Jump to content

Unable to open AVG or Malwarebytes "This programme is blocked by group policy"


Recommended Posts

I am in need of some much appreciated assistance.

 

I use a Toshiba C855 laptop an have found multiple problems that lead me think my laptop is riddled with nasties :ph34r:

 

They include : -

 

* Unable to open internet explorer via desktop ikon

* Random ads appearing when using IE, including clicked links opening something completely different.

* Unable to open Malware Bytes or AVG due to error "This programme is blocked by group policy"

 

I have had a call from Barclaycard as well to advise that payments have been made to Eonix over the last 3 months which I have not made which may or may not be linked to something malicious on the computer.

 

I am also unable to connect my ipod touch to Itunes but obviously this would be a minor bonus fix in light of all the oher more pressing issues I have at the moment.

 

I have some experience of basic malware removal which has always done me good in the past but this has now surpassed by go-to repair techniques and any help from someone more experienced would make me eternally grateful.

Link to post
Share on other sites

Hello and post-32477-1261866970.gif

 

P2P/Piracy Warning:

 

   

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.


Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Kevin...

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-04-2014 03
Ran by Jane (administrator) on BETTYB on 25-04-2014 21:12:27
Running from C:\Users\Jane\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

() C:\Windows\System32\GFNEXSrv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TOSHIBA Corporation) C:\windows\system32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
() C:\Program Files (x86)\BrowseMark\updateBrowseMark.exe
() C:\Program Files (x86)\BrowseMark\bin\utilBrowseMark.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\loggingserver.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe
(Bandoo Media Inc.) C:\Users\Jane\AppData\Local\iLivid\iLivid.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Microsoft Corporation) C:\windows\SysWOW64\regsvr32.exe
() C:\Program Files (x86)\BrowseMark\bin\BrowseMark.BrowserAdapter.exe
(Toshiba) C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
() C:\Program Files (x86)\AVG Secure Search\vprot.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\18.0.5\ScriptHelper.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [] => [X]
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12459112 2012-03-16] (Realtek Semiconductor)
HKLM\...\Run: [sRS Premium Sound HD] => C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2165120 2012-03-22] (SRS Labs, Inc.)
HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2866960 2011-12-19] (Synaptics Incorporated)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [590256 2011-09-23] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [989056 2011-12-14] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1548208 2011-11-24] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [712096 2011-12-14] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2011-11-26] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba TEMPRO] => C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [1546720 2011-02-10] (Toshiba Europe GmbH)
HKLM\...\Run: [Toshiba Registration] => C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe [150992 2012-05-11] (Toshiba Europe GmbH)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTSecMng] => C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [80840 2011-04-02] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [uSB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-05] (Intel Corporation)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1298816 2011-07-12] (TOSHIBA Corporation)
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [454600 2013-02-28] (McAfee, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Secure Search\vprot.exe [2544664 2014-03-26] ()
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [454600 2013-02-28] (McAfee, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5180432 2014-04-06] (AVG Technologies CZ, s.r.o.)
HKLM Group Policy restriction on software: C:\Program Files (x86)\AVG <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Malwarebytes' Anti-Malware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\AVG <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\McAfee.com <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\McAfee.com <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM-x32\...\Winlogon: [shell] C:\PROGRA~3\9499927.bat [59 ] () <=== ATTENTION
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\.DEFAULT\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-16] (TOSHIBA)
HKU\S-1-5-19\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-16] (TOSHIBA)
HKU\S-1-5-20\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-16] (TOSHIBA)
HKU\S-1-5-21-3375270117-1701423841-1695564353-1000\...\Run: [YdPack] => regsvr32.exe C:\Users\Jane\AppData\Local\YdPack\iTunesMiniPlayer.dll <===== ATTENTION
HKU\S-1-5-21-3375270117-1701423841-1695564353-1000\...\Run: [iLivid] => C:\Users\Jane\AppData\Local\iLivid\iLivid.exe [7307776 2014-02-12] (Bandoo Media Inc.)
HKU\S-1-5-21-3375270117-1701423841-1695564353-1000\...\Run: [Fohukaicx] => C:\Users\Jane\AppData\Roaming\Wahaylunaby\wytyubymlo.exe
HKU\S-1-5-21-3375270117-1701423841-1695564353-1000\...\Run: [vmlqyk] => regsvr32.exe "C:\ProgramData\vmlqyk.dat"
HKU\S-1-5-21-3375270117-1701423841-1695564353-1000\...\Run: [bnbzkk] => regsvr32.exe "C:\ProgramData\bnbzkk.dat"
HKU\S-1-5-21-3375270117-1701423841-1695564353-1000\...\Run: [mKWdy21kCCDw4bb1] => C:\Users\Jane\AppData\Roaming\Ydro\mfpmp.exe [327680 2009-07-14] ()
HKU\S-1-5-21-3375270117-1701423841-1695564353-1000\...409d6c4515e9\InprocServer32: [Default-shell32] C:\$Recycle.Bin\S-1-5-21-3375270117-1701423841-1695564353-1000\$7f713b70b782cb28f127f606e4854023\n. ATTENTION! ====> ZeroAccess?
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Toshiba Places Icon Utility.lnk
ShortcutTarget: Toshiba Places Icon Utility.lnk -> C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe (Toshiba)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Jane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\flashcl.lnk
ShortcutTarget: flashcl.lnk -> C:\Users\Jane\AppData\Roaming\Flash\updatecl.vbs (No File)
Startup: C:\Users\Jane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\flashsec.lnk
ShortcutTarget: flashsec.lnk -> C:\Users\Jane\AppData\Roaming\Flash\updatesec.vbs (No File)
Startup: C:\Users\Jane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\flashupdate.lnk
ShortcutTarget: flashupdate.lnk -> C:\Users\Jane\AppData\Roaming\Flash\update.vbs (No File)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.uk/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TEUA&bmod=TEUA
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&a=dnldstr_14_15_ie&cd=2XzuyEtN2Y1L1QzuyE0CyBtB0BzytA0Fzz0E0DzytA0E0BzytN0D0Tzu0SzztAtAtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyE0B0Czzzzzz0BzytG0FyCyB0CtGyEyBtCyCtGzyzyyEtAtGtAtAyDyCtDtA0AtD0FyBtBtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDtDyE0EtAtD0A0EtG0CzztA0AtGtA0C0F0FtGyB0AtDyCtGtAzztCtCtBtD0CyDtA0E0C0E2Q&cr=2018330979&ir=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&a=dnldstr_14_15_ie&cd=2XzuyEtN2Y1L1QzuyE0CyBtB0BzytA0Fzz0E0DzytA0E0BzytN0D0Tzu0SzztAtAtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyE0B0Czzzzzz0BzytG0FyCyB0CtGyEyBtCyCtGzyzyyEtAtGtAtAyDyCtDtA0AtD0FyBtBtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDtDyE0EtAtD0A0EtG0CzztA0AtGtA0C0F0FtGyB0AtDyCtGtAzztCtCtBtD0CyDtA0E0C0E2Q&cr=2018330979&ir=
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {8FD3A267-9679-47C1-8A1C-0FEF36D011C0} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TEUA;
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldstr_14_15_ie&cd=2XzuyEtN2Y1L1QzuyE0CyBtB0BzytA0Fzz0E0DzytA0E0BzytN0D0Tzu0SzztAtAtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyE0B0Czzzzzz0BzytG0FyCyB0CtGyEyBtCyCtGzyzyyEtAtGtAtAyDyCtDtA0AtD0FyBtBtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDtDyE0EtAtD0A0EtG0CzztA0AtGtA0C0F0FtGyB0AtDyCtGtAzztCtCtBtD0CyDtA0E0C0E2Q&cr=2018330979&ir=
SearchScopes: HKLM - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL =
SearchScopes: HKLM - {8FD3A267-9679-47C1-8A1C-0FEF36D011C0} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TEUA;
SearchScopes: HKLM-x32 - DefaultScope {8FD3A267-9679-47C1-8A1C-0FEF36D011C0} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TEUA;
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {8FD3A267-9679-47C1-8A1C-0FEF36D011C0} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TEUA;
SearchScopes: HKCU - DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={5B3CC5FF-13B0-426C-9F74-2168F0869150}&mid=80c4a200d3a647d0a93c9d3bffdb672a-075dc2ef15d71dd4ae8774efb4299f0953e2fabd〈=en&ds=ft011&coid=&cmpid=&pr=sa&d=2012-08-03 19:45:42&v=18.0.5.292&pid=avg&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {09347F2A-8B13-469F-B64E-2B684F9DC14C} URL = http://uk.search.yahoo.com/search?fr=mcafee&p={SearchTerms}
SearchScopes: HKCU - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL =
SearchScopes: HKCU - {8FD3A267-9679-47C1-8A1C-0FEF36D011C0} URL =
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={5B3CC5FF-13B0-426C-9F74-2168F0869150}&mid=80c4a200d3a647d0a93c9d3bffdb672a-075dc2ef15d71dd4ae8774efb4299f0953e2fabd〈=en&ds=ft011&coid=&cmpid=&pr=sa&d=2012-08-03 19:45:42&v=18.0.5.292&pid=avg&sg=0&sap=dsp&q={searchTerms}
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.0.5.292\AVG Secure Search_toolbar.dll (AVG Secure Search)
BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.0.5.292\AVG Secure Search_toolbar.dll (AVG Secure Search)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.0.5\ViProtocol.dll (AVG Secure Search)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9 01 mswsock.dll File Not found ()
Winsock: Catalog9 02 mswsock.dll File Not found ()
Winsock: Catalog9 03 mswsock.dll File Not found ()
Winsock: Catalog9 04 mswsock.dll File Not found ()
Winsock: Catalog9 05 mswsock.dll File Not found ()
Winsock: Catalog9 06 mswsock.dll File Not found ()
Winsock: Catalog9 07 mswsock.dll File Not found ()
Winsock: Catalog9 08 mswsock.dll File Not found ()
Winsock: Catalog9 09 mswsock.dll File Not found ()
Winsock: Catalog9 10 mswsock.dll File Not found ()
Winsock: Catalog9 11 mswsock.dll File Not found ()
Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9-x64 01 mswsock.dll File Not found ()
Winsock: Catalog9-x64 02 mswsock.dll File Not found ()
Winsock: Catalog9-x64 03 mswsock.dll File Not found ()
Winsock: Catalog9-x64 04 mswsock.dll File Not found ()
Winsock: Catalog9-x64 05 mswsock.dll File Not found ()
Winsock: Catalog9-x64 06 mswsock.dll File Not found ()
Winsock: Catalog9-x64 07 mswsock.dll File Not found ()
Winsock: Catalog9-x64 08 mswsock.dll File Not found ()
Winsock: Catalog9-x64 09 mswsock.dll File Not found ()
Winsock: Catalog9-x64 10 mswsock.dll File Not found ()
Winsock: Catalog9-x64 11 mswsock.dll File Not found ()
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{1478316E-1B27-43BC-BFE4-C03ADECC2222}: [NameServer]94.242.222.66,8.8.8.8
Tcpip\..\Interfaces\{663F94D1-B13E-48EB-80BA-B70A5E0299F1}: [NameServer]94.242.222.66,8.8.8.8
Tcpip\..\Interfaces\{CE42F26D-CD72-4EA1-913A-3DD5212D70DE}: [NameServer]94.242.222.66,8.8.8.8

FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.0.5\\npsitesafety.dll (AVG Technologies)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @mcafee.com/MVT - C:\Program Files (x86)\McAfee\Supportability\MVT\npmvtplugin.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\FireFoxExt\17.3.0.49
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2012-08-03]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2012-08-03]

Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR HKLM\...\Chrome\Extension: [iagcajndpnfncplednpbnkahadegklfa] - C:\Users\Jane\AppData\Local\speedial.crx [2014-04-12]
CHR HKCU\...\Chrome\Extension: [iagcajndpnfncplednpbnkahadegklfa] - C:\Users\Jane\AppData\Local\speedial.crx [2014-04-12]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2014-04-01]
CHR HKLM-x32\...\Chrome\Extension: [iagcajndpnfncplednpbnkahadegklfa] - C:\Users\Jane\AppData\Local\speedial.crx [2014-04-12]
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\18.0.5.292\avg.crx [2014-03-26]

==================== Services (Whitelisted) =================

S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3645456 2014-04-18] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [291912 2014-03-27] (AVG Technologies CZ, s.r.o.)
R2 GFNEXSrv; C:\Windows\System32\GFNEXSrv.exe [162824 2010-09-10] ()
S2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [221296 2013-03-05] (McAfee, Inc.)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-21] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-21] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [398184 2012-12-14] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [682344 2012-12-14] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S3 McAWFwk; C:\Program Files\McAfee\MSC\McAWFwk.exe [225216 2011-01-28] (McAfee, Inc.)
S2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [221296 2013-03-05] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [221296 2013-03-05] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [388680 2013-03-01] (McAfee, Inc.)
S4 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [221296 2013-03-05] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [221296 2013-03-05] (McAfee, Inc.)
S2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1007288 2012-10-06] (McAfee, Inc.)
S2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218320 2012-12-26] (McAfee, Inc.)
S2 mfevtp; C:\windows\system32\mfevtps.exe [182312 2012-12-26] (McAfee, Inc.)
S2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [221296 2013-03-05] (McAfee, Inc.)
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [112080 2011-02-10] (Toshiba Europe GmbH)
R2 Update BrowseMark; C:\Program Files (x86)\BrowseMark\updateBrowseMark.exe [350496 2014-04-24] ()
R2 Util BrowseMark; C:\Program Files (x86)\BrowseMark\bin\utilBrowseMark.exe [350496 2014-04-24] ()
R2 vToolbarUpdater18.0.5; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe [1771032 2014-03-26] (AVG Secure Search)

==================== Drivers (Whitelisted) ====================

U5 7588857fcfe95c46; C:\Windows\System32\Drivers\7588857fcfe95c46.sys [78280 2014-01-16] () <===== ATTENTION Necurs Rootkit?
S1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-03-27] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [237336 2014-04-18] (AVG Technologies CZ, s.r.o.)
S0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [192792 2014-03-27] (AVG Technologies CZ, s.r.o.)
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [236824 2014-03-27] (AVG Technologies CZ, s.r.o.)
S0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [324376 2014-03-27] (AVG Technologies CZ, s.r.o.)
S0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [130840 2014-03-31] (AVG Technologies CZ, s.r.o.)
S0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [32536 2014-03-27] (AVG Technologies CZ, s.r.o.)
S1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [274200 2014-03-31] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\windows\system32\drivers\avgtpx64.sys [46368 2013-12-14] (AVG Technologies)
S3 BthEnum; C:\Windows\system32\drivers\BthEnum.sys [41984 2009-07-14] ()
S3 BTHMODEM; C:\Windows\system32\drivers\bthmodem.sys [72192 2009-07-14] ()
S3 BthPan; C:\Windows\System32\DRIVERS\bthpan.sys [118784 2009-07-14] ()
S3 BTHPORT; C:\Windows\System32\Drivers\BTHport.sys [552960 2012-07-06] ()
S3 BTHUSB; C:\Windows\System32\Drivers\BTHUSB.sys [80384 2011-04-28] ()
S4 cdfs; C:\Windows\System32\DRIVERS\cdfs.sys [92160 2009-07-14] ()
R1 cdrom; C:\Windows\System32\DRIVERS\cdrom.sys [147456 2010-11-21] ()
S3 cfwids; C:\Windows\system32\drivers\cfwids.sys [69672 2012-12-26] ()
S3 circlass; C:\Windows\system32\drivers\circlass.sys [45568 2009-07-14] ()
R0 CLFS; C:\Windows\System32\CLFS.sys [367696 2009-07-14] ()
R3 CmBatt; C:\Windows\System32\DRIVERS\CmBatt.sys [17664 2009-07-14] ()
S3 cmdide; C:\Windows\system32\drivers\cmdide.sys [17488 2009-07-14] ()
R0 CNG; C:\Windows\System32\Drivers\cng.sys [458704 2012-06-02] ()
R0 Compbatt; C:\Windows\System32\drivers\compbatt.sys [21584 2009-07-14] ()
R3 CompositeBus; C:\Windows\System32\DRIVERS\CompositeBus.sys [38912 2010-11-21] ()
S4 crcdisk; C:\Windows\system32\drivers\crcdisk.sys [24144 2009-07-14] ()
R1 DfsC; C:\Windows\System32\Drivers\dfsc.sys [102400 2010-11-21] ()
R1 discache; C:\Windows\System32\drivers\discache.sys [40448 2009-07-14] ()
R0 Disk; C:\Windows\System32\drivers\disk.sys [73280 2009-07-14] ()
S3 drmkaud; C:\Windows\System32\drivers\drmkaud.sys [5632 2009-07-14] ()
R3 DXGKrnl; C:\Windows\System32\drivers\dxgkrnl.sys [982912 2011-02-03] ()
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] ()
S3 elxstor; C:\Windows\system32\drivers\elxstor.sys [530496 2009-07-14] ()
S3 ErrDev; C:\Windows\system32\drivers\errdev.sys [9728 2009-07-14] ()
S3 exfat; C:\Windows\System32\Drivers\exfat.sys [195072 2009-07-14] ()
S3 fastfat; C:\Windows\System32\Drivers\fastfat.sys [204800 2009-07-14] ()
S3 fdc; C:\Windows\system32\drivers\fdc.sys [29696 2009-07-14] ()
R0 FileInfo; C:\Windows\System32\drivers\fileinfo.sys [70224 2009-07-14] ()
S3 Filetrace; C:\Windows\System32\drivers\filetrace.sys [34304 2009-07-14] ()
S3 flpydisk; C:\Windows\system32\drivers\flpydisk.sys [24576 2009-07-14] ()
R0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [289664 2010-11-21] ()
S3 FsDepends; C:\Windows\System32\drivers\FsDepends.sys [55376 2009-07-14] ()
S3 fssfltr; C:\Windows\System32\DRIVERS\fssfltr.sys [57280 2012-07-28] ()
U0 Fs_Rec; C:\Windows\System32\Drivers\Fs_Rec.sys [23408 2012-03-01] ()
R0 fvevol; C:\Windows\System32\DRIVERS\fvevol.sys [223248 2010-11-21] ()
S3 gagp30kx; C:\Windows\system32\drivers\gagp30kx.sys [65088 2009-07-14] ()
R3 GEARAspiWDM; C:\Windows\System32\DRIVERS\GEARAspiWDM.sys [33240 2012-08-21] ()
S3 hcw85cir; C:\Windows\system32\drivers\hcw85cir.sys [31232 2009-06-10] ()
S3 HdAudAddService; C:\Windows\System32\drivers\HdAudio.sys [350208 2010-11-21] ()
R3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [122368 2010-11-21] ()
S3 HidBatt; C:\Windows\system32\drivers\HidBatt.sys [26624 2009-07-14] ()
S3 HidBth; C:\Windows\system32\drivers\hidbth.sys [100864 2009-07-14] ()
S3 HidIr; C:\Windows\system32\drivers\hidir.sys [46592 2009-07-14] ()
S3 HidUsb; C:\Windows\System32\DRIVERS\hidusb.sys [30208 2010-11-21] ()
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197264 2012-05-28] ()
S3 HpSAMD; C:\Windows\system32\drivers\HpSAMD.sys [78720 2010-11-21] ()
R3 HTTP; C:\Windows\System32\drivers\HTTP.sys [753664 2010-11-21] ()
R0 hwpolicy; C:\Windows\System32\drivers\hwpolicy.sys [14720 2010-11-21] ()
R3 i8042prt; C:\Windows\System32\DRIVERS\i8042prt.sys [105472 2009-07-14] ()
R0 iaStor; C:\Windows\System32\DRIVERS\iaStor.sys [568600 2011-11-30] ()
S3 iaStorV; C:\Windows\system32\drivers\iaStorV.sys [410496 2011-03-11] ()
R3 igfx; C:\Windows\System32\DRIVERS\igdkmd64.sys [14759136 2012-05-10] ()
S3 iirsp; C:\Windows\system32\drivers\iirsp.sys [44112 2009-07-14] ()
R3 IntcAzAudAddService; C:\Windows\System32\drivers\RTKVHD64.sys [4013928 2012-03-21] ()
R3 IntcDAud; C:\Windows\System32\DRIVERS\IntcDAud.sys [331264 2011-12-06] ()
S3 intelide; C:\Windows\system32\drivers\intelide.sys [16960 2009-07-14] ()
R3 intelppm; C:\Windows\System32\DRIVERS\intelppm.sys [62464 2009-07-14] ()
S3 IpFilterDriver; C:\Windows\System32\DRIVERS\ipfltdrv.sys [82944 2010-11-21] ()
S3 IPMIDRV; C:\Windows\system32\drivers\IPMIDrv.sys [78848 2010-11-21] ()
S3 IPNAT; C:\Windows\System32\drivers\ipnat.sys [116224 2009-07-14] ()
S3 IRENUM; C:\Windows\System32\drivers\irenum.sys [17920 2009-07-14] ()
S3 isapnp; C:\Windows\system32\drivers\isapnp.sys [20544 2009-07-14] ()
S3 iScsiPrt; C:\Windows\system32\drivers\msiscsi.sys [273792 2010-11-21] ()
R0 iusb3hcs; C:\Windows\System32\DRIVERS\iusb3hcs.sys [16152 2012-01-05] ()
R3 iusb3hub; C:\Windows\System32\DRIVERS\iusb3hub.sys [355096 2012-01-05] ()
R3 iusb3xhc; C:\Windows\System32\DRIVERS\iusb3xhc.sys [786200 2012-01-05] ()
R3 kbdclass; C:\Windows\System32\DRIVERS\kbdclass.sys [50768 2009-07-14] ()
S3 kbdhid; C:\Windows\system32\drivers\kbdhid.sys [33280 2010-11-21] ()
R0 KSecDD; C:\Windows\System32\Drivers\ksecdd.sys [95600 2012-06-02] ()
R0 KSecPkg; C:\Windows\System32\Drivers\ksecpkg.sys [151920 2012-06-02] ()
R3 ksthunk; C:\Windows\system32\drivers\ksthunk.sys [20992 2009-07-14] ()
R2 lltdio; C:\Windows\System32\DRIVERS\lltdio.sys [60928 2009-07-14] ()
S3 LSI_FC; C:\Windows\system32\drivers\lsi_fc.sys [114752 2009-07-14] ()
S3 LSI_SAS; C:\Windows\system32\drivers\lsi_sas.sys [106560 2009-07-14] ()
S3 LSI_SAS2; C:\Windows\system32\drivers\lsi_sas2.sys [65600 2009-07-14] ()
S3 LSI_SCSI; C:\Windows\system32\drivers\lsi_scsi.sys [115776 2009-07-14] ()
R2 luafv; C:\Windows\system32\drivers\luafv.sys [113152 2009-07-14] ()
S3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [24176 2012-12-14] (Malwarebytes Corporation)
S3 megasas; C:\Windows\system32\drivers\megasas.sys [35392 2009-07-14] ()
S3 MegaSR; C:\Windows\system32\drivers\MegaSR.sys [284736 2009-07-14] ()
R3 MEIx64; C:\Windows\System32\DRIVERS\HECIx64.sys [60184 2011-11-10] ()
S3 mfeapfk; C:\Windows\system32\drivers\mfeapfk.sys [178840 2012-12-26] ()
S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [309400 2012-12-26] (McAfee, Inc.)
S3 mfefirek; C:\Windows\system32\drivers\mfefirek.sys [515528 2012-12-26] ()
S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [771096 2012-12-26] (McAfee, Inc.)
S3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [328976 2012-11-02] ()
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [97208 2012-11-02] ()
S0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [339776 2012-12-26] (McAfee, Inc.)
S3 Modem; C:\Windows\System32\drivers\modem.sys [40448 2009-07-14] ()
R3 monitor; C:\Windows\System32\DRIVERS\monitor.sys [30208 2009-07-14] ()
R3 mouclass; C:\Windows\System32\DRIVERS\mouclass.sys [49216 2009-07-14] ()
S3 mouhid; C:\Windows\System32\DRIVERS\mouhid.sys [31232 2009-07-14] ()
R0 mountmgr; C:\Windows\System32\drivers\mountmgr.sys [94592 2010-11-21] ()
S3 mpio; C:\Windows\system32\drivers\mpio.sys [155008 2010-11-21] ()
S3 mpsdrv; C:\Windows\System32\drivers\mpsdrv.sys [77312 2009-07-14] ()
S3 MRxDAV; C:\Windows\system32\drivers\mrxdav.sys [140800 2010-11-21] ()
R3 mrxsmb; C:\Windows\System32\DRIVERS\mrxsmb.sys [158208 2011-04-27] ()
R3 mrxsmb10; C:\Windows\System32\DRIVERS\mrxsmb10.sys [288768 2011-07-09] ()
R3 mrxsmb20; C:\Windows\System32\DRIVERS\mrxsmb20.sys [128000 2011-04-27] ()
R0 msahci; C:\Windows\System32\DRIVERS\msahci.sys [31104 2010-11-21] ()
S3 msdsm; C:\Windows\system32\drivers\msdsm.sys [140672 2010-11-21] ()
R1 Msfs; C:\Windows\System32\Drivers\Msfs.sys [26112 2009-07-14] ()
S3 mshidkmdf; C:\Windows\System32\drivers\mshidkmdf.sys [8192 2009-07-14] ()
R0 msisadrv; C:\Windows\System32\drivers\msisadrv.sys [15424 2009-07-14] ()
S3 MSKSSRV; C:\Windows\System32\drivers\MSKSSRV.sys [11136 2009-07-14] ()
S3 MSPCLOCK; C:\Windows\System32\drivers\MSPCLOCK.sys [7168 2009-07-14] ()
S3 MSPQM; C:\Windows\System32\drivers\MSPQM.sys [6784 2009-07-14] ()
S3 MsRPC; C:\Windows\System32\Drivers\MsRPC.sys [366976 2010-11-21] ()
R1 mssmbios; C:\Windows\System32\DRIVERS\mssmbios.sys [32320 2009-07-14] ()
S3 MSTEE; C:\Windows\System32\drivers\MSTEE.sys [8064 2009-07-14] ()
S3 MTConfig; C:\Windows\system32\drivers\MTConfig.sys [15360 2009-07-14] ()
R0 Mup; C:\Windows\System32\Drivers\mup.sys [60496 2009-07-14] ()
R3 NativeWifiP; C:\Windows\System32\DRIVERS\nwifi.sys [318976 2009-07-14] ()
R0 NBVol; C:\Windows\System32\DRIVERS\NBVol.sys [72240 2011-12-01] ()
R0 NBVolUp; C:\Windows\System32\DRIVERS\NBVolUp.sys [15920 2011-12-01] ()
R0 NDIS; C:\Windows\System32\drivers\ndis.sys [950128 2012-08-22] ()
S3 NdisCap; C:\Windows\System32\DRIVERS\ndiscap.sys [35328 2009-07-14] ()
R3 NdisTapi; C:\Windows\System32\DRIVERS\ndistapi.sys [24064 2009-07-14] ()
R3 Ndisuio; C:\Windows\System32\DRIVERS\ndisuio.sys [56832 2010-11-21] ()
R3 NdisWan; C:\Windows\System32\DRIVERS\ndiswan.sys [164352 2010-11-21] ()
R3 NDProxy; C:\Windows\System32\Drivers\NDProxy.sys [57856 2010-11-21] ()
R1 NetBIOS; C:\Windows\System32\DRIVERS\netbios.sys [44544 2009-07-14] ()
R1 NetBT; C:\Windows\System32\DRIVERS\netbt.sys [261632 2010-11-21] ()
S3 nfrd960; C:\Windows\system32\drivers\nfrd960.sys [51264 2009-07-14] ()
R1 Npfs; C:\Windows\System32\Drivers\Npfs.sys [44032 2009-07-14] ()
R1 nsiproxy; C:\Windows\System32\drivers\nsiproxy.sys [24576 2009-07-14] ()
R3 Ntfs; C:\Windows\System32\Drivers\Ntfs.sys [1659760 2012-08-31] ()
R1 Null; C:\Windows\System32\Drivers\Null.sys [6144 2009-07-14] ()
S3 nvraid; C:\Windows\system32\drivers\nvraid.sys [148352 2011-03-11] ()
S3 nvstor; C:\Windows\system32\drivers\nvstor.sys [166272 2011-03-11] ()
S3 nv_agp; C:\Windows\system32\drivers\nv_agp.sys [122960 2009-07-14] ()
S3 ohci1394; C:\Windows\system32\drivers\ohci1394.sys [72832 2009-07-14] ()
S3 Parport; C:\Windows\system32\drivers\parport.sys [97280 2009-07-14] ()
R0 partmgr; C:\Windows\System32\drivers\partmgr.sys [75120 2012-03-17] ()
R0 pci; C:\Windows\System32\drivers\pci.sys [184704 2010-11-21] ()
R0 pciide; C:\Windows\System32\DRIVERS\pciide.sys [12352 2009-07-14] ()
S3 pcmcia; C:\Windows\system32\drivers\pcmcia.sys [220752 2009-07-14] ()
R0 pcw; C:\Windows\System32\drivers\pcw.sys [50768 2009-07-14] ()
R2 PEAUTH; C:\Windows\System32\drivers\peauth.sys [651264 2009-07-14] ()
R3 PGEffect; C:\Windows\System32\DRIVERS\pgeffect.sys [38096 2011-02-09] ()
R3 PptpMiniport; C:\Windows\System32\DRIVERS\raspptp.sys [111104 2010-11-21] ()
S3 Processor; C:\Windows\system32\drivers\processr.sys [60416 2009-07-14] ()
R1 Psched; C:\Windows\System32\DRIVERS\pacer.sys [131584 2010-11-21] ()
S3 ql2300; C:\Windows\system32\drivers\ql2300.sys [1524816 2009-07-14] ()
S3 ql40xx; C:\Windows\system32\drivers\ql40xx.sys [128592 2009-07-14] ()
S3 QWAVEdrv; C:\Windows\system32\drivers\qwavedrv.sys [46592 2009-07-14] ()
S3 RasAcd; C:\Windows\System32\DRIVERS\rasacd.sys [14848 2009-07-14] ()
R3 RasAgileVpn; C:\Windows\System32\DRIVERS\AgileVpn.sys [60416 2009-07-14] ()
R3 Rasl2tp; C:\Windows\System32\DRIVERS\rasl2tp.sys [129536 2010-11-21] ()
R3 RasPppoe; C:\Windows\System32\DRIVERS\raspppoe.sys [92672 2009-07-14] ()
R3 RasSstp; C:\Windows\System32\DRIVERS\rassstp.sys [83968 2009-07-14] ()
R1 rdbss; C:\Windows\System32\DRIVERS\rdbss.sys [309248 2010-11-21] ()
S3 rdpbus; C:\Windows\system32\drivers\rdpbus.sys [24064 2009-07-14] ()
R1 RDPCDD; C:\Windows\System32\DRIVERS\RDPCDD.sys [7680 2009-07-14] ()
R1 RDPENCDD; C:\Windows\System32\drivers\rdpencdd.sys [7680 2009-07-14] ()
R1 RDPREFMP; C:\Windows\System32\drivers\rdprefmp.sys [8192 2009-07-14] ()
S3 RDPWD; C:\Windows\System32\Drivers\RDPWD.sys [210944 2012-04-28] ()
R0 rdyboost; C:\Windows\System32\drivers\rdyboost.sys [213888 2011-05-23] ()
S3 Revoflt; C:\Windows\System32\DRIVERS\revoflt.sys [31800 2009-12-30] ()
S3 RFCOMM; C:\Windows\System32\DRIVERS\rfcomm.sys [158720 2009-07-14] ()
R2 rspndr; C:\Windows\System32\DRIVERS\rspndr.sys [76800 2009-07-14] ()
R3 RSUSBSTOR; C:\Windows\System32\Drivers\RtsUStor.sys [251496 2011-08-17] ()
S3 RtkBtFilter; C:\Windows\System32\DRIVERS\RtkBtfilter.sys [21096 2012-01-05] ()
R3 RTL8167; C:\Windows\System32\DRIVERS\Rt64win7.sys [565352 2011-08-24] ()
R3 RTL8192Ce; C:\Windows\System32\DRIVERS\rtwlane.sys [1082472 2012-01-17] ()
S3 sbp2port; C:\Windows\system32\drivers\sbp2port.sys [103808 2010-11-21] ()
S3 scfilter; C:\Windows\System32\DRIVERS\scfilter.sys [29696 2010-11-21] ()
R2 secdrv; C:\Windows\System32\Drivers\secdrv.sys [23040 2009-06-10] ()
S3 Serenum; C:\Windows\system32\drivers\serenum.sys [23552 2009-07-14] ()
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] ()
S3 sermouse; C:\Windows\system32\drivers\sermouse.sys [26624 2009-07-14] ()
S3 sffdisk; C:\Windows\system32\drivers\sffdisk.sys [14336 2009-07-14] ()
S3 sffp_mmc; C:\Windows\system32\drivers\sffp_mmc.sys [13824 2009-07-14] ()
S3 sffp_sd; C:\Windows\system32\drivers\sffp_sd.sys [14336 2010-11-21] ()
S3 sfloppy; C:\Windows\system32\drivers\sfloppy.sys [16896 2009-07-14] ()
R3 Sftfs; C:\Windows\System32\DRIVERS\Sftfslh.sys [764264 2011-10-01] ()
R3 Sftplay; C:\Windows\System32\DRIVERS\Sftplaylh.sys [268648 2011-10-01] ()
R3 Sftredir; C:\Windows\System32\DRIVERS\Sftredirlh.sys [25960 2011-10-01] ()
R3 Sftvol; C:\Windows\System32\DRIVERS\Sftvollh.sys [22376 2011-10-01] ()
S3 SiSRaid2; C:\Windows\system32\drivers\SiSRaid2.sys [43584 2009-07-14] ()
S3 SiSRaid4; C:\Windows\system32\drivers\sisraid4.sys [80464 2009-07-14] ()
S3 Smb; C:\Windows\System32\DRIVERS\smb.sys [93184 2009-07-14] ()
R0 spldr; C:\Windows\System32\Drivers\spldr.sys [19008 2009-07-14] ()
R3 srv; C:\Windows\System32\DRIVERS\srv.sys [467456 2011-04-29] ()
R3 srv2; C:\Windows\System32\DRIVERS\srv2.sys [410112 2011-04-29] ()
R3 srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [168448 2011-04-29] ()
S3 stexstor; C:\Windows\system32\drivers\stexstor.sys [24656 2009-07-14] ()
R3 swenum; C:\Windows\System32\DRIVERS\swenum.sys [12496 2009-07-14] ()
R3 SynTP; C:\Windows\System32\DRIVERS\SynTP.sys [411920 2011-12-19] ()
R0 Tcpip; C:\Windows\System32\drivers\tcpip.sys [1914248 2012-10-03] ()
S3 TCPIP6; C:\Windows\System32\DRIVERS\tcpip.sys [1914248 2012-10-03] ()
R2 tcpipreg; C:\Windows\System32\drivers\tcpipreg.sys [45568 2012-10-03] ()
R3 tdcmdpst; C:\Windows\System32\DRIVERS\tdcmdpst.sys [27784 2009-07-31] ()
S3 TDPIPE; C:\Windows\System32\drivers\tdpipe.sys [15872 2009-07-14] ()
S3 TDTCP; C:\Windows\System32\drivers\tdtcp.sys [23552 2012-02-17] ()
R1 tdx; C:\Windows\System32\DRIVERS\tdx.sys [119296 2010-11-21] ()
R1 TermDD; C:\Windows\System32\DRIVERS\termdd.sys [63360 2010-11-21] ()
S3 tosrfbd; C:\Windows\System32\DRIVERS\tosrfbd.sys [304696 2012-01-30] ()
S3 Tosrfcom; No ImagePath
R3 tosrfec; C:\Windows\System32\DRIVERS\tosrfec.sys [18872 2010-06-19] ()
S3 Tosrfhid; C:\Windows\System32\DRIVERS\Tosrfhid.sys [94528 2010-08-30] ()
S3 Tosrfusb; C:\Windows\System32\DRIVERS\tosrfusb.sys [79040 2011-12-17] ()
R0 tos_sps64; C:\Windows\System32\DRIVERS\tos_sps64.sys [482384 2009-06-24] ()
S3 tssecsrv; C:\Windows\System32\DRIVERS\tssecsrv.sys [39424 2010-11-21] ()
S3 TsUsbFlt; C:\Windows\System32\drivers\tsusbflt.sys [59392 2010-11-21] ()
S3 TsUsbGD; C:\Windows\system32\drivers\TsUsbGD.sys [31232 2010-11-21] ()
S3 tunnel; C:\Windows\System32\DRIVERS\tunnel.sys [125440 2010-11-21] ()
R0 TVALZ; C:\Windows\System32\DRIVERS\TVALZ_O.SYS [26840 2009-07-15] ()
R2 TVALZFL; C:\Windows\System32\DRIVERS\TVALZFL.sys [14472 2009-06-20] ()
S3 uagp35; C:\Windows\system32\drivers\uagp35.sys [64080 2009-07-14] ()
S4 udfs; C:\Windows\System32\DRIVERS\udfs.sys [328192 2010-11-21] ()
S3 uliagpkx; C:\Windows\system32\drivers\uliagpkx.sys [64592 2009-07-14] ()
R3 umbus; C:\Windows\System32\DRIVERS\umbus.sys [48640 2010-11-21] ()
S3 UmPass; C:\Windows\system32\drivers\umpass.sys [9728 2009-07-14] ()
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2013-03-18] ()
R3 usbccgp; C:\Windows\System32\DRIVERS\usbccgp.sys [98816 2011-03-25] ()
S3 usbcir; C:\Windows\system32\drivers\usbcir.sys [100352 2009-07-14] ()
R3 usbehci; C:\Windows\System32\DRIVERS\usbehci.sys [52736 2011-03-25] ()
R3 usbhub; C:\Windows\System32\DRIVERS\usbhub.sys [343040 2011-03-25] ()
S3 usbohci; C:\Windows\system32\drivers\usbohci.sys [25600 2011-03-25] ()
S3 usbprint; C:\Windows\system32\drivers\usbprint.sys [25088 2009-07-14] ()
S3 USBSTOR; C:\Windows\System32\DRIVERS\USBSTOR.SYS [91648 2011-03-11] ()
S3 usbuhci; C:\Windows\system32\drivers\usbuhci.sys [30720 2011-03-25] ()
R3 usbvideo; C:\Windows\System32\Drivers\usbvideo.sys [184960 2010-11-21] ()
R0 vdrvroot; C:\Windows\System32\drivers\vdrvroot.sys [36432 2009-07-14] ()
S3 vga; C:\Windows\System32\DRIVERS\vgapnp.sys [29184 2009-07-14] ()
R1 VgaSave; C:\Windows\System32\drivers\vga.sys [29184 2009-07-14] ()
S3 vhdmp; C:\Windows\system32\drivers\vhdmp.sys [215936 2010-11-21] ()
S3 viaide; C:\Windows\system32\drivers\viaide.sys [17488 2009-07-14] ()
R0 volmgr; C:\Windows\System32\drivers\volmgr.sys [71552 2010-11-21] ()
R0 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [363392 2010-11-21] ()
R0 volsnap; C:\Windows\System32\drivers\volsnap.sys [296320 2011-02-25] ()
S3 vsmraid; C:\Windows\system32\drivers\vsmraid.sys [161872 2009-07-14] ()
R3 vwifibus; C:\Windows\System32\DRIVERS\vwifibus.sys [24576 2009-07-14] ()
R1 vwififlt; C:\Windows\System32\DRIVERS\vwififlt.sys [59904 2009-07-14] ()
S3 WacomPen; C:\Windows\system32\drivers\wacompen.sys [27776 2009-07-14] ()
S3 WANARP; C:\Windows\System32\DRIVERS\wanarp.sys [88576 2010-11-21] ()
R1 Wanarpv6; C:\Windows\System32\DRIVERS\wanarp.sys [88576 2010-11-21] ()
R0 Wd; C:\Windows\System32\drivers\wd.sys [21056 2009-07-14] ()
R0 Wdf01000; C:\Windows\System32\drivers\Wdf01000.sys [785512 2012-07-26] ()
R1 WfpLwf; C:\Windows\System32\DRIVERS\wfplwf.sys [12800 2009-07-14] ()
S3 WIMMount; C:\Windows\System32\drivers\wimmount.sys [22096 2009-07-14] ()
S3 WinUsb; C:\Windows\System32\DRIVERS\WinUsb.sys [41984 2010-11-21] ()
R3 WmiAcpi; C:\Windows\System32\DRIVERS\wmiacpi.sys [14336 2009-07-14] ()
S4 ws2ifsl; C:\Windows\system32\drivers\ws2ifsl.sys [21504 2009-07-14] ()
S3 WudfPf; C:\Windows\System32\drivers\WudfPf.sys [87040 2012-07-26] ()
S3 WUDFRd; C:\Windows\System32\DRIVERS\WUDFRd.sys [198656 2012-07-26] ()
S1 {b99c8534-7800-48fa-bd71-519a46cdc7e1}w64; C:\Windows\System32\drivers\{b99c8534-7800-48fa-bd71-519a46cdc7e1}w64.sys [61120 2014-04-24] (StdLib)
Locked "7588857fcfe95c46" service could not be unlock. <===== ATTENTION
S3 TDEIO; \??\C:\Windows\SysWOW64\sysprep\BOOTPRIO\tdeio64.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-04-25 21:12 - 2014-04-25 21:12 - 00047589 _____ () C:\Users\Jane\Desktop\FRST.txt
2014-04-25 21:11 - 2014-04-25 21:12 - 00000000 ____D () C:\FRST
2014-04-25 21:11 - 2014-04-25 21:11 - 02061824 _____ (Farbar) C:\Users\Jane\Desktop\FRST64.exe
2014-04-25 20:06 - 2014-04-25 20:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-04-25 19:06 - 2014-04-25 19:06 - 00000976 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-04-25 19:06 - 2014-04-25 19:06 - 00000000 ____D () C:\Users\Jane\AppData\Roaming\TuneUp Software
2014-04-25 19:06 - 2014-04-25 19:06 - 00000000 ____D () C:\Users\Jane\AppData\Roaming\AVG2014
2014-04-25 19:06 - 2014-04-25 19:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-04-25 19:05 - 2014-04-25 19:06 - 00000000 ____D () C:\ProgramData\AVG2014
2014-04-25 19:05 - 2014-04-25 19:05 - 00000000 ___HD () C:\$AVG
2014-04-25 19:04 - 2014-04-25 19:04 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-04-25 19:00 - 2014-04-25 20:18 - 00000000 ____D () C:\ProgramData\MFAData
2014-04-25 19:00 - 2014-04-25 19:06 - 00000000 ____D () C:\Users\Jane\AppData\Local\Avg2014
2014-04-25 19:00 - 2014-04-25 19:00 - 00000000 ____D () C:\Users\Jane\AppData\Local\MFAData
2014-04-24 21:57 - 2014-04-24 12:25 - 00061120 _____ (StdLib) C:\windows\system32\Drivers\{b99c8534-7800-48fa-bd71-519a46cdc7e1}w64.sys
2014-04-21 12:29 - 2014-04-21 12:29 - 00001458 _____ () C:\Users\Jane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-04-21 12:29 - 2014-04-20 12:09 - 00001482 _____ () C:\Users\Jane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-04-20 12:09 - 2014-04-20 12:09 - 00001482 _____ () C:\Users\Jane\Desktop\Internet Explorer.lnk
2014-04-18 15:01 - 2014-04-18 15:01 - 00237336 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgidsdrivera.sys
2014-04-12 18:10 - 2014-04-12 18:10 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-04-12 18:07 - 2014-04-12 18:10 - 00001794 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-04-12 18:07 - 2014-04-12 18:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-04-12 18:07 - 2012-08-21 13:01 - 00033240 _____ () C:\windows\system32\Drivers\GEARAspiWDM.sys
2014-04-12 18:06 - 2014-04-12 18:06 - 00000000 ____D () C:\Program Files\iTunes
2014-04-12 18:06 - 2014-04-12 18:06 - 00000000 ____D () C:\Program Files\iPod
2014-04-12 18:06 - 2014-04-12 18:06 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-04-12 18:05 - 2014-04-12 18:05 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-04-12 18:05 - 2014-04-12 18:05 - 00000000 ____D () C:\windows\System32\Tasks\Apple
2014-04-12 18:05 - 2014-04-12 18:05 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-04-12 18:05 - 2014-04-12 18:05 - 00000000 ____D () C:\Program Files\Bonjour
2014-04-12 18:05 - 2014-04-12 18:05 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-04-12 18:05 - 2014-04-12 18:05 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-04-12 17:34 - 2014-04-25 20:35 - 00000288 _____ () C:\windows\Tasks\UpdaterEX.job
2014-04-12 17:34 - 2014-04-21 12:35 - 00003222 _____ () C:\windows\System32\Tasks\UpdaterEX
2014-04-12 17:34 - 2014-04-21 12:35 - 00000076 _____ () C:\Users\Jane\AppData\Roaming\WB.CFG
2014-04-12 17:34 - 2014-04-12 17:34 - 89111376 _____ (Apple Inc.) C:\Users\Jane\Downloads\itunes_setup [1].exe
2014-04-12 17:34 - 2014-04-12 17:34 - 00000000 ____D () C:\Users\Jane\AppData\Roaming\UpdaterEX
2014-04-12 17:31 - 2014-04-22 20:26 - 00000000 ____D () C:\Program Files (x86)\BrowseMark
2014-04-12 17:31 - 2014-04-12 17:31 - 00358193 _____ () C:\Users\Jane\AppData\Local\speedial.crx
2014-03-31 16:20 - 2014-03-31 16:20 - 00274200 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgtdia.sys
2014-03-31 16:06 - 2014-03-31 16:06 - 00130840 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgmfx64.sys
2014-03-27 22:14 - 2014-03-27 22:14 - 00192792 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgidsha.sys
2014-03-27 22:14 - 2014-03-27 22:14 - 00153368 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgdiska.sys
2014-03-27 22:07 - 2014-03-27 22:07 - 00236824 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgldx64.sys
2014-03-27 22:05 - 2014-03-27 22:05 - 00324376 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgloga.sys
2014-03-27 22:03 - 2014-03-27 22:03 - 00032536 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgrkx64.sys
2014-03-26 09:37 - 2014-03-26 09:37 - 00000000 ____D () C:\ProgramData\AVG Secure Search

==================== One Month Modified Files and Folders =======

2014-04-25 21:12 - 2014-04-25 21:12 - 00047589 _____ () C:\Users\Jane\Desktop\FRST.txt
2014-04-25 21:12 - 2014-04-25 21:11 - 00000000 ____D () C:\FRST
2014-04-25 21:11 - 2014-04-25 21:11 - 02061824 _____ (Farbar) C:\Users\Jane\Desktop\FRST64.exe
2014-04-25 20:57 - 2012-05-11 19:52 - 00000912 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-25 20:57 - 2012-05-11 19:52 - 00000908 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-25 20:36 - 2014-01-04 18:48 - 00000346 _____ () C:\windows\Tasks\At90.job
2014-04-25 20:36 - 2014-01-04 18:48 - 00000344 _____ () C:\windows\Tasks\At89.job
2014-04-25 20:36 - 2014-01-04 18:43 - 00000340 _____ () C:\windows\Tasks\At42.job
2014-04-25 20:36 - 2014-01-04 18:43 - 00000338 _____ () C:\windows\Tasks\At41.job
2014-04-25 20:35 - 2014-04-12 17:34 - 00000288 _____ () C:\windows\Tasks\UpdaterEX.job
2014-04-25 20:29 - 2012-05-11 19:47 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-04-25 20:18 - 2014-04-25 19:00 - 00000000 ____D () C:\ProgramData\MFAData
2014-04-25 20:06 - 2014-04-25 20:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-04-25 20:06 - 2012-08-03 19:13 - 00001855 _____ () C:\Users\Public\Desktop\McAfee Internet Security.lnk
2014-04-25 20:01 - 2009-07-14 05:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-25 20:01 - 2009-07-14 05:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-25 19:59 - 2009-07-14 06:13 - 00727182 _____ () C:\windows\system32\PerfStringBackup.INI
2014-04-25 19:54 - 2012-06-22 23:32 - 00000828 _____ () C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2014-04-25 19:54 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-04-25 19:54 - 2009-07-14 05:51 - 00073741 _____ () C:\windows\setupact.log
2014-04-25 19:54 - 2009-07-14 03:34 - 00000537 _____ () C:\windows\win.ini
2014-04-25 19:40 - 2012-05-11 19:26 - 00000000 ____D () C:\ProgramData\Nero
2014-04-25 19:36 - 2014-01-04 18:48 - 00000346 _____ () C:\windows\Tasks\At88.job
2014-04-25 19:36 - 2014-01-04 18:48 - 00000344 _____ () C:\windows\Tasks\At87.job
2014-04-25 19:36 - 2014-01-04 18:43 - 00000340 _____ () C:\windows\Tasks\At40.job
2014-04-25 19:36 - 2014-01-04 18:43 - 00000338 _____ () C:\windows\Tasks\At39.job
2014-04-25 19:06 - 2014-04-25 19:06 - 00000976 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-04-25 19:06 - 2014-04-25 19:06 - 00000000 ____D () C:\Users\Jane\AppData\Roaming\TuneUp Software
2014-04-25 19:06 - 2014-04-25 19:06 - 00000000 ____D () C:\Users\Jane\AppData\Roaming\AVG2014
2014-04-25 19:06 - 2014-04-25 19:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-04-25 19:06 - 2014-04-25 19:05 - 00000000 ____D () C:\ProgramData\AVG2014
2014-04-25 19:06 - 2014-04-25 19:00 - 00000000 ____D () C:\Users\Jane\AppData\Local\Avg2014
2014-04-25 19:05 - 2014-04-25 19:05 - 00000000 ___HD () C:\$AVG
2014-04-25 19:04 - 2014-04-25 19:04 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-04-25 19:00 - 2014-04-25 19:00 - 00000000 ____D () C:\Users\Jane\AppData\Local\MFAData
2014-04-25 18:35 - 2014-01-04 18:48 - 00000346 _____ () C:\windows\Tasks\At86.job
2014-04-25 18:35 - 2014-01-04 18:48 - 00000344 _____ () C:\windows\Tasks\At85.job
2014-04-25 18:35 - 2014-01-04 18:43 - 00000340 _____ () C:\windows\Tasks\At38.job
2014-04-25 18:35 - 2014-01-04 18:43 - 00000338 _____ () C:\windows\Tasks\At37.job
2014-04-25 18:12 - 2014-03-17 20:36 - 00273008 _____ (Microsoft Corporation) C:\ProgramData\vmlqyk.dat
2014-04-24 21:36 - 2014-01-04 18:48 - 00000346 _____ () C:\windows\Tasks\At92.job
2014-04-24 21:36 - 2014-01-04 18:48 - 00000344 _____ () C:\windows\Tasks\At91.job
2014-04-24 21:36 - 2014-01-04 18:43 - 00000340 _____ () C:\windows\Tasks\At44.job
2014-04-24 21:36 - 2014-01-04 18:43 - 00000338 _____ () C:\windows\Tasks\At43.job
2014-04-24 12:25 - 2014-04-24 21:57 - 00061120 _____ (StdLib) C:\windows\system32\Drivers\{b99c8534-7800-48fa-bd71-519a46cdc7e1}w64.sys
2014-04-23 20:58 - 2014-03-07 20:42 - 00000000 ____D () C:\Users\Jane\AppData\Roaming\Ydro
2014-04-23 20:27 - 2013-01-20 16:34 - 00000000 ____D () C:\Users\Jane\AppData\Local\CrashDumps
2014-04-22 20:26 - 2014-04-12 17:31 - 00000000 ____D () C:\Program Files (x86)\BrowseMark
2014-04-21 14:36 - 2014-01-04 18:48 - 00000346 _____ () C:\windows\Tasks\At78.job
2014-04-21 14:36 - 2014-01-04 18:48 - 00000344 _____ () C:\windows\Tasks\At77.job
2014-04-21 14:36 - 2014-01-04 18:42 - 00000340 _____ () C:\windows\Tasks\At30.job
2014-04-21 14:36 - 2014-01-04 18:42 - 00000338 _____ () C:\windows\Tasks\At29.job
2014-04-21 14:11 - 2014-03-07 20:42 - 00000000 ____D () C:\Users\Jane\AppData\Roaming\Avyvut
2014-04-21 12:36 - 2014-01-04 18:48 - 00000346 _____ () C:\windows\Tasks\At74.job
2014-04-21 12:36 - 2014-01-04 18:48 - 00000344 _____ () C:\windows\Tasks\At73.job
2014-04-21 12:36 - 2014-01-04 18:42 - 00000340 _____ () C:\windows\Tasks\At26.job
2014-04-21 12:36 - 2014-01-04 18:42 - 00000338 _____ () C:\windows\Tasks\At25.job
2014-04-21 12:35 - 2014-04-12 17:34 - 00003222 _____ () C:\windows\System32\Tasks\UpdaterEX
2014-04-21 12:35 - 2014-04-12 17:34 - 00000076 _____ () C:\Users\Jane\AppData\Roaming\WB.CFG
2014-04-21 12:29 - 2014-04-21 12:29 - 00001458 _____ () C:\Users\Jane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-04-20 12:09 - 2014-04-21 12:29 - 00001482 _____ () C:\Users\Jane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-04-20 12:09 - 2014-04-20 12:09 - 00001482 _____ () C:\Users\Jane\Desktop\Internet Explorer.lnk
2014-04-18 15:01 - 2014-04-18 15:01 - 00237336 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgidsdrivera.sys
2014-04-12 18:10 - 2014-04-12 18:10 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-04-12 18:10 - 2014-04-12 18:07 - 00001794 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-04-12 18:10 - 2014-04-12 18:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-04-12 18:07 - 2012-06-22 23:29 - 01526159 _____ () C:\windows\WindowsUpdate.log
2014-04-12 18:06 - 2014-04-12 18:06 - 00000000 ____D () C:\Program Files\iTunes
2014-04-12 18:06 - 2014-04-12 18:06 - 00000000 ____D () C:\Program Files\iPod
2014-04-12 18:06 - 2014-04-12 18:06 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-04-12 18:05 - 2014-04-12 18:05 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-04-12 18:05 - 2014-04-12 18:05 - 00000000 ____D () C:\windows\System32\Tasks\Apple
2014-04-12 18:05 - 2014-04-12 18:05 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-04-12 18:05 - 2014-04-12 18:05 - 00000000 ____D () C:\Program Files\Bonjour
2014-04-12 18:05 - 2014-04-12 18:05 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-04-12 18:05 - 2014-04-12 18:05 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-04-12 18:05 - 2012-08-03 19:34 - 00000000 ____D () C:\ProgramData\Apple
2014-04-12 17:36 - 2014-01-04 18:48 - 00000346 _____ () C:\windows\Tasks\At84.job
2014-04-12 17:36 - 2014-01-04 18:48 - 00000344 _____ () C:\windows\Tasks\At83.job
2014-04-12 17:36 - 2014-01-04 18:43 - 00000340 _____ () C:\windows\Tasks\At36.job
2014-04-12 17:36 - 2014-01-04 18:43 - 00000338 _____ () C:\windows\Tasks\At35.job
2014-04-12 17:34 - 2014-04-12 17:34 - 89111376 _____ (Apple Inc.) C:\Users\Jane\Downloads\itunes_setup [1].exe
2014-04-12 17:34 - 2014-04-12 17:34 - 00000000 ____D () C:\Users\Jane\AppData\Roaming\UpdaterEX
2014-04-12 17:31 - 2014-04-12 17:31 - 00358193 _____ () C:\Users\Jane\AppData\Local\speedial.crx
2014-04-12 16:54 - 2010-11-21 04:47 - 00103080 _____ () C:\windows\PFRO.log
2014-04-12 16:36 - 2014-01-04 18:48 - 00000346 _____ () C:\windows\Tasks\At82.job
2014-04-12 16:36 - 2014-01-04 18:48 - 00000344 _____ () C:\windows\Tasks\At81.job
2014-04-12 16:36 - 2014-01-04 18:43 - 00000340 _____ () C:\windows\Tasks\At34.job
2014-04-12 16:36 - 2014-01-04 18:43 - 00000338 _____ () C:\windows\Tasks\At33.job
2014-04-12 11:51 - 2012-06-22 23:32 - 00000830 _____ () C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2014-04-12 11:36 - 2014-01-04 18:48 - 00000346 _____ () C:\windows\Tasks\At72.job
2014-04-12 11:36 - 2014-01-04 18:48 - 00000344 _____ () C:\windows\Tasks\At71.job
2014-04-12 11:36 - 2014-01-04 18:42 - 00000340 _____ () C:\windows\Tasks\At24.job
2014-04-12 11:36 - 2014-01-04 18:42 - 00000338 _____ () C:\windows\Tasks\At23.job
2014-04-07 19:01 - 2012-08-03 18:47 - 00000000 ____D () C:\Users\Jane\AppData\Roaming\Macromedia
2014-04-07 18:59 - 2014-03-17 20:37 - 00213888 _____ (Microsoft Corporation) C:\ProgramData\bnbzkk.dat
2014-04-06 10:36 - 2014-01-04 18:48 - 00000346 _____ () C:\windows\Tasks\At70.job
2014-04-06 10:36 - 2014-01-04 18:48 - 00000344 _____ () C:\windows\Tasks\At69.job
2014-04-06 10:36 - 2014-01-04 18:42 - 00000340 _____ () C:\windows\Tasks\At22.job
2014-04-06 10:36 - 2014-01-04 18:42 - 00000338 _____ () C:\windows\Tasks\At21.job
2014-04-03 21:12 - 2014-03-04 22:35 - 00000000 ____D () C:\Users\Jane\AppData\Roaming\Hihoeq
2014-03-31 16:20 - 2014-03-31 16:20 - 00274200 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgtdia.sys
2014-03-31 16:06 - 2014-03-31 16:06 - 00130840 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgmfx64.sys
2014-03-28 23:36 - 2014-01-04 18:48 - 00000346 _____ () C:\windows\Tasks\At94.job
2014-03-28 23:36 - 2014-01-04 18:48 - 00000344 _____ () C:\windows\Tasks\At93.job
2014-03-28 23:36 - 2014-01-04 18:43 - 00000340 _____ () C:\windows\Tasks\At46.job
2014-03-28 23:36 - 2014-01-04 18:43 - 00000338 _____ () C:\windows\Tasks\At45.job
2014-03-27 22:14 - 2014-03-27 22:14 - 00192792 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgidsha.sys
2014-03-27 22:14 - 2014-03-27 22:14 - 00153368 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgdiska.sys
2014-03-27 22:07 - 2014-03-27 22:07 - 00236824 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgldx64.sys
2014-03-27 22:05 - 2014-03-27 22:05 - 00324376 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgloga.sys
2014-03-27 22:03 - 2014-03-27 22:03 - 00032536 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgrkx64.sys
2014-03-27 14:43 - 2014-01-04 18:48 - 00000346 _____ () C:\windows\Tasks\At76.job
2014-03-27 14:43 - 2014-01-04 18:48 - 00000346 _____ () C:\windows\Tasks\At68.job
2014-03-27 14:43 - 2014-01-04 18:48 - 00000344 _____ () C:\windows\Tasks\At75.job
2014-03-27 14:43 - 2014-01-04 18:48 - 00000344 _____ () C:\windows\Tasks\At67.job
2014-03-27 14:43 - 2014-01-04 18:42 - 00000340 _____ () C:\windows\Tasks\At28.job
2014-03-27 14:43 - 2014-01-04 18:42 - 00000340 _____ () C:\windows\Tasks\At20.job
2014-03-27 14:43 - 2014-01-04 18:42 - 00000338 _____ () C:\windows\Tasks\At27.job
2014-03-27 14:43 - 2014-01-04 18:42 - 00000338 _____ () C:\windows\Tasks\At19.job
2014-03-27 09:53 - 2014-01-04 18:48 - 00000346 _____ () C:\windows\Tasks\At66.job
2014-03-27 09:53 - 2014-01-04 18:48 - 00000344 _____ () C:\windows\Tasks\At65.job
2014-03-27 09:53 - 2014-01-04 18:42 - 00000340 _____ () C:\windows\Tasks\At18.job
2014-03-27 09:53 - 2014-01-04 18:42 - 00000338 _____ () C:\windows\Tasks\At17.job
2014-03-27 09:19 - 2014-01-04 18:48 - 00000346 _____ () C:\windows\Tasks\At96.job
2014-03-27 09:19 - 2014-01-04 18:48 - 00000346 _____ () C:\windows\Tasks\At50.job
2014-03-27 09:19 - 2014-01-04 18:48 - 00000344 _____ () C:\windows\Tasks\At95.job
2014-03-27 09:19 - 2014-01-04 18:48 - 00000344 _____ () C:\windows\Tasks\At49.job
2014-03-27 09:19 - 2014-01-04 18:43 - 00000340 _____ () C:\windows\Tasks\At48.job
2014-03-27 09:19 - 2014-01-04 18:43 - 00000338 _____ () C:\windows\Tasks\At47.job
2014-03-27 09:19 - 2014-01-04 18:42 - 00000340 _____ () C:\windows\Tasks\At2.job
2014-03-27 09:19 - 2014-01-04 18:42 - 00000338 _____ () C:\windows\Tasks\At1.job
2014-03-26 16:36 - 2014-01-04 18:48 - 00000346 _____ () C:\windows\Tasks\At80.job
2014-03-26 16:36 - 2014-01-04 18:48 - 00000344 _____ () C:\windows\Tasks\At79.job
2014-03-26 16:36 - 2014-01-04 18:43 - 00000340 _____ () C:\windows\Tasks\At32.job
2014-03-26 16:36 - 2014-01-04 18:43 - 00000338 _____ () C:\windows\Tasks\At31.job
2014-03-26 09:37 - 2014-03-26 09:37 - 00000000 ____D () C:\ProgramData\AVG Secure Search
2014-03-26 09:37 - 2012-08-03 19:45 - 00000000 ____D () C:\Program Files (x86)\AVG Secure Search

ZeroAccess:
C:\Windows\Installer\{7f713b70-b782-cb28-f127-f606e4854023}

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-3375270117-1701423841-1695564353-1000\$7f713b70b782cb28f127f606e4854023

ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$7f713b70b782cb28f127f606e4854023

Files to move or delete:
====================
C:\ProgramData\9499927.bat
C:\ProgramData\9499927.pad
C:\ProgramData\9499927.reg
C:\ProgramData\bnbzkk.dat
C:\ProgramData\vmlqyk.dat
C:\Windows\Tasks\At1.job
C:\Windows\Tasks\At10.job
C:\Windows\Tasks\At11.job
C:\Windows\Tasks\At12.job
C:\Windows\Tasks\At13.job
C:\Windows\Tasks\At14.job
C:\Windows\Tasks\At15.job
C:\Windows\Tasks\At16.job
C:\Windows\Tasks\At17.job
C:\Windows\Tasks\At18.job
C:\Windows\Tasks\At19.job
C:\Windows\Tasks\At2.job
C:\Windows\Tasks\At20.job
C:\Windows\Tasks\At21.job
C:\Windows\Tasks\At22.job
C:\Windows\Tasks\At23.job
C:\Windows\Tasks\At24.job
C:\Windows\Tasks\At25.job
C:\Windows\Tasks\At26.job
C:\Windows\Tasks\At27.job
C:\Windows\Tasks\At28.job
C:\Windows\Tasks\At29.job
C:\Windows\Tasks\At3.job
C:\Windows\Tasks\At30.job
C:\Windows\Tasks\At31.job
C:\Windows\Tasks\At32.job
C:\Windows\Tasks\At33.job
C:\Windows\Tasks\At34.job
C:\Windows\Tasks\At35.job
C:\Windows\Tasks\At36.job
C:\Windows\Tasks\At37.job
C:\Windows\Tasks\At38.job
C:\Windows\Tasks\At39.job
C:\Windows\Tasks\At4.job
C:\Windows\Tasks\At40.job
C:\Windows\Tasks\At41.job
C:\Windows\Tasks\At42.job
C:\Windows\Tasks\At43.job
C:\Windows\Tasks\At44.job
C:\Windows\Tasks\At45.job
C:\Windows\Tasks\At46.job
C:\Windows\Tasks\At47.job
C:\Windows\Tasks\At48.job
C:\Windows\Tasks\At49.job
C:\Windows\Tasks\At5.job
C:\Windows\Tasks\At50.job
C:\Windows\Tasks\At51.job
C:\Windows\Tasks\At52.job
C:\Windows\Tasks\At53.job
C:\Windows\Tasks\At54.job
C:\Windows\Tasks\At55.job
C:\Windows\Tasks\At56.job
C:\Windows\Tasks\At57.job
C:\Windows\Tasks\At58.job
C:\Windows\Tasks\At59.job
C:\Windows\Tasks\At6.job
C:\Windows\Tasks\At60.job
C:\Windows\Tasks\At61.job
C:\Windows\Tasks\At62.job
C:\Windows\Tasks\At63.job
C:\Windows\Tasks\At64.job
C:\Windows\Tasks\At65.job
C:\Windows\Tasks\At66.job
C:\Windows\Tasks\At67.job
C:\Windows\Tasks\At68.job
C:\Windows\Tasks\At69.job
C:\Windows\Tasks\At7.job
C:\Windows\Tasks\At70.job
C:\Windows\Tasks\At71.job
C:\Windows\Tasks\At72.job
C:\Windows\Tasks\At73.job
C:\Windows\Tasks\At74.job
C:\Windows\Tasks\At75.job
C:\Windows\Tasks\At76.job
C:\Windows\Tasks\At77.job
C:\Windows\Tasks\At78.job
C:\Windows\Tasks\At79.job
C:\Windows\Tasks\At8.job
C:\Windows\Tasks\At80.job
C:\Windows\Tasks\At81.job
C:\Windows\Tasks\At82.job
C:\Windows\Tasks\At83.job
C:\Windows\Tasks\At84.job
C:\Windows\Tasks\At85.job
C:\Windows\Tasks\At86.job
C:\Windows\Tasks\At87.job
C:\Windows\Tasks\At88.job
C:\Windows\Tasks\At89.job
C:\Windows\Tasks\At9.job
C:\Windows\Tasks\At90.job
C:\Windows\Tasks\At91.job
C:\Windows\Tasks\At92.job
C:\Windows\Tasks\At93.job
C:\Windows\Tasks\At94.job
C:\Windows\Tasks\At95.job
C:\Windows\Tasks\At96.job

Some content of TEMP:
====================
C:\Users\Jane\AppData\Local\Temp\11963-.exe
C:\Users\Jane\AppData\Local\Temp\44C9.tmp.exe
C:\Users\Jane\AppData\Local\Temp\avguidx.dll
C:\Users\Jane\AppData\Local\Temp\CommonInstaller.exe
C:\Users\Jane\AppData\Local\Temp\InstallFlashPlayer.exe
C:\Users\Jane\AppData\Local\Temp\MachineIdCreator.exe
C:\Users\Jane\AppData\Local\Temp\oi_{E311D78D-62AA-4616-A8EF-C6587CD3C04E}.exe
C:\Users\Jane\AppData\Local\Temp\Soft32_Stub_5741(79).exe
C:\Users\Jane\AppData\Local\Temp\Soft32_Stub_5741.exe
C:\Users\Jane\AppData\Local\Temp\ToolbarInstaller.exe
C:\Users\Jane\AppData\Local\Temp\vwcri8yd.dll
C:\Users\Jane\AppData\Local\Temp\yynsguckksgteqkpijj.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2012-05-11 18:41] - [2011-02-25 07:25] - 0296320 ____A () D41D8CD98F00B204E9800998ECF8427E

C:\Windows\System32\Drivers\volsnap.sys No Company Name <===== ATTENTION!

 

testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION!

LastRegBack: 2014-03-14 23:22

==================== End Of Log ============================

Link to post
Share on other sites

sorry not sure how to attach so addition copy and paste is as follows :-

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-04-2014 03
Ran by Jane at 2014-04-25 21:12:48
Running from C:\Users\Jane\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

==================== Installed Programs ======================

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.0.3.13070 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 2.0.3.13070 - Adobe Systems Inc.) Hidden
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4577 - AVG Technologies)
AVG 2014 (Version: 14.0.3920 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4577 - AVG Technologies) Hidden
AVG Security Toolbar (HKLM-x32\...\AVG Secure Search) (Version: 18.0.5.292 - AVG Technologies)
BBC iPlayer Desktop (HKLM-x32\...\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1) (Version: 3.0.7 - British Broadcasting Corp.)
BBC iPlayer Desktop (x32 Version: 3.0.7 - British Broadcasting Corp.) Hidden
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v9.00.00(T) - TOSHIBA CORPORATION)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BrowseMark (HKLM\...\BrowseMark) (Version: 2014.04.12.002348 - BrowseMark) <==== ATTENTION
Cake Mania (x32 Version: 2.2.0.98 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Extended Update (HKCU\...\UpdaterEX) (Version:  - Extended Update)
Fotogalleri (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Fotogalleriet (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 12.0.742.91 - Google Inc.)
Google Update Helper (x32 Version: 1.3.21.57 - Google Inc.) Hidden
iLivid (HKCU\...\iLivid) (Version: 5.0.0.4408 - Bandoo Media Inc) <==== ATTENTION
Insaniquarium Deluxe (x32 Version: 2.2.0.97 - WildTangent) Hidden
Intel® Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.35342 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.3.1427 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2712 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.1.209 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java Auto Updater (x32 Version: 2.0.6.1 - Sun Microsystems, Inc.) Hidden
Java 6 Update 30 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216030FF}) (Version: 6.0.300 - Oracle)
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 1.70.0.1100 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.70.0.1100 - Malwarebytes Corporation)
McAfee Internet Security (HKLM-x32\...\MSC) (Version: 12.1.323 - McAfee, Inc.)
McAfee Virtual Technician (HKLM-x32\...\McAfee Virtual Technician) (Version: 6.5.0.2101 - McAfee, Inc.)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5139.5005 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.1.10329.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 16.4.6010.0727 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1108.0727 - Microsoft) Hidden
Mystery P.I. - The London Caper (x32 Version: 2.2.0.95 - WildTangent) Hidden
Nero Backup Drivers (HKLM\...\{D600D357-5CB9-4DE9-8FD4-14E208BD1970}) (Version: 1.0.11100.8.0 - Nero AG)
Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Premium Sound HD (HKLM\...\{3007FF9F-5B2C-41FF-8BFC-08BF25DB2681}) (Version: 1.12.1800 - SRS Labs, Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6597 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7601.30130 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0016 - REALTEK Semiconductor Corp.)
Revo Uninstaller 1.94 (HKLM-x32\...\Revo Uninstaller) (Version: 1.94 - VS Revo Group)
Revo Uninstaller Pro 3.0.2 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.0.2 - VS Revo Group, Ltd.)
RtkClassFilter (HKLM-x32\...\InstallShield_{8220FCF2-A57F-4236-BFCC-C6C2268E851E}) (Version: 1.2.1.4 - REALTEK Semiconductor Corp)
RtkClassFilter (x32 Version: 1.2.1.4 - REALTEK Semiconductor Corp) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype™ 5.10 (HKLM-x32\...\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}) (Version: 5.10.116 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.38.2 - Synaptics Incorporated)
TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.2.3.0 - TOSHIBA CORPORATION)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.11 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM\...\{2C486987-D447-4E36-8D61-86E48E24199C}) (Version: 1.3.10.64 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (HKLM-x32\...\{2FD5D2C5-A7A1-4065-89BA-90542BF7CCD3}) (Version: 2.00.0020 - TOSHIBA)
TOSHIBA HDD/SSD Alert (HKLM\...\{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.11 - TOSHIBA Corporation)
Toshiba Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.04 - TOSHIBA)
TOSHIBA Media Controller (HKLM-x32\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.87.5 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.7.7 - TOSHIBA CORPORATION)
TOSHIBA Online Product Information (HKLM-x32\...\{2290A680-4083-410A-ADCC-7092C67FC052}) (Version: 4.01.0000 - TOSHIBA)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.15.64 - TOSHIBA Corporation)
TOSHIBA Places Icon Utility (HKLM-x32\...\{461F6F0D-7173-4902-9604-AB1A29108AF2}) (Version: 1.1.1.4 - TOSHIBA Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.6.52020009 - TOSHIBA CORPORATION)
TOSHIBA Recovery Media Creator Reminder (HKLM-x32\...\InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}) (Version: 1.00.0019 - TOSHIBA)
TOSHIBA Recovery Media Creator Reminder (x32 Version: 1.00.0019 - TOSHIBA) Hidden
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.1.2004 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.13 - TOSHIBA)
TOSHIBA Supervisor Password (HKLM-x32\...\{119826A8-4EF6-4BE5-A88B-D2D81FA7CEE2}) (Version: 2.00.0009 - TOSHIBA)
TOSHIBA TEMPRO (HKLM-x32\...\{F082CB11-4794-4259-99A1-D91BA762AD15}) (Version: 3.35 - Toshiba Europe GmbH)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.6.0021.640203 - TOSHIBA Corporation)
TOSHIBA Value Added Package (Version: 1.6.0021.640203 - TOSHIBA Corporation) Hidden
TOSHIBA Value Added Package (x32 Version: 1.6.0021.640203 - TOSHIBA Corporation) Hidden
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.3.33 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (x32 Version: 2.0.3.33 - TOSHIBA Corporation) Hidden
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Valokuvavalikoima (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden
VirtualDJ Home FREE (HKLM-x32\...\{B515962D-C979-44AC-9912-F7BB499B4B2C}) (Version: 7.3 - Atomix Productions)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WildTangent Games (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.2.5 - WildTangent)
WildTangent Games App (Toshiba Games) (x32 Version: 4.0.5.36 - WildTangent) Hidden
Windows Driver Package - Realtek Semiconductor Corp. RtkBtFilter Bluetooth  (12/02/2011 2.3.8.1) (HKLM\...\EA90D42054890B3938D0BEF1E8A316D20C6D6003) (Version: 12/02/2011 2.3.8.1 - Realtek Semiconductor Corp.)
Windows Live Communications Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Family Safety (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Fotogalleri (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Liven peruspaketti (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Liven sähköposti (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden

==================== Restore Points  =========================

==================== Hosts content: ==========================

2009-07-14 03:34 - 2014-03-02 18:03 - 00001391 _RASH C:\windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
79.142.66.242 www.google-analytics.com.
79.142.66.242 google-analytics.com.
79.142.66.242 connect.facebook.net.
79.142.66.242 www.google-analytics.com.
79.142.66.242 google-analytics.com.
79.142.66.242 connect.facebook.net.

==================== Scheduled Tasks (whitelisted) =============

Task: {00D1345A-ED78-417A-A4E7-25E4F4BBA1CF} - System32\Tasks\At22 => C:\windows\Fonts\448a2.com
Task: {02F14141-0CCE-48FB-A0C4-D53DDD1437C7} - System32\Tasks\tyhnralfsk => C:\windows\Fonts\448a2.com
Task: {03ABA97F-B3EE-401A-82D8-877F14869F43} - System32\Tasks\At65 => C:\windows\system32\448a2.com
Task: {05F0D8D2-7F9D-445E-9A5B-3D73324A45F7} - System32\Tasks\At42 => C:\windows\Fonts\448a2.com
Task: {0755E5BC-896B-440D-A8CA-DBB73AE9CA9A} - System32\Tasks\At7 => C:\windows\Fonts\448a2.com
Task: {09EC32C1-BDE3-4DA0-9330-18E69078D9E0} - System32\Tasks\At69 => C:\windows\system32\448a2.com
Task: {0A1BEADF-01A2-4133-BCFC-2EDEE9C02687} - System32\Tasks\At74 => C:\windows\system32\448a2.com
Task: {0CA02E26-D687-45D0-8B4B-573D7F4B37DE} - System32\Tasks\At28 => C:\windows\Fonts\448a2.com
Task: {0DC6F1BF-F106-466E-ADCE-699640F7CA24} - System32\Tasks\At79 => C:\windows\system32\448a2.com
Task: {10EA5825-5473-45C1-B6D5-64C4F3A334CC} - System32\Tasks\At72 => C:\windows\system32\448a2.com
Task: {191712DF-0324-4276-8FEA-57419BEE328F} - System32\Tasks\At93 => C:\windows\system32\448a2.com
Task: {1A4553AC-C374-4931-855D-1624769D950B} - System32\Tasks\At27 => C:\windows\Fonts\448a2.com
Task: {1AB1556B-9946-4030-B07C-A2EAECDE1223} - System32\Tasks\At33 => C:\windows\Fonts\448a2.com
Task: {1F088D33-6287-4434-B76A-6E1DA7064E63} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {1F6FE218-4A28-4533-BAEA-D17996FC41C6} - System32\Tasks\At3 => C:\windows\Fonts\448a2.com
Task: {23894463-BCE2-47B8-8710-8A6184A264AC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-05-11] (Google Inc.)
Task: {24A34AD7-50D6-4183-8E7B-9C2C5C75F43D} - System32\Tasks\At95 => C:\windows\system32\448a2.com
Task: {265C6FC7-1DDA-4634-81DB-D0B8F64E5986} - System32\Tasks\At70 => C:\windows\system32\448a2.com
Task: {2744695B-68DA-4E66-89B3-20D49E82B523} - System32\Tasks\At45 => C:\windows\Fonts\448a2.com
Task: {2AEE24A0-EBBB-4748-B640-A63645C8FD99} - System32\Tasks\At13 => C:\windows\Fonts\448a2.com
Task: {2B5B4257-914D-4D07-A57D-11A2480A71EC} - System32\Tasks\At16 => C:\windows\Fonts\448a2.com
Task: {2BB1DC69-765E-42E6-A090-5F25BEA40532} - System32\Tasks\At50 => C:\windows\system32\448a2.com
Task: {2C2D65BE-EE79-4EF2-8EDB-24137E005415} - System32\Tasks\At37 => C:\windows\Fonts\448a2.com
Task: {2D01EDA8-E8CE-4514-B6C8-4E02D620C758} - System32\Tasks\At73 => C:\windows\system32\448a2.com
Task: {2E2CC2A2-687E-4BC3-94B4-AC244C3452A9} - System32\Tasks\At12 => C:\windows\Fonts\448a2.com
Task: {2E667705-8565-4F01-91D5-4EF320D6001C} - System32\Tasks\At63 => C:\windows\system32\448a2.com
Task: {2FE788DA-4AD5-415D-8A6C-B1558E52E4DC} - System32\Tasks\At51 => C:\windows\system32\448a2.com
Task: {30A24F5A-C261-491F-B43F-8568A08450C6} - System32\Tasks\At59 => C:\windows\system32\448a2.com
Task: {326134BA-86D3-4A54-A344-13D1BA3C8827} - System32\Tasks\At47 => C:\windows\Fonts\448a2.com
Task: {34568656-9950-4C6D-A0A6-67F7ABD0FD72} - System32\Tasks\At83 => C:\windows\system32\448a2.com
Task: {3A87992B-293D-4F40-AC64-EBB9ECBB4E3A} - System32\Tasks\At11 => C:\windows\Fonts\448a2.com
Task: {3EE136DC-621A-499D-8FF7-6F44B5CC60FC} - System32\Tasks\At58 => C:\windows\system32\448a2.com
Task: {4B3E3FA3-A43C-4E44-A862-854D44AEE182} - System32\Tasks\At10 => C:\windows\Fonts\448a2.com
Task: {501E7D06-0CDC-490B-976F-2C7682CEE46F} - System32\Tasks\At54 => C:\windows\system32\448a2.com
Task: {53E2FEB0-5550-4D89-9086-4843F808D872} - System32\Tasks\At66 => C:\windows\system32\448a2.com
Task: {56910D40-FE28-49CB-A50E-F82742AA0E9C} - System32\Tasks\At25 => C:\windows\Fonts\448a2.com
Task: {575569C9-F7BE-49CB-9A0A-99BDB47D1F26} - System32\Tasks\At82 => C:\windows\system32\448a2.com
Task: {5844427B-5442-4D05-A4E7-2BA20ABE2695} - System32\Tasks\At61 => C:\windows\system32\448a2.com
Task: {59505824-D78B-474F-8CDB-2CBF283CEA08} - System32\Tasks\At17 => C:\windows\Fonts\448a2.com
Task: {5A4FBE05-2F01-4971-8914-B00438DCC290} - System32\Tasks\At85 => C:\windows\system32\448a2.com
Task: {5D7133DC-B1EA-43E3-85FA-791D8BFB6DEA} - System32\Tasks\At35 => C:\windows\Fonts\448a2.com
Task: {643CFFC2-4BF2-4517-A88D-10ABAA9666F7} - System32\Tasks\At71 => C:\windows\system32\448a2.com
Task: {66A9A162-BE2D-4F62-9522-690EF0925245} - System32\Tasks\At48 => C:\windows\Fonts\448a2.com
Task: {66F4B13D-1C8D-4FA0-AA4D-DF9B9D690A0C} - System32\Tasks\At39 => C:\windows\Fonts\448a2.com
Task: {6718DFF2-7A54-4E65-AC5C-EDB33EC75EAA} - System32\Tasks\At40 => C:\windows\Fonts\448a2.com
Task: {6A550EB9-4837-4C75-BD81-E29D2C1D54D8} - System32\Tasks\At32 => C:\windows\Fonts\448a2.com
Task: {6B02CCBE-B4A4-489F-8EBF-70A58866EB69} - System32\Tasks\At87 => C:\windows\system32\448a2.com
Task: {6DCF96A2-F0E9-48AB-AAF3-72DC36C0CB63} - System32\Tasks\At19 => C:\windows\Fonts\448a2.com
Task: {760A62A4-87AD-4EB8-8E56-D81B7E681672} - System32\Tasks\At5 => C:\windows\Fonts\448a2.com
Task: {776A9BB9-C1E1-41D9-9ABD-129E401200B3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-12] (Adobe Systems Incorporated)
Task: {7968386E-5BDA-42E0-8C22-E49050F81CC8} - System32\Tasks\At23 => C:\windows\Fonts\448a2.com
Task: {7BB881BA-BB68-4305-ACC3-CF23FAF9D617} - System32\Tasks\At34 => C:\windows\Fonts\448a2.com
Task: {7C1EB0D3-DE86-44EC-803D-7937F47232C7} - System32\Tasks\At84 => C:\windows\system32\448a2.com
Task: {7E19CE87-B91E-4F18-8BA9-95FE3E9226B3} - System32\Tasks\At44 => C:\windows\Fonts\448a2.com
Task: {7F1BD4F2-F0FA-46A1-B511-B4C6C1709AD9} - System32\Tasks\At68 => C:\windows\system32\448a2.com
Task: {7F41FF6D-FAE4-459A-80C8-95E922FFF6A2} - System32\Tasks\At78 => C:\windows\system32\448a2.com
Task: {808A776E-9FF9-4DF5-8F15-EE106730D04D} - System32\Tasks\At41 => C:\windows\Fonts\448a2.com
Task: {80DFC028-EBDB-4FD3-9BAA-F0D71DD62E39} - System32\Tasks\At38 => C:\windows\Fonts\448a2.com
Task: {8BB8B168-79A9-4E2B-8C9E-1093E17C73FF} - System32\Tasks\At92 => C:\windows\system32\448a2.com
Task: {8E497F8F-BDB4-4130-B47E-2D410F9783E6} - System32\Tasks\At96 => C:\windows\system32\448a2.com
Task: {8F65B406-87DE-476A-AE40-587E7AE02929} - System32\Tasks\At49 => C:\windows\system32\448a2.com
Task: {93D29816-5AEB-4989-B238-634D40753BD1} - System32\Tasks\At6 => C:\windows\Fonts\448a2.com
Task: {9868AEB1-5C63-4596-8FD6-3B82F0624121} - System32\Tasks\At24 => C:\windows\Fonts\448a2.com
Task: {99B5714C-53DB-467F-A66C-4F1F2FAA7816} - System32\Tasks\At4 => C:\windows\Fonts\448a2.com
Task: {9C33C884-049C-43D8-BE02-F6C47532C9AA} - System32\Tasks\At76 => C:\windows\system32\448a2.com
Task: {9C957211-4889-4375-8677-927066EC490E} - System32\Tasks\At81 => C:\windows\system32\448a2.com
Task: {9FEC7B7C-58CA-451E-8C6D-EA5E14475D8D} - System32\Tasks\At55 => C:\windows\system32\448a2.com
Task: {A012D646-C4AF-4114-BC64-B4F78C165662} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {A174E0D8-A7B8-4A93-8F89-033A8C8E5204} - System32\Tasks\At67 => C:\windows\system32\448a2.com
Task: {A2E24D84-CE77-4ABC-BD58-3CBF49A0EAD8} - System32\Tasks\At46 => C:\windows\Fonts\448a2.com
Task: {A5CD25A2-12CB-4E76-9FE8-D3F2C5630EE0} - System32\Tasks\At53 => C:\windows\system32\448a2.com
Task: {A7803C22-4FCC-4A01-BE72-191025E5ABEE} - System32\Tasks\At30 => C:\windows\Fonts\448a2.com
Task: {A7D35D65-284B-4C15-8374-A9431BDEDE86} - System32\Tasks\At43 => C:\windows\Fonts\448a2.com
Task: {A873F701-B24C-494B-8795-C78BF7678B6F} - System32\Tasks\At15 => C:\windows\Fonts\448a2.com
Task: {A98FF0E1-CF37-496C-8CDB-E99A79BDE623} - System32\Tasks\At75 => C:\windows\system32\448a2.com
Task: {AB99F807-7D1F-490A-97CF-DAD0BA46FE4F} - System32\Tasks\At86 => C:\windows\system32\448a2.com
Task: {B180E1A6-586F-468A-848C-67CA88E80C03} - System32\Tasks\At80 => C:\windows\system32\448a2.com
Task: {B2BB7F44-49F9-4EBF-9DE2-DB09D59C31B6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-05-11] (Google Inc.)
Task: {B38FBD32-2142-42B7-AB99-2A63EDCB8CEB} - System32\Tasks\At1 => C:\windows\Fonts\448a2.com
Task: {B51AEBF7-23C4-4B9A-A1B8-4D31DA497BB2} - System32\Tasks\UpdaterEX => C:\Users\Jane\AppData\Roaming\UpdaterEX\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION
Task: {B5E9D747-398A-47AF-8B66-C84EF9CF7171} - System32\Tasks\At26 => C:\windows\Fonts\448a2.com
Task: {B862E35E-3510-4CE2-8D82-5BC411455E21} - System32\Tasks\At64 => C:\windows\system32\448a2.com
Task: {B9FDFF44-3BD9-4A04-91D6-2F6E940982F0} - System32\Tasks\At89 => C:\windows\system32\448a2.com
Task: {BD221496-5204-42FA-AD0F-403321CBE82D} - System32\Tasks\At91 => C:\windows\system32\448a2.com
Task: {BDA27AC1-EB6B-4DE6-9351-8F52033D9E5D} - System32\Tasks\At60 => C:\windows\system32\448a2.com
Task: {BDDFF6FE-3CE4-4C3C-8E1C-F9C54FEBFF28} - System32\Tasks\At90 => C:\windows\system32\448a2.com
Task: {C077ABF5-E5CE-418E-872F-34D205915471} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {C1298356-8B89-4614-AB70-75EA75DAA178} - System32\Tasks\At18 => C:\windows\Fonts\448a2.com
Task: {C2E22E01-584C-4FA7-BB41-CBC3DA1E7676} - System32\Tasks\At14 => C:\windows\Fonts\448a2.com
Task: {C5968907-B464-4B77-A2C3-6D3B8ACD8B3F} - System32\Tasks\grtnboawjc => C:\windows\system32\448a2.com
Task: {C8C89A01-8E15-4C76-8AE9-42D4416EDB13} - System32\Tasks\At77 => C:\windows\system32\448a2.com
Task: {D90D409E-BD74-4356-B6F1-5BA958FD3ACD} - System32\Tasks\At36 => C:\windows\Fonts\448a2.com
Task: {DA29D939-B120-4347-B3CB-5AFD4CF682A8} - System32\Tasks\At56 => C:\windows\system32\448a2.com
Task: {DB31722D-AE06-4595-BF10-E78B3FFDACF6} - System32\Tasks\At2 => C:\windows\Fonts\448a2.com
Task: {DD97D661-CABE-4338-BA9E-F753E72C45CF} - System32\Tasks\At57 => C:\windows\system32\448a2.com
Task: {E14E3A97-61E6-4F59-A3DB-E8E41F80D9C6} - System32\Tasks\At21 => C:\windows\Fonts\448a2.com
Task: {E22BD1BB-4A4E-4D76-A71A-614954DF9172} - System32\Tasks\At29 => C:\windows\Fonts\448a2.com
Task: {E2F302BD-A930-4BE3-BC83-F601F903AB0A} - System32\Tasks\At8 => C:\windows\Fonts\448a2.com
Task: {E4BFA9A7-2850-4A37-AC00-A43C41DFCEDE} - System32\Tasks\At31 => C:\windows\Fonts\448a2.com
Task: {E5764E7C-39C6-4910-9B57-A2093ABA3D9B} - System32\Tasks\At9 => C:\windows\Fonts\448a2.com
Task: {E640B624-A7FA-48E7-843C-8F10F4F5F8F8} - System32\Tasks\At62 => C:\windows\system32\448a2.com
Task: {F74C921A-0506-47F3-B295-62E9F375CC67} - System32\Tasks\At20 => C:\windows\Fonts\448a2.com
Task: {F99C341F-FC3B-48C8-A51E-5F354BE98739} - System32\Tasks\At94 => C:\windows\system32\448a2.com
Task: {F9D671AA-506C-420D-BE74-8A01DB36346B} - System32\Tasks\At88 => C:\windows\system32\448a2.com
Task: {FD795EF3-3B72-4914-AF46-E3DA2EDE4418} - System32\Tasks\At52 => C:\windows\system32\448a2.com
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\At1.job => ?
Task: C:\windows\Tasks\At10.job => ?
Task: C:\windows\Tasks\At11.job => ?
Task: C:\windows\Tasks\At12.job => ?
Task: C:\windows\Tasks\At13.job => ?
Task: C:\windows\Tasks\At14.job => ?
Task: C:\windows\Tasks\At15.job => ?
Task: C:\windows\Tasks\At16.job => ?
Task: C:\windows\Tasks\At17.job => ?
Task: C:\windows\Tasks\At18.job => ?
Task: C:\windows\Tasks\At19.job => ?
Task: C:\windows\Tasks\At2.job => ?
Task: C:\windows\Tasks\At20.job => ?
Task: C:\windows\Tasks\At21.job => ?
Task: C:\windows\Tasks\At22.job => ?
Task: C:\windows\Tasks\At23.job => ?
Task: C:\windows\Tasks\At24.job => ?
Task: C:\windows\Tasks\At25.job => ?
Task: C:\windows\Tasks\At26.job => ?
Task: C:\windows\Tasks\At27.job => ?
Task: C:\windows\Tasks\At28.job => ?
Task: C:\windows\Tasks\At29.job => ?
Task: C:\windows\Tasks\At3.job => ?
Task: C:\windows\Tasks\At30.job => ?
Task: C:\windows\Tasks\At31.job => ?
Task: C:\windows\Tasks\At32.job => ?
Task: C:\windows\Tasks\At33.job => ?
Task: C:\windows\Tasks\At34.job => ?
Task: C:\windows\Tasks\At35.job => ?
Task: C:\windows\Tasks\At36.job => ?
Task: C:\windows\Tasks\At37.job => ?
Task: C:\windows\Tasks\At38.job => ?
Task: C:\windows\Tasks\At39.job => ?
Task: C:\windows\Tasks\At4.job => ?
Task: C:\windows\Tasks\At40.job => ?
Task: C:\windows\Tasks\At41.job => ?
Task: C:\windows\Tasks\At42.job => ?
Task: C:\windows\Tasks\At43.job => ?
Task: C:\windows\Tasks\At44.job => ?
Task: C:\windows\Tasks\At45.job => ?
Task: C:\windows\Tasks\At46.job => ?
Task: C:\windows\Tasks\At47.job => ?
Task: C:\windows\Tasks\At48.job => ?
Task: C:\windows\Tasks\At49.job => ?
Task: C:\windows\Tasks\At5.job => ?
Task: C:\windows\Tasks\At50.job => ?
Task: C:\windows\Tasks\At51.job => ?
Task: C:\windows\Tasks\At52.job => ?
Task: C:\windows\Tasks\At53.job => ?
Task: C:\windows\Tasks\At54.job => ?
Task: C:\windows\Tasks\At55.job => ?
Task: C:\windows\Tasks\At56.job => ?
Task: C:\windows\Tasks\At57.job => ?
Task: C:\windows\Tasks\At58.job => ?
Task: C:\windows\Tasks\At59.job => ?
Task: C:\windows\Tasks\At6.job => ?
Task: C:\windows\Tasks\At60.job => ?
Task: C:\windows\Tasks\At61.job => ?
Task: C:\windows\Tasks\At62.job => ?
Task: C:\windows\Tasks\At63.job => ?
Task: C:\windows\Tasks\At64.job => ?
Task: C:\windows\Tasks\At65.job => ?
Task: C:\windows\Tasks\At66.job => ?
Task: C:\windows\Tasks\At67.job => ?
Task: C:\windows\Tasks\At68.job => ?
Task: C:\windows\Tasks\At69.job => ?
Task: C:\windows\Tasks\At7.job => ?
Task: C:\windows\Tasks\At70.job => ?
Task: C:\windows\Tasks\At71.job => ?
Task: C:\windows\Tasks\At72.job => ?
Task: C:\windows\Tasks\At73.job => ?
Task: C:\windows\Tasks\At74.job => ?
Task: C:\windows\Tasks\At75.job => ?
Task: C:\windows\Tasks\At76.job => ?
Task: C:\windows\Tasks\At77.job => ?
Task: C:\windows\Tasks\At78.job => ?
Task: C:\windows\Tasks\At79.job => ?
Task: C:\windows\Tasks\At8.job => ?
Task: C:\windows\Tasks\At80.job => ?
Task: C:\windows\Tasks\At81.job => ?
Task: C:\windows\Tasks\At82.job => ?
Task: C:\windows\Tasks\At83.job => ?
Task: C:\windows\Tasks\At84.job => ?
Task: C:\windows\Tasks\At85.job => ?
Task: C:\windows\Tasks\At86.job => ?
Task: C:\windows\Tasks\At87.job => ?
Task: C:\windows\Tasks\At88.job => ?
Task: C:\windows\Tasks\At89.job => ?
Task: C:\windows\Tasks\At9.job => ?
Task: C:\windows\Tasks\At90.job => ?
Task: C:\windows\Tasks\At91.job => ?
Task: C:\windows\Tasks\At92.job => ?
Task: C:\windows\Tasks\At93.job => ?
Task: C:\windows\Tasks\At94.job => ?
Task: C:\windows\Tasks\At95.job => ?
Task: C:\windows\Tasks\At96.job => ?
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\windows\Tasks\UpdaterEX.job => C:\Users\Jane\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2012-05-11 19:03 - 2011-10-26 06:21 - 00043520 _____ () C:\windows\system32\CSRSRV.dll
2009-07-14 00:19 - 2009-07-14 02:41 - 00036864 _____ () C:\windows\system32\pcwum.dll
2009-07-14 00:19 - 2009-07-14 02:41 - 00036864 _____ () C:\windows\system32\pcwum.DLL
2009-07-14 00:19 - 2009-07-14 02:41 - 00036864 _____ () c:\windows\system32\pcwum.dll
2012-06-22 23:48 - 2010-09-10 01:26 - 00162824 _____ () C:\Windows\System32\GFNEXSrv.exe
2012-06-22 23:31 - 2012-02-21 20:29 - 00128280 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
2014-04-12 01:33 - 2014-04-24 19:47 - 00350496 _____ () C:\Program Files (x86)\BrowseMark\updateBrowseMark.exe
2014-04-12 19:38 - 2014-04-24 19:14 - 00350496 _____ () C:\Program Files (x86)\BrowseMark\bin\utilBrowseMark.exe
2014-03-26 09:37 - 2014-03-26 09:36 - 00159768 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\loggingserver.exe
2011-08-22 23:19 - 2011-08-22 23:19 - 11204992 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2010-12-15 23:19 - 2010-12-15 23:19 - 00124320 _____ () C:\Program Files\TOSHIBA\TECO\MUIHelp.dll
2012-03-27 01:33 - 2012-03-27 01:33 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-04-22 20:26 - 2014-04-21 21:40 - 00095520 _____ () C:\Program Files (x86)\BrowseMark\bin\BrowseMark.BrowserAdapter.exe
2012-05-11 19:36 - 2011-12-15 14:55 - 00063360 _____ () C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIInternal.XmlSerializers.dll
2012-08-03 19:45 - 2014-03-26 09:36 - 02544664 _____ () C:\Program Files (x86)\AVG Secure Search\vprot.exe
2011-11-26 02:51 - 2011-11-26 02:51 - 00079784 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-03-26 09:37 - 2014-03-26 09:36 - 00519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\log4cplusU.dll
2012-06-22 23:31 - 2012-02-21 20:09 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:373E1720

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== Disabled items from MSCONFIG ==============

==================== Faulty Device Manager Devices =============

Name: Microsoft ISATAP Adapter #2
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: McAfee Inc. mfehidk
Description: McAfee Inc. mfehidk
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: mfehidk
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: McAfee Inc. mfewfpk
Description: McAfee Inc. mfewfpk
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: mfewfpk
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Microsoft 6to4 Adapter
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Microsoft ISATAP Adapter
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (04/25/2014 09:08:15 PM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 9.0.8112.16457 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 584

Start Time: 01cf60c19ca01cfe

Termination Time: 0

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id:

Error: (04/25/2014 08:04:26 PM) (Source: CVHSVC) (User: )
Description: Information only.
Error:  Initialization failed 0x80070424 Type: 88::UnexpectedError.

Error: (04/25/2014 07:54:39 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/25/2014 07:32:31 PM) (Source: CVHSVC) (User: )
Description: Information only.
Error:  Initialization failed 0x80070424 Type: 88::UnexpectedError.

Error: (04/25/2014 07:22:26 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/25/2014 07:20:19 PM) (Source: CVHSVC) (User: )
Description: Information only.
Error:  Initialization failed 0x80070424 Type: 88::UnexpectedError.

Error: (04/25/2014 07:10:12 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/25/2014 06:18:32 PM) (Source: CVHSVC) (User: )
Description: Information only.
Error:  Initialization failed 0x80070424 Type: 88::UnexpectedError.

Error: (04/25/2014 06:08:32 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/24/2014 09:36:49 PM) (Source: CVHSVC) (User: )
Description: Information only.
Error:  Initialization failed 0x80070424 Type: 88::UnexpectedError.

System errors:
=============
Error: (04/25/2014 09:12:13 PM) (Source: Service Control Manager) (User: )
Description: The {b99c8534-7800-48fa-bd71-519a46cdc7e1}w64 service failed to start due to the following error:
%%31

Error: (04/25/2014 09:11:13 PM) (Source: Service Control Manager) (User: )
Description: The {b99c8534-7800-48fa-bd71-519a46cdc7e1}w64 service failed to start due to the following error:
%%31

Error: (04/25/2014 09:10:13 PM) (Source: Service Control Manager) (User: )
Description: The {b99c8534-7800-48fa-bd71-519a46cdc7e1}w64 service failed to start due to the following error:
%%31

Error: (04/25/2014 09:09:13 PM) (Source: Service Control Manager) (User: )
Description: The {b99c8534-7800-48fa-bd71-519a46cdc7e1}w64 service failed to start due to the following error:
%%31

Error: (04/25/2014 09:08:13 PM) (Source: Service Control Manager) (User: )
Description: The {b99c8534-7800-48fa-bd71-519a46cdc7e1}w64 service failed to start due to the following error:
%%31

Error: (04/25/2014 09:07:13 PM) (Source: Service Control Manager) (User: )
Description: The {b99c8534-7800-48fa-bd71-519a46cdc7e1}w64 service failed to start due to the following error:
%%31

Error: (04/25/2014 09:06:13 PM) (Source: Service Control Manager) (User: )
Description: The {b99c8534-7800-48fa-bd71-519a46cdc7e1}w64 service failed to start due to the following error:
%%31

Error: (04/25/2014 09:05:13 PM) (Source: Service Control Manager) (User: )
Description: The {b99c8534-7800-48fa-bd71-519a46cdc7e1}w64 service failed to start due to the following error:
%%31

Error: (04/25/2014 09:04:13 PM) (Source: Service Control Manager) (User: )
Description: The {b99c8534-7800-48fa-bd71-519a46cdc7e1}w64 service failed to start due to the following error:
%%31

Error: (04/25/2014 09:03:13 PM) (Source: Service Control Manager) (User: )
Description: The {b99c8534-7800-48fa-bd71-519a46cdc7e1}w64 service failed to start due to the following error:
%%31

Microsoft Office Sessions:
=========================
Error: (04/25/2014 09:08:15 PM) (Source: Application Hang)(User: )
Description: iexplore.exe9.0.8112.1645758401cf60c19ca01cfe0C:\Program Files\Internet Explorer\iexplore.exe

Error: (04/25/2014 08:04:26 PM) (Source: CVHSVC)(User: )
Description: Error:  Initialization failed 0x80070424 Type: 88::UnexpectedError.

Error: (04/25/2014 07:54:39 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/25/2014 07:32:31 PM) (Source: CVHSVC)(User: )
Description: Error:  Initialization failed 0x80070424 Type: 88::UnexpectedError.

Error: (04/25/2014 07:22:26 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/25/2014 07:20:19 PM) (Source: CVHSVC)(User: )
Description: Error:  Initialization failed 0x80070424 Type: 88::UnexpectedError.

Error: (04/25/2014 07:10:12 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/25/2014 06:18:32 PM) (Source: CVHSVC)(User: )
Description: Error:  Initialization failed 0x80070424 Type: 88::UnexpectedError.

Error: (04/25/2014 06:08:32 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/24/2014 09:36:49 PM) (Source: CVHSVC)(User: )
Description: Error:  Initialization failed 0x80070424 Type: 88::UnexpectedError.

CodeIntegrity Errors:
===================================
  Date: 2014-02-26 20:56:28.874
  Description: N/A

  Date: 2014-02-26 20:56:28.859
  Description: N/A

  Date: 2014-02-26 20:56:28.859
  Description: N/A

  Date: 2014-02-25 21:28:54.501
  Description: N/A

  Date: 2014-02-25 21:28:54.485
  Description: N/A

  Date: 2014-02-25 21:28:54.485
  Description: N/A

  Date: 2014-01-16 22:33:38.220
  Description: N/A

  Date: 2014-01-16 22:33:38.173
  Description: N/A

  Date: 2013-07-29 21:35:21.599
  Description: N/A

  Date: 2013-07-29 21:35:21.599
  Description: N/A

==================== Memory info ===========================

Percentage of memory in use: 29%
Total physical RAM: 6033.8 MB
Available physical RAM: 4234.23 MB
Total Pagefile: 12065.8 MB
Available Pagefile: 9942.56 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (TI30875400C) (Fixed) (Total:681.44 GB) (Free:628.97 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 699 GB) (Disk ID: B0DE4F87)
Partition 1: (Active) - (Size=1 GB) - (Type=27)
Partition 2: (Not Active) - (Size=681 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=16 GB) - (Type=17)

==================== End Of Log ============================

Link to post
Share on other sites

One or more of the identified infections is known to use a backdoor. This allows hackers to remotely control your computer, steal critical system information and download and execute files.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

 

Though the infection has been identified and because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

 

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

http://www.dslreports.com/faq/10451

 

When Should I Format, How Should I Reinstall

http://www.dslreports.com/faq/10063

 

I will try my best to clean this machine but I can't guarantee that it will be 100% secure afterwards.

 

Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

 

 

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

Next,

 

1.Download Malwarebytes Anti-Rootkit from this link:

 

 http://www.malwarebytes.org/products/mbar/

 

2. Unzip the File to a convenient location. (Recommend the Desktop)

3. Open the folder where the contents were unzipped to run mbar.exe

 

Image1.png

 

4. Double-click on the mbar.exe file, you may receive a User Account Control prompt asking if you are sure you wish to allow the program to run. Please allow the program to run and MBAR will now start to install any necessary drivers that are required for the program to operate correctly. If a rootkit is interfering with the installation of the drivers you will see a message that states that the DDA driver was not installed and that you should reboot your computer to install it. You will see this image:

 

mbarwm.png

 

5. If you receive this message, please click on the Yes button and Malwarebytes Anti-Rootkit will now restart your computer. Once the computer is rebooted and you login, MBAR will automatically start and you will now be at the start screen. (If no Rootkit warning you will go from step 4 to 6.)

 

6. The following image opens, select Next.

 

Image2.png

 

7. The following image opens, select Update

 

Image3.png

 

8. When the update completes select Next.

 

Image4.png

 

9. In the following window ensure "Targets" are ticked. Then select "Scan"

 

Image5.png

 

10. If an infection is found select the "Cleanup Button" to remove threats, Reboot if prompted. Wait while the system shuts down and the cleanup process is performed.

 

MBAntiRKcleanA.png

 

11. Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click "Cleanup Button" once more and repeat the process.

12. If no threats were found you will see the following image, Select Exit:

 

Image6.png

 

13. Verify that your system is now running normally, making sure that the following items are functional:

 


  •      
  • Internet access
         
  • Windows Update
         
  • Windows Firewall

 

14.  If there are additional problems with your system, such as any of those listed above or other system issues, then run the 'fixdamage' tool included within Malwarebytes Anti-Rootkit folder.

 

15. Select "Y" from your Keyboard, tap Enter.

 

16. The fix will be applied, select any key to Exit.

 

17. Let me know how your system now responds. Copy and paste the two following logs from the mbar folder:

 

System - log

Mbar - log   Date and time of scan will also be shown

 

Thanks,

 

Kevin...

fixlist.txt

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.