS\KB2419632.log
2015-05-27 22:46 - 2015-05-28 09:29 - 00024747 _____ () C:\WINDOWS\KB960803.log
2015-05-27 22:46 - 2015-05-28 09:29 - 00024054 _____ () C:\WINDOWS\KB973815.log
2015-05-27 22:46 - 2013-07-04 05:03 - 02149888 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2015-05-27 22:46 - 2013-07-04 04:59 - 02193536 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2015-05-27 22:46 - 2013-07-04 04:08 - 02070144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2015-05-27 22:46 - 2013-07-04 04:08 - 02028544 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2015-05-27 22:45 - 2013-11-06 03:03 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsp4res.dll
2015-05-27 22:44 - 2015-05-28 09:30 - 00023946 _____ () C:\WINDOWS\KB979309.log
2015-05-27 22:43 - 2015-05-28 09:27 - 00020755 _____ () C:\WINDOWS\KB2620712.log
2015-05-27 22:42 - 2015-05-28 09:26 - 00021751 _____ () C:\WINDOWS\KB968389.log
2015-05-27 22:42 - 2015-05-28 09:26 - 00021103 _____ () C:\WINDOWS\KB975467.log
2015-05-27 22:42 - 2015-05-28 09:26 - 00020404 _____ () C:\WINDOWS\KB2584146.log
2015-05-27 22:42 - 2012-01-11 21:06 - 00003072 ____N () C:\WINDOWS\system32\iacenc.dll
2015-05-27 22:42 - 2012-01-11 21:06 - 00003072 ____C () C:\WINDOWS\system32\dllcache\iacenc.dll
2015-05-27 22:40 - 2015-05-28 12:45 - 00000000 ___HD () C:\WINDOWS\$hf_mig$
2015-05-27 22:40 - 2015-05-27 22:40 - 00008396 _____ () C:\WINDOWS\KB898461.log
2015-05-27 22:40 - 2015-05-27 22:40 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB898461$
2015-05-27 22:40 - 2015-05-27 22:40 - 00000000 ____D () C:\WINDOWS\system32\PreInstall
2015-05-27 22:40 - 2009-01-07 18:21 - 00026144 _____ (Microsoft Corporation) C:\WINDOWS\system32\spupdsvc.exe
2015-05-27 22:40 - 2009-01-07 18:20 - 00016928 ____N (Microsoft Corporation) C:\WINDOWS\system32\spmsg.dll
2015-05-27 17:01 - 2015-05-27 22:50 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-05-27 17:01 - 2015-05-27 17:01 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-27 17:00 - 2015-05-27 17:01 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-05-27 17:00 - 2015-05-27 17:00 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2015-05-27 17:00 - 2015-04-14 09:37 - 00120024 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-05-27 17:00 - 2015-04-14 09:37 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-05-27 09:05 - 2015-05-27 09:05 - 00000000 ____D () C:\Documents and Settings\ibm\Local Settings\Application Data\CrashRpt
2015-05-27 09:04 - 2015-05-27 09:08 - 00000004 _____ () C:\WINDOWS\system32\029B560A371F4E00AB32838EBC01B9E7
2015-05-26 20:09 - 2015-05-27 18:09 - 00000282 _____ () C:\WINDOWS\Tasks\Windows Defrag.job
2015-05-26 19:41 - 2015-05-26 19:49 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\dllescort
2015-05-26 17:59 - 2015-05-26 17:59 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\14853553822045563346
2015-05-26 17:48 - 2015-05-26 17:48 - 00000718 _____ () C:\Documents and Settings\All Users\Desktop\qBittorrent.lnk
2015-05-25 09:28 - 2015-05-25 09:28 - 00000000 ____D () C:\Documents and Settings\ibm\Local Settings\Application Data\Avg
2015-05-18 20:05 - 2015-05-18 20:06 - 00000440 __RSH () C:\Documents and Settings\ibm\ntuser.pol
2015-05-18 20:04 - 2015-05-18 20:06 - 00000440 __RSH () C:\Documents and Settings\All Users\ntuser.pol
2015-05-18 19:59 - 2015-05-18 19:59 - 00000000 ___HD () C:\WINDOWS\system32\GroupPolicy
2015-05-02 08:11 - 2015-05-02 19:38 - 00000504 _____ () C:\Documents and Settings\ibm\debug.log
2015-05-01 08:55 - 2015-05-01 23:02 - 00000168 _____ () C:\WINDOWS\system32\debug.log
2015-05-01 08:54 - 2015-05-02 19:42 - 00000000 ____D () C:\Program Files\AVG Web TuneUp
2015-04-29 20:48 - 2015-04-29 20:49 - 00000000 ____D () C:\Documents and Settings\ibm\Application Data\ViberPC

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-28 13:00 - 2014-11-17 15:05 - 00000000 ____D () C:\Documents and Settings\ibm\Local Settings\Temp
2015-05-28 12:57 - 2014-11-17 15:25 - 00000000 ____D () C:\Documents and Settings\ibm\My Documents\Preuzimanja
2015-05-28 12:56 - 2014-11-17 14:59 - 01063156 _____ () C:\WINDOWS\WindowsUpdate.log
2015-05-28 12:54 - 2014-11-18 15:08 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MCShield
2015-05-28 12:54 - 2014-11-17 15:55 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2015-05-28 12:54 - 2014-11-17 15:55 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2015-05-28 12:54 - 2014-11-17 15:04 - 00032602 _____ () C:\WINDOWS\SchedLgU.Txt
2015-05-28 12:53 - 2014-11-17 15:51 - 00186608 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-05-28 12:53 - 2014-11-17 15:04 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-05-28 12:52 - 2014-11-17 15:53 - 00933484 _____ () C:\WINDOWS\iis6.log
2015-05-28 12:52 - 2014-11-17 15:53 - 00833871 _____ () C:\WINDOWS\FaxSetup.log
2015-05-28 12:52 - 2014-11-17 15:53 - 00433887 _____ () C:\WINDOWS\ocgen.log
2015-05-28 12:52 - 2014-11-17 15:53 - 00386061 _____ () C:\WINDOWS\tsoc.log
2015-05-28 12:52 - 2014-11-17 15:53 - 00289688 _____ () C:\WINDOWS\comsetup.log
2015-05-28 12:52 - 2014-11-17 15:53 - 00259992 _____ () C:\WINDOWS\msmqinst.log
2015-05-28 12:52 - 2014-11-17 15:53 - 00173991 _____ () C:\WINDOWS\ntdtcsetup.log
2015-05-28 12:52 - 2014-11-17 15:53 - 00146829 _____ () C:\WINDOWS\netfxocm.log
2015-05-28 12:52 - 2014-11-17 15:53 - 00058012 _____ () C:\WINDOWS\MedCtrOC.log
2015-05-28 12:52 - 2014-11-17 15:53 - 00046371 _____ () C:\WINDOWS\ocmsn.log
2015-05-28 12:52 - 2014-11-17 15:53 - 00042615 _____ () C:\WINDOWS\tabletoc.log
2015-05-28 12:52 - 2014-11-17 15:53 - 00041968 _____ () C:\WINDOWS\msgsocm.log
2015-05-28 12:52 - 2014-11-17 15:53 - 00001374 _____ () C:\WINDOWS\imsins.log
2015-05-28 12:52 - 2014-11-17 15:53 - 00001374 _____ () C:\WINDOWS\imsins.BAK
2015-05-28 12:52 - 2014-11-17 15:05 - 00000178 ___SH () C:\Documents and Settings\ibm\ntuser.ini
2015-05-28 12:45 - 2014-11-17 14:58 - 00000000 ____D () C:\Program Files\Outlook Express
2015-05-28 12:42 - 2014-11-18 14:53 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-05-28 11:26 - 2015-03-21 09:19 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MFAData
2015-05-28 10:12 - 2014-11-17 15:53 - 00458340 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-05-28 10:08 - 2014-11-17 15:05 - 00000803 _____ () C:\Documents and Settings\ibm\Start Menu\Programs\Internet Explorer.lnk
2015-05-28 10:08 - 2014-11-17 15:05 - 00000000 ___RD () C:\Documents and Settings\ibm\Start Menu\Programs\Accessories
2015-05-28 10:08 - 2014-11-17 15:05 - 00000000 ____D () C:\Documents and Settings\ibm
2015-05-28 10:07 - 2014-11-17 15:47 - 00000000 ____D () C:\WINDOWS\Help
2015-05-28 09:51 - 2014-11-17 14:57 - 00000000 ____D () C:\Program Files\Messenger
2015-05-28 09:48 - 2014-11-17 15:47 - 00000000 ____D () C:\WINDOWS\Media
2015-05-28 09:47 - 2008-11-27 05:45 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2015-05-28 09:39 - 2014-11-17 14:57 - 00002286 _____ () C:\WINDOWS\wmsetup.log
2015-05-28 09:38 - 2014-11-17 15:52 - 00598230 _____ () C:\WINDOWS\setupapi.log
2015-05-28 09:30 - 2014-11-17 14:58 - 00000000 ____D () C:\Program Files\Movie Maker
2015-05-27 10:19 - 2014-11-17 15:26 - 00044528 _____ () C:\Documents and Settings\ibm\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2015-05-27 09:15 - 2014-11-17 15:21 - 00000730 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2015-05-27 09:15 - 2014-11-17 15:21 - 00000724 _____ () C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
2015-05-27 09:10 - 2014-11-17 14:58 - 00000000 ____D () C:\Program Files\Common Files\System
2015-05-26 20:27 - 2015-02-22 23:50 - 00000000 ____D () C:\Documents and Settings\ibm\Application Data\qBittorrent
2015-05-26 17:48 - 2015-02-22 23:50 - 00000000 ____D () C:\Program Files\qBittorrent
2015-05-25 09:31 - 2015-03-21 09:26 - 00000714 _____ () C:\Documents and Settings\All Users\Desktop\AVG 2015.lnk
2015-05-25 09:31 - 2015-03-21 09:26 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2015-05-20 22:24 - 2014-11-22 19:37 - 00000000 ____D () C:\Documents and Settings\ibm\Application Data\Skype
2015-05-20 21:57 - 2014-11-22 19:36 - 00002267 _____ () C:\Documents and Settings\All Users\Desktop\Skype.lnk
2015-05-20 20:01 - 2014-11-17 15:28 - 00000095 _____ () C:\WINDOWS\winamp.ini
2015-05-18 18:02 - 2014-11-22 19:36 - 00000000 ___RD () C:\Program Files\Skype
2015-05-18 18:02 - 2014-11-22 19:36 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Skype
2015-05-14 13:49 - 2014-06-18 21:03 - 00029664 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgidsshimx.sys
2015-05-08 13:59 - 2008-11-27 05:45 - 00000862 _____ () C:\WINDOWS\win.ini
2015-05-07 13:52 - 2015-02-05 11:28 - 00166880 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgmfx86.sys
2015-05-07 13:52 - 2015-02-03 11:47 - 00290272 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avglogx.sys
2015-05-07 13:52 - 2014-11-18 22:41 - 00191968 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgidshx.sys
2015-05-04 14:15 - 2015-02-25 18:28 - 00213984 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgtdix.sys
2015-05-03 20:19 - 2014-12-22 00:18 - 00000775 _____ () C:\Documents and Settings\ibm\Start Menu\BS.Player FREE.lnk
2015-05-03 20:19 - 2014-12-22 00:18 - 00000775 _____ () C:\Documents and Settings\ibm\Desktop\BS.Player FREE.lnk
2015-05-01 08:55 - 2014-11-18 13:29 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-04-28 21:03 - 2014-12-24 21:59 - 00005632 _____ () C:\Documents and Settings\ibm\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

==================== Files in the root of some directories =======

2014-12-24 21:59 - 2015-04-28 21:03 - 0005632 _____ () C:\Documents and Settings\ibm\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Some files in TEMP:
====================
C:\Documents and Settings\ibm\Local Settings\Temp\5.tmp.exe
C:\Documents and Settings\ibm\Local Settings\Temp\6.tmp.exe
C:\Documents and Settings\ibm\Local Settings\Temp\AtiCimUn.exe
C:\Documents and Settings\ibm\Local Settings\Temp\AxSFADownloader.exe
C:\Documents and Settings\ibm\Local Settings\Temp\jre-8u31-windows-au.exe
C:\Documents and Settings\ibm\Local Settings\Temp\tasks.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of log ============================


mycity.rs/must-login.png

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8466
  • Gde živiš: Novi Beograd

Zdravo,

Arrow 1.
1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod:

CreateRestorePoint:
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
U1 WS2IFSL; No ImagePath
Task: C:\WINDOWS\Tasks\Windows Defrag.job => C:\Documents and Settings\ibm\Application Data\Updater\winupd.exe <==== ATTENTION
EmptyTemp:


2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt
To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt
Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi.

3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj.
Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema.



Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku.
Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a.

-------------

Arrow 2. Reinstaliraj Chrome browser (ukoliko ti treba posto vidim da koristis FF).

------

Arrow 3. Da li mozes da nam okacis obavestenje od AVGa?

offline
  • Pridružio: 14 Maj 2012
  • Poruke: 89

Napisano: 28 Maj 2015 16:24

Pozdrav helen1, nakon fixa i restarta evo log


Fix result of Farbar Recovery Scan Tool (x86) Version: 27-05-2015 01
Ran by ibm at 2015-05-28 15:55:10 Run:1
Running from C:\Documents and Settings\ibm\Desktop
Loaded Profiles: ibm (Available Profiles: ibm)
Boot Mode: Normal

==============================================

fixlist content:
*****************
CreateRestorePoint:
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
U1 WS2IFSL; No ImagePath
Task: C:\WINDOWS\Tasks\Windows Defrag.job => C:\Documents and Settings\ibm\Application Data\Updater\winupd.exe <==== ATTENTION
EmptyTemp:
*****************

Restore point was successfully created.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => key Removed successfully.
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value Removed successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value Removed successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value Removed successfully.
WS2IFSL => Service Removed successfully.
C:\WINDOWS\Tasks\Windows Defrag.job => Moved successfully.
EmptyTemp: => Removed 559.3 MB temporary data.


The system needed a reboot.

==== End of Fixlog 15:56:27 ====



Chrome browser ne koristim niti ga imam instaliranog na racunaru a uspio sam ti od AVG-a jedino uslikati sliku karantina gdje sam nasao sta detektuje pa evo:


mycity.rs/must-login.png

Kako je PrintScreen preko 5 mb ubacio sam u Win Rar

Dopuna: 28 Maj 2015 16:49

Samo da dodam da AVG jos uvijek detektuje pomenutu prijetnju

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8466
  • Gde živiš: Novi Beograd

Preuzmi "Xplode"-ov AdwCleaner () i sacuvaj ga na Desktop

Dvoklikom pokreni program.
Klikni na dugme [Scan] i pricekaj da program zavrsi.
Klikni na dugme [Clean]
Program ce zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni Ok kao potvrdu.
Na sledeca dva prozora koja se otvore (Informations i Restart required ) klikni Ok


Racunar ce se restartovati a potom otvoriti notepad (C:\AdwCleaner[S1].txt) sa izvestajem.
Sacuvaj taj notepad na Desktop i okaci ga uz poruku koristeci opciju "Prikaci fajl"

Napomena: Izvestaj ce takodje biti sacuvan na C:\AdwCleaner[S0].txt

offline
  • Pridružio: 14 Maj 2012
  • Poruke: 89

Evo izvjestaj hitnom posiljkom


mycity.rs/must-login.png

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8466
  • Gde živiš: Novi Beograd

Jos malo provere i ciscenja:

Preuzmi smeenk-ov zoek.zip ili zoek.rar () sa ovog ili ovog linka i sačuvaj ga na Desktop.

Raspakuj arhivu u neki folder (uputstvo), a zatim:

zatvori browser i ostale pokrenute programe;
privremeno deaktiviraj zaštitni softver ( ukoliko je to potrebno ) Uputstvo ;
dvoklikom pokreni zoek na ikonicu programa ;
pričekaj da se alat startuje ...


U beli okvir prozora iskopiraj sledeći tekst:

 
emptyalltemp;
emptyclsid;
emptyfolderscheck;delete
autoclean;
resethosts;


Klikni na dugme i pričekaj da se skeniranje završi.


zoek ce po potrebi, restartovati Windows a na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.

Napomena:Izveštaj će biti sačuvan pod nazivom zoek-results.log na sistemskoj particiji (tipična lokacija: C:\zoek-results.log)


Arrow Kopiraj sadrzaj tog loga u poruku.

offline
  • Pridružio: 14 Maj 2012
  • Poruke: 89

Napisano: 28 Maj 2015 21:45

Evo ga konacno i Zoek odradi svoje;


Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by ibm on Thu 05/28/2015 at 20:48:55.81.
Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Documents and Settings\ibm\Desktop\ZOEK\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

5/28/2015 8:49:43 PM Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

==== Empty Folders Check ======================

C:\Program Files\Common Files\Eye 312 deleted successfully
C:\Documents and Settings\ibm\Application Data\uTorrent deleted successfully
C:\Documents and Settings\ibm\Local Settings\Application Data\Adobe deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

ProfilePath: C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\j2tzdyds.default

user.js not found
---- Lines Clock Hand removed from prefs.js ----
user_pref("extensions.Clock Hand.aul", "1425310836444");
user_pref("extensions.Clock Hand.irl", true);
user_pref("extensions.Clock Hand.is", "isgiwhBA");
user_pref("extensions.Clock Hand.ug", "6B926DB2-93A5-4A9A-9088-CCB1C22DED8C");
---- Lines a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829 removed from prefs.js ----
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.389579c4-efa9-4d96-a1dd-3c86f7bd1a51@gmail.coma389579c4efa94d96a1dd3c86f7bd
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.389579c4-efa9-4d96-a1dd-3c86f7bd1a51@gmail.coma389579c4efa94d96a1dd3c86f7bd
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.389579c4-efa9-4d96-a1dd-3c86f7bd1a51@gmail.comasyncdb_dbWasSet", true);
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.389579c4-efa9-4d96-a1dd-3c86f7bd1a51@gmail.comasyncdb_dbWasSet_FF25_FIX", t
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.389579c4-efa9-4d96-a1dd-3c86f7bd1a51@gmail.comasyncinternaldb_dbWasSet", tr
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.389579c4-efa9-4d96-a1dd-3c86f7bd1a51@gmail.comasyncinternaldb_dbWasSet_FF25
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.active", true);
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.addressbar", "NA");
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.addressbarenhanced", "");
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.asyncdb.was_copied", "true");
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.asyncinternaldb.was_copied", "true");
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.backgroundver", 4);
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.certdomaininstaller", "");
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.changeprevious", false);
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100 (Ce
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.cookie.InstallationTime.value", "%221432710275%22");
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100 (Cen
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.cookie.InstallerParams.value", "%7B%22source_id%22%3A%22001504%22%2C%22sub_
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.description", "Just Save");
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.domain", "");
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.enablesearch", false);
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.homepage", "");
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.iframe", false);
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.InstallationThankYouPage", true);
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.InstallationTime", 1432710275);
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.internaldb.__defualt_browser__.expiration", "Fri Feb 01 2030 00:00:00 GMT+0
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.internaldb.__defualt_browser__.value", "%22ff%22");
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.internaldb._installer_additional_info.expiration", "Fri Feb 01 2030 00:00:0
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.internaldb._installer_additional_info.value", "%7B%22asw%22%3A%5B1%2C-21474
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.internaldb.installer.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100 (Centr
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.internaldb.installer.value", "%7B%22InstallerIdentifiers%22%3A%7B%22install
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.internaldb.InstallerIdentifiers.expiration", "Fri Feb 01 2030 00:00:00 GMT+
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.internaldb.InstallerIdentifiers.value", "%7B%22installer_bic%22%3A%22560e5d
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.internaldb.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.internaldb.InstallerParams.value", "%7B%22source_id%22%3A%22001504%22%2C%22
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.internaldb.InstallerParamsCache.expiration", "Fri Feb 01 2030 00:00:00 GMT+
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.internaldb.InstallerParamsCache.value", "%7B%22source_id%22%3A%22001504%22%
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.internaldb.InstallerUserIdentifiersCache.expiration", "Fri Feb 01 2030 00:0
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.internaldb.InstallerUserIdentifiersCache.value", "%7B%22installer_bic%22%3A
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.internaldb.monetization_plugin_bundledUrls.expiration", "Fri Feb 01 2030 00
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.internaldb.monetization_plugin_bundledWithHash.expiration", "Fri Feb 01 203
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.internaldb.monetization_plugin_bundledWithHash.value", "null");
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.internaldb.monetization_plugin_last_executable_request.expiration", "Wed Ma
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.internaldb.monetization_plugin_last_executable_request.value", "%22http%3A/
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.internaldb.monetization_plugin_notBundledArr_.expiration", "Fri Feb 01 2030
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.internaldb.monetization_plugin_notBundledArr_.value", "%5B%5D");
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.internaldb.monetization_plugin_regBundledWithSoftware.expiration", "Fri Feb
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.internaldb.monetization_plugin_regBundledWithSoftware.value", "%7B%7D");
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.internaldb.reporting_user_key_index.expiration", "Sat May 24 2025 09:07:52
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.internaldb.reporting_user_key_index.value", "7");
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.internaldb.Resources_appVer.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.internaldb.Resources_appVer.value", "53");
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.internaldb.Resources_lastVersion.expiration", "Fri Feb 01 2030 00:00:00 GMT
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.internaldb.Resources_lastVersion.value", "1");
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.internaldb.Resources_meta.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100 (
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.internaldb.Resources_meta.value", "%7B%7D");
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.internaldb.Resources_nextCheck.expiration", "Wed May 27 2015 15:07:53 GMT+0
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.internaldb.Resources_nextCheck.value", "true");
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.internaldb.Resources_queue.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.internaldb.Resources_queue.value", "%7B%7D");
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.lastDailyReport", "1432710469848");
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.lastUpdate", "1432710469661");
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.manifesturl", "");
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.name", "SavePass 1.1");
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.newtab", "");
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.opensearch", "");
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.pluginsurl", "http://js.lockmaprack.com/plugin/apps/69829/plugins/na/ff/plu
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.pluginsversion", 45);
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.publisher", "OB");
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.searchstatus", 0);
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.setnewtab", false);
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.thankyou", "");
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.updateinterval", 360);
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.ver", 53);
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.apps", "69829");
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.bic", "14d9432b6d5dcd9f03d53cabc33d0097");
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.cid", 69829);
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.firstrun", false);
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.hadappinstalled", true);
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.installationdate", 1432710461);
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.installerAdditionalInfo", "{\"asw\":[1, -2147483644, 0, 0],\"browser_name\":\"ff\
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.modetype", "production");
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.reportInstall", true);
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.statsDailyCounter", 1);
---- Lines aTTSD90021300PYDKGV101145942com70881 removed from prefs.js ----
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.active", true);
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.addressbar", "NA");
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.addressbarenhanced", "");
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.asyncdb.was_copied", "true");
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.asyncinternaldb.was_copied", "true");
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.backgroundver", 4);
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.certdomaininstaller", "");
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.changeprevious", false);
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100 (Central Euro
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.cookie.InstallationTime.value", "%221432710408%22");
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100 (Central Europ
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.cookie.InstallerParams.value", "%7B%22source_id%22%3A%22001729%22%2C%22sub_id%22%3A%2
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.cookie.uc.expiration", "Wed Jun 10 2015 09:43:40 GMT+0200 (Central Europe Standard Ti
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.cookie.uc.value", "%22%5C%22XX%5C%22%22");
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.description", "Ge-Force");
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.domain", "");
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.enablesearch", false);
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.homepage", "");
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.iframe", false);
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.InstallationThankYouPage", true);
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.InstallationTime", 1432710408);
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.internaldb.__defualt_browser__.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100 (Centr
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.internaldb.__defualt_browser__.value", "%22ff%22");
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.internaldb._installer_additional_info.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.internaldb._installer_additional_info.value", "%7B%22asw%22%3A%5B1%2C-2139095036%2C0%
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.internaldb.installer.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100 (Central Europe
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.internaldb.installer.value", "%7B%22InstallerIdentifiers%22%3A%7B%22installer_bic%22%
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.internaldb.InstallerIdentifiers.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100 (Cent
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.internaldb.InstallerIdentifiers.value", "%7B%22installer_bic%22%3A%22560e5d7f5ad273b7
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.internaldb.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100 (Central E
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.internaldb.InstallerParams.value", "%7B%22source_id%22%3A%22001729%22%2C%22sub_id%22%
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.internaldb.InstallerParamsCache.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100 (Cent
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.internaldb.InstallerParamsCache.value", "%7B%22source_id%22%3A%22001729%22%2C%22sub_i
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.internaldb.InstallerUserIdentifiersCache.expiration", "Fri Feb 01 2030 00:00:00 GMT+0
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.internaldb.InstallerUserIdentifiersCache.value", "%7B%22installer_bic%22%3A%22560e5d7
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.internaldb.monetization_plugin_bundledUrls.expiration", "Fri Feb 01 2030 00:00:00 GMT
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.internaldb.monetization_plugin_bundledWithHash.expiration", "Fri Feb 01 2030 00:00:00
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.internaldb.monetization_plugin_bundledWithHash.value", "null");
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.internaldb.monetization_plugin_last_executable_request.expiration", "Wed May 27 2015
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.internaldb.monetization_plugin_last_executable_request.value", "%22http%3A//download.
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.internaldb.monetization_plugin_notBundledArr_.expiration", "Fri Feb 01 2030 00:00:00
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.internaldb.monetization_plugin_notBundledArr_.value", "%5B%5D");
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.internaldb.monetization_plugin_regBundledWithSoftware.expiration", "Fri Feb 01 2030 0
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.internaldb.monetization_plugin_regBundledWithSoftware.value", "%7B%7D");
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.internaldb.reporting_user_key_index.expiration", "Sat May 24 2025 09:10:18 GMT+0200 (
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.internaldb.reporting_user_key_index.value", "729");
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.internaldb.Resources_appVer.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100 (Central
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.internaldb.Resources_appVer.value", "50");
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.internaldb.Resources_lastVersion.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100 (Cen
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.internaldb.Resources_lastVersion.value", "1");
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.internaldb.Resources_meta.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100 (Central Eu
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.internaldb.Resources_nextCheck.expiration", "Wed May 27 2015 15:25:19 GMT+0200 (Centr
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.internaldb.Resources_nextCheck.value", "true");
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.internaldb.Resources_queue.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100 (Central E
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.internaldb.Resources_remote_resources.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.internaldb.Resources_remote_resources.value", "%7B%22remoteId%22%3A0%7D");
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.internaldb.Resources_resource_1002242.expiration", "Tue Aug 25 2015 09:44:17 GMT+0200
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.internaldb.Resources_resource_1002243.expiration", "Tue Aug 25 2015 09:44:17 GMT+0200
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.internaldb.Resources_resource_1002245.expiration", "Tue Aug 25 2015 09:44:17 GMT+0200
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.internaldb.Resources_resource_1002246.expiration", "Tue Aug 25 2015 09:25:19 GMT+0200
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.internaldb.Resources_resource_1002247.expiration", "Tue Aug 25 2015 09:44:17 GMT+0200
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.internaldb.Resources_resource_1002248.expiration", "Tue Aug 25 2015 09:44:17 GMT+0200
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.internaldb.Resources_resource_1002250.expiration", "Tue Aug 25 2015 09:44:17 GMT+0200
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.lastDailyReport", "1432710607429");
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.lastUpdate", "1432710607314");
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.manifesturl", "");
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.name", "Ge-Force");
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.newtab", "");
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.opensearch", "");
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.pluginsurl", "http://js.lockmaprack.com/plugin/apps/70881/plugins/na/ff/plugins.json"
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.pluginsversion", 43);
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.publisher", "Webar");
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.searchstatus", 0);
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.setnewtab", false);
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.thankyou", "");
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.TTSD90021300@PYDKGV101145942.comasyncdb_dbWasSet", true);
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.TTSD90021300@PYDKGV101145942.comasyncdb_dbWasSet_FF25_FIX", true);
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.TTSD90021300@PYDKGV101145942.comasyncinternaldb_dbWasSet", true);
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.TTSD90021300@PYDKGV101145942.comasyncinternaldb_dbWasSet_FF25_FIX", true);
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.TTSD90021300@PYDKGV101145942.comaTTSD90021300PYDKGV101145942com70881_dbWasSet", true)
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.TTSD90021300@PYDKGV101145942.comaTTSD90021300PYDKGV101145942com70881_dbWasSet_FF25_FI
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.updateinterval", 360);
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.ver", 50);
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.apps", "70881");
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.bic", "14d9432b6d5dcd9f03d53cabc33d0097");
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.cid", 70881);
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.firstrun", false);
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.hadappinstalled", true);
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.installationdate", 1432710603);
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.installerAdditionalInfo", "{\"asw\":[1, -2139095036, 0, 2048],\"browser_name\":\"ff\",\"pro
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.modetype", "production");
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.reportInstall", true);
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.statsDailyCounter", 1);
---- Lines ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299 removed from prefs.js ----
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.70299.active", true);
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.70299.addressbar", "NA");
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.70299.addressbarenhanced", "");
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.70299.asyncdb.was_copied", "true");
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.70299.asyncinternaldb.was_copied", "true");
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.70299.backgroundver", 5);
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.70299.certdomaininstaller", "");
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.70299.changeprevious", false);
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.70299.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.70299.cookie.InstallationTime.value", "%221432710408%22");
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.70299.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00:0
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.70299.cookie.InstallerParams.value", "%7B%22source_id%22%3A%220
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.70299.description", ".");
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.70299.domain", "");
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.70299.e9d197d59f2f45f382b1aa5c14d82@8706aaed9b904554b5cb7984e9.
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.70299.e9d197d59f2f45f382b1aa5c14d82@8706aaed9b904554b5cb7984e9.
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.70299.e9d197d59f2f45f382b1aa5c14d82@8706aaed9b904554b5cb7984e9.
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.70299.e9d197d59f2f45f382b1aa5c14d82@8706aaed9b904554b5cb7984e9.
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.70299.e9d197d59f2f45f382b1aa5c14d82@8706aaed9b904554b5cb7984e9.
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.70299.e9d197d59f2f45f382b1aa5c14d82@8706aaed9b904554b5cb7984e9.
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.70299.enablesearch", false);
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.70299.homepage", "");
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.70299.iframe", false);
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.70299.InstallationThankYouPage", true);
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.70299.InstallationTime", 1432710408);
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.70299.internaldb.__defualt_browser__.expiration", "Fri Feb 01 2
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.70299.internaldb.__defualt_browser__.value", "%22ff%22");
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.70299.internaldb._installer_additional_info.expiration", "Fri F
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.70299.internaldb._installer_additional_info.value", "%7B%22asw%
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.70299.internaldb.installer.expiration", "Fri Feb 01 2030 00:00:
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.70299.internaldb.installer.value", "%7B%22InstallerIdentifiers%
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.70299.internaldb.InstallerIdentifiers.expiration", "Fri Feb 01
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.70299.internaldb.InstallerIdentifiers.value", "%7B%22installer_
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.70299.internaldb.InstallerParams.expiration", "Fri Feb 01 2030
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.70299.internaldb.InstallerParams.value", "%7B%22source_id%22%3A
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.70299.internaldb.InstallerParamsCache.expiration", "Fri Feb 01
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.70299.internaldb.InstallerParamsCache.value", "%7B%22source_id%
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.70299.internaldb.InstallerUserIdentifiersCache.expiration", "Fr
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.70299.internaldb.InstallerUserIdentifiersCache.value", "%7B%22i
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.70299.internaldb.monetization_plugin_bundledUrls.expiration", "
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.70299.internaldb.monetization_plugin_bundledWithHash.expiration
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.70299.internaldb.monetization_plugin_bundledWithHash.value", "n
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.70299.internaldb.monetization_plugin_last_executable_request.ex
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.70299.internaldb.monetization_plugin_last_executable_request.va
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.70299.internaldb.monetization_plugin_notBundledArr_.expiration"
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.70299.internaldb.monetization_plugin_notBundledArr_.value", "%5
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.70299.internaldb.monetization_plugin_regBundledWithSoftware.exp
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.70299.internaldb.monetization_plugin_regBundledWithSoftware.val
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.70299.internaldb.reporting_user_key_index.expiration", "Sat May
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.70299.internaldb.reporting_user_key_index.value", "847");
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.70299.internaldb.Resources_appVer.expiration", "Fri Feb 01 2030
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.70299.internaldb.Resources_appVer.value", "51");
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.70299.internaldb.Resources_lastVersion.expiration", "Fri Feb 01
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.70299.internaldb.Resources_lastVersion.value", "1");
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.70299.internaldb.Resources_meta.expiration", "Fri Feb 01 2030 0
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.70299.internaldb.Resources_meta.value", "%7B%7D");
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.70299.internaldb.Resources_nextCheck.expiration", "Wed May 27 2
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.70299.internaldb.Resources_nextCheck.value", "true");
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.70299.internaldb.Resources_queue.expiration", "Fri Feb 01 2030
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.70299.internaldb.Resources_queue.value", "%7B%7D");
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.70299.internaldb.Resources_remote_resources.expiration", "Fri F
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.70299.internaldb.Resources_remote_resources.value", "%7B%22remo
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.70299.lastDailyReport", "1432710606672");
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.70299.lastUpdate", "1432710606359");
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.70299.manifesturl", "");
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.70299.name", "Sense");
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.70299.newtab", "");
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.70299.opensearch", "");
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.70299.pluginsurl", "http://js.lockmaprack.com/plugin/apps/70299
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.70299.pluginsversion", 43);
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.70299.publisher", "Sense+");
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.70299.searchstatus", 0);
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.70299.setnewtab", false);
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.70299.thankyou", "");
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.70299.updateinterval", 360);
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.70299.ver", 51);
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.apps", "70299");
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.bic", "14d9432b6d5dcd9f03d53cabc33d0097");
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.cid", 70299);
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.firstrun", false);
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.hadappinstalled", true);
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.installationdate", 1432710603);
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.installerAdditionalInfo", "{\"asw\":[1, -2139095036, 0, 2048],\
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.modetype", "production");
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.reportInstall", true);
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.statsDailyCounter", 1);
---- FireFox user.js and prefs.js backups ----

prefs_20150528_0917_.backup

==== Deleting Files \ Folders ======================

C:\Program Files\WindowsUpdate deleted
C:\DOCUME~1\ALLUSE~1\APPLIC~1\14853553822045563346 deleted
C:\Program Files\AVG Web TuneUp deleted
C:\Documents and Settings\ibm\Local Settings\Application Data\CrashRpt deleted
C:\WINDOWS\SET3.tmp deleted
C:\WINDOWS\SET4.tmp deleted
C:\WINDOWS\SET8.tmp deleted
C:\WINDOWS\WININIT.INI deleted
C:\WINDOWS\system32\GroupPolicy\Adm deleted
C:\WINDOWS\system32\GroupPolicy\Machine deleted
C:\WINDOWS\system32\GroupPolicy\User deleted
C:\WINDOWS\system32\GroupPolicy\gpt.ini deleted
"C:\Documents and Settings\ibm\Application Data\ViberPC\config.db" deleted
"C:\Documents and Settings\ibm\Application Data\ViberPC\info.db" deleted
"C:\Documents and Settings\ibm\Application Data\ViberPC" deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension" [05/28/2015 08:11 PM]

==== Firefox Extensions ======================

ProfilePath: C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\j2tzdyds.default
- YouTube Flash Player - %ProfilePath%\extensions\jid1-HAV2inXAnQPIeA@jetpack.xpi

AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\j2tzdyds.default
9AE02005247DA91AB1743F5208DBEF76 - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll - Shockwave Flash
225D76851EFC6144B4BAD941B3E8989D - C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll - Java(TM) Platform SE 8 U31
B66B4D28D7D0C6322FF235C782CD6B76 - C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 8.0.310.13
28000D7EEB2FD95A36E1A7539F599C3B - C:\Program Files\Windows Media Player\npdrmv2.dll - Microsoft® DRM
5D41BCD19A3D90E4EBB58A6BFB79E4F7 - C:\Program Files\Windows Media Player\npdsplay.dll - Windows Media Player Plug-in Dynamic Link Library
8B6884E3E1E5F8ABA5FA0C6A2B13181D - C:\Program Files\Windows Media Player\npwmsdrm.dll - Microsoft® DRM
AB87EEFFD18F2BAAFC274E7075EA6C67 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://www.bing.com/search?q={searchTerms}"
"CustomizeSearch"="http://www.bing.com/search?q={searchTerms}"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"CustomizeSearch"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm"
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

==== Empty IE Cache ======================

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\3TVT97EM will be deleted at reboot
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\LKV8H74F will be deleted at reboot
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\V62I8LQ8 will be deleted at reboot
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\YIMPCEUL will be deleted at reboot
C:\Documents and Settings\ibm\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Documents and Settings\ibm\Local Settings\Application Data\Mozilla\Firefox\Profiles\j2tzdyds.default\cache2 emptied successfully

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=22 folders=10 8344046 bytes)

==== Empty Temp Folders ======================

C:\Documents and Settings\Default User\Local Settings\Temp emptied successfully
C:\Documents and Settings\ibm\Local Settings\Temp will be emptied at reboot
C:\Documents and Settings\LocalService\Local Settings\Temp emptied successfully
C:\Documents and Settings\NetworkService\Local Settings\Temp emptied successfully
C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\DOCUME~1\ibm\LOCALS~1\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\RECYCLER successfully emptied

==== Deleting Files / Folders ======================

"C:\Documents and Settings\ibm\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\3TVT97EM" not deleted
"C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\LKV8H74F" not deleted
"C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\V62I8LQ8" not deleted
"C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\YIMPCEUL" not deleted

==== EOF on Thu 05/28/2015 at 21:40:43.21 ======================

Dopuna: 28 Maj 2015 21:48

Jos da napomenem da mi je u toku rada Zoek-a iskocio prozor kao nesto da treba uraditi update Net Fraemworka koji sam samo iskljucio

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8466
  • Gde živiš: Novi Beograd

Da li ima nekih problema, osim tih obavestenja u AVGu, sto cemo probati da resimo poslednjim korakom?

offline
  • Pridružio: 14 Maj 2012
  • Poruke: 89

Do ovog zadnjeg koraka odnosno Zoek-a jos je bio ocajno spor ( da nebude zabune inace nije sampion u brzini, neka prastara 4-ka ) al koliko sam uspio ovako nakratko da vidim sad bi trebalo da je po starom

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8466
  • Gde živiš: Novi Beograd

Sledeci alat bi trebalo da resi problem sa AVGom koji stalno prijavljuje problem u System restoru. Program bi trebalo da ukloni stare Restore tacke i da napravi novu, pa bi problem trebalo da bude resen.

Sledeća procedura će implementirati završno čišćenje.



Arrow Preuzmi "Xplode"-ov DelFix alat i snimi ga na Desktop.

Dvoklikom pokreni alat i štikliraj kućice ispred sledećih opcija;
Remove disinfection tools
Create registry backup
Purge System Restore


Klikni na dugme Run i pričekaj trenutak dok alat ne završi svoj rad.

Od ovog trenutka, svi korišćeni alati u ovoj temi bi trebali biti obrisani.
Ukoliko neki alat ili izveštaj nije uklonjen, slobodno ih obriši ručno.


Alat će takođe formirati izveštaj za tebe. (C:\DelFix.txt)
- Alat će snimiti i zdravo stanje registy-ja i napraviti backup koristeci integrisan program "ERUNT" u %windir%\ERUNT\DelFix
- DelFix briše stare system restore tačke i pravi novu, svežu tačku nakon čišćenja.

Ko je trenutno na forumu
 

Ukupno su 679 korisnika na forumu :: 25 registrovanih, 4 sakrivenih i 650 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: awathorn, bato, Boris90, Brankoni, dac, Dorcolac, dragon986, dule10savic, FOX, g0xy, goxin, I AM THE KING, ivan979, Kaplar2, krlebgd77, Mitraljeta, Mixelotti, ozzy, raso76, S.Palestinac, Sr.Stat., Toni, vlvl, vukdra, Wisdomseeker