Jump to content

Search the Community

Showing results for tags 'blocked'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

  1. Hello, I scanned according to your instructions with Farbar. Meanwhile, Maleware has found two DNS Changer -threats, which are put in quarantine. - Hanna FRST_21-03-2015_00-28-45.txtAddition_21-03-2015_00-28-43.txt
  2. So, whenever I open my web browser (Opera, ADBLOCKER installed), malewarebytes pops up and tells me: IP address 91.194.254.105 is blocked Type: Outbound Process: Windows/system32/svchost.exe Sometimes I don't even need to open the browser, and it still keeps on telling me over and over again that the IP address is blocked. The same thing happens e.g. when I switch from one tab to another etc. I have scanned multiple times with different programmes (Kaspersky TDSSKiller, Hitman, Avira, and ofc malwarebytes and I even used CCleaner), but none of them found anything. Since I have read about DNS changing viruses disguising as svchost.exe, I've scanned the file just to make sure, still nothing. The IP address belongs to DIMLINE Ltd. from Austria. I guess I will have to send them a report? Since I don't really know about all the technical stuff and what to search for, I'm getting really desperate. Especially since it's hard to take in so much information reading as many posts as possible here on the forum. Apparently, similar things have happened to others, but I couldn't find any clear instructions. Thank you so much for your help! I don't want to throw my laptop in the bin just yet
  3. Hello, Im very new to this software so please forgive me, but im constantly recieving "Malicious Website Blocked" notifications one after the other. Here are the details: The Type is Inbound The proccess is C:\Windows\System32\svchost.exe The IP address is 187.217.198.114 The port is 52150 These details are the same everytime. I have disconnect myself from the internet, stopped MBAM, ran MBAR as administrator then re-enabled everything. Everything is coming back clean though? Any ideas?
  4. Hello! I've gone and followed this guide here: https://forums.malwarebytes.org/index.php?/topic/119858-available-assistance-for-possibly-infected-computers/ Like the title says, i'm getting annoying pop-op messages about outgoing and ingoing IP's getting blocked. It's mostly the same IP's. I've tried to track down the location of the IP's, and i've tracked one down to Egypt in Africa.... I have no idea what info it wants to send over there. If someone could help me getting rid of these pop-ups or something, then i would be very thankful. OS: Windows 8.1 Addition.txt FRST.txt
  5. My Server is somehow blocked by Malwarebytes. Some people can't connect on my teamspeak: ts3.teamsolid.net I just have this new ip. Hopefully it can be unblocked. Thank you SolidRedRum
  6. Hello yesterday those popups began to appear out of nowhere. MB keeps blocking inbound/outbound connections of svchost.exe. Already checked what information you guys need. Disabled all p2p things and i havent pirated any software so that should be okay. Will post Malwarebytes and TDSSKiller logs asap.
  7. I like the Malicious Website Block feature. I just wish I could not be warned after the first per-session attempt from a site/port/direction. In other words, I'm requesting options dealing with how often I have to see the popup window.
  8. Malwarebytes Anti-Malware blocks the download of Genymotion. Genymotion is a featured Android virtual appliances resource for Virtualbox. I tried this on test machine and nothing bad appeared to happen. Prequisites to test the application: -Download and install Virtualbox (Genymotion prequisite to work) -Create a NAT Network in Virtualbox (only if you need to test an appliance; Genymotion virtual machines won't boot when launched from Genymotion application without any NAT network to join to; launching VM from Genymotion is needed for features such as OpenGL ES emulation); Steps to reproduce are shown in the videos attached. Part 1 is before login/sign up, part 2 is after. I had to compress them in a single file.
  9. I have the latest premium version of your program. Recently, perhaps after it upgraded, I have been getting constant (every second or two) popups saying a malicious website was blocked -- over and over again. Outbound sites including Joye-Luck.com are shown over and over again as being blocked. Why do I need to see this thousands of times - or at all? These popups so annoying that I have had to shut off malicious website blocking - even though I would prefer to have it on. Before doing that I have spent over three hours using various AV, anti-rootkit, cleaners & removal tools to try to eliminate the sources. I feel that your next revision should have a setting option to allow the protection while not showing the popups for malicious website blocking. If checked it would still display other threats. The popups are huge and distracting about 4"x4" on my 23" screen. They should be made smaller. What can be done to help? Thank you.
  10. Hi I ran a quick scan and found 2 files that started Trojan.ransom.gend, I then restarted my computer but was unable to access malwarebytes or Avast. I received a message saying that the files were blocked. I could not re-install malwarebytes etc. However, I was able to restore my computer to a previous date and then update to the latest malwarebytes and run a full scan. Have I managed to get rid of this virus fully? I attach the FRST and Addition logs for your perusal. Although a competent MSOffice user I am a novice at how computers work so please explain things carefully if I need to follow further instructions. Hoping someone can assist me. Thank you! Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:25-05-2014 01 Ran by Linda Austin (administrator) on LINDAAUSTIN-PC on 25-05-2014 18:05:26 Running from C:\Users\Linda Austin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UNHE9ZD0 Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English(US) Internet Explorer Version 9 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Agere Systems) C:\Windows\System32\agrsmsvc.exe (TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe () C:\Program Files\TOSHIBA\Utilities\KeNotify.exe (Realtek Semiconductor) C:\Windows\RtHDVCpl.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe (Interactive Digital Media) C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Toshiba) C:\Program Files\TOSHIBA\Registration\ToshibaRegistration.exe (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (TOSHIBA) C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynToshiba.exe (TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe (Microsoft Corporation) C:\Program Files\Windows Mail\WinMail.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_11_9_900_117_ActiveX.exe (Microsoft Corporation) C:\Windows\System32\wuauclt.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-18] (Microsoft Corporation) HKLM\...\Run: [KeNotify] => C:\Program Files\TOSHIBA\Utilities\KeNotify.exe [34352 2006-11-06] () HKLM\...\Run: [sVPWUTIL] => C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe [438272 2006-03-22] (TOSHIBA) HKLM\...\Run: [HWSetup] => \HWSetup.exe hwSetUP HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4702208 2007-09-03] (Realtek Semiconductor) HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [411192 2007-03-29] (TOSHIBA Corporation) HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [55416 2006-12-07] (TOSHIBA Corporation) HKLM\...\Run: [smoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [509496 2007-04-03] (TOSHIBA Corporation) HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [538744 2007-05-22] (TOSHIBA Corporation) HKLM\...\Run: [NDSTray.exe] => NDSTray.exe HKLM\...\Run: [Desktop SMS] => C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe [1507328 2007-06-18] (Interactive Digital Media) HKLM\...\Run: [topi] => C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe [581632 2007-07-10] (TOSHIBA) HKLM\...\Run: [skytel] => C:\Windows\Skytel.exe [1826816 2007-08-03] (Realtek Semiconductor Corp.) HKLM\...\Run: [synTPStart] => C:\Program Files\Synaptics\SynTP\SynTPStart.exe [204800 2007-07-27] (Synaptics, Inc.) HKLM\...\Run: [Toshiba Registration] => C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe [571024 2007-02-19] (Toshiba) HKLM\...\Run: [iAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [174872 2007-02-12] (Intel Corporation) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3568312 2013-11-24] (AVAST Software) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-27] (Adobe Systems Incorporated) HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-21-3024585940-1028860982-1363955008-1000\...\Run: [TOSCDSPD] => C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [413696 2006-11-13] (TOSHIBA) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.uk/ HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co.uk SearchScopes: HKLM - DefaultScope {9778DFF1-C6C9-4E56-B409-2805DDCD21A1} URL = http://www.google.co.uk/search?q={searchTerms}&rls=com.microsoft:*:IE-SearchBox&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7; SearchScopes: HKLM - {9778DFF1-C6C9-4E56-B409-2805DDCD21A1} URL = http://www.google.co.uk/search?q={searchTerms}&rls=com.microsoft:*:IE-SearchBox&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7; SearchScopes: HKCU - DefaultScope {9778DFF1-C6C9-4E56-B409-2805DDCD21A1} URL = http://www.google.co.uk/search?q={searchTerms}&rls=com.microsoft:*:IE-SearchBox&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7;&rlz= SearchScopes: HKCU - {9778DFF1-C6C9-4E56-B409-2805DDCD21A1} URL = http://www.google.co.uk/search?q={searchTerms}&rls=com.microsoft:*:IE-SearchBox&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7;&rlz= BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 FireFox: ======== FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [] Chrome: ======= CHR HomePage: hxxp://start.mysearchdial.com/?f=1&a=dnldstr0103&cd=2XzuyEtN2Y1L1QzutDtDtC0Bzy0EyDyB0B0CzztB0AtAyDyCtN0D0Tzu0SyByDzztN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=1523163677&ir= CHR RestoreOnStartup: "hxxp://start.mysearchdial.com/?f=1&a=dnldstr0103&cd=2XzuyEtN2Y1L1QzutDtDtC0Bzy0EyDyB0B0CzztB0AtAyDyCtN0D0Tzu0SyByDzztN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=1523163677&ir=", "hxxp://www.google.com/" CHR DefaultSearchProvider: "name": "Mysearchdial" CHR Extension: (Google Docs) - C:\Users\Linda Austin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-24] CHR Extension: (Google Drive) - C:\Users\Linda Austin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-24] CHR Extension: (YouTube) - C:\Users\Linda Austin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-24] CHR Extension: (Google Search) - C:\Users\Linda Austin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-24] CHR Extension: (Google Wallet) - C:\Users\Linda Austin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-24] CHR Extension: (Gmail) - C:\Users\Linda Austin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-24] ========================== Services (Whitelisted) ================= R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2013-11-24] (AVAST Software) R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.) ==================== Drivers (Whitelisted) ==================== R2 aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [35656 2013-11-24] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2013-11-24] (AVAST Software) R1 AswRdr; C:\Windows\system32\drivers\aswRdr.sys [54832 2013-11-24] (AVAST Software) R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2013-11-24] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [774392 2013-11-24] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [403440 2013-11-24] (AVAST Software) R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57672 2013-11-24] (AVAST Software) R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [178304 2013-11-24] () S4 CplIR; C:\Windows\system32\DRIVERS\CplIR.SYS [14848 2007-03-06] (COMPAL ELECTRONIC INC.) R0 LPCFilter; C:\Windows\System32\DRIVERS\LPCFilter.sys [19456 2006-07-28] (COMPAL ELECTRONIC INC.) S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X] S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] S3 Tosrfcom; No ImagePath S3 TpChoice; system32\DRIVERS\TpChoice.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-05-25 18:04 - 2014-05-25 18:05 - 00000000 ____D () C:\FRST 2014-05-25 11:26 - 2014-03-08 00:20 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-05-25 11:26 - 2014-03-08 00:12 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-05-25 11:26 - 2014-03-08 00:03 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-05-25 11:26 - 2014-03-08 00:02 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-05-25 11:26 - 2014-03-08 00:02 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-05-25 11:26 - 2014-03-08 00:00 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-05-25 11:26 - 2014-03-07 23:59 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-05-25 11:26 - 2014-03-07 23:57 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-05-25 11:26 - 2014-03-07 23:57 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-05-25 11:26 - 2014-03-07 23:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-05-25 11:26 - 2014-03-07 23:54 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-05-25 11:26 - 2014-03-07 23:53 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-05-25 11:26 - 2014-03-07 23:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-05-25 11:25 - 2014-05-06 00:32 - 12347392 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-05-25 11:25 - 2014-05-06 00:14 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-05-25 11:25 - 2014-05-06 00:14 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-05-25 11:24 - 2013-10-11 03:08 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll 2014-05-25 11:24 - 2013-10-11 03:08 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx 2014-05-25 11:24 - 2013-10-11 03:08 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wshcon.dll 2014-05-25 11:24 - 2013-10-11 01:35 - 00155648 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe 2014-05-25 11:24 - 2013-10-11 01:35 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe 2014-05-25 11:23 - 2014-03-25 14:26 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-05-25 11:23 - 2014-02-07 11:38 - 02050560 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-05-25 11:23 - 2014-02-06 02:56 - 00894464 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2014-05-25 11:23 - 2014-02-03 11:37 - 00505344 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-05-25 11:23 - 2014-01-30 08:46 - 00876032 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll 2014-05-25 11:23 - 2013-12-05 03:12 - 01248768 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-05-25 11:23 - 2013-11-13 01:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-05-25 11:23 - 2013-10-30 03:12 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll 2014-05-25 11:23 - 2013-10-30 02:43 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys 2014-05-25 11:23 - 2013-10-30 01:43 - 00167936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys 2014-05-25 11:23 - 2013-10-22 08:19 - 00158208 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll 2014-05-25 11:05 - 2014-05-25 11:05 - 00000000 ____D () C:\Program Files\sweetpacks bundle uninstaller_CCleaner_1552246 ==================== One Month Modified Files and Folders ======= 2014-05-25 18:05 - 2014-05-25 18:04 - 00000000 ____D () C:\FRST 2014-05-25 18:01 - 2013-11-24 15:28 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-05-25 17:35 - 2006-11-02 11:33 - 00690960 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-05-25 17:30 - 2013-09-20 16:35 - 01707659 _____ () C:\Windows\WindowsUpdate.log 2014-05-25 17:27 - 2013-11-24 15:28 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-05-25 17:27 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-05-25 17:27 - 2006-11-02 13:47 - 00003568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2014-05-25 17:27 - 2006-11-02 13:47 - 00003568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2014-05-25 17:26 - 2006-11-02 14:01 - 00032646 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-05-25 12:51 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-05-25 11:54 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\rescache 2014-05-25 11:37 - 2006-11-02 13:47 - 00372920 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-05-25 11:35 - 2007-04-13 16:35 - 00000000 ____D () C:\Windows\system32\RTCOM 2014-05-25 11:29 - 2013-09-20 18:48 - 00000000 ____D () C:\Windows\system32\MRT 2014-05-25 11:05 - 2014-05-25 11:05 - 00000000 ____D () C:\Program Files\sweetpacks bundle uninstaller_CCleaner_1552246 2014-05-25 06:50 - 2013-09-20 21:15 - 00001878 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2014-05-25 06:45 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\Msdtc 2014-05-25 06:44 - 2013-11-17 17:51 - 00000000 ____D () C:\Program Files\CCleaner 2014-05-25 06:44 - 2013-09-20 16:55 - 00000000 ____D () C:\Users\Linda Austin 2014-05-25 06:44 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\spool 2014-05-25 06:44 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\registration 2014-05-25 06:44 - 2006-11-02 11:22 - 44040192 _____ () C:\Windows\system32\config\components_previous 2014-05-25 06:44 - 2006-11-02 11:22 - 31195136 _____ () C:\Windows\system32\config\software_previous 2014-05-25 06:44 - 2006-11-02 11:22 - 22806528 _____ () C:\Windows\system32\config\system_previous 2014-05-25 06:44 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\system32\config\security_previous 2014-05-25 06:44 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\system32\config\sam_previous 2014-05-25 06:44 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\system32\config\default_previous 2014-05-11 20:13 - 2013-10-01 18:09 - 00000000 ____D () C:\Users\Linda Austin\Documents\Home 2014-05-06 00:32 - 2014-05-25 11:25 - 12347392 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-05-06 00:14 - 2014-05-25 11:25 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-05-06 00:14 - 2014-05-25 11:25 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-05-04 17:14 - 2006-11-02 11:24 - 90547776 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\system32\winlogon.exe => MD5 is legit C:\Windows\system32\wininit.exe => MD5 is legit C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\services.exe => MD5 is legit C:\Windows\system32\User32.dll => MD5 is legit C:\Windows\system32\userinit.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-05-25 17:33 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x86) Version:25-05-2014 01 Ran by Linda Austin at 2014-05-25 18:05:51 Running from C:\Users\Linda Austin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UNHE9ZD0 Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installed Programs ====================== Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.9.900.117 - Adobe Systems Incorporated) Adobe Reader X (10.1.4) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.4 - Adobe Systems Incorporated) Atheros Driver Installation Program (HKLM\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 7.1 - Atheros) avast! Free Antivirus (HKLM\...\avast) (Version: 9.0.2008 - Avast Software) Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v5.10.06(T) - ) CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform) CD/DVD Drive Acoustic Silencer (HKLM\...\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}) (Version: 2.00.02 - TOSHIBA) Desktop SMS (HKLM\...\{5980B928-1C95-4B3E-957B-B02D8147FF9E}) (Version: 1.2.0 - IDM) DVD MovieFactory for TOSHIBA (HKLM\...\{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}) (Version: 5.3 - Ulead Systems, Inc.) Emdedded IR Driver (HKLM\...\InstallShield_{A6D4234C-CB02-4048-AC3E-AD09404FA35A}) (Version: 0.0.0.6C - Compal Electronics, Inc.) Emdedded IR Driver (Version: 0.0.0.6C - Compal Electronics, Inc.) Hidden Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.) Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden Intel Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - ) Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - ) Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation) Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation) Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden Microsoft Office 2000 Disc 2 (HKLM\...\{00040409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation) Microsoft Office 2000 Professional (HKLM\...\{00010409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft XML Parser (Version: 8.20.8730.4 - Microsoft Corporation) Hidden MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) myphotobook 3.1 (HKLM\...\myphotobook) (Version: 3.1 - myphotobook) Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek) Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5477 - Realtek Semiconductor Corp.) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 10.0.9.0 - Synaptics) Texas Instruments PCIxx21/x515/xx12 drivers. (HKLM\...\InstallShield_{DB780B85-B4B5-4864-A49C-9B706B169C93}) (Version: 2.00.0001 - Texas Instruments Inc.) TIPCI (Version: 2.00.0001 - Texas Instruments Inc.) Hidden TOSHIBA Assist (HKLM\...\{12B3A009-A080-4619-9A2A-C6DB151D8D67}) (Version: 2.01.02 - ) TOSHIBA ConfigFree (HKLM\...\{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}) (Version: 7.00.32 - TOSHIBA) TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.0.0.8 - TOSHIBA Corporation) TOSHIBA DVD PLAYER (HKLM\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 1.10.13 - TOSHIBA Corporation) TOSHIBA Extended Tiles for Windows Mobility Center (HKLM\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version: 1.01.00 - TOSHIBA Corporation) TOSHIBA Extended Tiles for Windows Mobility Center (Version: 1.01.00 - TOSHIBA Corporation) Hidden TOSHIBA Flash Cards Support Utility (HKLM\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.48.0.3C - TOSHIBA) TOSHIBA Flash Cards Support Utility (Version: 1.48.0.3C - TOSHIBA) Hidden TOSHIBA Hardware Setup (HKLM\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.48.0.11C - TOSHIBA) TOSHIBA Hardware Setup (Version: 1.48.0.11C - TOSHIBA) Hidden Toshiba Online Product Information (HKLM\...\{2290A680-4083-410A-ADCC-7092C67FC052}) (Version: 1.00.0012 - TOSHIBA) TOSHIBA SD Memory Utilities (HKLM\...\{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}) (Version: 1.8.1.1 - TOSHIBA) TOSHIBA Software Modem (HKLM\...\TOSHIBA Software Modem) (Version: 2.1.77 (SM2177ALD04) - Agere Systems) TOSHIBA Supervisor Password (HKLM\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.48.0.8C - TOSHIBA) TOSHIBA Supervisor Password (Version: 1.48.0.8C - TOSHIBA) Hidden TOSHIBA Value Added Package (HKLM\...\InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}) (Version: 1.0.28 - TOSHIBA Corporation) TOSHIBA Value Added Package (Version: 1.0.28 - TOSHIBA Corporation) Hidden Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation) Utility Common Driver (Version: 0.0.1.1C - TOSHIBA) Hidden Windows Media Encoder 9 Series (HKLM\...\Windows Media Encoder 9) (Version: - ) Windows Media Encoder 9 Series (Version: 9.00.3374 - Microsoft Corporation) Hidden ==================== Restore Points ========================= 17-02-2014 21:50:18 Removed Adobe Reader 7.0.9 23-04-2014 17:15:10 Scheduled Checkpoint 02-05-2014 21:15:23 Scheduled Checkpoint 25-05-2014 05:41:46 Restore Operation 25-05-2014 05:45:57 avast! antivirus system restore point 25-05-2014 10:24:19 Windows Update ==================== Hosts content: ========================== 2006-11-02 11:23 - 2006-09-18 22:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ::1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM Task: {2450CAF7-9BDE-4287-99DF-43ED3EDA1FCE} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-11-24] (AVAST Software) Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-18] (Microsoft Corporation) Task: {53BE789E-EEFA-41CD-99DD-8314B0533519} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-10-27] (Google Inc.) Task: {7FB67404-957B-4A19-8F93-D8BC0FE41E95} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\VistaSP1CEIP => C:\Windows\servicing\vsp1ceip.exe [2008-01-18] (Microsoft Corporation) Task: {8776DE37-7ABC-4D09-910C-941C142740DC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-10-27] (Google Inc.) Task: {883F42FF-F9CF-4096-BC09-71A8F5D4F747} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI Task: {B8B14D68-EB69-4E7B-BBF0-13CC2B9F92F2} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-03-18] (Piriform Ltd) Task: {D8DD55A7-F094-47FA-B1FB-DC60CC99ED35} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation) Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2013-09-20] () Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2014-05-25 17:29 - 2014-05-25 13:31 - 02255872 _____ () C:\Program Files\AVAST Software\Avast\defs\14052500\algo.dll 2007-10-10 15:12 - 2007-09-13 08:11 - 00249856 _____ () C:\Windows\system32\igfxTMM.dll 2007-01-18 09:30 - 2007-01-18 09:30 - 00094208 _____ () C:\Program Files\IDM\Desktop SMS\oehook.dll 2006-11-06 17:14 - 2006-11-06 17:14 - 00034352 _____ () C:\Program Files\TOSHIBA\Utilities\KeNotify.exe 2006-11-09 18:27 - 2006-11-09 18:27 - 00090112 _____ () C:\Program Files\TOSHIBA\FlashCards\TWarnMsg\TWarnMsg.dll 2007-07-10 17:12 - 2006-10-10 11:44 - 00009728 _____ () C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll 2006-11-08 19:08 - 2006-11-08 19:08 - 00009216 _____ () C:\Program Files\Toshiba\PCDiag\NotifyPCD.dll 2006-10-07 12:57 - 2006-10-07 12:57 - 00053248 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll 2006-12-01 18:55 - 2006-12-01 18:55 - 00009216 _____ () C:\Program Files\Toshiba\TBS\NotifyTBS.dll 2013-11-24 14:52 - 2013-11-24 14:52 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== ==================== EXE Association (whitelisted) ============= ==================== Disabled items from MSCONFIG ============== MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk => C:\Windows\pss\Microsoft Office.lnk.CommonStartup MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (05/25/2014 06:45:55 AM) (Source: VSS) (EventID: 8194) (User: ) Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005. This is often caused by incorrect security settings in either the writer or requestor process. Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {97624cb3-b506-40f1-ae95-35b2c3004e91} Error: (05/24/2014 10:14:31 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program iexplore.exe version 9.0.8112.16520 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: 1164 Start Time: 01cf779209e18797 Termination Time: 62 Error: (05/21/2014 10:40:59 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program iexplore.exe version 9.0.8112.16520 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: 135c Start Time: 01cf753abeda1b6b Termination Time: 16 Error: (05/18/2014 06:29:19 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program iexplore.exe version 9.0.8112.16520 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: 155c Start Time: 01cf72be1cce8150 Termination Time: 39 Error: (04/24/2014 07:49:06 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program iexplore.exe version 9.0.8112.16520 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: 118c Start Time: 01cf5fedbb4f4c30 Termination Time: 62 Error: (04/21/2014 08:31:24 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program iexplore.exe version 9.0.8112.16520 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: bf4 Start Time: 01cf5d974d0f9004 Termination Time: 593 Error: (03/05/2014 00:57:57 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program iexplore.exe version 9.0.8112.16520 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: a0c Start Time: 01cf3869fe806af6 Termination Time: 15 Error: (02/17/2014 10:50:48 PM) (Source: MsiInstaller) (EventID: 1013) (User: LindaAustin-PC) Description: Product: Adobe Reader 7.0.9 -- A process is running that cannot be safely shut down by Adobe Reader. Please restart your computer and try again. Error: (02/17/2014 10:27:25 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program iexplore.exe version 9.0.8112.16520 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: e5c Start Time: 01cf2c266de2dfdb Termination Time: 95 Error: (02/15/2014 02:35:46 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program iexplore.exe version 9.0.8112.16520 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: ff4 Start Time: 01cf2a51b5f78990 Termination Time: 25 System errors: ============= Error: (05/25/2014 05:29:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Parallel port driver%%1058 Error: (05/25/2014 05:26:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Parallel port driver%%1058 Error: (05/25/2014 05:22:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Parallel port driver%%1058 Error: (05/25/2014 11:38:32 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Parallel port driver%%1058 Error: (05/25/2014 11:35:09 AM) (Source: DCOM) (EventID: 10010) (User: ) Description: {C2BFE331-6739-4270-86C9-493D9A04CD38} Error: (05/25/2014 10:59:44 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Parallel port driver%%1058 Error: (05/25/2014 10:51:56 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Parallel port driver%%1058 Error: (05/25/2014 06:49:45 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Windows Font Cache Service%%1053 Error: (05/25/2014 06:49:45 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: 30000Windows Font Cache Service Error: (05/25/2014 06:47:00 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Parallel port driver%%1058 Microsoft Office Sessions: ========================= Error: (05/25/2014 06:45:55 AM) (Source: VSS) (EventID: 8194) (User: ) Description: 0x80070005 Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {97624cb3-b506-40f1-ae95-35b2c3004e91} Error: (05/24/2014 10:14:31 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: iexplore.exe9.0.8112.16520116401cf779209e1879762 Error: (05/21/2014 10:40:59 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: iexplore.exe9.0.8112.16520135c01cf753abeda1b6b16 Error: (05/18/2014 06:29:19 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: iexplore.exe9.0.8112.16520155c01cf72be1cce815039 Error: (04/24/2014 07:49:06 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: iexplore.exe9.0.8112.16520118c01cf5fedbb4f4c3062 Error: (04/21/2014 08:31:24 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: iexplore.exe9.0.8112.16520bf401cf5d974d0f9004593 Error: (03/05/2014 00:57:57 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: iexplore.exe9.0.8112.16520a0c01cf3869fe806af615 Error: (02/17/2014 10:50:48 PM) (Source: MsiInstaller) (EventID: 1013) (User: LindaAustin-PC) Description: Product: Adobe Reader 7.0.9 -- A process is running that cannot be safely shut down by Adobe Reader. Please restart your computer and try again.(NULL)(NULL)(NULL)(NULL) Error: (02/17/2014 10:27:25 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: iexplore.exe9.0.8112.16520e5c01cf2c266de2dfdb95 Error: (02/15/2014 02:35:46 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: iexplore.exe9.0.8112.16520ff401cf2a51b5f7899025 CodeIntegrity Errors: =================================== Date: 2014-05-25 07:43:44.955 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2014-05-25 07:43:44.518 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2014-05-25 07:43:44.128 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2014-05-25 07:43:43.691 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2014-05-25 07:43:43.301 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2014-05-25 07:43:42.911 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2014-05-25 07:43:42.365 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_b34d67897fc6850f\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2014-05-25 07:43:41.960 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_b34d67897fc6850f\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2014-05-25 07:43:41.523 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_b34d67897fc6850f\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2014-05-25 07:43:41.133 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_b34d67897fc6850f\tcpip.sys because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Percentage of memory in use: 58% Total physical RAM: 2037.69 MB Available physical RAM: 845.14 MB Total Pagefile: 4314.63 MB Available Pagefile: 2882.01 MB Total Virtual: 2047.88 MB Available Virtual: 1902.58 MB ==================== Drives ================================ Drive c: (Vista) (Fixed) (Total:55.66 GB) (Free:23.95 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive e: (Data) (Fixed) (Total:54.66 GB) (Free:54.5 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 112 GB) (Disk ID: 959F01D2) Partition 1: (Not Active) - (Size=1 GB) - (Type=27) Partition 2: (Active) - (Size=56 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=55 GB) - (Type=07 NTFS) ==================== End Of Log ============================
  11. Hi I recently ran a quick scan and found 2 files which both started with Trojan.ransom.gend, after the quick scan I restarted my computer and found that I could not access Malwarebytes as it was blocked. I managed to restore my computer to an earlier date and run a full scan which detected no maliscious files, but am worried I may be missing hidden threats. Have I really managed to get rid of this trojan virus?
  12. Have just recently formatted my computer and decided to not go back to AVG because of the problems it's been having with Steam and other things. I used other programs other than MWB Free but have decided to come back to it because when used in tandem with other programs I have just as much protection as AVG provided. However an interesting problem has occured. When I installed it I was completely blocked from internet access. My MB port is not working so I am using a USB Ethernet adapter for access. After a long search on the web and through my computer and MWB itself that produced nothing I removed the program. After getting access restored I installed the program again just to be sure and within seconds I was blocked from the internet again. I couldn't find anything in MWB that I thought was relevant and I'm sure it's not my computer or reinstallation since I had access before MWB but I'll be damned if I can figure out what to do on my own. I could really use some help in finding out what to configure to keep this from happening.
  13. Hi I think my computer is infected because i am unable to open either Malwarebytes or McAfee as it is blocked by a message reading "This program is blocked by group policy. For more information, contact your system administrator." I can open the Chameleon page and have tested all the Chameleons, but not helped out. Please help me in solving this problem.As i saw a similar problem requested by another user, I ran the a Scan with TDSS-Killer and Gmer rootkit scanner and the log is attached. Thanks in Advance TDSSKiller.3.0.0.31_14.04.2014_22.54.54_log.txt ark.txt
  14. Hello! I'm concerned that my computer is infected because I am unable to open either Mallwarebytes or AVG as it is blocked by a message reading "This program is blocked by group policy. For more information, contact your system administrator." I can open the Chameleon page and have tested all the Chameleons, but to no avail. I have also tried to open them by goings through C:/ Programs etc., but opening them their only prompts the same message to come up. So, I'm not sure what to do to rid my computer of viruses, I'm currently trying to avoid turning it off for fear of this worsening the situation. What should I do? Following the advice on the 'I'm infected - What do I do now page' I downloaded Farbar Recovery Scan Tool, ran a scan and posted the FRST log as advised: Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014 01 (ATTENTION: ====> FRST version is 27 days old and could be outdated) Ran by User (administrator) on USER-PC on 09-04-2014 03:10:37 Running from C:\Users\User\Documents\Unhelpful folders folder\Downloads Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English(US) Internet Explorer Version 9 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: Download link for 64-Bit Version: Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe (Microsoft Corporation) C:\Windows\system32\SLsvc.exe (ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe (Microsoft Corporation) C:\Windows\system32\WLANExt.exe (Agere Systems) C:\Windows\system32\agrsmsvc.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (Creative Technology Ltd) C:\Program Files\Creative\Shared Files\CTDevSrv.exe (Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Toshiba Europe GmbH) C:\Program Files\Toshiba TEMPRO\TempoSVC.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation) C:\Windows\system32\TODDSrv.exe (TOSHIBA Corporation) c:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation) c:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe (Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\loggingserver.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Toshiba) C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe () C:\Program Files\AVG Secure Search\vprot.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Microsoft Corporation) C:\Windows\ehome\ehtray.exe (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\update\realsched.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgfws.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgnsx.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgrsx.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgcsrvx.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgcsrvx.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (RealNetworks, Inc.) c:\program files\real\realplayer\RealPlay.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\system32\conime.exe () C:\Users\User\Documents\Unhelpful folders folder\Downloads\RogueKiller.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [40368 2011-08-31] (Adobe Systems Incorporated) HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-03-29] (Adobe Systems Incorporated) HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2011-07-05] (Apple Inc.) HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-09-27] (Apple Inc.) HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [421736 2011-10-09] (Apple Inc.) HKLM\...\Run: [vProt] - C:\Program Files\AVG Secure Search\vprot.exe [2544664 2014-03-24] () HKLM\...\Run: [TkBellExe] - C:\Program Files\Real\RealPlayer\update\realsched.exe [296056 2012-06-03] (RealNetworks, Inc.) HKLM\...\Run: [AVG_UI] - C:\Program Files\AVG\AVG2013\avgui.exe [4411952 2014-01-21] (AVG Technologies CZ, s.r.o.) HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\avg8 <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\Malwarebytes' Anti-Malware <====== ATTENTION HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-21-1389979042-1133768856-884714788-1000\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2008-10-08] (Google Inc.) HKU\S-1-5-21-1389979042-1133768856-884714788-1000\...\Run: [GameXN GO] - C:\ProgramData\GameXN\GameXNGO.exe [347008 2011-12-08] (EasyBits Software AS) HKU\S-1-5-21-1389979042-1133768856-884714788-1000\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation) HKU\S-1-5-21-1389979042-1133768856-884714788-1000\...\Run: [LmwRbsbk] - C:\Users\User\AppData\Local\dgffqsrt\lmwrbsbk.exe HKU\S-1-5-21-1389979042-1133768856-884714788-1000\...\Run: [Radio Downloader] - C:\Program Files\Radio Downloader\Radio Downloader.exe [529816 2013-08-14] (NerdoftheHerd.com) HKU\S-1-5-21-1389979042-1133768856-884714788-1000\...\Run: [ytdoqe] - regsvr32.exe "C:\ProgramData\ytdoqe.dat" Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aljazeera.com/ HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSEE&bmod=TSEE; HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x6E28FE313719CB01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSEE&bmod=TSEE HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSEE&bmod=TSEE URLSearchHook: HKLM - ytbyclick Toolbar - {d4f1c433-f9c3-49f2-8645-37dbeca19e90} - C:\Program Files\ytbyclick\prxtbytby.dll (Conduit Ltd.) URLSearchHook: HKLM - DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) URLSearchHook: HKCU - (No Name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No File URLSearchHook: HKCU - ytbyclick Toolbar - {d4f1c433-f9c3-49f2-8645-37dbeca19e90} - C:\Program Files\ytbyclick\prxtbytby.dll (Conduit Ltd.) URLSearchHook: HKCU - DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) SearchScopes: HKLM - DefaultScope {A1F866FB-E56D-40DA-A1EB-52C2F9D2709C} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEE; SearchScopes: HKLM - {A1F866FB-E56D-40DA-A1EB-52C2F9D2709C} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEE; SearchScopes: HKCU - DefaultScope {F1701357-6328-4DEC-BF8B-D1EAD9198D38} URL = http://www.bing.com/search?q={searchTerms}&r=135 SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.delta-search.com/?q={searchTerms}&affID=119776&babsrc=SP_ss&mntrId=3a3d928b0000000000000024d28b6a10 SearchScopes: HKCU - {540AA275-401C-4578-95B1-EACEEC8B4981} URL = http://uk.search.yahoo.com/search?ei=utf-8&fr=chr-greentree_ie&type=937811&p={searchTerms} SearchScopes: HKCU - {70D46D94-BF1E-45ED-B567-48701376298E} URL = http://127.0.0.1:4664/search&s=sbGwxBTCm-p7ltCC2GJ6dF6zqkA?q={searchTerms} SearchScopes: HKCU - {76C22B23-E981-114D-ABE3-D5E4E6E9771A} URL = http://www.buzqo.com/s/?q={searchTerms}&iesrc={referrer:source?}&cfg=2-101-0-1FKqW SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={F2A0F7FF-D8FC-4BE0-8F29-C141A6634D98}&mid=c1cfb0a815697e483284d54b5e15b28f-9f850996388ec9dd76dd387ffdd0e7484d57efd8〈=us&ds=AVG&pr=pa&d=2011-12-08 13:10:41&v=15.3.0.11&pid=avg&sg=0&sap=dsp&q={searchTerms} SearchScopes: HKCU - {A1F866FB-E56D-40DA-A1EB-52C2F9D2709C} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEE_enGB348GB348 SearchScopes: HKCU - {F1701357-6328-4DEC-BF8B-D1EAD9198D38} URL = http://www.bing.com/search?q={searchTerms}&r=135 BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) BHO: AC-Pro - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files\AutocompletePro\AutocompletePro.dll (SimplyGen) BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\18.0.5.292\AVG Secure Search_toolbar.dll (AVG Secure Search) BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.) BHO: ytbyclick Toolbar - {d4f1c433-f9c3-49f2-8645-37dbeca19e90} - C:\Program Files\ytbyclick\prxtbytby.dll (Conduit Ltd.) BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File Toolbar: HKLM - ytbyclick Toolbar - {d4f1c433-f9c3-49f2-8645-37dbeca19e90} - C:\Program Files\ytbyclick\prxtbytby.dll (Conduit Ltd.) Toolbar: HKLM - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\18.0.5.292\AVG Secure Search_toolbar.dll (AVG Secure Search) Toolbar: HKLM - DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU - ytbyclick Toolbar - {D4F1C433-F9C3-49F2-8645-37DBECA19E90} - C:\Program Files\ytbyclick\prxtbytby.dll (Conduit Ltd.) Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File Toolbar: HKCU - DVDVideoSoftTB Toolbar - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.0.5\ViProtocol.dll (AVG Secure Search) Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 188.74.66.1 FireFox: ======== FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\18.0.5\\npsitesafety.dll (AVG Technologies) FF Plugin: @google.com/npPicasa2,version=2.0.0 - C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.) FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @real.com/nppl3260;version=15.0.4.53 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprjplug;version=15.0.4.53 - c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprphtml5videoshim;version=15.0.4.53 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpplugin;version=15.0.4.53 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [] FF HKLM\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\FireFoxExt\17.3.0.49 FF HKLM\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-06-03] Chrome: ======= CHR RestoreOnStartup: "sync": { "suppress_start" CHR DefaultSearchKeyword: isearch.avg.com CHR DefaultSearchProvider: AVG Secure Search CHR DefaultSearchURL: http://isearch.avg.com/search?cid={F2A0F7FF-D8FC-4BE0-8F29-C141A6634D98}&mid=c1cfb0a815697e483284d54b5e15b28f-9f850996388ec9dd76dd387ffdd0e7484d57efd8〈=us&ds=AVG&pr=pa&d=2011-12-08 13:10:41&v=15.2.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms} CHR DefaultNewTabURL: CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\33.0.1750.154\pdf.dll () CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Java Deployment Toolkit 6.0.240.7) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.) CHR Plugin: (Java Platform SE 6 U24) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.) CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll (AVG Technologies) CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) CHR Plugin: (Picasa) - C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.) CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () CHR Plugin: (RealNetworks Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) CHR Plugin: (RealPlayer HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) CHR Plugin: (RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) CHR Plugin: (RealJukebox NS Plugin) - c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) CHR Plugin: (RealPlayer Download Plugin) - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) CHR Extension: (AutocompletePro plugin for chrome) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\defdhglnppeioeflggkmglipcecffkhk [2011-05-20] CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2011-05-20] CHR Extension: (DVDVideoSoft Browser Extension) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2013-03-06] CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-31] CHR HKLM\...\Chrome\Extension: [defdhglnppeioeflggkmglipcecffkhk] - C:\Program Files\AutocompletePro\chrome\autocompleteprochrome.crx [2010-08-12] CHR HKLM\...\Chrome\Extension: [jbpkiefagocgkmemidfngdkamloieekf] - C:\Program Files\TornTV.com\torn11.crx [2010-08-12] CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2012-06-03] CHR HKLM\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\18.0.5.292\avg.crx [2014-03-24] CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Users\User\AppData\Roaming\DVDVideoSoft\DVDVideoSoftBrowserExtension.crx [2012-11-05] ========================== Services (Whitelisted) ================= R2 avgfws; C:\Program Files\AVG\AVG2013\avgfws.exe [1432080 2013-10-23] (AVG Technologies CZ, s.r.o.) R2 AVGIDSAgent; C:\Program Files\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files\AVG\AVG2013\avgwdsvc.exe [283136 2013-11-20] (AVG Technologies CZ, s.r.o.) R2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2008-04-17] (TOSHIBA CORPORATION) R2 CTDevice_Srv; C:\Program Files\Creative\Shared Files\CTDevSrv.exe [61440 2007-04-02] (Creative Technology Ltd) S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-07-02] (Google) R3 SmartFaceVWatchSrv; C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe [77824 2008-08-25] (Toshiba) R2 TempoMonitoringService; C:\Program Files\Toshiba TEMPRO\TempoSVC.exe [99720 2008-08-26] (Toshiba Europe GmbH) R2 TOSHIBA SMART Log Service; c:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [126976 2007-12-03] (TOSHIBA Corporation) R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.) R2 vToolbarUpdater18.0.5; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe [1771032 2014-03-24] (AVG Secure Search) S3 AVG Security Toolbar Service; C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe [X] S2 HitmanPro37CrusaderBoot; "D:\HitmanPro.exe" /crusader:boot [X] ==================== Drivers (Whitelisted) ==================== R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6x.sys [50296 2012-09-04] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [208184 2013-11-25] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [60216 2013-07-20] (AVG Technologies CZ, s.r.o.) R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [22328 2013-10-23] (AVG Technologies CZ, s.r.o.) R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [171320 2013-07-20] (AVG Technologies CZ, s.r.o.) R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [246072 2013-07-20] (AVG Technologies CZ, s.r.o.) R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [96568 2013-07-01] (AVG Technologies CZ, s.r.o.) R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [39224 2013-10-23] (AVG Technologies CZ, s.r.o.) R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [182072 2014-03-20] (AVG Technologies CZ, s.r.o.) R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [42272 2014-03-24] (AVG Technologies) S3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIV.sys [141408 2008-02-27] (Realtek Semiconductor Corp.) U3 TrueSight; C:\Windows\system32\TrueSight.sys [26624 2014-04-09] () R3 UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [17960 2008-07-15] (Chicony Electronics Co., Ltd.) S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] U3 mbr; \??\C:\Users\User\AppData\Local\Temp\mbr.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-09 03:09 - 2014-04-09 03:10 - 00000000 ____D () C:\FRST 2014-04-09 02:56 - 2014-04-09 02:56 - 00016117 _____ () C:\Users\User\Desktop\dds.txt 2014-04-09 02:56 - 2014-04-09 02:56 - 00010688 _____ () C:\Users\User\Desktop\attach.txt 2014-04-09 02:51 - 2014-04-09 02:51 - 00054709 _____ () C:\Users\User\Desktop\RKreport[0]_S_04092014_025116.txt 2014-04-09 02:43 - 2014-04-09 02:43 - 00026624 _____ () C:\Windows\system32\TrueSight.sys 2014-04-09 02:40 - 2014-04-09 02:51 - 00000000 ____D () C:\Users\User\Desktop\RK_Quarantine 2014-04-09 02:38 - 2014-04-09 02:38 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\User\Desktop\rkill 2 2014-04-09 02:33 - 2014-04-09 02:39 - 00003138 _____ () C:\Users\User\Desktop\Rkill.txt 2014-04-09 02:31 - 2014-04-09 02:31 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\User\Desktop\rkill 1.com 2014-04-07 19:08 - 2014-04-08 19:29 - 00213820 _____ (Microsoft Corporation) C:\ProgramData\ytdoqe.dat 2014-03-29 21:54 - 2014-03-29 21:54 - 00000000 ____D () C:\Users\User\AppData\Local\Skype 2014-03-29 21:53 - 2014-03-29 21:53 - 00001878 _____ () C:\Users\Public\Desktop\Skype.lnk 2014-03-29 21:53 - 2014-03-29 21:53 - 00000000 ___RD () C:\Program Files\Skype 2014-03-29 21:53 - 2014-03-29 21:53 - 00000000 ____D () C:\Program Files\Common Files\Skype 2014-03-24 14:59 - 2014-03-24 14:59 - 00000000 ____D () C:\ProgramData\AVG Secure Search 2014-03-20 14:50 - 2014-03-20 14:50 - 00182072 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdix.sys ==================== One Month Modified Files and Folders ======= 2014-04-09 03:11 - 2010-12-04 18:42 - 00000000 ____D () C:\ProgramData\MFAData 2014-04-09 03:10 - 2014-04-09 03:09 - 00000000 ____D () C:\FRST 2014-04-09 03:08 - 2006-11-02 13:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2014-04-09 03:08 - 2006-11-02 13:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2014-04-09 03:04 - 2011-05-20 13:09 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-04-09 02:56 - 2014-04-09 02:56 - 00016117 _____ () C:\Users\User\Desktop\dds.txt 2014-04-09 02:56 - 2014-04-09 02:56 - 00010688 _____ () C:\Users\User\Desktop\attach.txt 2014-04-09 02:51 - 2014-04-09 02:51 - 00054709 _____ () C:\Users\User\Desktop\RKreport[0]_S_04092014_025116.txt 2014-04-09 02:51 - 2014-04-09 02:40 - 00000000 ____D () C:\Users\User\Desktop\RK_Quarantine 2014-04-09 02:47 - 2013-06-05 00:40 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-04-09 02:43 - 2014-04-09 02:43 - 00026624 _____ () C:\Windows\system32\TrueSight.sys 2014-04-09 02:39 - 2014-04-09 02:33 - 00003138 _____ () C:\Users\User\Desktop\Rkill.txt 2014-04-09 02:38 - 2014-04-09 02:38 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\User\Desktop\rkill 2 2014-04-09 02:31 - 2014-04-09 02:31 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\User\Desktop\rkill 1.com 2014-04-09 00:04 - 2011-05-20 13:09 - 00000878 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-04-08 19:29 - 2014-04-07 19:08 - 00213820 _____ (Microsoft Corporation) C:\ProgramData\ytdoqe.dat 2014-04-08 19:26 - 2013-05-23 23:46 - 00000847 _____ () C:\Users\Public\Desktop\AVG 2013.lnk 2014-04-07 19:22 - 2006-11-02 11:33 - 00716862 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-04-07 19:19 - 2013-01-21 17:20 - 00000342 _____ () C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job 2014-04-07 19:19 - 2011-08-31 20:52 - 00000000 ____D () C:\ProgramData\GameXN 2014-04-07 19:19 - 2011-06-15 17:02 - 00000000 ____D () C:\Users\User\AppData\Roaming\go 2014-04-07 19:18 - 2013-06-02 23:10 - 00000350 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job 2014-04-07 19:14 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-04-07 19:12 - 2006-11-02 14:01 - 00032556 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-04-07 19:06 - 2009-10-07 11:55 - 01488017 _____ () C:\Windows\WindowsUpdate.log 2014-04-04 23:09 - 2014-02-01 23:52 - 00000000 ____D () C:\Users\User\Documents\Uni stuff 2014-04-04 19:04 - 2009-10-07 13:26 - 00002585 _____ () C:\Users\User\Desktop\Microsoft Word.lnk 2014-03-29 23:19 - 2010-03-13 11:26 - 00000000 ____D () C:\Users\User\AppData\Roaming\Skype 2014-03-29 21:54 - 2014-03-29 21:54 - 00000000 ____D () C:\Users\User\AppData\Local\Skype 2014-03-29 21:53 - 2014-03-29 21:53 - 00001878 _____ () C:\Users\Public\Desktop\Skype.lnk 2014-03-29 21:53 - 2014-03-29 21:53 - 00000000 ___RD () C:\Program Files\Skype 2014-03-29 21:53 - 2014-03-29 21:53 - 00000000 ____D () C:\Program Files\Common Files\Skype 2014-03-29 21:53 - 2010-03-13 11:25 - 00000000 ____D () C:\ProgramData\Skype 2014-03-28 14:58 - 2010-05-16 09:48 - 00006944 _____ () C:\Users\User\AppData\Local\d3d9caps.dat 2014-03-27 00:59 - 2011-04-25 19:57 - 00000000 ____D () C:\Users\User\AppData\Local\Audible 2014-03-25 03:10 - 2006-11-02 13:52 - 00049565 _____ () C:\Windows\setupact.log 2014-03-24 19:00 - 2012-06-14 15:12 - 00000000 ____D () C:\Users\User\AppData\Local\AVG Secure Search 2014-03-24 14:59 - 2014-03-24 14:59 - 00000000 ____D () C:\ProgramData\AVG Secure Search 2014-03-24 14:59 - 2012-11-08 20:39 - 00042272 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx86.sys 2014-03-24 14:59 - 2011-12-08 14:10 - 00000000 ____D () C:\Program Files\AVG Secure Search 2014-03-23 16:54 - 2014-02-05 01:26 - 00000000 ____D () C:\Users\User\Documents\Audible 2014-03-20 14:50 - 2014-03-20 14:50 - 00182072 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdix.sys 2014-03-15 23:52 - 2011-05-20 13:10 - 00001976 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-03-11 19:47 - 2012-06-24 23:24 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-03-11 19:47 - 2011-08-08 13:39 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl Files to move or delete: ==================== C:\ProgramData\ytdoqe.dat C:\Users\User\esrkmqfufqdhotyvklpy.exe C:\Users\User\jagex_cl_oldschool_LIVE.dat C:\Users\User\jagex_cl_runescape_LIVE.dat C:\Users\User\jagex_cl_runescape_LIVE1.dat C:\Users\User\random.dat Some content of TEMP: ==================== C:\Users\User\AppData\Local\Temp\0.8066576723151895.exe C:\Users\User\AppData\Local\Temp\AdobeUpdater12345.exe C:\Users\User\AppData\Local\Temp\binkw32.dll C:\Users\User\AppData\Local\Temp\d2l_Install.exe C:\Users\User\AppData\Local\Temp\d2l_PlayD2.exe C:\Users\User\AppData\Local\Temp\drm_dialogs.dll C:\Users\User\AppData\Local\Temp\drm_dyndata_7350008.dll C:\Users\User\AppData\Local\Temp\EBU3C8C.exe C:\Users\User\AppData\Local\Temp\EBU4106.exe C:\Users\User\AppData\Local\Temp\EBU4930.DLL C:\Users\User\AppData\Local\Temp\EBU54DD.DLL C:\Users\User\AppData\Local\Temp\EBU8200.exe C:\Users\User\AppData\Local\Temp\EBU9448.DLL C:\Users\User\AppData\Local\Temp\EBUCC2A.exe C:\Users\User\AppData\Local\Temp\EBUCE7A.DLL C:\Users\User\AppData\Local\Temp\EBUE6D5.exe C:\Users\User\AppData\Local\Temp\EBUF7E5.DLL C:\Users\User\AppData\Local\Temp\FlashPlayerUpdate.exe C:\Users\User\AppData\Local\Temp\Get a FREE audiobook!.exe C:\Users\User\AppData\Local\Temp\GoogleChromeInstaller.exe C:\Users\User\AppData\Local\Temp\ICReinstall_FLVPlayerSetup.exe C:\Users\User\AppData\Local\Temp\Impressioner.exe C:\Users\User\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe C:\Users\User\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe C:\Users\User\AppData\Local\Temp\MSNC44D.exe C:\Users\User\AppData\Local\Temp\ntdll_dump.dll C:\Users\User\AppData\Local\Temp\Refresh.exe C:\Users\User\AppData\Local\Temp\SearchWithGoogleUpdate.exe C:\Users\User\AppData\Local\Temp\SkypeSetup.exe C:\Users\User\AppData\Local\Temp\System.Data.SQLite.dll C:\Users\User\AppData\Local\Temp\uninst1.exe C:\Users\User\AppData\Local\Temp\_is2BD5.exe C:\Users\User\AppData\Local\Temp\_is3E18.exe C:\Users\User\AppData\Local\Temp\_is4C99.exe C:\Users\User\AppData\Local\Temp\_is6CA6.exe C:\Users\User\AppData\Local\Temp\_is76E3.exe C:\Users\User\AppData\Local\Temp\_is8CD5.exe C:\Users\User\AppData\Local\Temp\_is8DEE.exe C:\Users\User\AppData\Local\Temp\_isA497.exe C:\Users\User\AppData\Local\Temp\_isAB80.exe C:\Users\User\AppData\Local\Temp\_isADA.exe C:\Users\User\AppData\Local\Temp\_isBB36.exe C:\Users\User\AppData\Local\Temp\_isCB0A.exe C:\Users\User\AppData\Local\Temp\_isE831.exe C:\Users\User\AppData\Local\Temp\_isF42D.exe C:\Users\User\AppData\Local\Temp\_isFF17.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\system32\winlogon.exe => MD5 is legit C:\Windows\system32\wininit.exe => MD5 is legit C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\services.exe => MD5 is legit C:\Windows\system32\User32.dll => MD5 is legit C:\Windows\system32\userinit.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-04-07 19:24 ==================== End Of Log ============================ Along with the Addition log: Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-03-2014 01 Ran by User at 2014-04-09 03:12:46 Running from C:\Users\User\Documents\Unhelpful folders folder\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: AVG Internet Security 2011 (Enabled - Up to date) {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} AS: AVG Internet Security 2011 (Enabled - Up to date) {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: AVG Firewall (Enabled) {621CC794-9486-F902-D092-0484E8EA828B} ==================== Installed Programs ====================== Adobe AIR (HKLM\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated) Adobe AIR (Version: 4.0.0.1390 - Adobe Systems Incorporated) Hidden Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated) Adobe Reader 8.2.6 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A82000000003}) (Version: 8.2.6 - Adobe Systems Incorporated) Adobe Reader 8.3.1 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A83000000003}) (Version: 8.3.1 - Adobe Systems Incorporated) Age of Empires III Trial (HKLM\...\InstallShield_{25B25C84-6132-4662-972B-4E4DC1B00C98}) (Version: 1.00.0000 - Microsoft Game Studios) Age of Empires III Trial (Version: 1.00.0000 - Microsoft Game Studios) Hidden Age of Empires Online (HKLM\...\GFWL_{4D530FA3-9B89-4186-98B7-F51000008100}) (Version: 1.0.0000.129 - Microsoft Studios) Age of Empires Online (Version: 1.0.0000.129 - Microsoft Studios) Hidden Age of Mythology - The Titans Expansion (HKLM\...\Age of Mythology Expansion Pack 1.0) (Version: - ) Amazon Kindle (HKLM\...\Amazon Kindle) (Version: - Amazon) Apple Application Support (HKLM\...\{A83279FD-CA4B-4206-9535-90974DE76654}) (Version: 2.1.5 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}) (Version: 4.0.0.96 - Apple Inc.) Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Atheros Driver Installation Program (HKLM\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 5.2 - Atheros) Atheros Wi-Fi Protected Setup Library (HKLM\...\{B0BCDCBD-863D-4CAB-BF68-8D1F6B1BDC13}) (Version: - Atheros) ATI Catalyst Install Manager (HKLM\...\{A7F27ADB-3C56-0F2B-6B4B-0B8E02A49186}) (Version: 3.0.664.0 - ATI Technologies, Inc.) Audible Download Manager (HKLM\...\AudibleDownloadManager) (Version: 6.6.0.15 - Audible, Inc.) AudibleManager (HKLM\...\AudibleManager) (Version: 71233830.-2.2007592998.2007592012 - Audible, Inc.) AutocompletePro (HKLM\...\AutocompletePro3_is1) (Version: - ) <==== ATTENTION AVG 2013 (HKLM\...\AVG) (Version: 2013.0.3466 - AVG Technologies) AVG 2013 (Version: 13.0.3466 - AVG Technologies) Hidden AVG 2013 (Version: 13.0.3722 - AVG Technologies) Hidden AVG Security Toolbar (HKLM\...\AVG Secure Search) (Version: 18.0.5.292 - AVG Technologies) BBC iPlayer Desktop (HKLM\...\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1) (Version: 3.2.13 - British Broadcasting Corp.) BBC iPlayer Desktop (Version: 3.2.13 - British Broadcasting Corp.) Hidden Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.) Camera Assistant Software for Toshiba (HKLM\...\{37C866E4-AA67-4725-9E95-A39968DD7960}) (Version: 1.7.231.1126L - Chicony Electronics Co.,Ltd.) Catalyst Control Center - Branding (HKLM\...\{69E5255D-9D43-4CFF-8984-843ABD7753B7}) (Version: 1.00.0000 - ATI) Catalyst Control Center Core Implementation (Version: 2008.0422.2139.36895 - ATI) Hidden Catalyst Control Center Graphics Full Existing (Version: 2008.0422.2139.36895 - ATI) Hidden Catalyst Control Center Graphics Full New (Version: 2008.0422.2139.36895 - ATI) Hidden Catalyst Control Center Graphics Light (Version: 2008.0422.2139.36895 - ATI) Hidden Catalyst Control Center Graphics Previews Vista (Version: 2008.0422.2139.36895 - ATI) Hidden Catalyst Control Center Localization Chinese Standard (Version: 2008.0422.2139.36895 - ATI) Hidden Catalyst Control Center Localization Chinese Traditional (Version: 2008.0422.2139.36895 - ATI) Hidden Catalyst Control Center Localization Czech (Version: 2008.0422.2139.36895 - ATI) Hidden Catalyst Control Center Localization Danish (Version: 2008.0422.2139.36895 - ATI) Hidden Catalyst Control Center Localization Dutch (Version: 2008.0422.2139.36895 - ATI) Hidden Catalyst Control Center Localization Finnish (Version: 2008.0422.2139.36895 - ATI) Hidden Catalyst Control Center Localization French (Version: 2008.0422.2139.36895 - ATI) Hidden Catalyst Control Center Localization German (Version: 2008.0422.2139.36895 - ATI) Hidden Catalyst Control Center Localization Greek (Version: 2008.0422.2139.36895 - ATI) Hidden Catalyst Control Center Localization Hungarian (Version: 2008.0422.2139.36895 - ATI) Hidden Catalyst Control Center Localization Italian (Version: 2008.0422.2139.36895 - ATI) Hidden Catalyst Control Center Localization Japanese (Version: 2008.0422.2139.36895 - ATI) Hidden Catalyst Control Center Localization Korean (Version: 2008.0422.2139.36895 - ATI) Hidden Catalyst Control Center Localization Norwegian (Version: 2008.0422.2139.36895 - ATI) Hidden Catalyst Control Center Localization Polish (Version: 2008.0422.2139.36895 - ATI) Hidden Catalyst Control Center Localization Portuguese (Version: 2008.0422.2139.36895 - ATI) Hidden Catalyst Control Center Localization Russian (Version: 2008.0422.2139.36895 - ATI) Hidden Catalyst Control Center Localization Spanish (Version: 2008.0422.2139.36895 - ATI) Hidden Catalyst Control Center Localization Swedish (Version: 2008.0422.2139.36895 - ATI) Hidden Catalyst Control Center Localization Thai (Version: 2008.0422.2139.36895 - ATI) Hidden Catalyst Control Center Localization Turkish (Version: 2008.0422.2139.36895 - ATI) Hidden CCC Help Chinese Standard (Version: 2008.0422.2138.36895 - ATI) Hidden CCC Help Chinese Traditional (Version: 2008.0422.2138.36895 - ATI) Hidden CCC Help Czech (Version: 2008.0422.2138.36895 - ATI) Hidden CCC Help Danish (Version: 2008.0422.2138.36895 - ATI) Hidden CCC Help Dutch (Version: 2008.0422.2138.36895 - ATI) Hidden CCC Help English (Version: 2008.0422.2138.36895 - ATI) Hidden CCC Help Finnish (Version: 2008.0422.2138.36895 - ATI) Hidden CCC Help French (Version: 2008.0422.2138.36895 - ATI) Hidden CCC Help German (Version: 2008.0422.2138.36895 - ATI) Hidden CCC Help Greek (Version: 2008.0422.2138.36895 - ATI) Hidden CCC Help Hungarian (Version: 2008.0422.2138.36895 - ATI) Hidden CCC Help Italian (Version: 2008.0422.2138.36895 - ATI) Hidden CCC Help Japanese (Version: 2008.0422.2138.36895 - ATI) Hidden CCC Help Korean (Version: 2008.0422.2138.36895 - ATI) Hidden CCC Help Norwegian (Version: 2008.0422.2138.36895 - ATI) Hidden CCC Help Polish (Version: 2008.0422.2138.36895 - ATI) Hidden CCC Help Portuguese (Version: 2008.0422.2138.36895 - ATI) Hidden CCC Help Russian (Version: 2008.0422.2138.36895 - ATI) Hidden CCC Help Spanish (Version: 2008.0422.2138.36895 - ATI) Hidden CCC Help Swedish (Version: 2008.0422.2138.36895 - ATI) Hidden CCC Help Thai (Version: 2008.0422.2138.36895 - ATI) Hidden CCC Help Turkish (Version: 2008.0422.2138.36895 - ATI) Hidden ccc-core-static (Version: 2008.0422.2139.36895 - ATI) Hidden ccc-utility (Version: 2008.0422.2139.36895 - ATI) Hidden CD/DVD Drive Acoustic Silencer (HKLM\...\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}) (Version: 2.02.03 - TOSHIBA) Claro ScreenMarker Demo (HKLM\...\{3A21D5B5-61AC-45D9-BAE4-ABB173093AFF}) (Version: 0.1.0 - Claro Software) ClaroCapture Demo (HKLM\...\{13CD2F65-570C-4432-95C8-B14AC03E185D}) (Version: 0.3.19 - Claro Software) ClaroIdeas Demo (HKLM\...\{3498B8DC-2420-4F21-A1EB-D2C6B66C95FE}) (Version: 0.1.0 - Claro Software) ClaroRead Pro Demo (HKLM\...\{535EA451-8C9E-4623-8B9C-D7A5A1839E84}) (Version: 0.2.7 - Claro Software) ClaroView (HKLM\...\{9B6C07A3-EC52-4399-94B2-5FC72AAB92CB}) (Version: 0.0.12 - Claro Software) Creative Centrale (HKLM\...\Creative Centrale) (Version: - Creative Technology Ltd.) Creative Centrale (Version: 1.02.04 - Creative Technology Ltd.) Hidden Creative Removable Disk Manager (HKLM\...\Creative Removable Disk Manager) (Version: - ) Creative Software Update (Version: 1.00.14 - Creative Technology Ltd.) Hidden Creative ZEN Mozaic User's Guide (HKLM\...\ZENMozaicUG) (Version: - Creative Technology Ltd.) D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden Diablo II (HKCU\...\Diablo II) (Version: - ) Diablo II (HKLM\...\Diablo II) (Version: - ) DVD MovieFactory for TOSHIBA (HKLM\...\{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}) (Version: 5.51 - Ulead Systems, Inc.) DVDVideoSoftTB Toolbar (HKLM\...\DVDVideoSoftTB Toolbar) (Version: 6.8.10.403 - DVDVideoSoftTB) Free YouTube Downloader 1.0 (HKLM\...\{A7E19604-93AF-4611-8C9F-CE509C2B286F}_is1) (Version: - HOW Inc.) Free YouTube to MP3 Converter version 3.11.35.1031 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: 3.11.35.1031 - DVDVideoSoft Ltd.) GameXN GO (HKCU\...\Game Organizer) (Version: - GameXN AS) Google Chrome (HKLM\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.) Google Desktop (HKLM\...\Google Desktop) (Version: 5.9.1005.12335 - Google) Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: - Google Inc.) Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (Version: 1.3.23.9 - Google Inc.) Hidden ImageMixer 3 SE Ver.4 Transfer Utility (HKLM\...\{CAE4E520-4695-4A96-8661-B62FA5FB669E}) (Version: 3.03.005 - PIXELA) Impossible Creatures (HKLM\...\Impossible Creatures 1.0) (Version: - ) iTunes (HKLM\...\{29ED20C9-5E15-4969-9279-25BF3727A3DA}) (Version: 10.5.0.142 - Apple Inc.) Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle) Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden Java 6 Update 24 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216022FF}) (Version: 6.0.240 - Oracle) Java 6 Update 3 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160030}) (Version: 1.6.0.30 - Sun Microsystems, Inc.) Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation) Medieval II Total War (HKLM\...\{C0698BDA-0D29-40EE-8570-A31106DF9AB1}) (Version: 1.03.000 - SEGA) Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - ) Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden Microsoft .NET Framework 1.1 Security Update (KB2656370) (HKLM\...\M2656370) (Version: - ) Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version: - ) Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation) Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft Age of Empires II Trial Version (HKLM\...\Age of Empires II Trial) (Version: - ) Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden Microsoft Games for Windows - LIVE Redistributable (HKLM\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation) Microsoft Games for Windows Marketplace (HKLM\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation) Microsoft Office 2000 SR-1 Disc 2 (HKLM\...\{00040409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.3821 - Microsoft Corporation) Microsoft Office 2000 SR-1 Professional (HKLM\...\{00010409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.3821 - Microsoft Corporation) Microsoft Search Enhancement Pack (HKLM\...\{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}) (Version: 3.0.133.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.1.10329.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual J# .NET Redistributable Package 1.1 (HKLM\...\{1A655D51-1423-48A3-B748-8F5A0BE294C8}) (Version: 1.1.4322 - Microsoft) Microsoft XML Parser (Version: 8.20.8730.4 - Microsoft Corporation) Hidden MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation) MSXML4 Parser (HKLM\...\{01501EBA-EC35-4F9F-8889-3BE346E5DA13}) (Version: 1.0.0 - Microsoft Game Studios) Music Transfer Utility Ver.1 (HKLM\...\{9E520B22-546E-4AD3-8958-7D1EB8587AB1}) (Version: 1.00.005 - PIXELA) myphotobook 3.6 (HKLM\...\myphotobook) (Version: 3.6 - myphotobook) NaturalReaderFree (HKLM\...\{C5E7BF75-007E-44AD-8962-627ED44CB63B}) (Version: 11.9 - NaturalSoft) OverDrive Media Console (HKLM\...\{D07205E7-F6D3-4333-AFCC-782A07685B72}) (Version: 3.2.20 - OverDrive, Inc.) Picasa 2 (HKLM\...\Picasa2) (Version: 2.0 - Google, Inc.) QuickTime (HKLM\...\{C9E14402-3631-4182-B377-6B0DFB1C0339}) (Version: 7.70.80.34 - Apple Inc.) Radio Downloader (HKLM\...\{812EF122-4695-42B6-9BD5-FFC6B7F591CB}) (Version: 0.28.0.0 - NerdoftheHerd.com) RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden RealPlayer (HKLM\...\RealPlayer 15.0) (Version: 15.0.4 - RealNetworks) Realtek 8169 8168 8101E 8102E Ethernet Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek) Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5599 - Realtek Semiconductor Corp.) Realtek USB 2.0 Card Reader (HKLM\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version: - Realtek Semiconductor Corp.) RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden ScreenRuler Demo (HKLM\...\{95470521-77FD-4825-87D8-0A4A99D6DF76}) (Version: 0.3.5 - Claro Software) Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden Skins (Version: 2008.0422.2139.36895 - ATI) Hidden Skype™ 6.14 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.) Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 10.1.8.0 - Synaptics) The Elder Scrolls V: Skyrim (HKLM\...\Steam App 72850) (Version: - Bethesda Game Studios) TOSHIBA Assist (HKLM\...\{12B3A009-A080-4619-9A2A-C6DB151D8D67}) (Version: 2.01.04 - TOSHIBA) TOSHIBA ConfigFree (HKLM\...\{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}) (Version: 7.2.13 - TOSHIBA Corporation) TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.0.1.3 - TOSHIBA Corporation) TOSHIBA DVD PLAYER (HKLM\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 1.30.12 - TOSHIBA Corporation) TOSHIBA Extended Tiles for Windows Mobility Center (HKLM\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version: 1.01.00 - TOSHIBA Corporation) TOSHIBA Extended Tiles for Windows Mobility Center (Version: 1.01.00 - TOSHIBA Corporation) Hidden TOSHIBA Face Recognition (HKLM\...\InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}) (Version: 2.0.17.32 - TOSHIBA) TOSHIBA Face Recognition (Version: 2.0.17.32 - TOSHIBA) Hidden TOSHIBA Hardware Setup (HKLM\...\{2883F6F5-0509-43F3-868C-D50330DD9DD3}) (Version: 2.00.08 - ) TOSHIBA Manuals (HKLM\...\{E7271ABF-69D3-4E9D-AA0A-2DE34C10A93D}) (Version: 7.40 - TOSHIBA) Toshiba Online Product Information (HKLM\...\{2290A680-4083-410A-ADCC-7092C67FC052}) (Version: 1.00.0012 - TOSHIBA) TOSHIBA Recovery Disc Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.0.0.1b - TOSHIBA Corporation) TOSHIBA Software Modem (HKLM\...\TOSHIBA Software Modem) (Version: 2.1.77 (SM2177ALD04) - Agere Systems) TOSHIBA Supervisor Password (HKLM\...\{4B1E87C3-00DE-4898-8E39-E390AAEF2391}) (Version: 2.00.04 - ) Toshiba TEMPRO (HKLM\...\{03FAA727-E2B7-471C-AC41-2E1C7F29C7EA}) (Version: 1.2 - Toshiba Europe GmbH) TOSHIBA Value Added Package (HKLM\...\InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}) (Version: 1.1.19 - TOSHIBA Corporation) TOSHIBA Value Added Package (Version: 1.1.19 - TOSHIBA Corporation) Hidden TRDCReminder (HKLM\...\InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}) (Version: 1.00.0015 - TOSHIBA) TRDCReminder (Version: 1.00.0015 - TOSHIBA) Hidden TRORDCLauncher (HKLM\...\InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}) (Version: 1.0.0.1 - TOSHIBA) TRORDCLauncher (Version: 1.0.0.1 - TOSHIBA) Hidden Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2468871) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2533523) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2600217) (Version: 1 - Microsoft Corporation) Vocalizer Daniel Demo from Claro Software (HKLM\...\{3FAAF8CC-2B4B-45A0-8673-6987CB57AC6C}) (Version: 0.1.2.1 - Claro Software) Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation) Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Family Safety (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Mail (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Messenger (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live PIMT Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Sync (HKLM\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation) Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Writer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Writer Resources (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Media Encoder 9 Series (HKLM\...\Windows Media Encoder 9) (Version: - ) Windows Media Encoder 9 Series (Version: 9.00.3374 - Microsoft Corporation) Hidden ytbyclick Toolbar (HKLM\...\ytbyclick Toolbar) (Version: 6.7.0.6 - ytbyclick) ==================== Restore Points ========================= 24-03-2014 05:27:27 Scheduled Checkpoint 25-03-2014 01:12:03 Scheduled Checkpoint 26-03-2014 13:43:51 Scheduled Checkpoint 29-03-2014 05:18:41 Scheduled Checkpoint 02-04-2014 07:52:19 Scheduled Checkpoint 03-04-2014 02:17:44 Scheduled Checkpoint 04-04-2014 03:54:40 Scheduled Checkpoint 05-04-2014 13:08:04 Scheduled Checkpoint 06-04-2014 01:32:10 Scheduled Checkpoint 07-04-2014 17:26:48 Scheduled Checkpoint ==================== Hosts content: ========================== 2006-11-02 11:23 - 2006-09-18 22:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ::1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM Task: {2B47239D-A69C-45A4-9C4B-B393A2329494} - System32\Tasks\RealCreateProcessScheduledTask95094995S-1-5-21-1389979042-1133768856-884714788-1000 => c:\program files\real\realplayer\update\realsched.exe [2012-06-03] (RealNetworks, Inc.) Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI Task: {34D0C20E-3EFB-46B2-B790-196334429A4D} - System32\Tasks\{E3BE9668-EAE2-4619-96ED-0303080279C1} => Iexplore.exe http://ui.skype.com/ui/0/6.9.0.106/en/abandoninstall?page=tsProgressBar Task: {36CD591D-F5B1-4A2A-9B3E-EF7434DF7502} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1389979042-1133768856-884714788-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2012-04-30] (RealNetworks, Inc.) Task: {3A0B67B8-AEEE-49ED-AC56-C67D1FAA3574} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{42A9BD99-D9AC-4121-BC86-DE629C13D16A}.exe Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation) Task: {6565B71B-B24F-4D4D-86CB-595CD64487F8} - System32\Tasks\ROC_JAN2013_TB_rmv => C:\Program Files\AVG Secure Search\PostInstall\ROC.exe [2013-01-31] () Task: {6E7A2C0F-560F-4492-B6C9-6BEEBACB0447} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation) Task: {702E20B1-5E8E-453E-A1A5-13B189515CAF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-05-20] (Google Inc.) Task: {AD5080E6-CE8F-40A1-BE17-09BC93F154CC} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1389979042-1133768856-884714788-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2012-04-30] (RealNetworks, Inc.) Task: {C5B8A959-C920-47EE-90C9-181A03544905} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-11] (Adobe Systems Incorporated) Task: {CF071282-A7E2-43F0-9998-437C5559BEFB} - System32\Tasks\4596 => Wscript.exe C:\Users\User\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION Task: {D6ADE738-04AB-4BDF-9065-CC13E7F84625} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] () Task: {E58301C2-8E52-485B-8D54-5ED513829C35} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-05-20] (Google Inc.) Task: {E66B41EE-68E4-4FA7-9A93-EB9731022B00} - System32\Tasks\{1EA5384E-6D5A-4C09-9453-696D79AEED5E} => C:\Program Files\Skype\Phone\Skype.exe [2014-02-10] (Skype Technologies S.A.) Task: {FBC15712-CCA6-464F-BD8B-1FF1D2FE251B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{42A9BD99-D9AC-4121-BC86-DE629C13D16A}.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job => C:\Program Files\AVG Secure Search\PostInstall\ROC.exe ==================== Loaded Modules (whitelisted) ============= 2011-09-27 07:23 - 2011-09-27 07:23 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2011-09-27 07:22 - 2011-09-27 07:22 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2014-03-24 14:59 - 2014-03-24 14:59 - 00159768 _____ () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\loggingserver.exe 2014-03-24 14:59 - 2014-03-24 14:59 - 00519704 _____ () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\log4cplusU.dll 2008-08-22 20:07 - 2008-08-22 20:07 - 00126976 _____ () C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVCtrl.dll 2008-08-22 20:07 - 2008-08-22 20:07 - 06701056 _____ () C:\Program Files\TOSHIBA\SmartFaceV\FaceHI.dll 2008-08-22 20:07 - 2008-08-22 20:07 - 00995328 _____ () C:\Program Files\TOSHIBA\SmartFaceV\FaceRec.dll 2008-10-08 10:24 - 2008-04-22 21:05 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll 2008-02-04 13:29 - 2008-02-04 13:29 - 00688128 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll 2011-12-08 14:10 - 2014-03-24 14:59 - 02544664 _____ () C:\Program Files\AVG Secure Search\vprot.exe 2007-01-13 03:01 - 2007-01-13 03:01 - 00397312 ____R () C:\Program Files\Adobe\Reader 8.0\Reader\cryptocme2.dll 2007-01-13 03:01 - 2007-01-13 03:01 - 00475136 ____R () C:\Program Files\Adobe\Reader 8.0\Reader\ccme_base.dll 2014-03-15 23:51 - 2014-03-15 01:50 - 00051016 _____ () C:\Program Files\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll 2014-03-15 23:51 - 2014-03-15 01:50 - 04061000 _____ () C:\Program Files\Google\Chrome\Application\33.0.1750.154\pdf.dll 2014-03-15 23:51 - 2014-03-15 01:50 - 00394568 _____ () C:\Program Files\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll 2014-03-15 23:51 - 2014-03-15 01:50 - 01647432 _____ () C:\Program Files\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll 2014-01-19 02:48 - 2014-01-19 02:48 - 04591616 _____ () C:\Users\User\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.5.0\libglesv2.dll 2014-01-19 02:48 - 2014-01-19 02:48 - 00112128 _____ () C:\Users\User\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.5.0\libegl.dll 2014-04-09 02:40 - 2014-04-09 02:40 - 03972608 _____ () C:\Users\User\Documents\Unhelpful folders folder\Downloads\RogueKiller.exe ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== ==================== Disabled items from MSCONFIG ============== MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Audible Download Manager.lnk => C:\Windows\pss\Audible Download Manager.lnk.CommonStartup MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk => C:\Windows\pss\Microsoft Office.lnk.CommonStartup MSCONFIG\startupfolder: C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^BBC iPlayer Desktop.lnk => C:\Windows\pss\BBC iPlayer Desktop.lnk.Startup MSCONFIG\startupreg: 00TCrdMain => %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" MSCONFIG\startupreg: AVG_TRAY => C:\Program Files\AVG\AVG10\avgtray.exe MSCONFIG\startupreg: Camera Assistant Software => "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start MSCONFIG\startupreg: cfFncEnabler.exe => cfFncEnabler.exe MSCONFIG\startupreg: ehTray.exe => C:\Windows\ehome\ehTray.exe MSCONFIG\startupreg: Google Desktop Search => "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup MSCONFIG\startupreg: jswtrayutil => "C:\Program Files\Jumpstart\jswtrayutil.exe" MSCONFIG\startupreg: NDSTray.exe => NDSTray.exe MSCONFIG\startupreg: NetFxUpdate_v1.1.4322 => "C:\Windows\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe" 1 v1.1.4322 GAC + NI NID MSCONFIG\startupreg: RtHDVCpl => RtHDVCpl.exe MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized MSCONFIG\startupreg: Skytel => Skytel.exe MSCONFIG\startupreg: SmoothView => %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe MSCONFIG\startupreg: SoftAuto.exe => "C:\Program Files\Creative\Software Update 3\SoftAuto.exe" MSCONFIG\startupreg: StartCCC => "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe" MSCONFIG\startupreg: swg => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" MSCONFIG\startupreg: SynTPEnh => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe MSCONFIG\startupreg: TkBellExe => "c:\program files\real\realplayer\Update\realsched.exe" -osboot MSCONFIG\startupreg: topi => C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup MSCONFIG\startupreg: TOSCDSPD => TOSCDSPD.EXE MSCONFIG\startupreg: Toshiba Registration => C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe MSCONFIG\startupreg: Toshiba TEMPO => C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe MSCONFIG\startupreg: TPwrMain => %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide MSCONFIG\startupreg: WMPNSCFG => C:\Program Files\Windows Media Player\WMPNSCFG.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (04/09/2014 00:23:11 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 1763 Error: (04/09/2014 00:23:11 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 1763 Error: (04/09/2014 00:23:11 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (04/08/2014 07:50:14 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 4618 Error: (04/08/2014 07:50:14 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 4618 Error: (04/08/2014 07:50:14 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (04/08/2014 07:50:13 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 3619 Error: (04/08/2014 07:50:13 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 3619 Error: (04/08/2014 07:50:13 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (04/08/2014 07:50:12 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 2481 System errors: ============= Error: (04/07/2014 07:22:01 PM) (Source: Service Control Manager) (User: ) Description: Windows Search%%1053 Error: (04/07/2014 07:22:01 PM) (Source: Service Control Manager) (User: ) Description: 30000Windows Search Error: (04/07/2014 07:22:01 PM) (Source: DCOM) (User: ) Description: 1053WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} Error: (04/07/2014 07:15:22 PM) (Source: Service Control Manager) (User: ) Description: Computer Browser%%1060 Error: (04/07/2014 07:15:22 PM) (Source: Service Control Manager) (User: ) Description: HitmanPro 3.7 Crusader (Boot)%%3 Error: (04/07/2014 07:12:35 PM) (Source: Service Control Manager) (User: ) Description: ScRegSetValueExWFailureActions%%5 Error: (04/07/2014 02:30:22 AM) (Source: Service Control Manager) (User: ) Description: Computer Browser%%1060 Error: (04/07/2014 02:30:22 AM) (Source: Service Control Manager) (User: ) Description: HitmanPro 3.7 Crusader (Boot)%%3 Error: (04/07/2014 02:29:00 AM) (Source: EventLog) (User: ) Description: The previous system shutdown at 02:24:30 on 07/04/2014 was unexpected. Error: (04/06/2014 08:01:17 PM) (Source: Service Control Manager) (User: ) Description: Computer Browser%%1060 Microsoft Office Sessions: ========================= Error: (04/09/2014 00:23:11 AM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 1763 Error: (04/09/2014 00:23:11 AM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledEvent 1763 Error: (04/09/2014 00:23:11 AM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (04/08/2014 07:50:14 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 4618 Error: (04/08/2014 07:50:14 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledEvent 4618 Error: (04/08/2014 07:50:14 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (04/08/2014 07:50:13 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 3619 Error: (04/08/2014 07:50:13 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledEvent 3619 Error: (04/08/2014 07:50:13 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (04/08/2014 07:50:12 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 2481 CodeIntegrity Errors: =================================== Date: 2014-04-09 03:11:12.321 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system. Date: 2014-04-09 03:11:11.320 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system. Date: 2014-04-09 03:11:10.303 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system. Date: 2014-04-09 03:11:09.313 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system. Date: 2014-04-09 03:11:08.157 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system. Date: 2014-04-09 03:11:07.226 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system. Date: 2014-04-09 03:11:06.224 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system. Date: 2014-04-09 03:11:05.218 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system. Date: 2014-04-08 19:26:25.574 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\AVG\AVG2013\Drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system. Date: 2014-04-08 19:26:24.624 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\AVG\AVG2013\Drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Percentage of memory in use: 70% Total physical RAM: 2813.1 MB Available physical RAM: 825.53 MB Total Pagefile: 5852.72 MB Available Pagefile: 2670.17 MB Total Virtual: 2047.88 MB Available Virtual: 1901.63 MB ==================== Drives ================================ Drive c: (Vista) (Fixed) (Total:116.29 GB) (Free:21.14 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive e: (Data) (Fixed) (Total:115.13 GB) (Free:83.05 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 233 GB) (Disk ID: 1CFF666E) Partition 1: (Not Active) - (Size=1 GB) - (Type=27) Partition 2: (Active) - (Size=116 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=115 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Any help would be hugely appreciated! Many thanks in advance!
  15. Hello! I'm concerned that my computer is infected because I am unable to open either Mallwarebytes or AVG as it is blocked by a message reading "This program is blocked by group policy. For more information, contact your system administrator." I can open the Chameleon page and have tested all the Chameleons, but to no avail. I have also tried to open them by goings through C:/ Programs etc., but opening them their only prompts the same message to come up. So, I'm not sure what to do to rid my computer of viruses, I'm currently trying to avoid turning it off for fear of this worsening the situation. What should I do? Any help would be hugely appreciated! Many thanks in advance!
  16. Hey, every time I have wi-fi on, I get a message from Malwarebytes that says "Successfully blocked access to a potentially malicious website" IPs that I found include 89.248.172.45 (which belongs to The Netherlands), and 89.28.5.37 (which belongs to Moldova) There are definitely more, but those are the ones I recorded, plz help :C
  17. Hi, All! I need some help, please. Today, Malwarebytes started blocking my Bluehost email server. When I try to send an email, I get this message: "Malwarebytes Anti-malware successfully blocked access to a potentially malicious website: 66.147.242.82. Type: outgoing; Port: 50294; Process: outlook.exe." This message keeps popping up, and the Port number keeps changing. What's the fix please? Thanks, Manuel Gonzales
  18. my favorit website is blocked by Malwarebytes. http://sitecheck.sucuri.net/results/boerse.bz http://www.unmaskparasites.com/security-report/ http://www.google.com/safebrowsing/diagnostic?site=boerse.bz https://www.virustotal.com/de/url/ea0e9372e5980bd57b7bc1427449e387e58e0f10fd2dfe658fbdcd0b32c1af12/analysis/1390638164/ Malwarebytes hpHosts Clean site Website IP Address : 93.115.87.186 I'm sorry but what is These are not F/P's.?? Google found no result. please unblocking Boerse.bz
  19. I constantly receive messages that MB is blocking Spybot as a malicious website. I have a Dell Inspirion Optiplex 765 Windows Vista 32 bit. Help.
  20. Hi 109.201.133.195 has been blocked today, and I was wondering why, since it is the premier bitcoin discussion board. I don't want to white list it yet if there is good reason. thank you.
  21. Hi, Since yesterday, I'm getting occasional messages from MBAM Pro about a blocked outgoing connection showing the same IP address 195.59.55.138 with different port numbers! I scanned my system by Avast Free and MBAM Pro but both of them said that my system is clean. I also used CCleaner to clean junk files. But tonight, I got the same message. Does anyone know what it is and why I get this message constantly? Here is the log: 2013/10/06 21:28:09 IP-BLOCK 195.59.55.138 (Type: outgoing, Port: 63554, Process: avastsvc.exe)2013/10/06 21:28:09 IP-BLOCK 195.59.55.138 (Type: outgoing, Port: 63555, Process: avastsvc.exe)2013/10/06 21:28:09 IP-BLOCK 195.59.55.138 (Type: outgoing, Port: 63559, Process: avastsvc.exe)2013/10/06 21:28:09 IP-BLOCK 195.59.55.138 (Type: outgoing, Port: 63560, Process: avastsvc.exe)2013/10/06 21:28:09 IP-BLOCK 195.59.55.138 (Type: outgoing, Port: 63562, Process: avastsvc.exe)2013/10/06 21:28:09 IP-BLOCK 195.59.55.138 (Type: outgoing, Port: 63563, Process: avastsvc.exe)2013/10/06 21:28:09 IP-BLOCK 195.59.55.138 (Type: outgoing, Port: 63565, Process: avastsvc.exe)2013/10/06 21:28:09 IP-BLOCK 195.59.55.138 (Type: outgoing, Port: 63566, Process: avastsvc.exe)2013/10/06 21:28:09 IP-BLOCK 195.59.55.138 (Type: outgoing, Port: 63568, Process: avastsvc.exe)2013/10/06 21:28:09 IP-BLOCK 195.59.55.138 (Type: outgoing, Port: 63569, Process: avastsvc.exe)2013/10/06 21:28:09 IP-BLOCK 195.59.55.138 (Type: outgoing, Port: 63571, Process: avastsvc.exe)2013/10/06 21:28:09 IP-BLOCK 195.59.55.138 (Type: outgoing, Port: 63572, Process: avastsvc.exe)2013/10/06 21:28:09 IP-BLOCK 195.59.55.138 (Type: outgoing, Port: 63576, Process: avastsvc.exe)2013/10/06 21:28:09 IP-BLOCK 195.59.55.138 (Type: outgoing, Port: 63577, Process: avastsvc.exe)2013/10/06 21:29:06 IP-BLOCK 195.59.55.138 (Type: outgoing, Port: 64060, Process: avastsvc.exe)2013/10/06 21:29:06 IP-BLOCK 195.59.55.138 (Type: outgoing, Port: 64063, Process: avastsvc.exe)2013/10/06 21:29:06 IP-BLOCK 195.59.55.138 (Type: outgoing, Port: 64067, Process: avastsvc.exe)2013/10/06 21:29:06 IP-BLOCK 195.59.55.138 (Type: outgoing, Port: 64068, Process: avastsvc.exe)2013/10/06 21:29:06 IP-BLOCK 195.59.55.138 (Type: outgoing, Port: 64070, Process: avastsvc.exe)2013/10/06 21:29:06 IP-BLOCK 195.59.55.138 (Type: outgoing, Port: 64071, Process: avastsvc.exe)2013/10/06 21:29:06 IP-BLOCK 195.59.55.138 (Type: outgoing, Port: 64073, Process: avastsvc.exe)2013/10/06 21:29:06 IP-BLOCK 195.59.55.138 (Type: outgoing, Port: 64074, Process: avastsvc.exe)2013/10/06 21:29:06 IP-BLOCK 195.59.55.138 (Type: outgoing, Port: 64076, Process: avastsvc.exe)2013/10/06 21:29:06 IP-BLOCK 195.59.55.138 (Type: outgoing, Port: 64077, Process: avastsvc.exe)2013/10/06 21:29:06 IP-BLOCK 195.59.55.138 (Type: outgoing, Port: 64079, Process: avastsvc.exe)2013/10/06 21:29:06 IP-BLOCK 195.59.55.138 (Type: outgoing, Port: 64080, Process: avastsvc.exe)2013/10/06 21:29:06 IP-BLOCK 195.59.55.138 (Type: outgoing, Port: 64082, Process: avastsvc.exe)2013/10/06 21:29:06 IP-BLOCK 195.59.55.138 (Type: outgoing, Port: 64083, Process: avastsvc.exe)2013/10/06 21:34:11 IP-BLOCK 195.59.55.138 (Type: outgoing, Port: 64541, Process: avastsvc.exe)2013/10/06 21:34:11 IP-BLOCK 195.59.55.138 (Type: outgoing, Port: 64542, Process: avastsvc.exe)2013/10/06 21:34:11 IP-BLOCK 195.59.55.138 (Type: outgoing, Port: 64544, Process: avastsvc.exe)2013/10/06 21:34:11 IP-BLOCK 195.59.55.138 (Type: outgoing, Port: 64545, Process: avastsvc.exe)2013/10/06 21:34:11 IP-BLOCK 195.59.55.138 (Type: outgoing, Port: 64547, Process: avastsvc.exe)2013/10/06 21:34:11 IP-BLOCK 195.59.55.138 (Type: outgoing, Port: 64548, Process: avastsvc.exe)2013/10/06 21:34:11 IP-BLOCK 195.59.55.138 (Type: outgoing, Port: 64550, Process: avastsvc.exe)2013/10/06 21:34:11 IP-BLOCK 195.59.55.138 (Type: outgoing, Port: 64551, Process: avastsvc.exe)2013/10/06 21:34:11 IP-BLOCK 195.59.55.138 (Type: outgoing, Port: 64553, Process: avastsvc.exe)2013/10/06 21:34:11 IP-BLOCK 195.59.55.138 (Type: outgoing, Port: 64554, Process: avastsvc.exe)2013/10/06 21:34:11 IP-BLOCK 195.59.55.138 (Type: outgoing, Port: 64556, Process: avastsvc.exe)2013/10/06 21:34:11 IP-BLOCK 195.59.55.138 (Type: outgoing, Port: 64557, Process: avastsvc.exe)2013/10/06 21:34:11 IP-BLOCK 195.59.55.138 (Type: outgoing, Port: 64559, Process: avastsvc.exe)2013/10/06 21:34:11 IP-BLOCK 195.59.55.138 (Type: outgoing, Port: 64560, Process: avastsvc.exe)
  22. While this hasn't been an issue in the past, recently, I'm getting multiple blocks of "potential malicious website". Additionally, many sites I know to be OK I'm unable to access. When I get the "Unable to Access Network" webpage I also get the block msg notification from the Malwarebytes tray icon. Here's the webpage error msg: Google Chrome is having trouble accessing the network. This may be because your firewall or antivirus software wrongly thinks Google Chromeis an intruder on your computer and is blocking it from connecting to the Internet.Allow Chrome to access the network in your firewall or antivirus settings.If it is already listed as a program allowed to access the network, try removing it from the list and adding it again.This is now really frustrating and while I don't wish to disable MB, I may need to.
  23. Hi, Before I start, let me apolagize in advance for my horrible English. I've intalled Malwarebyes and I'm still usign the Pro-Version Trial. I was searching the net for cmd commands, and I went to this site:http://www.techrepublic.com/blog/window-on-windows/make-the-choice-command-work-for-you-even-in-windows-7/5234 A little Windows came saying that Malwarebyes blocked a Ip. Later when I tried to go there again, it bloced a diferente Ip adress. This has happened in other websites too. What is the reason for this? Am I getting hacked, or is it something else? This is a brand new computer, with no illegal stuff downloaded( Music, Movies,etc) Can someone help me? Sorry if this topic is not in the correct place.
  24. I recently downloaded a free trial of mbam pro in order to do some cleanup on my pc. It had been a while and I knew that it was time for a virus scan. While active, mbam would display messages about blocking particular ip's which were in use by bittorrent. After my viruses had been cleared, i figured i would remove mbam and just download a standard version later. However, after removing it, I still can't download any torrents. I was wondering if there might be any residual files (registry files or something arbitrary) that might need to be deleted in order to get bittorrent working again. If there is anything you guys could suggest, please do, cuz I needs my torrentzzzz, thanks lol.
  25. Please allow me to do this. Malwarebytes often blocks a lot of websites that I use with no warning and it's quite hard to find out if it really is Malwarebytes doing it or something else because there is no alert in the browser that Malwarebytes is responsible for the page not loading. I know there is a way to right click the 'tooltip balloon' that appears when an IP is blocked but sometimes it doesn't appear. So please allow me to do it manually!
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.