Jump to content

Search the Community

Showing results for tags 'avg'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

  1. My windows 10 Microsoft Surface laptop has recently stopped working, something I suspect is caused by a virus. The other day I lent my laptop to my brother so that he could work remotely from it. He downloaded Anydesk, as well as OpenVPN (according to him, he just googled them and downloaded the first link). He was recently notified by his work that their network was infected with a virus which case from his machine. As soon as he told me this, I downloaded Avast and ran a scan, but from this point my laptop kept freezing any time I tried to install, uninstall or run any kind of antivirus software. I installed malwarebytes and had the same issue. After trying to fix it for a while, I decided to reset the pc, keeping the files. Once this completed, the laptop seemed to run better until I downloaded malwarebytes and ran a scan (with all of the advanced search settings switched on). Although it returned nothing, file explorer started opening repeatedly which I’m fairly sure was caused by the virus. Now, the laptop won’t properly boot up. Instead, it gets stuck in an ‘automatic repair’ loop. I cant continue to Windows 10, or it just switches off and goes back to the Automatic Repair screen. I also cannot reset my PC by removing everything - this simply starts loading and then returns me to the previous screen a few seconds later. Does anyone know how I might me able to fix my laptop and remove this virus? I have no issues with completely resetting the PC, as I don’t have many important documents on it. Thanks
  2. A couple days ago, Avast loaded onto my computer while I was downloading an update for CCleaner. I went to Avast support for help in removing it, as it would not allow me to do it (said I didn't have authorization). At this time, apparently a file called AvLaunch.exe also loaded. It is still there, and it is messing with my computer performance, bigtime. It's killing my battery, starting programs (like Edge) which I have repeatedly turned off, won't let me chat or communicate directly with Malwarebytes, slow load times, etc. I need help. This is further complicated by the fact that I'm currently in Central America where I can't make or receive calls - so I am depending on this forum! I can't use my phone, and I can't use MWB page to email or chat with them. Please help!
  3. Malwarebytes 3.6.1 claims that there are threats on my system, these files are 5 years old, why are they saying Trojan.Agent.Generic unless it's false-positive? And I think the .jpg files are also false-positive for RiskWare.ExtensionMismatch, as the only .jpg in the Recycle Bin were created using my Android phone.
  4. My windows pc has been infected with a virus in the folder C:\Windows\System32. my default window antivirus could not detect this virus but then i installed the free version of AVG which was able to detect this virus but every few days this virus reappears and i have to remove it again. From my research and little bit of knowledge i think this is related to some kind of cryptocurrency mining. Any guidance on this topic would be appreciated Original Filename: diskdriver.exe Type of File: Application(.exe) Description: disk io driver Location : C:\Windows\System32. size : 1.97 MB (2,069,504 bytes) size on disk: 1.97 MB (2,072,576 bytes)
  5. Hi there, I run Malwarebytes 3 on 2 computers, and also have AVG Internet Security on both computers. My AVG Internet Security is coming up for renewal. Is it safe for me to cancel my AVG renewal and just have Malwarebytes 3? Or do you recommend i have both? Regards, Tonski.
  6. I've been running AVG Internet subscription and Malearebytes Premium for some time now, but the past couple of weeks I keep getting the "Real-time protection is switched off" message. I switch it back on and it switches off again immediately. I've excluded Malwarebytes on the AVG exclusions and the AVG helpdesk has checked remotely and say everything is fine from their end. I have the latest Malwarebytes upgrade and the latest Windows too. What else can I do please?
  7. For some years I Have run AVG premium with Malwarebytes premium quite happily. The last upgrade for AVG changed that and this is addressed: However, these solutions do not work on my set=up. So I intend to unsubscribe from AVG. Out there, which AV software works well with Malwarebytes 3? Thanks!
  8. Since an AVG update a few days ago, it keeps conflicing with MBAM constantly. I did check this thread and followed the advice to check "never register in windows media center". Now both programs dont conflict with eachother, but I cant tell for sure if MBAM is active. I did download mbam-test.exe, and when I clicked on the "exploit" button It didnt open the calculator, BUT no MBAM popup showed up telling me it was blocked. Is MBAM still working even tough the notifications dont appear?
  9. Help needed, everytime I open outlook2016, I receive the below pop-up message several times... any idea of what to do? thanks in advance
  10. My Malwarebytes Premium offers an Exclusions tab. One pre-set possibility listed is my AVG updater. Apparently by default, it is not checked. I am concerned that Malwarebytes might somehow disable all or part of my updates, as it appears that AVG's automatic updates have not been occurring for months. Whenever I check the AVG updater box on the Exclusions tab, nothing like an "OK" or "Apply" button appears. If I click another tab, then return to Exclusions, the box has been unchecked. I tried using "Add exclusion" to specify it, but nothing happened. What's going on? How do I do this right?
  11. I am experiencing a AVG flagging up every morning telling me I have a Torjan Horse Generic38.AFLR Virus. I click Protect Me every time, but it comes back if I restart the system. It is telling me the virus is in C:\Users\Quadra Optiplex 360\AppData\Local\Temp\Windows5955891407008661.dll I have run the scans, attached to this log. Can someone help me please? Many Thanks Addition.txt FRST.txt Malware Scan 16.02.txt
  12. I use AVG paid for and MBAM free. All programs are the latest versions, and both have the latest databases. This morning when I logged onto my computer, to my horror, I found that AVG had popped up a dialog saying that the installer program for 7zip, 7z1604-x64.exe, harbors the Trojan horse Atros5.AYO. Check out the attached screen shot. So, I opened MBAM, updated its database, and then scanned my entire directory where I store all installer files. MBAM found no issues whatsoever. See attached screen shot. I then went to https://www.virustotal.com and uploaded 7z1604-x64.exe and forced it to re-analyse it. Virustotal likewise found nothing, including, bizarrely, its version of AVG! See attached screen shot. What are your recommendations on how I should handle this? Is AVG known for false alarms, or are they among the first to identify new threats? I note a related but distinct inquiry on this forum about 3.5 years ago:
  13. Hello there! So recently, about 3 days ago I installed a program. The program came with a suspicious "bundle" that just installed a bunch of crap onto my desktop. I knew this was not right so I deleted all the programs that came with the bundle immediately. So now for three days i've been getting pop-up ads, it is not like the usual one click ,one pop-up though. My problem is kinda similar in one way. The thing is that a new tab with advertisement (most of the time "hotchatdate.com" and "wonderlands.com") opens every 20-25 minutes . It only occurs in google chrome , I haven't tried installing Firefox or any other browser, but I have Microsoft Edge and everything seems fine over there. I should probably mention that i get popups even if i have the google web browser closed. I've tried so many antiviruses and anti-malware softwares, you cant even imagine - malwarebytes,ADWcleaner,Hitamnpro,AVG, Norton, and yes, don't even ask, I've tried the google extensions thing - nothing there at all. I've gone to control panel/uninstall a program - nothing there either. I think that I have to solve this manually. If you guys have any idea of fixing this problem, please let me know! Thanks in advance! -Alexander
  14. I am getting constant "Website Blocked" While trying to install AVG and run Windows Update. The domains are: aa.avg.com and ctldl.windowsupdate.com
  15. Hello, Today I found out my internet was not working this morning. It was working yesterday night and now it is not.I tryed Google Chorme and IE but it still did not work. I think it is a virus. Here is some info: Error code : DNS_PROBE_FINISHED_NO_INTERNET OS: Windows 8.1 Anti-virus: Vodafone and AVG (Avg stopped working when I tryed it) (Vodafone can not load) Internet: Working fine for all computers except mine. Can someone please help me, Dennis Galway
  16. Hi there, I'd like to start off saying thank you for all the help you have given me in the past via these forums Recently I have had a few trojan horse warnings popping up through AVG, all end up secured, but then ill end up getting another warning a few days later with the same thing. After removal I scan my pc like 3 times using avg and malwarebytes, but they always seem to pop up again. The weirder thing is that I have genuine Windows 7 and the disk and keys etc, but the virus keeps popping up under the name "";"Trojan horse Crypt3.BDFF, C:\ProgramData\Windows Genuine Advantage\{63C196A2-7C28-4D47-9564-BEEB0E371EF7}\api-ms-win-system-mpr-l1-1-0.dll";"Secured". Please help me get rid of this virus from popping up time and again, my system is a beast and I would hate to have it infected. I take great care of my pc, but stuff like this always ends up happening :/ oh well, thanks guys
  17. Hello! I'm concerned that my computer is infected because I am unable to open either Mallwarebytes or AVG as it is blocked by a message reading "This program is blocked by group policy. For more information, contact your system administrator." I can open the Chameleon page and have tested all the Chameleons, but to no avail. I have also tried to open them by goings through C:/ Programs etc., but opening them their only prompts the same message to come up. So, I'm not sure what to do to rid my computer of viruses, I'm currently trying to avoid turning it off for fear of this worsening the situation. What should I do? Following the advice on the 'I'm infected - What do I do now page' I downloaded Farbar Recovery Scan Tool, ran a scan and posted the FRST log as advised: Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014 01 (ATTENTION: ====> FRST version is 27 days old and could be outdated) Ran by User (administrator) on USER-PC on 09-04-2014 03:10:37 Running from C:\Users\User\Documents\Unhelpful folders folder\Downloads Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English(US) Internet Explorer Version 9 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: Download link for 64-Bit Version: Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe (Microsoft Corporation) C:\Windows\system32\SLsvc.exe (ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe (Microsoft Corporation) C:\Windows\system32\WLANExt.exe (Agere Systems) C:\Windows\system32\agrsmsvc.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (Creative Technology Ltd) C:\Program Files\Creative\Shared Files\CTDevSrv.exe (Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Toshiba Europe GmbH) C:\Program Files\Toshiba TEMPRO\TempoSVC.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation) C:\Windows\system32\TODDSrv.exe (TOSHIBA Corporation) c:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation) c:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe (Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\loggingserver.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Toshiba) C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe () C:\Program Files\AVG Secure Search\vprot.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Microsoft Corporation) C:\Windows\ehome\ehtray.exe (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\update\realsched.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgfws.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgnsx.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgrsx.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgcsrvx.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgcsrvx.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (RealNetworks, Inc.) c:\program files\real\realplayer\RealPlay.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\system32\conime.exe () C:\Users\User\Documents\Unhelpful folders folder\Downloads\RogueKiller.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [40368 2011-08-31] (Adobe Systems Incorporated) HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-03-29] (Adobe Systems Incorporated) HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2011-07-05] (Apple Inc.) HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-09-27] (Apple Inc.) HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [421736 2011-10-09] (Apple Inc.) HKLM\...\Run: [vProt] - C:\Program Files\AVG Secure Search\vprot.exe [2544664 2014-03-24] () HKLM\...\Run: [TkBellExe] - C:\Program Files\Real\RealPlayer\update\realsched.exe [296056 2012-06-03] (RealNetworks, Inc.) HKLM\...\Run: [AVG_UI] - C:\Program Files\AVG\AVG2013\avgui.exe [4411952 2014-01-21] (AVG Technologies CZ, s.r.o.) HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\avg8 <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\Malwarebytes' Anti-Malware <====== ATTENTION HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-21-1389979042-1133768856-884714788-1000\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2008-10-08] (Google Inc.) HKU\S-1-5-21-1389979042-1133768856-884714788-1000\...\Run: [GameXN GO] - C:\ProgramData\GameXN\GameXNGO.exe [347008 2011-12-08] (EasyBits Software AS) HKU\S-1-5-21-1389979042-1133768856-884714788-1000\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation) HKU\S-1-5-21-1389979042-1133768856-884714788-1000\...\Run: [LmwRbsbk] - C:\Users\User\AppData\Local\dgffqsrt\lmwrbsbk.exe HKU\S-1-5-21-1389979042-1133768856-884714788-1000\...\Run: [Radio Downloader] - C:\Program Files\Radio Downloader\Radio Downloader.exe [529816 2013-08-14] (NerdoftheHerd.com) HKU\S-1-5-21-1389979042-1133768856-884714788-1000\...\Run: [ytdoqe] - regsvr32.exe "C:\ProgramData\ytdoqe.dat" Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aljazeera.com/ HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSEE&bmod=TSEE; HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x6E28FE313719CB01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSEE&bmod=TSEE HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSEE&bmod=TSEE URLSearchHook: HKLM - ytbyclick Toolbar - {d4f1c433-f9c3-49f2-8645-37dbeca19e90} - C:\Program Files\ytbyclick\prxtbytby.dll (Conduit Ltd.) URLSearchHook: HKLM - DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) URLSearchHook: HKCU - (No Name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No File URLSearchHook: HKCU - ytbyclick Toolbar - {d4f1c433-f9c3-49f2-8645-37dbeca19e90} - C:\Program Files\ytbyclick\prxtbytby.dll (Conduit Ltd.) URLSearchHook: HKCU - DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) SearchScopes: HKLM - DefaultScope {A1F866FB-E56D-40DA-A1EB-52C2F9D2709C} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEE; SearchScopes: HKLM - {A1F866FB-E56D-40DA-A1EB-52C2F9D2709C} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEE; SearchScopes: HKCU - DefaultScope {F1701357-6328-4DEC-BF8B-D1EAD9198D38} URL = http://www.bing.com/search?q={searchTerms}&r=135 SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.delta-search.com/?q={searchTerms}&affID=119776&babsrc=SP_ss&mntrId=3a3d928b0000000000000024d28b6a10 SearchScopes: HKCU - {540AA275-401C-4578-95B1-EACEEC8B4981} URL = http://uk.search.yahoo.com/search?ei=utf-8&fr=chr-greentree_ie&type=937811&p={searchTerms} SearchScopes: HKCU - {70D46D94-BF1E-45ED-B567-48701376298E} URL = http://127.0.0.1:4664/search&s=sbGwxBTCm-p7ltCC2GJ6dF6zqkA?q={searchTerms} SearchScopes: HKCU - {76C22B23-E981-114D-ABE3-D5E4E6E9771A} URL = http://www.buzqo.com/s/?q={searchTerms}&iesrc={referrer:source?}&cfg=2-101-0-1FKqW SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={F2A0F7FF-D8FC-4BE0-8F29-C141A6634D98}&mid=c1cfb0a815697e483284d54b5e15b28f-9f850996388ec9dd76dd387ffdd0e7484d57efd8〈=us&ds=AVG&pr=pa&d=2011-12-08 13:10:41&v=15.3.0.11&pid=avg&sg=0&sap=dsp&q={searchTerms} SearchScopes: HKCU - {A1F866FB-E56D-40DA-A1EB-52C2F9D2709C} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEE_enGB348GB348 SearchScopes: HKCU - {F1701357-6328-4DEC-BF8B-D1EAD9198D38} URL = http://www.bing.com/search?q={searchTerms}&r=135 BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) BHO: AC-Pro - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files\AutocompletePro\AutocompletePro.dll (SimplyGen) BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\18.0.5.292\AVG Secure Search_toolbar.dll (AVG Secure Search) BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.) BHO: ytbyclick Toolbar - {d4f1c433-f9c3-49f2-8645-37dbeca19e90} - C:\Program Files\ytbyclick\prxtbytby.dll (Conduit Ltd.) BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File Toolbar: HKLM - ytbyclick Toolbar - {d4f1c433-f9c3-49f2-8645-37dbeca19e90} - C:\Program Files\ytbyclick\prxtbytby.dll (Conduit Ltd.) Toolbar: HKLM - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\18.0.5.292\AVG Secure Search_toolbar.dll (AVG Secure Search) Toolbar: HKLM - DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU - ytbyclick Toolbar - {D4F1C433-F9C3-49F2-8645-37DBECA19E90} - C:\Program Files\ytbyclick\prxtbytby.dll (Conduit Ltd.) Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File Toolbar: HKCU - DVDVideoSoftTB Toolbar - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.0.5\ViProtocol.dll (AVG Secure Search) Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 188.74.66.1 FireFox: ======== FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\18.0.5\\npsitesafety.dll (AVG Technologies) FF Plugin: @google.com/npPicasa2,version=2.0.0 - C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.) FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @real.com/nppl3260;version=15.0.4.53 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprjplug;version=15.0.4.53 - c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprphtml5videoshim;version=15.0.4.53 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpplugin;version=15.0.4.53 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [] FF HKLM\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\FireFoxExt\17.3.0.49 FF HKLM\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-06-03] Chrome: ======= CHR RestoreOnStartup: "sync": { "suppress_start" CHR DefaultSearchKeyword: isearch.avg.com CHR DefaultSearchProvider: AVG Secure Search CHR DefaultSearchURL: http://isearch.avg.com/search?cid={F2A0F7FF-D8FC-4BE0-8F29-C141A6634D98}&mid=c1cfb0a815697e483284d54b5e15b28f-9f850996388ec9dd76dd387ffdd0e7484d57efd8〈=us&ds=AVG&pr=pa&d=2011-12-08 13:10:41&v=15.2.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms} CHR DefaultNewTabURL: CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\33.0.1750.154\pdf.dll () CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Java Deployment Toolkit 6.0.240.7) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.) CHR Plugin: (Java Platform SE 6 U24) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.) CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll (AVG Technologies) CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) CHR Plugin: (Picasa) - C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.) CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () CHR Plugin: (RealNetworks Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) CHR Plugin: (RealPlayer HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) CHR Plugin: (RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) CHR Plugin: (RealJukebox NS Plugin) - c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) CHR Plugin: (RealPlayer Download Plugin) - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) CHR Extension: (AutocompletePro plugin for chrome) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\defdhglnppeioeflggkmglipcecffkhk [2011-05-20] CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2011-05-20] CHR Extension: (DVDVideoSoft Browser Extension) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2013-03-06] CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-31] CHR HKLM\...\Chrome\Extension: [defdhglnppeioeflggkmglipcecffkhk] - C:\Program Files\AutocompletePro\chrome\autocompleteprochrome.crx [2010-08-12] CHR HKLM\...\Chrome\Extension: [jbpkiefagocgkmemidfngdkamloieekf] - C:\Program Files\TornTV.com\torn11.crx [2010-08-12] CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2012-06-03] CHR HKLM\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\18.0.5.292\avg.crx [2014-03-24] CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Users\User\AppData\Roaming\DVDVideoSoft\DVDVideoSoftBrowserExtension.crx [2012-11-05] ========================== Services (Whitelisted) ================= R2 avgfws; C:\Program Files\AVG\AVG2013\avgfws.exe [1432080 2013-10-23] (AVG Technologies CZ, s.r.o.) R2 AVGIDSAgent; C:\Program Files\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files\AVG\AVG2013\avgwdsvc.exe [283136 2013-11-20] (AVG Technologies CZ, s.r.o.) R2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2008-04-17] (TOSHIBA CORPORATION) R2 CTDevice_Srv; C:\Program Files\Creative\Shared Files\CTDevSrv.exe [61440 2007-04-02] (Creative Technology Ltd) S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-07-02] (Google) R3 SmartFaceVWatchSrv; C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe [77824 2008-08-25] (Toshiba) R2 TempoMonitoringService; C:\Program Files\Toshiba TEMPRO\TempoSVC.exe [99720 2008-08-26] (Toshiba Europe GmbH) R2 TOSHIBA SMART Log Service; c:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [126976 2007-12-03] (TOSHIBA Corporation) R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.) R2 vToolbarUpdater18.0.5; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe [1771032 2014-03-24] (AVG Secure Search) S3 AVG Security Toolbar Service; C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe [X] S2 HitmanPro37CrusaderBoot; "D:\HitmanPro.exe" /crusader:boot [X] ==================== Drivers (Whitelisted) ==================== R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6x.sys [50296 2012-09-04] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [208184 2013-11-25] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [60216 2013-07-20] (AVG Technologies CZ, s.r.o.) R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [22328 2013-10-23] (AVG Technologies CZ, s.r.o.) R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [171320 2013-07-20] (AVG Technologies CZ, s.r.o.) R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [246072 2013-07-20] (AVG Technologies CZ, s.r.o.) R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [96568 2013-07-01] (AVG Technologies CZ, s.r.o.) R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [39224 2013-10-23] (AVG Technologies CZ, s.r.o.) R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [182072 2014-03-20] (AVG Technologies CZ, s.r.o.) R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [42272 2014-03-24] (AVG Technologies) S3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIV.sys [141408 2008-02-27] (Realtek Semiconductor Corp.) U3 TrueSight; C:\Windows\system32\TrueSight.sys [26624 2014-04-09] () R3 UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [17960 2008-07-15] (Chicony Electronics Co., Ltd.) S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] U3 mbr; \??\C:\Users\User\AppData\Local\Temp\mbr.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-09 03:09 - 2014-04-09 03:10 - 00000000 ____D () C:\FRST 2014-04-09 02:56 - 2014-04-09 02:56 - 00016117 _____ () C:\Users\User\Desktop\dds.txt 2014-04-09 02:56 - 2014-04-09 02:56 - 00010688 _____ () C:\Users\User\Desktop\attach.txt 2014-04-09 02:51 - 2014-04-09 02:51 - 00054709 _____ () C:\Users\User\Desktop\RKreport[0]_S_04092014_025116.txt 2014-04-09 02:43 - 2014-04-09 02:43 - 00026624 _____ () C:\Windows\system32\TrueSight.sys 2014-04-09 02:40 - 2014-04-09 02:51 - 00000000 ____D () C:\Users\User\Desktop\RK_Quarantine 2014-04-09 02:38 - 2014-04-09 02:38 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\User\Desktop\rkill 2 2014-04-09 02:33 - 2014-04-09 02:39 - 00003138 _____ () C:\Users\User\Desktop\Rkill.txt 2014-04-09 02:31 - 2014-04-09 02:31 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\User\Desktop\rkill 1.com 2014-04-07 19:08 - 2014-04-08 19:29 - 00213820 _____ (Microsoft Corporation) C:\ProgramData\ytdoqe.dat 2014-03-29 21:54 - 2014-03-29 21:54 - 00000000 ____D () C:\Users\User\AppData\Local\Skype 2014-03-29 21:53 - 2014-03-29 21:53 - 00001878 _____ () C:\Users\Public\Desktop\Skype.lnk 2014-03-29 21:53 - 2014-03-29 21:53 - 00000000 ___RD () C:\Program Files\Skype 2014-03-29 21:53 - 2014-03-29 21:53 - 00000000 ____D () C:\Program Files\Common Files\Skype 2014-03-24 14:59 - 2014-03-24 14:59 - 00000000 ____D () C:\ProgramData\AVG Secure Search 2014-03-20 14:50 - 2014-03-20 14:50 - 00182072 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdix.sys ==================== One Month Modified Files and Folders ======= 2014-04-09 03:11 - 2010-12-04 18:42 - 00000000 ____D () C:\ProgramData\MFAData 2014-04-09 03:10 - 2014-04-09 03:09 - 00000000 ____D () C:\FRST 2014-04-09 03:08 - 2006-11-02 13:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2014-04-09 03:08 - 2006-11-02 13:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2014-04-09 03:04 - 2011-05-20 13:09 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-04-09 02:56 - 2014-04-09 02:56 - 00016117 _____ () C:\Users\User\Desktop\dds.txt 2014-04-09 02:56 - 2014-04-09 02:56 - 00010688 _____ () C:\Users\User\Desktop\attach.txt 2014-04-09 02:51 - 2014-04-09 02:51 - 00054709 _____ () C:\Users\User\Desktop\RKreport[0]_S_04092014_025116.txt 2014-04-09 02:51 - 2014-04-09 02:40 - 00000000 ____D () C:\Users\User\Desktop\RK_Quarantine 2014-04-09 02:47 - 2013-06-05 00:40 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-04-09 02:43 - 2014-04-09 02:43 - 00026624 _____ () C:\Windows\system32\TrueSight.sys 2014-04-09 02:39 - 2014-04-09 02:33 - 00003138 _____ () C:\Users\User\Desktop\Rkill.txt 2014-04-09 02:38 - 2014-04-09 02:38 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\User\Desktop\rkill 2 2014-04-09 02:31 - 2014-04-09 02:31 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\User\Desktop\rkill 1.com 2014-04-09 00:04 - 2011-05-20 13:09 - 00000878 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-04-08 19:29 - 2014-04-07 19:08 - 00213820 _____ (Microsoft Corporation) C:\ProgramData\ytdoqe.dat 2014-04-08 19:26 - 2013-05-23 23:46 - 00000847 _____ () C:\Users\Public\Desktop\AVG 2013.lnk 2014-04-07 19:22 - 2006-11-02 11:33 - 00716862 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-04-07 19:19 - 2013-01-21 17:20 - 00000342 _____ () C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job 2014-04-07 19:19 - 2011-08-31 20:52 - 00000000 ____D () C:\ProgramData\GameXN 2014-04-07 19:19 - 2011-06-15 17:02 - 00000000 ____D () C:\Users\User\AppData\Roaming\go 2014-04-07 19:18 - 2013-06-02 23:10 - 00000350 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job 2014-04-07 19:14 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-04-07 19:12 - 2006-11-02 14:01 - 00032556 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-04-07 19:06 - 2009-10-07 11:55 - 01488017 _____ () C:\Windows\WindowsUpdate.log 2014-04-04 23:09 - 2014-02-01 23:52 - 00000000 ____D () C:\Users\User\Documents\Uni stuff 2014-04-04 19:04 - 2009-10-07 13:26 - 00002585 _____ () C:\Users\User\Desktop\Microsoft Word.lnk 2014-03-29 23:19 - 2010-03-13 11:26 - 00000000 ____D () C:\Users\User\AppData\Roaming\Skype 2014-03-29 21:54 - 2014-03-29 21:54 - 00000000 ____D () C:\Users\User\AppData\Local\Skype 2014-03-29 21:53 - 2014-03-29 21:53 - 00001878 _____ () C:\Users\Public\Desktop\Skype.lnk 2014-03-29 21:53 - 2014-03-29 21:53 - 00000000 ___RD () C:\Program Files\Skype 2014-03-29 21:53 - 2014-03-29 21:53 - 00000000 ____D () C:\Program Files\Common Files\Skype 2014-03-29 21:53 - 2010-03-13 11:25 - 00000000 ____D () C:\ProgramData\Skype 2014-03-28 14:58 - 2010-05-16 09:48 - 00006944 _____ () C:\Users\User\AppData\Local\d3d9caps.dat 2014-03-27 00:59 - 2011-04-25 19:57 - 00000000 ____D () C:\Users\User\AppData\Local\Audible 2014-03-25 03:10 - 2006-11-02 13:52 - 00049565 _____ () C:\Windows\setupact.log 2014-03-24 19:00 - 2012-06-14 15:12 - 00000000 ____D () C:\Users\User\AppData\Local\AVG Secure Search 2014-03-24 14:59 - 2014-03-24 14:59 - 00000000 ____D () C:\ProgramData\AVG Secure Search 2014-03-24 14:59 - 2012-11-08 20:39 - 00042272 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx86.sys 2014-03-24 14:59 - 2011-12-08 14:10 - 00000000 ____D () C:\Program Files\AVG Secure Search 2014-03-23 16:54 - 2014-02-05 01:26 - 00000000 ____D () C:\Users\User\Documents\Audible 2014-03-20 14:50 - 2014-03-20 14:50 - 00182072 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdix.sys 2014-03-15 23:52 - 2011-05-20 13:10 - 00001976 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-03-11 19:47 - 2012-06-24 23:24 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-03-11 19:47 - 2011-08-08 13:39 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl Files to move or delete: ==================== C:\ProgramData\ytdoqe.dat C:\Users\User\esrkmqfufqdhotyvklpy.exe C:\Users\User\jagex_cl_oldschool_LIVE.dat C:\Users\User\jagex_cl_runescape_LIVE.dat C:\Users\User\jagex_cl_runescape_LIVE1.dat C:\Users\User\random.dat Some content of TEMP: ==================== C:\Users\User\AppData\Local\Temp\0.8066576723151895.exe C:\Users\User\AppData\Local\Temp\AdobeUpdater12345.exe C:\Users\User\AppData\Local\Temp\binkw32.dll C:\Users\User\AppData\Local\Temp\d2l_Install.exe C:\Users\User\AppData\Local\Temp\d2l_PlayD2.exe C:\Users\User\AppData\Local\Temp\drm_dialogs.dll C:\Users\User\AppData\Local\Temp\drm_dyndata_7350008.dll C:\Users\User\AppData\Local\Temp\EBU3C8C.exe C:\Users\User\AppData\Local\Temp\EBU4106.exe C:\Users\User\AppData\Local\Temp\EBU4930.DLL C:\Users\User\AppData\Local\Temp\EBU54DD.DLL C:\Users\User\AppData\Local\Temp\EBU8200.exe C:\Users\User\AppData\Local\Temp\EBU9448.DLL C:\Users\User\AppData\Local\Temp\EBUCC2A.exe C:\Users\User\AppData\Local\Temp\EBUCE7A.DLL C:\Users\User\AppData\Local\Temp\EBUE6D5.exe C:\Users\User\AppData\Local\Temp\EBUF7E5.DLL C:\Users\User\AppData\Local\Temp\FlashPlayerUpdate.exe C:\Users\User\AppData\Local\Temp\Get a FREE audiobook!.exe C:\Users\User\AppData\Local\Temp\GoogleChromeInstaller.exe C:\Users\User\AppData\Local\Temp\ICReinstall_FLVPlayerSetup.exe C:\Users\User\AppData\Local\Temp\Impressioner.exe C:\Users\User\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe C:\Users\User\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe C:\Users\User\AppData\Local\Temp\MSNC44D.exe C:\Users\User\AppData\Local\Temp\ntdll_dump.dll C:\Users\User\AppData\Local\Temp\Refresh.exe C:\Users\User\AppData\Local\Temp\SearchWithGoogleUpdate.exe C:\Users\User\AppData\Local\Temp\SkypeSetup.exe C:\Users\User\AppData\Local\Temp\System.Data.SQLite.dll C:\Users\User\AppData\Local\Temp\uninst1.exe C:\Users\User\AppData\Local\Temp\_is2BD5.exe C:\Users\User\AppData\Local\Temp\_is3E18.exe C:\Users\User\AppData\Local\Temp\_is4C99.exe C:\Users\User\AppData\Local\Temp\_is6CA6.exe C:\Users\User\AppData\Local\Temp\_is76E3.exe C:\Users\User\AppData\Local\Temp\_is8CD5.exe C:\Users\User\AppData\Local\Temp\_is8DEE.exe C:\Users\User\AppData\Local\Temp\_isA497.exe C:\Users\User\AppData\Local\Temp\_isAB80.exe C:\Users\User\AppData\Local\Temp\_isADA.exe C:\Users\User\AppData\Local\Temp\_isBB36.exe C:\Users\User\AppData\Local\Temp\_isCB0A.exe C:\Users\User\AppData\Local\Temp\_isE831.exe C:\Users\User\AppData\Local\Temp\_isF42D.exe C:\Users\User\AppData\Local\Temp\_isFF17.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\system32\winlogon.exe => MD5 is legit C:\Windows\system32\wininit.exe => MD5 is legit C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\services.exe => MD5 is legit C:\Windows\system32\User32.dll => MD5 is legit C:\Windows\system32\userinit.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-04-07 19:24 ==================== End Of Log ============================ Along with the Addition log: Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-03-2014 01 Ran by User at 2014-04-09 03:12:46 Running from C:\Users\User\Documents\Unhelpful folders folder\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: AVG Internet Security 2011 (Enabled - Up to date) {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} AS: AVG Internet Security 2011 (Enabled - Up to date) {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: AVG Firewall (Enabled) {621CC794-9486-F902-D092-0484E8EA828B} ==================== Installed Programs ====================== Adobe AIR (HKLM\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated) Adobe AIR (Version: 4.0.0.1390 - Adobe Systems Incorporated) Hidden Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated) Adobe Reader 8.2.6 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A82000000003}) (Version: 8.2.6 - Adobe Systems Incorporated) Adobe Reader 8.3.1 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A83000000003}) (Version: 8.3.1 - Adobe Systems Incorporated) Age of Empires III Trial (HKLM\...\InstallShield_{25B25C84-6132-4662-972B-4E4DC1B00C98}) (Version: 1.00.0000 - Microsoft Game Studios) Age of Empires III Trial (Version: 1.00.0000 - Microsoft Game Studios) Hidden Age of Empires Online (HKLM\...\GFWL_{4D530FA3-9B89-4186-98B7-F51000008100}) (Version: 1.0.0000.129 - Microsoft Studios) Age of Empires Online (Version: 1.0.0000.129 - Microsoft Studios) Hidden Age of Mythology - The Titans Expansion (HKLM\...\Age of Mythology Expansion Pack 1.0) (Version: - ) Amazon Kindle (HKLM\...\Amazon Kindle) (Version: - Amazon) Apple Application Support (HKLM\...\{A83279FD-CA4B-4206-9535-90974DE76654}) (Version: 2.1.5 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}) (Version: 4.0.0.96 - Apple Inc.) Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Atheros Driver Installation Program (HKLM\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 5.2 - Atheros) Atheros Wi-Fi Protected Setup Library (HKLM\...\{B0BCDCBD-863D-4CAB-BF68-8D1F6B1BDC13}) (Version: - Atheros) ATI Catalyst Install Manager (HKLM\...\{A7F27ADB-3C56-0F2B-6B4B-0B8E02A49186}) (Version: 3.0.664.0 - ATI Technologies, Inc.) Audible Download Manager (HKLM\...\AudibleDownloadManager) (Version: 6.6.0.15 - Audible, Inc.) AudibleManager (HKLM\...\AudibleManager) (Version: 71233830.-2.2007592998.2007592012 - Audible, Inc.) AutocompletePro (HKLM\...\AutocompletePro3_is1) (Version: - ) <==== ATTENTION AVG 2013 (HKLM\...\AVG) (Version: 2013.0.3466 - AVG Technologies) AVG 2013 (Version: 13.0.3466 - AVG Technologies) Hidden AVG 2013 (Version: 13.0.3722 - AVG Technologies) Hidden AVG Security Toolbar (HKLM\...\AVG Secure Search) (Version: 18.0.5.292 - AVG Technologies) BBC iPlayer Desktop (HKLM\...\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1) (Version: 3.2.13 - British Broadcasting Corp.) BBC iPlayer Desktop (Version: 3.2.13 - British Broadcasting Corp.) Hidden Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.) Camera Assistant Software for Toshiba (HKLM\...\{37C866E4-AA67-4725-9E95-A39968DD7960}) (Version: 1.7.231.1126L - Chicony Electronics Co.,Ltd.) Catalyst Control Center - Branding (HKLM\...\{69E5255D-9D43-4CFF-8984-843ABD7753B7}) (Version: 1.00.0000 - ATI) Catalyst Control Center Core Implementation (Version: 2008.0422.2139.36895 - ATI) Hidden Catalyst Control Center Graphics Full Existing (Version: 2008.0422.2139.36895 - ATI) Hidden Catalyst Control Center Graphics Full New (Version: 2008.0422.2139.36895 - ATI) Hidden Catalyst Control Center Graphics Light (Version: 2008.0422.2139.36895 - ATI) Hidden Catalyst Control Center Graphics Previews Vista (Version: 2008.0422.2139.36895 - ATI) Hidden Catalyst Control Center Localization Chinese Standard (Version: 2008.0422.2139.36895 - ATI) Hidden Catalyst Control Center Localization Chinese Traditional (Version: 2008.0422.2139.36895 - ATI) Hidden Catalyst Control Center Localization Czech (Version: 2008.0422.2139.36895 - ATI) Hidden Catalyst Control Center Localization Danish (Version: 2008.0422.2139.36895 - ATI) Hidden Catalyst Control Center Localization Dutch (Version: 2008.0422.2139.36895 - ATI) Hidden Catalyst Control Center Localization Finnish (Version: 2008.0422.2139.36895 - ATI) Hidden Catalyst Control Center Localization French (Version: 2008.0422.2139.36895 - ATI) Hidden Catalyst Control Center Localization German (Version: 2008.0422.2139.36895 - ATI) Hidden Catalyst Control Center Localization Greek (Version: 2008.0422.2139.36895 - ATI) Hidden Catalyst Control Center Localization Hungarian (Version: 2008.0422.2139.36895 - ATI) Hidden Catalyst Control Center Localization Italian (Version: 2008.0422.2139.36895 - ATI) Hidden Catalyst Control Center Localization Japanese (Version: 2008.0422.2139.36895 - ATI) Hidden Catalyst Control Center Localization Korean (Version: 2008.0422.2139.36895 - ATI) Hidden Catalyst Control Center Localization Norwegian (Version: 2008.0422.2139.36895 - ATI) Hidden Catalyst Control Center Localization Polish (Version: 2008.0422.2139.36895 - ATI) Hidden Catalyst Control Center Localization Portuguese (Version: 2008.0422.2139.36895 - ATI) Hidden Catalyst Control Center Localization Russian (Version: 2008.0422.2139.36895 - ATI) Hidden Catalyst Control Center Localization Spanish (Version: 2008.0422.2139.36895 - ATI) Hidden Catalyst Control Center Localization Swedish (Version: 2008.0422.2139.36895 - ATI) Hidden Catalyst Control Center Localization Thai (Version: 2008.0422.2139.36895 - ATI) Hidden Catalyst Control Center Localization Turkish (Version: 2008.0422.2139.36895 - ATI) Hidden CCC Help Chinese Standard (Version: 2008.0422.2138.36895 - ATI) Hidden CCC Help Chinese Traditional (Version: 2008.0422.2138.36895 - ATI) Hidden CCC Help Czech (Version: 2008.0422.2138.36895 - ATI) Hidden CCC Help Danish (Version: 2008.0422.2138.36895 - ATI) Hidden CCC Help Dutch (Version: 2008.0422.2138.36895 - ATI) Hidden CCC Help English (Version: 2008.0422.2138.36895 - ATI) Hidden CCC Help Finnish (Version: 2008.0422.2138.36895 - ATI) Hidden CCC Help French (Version: 2008.0422.2138.36895 - ATI) Hidden CCC Help German (Version: 2008.0422.2138.36895 - ATI) Hidden CCC Help Greek (Version: 2008.0422.2138.36895 - ATI) Hidden CCC Help Hungarian (Version: 2008.0422.2138.36895 - ATI) Hidden CCC Help Italian (Version: 2008.0422.2138.36895 - ATI) Hidden CCC Help Japanese (Version: 2008.0422.2138.36895 - ATI) Hidden CCC Help Korean (Version: 2008.0422.2138.36895 - ATI) Hidden CCC Help Norwegian (Version: 2008.0422.2138.36895 - ATI) Hidden CCC Help Polish (Version: 2008.0422.2138.36895 - ATI) Hidden CCC Help Portuguese (Version: 2008.0422.2138.36895 - ATI) Hidden CCC Help Russian (Version: 2008.0422.2138.36895 - ATI) Hidden CCC Help Spanish (Version: 2008.0422.2138.36895 - ATI) Hidden CCC Help Swedish (Version: 2008.0422.2138.36895 - ATI) Hidden CCC Help Thai (Version: 2008.0422.2138.36895 - ATI) Hidden CCC Help Turkish (Version: 2008.0422.2138.36895 - ATI) Hidden ccc-core-static (Version: 2008.0422.2139.36895 - ATI) Hidden ccc-utility (Version: 2008.0422.2139.36895 - ATI) Hidden CD/DVD Drive Acoustic Silencer (HKLM\...\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}) (Version: 2.02.03 - TOSHIBA) Claro ScreenMarker Demo (HKLM\...\{3A21D5B5-61AC-45D9-BAE4-ABB173093AFF}) (Version: 0.1.0 - Claro Software) ClaroCapture Demo (HKLM\...\{13CD2F65-570C-4432-95C8-B14AC03E185D}) (Version: 0.3.19 - Claro Software) ClaroIdeas Demo (HKLM\...\{3498B8DC-2420-4F21-A1EB-D2C6B66C95FE}) (Version: 0.1.0 - Claro Software) ClaroRead Pro Demo (HKLM\...\{535EA451-8C9E-4623-8B9C-D7A5A1839E84}) (Version: 0.2.7 - Claro Software) ClaroView (HKLM\...\{9B6C07A3-EC52-4399-94B2-5FC72AAB92CB}) (Version: 0.0.12 - Claro Software) Creative Centrale (HKLM\...\Creative Centrale) (Version: - Creative Technology Ltd.) Creative Centrale (Version: 1.02.04 - Creative Technology Ltd.) Hidden Creative Removable Disk Manager (HKLM\...\Creative Removable Disk Manager) (Version: - ) Creative Software Update (Version: 1.00.14 - Creative Technology Ltd.) Hidden Creative ZEN Mozaic User's Guide (HKLM\...\ZENMozaicUG) (Version: - Creative Technology Ltd.) D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden Diablo II (HKCU\...\Diablo II) (Version: - ) Diablo II (HKLM\...\Diablo II) (Version: - ) DVD MovieFactory for TOSHIBA (HKLM\...\{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}) (Version: 5.51 - Ulead Systems, Inc.) DVDVideoSoftTB Toolbar (HKLM\...\DVDVideoSoftTB Toolbar) (Version: 6.8.10.403 - DVDVideoSoftTB) Free YouTube Downloader 1.0 (HKLM\...\{A7E19604-93AF-4611-8C9F-CE509C2B286F}_is1) (Version: - HOW Inc.) Free YouTube to MP3 Converter version 3.11.35.1031 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: 3.11.35.1031 - DVDVideoSoft Ltd.) GameXN GO (HKCU\...\Game Organizer) (Version: - GameXN AS) Google Chrome (HKLM\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.) Google Desktop (HKLM\...\Google Desktop) (Version: 5.9.1005.12335 - Google) Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: - Google Inc.) Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (Version: 1.3.23.9 - Google Inc.) Hidden ImageMixer 3 SE Ver.4 Transfer Utility (HKLM\...\{CAE4E520-4695-4A96-8661-B62FA5FB669E}) (Version: 3.03.005 - PIXELA) Impossible Creatures (HKLM\...\Impossible Creatures 1.0) (Version: - ) iTunes (HKLM\...\{29ED20C9-5E15-4969-9279-25BF3727A3DA}) (Version: 10.5.0.142 - Apple Inc.) Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle) Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden Java 6 Update 24 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216022FF}) (Version: 6.0.240 - Oracle) Java 6 Update 3 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160030}) (Version: 1.6.0.30 - Sun Microsystems, Inc.) Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation) Medieval II Total War (HKLM\...\{C0698BDA-0D29-40EE-8570-A31106DF9AB1}) (Version: 1.03.000 - SEGA) Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - ) Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden Microsoft .NET Framework 1.1 Security Update (KB2656370) (HKLM\...\M2656370) (Version: - ) Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version: - ) Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation) Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft Age of Empires II Trial Version (HKLM\...\Age of Empires II Trial) (Version: - ) Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden Microsoft Games for Windows - LIVE Redistributable (HKLM\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation) Microsoft Games for Windows Marketplace (HKLM\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation) Microsoft Office 2000 SR-1 Disc 2 (HKLM\...\{00040409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.3821 - Microsoft Corporation) Microsoft Office 2000 SR-1 Professional (HKLM\...\{00010409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.3821 - Microsoft Corporation) Microsoft Search Enhancement Pack (HKLM\...\{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}) (Version: 3.0.133.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.1.10329.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual J# .NET Redistributable Package 1.1 (HKLM\...\{1A655D51-1423-48A3-B748-8F5A0BE294C8}) (Version: 1.1.4322 - Microsoft) Microsoft XML Parser (Version: 8.20.8730.4 - Microsoft Corporation) Hidden MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation) MSXML4 Parser (HKLM\...\{01501EBA-EC35-4F9F-8889-3BE346E5DA13}) (Version: 1.0.0 - Microsoft Game Studios) Music Transfer Utility Ver.1 (HKLM\...\{9E520B22-546E-4AD3-8958-7D1EB8587AB1}) (Version: 1.00.005 - PIXELA) myphotobook 3.6 (HKLM\...\myphotobook) (Version: 3.6 - myphotobook) NaturalReaderFree (HKLM\...\{C5E7BF75-007E-44AD-8962-627ED44CB63B}) (Version: 11.9 - NaturalSoft) OverDrive Media Console (HKLM\...\{D07205E7-F6D3-4333-AFCC-782A07685B72}) (Version: 3.2.20 - OverDrive, Inc.) Picasa 2 (HKLM\...\Picasa2) (Version: 2.0 - Google, Inc.) QuickTime (HKLM\...\{C9E14402-3631-4182-B377-6B0DFB1C0339}) (Version: 7.70.80.34 - Apple Inc.) Radio Downloader (HKLM\...\{812EF122-4695-42B6-9BD5-FFC6B7F591CB}) (Version: 0.28.0.0 - NerdoftheHerd.com) RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden RealPlayer (HKLM\...\RealPlayer 15.0) (Version: 15.0.4 - RealNetworks) Realtek 8169 8168 8101E 8102E Ethernet Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek) Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5599 - Realtek Semiconductor Corp.) Realtek USB 2.0 Card Reader (HKLM\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version: - Realtek Semiconductor Corp.) RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden ScreenRuler Demo (HKLM\...\{95470521-77FD-4825-87D8-0A4A99D6DF76}) (Version: 0.3.5 - Claro Software) Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden Skins (Version: 2008.0422.2139.36895 - ATI) Hidden Skype™ 6.14 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.) Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 10.1.8.0 - Synaptics) The Elder Scrolls V: Skyrim (HKLM\...\Steam App 72850) (Version: - Bethesda Game Studios) TOSHIBA Assist (HKLM\...\{12B3A009-A080-4619-9A2A-C6DB151D8D67}) (Version: 2.01.04 - TOSHIBA) TOSHIBA ConfigFree (HKLM\...\{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}) (Version: 7.2.13 - TOSHIBA Corporation) TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.0.1.3 - TOSHIBA Corporation) TOSHIBA DVD PLAYER (HKLM\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 1.30.12 - TOSHIBA Corporation) TOSHIBA Extended Tiles for Windows Mobility Center (HKLM\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version: 1.01.00 - TOSHIBA Corporation) TOSHIBA Extended Tiles for Windows Mobility Center (Version: 1.01.00 - TOSHIBA Corporation) Hidden TOSHIBA Face Recognition (HKLM\...\InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}) (Version: 2.0.17.32 - TOSHIBA) TOSHIBA Face Recognition (Version: 2.0.17.32 - TOSHIBA) Hidden TOSHIBA Hardware Setup (HKLM\...\{2883F6F5-0509-43F3-868C-D50330DD9DD3}) (Version: 2.00.08 - ) TOSHIBA Manuals (HKLM\...\{E7271ABF-69D3-4E9D-AA0A-2DE34C10A93D}) (Version: 7.40 - TOSHIBA) Toshiba Online Product Information (HKLM\...\{2290A680-4083-410A-ADCC-7092C67FC052}) (Version: 1.00.0012 - TOSHIBA) TOSHIBA Recovery Disc Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.0.0.1b - TOSHIBA Corporation) TOSHIBA Software Modem (HKLM\...\TOSHIBA Software Modem) (Version: 2.1.77 (SM2177ALD04) - Agere Systems) TOSHIBA Supervisor Password (HKLM\...\{4B1E87C3-00DE-4898-8E39-E390AAEF2391}) (Version: 2.00.04 - ) Toshiba TEMPRO (HKLM\...\{03FAA727-E2B7-471C-AC41-2E1C7F29C7EA}) (Version: 1.2 - Toshiba Europe GmbH) TOSHIBA Value Added Package (HKLM\...\InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}) (Version: 1.1.19 - TOSHIBA Corporation) TOSHIBA Value Added Package (Version: 1.1.19 - TOSHIBA Corporation) Hidden TRDCReminder (HKLM\...\InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}) (Version: 1.00.0015 - TOSHIBA) TRDCReminder (Version: 1.00.0015 - TOSHIBA) Hidden TRORDCLauncher (HKLM\...\InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}) (Version: 1.0.0.1 - TOSHIBA) TRORDCLauncher (Version: 1.0.0.1 - TOSHIBA) Hidden Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2468871) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2533523) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2600217) (Version: 1 - Microsoft Corporation) Vocalizer Daniel Demo from Claro Software (HKLM\...\{3FAAF8CC-2B4B-45A0-8673-6987CB57AC6C}) (Version: 0.1.2.1 - Claro Software) Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation) Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Family Safety (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Mail (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Messenger (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live PIMT Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Sync (HKLM\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation) Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Writer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Writer Resources (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Media Encoder 9 Series (HKLM\...\Windows Media Encoder 9) (Version: - ) Windows Media Encoder 9 Series (Version: 9.00.3374 - Microsoft Corporation) Hidden ytbyclick Toolbar (HKLM\...\ytbyclick Toolbar) (Version: 6.7.0.6 - ytbyclick) ==================== Restore Points ========================= 24-03-2014 05:27:27 Scheduled Checkpoint 25-03-2014 01:12:03 Scheduled Checkpoint 26-03-2014 13:43:51 Scheduled Checkpoint 29-03-2014 05:18:41 Scheduled Checkpoint 02-04-2014 07:52:19 Scheduled Checkpoint 03-04-2014 02:17:44 Scheduled Checkpoint 04-04-2014 03:54:40 Scheduled Checkpoint 05-04-2014 13:08:04 Scheduled Checkpoint 06-04-2014 01:32:10 Scheduled Checkpoint 07-04-2014 17:26:48 Scheduled Checkpoint ==================== Hosts content: ========================== 2006-11-02 11:23 - 2006-09-18 22:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ::1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM Task: {2B47239D-A69C-45A4-9C4B-B393A2329494} - System32\Tasks\RealCreateProcessScheduledTask95094995S-1-5-21-1389979042-1133768856-884714788-1000 => c:\program files\real\realplayer\update\realsched.exe [2012-06-03] (RealNetworks, Inc.) Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI Task: {34D0C20E-3EFB-46B2-B790-196334429A4D} - System32\Tasks\{E3BE9668-EAE2-4619-96ED-0303080279C1} => Iexplore.exe http://ui.skype.com/ui/0/6.9.0.106/en/abandoninstall?page=tsProgressBar Task: {36CD591D-F5B1-4A2A-9B3E-EF7434DF7502} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1389979042-1133768856-884714788-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2012-04-30] (RealNetworks, Inc.) Task: {3A0B67B8-AEEE-49ED-AC56-C67D1FAA3574} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{42A9BD99-D9AC-4121-BC86-DE629C13D16A}.exe Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation) Task: {6565B71B-B24F-4D4D-86CB-595CD64487F8} - System32\Tasks\ROC_JAN2013_TB_rmv => C:\Program Files\AVG Secure Search\PostInstall\ROC.exe [2013-01-31] () Task: {6E7A2C0F-560F-4492-B6C9-6BEEBACB0447} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation) Task: {702E20B1-5E8E-453E-A1A5-13B189515CAF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-05-20] (Google Inc.) Task: {AD5080E6-CE8F-40A1-BE17-09BC93F154CC} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1389979042-1133768856-884714788-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2012-04-30] (RealNetworks, Inc.) Task: {C5B8A959-C920-47EE-90C9-181A03544905} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-11] (Adobe Systems Incorporated) Task: {CF071282-A7E2-43F0-9998-437C5559BEFB} - System32\Tasks\4596 => Wscript.exe C:\Users\User\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION Task: {D6ADE738-04AB-4BDF-9065-CC13E7F84625} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] () Task: {E58301C2-8E52-485B-8D54-5ED513829C35} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-05-20] (Google Inc.) Task: {E66B41EE-68E4-4FA7-9A93-EB9731022B00} - System32\Tasks\{1EA5384E-6D5A-4C09-9453-696D79AEED5E} => C:\Program Files\Skype\Phone\Skype.exe [2014-02-10] (Skype Technologies S.A.) Task: {FBC15712-CCA6-464F-BD8B-1FF1D2FE251B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{42A9BD99-D9AC-4121-BC86-DE629C13D16A}.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job => C:\Program Files\AVG Secure Search\PostInstall\ROC.exe ==================== Loaded Modules (whitelisted) ============= 2011-09-27 07:23 - 2011-09-27 07:23 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2011-09-27 07:22 - 2011-09-27 07:22 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2014-03-24 14:59 - 2014-03-24 14:59 - 00159768 _____ () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\loggingserver.exe 2014-03-24 14:59 - 2014-03-24 14:59 - 00519704 _____ () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\log4cplusU.dll 2008-08-22 20:07 - 2008-08-22 20:07 - 00126976 _____ () C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVCtrl.dll 2008-08-22 20:07 - 2008-08-22 20:07 - 06701056 _____ () C:\Program Files\TOSHIBA\SmartFaceV\FaceHI.dll 2008-08-22 20:07 - 2008-08-22 20:07 - 00995328 _____ () C:\Program Files\TOSHIBA\SmartFaceV\FaceRec.dll 2008-10-08 10:24 - 2008-04-22 21:05 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll 2008-02-04 13:29 - 2008-02-04 13:29 - 00688128 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll 2011-12-08 14:10 - 2014-03-24 14:59 - 02544664 _____ () C:\Program Files\AVG Secure Search\vprot.exe 2007-01-13 03:01 - 2007-01-13 03:01 - 00397312 ____R () C:\Program Files\Adobe\Reader 8.0\Reader\cryptocme2.dll 2007-01-13 03:01 - 2007-01-13 03:01 - 00475136 ____R () C:\Program Files\Adobe\Reader 8.0\Reader\ccme_base.dll 2014-03-15 23:51 - 2014-03-15 01:50 - 00051016 _____ () C:\Program Files\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll 2014-03-15 23:51 - 2014-03-15 01:50 - 04061000 _____ () C:\Program Files\Google\Chrome\Application\33.0.1750.154\pdf.dll 2014-03-15 23:51 - 2014-03-15 01:50 - 00394568 _____ () C:\Program Files\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll 2014-03-15 23:51 - 2014-03-15 01:50 - 01647432 _____ () C:\Program Files\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll 2014-01-19 02:48 - 2014-01-19 02:48 - 04591616 _____ () C:\Users\User\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.5.0\libglesv2.dll 2014-01-19 02:48 - 2014-01-19 02:48 - 00112128 _____ () C:\Users\User\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.5.0\libegl.dll 2014-04-09 02:40 - 2014-04-09 02:40 - 03972608 _____ () C:\Users\User\Documents\Unhelpful folders folder\Downloads\RogueKiller.exe ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== ==================== Disabled items from MSCONFIG ============== MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Audible Download Manager.lnk => C:\Windows\pss\Audible Download Manager.lnk.CommonStartup MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk => C:\Windows\pss\Microsoft Office.lnk.CommonStartup MSCONFIG\startupfolder: C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^BBC iPlayer Desktop.lnk => C:\Windows\pss\BBC iPlayer Desktop.lnk.Startup MSCONFIG\startupreg: 00TCrdMain => %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" MSCONFIG\startupreg: AVG_TRAY => C:\Program Files\AVG\AVG10\avgtray.exe MSCONFIG\startupreg: Camera Assistant Software => "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start MSCONFIG\startupreg: cfFncEnabler.exe => cfFncEnabler.exe MSCONFIG\startupreg: ehTray.exe => C:\Windows\ehome\ehTray.exe MSCONFIG\startupreg: Google Desktop Search => "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup MSCONFIG\startupreg: jswtrayutil => "C:\Program Files\Jumpstart\jswtrayutil.exe" MSCONFIG\startupreg: NDSTray.exe => NDSTray.exe MSCONFIG\startupreg: NetFxUpdate_v1.1.4322 => "C:\Windows\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe" 1 v1.1.4322 GAC + NI NID MSCONFIG\startupreg: RtHDVCpl => RtHDVCpl.exe MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized MSCONFIG\startupreg: Skytel => Skytel.exe MSCONFIG\startupreg: SmoothView => %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe MSCONFIG\startupreg: SoftAuto.exe => "C:\Program Files\Creative\Software Update 3\SoftAuto.exe" MSCONFIG\startupreg: StartCCC => "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe" MSCONFIG\startupreg: swg => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" MSCONFIG\startupreg: SynTPEnh => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe MSCONFIG\startupreg: TkBellExe => "c:\program files\real\realplayer\Update\realsched.exe" -osboot MSCONFIG\startupreg: topi => C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup MSCONFIG\startupreg: TOSCDSPD => TOSCDSPD.EXE MSCONFIG\startupreg: Toshiba Registration => C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe MSCONFIG\startupreg: Toshiba TEMPO => C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe MSCONFIG\startupreg: TPwrMain => %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide MSCONFIG\startupreg: WMPNSCFG => C:\Program Files\Windows Media Player\WMPNSCFG.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (04/09/2014 00:23:11 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 1763 Error: (04/09/2014 00:23:11 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 1763 Error: (04/09/2014 00:23:11 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (04/08/2014 07:50:14 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 4618 Error: (04/08/2014 07:50:14 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 4618 Error: (04/08/2014 07:50:14 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (04/08/2014 07:50:13 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 3619 Error: (04/08/2014 07:50:13 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 3619 Error: (04/08/2014 07:50:13 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (04/08/2014 07:50:12 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 2481 System errors: ============= Error: (04/07/2014 07:22:01 PM) (Source: Service Control Manager) (User: ) Description: Windows Search%%1053 Error: (04/07/2014 07:22:01 PM) (Source: Service Control Manager) (User: ) Description: 30000Windows Search Error: (04/07/2014 07:22:01 PM) (Source: DCOM) (User: ) Description: 1053WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} Error: (04/07/2014 07:15:22 PM) (Source: Service Control Manager) (User: ) Description: Computer Browser%%1060 Error: (04/07/2014 07:15:22 PM) (Source: Service Control Manager) (User: ) Description: HitmanPro 3.7 Crusader (Boot)%%3 Error: (04/07/2014 07:12:35 PM) (Source: Service Control Manager) (User: ) Description: ScRegSetValueExWFailureActions%%5 Error: (04/07/2014 02:30:22 AM) (Source: Service Control Manager) (User: ) Description: Computer Browser%%1060 Error: (04/07/2014 02:30:22 AM) (Source: Service Control Manager) (User: ) Description: HitmanPro 3.7 Crusader (Boot)%%3 Error: (04/07/2014 02:29:00 AM) (Source: EventLog) (User: ) Description: The previous system shutdown at 02:24:30 on 07/04/2014 was unexpected. Error: (04/06/2014 08:01:17 PM) (Source: Service Control Manager) (User: ) Description: Computer Browser%%1060 Microsoft Office Sessions: ========================= Error: (04/09/2014 00:23:11 AM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 1763 Error: (04/09/2014 00:23:11 AM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledEvent 1763 Error: (04/09/2014 00:23:11 AM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (04/08/2014 07:50:14 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 4618 Error: (04/08/2014 07:50:14 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledEvent 4618 Error: (04/08/2014 07:50:14 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (04/08/2014 07:50:13 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 3619 Error: (04/08/2014 07:50:13 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledEvent 3619 Error: (04/08/2014 07:50:13 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (04/08/2014 07:50:12 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 2481 CodeIntegrity Errors: =================================== Date: 2014-04-09 03:11:12.321 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system. Date: 2014-04-09 03:11:11.320 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system. Date: 2014-04-09 03:11:10.303 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system. Date: 2014-04-09 03:11:09.313 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system. Date: 2014-04-09 03:11:08.157 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system. Date: 2014-04-09 03:11:07.226 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system. Date: 2014-04-09 03:11:06.224 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system. Date: 2014-04-09 03:11:05.218 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system. Date: 2014-04-08 19:26:25.574 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\AVG\AVG2013\Drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system. Date: 2014-04-08 19:26:24.624 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\AVG\AVG2013\Drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Percentage of memory in use: 70% Total physical RAM: 2813.1 MB Available physical RAM: 825.53 MB Total Pagefile: 5852.72 MB Available Pagefile: 2670.17 MB Total Virtual: 2047.88 MB Available Virtual: 1901.63 MB ==================== Drives ================================ Drive c: (Vista) (Fixed) (Total:116.29 GB) (Free:21.14 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive e: (Data) (Fixed) (Total:115.13 GB) (Free:83.05 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 233 GB) (Disk ID: 1CFF666E) Partition 1: (Not Active) - (Size=1 GB) - (Type=27) Partition 2: (Active) - (Size=116 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=115 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Any help would be hugely appreciated! Many thanks in advance!
  18. Hello! I'm concerned that my computer is infected because I am unable to open either Mallwarebytes or AVG as it is blocked by a message reading "This program is blocked by group policy. For more information, contact your system administrator." I can open the Chameleon page and have tested all the Chameleons, but to no avail. I have also tried to open them by goings through C:/ Programs etc., but opening them their only prompts the same message to come up. So, I'm not sure what to do to rid my computer of viruses, I'm currently trying to avoid turning it off for fear of this worsening the situation. What should I do? Any help would be hugely appreciated! Many thanks in advance!
  19. Hi folks, Was surprised to discover that AVG toolbar was acting as malware and making my laptop not shut down/ boot/ recover from sleep. Windows 8 forum gave steps to fixing problem beginning with removing AVG. However, I have been failing to remove the AVG toolbar. When I uninstall AVG 2014, it fails with a prompt saying 'could not uninstall toolbar.' Attempting to uninstall the toolbar itself results in a message saying 'please wait until current program has finished uninstalling or being changed' but there is no activity. The toolbar itself is not visible as an extension in google chrome. I used AVG Browser Configuration tool but that has not done anything either. My system is using Malware Bytes at the moment Many thanks
  20. I have run the free version of malware bytes and followed several detailed instructions. nothing appearing on any lists that I can find and delete. Nor does any threat appear when I run the program or when I run eset. every time I open chrome all three avd, native search, and fbd open multiple tabs. here is the reports i ran. I hope I am posting correctly. new here. thank you so much! DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16537 Run by Tracy at 19:13:48 on 2014-01-07 Microsoft Windows 8 6.2.9200.0.1252.1.1033.18.6000.4262 [GMT -8:00] . AV: ESET Smart Security 7.0 *Enabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289} AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: ESET Smart Security 7.0 *Enabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834} FW: ESET Personal firewall *Enabled* {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2} . ============== Running Processes =============== . C:\windows\system32\svchost.exe -k DcomLaunch C:\windows\system32\svchost.exe -k RPCSS C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\windows\system32\svchost.exe -k netsvcs C:\windows\system32\svchost.exe -k LocalService C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\windows\system32\dwm.exe C:\windows\system32\svchost.exe -k NetworkService C:\windows\system32\WLANExt.exe C:\windows\System32\spoolsv.exe C:\windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\windows\system32\dashost.exe C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe C:\Program Files\Intel\WiFi\bin\EvtEng.exe C:\Program Files\Intel\iCLS Client\HeciServer.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe C:\windows\system32\svchost.exe -k imgsvc C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe C:\windows\system32\wbem\unsecapp.exe C:\windows\system32\wbem\wmiprvse.exe C:\windows\system32\taskhostex.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\windows\Explorer.EXE C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe C:\Windows\System32\WUDFHost.exe C:\windows\system32\SearchIndexer.exe C:\Windows\System32\RuntimeBroker.exe C:\windows\System32\svchost.exe -k LocalServicePeerNet C:\windows\system32\SearchProtocolHost.exe C:\Program Files\Elantech\ETDCtrl.exe C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe C:\Program Files (x86)\Lenovo\Energy Management\utility.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe C:\Windows\RTFTrack.exe C:\Windows\System32\rundll32.exe C:\Program Files\Elantech\ETDCtrlHelper.exe C:\Windows\System32\igfxtray.exe C:\Program Files\Elantech\ETDIntelligent.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe C:\Program Files\ESET\ESET Smart Security\egui.exe C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe C:\Windows\System32\spool\drivers\x64\3\E_YATIHVA.EXE C:\Users\Tracy\AppData\Local\Akamai\netsession_win.exe C:\Users\Tracy\AppData\Local\Akamai\netsession_win.exe C:\Users\Tracy\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Users\Tracy\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe C:\windows\system32\SearchFilterHost.exe C:\windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uSearch Bar = Preserve uProxyOverride = <local> mWinlogon: Userinit = userinit.exe, BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL BHO: QUICKfind BHO Object: {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\Program Files (x86)\IDM\QUICKfind\PlugIns\IEHelp.dll TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll uRun: [EPLTarget\P0000000000000000] C:\windows\System32\spool\DRIVERS\x64\3\E_YATIHVA.EXE /EPT "EPLTarget\P0000000000000000" /M "WorkForce 645" uRun: [Akamai NetSession Interface] "C:\Users\Tracy\AppData\Local\Akamai\netsession_win.exe" uRun: [GoogleChromeAutoLaunch_01CA19FABFA3145EF0091BC706EED4AD] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window uRun: [sSync] "C:\Users\Tracy\AppData\Roaming\SSync\SSync.exe" uRun: [FVDSuite.exe] C:\Program Files (x86)\FVD Suite\FVDSuite.exe /S uRun: [DataMgr] "C:\Users\Tracy\AppData\Roaming\DataMgr\DataMgr.exe" uRun: [Google Update] "C:\Users\Tracy\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [sCheck] "C:\Users\Tracy\AppData\Roaming\SCheck\SCheck.exe" check uRun: [snoozer] "C:\Users\Tracy\AppData\Roaming\Snz\Snz.exe" uRun: [intermediate] "C:\Users\Tracy\AppData\Roaming\Intermediate\Intermediate.exe" mRun: [YouCam Mirage] "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe" mRun: [YouCam Tray] "C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe" /s mRun: [updateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0" mRun: [RemoteControl10] "C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe" mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60 mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" StartupFolder: C:\Users\Tracy\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Tracy\AppData\Roaming\Dropbox\bin\Dropbox.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\INSTAL~2.LNK - C:\Program Files (x86)\Common Files\lpuninstall.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\INSTAL~1.LNK - C:\Program Files (x86)\Common Files\lpuninstall.exe IE: Send to Bluetooth - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll DPF: {4FF78044-96B4-4312-A5B7-FDA3CB328095} - TCP: NameServer = 66.51.205.100 66.51.206.100 208.201.224.11 TCP: Interfaces\{B241F68D-CC7C-42B0-9D6D-4FA944F3B3DB} : DHCPNameServer = 66.51.205.100 66.51.206.100 208.201.224.11 TCP: Interfaces\{B241F68D-CC7C-42B0-9D6D-4FA944F3B3DB}\341626C65675966496 : DHCPNameServer = 209.18.47.61 209.18.47.62 TCP: Interfaces\{B241F68D-CC7C-42B0-9D6D-4FA944F3B3DB}\357494553514D235D43434 : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{B241F68D-CC7C-42B0-9D6D-4FA944F3B3DB}\37D6D6573746F57657563747 : DHCPNameServer = 10.200.214.5 10.200.214.6 TCP: Interfaces\{B241F68D-CC7C-42B0-9D6D-4FA944F3B3DB}\37D6D6573746F5775607 : DHCPNameServer = 10.200.214.6 10.200.214.5 TCP: Interfaces\{B241F68D-CC7C-42B0-9D6D-4FA944F3B3DB}\44166796467237027596D2649602E4564777F627B6 : DHCPNameServer = 10.0.1.1 TCP: Interfaces\{B241F68D-CC7C-42B0-9D6D-4FA944F3B3DB}\D4970275966496 : DHCPNameServer = 68.238.64.12 68.238.96.12 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll SSODL: WebCheck - <orphaned> mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome mASetup: {A6EADE66-0000-0000-484E-7E8A45000000} - "C:\windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll",CreateReaderUserSettings x64-BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe x64-Run: [OnekeyStudio] C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe -start x64-Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe x64-Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s x64-Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4 x64-Run: [RtsFT] RTFTrack.exe x64-Run: [bTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp x64-Run: [igfxTray] C:\windows\System32\igfxtray.exe x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe x64-Run: [Persistence] C:\windows\System32\igfxpers.exe x64-Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Notify: igfxcui - igfxdev.dll x64-SSODL: WebCheck - <orphaned> . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Tracy\AppData\Roaming\Mozilla\Firefox\Profiles\2w33cfwb.default-1389145297470\ FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll FF - plugin: C:\Program Files (x86)\LastPass\nplastpass.dll FF - plugin: C:\Program Files (x86)\LastPass\nplastpass64.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll FF - plugin: C:\Users\Tracy\AppData\Local\Citrix\Plugins\104\npappdetector.dll FF - plugin: C:\Users\Tracy\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll FF - plugin: C:\Users\Tracy\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll FF - plugin: C:\Users\Tracy\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll FF - plugin: C:\Users\Tracy\AppData\Roaming\Mozilla\plugins\npo1d.dll FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll . ============= SERVICES / DRIVERS =============== . R0 edevmon;edevmon;C:\windows\System32\Drivers\edevmon.sys [2013-9-17 239296] R0 epfwwfp;epfwwfp;C:\windows\System32\Drivers\epfwwfp.sys [2013-9-17 62136] R0 iaStorA;iaStorA;C:\windows\System32\Drivers\iaStorA.sys [2013-1-31 647736] R0 LHDmgr;LHDmgr;C:\windows\System32\Drivers\LhdX64.sys [2012-11-12 39008] R1 eamonm;eamonm;C:\windows\System32\Drivers\eamonm.sys [2013-9-17 239320] R1 EpfwLWF;Epfw NDIS LightWeight Filter;C:\windows\System32\Drivers\EpfwLWF.sys [2013-9-17 44120] R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2012-11-13 755240] R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2012-8-27 1112000] R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2012-9-6 1124288] R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-8-15 135984] R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2013-9-12 1337752] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-1-31 14904] R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104] R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-11-12 166720] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-12-26 418376] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-12-26 701512] R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-11-29 38608] R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-11-12 365376] R2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2013-8-28 3378416] R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\windows\System32\Drivers\AcpiVpc.sys [2012-5-15 33560] R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;C:\windows\System32\Drivers\AmpPal.sys [2012-11-13 156160] R3 ETD;ELAN PS/2 Port Input Device;C:\windows\System32\Drivers\ETD.sys [2012-9-10 318800] R3 IntcDAud;Intel® Display Audio;C:\windows\System32\Drivers\IntcDAud.sys [2012-10-16 342528] R3 MBAMProtector;MBAMProtector;C:\windows\System32\Drivers\mbam.sys [2013-12-26 25928] R3 NETwNe64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 8 - 64 Bit;C:\windows\System32\Drivers\NETwew00.sys [2013-10-8 3345376] R3 RTL8168;Realtek 8168 NT Driver;C:\windows\System32\Drivers\Rt630x64.sys [2012-11-12 683664] R3 rtsuvc;Lenovo EasyCamera;C:\windows\System32\Drivers\rtsuvc.sys [2012-11-12 8230160] R3 WSDScan;WSD Scan Support;C:\windows\System32\Drivers\WSDScan.sys [2013-2-1 23552] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192] S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;C:\windows\System32\Drivers\AmpPal.sys [2012-11-13 156160] S3 BthLEEnum;Bluetooth Low Energy Driver;C:\windows\System32\Drivers\BthLEEnum.sys [2012-7-25 202752] S3 btmhsf;btmhsf;C:\windows\System32\Drivers\btmhsf.sys [2013-10-15 1390904] S3 ibtfltcoex;ibtfltcoex;C:\windows\System32\Drivers\iBtFltCoex.sys [2013-10-15 69088] S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2013-8-28 273136] S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\windows\System32\Drivers\RtsUVStor.sys [2012-11-12 315536] S3 wsvd;wsvd;C:\windows\System32\Drivers\wsvd.sys [2012-11-12 102376] S4 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\NLSSRV32.EXE [2012-7-16 69640] . =============== Created Last 30 ================ . 2014-01-07 20:43:02 -------- d-----w- C:\Users\Tracy\AppData\Local\VS Revo Group 2014-01-07 20:42:57 -------- d-----w- C:\ProgramData\VS Revo Group 2013-12-31 21:18:05 -------- d-----w- C:\Program Files\ESET 2013-12-29 04:07:38 236208 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10229.bin 2013-12-26 22:11:10 -------- d-----w- C:\Users\Tracy\AppData\Roaming\Malwarebytes 2013-12-26 22:11:05 -------- d-----w- C:\ProgramData\Malwarebytes 2013-12-26 22:11:04 25928 ----a-w- C:\windows\System32\drivers\mbam.sys 2013-12-26 22:11:04 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-12-26 20:00:32 -------- d-----w- C:\Users\Tracy\AppData\Roaming\Snz 2013-12-18 19:55:21 -------- d-----w- C:\Users\Tracy\AppData\Local\Citrix 2013-12-15 20:42:25 23350272 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll 2013-12-15 20:42:22 22615040 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll 2013-12-12 21:07:02 312320 ----a-w- C:\windows\System32\msieftp.dll 2013-12-12 21:07:01 273408 ----a-w- C:\windows\SysWow64\msieftp.dll 2013-12-12 21:06:59 420864 ----a-w- C:\windows\System32\WMPhoto.dll 2013-12-12 21:06:59 368640 ----a-w- C:\windows\SysWow64\WMPhoto.dll 2013-12-12 20:41:38 62976 ----a-w- C:\windows\System32\imagehlp.dll . ==================== Find3M ==================== . 2013-12-04 00:53:54 78304 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-12-04 00:53:54 694240 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe 2013-11-06 23:18:57 4036608 ----a-w- C:\windows\System32\win32k.sys 2013-10-25 06:19:22 2241536 ----a-w- C:\windows\System32\wininet.dll 2013-10-25 06:19:12 915968 ----a-w- C:\windows\System32\uxtheme.dll 2013-10-25 06:17:57 3959808 ----a-w- C:\windows\System32\jscript9.dll 2013-10-25 04:45:11 1767936 ----a-w- C:\windows\SysWow64\wininet.dll 2013-10-25 04:43:42 2877952 ----a-w- C:\windows\SysWow64\jscript9.dll 2013-10-19 04:04:07 59392 ----a-w- C:\windows\SysWow64\imagehlp.dll 2013-10-15 19:42:24 1390904 ----a-w- C:\windows\System32\drivers\btmhsf.sys 2013-10-15 19:42:10 80184 ----a-w- C:\windows\System32\btmwu.dll 2013-10-15 19:42:10 69088 ----a-w- C:\windows\System32\drivers\iBtFltCoex.sys 2013-10-10 11:53:35 96600 ----a-w- C:\windows\System32\drivers\wfplwfs.sys 2013-10-10 09:32:09 115712 ----a-w- C:\windows\SysWow64\cscript.exe 2013-10-10 09:30:50 162304 ----a-w- C:\windows\SysWow64\scrobj.dll 2013-10-10 09:30:50 156160 ----a-w- C:\windows\SysWow64\scrrun.dll 2013-10-10 09:24:02 143872 ----a-w- C:\windows\System32\wshom.ocx 2013-10-10 09:23:41 146944 ----a-w- C:\windows\System32\cscript.exe 2013-10-10 09:22:46 222720 ----a-w- C:\windows\System32\scrobj.dll 2013-10-10 09:22:46 194048 ----a-w- C:\windows\System32\scrrun.dll 2013-10-10 09:21:20 1160192 ----a-w- C:\windows\System32\IKEEXT.DLL 2013-10-10 09:20:43 723968 ----a-w- C:\windows\System32\BFE.DLL 2013-10-02 00:43:32 15641088 ----a-w- C:\Program Files (x86)\Common Files\lpuninstall.exe . ============= FINISH: 19:14:47.96 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 8 Boot Device: \Device\HarddiskVolume2 Install Date: 1/12/2013 5:24:49 PM System Uptime: 1/7/2014 7:06:03 PM (0 hours ago) . Motherboard: LENOVO | | INVALID Processor: Intel® Core i5-3210M CPU @ 2.50GHz | U3E1 | 2501/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 651 GiB total, 583.08 GiB free. D: is FIXED (NTFS) - 25 GiB total, 22.23 GiB free. E: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974} Description: Device ID: USB\VID_8087&PID_07DA\6&2E2F5DEF&0&3 Manufacturer: Intel Corporation Name: PNP Device ID: USB\VID_8087&PID_07DA\6&2E2F5DEF&0&3 Service: BTHUSB . ==== System Restore Points =================== . RP53: 12/19/2013 6:43:23 PM - Windows Update RP54: 12/23/2013 11:13:13 PM - Windows Update RP55: 12/27/2013 1:13:36 AM - Windows Update RP56: 12/30/2013 9:03:50 PM - Windows Update RP57: 1/3/2014 4:09:15 PM - Windows Update RP58: 1/7/2014 6:55:55 PM - Removed Citrix Online Launcher . ==== Installed Programs ====================== . Adobe Flash Player 11 Plugin Adobe Reader XI (11.0.05) Akamai NetSession Interface Amazon Browser App Apple Application Support Apple Mobile Device Support Apple Software Update Cambridge English Pronouncing Dictionary - 17th Edition ConvertHelper 2.2 Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Dolby Home Theater v4 Dropbox Energy Management EPSON Scan EPSON WorkForce 645 Series Printer Uninstall ESET Smart Security ETDWare PS/2-X64 11.4.8.1_WHQL Google Chrome Google Talk Plugin Google Update Helper Intel® Control Center Intel® Management Engine Components Intel® PRO/Wireless Driver Intel® Processor Graphics Intel® PROSet/Wireless for Bluetooth® + High Speed Intel® PROSet/Wireless Software for Bluetooth® Technology Intel® Rapid Storage Technology Intel® SDK for OpenCL - CPU Only Runtime Package Intel® PROSet/Wireless Software Intel® PROSet/Wireless WiFi Software Intel® Trusted Connect Service Client Intelligent Touchpad iTunes LastPass (uninstall only) Lenovo EasyCamera Lenovo OneKey Recovery Lenovo Photos Lenovo PowerDVD10 Lenovo YouCam Malwarebytes Anti-Malware version 1.75.0.1300 Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Home and Student 2010 Microsoft Office Office 64-bit Components 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared 64-bit MUI (English) 2010 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Single Image 2010 Microsoft Office Word MUI (English) 2010 Microsoft Silverlight Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Mozilla Firefox 26.0 (x86 en-US) Mozilla Maintenance Service Onekey Theater Power2Go PressReader QUICKfind QuickTime RealDownloader RealNetworks - Microsoft Visual C++ 2008 Runtime RealNetworks - Microsoft Visual C++ 2010 Runtime RealPlayer Realtek Ethernet Controller Driver Realtek High Definition Audio Driver Realtek USB 2.0 Card Reader RealUpgrade 1.1 Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687276) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition Security Update for Microsoft Outlook 2010 (KB2837597) 32-Bit Edition Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition Security Update for Microsoft Visio 2010 (KB2810068) 32-Bit Edition Shared C Run-time for x64 Skype™ 6.11 Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition UserGuide Windows Driver Package - Lenovo (ACPIVPC) System (06/15/2012 8.1.0.1) Windows Driver Package - Lenovo (WUDFRd) LenovoVhid (06/19/2012 10.13.29.733) . ==== Event Viewer Messages From Past Week ======== . 12/31/2013 1:26:36 PM, Error: Service Control Manager [7000] - The ESET Service service failed to start due to the following error: The system cannot find the file specified. 12/31/2013 1:22:14 PM, Error: Service Control Manager [7030] - The Eset install launcher (4299) service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 12/31/2013 1:18:17 PM, Error: Service Control Manager [7030] - The ESET Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 1/7/2014 7:07:47 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {7022A3B3-D004-4F52-AF11-E9E987FEE25F} and APPID {ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D} to the user curlygirly\Tracy SID (S-1-5-21-117334080-4287712844-1216391920-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. 1/7/2014 7:07:34 PM, Error: Service Control Manager [7022] - The ESET Service service hung on starting. 1/7/2014 12:58:41 PM, Error: Service Control Manager [7034] - The Intel® PROSet/Wireless Zero Configuration Service service terminated unexpectedly. It has done this 1 time(s). 1/6/2014 11:43:57 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070002: Intel driver update for Intel® Centrino® Wireless Bluetooth® 4.0 + High Speed Adapter. 1/6/2014 10:55:30 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Intel driver update for Intel® Centrino® Wireless Bluetooth® 4.0 + High Speed Adapter. 1/2/2014 9:51:54 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070103: Intel driver update for Intel® Centrino® Wireless Bluetooth® 4.0 + High Speed Adapter. . ==== End Of File ===========================
  21. Before I had exclusively suggested AVG 2014 to everybody, as it had never let me down. Well. My relative noticed something funny going on her PC, and I did a virus scan with AVG 2014. It detected a backdoor trojan called backdoor.PoisonIvy.BQ, but couldn't remove it and it constantly showed up in scans. So I was writing a post on AVG forums to ask for help, and feces hit the fan. Text was selecting itself, removing, closing windows, and a rainbow screen with Windows XP styled checkboxes appeared. I was pretty freaked out, and I pulled the plug. I had to change all of my passwords, just because of AVG letting me down. So on my working PC I edited the poorly written AVG forums post due to the shock of everything deleting itself, and I wrote a blog worthy report. A week passed with no replies, and then I finally got an email stating that my thread on the forums had been replied to. And it was this big fancy admin, and his entire post was to submit the virus that had taken over a PC completely and submit it to them with great risk of my own digital security. AVG was freaking useless. A month passed, and I was over at my relatives for Christmas Eve dinner. I asked if I could fix her computer after the holidays, after I caught wind of Malware Bytes being designed to remove threats that huge security vendors couldn't. After the computer was back on it was very slow, but acting somewhat normally. I inserted my USB with several big name anti-viruses and tested them out. Spybot 2.0 flopped over and did nothing. ESET spazzed out over something stupid, and didn't remove the virus. Avira didn't do anything. And malware bytes did it. THANK YOU GUYS SO MUCH! I also used Adwcleaner that I found off of these forums, and AVG and it's ridiculously useless search engine was never used again. I've since then used AdwCleaner and Malwarebytes to clean up everybody's computers that they would let me fix. My family has had awful luck with money, and you've saved us from a lot of grief.
  22. Hi, i just installed AVG 2014 (30 day free trial) to my laptop and did a scan. It found 3 rootkits which are named Threat: Service function NtMapViewOfSection hook -> 0xFFFFFFFF8782F280 Severity: Medium State: Infected Threat: Service function NtCreateThreadEx hook -> 0xFFFFFFFF878517A0 Severity: Medium State: Infected Threat: Service function NtalpcConnectPort hook -> 0xFFFFFFFF869E5428 Severity: Medium State: Infected with a red X next to them. When I click them to remove the remove selected button doesn't work. I did a quick scan with MBAM and it said 0 threats. I then did a full scan and it found 36 threats, but they were all PUPs which I deleted. I did a specific rootkit scan after that with AVG and it found the same 3 rootkits again. Do these need to be removed and if so how? Thanks for reading.
  23. Some how AVG installed a toolbar in my firefox brouser, (fat fingers or a family member no blame directed). Next thing I know my hard drive is full. Went online and found a fix, Delete the file (grown to greater than 4G!) then when it returns make it read only. Stopped using AVG and started using Trend Micro internet security with no further problems. My registration ran out when I tried to upgrade to TM Ti Maximum Security because the reg code was not compatible with internet security, worked with TM support and got no where. They said I had to remove AVG or their program would not install. I removed all AVG entries except a group which will not delete. (Cannot delete LEGACY_AVG_SECURITY_TOOLBAR_SERVICE: Error while deleting key.) HELP!
  24. Sorry not a computer person so if you need more info let me know After scanning with avg free 2013 detected 5 anti rootkits I tried putting these in sites to see if they were false positives but when I open the direction the .sys file doesnt exist. AVG says to delete the files I need to reboot but on the next scan they are back. Please help.... Does this mean someone is accessing my laptop or is it a AVG error files appear like this "";"pci.sys, hooked import ntoskrnl.exe IoDetachDevice -> spxr.sys +0x625DC, C:\Windows\System32\Drivers\spxr.sys";"Infected" "";"pci.sys, hooked import ntoskrnl.exe IoAttachDeviceToDeviceStack -> spxr.sys +0x62650, C:\Windows\System32\Drivers\spxr.sys";"Infected" "";"Inline hook ataport.SYS DllUnload -> spxr.sys +0x5E360, C:\Windows\System32\Drivers\spxr.sys";"Infected" "";"atapi.sys, hooked import ataport.SYS AtaPortReadPortUchar -> spxr.sys +0x2D224, C:\Windows\System32\Drivers\spxr.sys";"Infected" "";"atapi.sys, hooked import ataport.SYS AtaPortReadPortBufferUshort -> spxr.sys +0x2D35C, C:\Windows\System32\Drivers\spxr.sys";"Infected" these 5 files have changed names from when they were detected the first time "";"pci.sys, hooked import ntoskrnl.exe IoDetachDevice -> spds.sys +0x625DC, C:\Windows\System32\Drivers\spds.sys";"Secured" changing from spds.sys to spxr.sys what is the best way to delete a rootkit if I have one, how can i detect if I do really have one? Thankyou for any help or advice in advance
  25. The FAQ in this forum has good information on how to resolve conflict between AVG Antivirus and MBAM.....BUT......the list of solutions found at http://forums.malwar...showtopic=10138 is out of date. (It's in section H) As we all know........There is a new version of MBAM Free (1.7) and a new version of AVG 2013 Free. These are not included in the FAQ. To make things more complicated, the process for adding Exceptions in AVG has changed from previous versions. There is no longer an Add List command or a Code box. Plus, the Browse button used to navigate to the required files is, for some reason, unable to see files like mbam.sys in the System32\Drivers file......even though "Show hidden files, folders and drives" is turned ON. Has anyone got any information on how to add the proper files from MBAM 1.7 Free to the Exceptions list of AVG 2013 Free so that MBAM can run a Quick Scan without freezing with the old "stopped responding" fail?? I asked this same question at http://forums.avg.co...=show&id=224298 and am getting a distinct "sound of silence". It seems many people have been able to do this on older/previous versions of the two programs.....but no one has yet achieved it with the current (Read: Feb 2013) versions of both. Any insight is greatly appreciated. Michael
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.