1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

CPU usage 60-100% when idle

Discussion in 'Windows Vista' started by gking13, Nov 24, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. gking13

    gking13 Thread Starter

    Joined:
    Nov 24, 2013
    Messages:
    14
    Hello,
    Before i give up and just delete this process all together, I thought I would ask people who actually knew what they were doing.
    My CPU usage is constantly between 60-100% (almost always 100%) even when I'm doing nothing. In Processes, ftgrrifc.exe from AppData-Roaming takes up 40-50% of my CPU usage. Also, System Idle Process can jump anywhere from very low to near 50%. Skype.exe can also jump from nothing to 50% for a few seconds.
    I would like my laptop to go to the good old days where i could actually play games/videos on my laptop. I am the only user on the laptop.
    Microsoft Security Essentials says the laptop is clean, and Malwarebytes says I have no malware.

    My operating system:
    Windows Vista Home Premium 2007
    AMD Turion(tm) X2 Dual-Core Mobile RM-77 2.30GHz
    RAM: 4.00GB
    32-bit Operating System

    Tech Support Guy System Info Utility version 1.0.0.2
    OS Version: Microsoft® Windows Vista™ Home Premium, Service Pack 2, 32 bit
    Processor: AMD Turion(tm) X2 Dual-Core Mobile RM-77, x64 Family 17 Model 3 Stepping 1
    Processor Count: 2
    RAM: 2941 Mb
    Graphics Card: ATI Radeon 3100 Graphics, 256 Mb
    Hard Drives: C: Total - 291612 MB, Free - 146134 MB;
    Motherboard: TOSHIBA, KSWAE
    Antivirus: Microsoft Security Essentials, Updated and Enabled
     
  2. blues_harp28

    blues_harp28 Trusted Advisor

    Joined:
    Jan 9, 2005
    Messages:
    18,425
    Hi, download Security Check by screen317 from.
    http://screen317.spywareinfoforum.org/
    Or
    http://www.bleepingcomputer.com/download/securitycheck/

    Save it to your Desktop.
    Double click the install icon.
    If using Vista or Win 7 - right click the icon - run as Administrator
    A command Prompt window will open.
    Let it scan the Pc - press any key when asked.
    It should now open in Notepad.
    Copy and Paste the result of the scan in the reply box below.

    The saved log will be called checkup.txt.
    ====
    Download AdwCleaner to your desktop.
    Click on the Download Now button and save it to your desktop.

    NOTE: If using Internet Explorer and you get an alert that stops the program downloading click on Tools > Smartscreen Filter > Turn off Smartscreen Filter then click on OK in the box that opens. Then click on the link again.

    Close any browsers that may be open - double click on the ADWCleaner icon on your desktop

    Click on the Scan button.
    Let it scan your Pc - when that is done click on the Clean button.
    Allow it to clean and reboot your Pc.
    The report will appear on your desktop - Copy and Paste it into your next post.
     
  3. gking13

    gking13 Thread Starter

    Joined:
    Nov 24, 2013
    Messages:
    14
    Alrighties, done.
    Here are the results:

    Checkup

    Results of screen317's Security Check version 0.99.77
    Windows Vista Service Pack 2 x86 (UAC is enabled)
    Internet Explorer 9
    Internet Explorer 8
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Microsoft Security Essentials
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Malwarebytes Anti-Malware version 1.75.0.1300
    Java(TM) 6 Update 11
    Java 7 Update 45
    Adobe Flash Player 10 Flash Player out of Date!
    Adobe Reader 9 Adobe Reader out of Date!
    Google Chrome 30.0.1599.101
    Google Chrome 31.0.1650.57
    ````````Process Check: objlist.exe by Laurent````````
    Microsoft Security Essentials MSMpEng.exe
    Microsoft Security Essentials msseces.exe
    Microsoft Small Business Business Contact Manager BcmSqlStartupSvc.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 2 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
    ````````````````````End of Log``````````````````````


    ADW Cleaner

    # AdwCleaner v3.013 - Report created 26/11/2013 at 08:36:56
    # Updated 24/11/2013 by Xplode
    # Operating System : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
    # Username : Georgina - GEORGINA-PC
    # Running from : C:\Users\Georgina\Downloads\AdwCleaner.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    Folder Deleted : C:\ProgramData\StarApp
    Folder Deleted : C:\ProgramData\Trymedia
    Folder Deleted : C:\ProgramData\EboookBrowse
    Folder Deleted : C:\ProgramData\safe save
    Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EboookBrowse
    Folder Deleted : C:\Program Files\Ask.com
    Folder Deleted : C:\Users\Georgina\AppData\Local\PackageAware
    Folder Deleted : C:\Users\Georgina\AppData\LocalLow\FunWebProducts
    Folder Deleted : C:\Users\Georgina\AppData\LocalLow\MyWebSearch
    Folder Deleted : C:\Users\Georgina\AppData\LocalLow\EboookBrowse
    Folder Deleted : C:\Users\Georgina\AppData\LocalLow\safe save
    Folder Deleted : C:\Users\Georgina\AppData\Roaming\optimizer pro
    Folder Deleted : C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Extensions\dohjbikodjekdjnjpoiokfclnplgnang

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll
    Key Deleted : HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A4730EBE-43A6-443E-9776-36915D323AD3}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45DD-9B68-D6A12C30E5D7}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48DD-9B6D-7A13A3E42127}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40FD-8DAE-FF14757F60C7}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
    Key Deleted : HKCU\Software\MyWebSearch
    Key Deleted : HKCU\Software\Optimizer Pro
    Key Deleted : HKCU\Software\AppDataLow\Software\Fun Web Products
    Key Deleted : HKCU\Software\AppDataLow\Software\FunWebProducts
    Key Deleted : HKCU\Software\AppDataLow\Software\MyWebSearch
    Key Deleted : HKLM\Software\FocusInteractive
    Key Deleted : HKLM\Software\Fun Web Products
    Key Deleted : HKLM\Software\FunWebProducts
    Key Deleted : HKLM\Software\MyWebSearch
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{E5B7E1B4-21FC-6765-A3D7-BA0416DC6AF7}

    ***** [ Browsers ] *****

    -\\ Internet Explorer v9.0.8112.16520


    -\\ Google Chrome v31.0.1650.57

    [ File : C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\preferences ]


    *************************

    AdwCleaner[R0].txt - [4777 octets] - [26/11/2013 08:34:37]
    AdwCleaner[S0].txt - [4820 octets] - [26/11/2013 08:36:56]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4880 octets] ##########
     
  4. blues_harp28

    blues_harp28 Trusted Advisor

    Joined:
    Jan 9, 2005
    Messages:
    18,425
    ADWCleaner needs to run until it comes back clean.
    Run again - Scan and then Clean - post the log file.
    ====
    Post a Hjt log - to see what is running on your system.
    http://www.bleepingcomputer.com/download/hijackthis/
    Download the EXE version.
    • Save HJTInstall.exe to your desktop.
    • Doubleclick on the HJTInstall.exe icon on your desktop.
    • By default it will install to C:\Program Files\Trend Micro\HijackThis .
    • Click on Install.
    • It will create a HijackThis icon on the desktop.
    • Once installed, it will launch Hijackthis.
    • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    • Come back here to this thread and Paste the log in your next reply.
    • DO NOT use the AnalyseThis button, its findings are dangerous if misinterpreted.
    • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

    Also post the uninstall log from Hjt log
    Start HiJackThis.
    At the bottom right - Other Stuff
    Click on Config > Misc Tools.
    Click > Open Uninstall Manager.
    Click > Save List.
    Save the uninstall list file on your desktop.
    It will then open in Notepad.
    Click Edit > Select All > Edit > Copy-and-Paste the uninstall list in the reply box.
    ===
    Should the Hjt log not be accessible - you may need to disable UAC.
    Go to Control Panel - User Accounts, then turn off and disable the User Account Control[UAC]
    Apply the change > restart your computer.
    Make sure that you turn on User Accounts - once we have checked your system.
     
  5. gking13

    gking13 Thread Starter

    Joined:
    Nov 24, 2013
    Messages:
    14
    alright.

    i've run ADW twice, heres the log

    # AdwCleaner v3.013 - Report created 26/11/2013 at 13:53:28
    # Updated 24/11/2013 by Xplode
    # Operating System : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
    # Username : Georgina - GEORGINA-PC
    # Running from : C:\Users\Georgina\Downloads\AdwCleaner.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****


    ***** [ Browsers ] *****

    -\\ Internet Explorer v9.0.8112.16520


    -\\ Google Chrome v31.0.1650.57

    [ File : C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\preferences ]


    *************************

    AdwCleaner[R0].txt - [4777 octets] - [26/11/2013 08:34:37]
    AdwCleaner[R1].txt - [906 octets] - [26/11/2013 13:37:57]
    AdwCleaner[R2].txt - [1020 octets] - [26/11/2013 13:51:00]
    AdwCleaner[S0].txt - [4960 octets] - [26/11/2013 08:36:56]
    AdwCleaner[S1].txt - [966 octets] - [26/11/2013 13:42:04]
    AdwCleaner[S2].txt - [943 octets] - [26/11/2013 13:53:28]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1002 octets] ##########

    Hijack This:

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 3:05:24 PM, on 26/11/2013
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v9.00 (9.00.8112.16520)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
    C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
    C:\Program Files\Real\RealPlayer\Update\realsched.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Hostless Modem\Telstra USB+Wi-Fi\CheckNDISPort_df.exe
    C:\Program Files\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Windows\ehome\ehtray.exe
    C:\Users\Georgina\AppData\Roaming\jvhiagvi\ftgrrifc.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Users\Georgina\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Windows\system32\RunDll32.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
    C:\Program Files\Hostless Modem\Telstra USB+Wi-Fi\ShowTip.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Windows\System32\mobsync.exe
    C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/?ref=hp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = www-proxy.adelaide.edu.au:8080
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
    O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
    O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [TWebCamera] "%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
    O4 - HKLM\..\Run: [Trend Micro Titanium] "C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" -set Silent "1" SplashURL ""
    O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
    O4 - HKLM\..\Run: [TPCHWMsg] %ProgramFiles%\TOSHIBA\TPHM\TPCHWMsg.exe
    O4 - HKLM\..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
    O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
    O4 - HKLM\..\Run: [SmartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
    O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [NDSTray.exe] "C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe"
    O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [HWSetup] "C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" hwSetUP
    O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
    O4 - HKLM\..\Run: [cfFncEnabler.exe] "C:\Program Files\TOSHIBA\ConfigFree\cfFncEnabler.exe"
    O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
    O4 - HKLM\..\Run: [CheckNDISPort_df] C:\Program Files\Hostless Modem\Telstra USB+Wi-Fi\CheckNDISPort_df.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Georgina\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [Classes] C:\Users\Georgina\AppData\Roaming\jvhiagvi\ftgrrifc.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Startup: Dropbox.lnk = C:\Users\Georgina\AppData\Roaming\Dropbox\bin\Dropbox.exe
    O4 - Startup: Monitor Ink Alerts - HP Photosmart 5520 series.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
    O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: TOSHIBA Web Camera Service (camsvc) - TOSHIBA - C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe
    O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: TOSHIBA Modem region select service (RSELSVC) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
    O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
    O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
    O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
    O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe
    O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
    O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe

    --
    End of file - 11154 bytes

    Uninstall List:
    Update for Microsoft Office 2007 (KB2508958)
    Update for Microsoft Office 2007 (KB2508958)
    2007 Microsoft Office system
    Acrobat.com
    Activation Assistant for the 2007 Microsoft Office suites
    Adobe AIR
    Adobe AIR
    Adobe Flash Player 10 Plugin
    Adobe Flash Player 11 ActiveX
    Adobe Reader 9.5.5
    Adobe Shockwave Player 11.5
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Basic Histology Image Catalog
    Bejeweled 2 Deluxe 1.1
    Bejeweled Twist 1.0.3.7482
    Bing Bar
    Bonjour
    Business Contact Manager for Outlook 2007 SP2
    Business Contact Manager for Outlook 2007 SP2
    Catalyst Control Center - Branding
    Direct DiscRecorder
    DVD MovieFactory for TOSHIBA
    EndNote X4
    Facebook Video Calling 1.2.0.287
    GameHouse Games Collection: Academy of Magic
    GameHouse Games Collection: Adventure Inlay
    GameHouse Games Collection: Adventure Inlay - Safari Edition
    GameHouse Games Collection: Air Strike 3D
    GameHouse Games Collection: Alien Sky
    GameHouse Games Collection: Aloha Solitaire
    GameHouse Games Collection: Aloha TriPeaks
    GameHouse Games Collection: Ancient Tri-Jong
    GameHouse Games Collection: Ancient Tripeaks
    GameHouse Games Collection: Astrobatics
    GameHouse Games Collection: Atlantis
    GameHouse Games Collection: Atomaders
    GameHouse Games Collection: Bejeweled 2
    GameHouse Games Collection: Bewitched
    GameHouse Games Collection: Big Kahuna Reef
    GameHouse Games Collection: Boggle Supreme
    GameHouse Games Collection: Bounce Out Blitz
    GameHouse Games Collection: Casino Island To Go
    GameHouse Games Collection: Chainz
    GameHouse Games Collection: Chainz 2 - Relinked
    GameHouse Games Collection: Charm Solitaire
    GameHouse Games Collection: Charm Tale
    GameHouse Games Collection: Chicktionary
    GameHouse Games Collection: Chuzzle Deluxe
    GameHouse Games Collection: Collapse! Crunch
    GameHouse Games Collection: Combo Chaos!
    GameHouse Games Collection: Crystal Path
    GameHouse Games Collection: Cubis Gold 2
    GameHouse Games Collection: Digby's Donuts
    GameHouse Games Collection: Diner Dash
    GameHouse Games Collection: Feeding Frenzy
    GameHouse Games Collection: Fiber Twig
    GameHouse Games Collection: Five Card Deluxe
    GameHouse Games Collection: Flip Words
    GameHouse Games Collection: Flying Leo
    GameHouse Games Collection: Fortune Tiles Gold
    GameHouse Games Collection: Fresco Wizard
    GameHouse Games Collection: GameHouse Sudoku
    GameHouse Games Collection: Gearz
    GameHouse Games Collection: Granny in Paradise
    GameHouse Games Collection: Gutterball
    GameHouse Games Collection: Gutterball 2
    GameHouse Games Collection: Hamsterball
    GameHouse Games Collection: Hello!
    GameHouse Games Collection: Holiday Express
    GameHouse Games Collection: Iggle Pop!
    GameHouse Games Collection: Incadia
    GameHouse Games Collection: Incredible Ink
    GameHouse Games Collection: Insaniquarium Deluxe
    GameHouse Games Collection: Inspector Parker
    GameHouse Games Collection: Invadazoid
    GameHouse Games Collection: Jewel Quest
    GameHouse Games Collection: Lemonade Tycoon
    GameHouse Games Collection: Luxor
    GameHouse Games Collection: Mad Caps
    GameHouse Games Collection: Magic Ball
    GameHouse Games Collection: Magic Ball 2
    GameHouse Games Collection: Magic Ball 2 - New Worlds
    GameHouse Games Collection: Magic Inlay
    GameHouse Games Collection: Magic Vines
    GameHouse Games Collection: Mah Jong Adventures
    GameHouse Games Collection: Mah Jong Medley
    GameHouse Games Collection: Mah Jong Quest
    GameHouse Games Collection: Mahjong Garden To Go
    GameHouse Games Collection: Mahjong Towers Eternity
    GameHouse Games Collection: Maui Wowee
    GameHouse Games Collection: Phlinx To Go
    GameHouse Games Collection: Pin High Country Club Golf
    GameHouse Games Collection: Pizza Frenzy
    GameHouse Games Collection: Platypus
    GameHouse Games Collection: Poker Superstars
    GameHouse Games Collection: Puzzle Express
    GameHouse Games Collection: Puzzle Inlay
    GameHouse Games Collection: Puzzle Solitaire
    GameHouse Games Collection: QBz
    GameHouse Games Collection: Reader's Digest Super Word Power
    GameHouse Games Collection: Ricochet
    GameHouse Games Collection: Ricochet Lost Worlds
    GameHouse Games Collection: Ricochet Lost Worlds - Recharged
    GameHouse Games Collection: Roller Rush
    GameHouse Games Collection: Saints & Sinners Bingo
    GameHouse Games Collection: SCRABBLE
    GameHouse Games Collection: Shape Shifter
    GameHouse Games Collection: Slingo Deluxe
    GameHouse Games Collection: Spelvin
    GameHouse Games Collection: Splash
    GameHouse Games Collection: Spring Sprang Sprung
    GameHouse Games Collection: Super 5-Line Slots
    GameHouse Games Collection: Super Blackjack!
    GameHouse Games Collection: Super Bounce Out!
    GameHouse Games Collection: Super Candy Cruncher
    GameHouse Games Collection: Super Collapse!
    GameHouse Games Collection: Super Collapse! II
    GameHouse Games Collection: Super Collapse! II Platinum
    GameHouse Games Collection: Super Fruit Frolic
    GameHouse Games Collection: Super GameHouse Solitaire Vol. 1
    GameHouse Games Collection: Super GameHouse Solitaire Vol. 2
    GameHouse Games Collection: Super GameHouse Solitaire Vol. 3
    GameHouse Games Collection: Super Gem Drop
    GameHouse Games Collection: Super Glinx!
    GameHouse Games Collection: Super Letter Linker
    GameHouse Games Collection: Super Mah Jong Solitaire
    GameHouse Games Collection: Super Nisqually
    GameHouse Games Collection: Super PileUp!
    GameHouse Games Collection: Super Pool
    GameHouse Games Collection: Super Pop & Drop!
    GameHouse Games Collection: Super Rumble Cube
    GameHouse Games Collection: Super SpongeBob Collapse!
    GameHouse Games Collection: Super TextTwist
    GameHouse Games Collection: Super WHATword
    GameHouse Games Collection: Super Wild Wild Words
    GameHouse Games Collection: Tap a Jam
    GameHouse Games Collection: Ten Pin Championship Bowling Pro
    GameHouse Games Collection: Tennis Titans
    GameHouse Games Collection: Tradewinds 2
    GameHouse Games Collection: Trivia Machine
    GameHouse Games Collection: Tropical Swaps
    GameHouse Games Collection: Tumblebugs
    GameHouse Games Collection: Turtle Bay
    GameHouse Games Collection: Twistingo
    GameHouse Games Collection: Ultimate Dominoes
    GameHouse Games Collection: Varmintz Deluxe
    GameHouse Games Collection: Walls of Jericho, The
    GameHouse Games Collection: Wheel of Fortune
    GameHouse Games Collection: Word Jolt
    GameHouse Games Collection: Word Slinger
    GameHouse Games Collection: WordJong To Go
    GameHouse Games Collection: Zuma Deluxe
    Google Chrome
    Google Update Helper
    HiJackThis
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HP Photosmart 5520 series Basic Device Software
    HP Photosmart 5520 series Help
    HP Photosmart 5520 series Product Improvement Study
    HP Update
    HPDiagnosticCoreDll
    iPod for Windows 2005-09-23
    iTunes
    Java 7 Update 45
    Java(TM) 6 Update 11
    Malwarebytes Anti-Malware version 1.75.0.1300
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Client Profile
    Microsoft Office 2003 Web Components
    Microsoft Office 2007 Primary Interop Assemblies
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Home and Student 2007
    Microsoft Office Home and Student 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Professional Hybrid 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Small Business Connectivity Components
    Microsoft Office Word MUI (English) 2007
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft Silverlight
    Microsoft SQL Server 2005
    Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
    Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
    Microsoft SQL Server 2005 Tools Express Edition
    Microsoft SQL Server Native Client
    Microsoft SQL Server Setup Support Files (English)
    Microsoft SQL Server VSS Writer
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    MSXML 4.0 SP2 (KB941833)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Picasa 2
    PlayReady PC runtime
    QuickTime
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealPlayer
    Realtek 8136 8168 8169 Ethernet Driver
    Realtek High Definition Audio Driver
    Realtek USB 2.0 Card Reader
    Realtek WiFi Protected Setup Library
    Realtek WLAN Driver
    RealUpgrade 1.1
    ResearchSoft Direct Export Helper
    Roll
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188)
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2827329) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2827329) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
    Security Update for Microsoft Office Outlook 2007 (KB2825644) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2827330) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2827330) 32-Bit Edition
    Skype Click to Call
    Skype&#8482; 6.7
    Sophos Virus Removal Tool
    Synaptics Pointing Device Driver
    Telstra USB+Wi-Fi Hostless Modem
    Titanium Maximum Security
    TOSHIBA Assist
    TOSHIBA ConfigFree
    TOSHIBA Disc Creator
    TOSHIBA DVD PLAYER
    TOSHIBA eco Utility
    TOSHIBA eco Utility
    TOSHIBA Extended Tiles for Windows Mobility Center
    TOSHIBA Face Recognition
    TOSHIBA Face Recognition
    TOSHIBA Flash Cards Support Utility
    TOSHIBA Flash Cards Support Utility
    TOSHIBA Hardware Setup
    TOSHIBA Hardware Setup
    TOSHIBA HDD/SSD Alert
    TOSHIBA HDD/SSD Alert
    TOSHIBA Internal Modem Region Select Utility
    TOSHIBA PC Health Monitor
    TOSHIBA Recovery Disc Creator
    TOSHIBA SD Memory Utilities
    TOSHIBA Service Station
    TOSHIBA Software Modem
    TOSHIBA Speech System Applications
    TOSHIBA Speech System SR Engine(U.S.) Version1.0
    TOSHIBA Speech System TTS Engine(U.S.) Version1.0
    TOSHIBA Supervisor Password
    TOSHIBA Supervisor Password
    TOSHIBA Value Added Package
    TOSHIBA Web Camera Application
    Update for 2007 Microsoft Office System (KB967642)
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
    Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2825642) 32-Bit Edition
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update for Microsoft Office Word 2007 Help (KB963665)
    VLC media player 1.0.1
    WildTangent Games
    WinRAR 4.20 (32-bit)
    World of Warcraft

    Hope This all helps

    Georgina
     
  6. blues_harp28

    blues_harp28 Trusted Advisor

    Joined:
    Jan 9, 2005
    Messages:
    18,425
    You have a lot of programs, applications running at start up - 04 in the Hjt log, that do not need to run.
    While I research some of them - do the following.

    Start > Search > Type
    msconfig
    In msconfig - Start up tab.
    Untick all these entries.

    Web Camera Application\TWebCamera.exe" autorun

    C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    C:\Program Files\iTunes\iTunesHelper.exe

    C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

    C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

    C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

    C:\Program Files\Windows Media Player\WMPNSCFG.exe

    [Facebook Update] "C:\Users\Georgina\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

    C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun

    C:\Program Files\Windows Media Player\WMPNSCFG.exe

    C:\Users\Georgina\AppData\Roaming\Dropbox\bin\Dropbox.exe


    Apply > Ok > Restart your Pc.

    The System Configuration Utility box will appear on retstart - saying changes have been made.
    Tick the box on the lower left and then OK.

    Any entry can be re-enabled using msconfig - if it needs to be
    http://netsquirrel.com/msconfig/index.html
    ======
    Quote.
    "In Processes, ftgrrifc.exe from AppData-Roaming takes up 40-50% of my CPU usage"

    ftgrrifc.exe
    Check the spelling of the above - I can find no reference to it.
    ======
    Download SuperAntiSpyware to your desktop.
    Download the Free version.
    SuperAntiSpyware

    Once downloaded to your desktop.
    Close all open browser windows.

    Click on the install icon - allow it to update during the install process.
    Select the Quick Scan option.
    Click Scan your Computer.
    Any infections or problems will be highlighted in red.
    After the scan is finished.
    Click Continue.
    Check that everything is listed.
    Click Remove Threats.
    Click OK - then click Finish
    You may be prompted to restart to finish the removal process.
    If Yes - restart your Pc.

    Start SuperAntiSpyware again.
    Click View Scan Logs.
    Highlight the scan log entry.
    Click - View Selected Log.
    The scan log will appear in Notepad.
    Copy and paste in your next post.
     
  7. gking13

    gking13 Thread Starter

    Joined:
    Nov 24, 2013
    Messages:
    14
    Yeah, I have quite a lot of files. I did delete the Game house collection files, but they are still showing up, so I’ve done something there it seems.
    But, I’ve unticked the suggested entries.
    And it is defiantly ftgrrifc.exe I had originally googled it to see what the hell it was, and I also found nothing.

    Ran SuperAntiSpyware – holy crap!

    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 11/26/2013 at 09:04 PM

    Application Version : 5.6.1042

    Core Rules Database Version : 10902
    Trace Rules Database Version: 8714

    Scan type : Quick Scan
    Total Scan Time : 00:15:04

    Operating System Information
    Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
    UAC Off - Administrator

    Memory items scanned : 825
    Memory threats detected : 0
    Registry items scanned : 30735
    Registry threats detected : 0
    File items scanned : 6984
    File threats detected : 180

    Adware.Tracking Cookie
    C:\Users\Georgina\AppData\Roaming\Microsoft\Windows\Cookies\J7P0VP18.txt [ /serving-sys.com ]
    C:\Users\Georgina\AppData\Roaming\Microsoft\Windows\Cookies\NPW6G015.txt [ /oracle.112.2o7.net ]
    C:\Users\Georgina\AppData\Roaming\Microsoft\Windows\Cookies\UI8E51I3.txt [ /doubleclick.net ]
    C:\USERS\GEORGINA\AppData\Roaming\Microsoft\Windows\Cookies\Low\L0A9ARWY.txt [ Cookie:[email protected]/ ]
    C:\USERS\GEORGINA\AppData\Roaming\Microsoft\Windows\Cookies\Low\9UFCNZZN.txt [ Cookie:[email protected]/ ]
    C:\USERS\GEORGINA\AppData\Roaming\Microsoft\Windows\Cookies\Low\52M8GOMO.txt [ Cookie:[email protected]/ ]
    C:\USERS\GEORGINA\AppData\Roaming\Microsoft\Windows\Cookies\Low\NFLEMMJ9.txt [ Cookie:[email protected]/ ]
    C:\USERS\GEORGINA\AppData\Roaming\Microsoft\Windows\Cookies\Low\IR5JEC66.txt [ Cookie:[email protected]/ ]
    C:\USERS\GEORGINA\AppData\Roaming\Microsoft\Windows\Cookies\Low\J04OOXVP.txt [ Cookie:[email protected]/ ]
    C:\USERS\GEORGINA\AppData\Roaming\Microsoft\Windows\Cookies\Low\FEQ2O16U.txt [ Cookie:[email protected]/hc/19357552 ]
    C:\USERS\GEORGINA\AppData\Roaming\Microsoft\Windows\Cookies\Low\CGT55TAY.txt [ Cookie:[email protected]/ ]
    C:\USERS\GEORGINA\AppData\Roaming\Microsoft\Windows\Cookies\Low\93O9LB2L.txt [ Cookie:[email protected]/ ]
    C:\USERS\GEORGINA\AppData\Roaming\Microsoft\Windows\Cookies\Low\EFDX5WZS.txt [ Cookie:[email protected]/ ]
    C:\USERS\GEORGINA\AppData\Roaming\Microsoft\Windows\Cookies\Low\PFXN41AX.txt [ Cookie:[email protected]/a1/ ]
    C:\USERS\GEORGINA\AppData\Roaming\Microsoft\Windows\Cookies\Low\RHLC6YRK.txt [ Cookie:[email protected]/ ]
    C:\USERS\GEORGINA\AppData\Roaming\Microsoft\Windows\Cookies\Low\NCPO11SC.txt [ Cookie:[email protected]/ ]
    C:\USERS\GEORGINA\AppData\Roaming\Microsoft\Windows\Cookies\Low\Z2YN3U2S.txt [ Cookie:[email protected]/pagead/conversion/1036980325/ ]
    C:\USERS\GEORGINA\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZP8QQ83Q.txt [ Cookie:[email protected]/ ]
    C:\USERS\GEORGINA\AppData\Roaming\Microsoft\Windows\Cookies\Low\Z1UBLCVN.txt [ Cookie:[email protected]/ ]
    C:\USERS\GEORGINA\AppData\Roaming\Microsoft\Windows\Cookies\Low\2AA4UVGY.txt [ Cookie:[email protected]/ ]
    C:\USERS\GEORGINA\AppData\Roaming\Microsoft\Windows\Cookies\Low\VCH8E2H2.txt [ Cookie:[email protected]/ ]
    C:\USERS\GEORGINA\AppData\Roaming\Microsoft\Windows\Cookies\Low\KEPRGNFJ.txt [ Cookie:[email protected]/ ]
    C:\USERS\GEORGINA\AppData\Roaming\Microsoft\Windows\Cookies\Low\JU77DFU1.txt [ Cookie:[email protected]/ ]
    C:\USERS\GEORGINA\AppData\Roaming\Microsoft\Windows\Cookies\Low\SIHAGKYI.txt [ Cookie:[email protected]/ ]
    C:\USERS\GEORGINA\AppData\Roaming\Microsoft\Windows\Cookies\Low\3Y95KB1N.txt [ Cookie:[email protected]/ ]
    C:\USERS\GEORGINA\AppData\Roaming\Microsoft\Windows\Cookies\Low\NUWLXAZE.txt [ Cookie:[email protected]/ ]
    C:\USERS\GEORGINA\AppData\Roaming\Microsoft\Windows\Cookies\Low\R9RA99FJ.txt [ Cookie:[email protected]2o7.net/ ]
    C:\USERS\GEORGINA\AppData\Roaming\Microsoft\Windows\Cookies\Low\I8JJYE0S.txt [ Cookie:[email protected]/ ]
    C:\USERS\GEORGINA\AppData\Roaming\Microsoft\Windows\Cookies\Low\TFD6F0C6.txt [ Cookie:[email protected]/ ]
    C:\USERS\GEORGINA\AppData\Roaming\Microsoft\Windows\Cookies\Low\QYQH86AW.txt [ Cookie:[email protected]/ ]
    C:\USERS\GEORGINA\AppData\Roaming\Microsoft\Windows\Cookies\Low\WBRDMOFU.txt [ Cookie:[email protected]/ ]
    C:\USERS\GEORGINA\Cookies\J7P0VP18.txt [ Cookie:[email protected]/ ]
    C:\USERS\GEORGINA\Cookies\NPW6G015.txt [ Cookie:[email protected]/ ]
    C:\USERS\GEORGINA\Cookies\UI8E51I3.txt [ Cookie:[email protected]/ ]
    C:\USERS\GUEST\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/ ]
    C:\USERS\GUEST\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie:[email protected]/ ]
    C:\USERS\GUEST\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/ ]
    C:\USERS\GUEST\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/ ]
    C:\USERS\GUEST\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie:[email protected]/pagead/conversion/1039898322/ ]
    C:\Users\Georgina\AppData\Roaming\Microsoft\Windows\Cookies\Low\MJ4CHTSC.txt [ /advertising.copacet.com ]
    C:\Users\Georgina\AppData\Roaming\Microsoft\Windows\Cookies\Low\SY6K573F.txt [ /burstnet.com ]
    C:\Users\Georgina\AppData\Roaming\Microsoft\Windows\Cookies\Low\5YMROVUH.txt [ /accounts.google.com ]
    C:\Users\Georgina\AppData\Roaming\Microsoft\Windows\Cookies\Low\4QQGKFVY.txt [ /macromedia.com ]
    C:\Users\Georgina\AppData\Roaming\Microsoft\Windows\Cookies\Low\HN6PD646.txt [ /tribalfusion.com ]
    accounts.google.com [ C:\USERS\GEORGINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .doubleclick.net [ C:\USERS\GEORGINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .atdmt.com [ C:\USERS\GEORGINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ad.yieldmanager.com [ C:\USERS\GEORGINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ad.yieldmanager.com [ C:\USERS\GEORGINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .invitemedia.com [ C:\USERS\GEORGINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .invitemedia.com [ C:\USERS\GEORGINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .saymedia.com [ C:\USERS\GEORGINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .saymedia.com [ C:\USERS\GEORGINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .srv1.mediads.info [ C:\USERS\GEORGINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .saymedia.com [ C:\USERS\GEORGINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ru4.com [ C:\USERS\GEORGINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .saymedia.com [ C:\USERS\GEORGINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ad.yieldmanager.com [ C:\USERS\GEORGINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ad.yieldmanager.com [ C:\USERS\GEORGINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .invitemedia.com [ C:\USERS\GEORGINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .advertising.com [ C:\USERS\GEORGINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adnetwork.net [ C:\USERS\GEORGINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ad.zanox.com [ C:\USERS\GEORGINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ads.advertdigital.com [ C:\USERS\GEORGINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .imrworldwide.com [ C:\USERS\GEORGINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .imrworldwide.com [ C:\USERS\GEORGINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ads.advertdigital.com [ C:\USERS\GEORGINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ads.advertdigital.com [ C:\USERS\GEORGINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ads.advertdigital.com [ C:\USERS\GEORGINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ads.advertdigital.com [ C:\USERS\GEORGINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .media-servers.net [ C:\USERS\GEORGINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    mshakers.rotator.hadj7.adjuggler.net [ C:\USERS\GEORGINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    yorick.adjuggler.net [ C:\USERS\GEORGINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .serving-sys.com [ C:\USERS\GEORGINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .serving-sys.com [ C:\USERS\GEORGINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    yorick.adjuggler.net [ C:\USERS\GEORGINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .burstnet.com [ C:\USERS\GEORGINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .burstnet.com [ C:\USERS\GEORGINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adtechus.com [ C:\USERS\GEORGINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .smartadserver.com [ C:\USERS\GEORGINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .smartadserver.com [ C:\USERS\GEORGINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .smartadserver.com [ C:\USERS\GEORGINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .legolas-media.com [ C:\USERS\GEORGINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adserverplus.com [ C:\USERS\GEORGINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .creafi-online-media.com [ C:\USERS\GEORGINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .apmebf.com [ C:\USERS\GEORGINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .mediaplex.com [ C:\USERS\GEORGINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .statcounter.com [ C:\USERS\GEORGINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    www.googleadservices.com [ C:\USERS\GEORGINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .at.atwola.com [ C:\USERS\GEORGINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .1sadx.net [ C:\USERS\GEORGINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .bs.serving-sys.com [ C:\USERS\GEORGINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    mshakers.rotator.hadj7.adjuggler.net [ C:\USERS\GEORGINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    yt.jobfindgold.info [ C:\USERS\GEORGINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    yt.jobfindgold.info [ C:\USERS\GEORGINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    yt.jobfindgold.info [ C:\USERS\GEORGINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .media6degrees.com [ C:\USERS\GEORGINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .media6degrees.com [ C:\USERS\GEORGINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ru4.com [ C:\USERS\GEORGINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .media6degrees.com [ C:\USERS\GEORGINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .media6degrees.com [ C:\USERS\GEORGINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    track.adform.net [ C:\USERS\GEORGINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    www.googleadservices.com [ C:\USERS\GEORGINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ad.yieldmanager.com [ C:\USERS\GEORGINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ad.yieldmanager.com [ C:\USERS\GEORGINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ad.yieldmanager.com [ C:\USERS\GEORGINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .serving-sys.com [ C:\USERS\GEORGINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    rbv.jobfindgold.info [ C:\USERS\GEORGINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    rbv.jobfindgold.info [ C:\USERS\GEORGINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    rbv.jobfindgold.info [ C:\USERS\GEORGINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .advertising.com [ C:\USERS\GEORGINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    socialitemedia.biz [ C:\USERS\GEORGINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .weborama.fr [ C:\USERS\GEORGINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .hearstdigital.122.2o7.net [ C:\USERS\GEORGINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .creafi-online-media.com [ C:\USERS\GEORGINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adlooxtracking.com [ C:\USERS\GEORGINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .weborama.fr [ C:\USERS\GEORGINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .aimfar.solution.weborama.fr [ C:\USERS\GEORGINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .atdmt.com [ C:\USERS\GEORGINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .amazon-adsystem.com [ C:\USERS\GEORGINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .amazon-adsystem.com [ C:\USERS\GEORGINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .burstnet.com [ C:\USERS\GEORGINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .srv1.mediads.info [ C:\USERS\GEORGINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ox-d.rocketadserver.com [ C:\USERS\GEORGINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .collective-media.net [ C:\USERS\GEORGINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .networkadvertising.org [ C:\USERS\GEORGINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .networkadvertising.org [ C:\USERS\GEORGINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .networkadvertising.org [ C:\USERS\GEORGINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .networkadvertising.org [ C:\USERS\GEORGINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .mediaforge.com [ C:\USERS\GEORGINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .oracle.112.2o7.net [ C:\USERS\GEORGINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .atdmt.com [ C:\USERS\GEORGINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .c1.atdmt.com [ C:\USERS\GEORGINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .cmp.112.2o7.net [ C:\USERS\GEORGINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .estat.com [ C:\USERS\GEORGINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .xiti.com [ C:\USERS\GEORGINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .xiti.com [ C:\USERS\GEORGINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .kontera.com [ C:\USERS\GEORGINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    tracking.servebom.com [ C:\USERS\GEORGINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .collective-media.net [ C:\USERS\GEORGINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .tribalfusion.com [ C:\USERS\GEORGINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .advertising.com [ C:\USERS\GEORGINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .saymedia.com [ C:\USERS\GEORGINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    accounts.google.com [ C:\USERS\GEORGINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .microsoftsto.112.2o7.net [ C:\USERS\GEORGINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    www.googleadservices.com [ C:\USERS\GEORGINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .invitemedia.com [ C:\USERS\GEORGINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .lucidmedia.com [ C:\USERS\GEORGINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .revsci.net [ C:\USERS\GEORGINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .casalemedia.com [ C:\USERS\GEORGINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .revsci.net [ C:\USERS\GEORGINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .revsci.net [ C:\USERS\GEORGINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .revsci.net [ C:\USERS\GEORGINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .serving-sys.com [ C:\USERS\GEORGINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .casalemedia.com [ C:\USERS\GEORGINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .casalemedia.com [ C:\USERS\GEORGINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .casalemedia.com [ C:\USERS\GEORGINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .casalemedia.com [ C:\USERS\GEORGINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .casalemedia.com [ C:\USERS\GEORGINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .pro-market.net [ C:\USERS\GEORGINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .pro-market.net [ C:\USERS\GEORGINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .pro-market.net [ C:\USERS\GEORGINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .pro-market.net [ C:\USERS\GEORGINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    accounts.google.com [ C:\USERS\GEORGINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    accounts.google.com [ C:\USERS\GEORGINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .doubleclick.net [ C:\USERS\GEORGINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .elitedaily.com [ C:\USERS\GEORGINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .elitedaily.com [ C:\USERS\GEORGINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .elitedaily.com [ C:\USERS\GEORGINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .elitedaily.com [ C:\USERS\GEORGINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .elitedaily.com [ C:\USERS\GEORGINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .elitedaily.com [ C:\USERS\GEORGINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    app.videostat.com [ C:\USERS\GEORGINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    app.videostat.com [ C:\USERS\GEORGINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .videostat.com [ C:\USERS\GEORGINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .serving-sys.com [ C:\USERS\GEORGINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .mediaplex.com [ C:\USERS\GEORGINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .questionmarket.com [ C:\USERS\GEORGINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .questionmarket.com [ C:\USERS\GEORGINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .pcworldcommunication.122.2o7.net [ C:\USERS\GEORGINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

    Cheers
     
  8. blues_harp28

    blues_harp28 Trusted Advisor

    Joined:
    Jan 9, 2005
    Messages:
    18,425
    Adobe Flash Player 10 out of Date!
    http://get.adobe.com/flashplayer/?no_redirect
    Untick the free McAfee scan before downloading Adobe

    Adobe reader 9 out of Date!
    http://get.adobe.com/reader/
    Untick the free McAfee scan before downloading Adobe
    ======
    ======
    Download Junkware Removal Tool

    Shutdown your antivirus to avoid any conflicts.
    Right-mouse click JRT.exe and select Run as administrator.
    The tool will open and start scanning your system.
    Please be patient as this can take a while to complete.
    On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    Post the contents of JRT.txt into your next message.
    ======
    ======
    I'm concerned about this that is showing in the roaming files in the Hjt log
    C:\Users\Georgina\AppData\Roaming\jvhiagvi\ftgrrifc.exe

    I am asking for your post to be checked by one of our Malware Experts - they may ask you to run other scans on your Pc
     
  9. Mark1956

    Mark1956 Malware Specialist

    Joined:
    May 7, 2011
    Messages:
    14,142
    Please continue with all instructions posted by Blues Harp28.

    We need to check a suspicious file.

    Go to one of the following online services that analyzes suspicious files:

    In the "File to Scan" (Upload or Submit) box, click the "browse" button and locate the following file:

    C:\Users\Georgina\AppData\Roaming\jvhiagvi\ftgrrifc.exe <- this file

    Click "Open", then click the "Submit" button. If you get a message saying "File has already been analyzed", click Reanalyze or Scan again.
    -- Post back with the results of the file analysis in your next reply.
     
  10. gking13

    gking13 Thread Starter

    Joined:
    Nov 24, 2013
    Messages:
    14
    Okay dokay. Updated the Adobe programs.
    Ran the JRT below:
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.0.8 (11.05.2013:1)
    OS: Windows Vista (TM) Home Premium x86
    Ran by Georgina on Wed 27/11/2013 at 8:49:11.18
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys



    ~~~ Files



    ~~~ Folders



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Wed 27/11/2013 at 9:00:22.94
    End of JRT log

    Then went to JottisVirus Scan. I had to unhide protected operating system files to see the bloody folder.

    Filename: ftgrrifc.exe
    Status:
    Scan finished. 15 out of 23 scanners reported malware.
    Scan taken on: Tue 26 Nov 2013 23:48:52 (CET) Permalink
    File size: 105984 bytes
    Filetype: PE32 executable (GUI) Intel 80386, for MS Windows
    MD5: f5dd0e381cfeb1ae9d066b8d49cb3f4d
    SHA1: 0c80dbf5694b159b2462ac6ab41f0ea75092dcb9

    Lavasoft Ad-Aware
    2013-11-26 Gen:Variant.Kazy.181333
    Fortinet
    2013-11-26 W32/INJECT.CXH!tr
    Agnitum
    2013-11-26 Trojan.Injector!uE/ab0ZK7BU
    Frisk F-Prot Antivirus
    2013-11-26 Found nothing
    ArcaVir
    2013-11-26 Found nothing
    F-Secure Anti-Virus
    2013-11-26 Gen:Variant.Kazy.181333
    Avast! antivirus
    2013-11-26 Win32:Sazoora-D
    G DATA
    2013-11-26 Gen:Variant.Kazy.181333
    Grisoft AVG Anti-Virus
    2013-11-26 Downloader.Generic13.AXCC
    Ikarus
    2013-11-26 Trojan.Win32.Stardo
    Avira AntiVir
    2013-11-26 TR/Injector.bdc
    Kaspersky Anti-Virus
    2013-11-26 Trojan.Win32.Stardo.f
    Softwin BitDefender
    2013-11-26 Gen:Variant.Kazy.181333
    Panda Antivirus
    2013-11-26 Found nothing
    ClamAV
    2013-11-26 Found nothing
    Quick Heal
    2013-11-26 Found nothing
    CPsecure
    2013-11-26 Found nothing
    Sophos
    2013-11-26 Found nothing
    Dr.Web
    2013-11-26 Found nothing
    Trend Micro Antivirus
    2013-11-26 TROJ_INJECT.CXH
    MicroWorld eScan
    2013-11-26 Gen:Variant.Kazy.181333
    VirusBlokAda VBA32
    2013-11-26 Malware-Cryptor.Inject.gen
    ESET
    2013-11-26 Win32/Injector.AHJZ

    Here we go.
    Cheers
     
  11. blues_harp28

    blues_harp28 Trusted Advisor

    Joined:
    Jan 9, 2005
    Messages:
    18,425
    You will have to hide protected operating system files and turn on User Account Control later on - but we can come back to that.

    But Mark will have to make suggestions on the result of the JottisVirus Scan.
     
  12. gking13

    gking13 Thread Starter

    Joined:
    Nov 24, 2013
    Messages:
    14
    Yeah, i'll defiantly hide the files and turn the account control on. I don't want to make things worse! :D
    Thanks so much for your help so far!
     
  13. Mark1956

    Mark1956 Malware Specialist

    Joined:
    May 7, 2011
    Messages:
    14,142
    The Jotti scan results are fairly conclusive that the file is bad. As the folder containing it also has a dubious name which gives no results on Google apart from this thread, we will take out the entire folder.

    Follow these instructions and then let us know how well the system is running. I'm turning in now as it is nearly 1am here, I'll review your reply in the morning.

    Please download OTM by OldTimer. Save it to your desktop.

    Double click OTM.exe to start the tool.

    • Copy the text in the code box below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    Code:
    :Processes
    explorer.exe
    :Files
    C:\Users\Georgina\AppData\Roaming\jvhiagvi
    :Commands
    [createrestorepoint]
    [emptyflash]
    [emptytemp]
    [resethosts]
    [reboot]
    
    • Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
    • Click the red Moveit! button.
    • All your desktop icons will disappear as the scan begins. It should complete within a few minutes.
    • Once complete you may see a box appear asking you to Restart the system to complete the file removal, accept it and it will reboot.
    • Even if that box does not appear the system should reboot as the command is included in the script.
    • When the system has come back to the desktop a Notepad document will open, please copy and paste that into your next post.

      -- Note: The logs are saved here: C:\_OTM\MovedFiles
    ===========================================================================


    Once that is done I would suggest a deep Anti Virus online scan, this will check every file on your system, but as it can often find false positives make quite sure you follow the instructions so that it does not remove anything and post the report for review.


    Eset online scan instructions.
    IMPORTANT ---> Please make sure you follow the instruction to uncheck the box next to Remove found threats. Eset will detect anything that looks even remotely suspicious, this can include legitimate program files. If you do not uncheck the box, as instructed, Eset will automatically remove all suspect files which could leave some of your software inoperative. If you make a mistake these files can be restored from quarantine, but it would be preferable not to add any extra work to the clean up of your system.

    • Disable your existing Anti Virus following these instructions.
    • Please go here to use the Eset Online Scanner.
    • When the web page opens click on this button [​IMG]
    • If you are not using Internet Explorer you will see a message box open asking you to to download the ESET Smart Installer, click on the link and allow it to download and then run it. Accept the Terms of use and click on Start. The required components will download.
    • If using Internet Explorer the Terms of use box will open immediately, accept it and click on Start.
    • After the download is complete the Computer scan settings window will open, IMPORTANT ----> uncheck the box next to Remove found threats and click on Start. The virus signature database will then download which may take some time depending on the speed of your internet connection. The scan will automatically start when the download is complete.
    • This is a very thorough scan and may take several hours to complete depending on how much data you have on your hard drive. Do not interrupt it, be patient and let it finish.
    • A Scan Results window will appear at the end of the scan. If it lists any number of Infected Files click on List of found threats. Click on Copy to clipboard, come back to this thread and right click on the message box. Select Paste and the report will appear, add any comments you have and post the reply.
    • Back on the Eset window, click the Back button and then click on Finish.
     
  14. gking13

    gking13 Thread Starter

    Joined:
    Nov 24, 2013
    Messages:
    14
    When the computer started again, i got this post

    Disk0
    Your HDD is working properly.
    Still, it is highly recommended to always make back-up copies of data by periodically storing it on an external storage medium, to avoid risk of lost data under normal operation of your PC.

    I do back up my laptop, but after all this, i think it might pay to do another backup soon me thinks!

    My CPU usage is down. I had two google chrome windows open, and my cpu usage only occasionally hit up to 54%
    I tried playing 'realm of the mad god' and it ran faster than normally. I had less jittering in World of Warcraft too. I still can't play them very well, but that may be my internet connection. IE and chrome load faster. so it's def going in the right direction.

    OTM:

    All processes killed
    ========== PROCESSES ==========
    No active process named explorer.exe was found!
    ========== FILES ==========
    C:\Users\Georgina\AppData\Roaming\jvhiagvi folder moved successfully.
    ========== COMMANDS ==========
    Restore point Set: OTM Restore Point

    [EMPTYFLASH]

    User: All Users

    User: Default

    User: Default User

    User: Georgina
    ->Flash cache emptied: 23181 bytes

    User: Guest
    ->Flash cache emptied: 731 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Georgina
    ->Temp folder emptied: 229260568 bytes
    ->Temporary Internet Files folder emptied: 1538126960 bytes
    ->Java cache emptied: 4697037 bytes
    ->Google Chrome cache emptied: 405388242 bytes
    ->Flash cache emptied: 0 bytes

    User: Guest
    ->Temp folder emptied: 380480 bytes
    ->Temporary Internet Files folder emptied: 30926427 bytes
    ->Flash cache emptied: 0 bytes

    User: Public

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 533306168 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 7463180 bytes
    RecycleBin emptied: 95678 bytes

    Total Files Cleaned = 2,622.00 mb

    C:\Windows\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully

    OTM by OldTimer - Version 3.1.21.0 log created on 11272013_103328

    ESET scan:

    C:\AdwCleaner\Quarantine\C\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Extensions\dohjbikodjekdjnjpoiokfclnplgnang\1\51db8081b764a6.09293898.js.vir Win32/Adware.MultiPlug.H application
    C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nefjigehkcmcnenigbkoeaibngcjbafl\1\51db8036a31137.67558066.js Win32/Adware.MultiPlug.H application
    C:\_OTM\MovedFiles\11272013_103328\C_Users\Georgina\AppData\Roaming\jvhiagvi\ftgrrifc.exe a variant of Win32/Injector.AHJZ trojan

    Its burning hot here in sunny adelaide, so enjoy your sleep!!
    cheers!
     
  15. Mark1956

    Mark1956 Malware Specialist

    Joined:
    May 7, 2011
    Messages:
    14,142
    Glad to hear things have improved, we just need to take out one of the files found by Eset, the other two items it found are already in quarantine.

    Run OTM in exactly the same way you did before and use this script, this time it will remove all your old restore points and create a new clean one.

    Code:
    :Processes
    explorer.exe
    
    :Files
    C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nefjigehkcmcnenigbkoeaibngcjbafl\1\51db8036a31137.67558066.js
    :Commands
    [createrestorepoint]
    [clearallrestorepoints]
    [reboot]
    
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1113818

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice