Jump to content

Help, please! This program is blocked by group policy. For more information, contact your system administrator." message is blocking Malwarebytes


Recommended Posts

Hello! 


 


I'm concerned that my computer is infected because I am unable to open either Mallwarebytes or AVG as it is blocked by a message reading "This program is blocked by group policy. For more information, contact your system administrator."


 


I can open the Chameleon page and have tested all the Chameleons, but to no avail. I have also tried to open them by goings through C:/ Programs etc., but opening them their only prompts the same message to come up. 


 


So, I'm not sure what to do to rid my computer of viruses, I'm currently trying to avoid turning it off for fear of this worsening the situation. What should I do?


 


Following the advice on the 'I'm infected - What do I do now page' I downloaded Farbar Recovery Scan Tool, ran a scan and posted the FRST log as advised:


 


Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014  01 (ATTENTION: ====> FRST version is 27 days old and could be outdated)

Ran by User (administrator) on USER-PC on 09-04-2014 03:10:37

Running from C:\Users\User\Documents\Unhelpful folders folder\Downloads

Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English(US)

Internet Explorer Version 9

Boot Mode: Normal

 

The only official download link for FRST:

Download link for 32-Bit version:

Download link for 64-Bit Version:

Download link from any site other than Bleeping Computer is unpermitted or outdated.


 

==================== Processes (Whitelisted) =================

 

(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe

(Microsoft Corporation) C:\Windows\system32\SLsvc.exe

(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe

(Microsoft Corporation) C:\Windows\system32\WLANExt.exe

(Agere Systems) C:\Windows\system32\agrsmsvc.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

(Creative Technology Ltd) C:\Program Files\Creative\Shared Files\CTDevSrv.exe

(Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

(Toshiba Europe GmbH) C:\Program Files\Toshiba TEMPRO\TempoSVC.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe

(TOSHIBA Corporation) C:\Windows\system32\TODDSrv.exe

(TOSHIBA Corporation) c:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

(TOSHIBA Corporation) c:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe

(Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

() C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\loggingserver.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

(Toshiba) C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe

(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe

() C:\Program Files\AVG Secure Search\vprot.exe

(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe

(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

(Microsoft Corporation) C:\Windows\ehome\ehtray.exe

(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe

(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\update\realsched.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgidsagent.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgfws.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgwdsvc.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgnsx.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgrsx.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgcsrvx.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgcsrvx.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(RealNetworks, Inc.) c:\program files\real\realplayer\RealPlay.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\system32\conime.exe

() C:\Users\User\Documents\Unhelpful folders folder\Downloads\RogueKiller.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

 

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [40368 2011-08-31] (Adobe Systems Incorporated)

HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-03-29] (Adobe Systems Incorporated)

HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2011-07-05] (Apple Inc.)

HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-09-27] (Apple Inc.)

HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [421736 2011-10-09] (Apple Inc.)

HKLM\...\Run: [vProt] - C:\Program Files\AVG Secure Search\vprot.exe [2544664 2014-03-24] ()

HKLM\...\Run: [TkBellExe] - C:\Program Files\Real\RealPlayer\update\realsched.exe [296056 2012-06-03] (RealNetworks, Inc.)

HKLM\...\Run: [AVG_UI] - C:\Program Files\AVG\AVG2013\avgui.exe [4411952 2014-01-21] (AVG Technologies CZ, s.r.o.)

HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION

HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION

HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION

HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION

HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\avg8 <====== ATTENTION

HKLM Group Policy restriction on software: C:\Program Files\Malwarebytes' Anti-Malware <====== ATTENTION

HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter

HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter

HKU\S-1-5-21-1389979042-1133768856-884714788-1000\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2008-10-08] (Google Inc.)

HKU\S-1-5-21-1389979042-1133768856-884714788-1000\...\Run: [GameXN GO] - C:\ProgramData\GameXN\GameXNGO.exe [347008 2011-12-08] (EasyBits Software AS)

HKU\S-1-5-21-1389979042-1133768856-884714788-1000\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)

HKU\S-1-5-21-1389979042-1133768856-884714788-1000\...\Run: [LmwRbsbk] - C:\Users\User\AppData\Local\dgffqsrt\lmwrbsbk.exe

HKU\S-1-5-21-1389979042-1133768856-884714788-1000\...\Run: [Radio Downloader] - C:\Program Files\Radio Downloader\Radio Downloader.exe [529816 2013-08-14] (NerdoftheHerd.com)

HKU\S-1-5-21-1389979042-1133768856-884714788-1000\...\Run: [ytdoqe] - regsvr32.exe "C:\ProgramData\ytdoqe.dat"

Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk

ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)

Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk

ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)

Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk

ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)

 

==================== Internet (Whitelisted) ====================

 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aljazeera.com/

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSEE&bmod=TSEE;

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x6E28FE313719CB01

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSEE&bmod=TSEE

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSEE&bmod=TSEE

URLSearchHook: HKLM - ytbyclick Toolbar - {d4f1c433-f9c3-49f2-8645-37dbeca19e90} - C:\Program Files\ytbyclick\prxtbytby.dll (Conduit Ltd.)

URLSearchHook: HKLM - DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)

URLSearchHook: HKCU - (No Name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} -  No File

URLSearchHook: HKCU - ytbyclick Toolbar - {d4f1c433-f9c3-49f2-8645-37dbeca19e90} - C:\Program Files\ytbyclick\prxtbytby.dll (Conduit Ltd.)

URLSearchHook: HKCU - DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)

SearchScopes: HKLM - DefaultScope {A1F866FB-E56D-40DA-A1EB-52C2F9D2709C} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEE;

SearchScopes: HKLM - {A1F866FB-E56D-40DA-A1EB-52C2F9D2709C} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEE;

SearchScopes: HKCU - DefaultScope {F1701357-6328-4DEC-BF8B-D1EAD9198D38} URL = http://www.bing.com/search?q={searchTerms}&r=135

SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.delta-search.com/?q={searchTerms}&affID=119776&babsrc=SP_ss&mntrId=3a3d928b0000000000000024d28b6a10

SearchScopes: HKCU - {540AA275-401C-4578-95B1-EACEEC8B4981} URL = http://uk.search.yahoo.com/search?ei=utf-8&fr=chr-greentree_ie&type=937811&p={searchTerms} 

SearchScopes: HKCU - {70D46D94-BF1E-45ED-B567-48701376298E} URL = http://127.0.0.1:4664/search&s=sbGwxBTCm-p7ltCC2GJ6dF6zqkA?q={searchTerms}

SearchScopes: HKCU - {76C22B23-E981-114D-ABE3-D5E4E6E9771A} URL = http://www.buzqo.com/s/?q={searchTerms}&iesrc={referrer:source?}&cfg=2-101-0-1FKqW

SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={F2A0F7FF-D8FC-4BE0-8F29-C141A6634D98}&mid=c1cfb0a815697e483284d54b5e15b28f-9f850996388ec9dd76dd387ffdd0e7484d57efd8〈=us&ds=AVG&pr=pa&d=2011-12-08 13:10:41&v=15.3.0.11&pid=avg&sg=0&sap=dsp&q={searchTerms}

SearchScopes: HKCU - {A1F866FB-E56D-40DA-A1EB-52C2F9D2709C} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEE_enGB348GB348

SearchScopes: HKCU - {F1701357-6328-4DEC-BF8B-D1EAD9198D38} URL = http://www.bing.com/search?q={searchTerms}&r=135

BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

BHO: AC-Pro - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files\AutocompletePro\AutocompletePro.dll (SimplyGen)

BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)

BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\18.0.5.292\AVG Secure Search_toolbar.dll (AVG Secure Search)

BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)

BHO: ytbyclick Toolbar - {d4f1c433-f9c3-49f2-8645-37dbeca19e90} - C:\Program Files\ytbyclick\prxtbytby.dll (Conduit Ltd.)

BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File

Toolbar: HKLM - ytbyclick Toolbar - {d4f1c433-f9c3-49f2-8645-37dbeca19e90} - C:\Program Files\ytbyclick\prxtbytby.dll (Conduit Ltd.)

Toolbar: HKLM - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\18.0.5.292\AVG Secure Search_toolbar.dll (AVG Secure Search)

Toolbar: HKLM - DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)

Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

Toolbar: HKCU - ytbyclick Toolbar - {D4F1C433-F9C3-49F2-8645-37DBECA19E90} - C:\Program Files\ytbyclick\prxtbytby.dll (Conduit Ltd.)

Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File

Toolbar: HKCU - DVDVideoSoftTB Toolbar - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)

DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab





DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.0.5\ViProtocol.dll (AVG Secure Search)

Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)

Tcpip\Parameters: [DhcpNameServer] 188.74.66.1

 

FireFox:

========

FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\18.0.5\\npsitesafety.dll (AVG Technologies)

FF Plugin: @google.com/npPicasa2,version=2.0.0 - C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)

FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF Plugin: @real.com/nppl3260;version=15.0.4.53 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprjplug;version=15.0.4.53 - c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprphtml5videoshim;version=15.0.4.53 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprpplugin;version=15.0.4.53 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)

FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []

FF HKLM\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\FireFoxExt\17.3.0.49

FF HKLM\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext

FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-06-03]

 

Chrome: 

=======

CHR RestoreOnStartup: "sync": {

      "suppress_start"

CHR DefaultSearchKeyword: isearch.avg.com

CHR DefaultSearchProvider: AVG Secure Search

CHR DefaultSearchURL: http://isearch.avg.com/search?cid={F2A0F7FF-D8FC-4BE0-8F29-C141A6634D98}&mid=c1cfb0a815697e483284d54b5e15b28f-9f850996388ec9dd76dd387ffdd0e7484d57efd8〈=us&ds=AVG&pr=pa&d=2011-12-08 13:10:41&v=15.2.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms}

CHR DefaultNewTabURL: 

CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll ()

CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\33.0.1750.154\pdf.dll ()

CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)

CHR Plugin: (Java Deployment Toolkit 6.0.240.7) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)

CHR Plugin: (Java Platform SE 6 U24) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)

CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll (AVG Technologies)

CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File

CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

CHR Plugin: (Picasa) - C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)

CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

CHR Plugin: (RealNetworks Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)

CHR Plugin: (RealPlayer HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)

CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

CHR Plugin: (RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

CHR Plugin: (RealJukebox NS Plugin) - c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

CHR Plugin: (RealPlayer Download Plugin) - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)

CHR Extension: (AutocompletePro plugin for chrome) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\defdhglnppeioeflggkmglipcecffkhk [2011-05-20]

CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2011-05-20]

CHR Extension: (DVDVideoSoft Browser Extension) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2013-03-06]

CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-31]

CHR HKLM\...\Chrome\Extension: [defdhglnppeioeflggkmglipcecffkhk] - C:\Program Files\AutocompletePro\chrome\autocompleteprochrome.crx [2010-08-12]

CHR HKLM\...\Chrome\Extension: [jbpkiefagocgkmemidfngdkamloieekf] - C:\Program Files\TornTV.com\torn11.crx [2010-08-12]

CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2012-06-03]

CHR HKLM\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\18.0.5.292\avg.crx [2014-03-24]

CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Users\User\AppData\Roaming\DVDVideoSoft\DVDVideoSoftBrowserExtension.crx [2012-11-05]

 

========================== Services (Whitelisted) =================

 

R2 avgfws; C:\Program Files\AVG\AVG2013\avgfws.exe [1432080 2013-10-23] (AVG Technologies CZ, s.r.o.)

R2 AVGIDSAgent; C:\Program Files\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)

R2 avgwd; C:\Program Files\AVG\AVG2013\avgwdsvc.exe [283136 2013-11-20] (AVG Technologies CZ, s.r.o.)

R2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2008-04-17] (TOSHIBA CORPORATION)

R2 CTDevice_Srv; C:\Program Files\Creative\Shared Files\CTDevSrv.exe [61440 2007-04-02] (Creative Technology Ltd)

S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-07-02] (Google)

R3 SmartFaceVWatchSrv; C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe [77824 2008-08-25] (Toshiba)

R2 TempoMonitoringService; C:\Program Files\Toshiba TEMPRO\TempoSVC.exe [99720 2008-08-26] (Toshiba Europe GmbH)

R2 TOSHIBA SMART Log Service; c:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [126976 2007-12-03] (TOSHIBA Corporation)

R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.)

R2 vToolbarUpdater18.0.5; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe [1771032 2014-03-24] (AVG Secure Search)

S3 AVG Security Toolbar Service; C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe [X]

S2 HitmanPro37CrusaderBoot; "D:\HitmanPro.exe" /crusader:boot [X]

 

==================== Drivers (Whitelisted) ====================

 

R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6x.sys [50296 2012-09-04] (AVG Technologies CZ, s.r.o.)

R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [208184 2013-11-25] (AVG Technologies CZ, s.r.o.)

R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [60216 2013-07-20] (AVG Technologies CZ, s.r.o.)

R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [22328 2013-10-23] (AVG Technologies CZ, s.r.o.)

R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [171320 2013-07-20] (AVG Technologies CZ, s.r.o.)

R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [246072 2013-07-20] (AVG Technologies CZ, s.r.o.)

R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [96568 2013-07-01] (AVG Technologies CZ, s.r.o.)

R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [39224 2013-10-23] (AVG Technologies CZ, s.r.o.)

R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [182072 2014-03-20] (AVG Technologies CZ, s.r.o.)

R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [42272 2014-03-24] (AVG Technologies)

S3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIV.sys [141408 2008-02-27] (Realtek Semiconductor Corp.)

U3 TrueSight; C:\Windows\system32\TrueSight.sys [26624 2014-04-09] ()

R3 UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [17960 2008-07-15] (Chicony Electronics Co., Ltd.)

S3 IpInIp; system32\DRIVERS\ipinip.sys [X]

S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]

S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

U3 mbr; \??\C:\Users\User\AppData\Local\Temp\mbr.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2014-04-09 03:09 - 2014-04-09 03:10 - 00000000 ____D () C:\FRST

2014-04-09 02:56 - 2014-04-09 02:56 - 00016117 _____ () C:\Users\User\Desktop\dds.txt

2014-04-09 02:56 - 2014-04-09 02:56 - 00010688 _____ () C:\Users\User\Desktop\attach.txt

2014-04-09 02:51 - 2014-04-09 02:51 - 00054709 _____ () C:\Users\User\Desktop\RKreport[0]_S_04092014_025116.txt

2014-04-09 02:43 - 2014-04-09 02:43 - 00026624 _____ () C:\Windows\system32\TrueSight.sys

2014-04-09 02:40 - 2014-04-09 02:51 - 00000000 ____D () C:\Users\User\Desktop\RK_Quarantine

2014-04-09 02:38 - 2014-04-09 02:38 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\User\Desktop\rkill 2

2014-04-09 02:33 - 2014-04-09 02:39 - 00003138 _____ () C:\Users\User\Desktop\Rkill.txt

2014-04-09 02:31 - 2014-04-09 02:31 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\User\Desktop\rkill 1.com

2014-04-07 19:08 - 2014-04-08 19:29 - 00213820 _____ (Microsoft Corporation) C:\ProgramData\ytdoqe.dat

2014-03-29 21:54 - 2014-03-29 21:54 - 00000000 ____D () C:\Users\User\AppData\Local\Skype

2014-03-29 21:53 - 2014-03-29 21:53 - 00001878 _____ () C:\Users\Public\Desktop\Skype.lnk

2014-03-29 21:53 - 2014-03-29 21:53 - 00000000 ___RD () C:\Program Files\Skype

2014-03-29 21:53 - 2014-03-29 21:53 - 00000000 ____D () C:\Program Files\Common Files\Skype

2014-03-24 14:59 - 2014-03-24 14:59 - 00000000 ____D () C:\ProgramData\AVG Secure Search

2014-03-20 14:50 - 2014-03-20 14:50 - 00182072 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdix.sys

 

==================== One Month Modified Files and Folders =======

 

2014-04-09 03:11 - 2010-12-04 18:42 - 00000000 ____D () C:\ProgramData\MFAData

2014-04-09 03:10 - 2014-04-09 03:09 - 00000000 ____D () C:\FRST

2014-04-09 03:08 - 2006-11-02 13:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

2014-04-09 03:08 - 2006-11-02 13:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

2014-04-09 03:04 - 2011-05-20 13:09 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-04-09 02:56 - 2014-04-09 02:56 - 00016117 _____ () C:\Users\User\Desktop\dds.txt

2014-04-09 02:56 - 2014-04-09 02:56 - 00010688 _____ () C:\Users\User\Desktop\attach.txt

2014-04-09 02:51 - 2014-04-09 02:51 - 00054709 _____ () C:\Users\User\Desktop\RKreport[0]_S_04092014_025116.txt

2014-04-09 02:51 - 2014-04-09 02:40 - 00000000 ____D () C:\Users\User\Desktop\RK_Quarantine

2014-04-09 02:47 - 2013-06-05 00:40 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-04-09 02:43 - 2014-04-09 02:43 - 00026624 _____ () C:\Windows\system32\TrueSight.sys

2014-04-09 02:39 - 2014-04-09 02:33 - 00003138 _____ () C:\Users\User\Desktop\Rkill.txt

2014-04-09 02:38 - 2014-04-09 02:38 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\User\Desktop\rkill 2

2014-04-09 02:31 - 2014-04-09 02:31 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\User\Desktop\rkill 1.com

2014-04-09 00:04 - 2011-05-20 13:09 - 00000878 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-04-08 19:29 - 2014-04-07 19:08 - 00213820 _____ (Microsoft Corporation) C:\ProgramData\ytdoqe.dat

2014-04-08 19:26 - 2013-05-23 23:46 - 00000847 _____ () C:\Users\Public\Desktop\AVG 2013.lnk

2014-04-07 19:22 - 2006-11-02 11:33 - 00716862 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-04-07 19:19 - 2013-01-21 17:20 - 00000342 _____ () C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job

2014-04-07 19:19 - 2011-08-31 20:52 - 00000000 ____D () C:\ProgramData\GameXN

2014-04-07 19:19 - 2011-06-15 17:02 - 00000000 ____D () C:\Users\User\AppData\Roaming\go

2014-04-07 19:18 - 2013-06-02 23:10 - 00000350 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job

2014-04-07 19:14 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-04-07 19:12 - 2006-11-02 14:01 - 00032556 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2014-04-07 19:06 - 2009-10-07 11:55 - 01488017 _____ () C:\Windows\WindowsUpdate.log

2014-04-04 23:09 - 2014-02-01 23:52 - 00000000 ____D () C:\Users\User\Documents\Uni stuff

2014-04-04 19:04 - 2009-10-07 13:26 - 00002585 _____ () C:\Users\User\Desktop\Microsoft Word.lnk

2014-03-29 23:19 - 2010-03-13 11:26 - 00000000 ____D () C:\Users\User\AppData\Roaming\Skype

2014-03-29 21:54 - 2014-03-29 21:54 - 00000000 ____D () C:\Users\User\AppData\Local\Skype

2014-03-29 21:53 - 2014-03-29 21:53 - 00001878 _____ () C:\Users\Public\Desktop\Skype.lnk

2014-03-29 21:53 - 2014-03-29 21:53 - 00000000 ___RD () C:\Program Files\Skype

2014-03-29 21:53 - 2014-03-29 21:53 - 00000000 ____D () C:\Program Files\Common Files\Skype

2014-03-29 21:53 - 2010-03-13 11:25 - 00000000 ____D () C:\ProgramData\Skype

2014-03-28 14:58 - 2010-05-16 09:48 - 00006944 _____ () C:\Users\User\AppData\Local\d3d9caps.dat

2014-03-27 00:59 - 2011-04-25 19:57 - 00000000 ____D () C:\Users\User\AppData\Local\Audible

2014-03-25 03:10 - 2006-11-02 13:52 - 00049565 _____ () C:\Windows\setupact.log

2014-03-24 19:00 - 2012-06-14 15:12 - 00000000 ____D () C:\Users\User\AppData\Local\AVG Secure Search

2014-03-24 14:59 - 2014-03-24 14:59 - 00000000 ____D () C:\ProgramData\AVG Secure Search

2014-03-24 14:59 - 2012-11-08 20:39 - 00042272 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx86.sys

2014-03-24 14:59 - 2011-12-08 14:10 - 00000000 ____D () C:\Program Files\AVG Secure Search

2014-03-23 16:54 - 2014-02-05 01:26 - 00000000 ____D () C:\Users\User\Documents\Audible

2014-03-20 14:50 - 2014-03-20 14:50 - 00182072 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdix.sys

2014-03-15 23:52 - 2011-05-20 13:10 - 00001976 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2014-03-11 19:47 - 2012-06-24 23:24 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe

2014-03-11 19:47 - 2011-08-08 13:39 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

 

Files to move or delete:

====================

C:\ProgramData\ytdoqe.dat

C:\Users\User\esrkmqfufqdhotyvklpy.exe

C:\Users\User\jagex_cl_oldschool_LIVE.dat

C:\Users\User\jagex_cl_runescape_LIVE.dat

C:\Users\User\jagex_cl_runescape_LIVE1.dat

C:\Users\User\random.dat

 

 

Some content of TEMP:

====================

C:\Users\User\AppData\Local\Temp\0.8066576723151895.exe

C:\Users\User\AppData\Local\Temp\AdobeUpdater12345.exe

C:\Users\User\AppData\Local\Temp\binkw32.dll

C:\Users\User\AppData\Local\Temp\d2l_Install.exe

C:\Users\User\AppData\Local\Temp\d2l_PlayD2.exe

C:\Users\User\AppData\Local\Temp\drm_dialogs.dll

C:\Users\User\AppData\Local\Temp\drm_dyndata_7350008.dll

C:\Users\User\AppData\Local\Temp\EBU3C8C.exe

C:\Users\User\AppData\Local\Temp\EBU4106.exe

C:\Users\User\AppData\Local\Temp\EBU4930.DLL

C:\Users\User\AppData\Local\Temp\EBU54DD.DLL

C:\Users\User\AppData\Local\Temp\EBU8200.exe

C:\Users\User\AppData\Local\Temp\EBU9448.DLL

C:\Users\User\AppData\Local\Temp\EBUCC2A.exe

C:\Users\User\AppData\Local\Temp\EBUCE7A.DLL

C:\Users\User\AppData\Local\Temp\EBUE6D5.exe

C:\Users\User\AppData\Local\Temp\EBUF7E5.DLL

C:\Users\User\AppData\Local\Temp\FlashPlayerUpdate.exe

C:\Users\User\AppData\Local\Temp\Get a FREE audiobook!.exe

C:\Users\User\AppData\Local\Temp\GoogleChromeInstaller.exe

C:\Users\User\AppData\Local\Temp\ICReinstall_FLVPlayerSetup.exe

C:\Users\User\AppData\Local\Temp\Impressioner.exe

C:\Users\User\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe

C:\Users\User\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe

C:\Users\User\AppData\Local\Temp\MSNC44D.exe

C:\Users\User\AppData\Local\Temp\ntdll_dump.dll

C:\Users\User\AppData\Local\Temp\Refresh.exe

C:\Users\User\AppData\Local\Temp\SearchWithGoogleUpdate.exe

C:\Users\User\AppData\Local\Temp\SkypeSetup.exe

C:\Users\User\AppData\Local\Temp\System.Data.SQLite.dll

C:\Users\User\AppData\Local\Temp\uninst1.exe

C:\Users\User\AppData\Local\Temp\_is2BD5.exe

C:\Users\User\AppData\Local\Temp\_is3E18.exe

C:\Users\User\AppData\Local\Temp\_is4C99.exe

C:\Users\User\AppData\Local\Temp\_is6CA6.exe

C:\Users\User\AppData\Local\Temp\_is76E3.exe

C:\Users\User\AppData\Local\Temp\_is8CD5.exe

C:\Users\User\AppData\Local\Temp\_is8DEE.exe

C:\Users\User\AppData\Local\Temp\_isA497.exe

C:\Users\User\AppData\Local\Temp\_isAB80.exe

C:\Users\User\AppData\Local\Temp\_isADA.exe

C:\Users\User\AppData\Local\Temp\_isBB36.exe

C:\Users\User\AppData\Local\Temp\_isCB0A.exe

C:\Users\User\AppData\Local\Temp\_isE831.exe

C:\Users\User\AppData\Local\Temp\_isF42D.exe

C:\Users\User\AppData\Local\Temp\_isFF17.exe

 

 

==================== Bamital & volsnap Check =================

 

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\system32\winlogon.exe => MD5 is legit

C:\Windows\system32\wininit.exe => MD5 is legit

C:\Windows\system32\svchost.exe => MD5 is legit

C:\Windows\system32\services.exe => MD5 is legit

C:\Windows\system32\User32.dll => MD5 is legit

C:\Windows\system32\userinit.exe => MD5 is legit

C:\Windows\system32\rpcss.dll => MD5 is legit

C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit

 

 

LastRegBack: 2014-04-07 19:24

 

==================== End Of Log ============================

 


 


 


 


 


Along with the Addition log:


 


 


Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-03-2014  01

Ran by User at 2014-04-09 03:12:46

Running from C:\Users\User\Documents\Unhelpful folders folder\Downloads

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

AV: AVG Internet Security 2011 (Enabled - Up to date) {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

AS: AVG Internet Security 2011 (Enabled - Up to date) {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: AVG Firewall (Enabled) {621CC794-9486-F902-D092-0484E8EA828B}

 

==================== Installed Programs ======================

 

Adobe AIR (HKLM\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)

Adobe AIR (Version: 4.0.0.1390 - Adobe Systems Incorporated) Hidden

Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)

Adobe Reader 8.2.6 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A82000000003}) (Version: 8.2.6 - Adobe Systems Incorporated)

Adobe Reader 8.3.1 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A83000000003}) (Version: 8.3.1 - Adobe Systems Incorporated)

Age of Empires III Trial (HKLM\...\InstallShield_{25B25C84-6132-4662-972B-4E4DC1B00C98}) (Version: 1.00.0000 - Microsoft Game Studios)

Age of Empires III Trial (Version: 1.00.0000 - Microsoft Game Studios) Hidden

Age of Empires Online (HKLM\...\GFWL_{4D530FA3-9B89-4186-98B7-F51000008100}) (Version: 1.0.0000.129 - Microsoft Studios)

Age of Empires Online (Version: 1.0.0000.129 - Microsoft Studios) Hidden

Age of Mythology - The Titans Expansion (HKLM\...\Age of Mythology Expansion Pack 1.0) (Version:  - )

Amazon Kindle (HKLM\...\Amazon Kindle) (Version:  - Amazon)

Apple Application Support (HKLM\...\{A83279FD-CA4B-4206-9535-90974DE76654}) (Version: 2.1.5 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}) (Version: 4.0.0.96 - Apple Inc.)

Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

Atheros Driver Installation Program (HKLM\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 5.2 - Atheros)

Atheros Wi-Fi Protected Setup Library (HKLM\...\{B0BCDCBD-863D-4CAB-BF68-8D1F6B1BDC13}) (Version:  - Atheros)

ATI Catalyst Install Manager (HKLM\...\{A7F27ADB-3C56-0F2B-6B4B-0B8E02A49186}) (Version: 3.0.664.0 - ATI Technologies, Inc.)

Audible Download Manager (HKLM\...\AudibleDownloadManager) (Version: 6.6.0.15 - Audible, Inc.)

AudibleManager (HKLM\...\AudibleManager) (Version: 71233830.-2.2007592998.2007592012 - Audible, Inc.)

AutocompletePro (HKLM\...\AutocompletePro3_is1) (Version:  - ) <==== ATTENTION

AVG 2013 (HKLM\...\AVG) (Version: 2013.0.3466 - AVG Technologies)

AVG 2013 (Version: 13.0.3466 - AVG Technologies) Hidden

AVG 2013 (Version: 13.0.3722 - AVG Technologies) Hidden

AVG Security Toolbar (HKLM\...\AVG Secure Search) (Version: 18.0.5.292 - AVG Technologies)

BBC iPlayer Desktop (HKLM\...\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1) (Version: 3.2.13 - British Broadcasting Corp.)

BBC iPlayer Desktop (Version: 3.2.13 - British Broadcasting Corp.) Hidden

Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)

Camera Assistant Software for Toshiba (HKLM\...\{37C866E4-AA67-4725-9E95-A39968DD7960}) (Version: 1.7.231.1126L - Chicony Electronics Co.,Ltd.)

Catalyst Control Center - Branding (HKLM\...\{69E5255D-9D43-4CFF-8984-843ABD7753B7}) (Version: 1.00.0000 - ATI)

Catalyst Control Center Core Implementation (Version: 2008.0422.2139.36895 - ATI) Hidden

Catalyst Control Center Graphics Full Existing (Version: 2008.0422.2139.36895 - ATI) Hidden

Catalyst Control Center Graphics Full New (Version: 2008.0422.2139.36895 - ATI) Hidden

Catalyst Control Center Graphics Light (Version: 2008.0422.2139.36895 - ATI) Hidden

Catalyst Control Center Graphics Previews Vista (Version: 2008.0422.2139.36895 - ATI) Hidden

Catalyst Control Center Localization Chinese Standard (Version: 2008.0422.2139.36895 - ATI) Hidden

Catalyst Control Center Localization Chinese Traditional (Version: 2008.0422.2139.36895 - ATI) Hidden

Catalyst Control Center Localization Czech (Version: 2008.0422.2139.36895 - ATI) Hidden

Catalyst Control Center Localization Danish (Version: 2008.0422.2139.36895 - ATI) Hidden

Catalyst Control Center Localization Dutch (Version: 2008.0422.2139.36895 - ATI) Hidden

Catalyst Control Center Localization Finnish (Version: 2008.0422.2139.36895 - ATI) Hidden

Catalyst Control Center Localization French (Version: 2008.0422.2139.36895 - ATI) Hidden

Catalyst Control Center Localization German (Version: 2008.0422.2139.36895 - ATI) Hidden

Catalyst Control Center Localization Greek (Version: 2008.0422.2139.36895 - ATI) Hidden

Catalyst Control Center Localization Hungarian (Version: 2008.0422.2139.36895 - ATI) Hidden

Catalyst Control Center Localization Italian (Version: 2008.0422.2139.36895 - ATI) Hidden

Catalyst Control Center Localization Japanese (Version: 2008.0422.2139.36895 - ATI) Hidden

Catalyst Control Center Localization Korean (Version: 2008.0422.2139.36895 - ATI) Hidden

Catalyst Control Center Localization Norwegian (Version: 2008.0422.2139.36895 - ATI) Hidden

Catalyst Control Center Localization Polish (Version: 2008.0422.2139.36895 - ATI) Hidden

Catalyst Control Center Localization Portuguese (Version: 2008.0422.2139.36895 - ATI) Hidden

Catalyst Control Center Localization Russian (Version: 2008.0422.2139.36895 - ATI) Hidden

Catalyst Control Center Localization Spanish (Version: 2008.0422.2139.36895 - ATI) Hidden

Catalyst Control Center Localization Swedish (Version: 2008.0422.2139.36895 - ATI) Hidden

Catalyst Control Center Localization Thai (Version: 2008.0422.2139.36895 - ATI) Hidden

Catalyst Control Center Localization Turkish (Version: 2008.0422.2139.36895 - ATI) Hidden

CCC Help Chinese Standard (Version: 2008.0422.2138.36895 - ATI) Hidden

CCC Help Chinese Traditional (Version: 2008.0422.2138.36895 - ATI) Hidden

CCC Help Czech (Version: 2008.0422.2138.36895 - ATI) Hidden

CCC Help Danish (Version: 2008.0422.2138.36895 - ATI) Hidden

CCC Help Dutch (Version: 2008.0422.2138.36895 - ATI) Hidden

CCC Help English (Version: 2008.0422.2138.36895 - ATI) Hidden

CCC Help Finnish (Version: 2008.0422.2138.36895 - ATI) Hidden

CCC Help French (Version: 2008.0422.2138.36895 - ATI) Hidden

CCC Help German (Version: 2008.0422.2138.36895 - ATI) Hidden

CCC Help Greek (Version: 2008.0422.2138.36895 - ATI) Hidden

CCC Help Hungarian (Version: 2008.0422.2138.36895 - ATI) Hidden

CCC Help Italian (Version: 2008.0422.2138.36895 - ATI) Hidden

CCC Help Japanese (Version: 2008.0422.2138.36895 - ATI) Hidden

CCC Help Korean (Version: 2008.0422.2138.36895 - ATI) Hidden

CCC Help Norwegian (Version: 2008.0422.2138.36895 - ATI) Hidden

CCC Help Polish (Version: 2008.0422.2138.36895 - ATI) Hidden

CCC Help Portuguese (Version: 2008.0422.2138.36895 - ATI) Hidden

CCC Help Russian (Version: 2008.0422.2138.36895 - ATI) Hidden

CCC Help Spanish (Version: 2008.0422.2138.36895 - ATI) Hidden

CCC Help Swedish (Version: 2008.0422.2138.36895 - ATI) Hidden

CCC Help Thai (Version: 2008.0422.2138.36895 - ATI) Hidden

CCC Help Turkish (Version: 2008.0422.2138.36895 - ATI) Hidden

ccc-core-static (Version: 2008.0422.2139.36895 - ATI) Hidden

ccc-utility (Version: 2008.0422.2139.36895 - ATI) Hidden

CD/DVD Drive Acoustic Silencer (HKLM\...\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}) (Version: 2.02.03 - TOSHIBA)

Claro ScreenMarker Demo (HKLM\...\{3A21D5B5-61AC-45D9-BAE4-ABB173093AFF}) (Version: 0.1.0 - Claro Software)

ClaroCapture Demo (HKLM\...\{13CD2F65-570C-4432-95C8-B14AC03E185D}) (Version: 0.3.19 - Claro Software)

ClaroIdeas Demo (HKLM\...\{3498B8DC-2420-4F21-A1EB-D2C6B66C95FE}) (Version: 0.1.0 - Claro Software)

ClaroRead Pro Demo (HKLM\...\{535EA451-8C9E-4623-8B9C-D7A5A1839E84}) (Version: 0.2.7 - Claro Software)

ClaroView (HKLM\...\{9B6C07A3-EC52-4399-94B2-5FC72AAB92CB}) (Version: 0.0.12 - Claro Software)

Creative Centrale (HKLM\...\Creative Centrale) (Version:  - Creative Technology Ltd.)

Creative Centrale (Version: 1.02.04 - Creative Technology Ltd.) Hidden

Creative Removable Disk Manager (HKLM\...\Creative Removable Disk Manager) (Version:  - )

Creative Software Update (Version: 1.00.14 - Creative Technology Ltd.) Hidden

Creative ZEN Mozaic User's Guide (HKLM\...\ZENMozaicUG) (Version:  - Creative Technology Ltd.)

D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden

Diablo II (HKCU\...\Diablo II) (Version:  - )

Diablo II (HKLM\...\Diablo II) (Version:  - )

DVD MovieFactory for TOSHIBA (HKLM\...\{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}) (Version: 5.51 - Ulead Systems, Inc.)

DVDVideoSoftTB Toolbar (HKLM\...\DVDVideoSoftTB Toolbar) (Version: 6.8.10.403 - DVDVideoSoftTB)

Free YouTube Downloader 1.0 (HKLM\...\{A7E19604-93AF-4611-8C9F-CE509C2B286F}_is1) (Version:  - HOW Inc.)

Free YouTube to MP3 Converter version 3.11.35.1031 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: 3.11.35.1031 - DVDVideoSoft Ltd.)

GameXN GO (HKCU\...\Game Organizer) (Version:  - GameXN AS)

Google Chrome (HKLM\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)

Google Desktop (HKLM\...\Google Desktop) (Version: 5.9.1005.12335 - Google)

Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version:  - Google Inc.)

Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden

Google Update Helper (Version: 1.3.23.9 - Google Inc.) Hidden

ImageMixer 3 SE Ver.4 Transfer Utility (HKLM\...\{CAE4E520-4695-4A96-8661-B62FA5FB669E}) (Version: 3.03.005 - PIXELA)

Impossible Creatures (HKLM\...\Impossible Creatures 1.0) (Version:  - )

iTunes (HKLM\...\{29ED20C9-5E15-4969-9279-25BF3727A3DA}) (Version: 10.5.0.142 - Apple Inc.)

Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle)

Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden

Java 6 Update 24 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216022FF}) (Version: 6.0.240 - Oracle)

Java 6 Update 3 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160030}) (Version: 1.6.0.30 - Sun Microsystems, Inc.)

Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)

Medieval II Total War (HKLM\...\{C0698BDA-0D29-40EE-8570-A31106DF9AB1}) (Version: 1.03.000 - SEGA)

Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )

Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden

Microsoft .NET Framework 1.1 Security Update (KB2656370) (HKLM\...\M2656370) (Version:  - )

Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )

Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)

Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden

Microsoft Age of Empires II Trial Version (HKLM\...\Age of Empires II Trial) (Version:  - )

Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden

Microsoft Games for Windows - LIVE Redistributable (HKLM\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)

Microsoft Games for Windows Marketplace (HKLM\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)

Microsoft Office 2000 SR-1 Disc 2 (HKLM\...\{00040409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.3821 - Microsoft Corporation)

Microsoft Office 2000 SR-1 Professional (HKLM\...\{00010409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.3821 - Microsoft Corporation)

Microsoft Search Enhancement Pack (HKLM\...\{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}) (Version: 3.0.133.0 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.1.10329.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual J# .NET Redistributable Package 1.1 (HKLM\...\{1A655D51-1423-48A3-B748-8F5A0BE294C8}) (Version: 1.1.4322 - Microsoft)

Microsoft XML Parser (Version: 8.20.8730.4 - Microsoft Corporation) Hidden

MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden

MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)

MSXML4 Parser (HKLM\...\{01501EBA-EC35-4F9F-8889-3BE346E5DA13}) (Version: 1.0.0 - Microsoft Game Studios)

Music Transfer Utility Ver.1 (HKLM\...\{9E520B22-546E-4AD3-8958-7D1EB8587AB1}) (Version: 1.00.005 - PIXELA)

myphotobook 3.6 (HKLM\...\myphotobook) (Version: 3.6 - myphotobook)

NaturalReaderFree (HKLM\...\{C5E7BF75-007E-44AD-8962-627ED44CB63B}) (Version: 11.9 - NaturalSoft)

OverDrive Media Console (HKLM\...\{D07205E7-F6D3-4333-AFCC-782A07685B72}) (Version: 3.2.20 - OverDrive, Inc.)

Picasa 2 (HKLM\...\Picasa2) (Version: 2.0 - Google, Inc.)

QuickTime (HKLM\...\{C9E14402-3631-4182-B377-6B0DFB1C0339}) (Version: 7.70.80.34 - Apple Inc.)

Radio Downloader (HKLM\...\{812EF122-4695-42B6-9BD5-FFC6B7F591CB}) (Version: 0.28.0.0 - NerdoftheHerd.com)

RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden

RealPlayer (HKLM\...\RealPlayer 15.0) (Version: 15.0.4 - RealNetworks)

Realtek 8169 8168 8101E 8102E Ethernet Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek)

Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5599 - Realtek Semiconductor Corp.)

Realtek USB 2.0 Card Reader (HKLM\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version:  - Realtek Semiconductor Corp.)

RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden

ScreenRuler Demo (HKLM\...\{95470521-77FD-4825-87D8-0A4A99D6DF76}) (Version: 0.3.5 - Claro Software)

Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden

Skins (Version: 2008.0422.2139.36895 - ATI) Hidden

Skype™ 6.14 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)

Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)

Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 10.1.8.0 - Synaptics)

The Elder Scrolls V: Skyrim (HKLM\...\Steam App 72850) (Version:  - Bethesda Game Studios)

TOSHIBA Assist (HKLM\...\{12B3A009-A080-4619-9A2A-C6DB151D8D67}) (Version: 2.01.04 - TOSHIBA)

TOSHIBA ConfigFree (HKLM\...\{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}) (Version: 7.2.13 - TOSHIBA Corporation)

TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.0.1.3 - TOSHIBA Corporation)

TOSHIBA DVD PLAYER (HKLM\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 1.30.12 - TOSHIBA Corporation)

TOSHIBA Extended Tiles for Windows Mobility Center (HKLM\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version: 1.01.00 - TOSHIBA Corporation)

TOSHIBA Extended Tiles for Windows Mobility Center (Version: 1.01.00 - TOSHIBA Corporation) Hidden

TOSHIBA Face Recognition (HKLM\...\InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}) (Version: 2.0.17.32 - TOSHIBA)

TOSHIBA Face Recognition (Version: 2.0.17.32 - TOSHIBA) Hidden

TOSHIBA Hardware Setup (HKLM\...\{2883F6F5-0509-43F3-868C-D50330DD9DD3}) (Version: 2.00.08 - )

TOSHIBA Manuals (HKLM\...\{E7271ABF-69D3-4E9D-AA0A-2DE34C10A93D}) (Version: 7.40 - TOSHIBA)

Toshiba Online Product Information (HKLM\...\{2290A680-4083-410A-ADCC-7092C67FC052}) (Version: 1.00.0012 - TOSHIBA)

TOSHIBA Recovery Disc Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.0.0.1b - TOSHIBA Corporation)

TOSHIBA Software Modem (HKLM\...\TOSHIBA Software Modem) (Version: 2.1.77 (SM2177ALD04) - Agere Systems)

TOSHIBA Supervisor Password (HKLM\...\{4B1E87C3-00DE-4898-8E39-E390AAEF2391}) (Version: 2.00.04 - )

Toshiba TEMPRO (HKLM\...\{03FAA727-E2B7-471C-AC41-2E1C7F29C7EA}) (Version: 1.2 - Toshiba Europe GmbH)

TOSHIBA Value Added Package (HKLM\...\InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}) (Version: 1.1.19 - TOSHIBA Corporation)

TOSHIBA Value Added Package (Version: 1.1.19 - TOSHIBA Corporation) Hidden

TRDCReminder (HKLM\...\InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}) (Version: 1.00.0015 - TOSHIBA)

TRDCReminder (Version: 1.00.0015 - TOSHIBA) Hidden

TRORDCLauncher (HKLM\...\InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}) (Version: 1.0.0.1 - TOSHIBA)

TRORDCLauncher (Version: 1.0.0.1 - TOSHIBA) Hidden

Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2468871) (Version: 1 - Microsoft Corporation)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2533523) (Version: 1 - Microsoft Corporation)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2600217) (Version: 1 - Microsoft Corporation)

Vocalizer Daniel Demo from Claro Software (HKLM\...\{3FAAF8CC-2B4B-45A0-8673-6987CB57AC6C}) (Version: 0.1.2.1 - Claro Software)

Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)

Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Family Safety (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden

Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Mail (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Messenger (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live PIMT Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Sync (HKLM\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)

Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live UX Platform Language Pack (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Writer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Writer Resources (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Media Encoder 9 Series (HKLM\...\Windows Media Encoder 9) (Version:  - )

Windows Media Encoder 9 Series (Version: 9.00.3374 - Microsoft Corporation) Hidden

ytbyclick Toolbar (HKLM\...\ytbyclick Toolbar) (Version: 6.7.0.6 - ytbyclick)

 

==================== Restore Points  =========================

 

24-03-2014 05:27:27 Scheduled Checkpoint

25-03-2014 01:12:03 Scheduled Checkpoint

26-03-2014 13:43:51 Scheduled Checkpoint

29-03-2014 05:18:41 Scheduled Checkpoint

02-04-2014 07:52:19 Scheduled Checkpoint

03-04-2014 02:17:44 Scheduled Checkpoint

04-04-2014 03:54:40 Scheduled Checkpoint

05-04-2014 13:08:04 Scheduled Checkpoint

06-04-2014 01:32:10 Scheduled Checkpoint

07-04-2014 17:26:48 Scheduled Checkpoint

 

==================== Hosts content: ==========================

 

2006-11-02 11:23 - 2006-09-18 22:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

::1             localhost

 

==================== Scheduled Tasks (whitelisted) =============

 

Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM

Task: {2B47239D-A69C-45A4-9C4B-B393A2329494} - System32\Tasks\RealCreateProcessScheduledTask95094995S-1-5-21-1389979042-1133768856-884714788-1000 => c:\program files\real\realplayer\update\realsched.exe [2012-06-03] (RealNetworks, Inc.)

Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI

Task: {34D0C20E-3EFB-46B2-B790-196334429A4D} - System32\Tasks\{E3BE9668-EAE2-4619-96ED-0303080279C1} => Iexplore.exe http://ui.skype.com/ui/0/6.9.0.106/en/abandoninstall?page=tsProgressBar

Task: {36CD591D-F5B1-4A2A-9B3E-EF7434DF7502} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1389979042-1133768856-884714788-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2012-04-30] (RealNetworks, Inc.)

Task: {3A0B67B8-AEEE-49ED-AC56-C67D1FAA3574} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{42A9BD99-D9AC-4121-BC86-DE629C13D16A}.exe

Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages

Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)

Task: {6565B71B-B24F-4D4D-86CB-595CD64487F8} - System32\Tasks\ROC_JAN2013_TB_rmv => C:\Program Files\AVG Secure Search\PostInstall\ROC.exe [2013-01-31] ()

Task: {6E7A2C0F-560F-4492-B6C9-6BEEBACB0447} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)

Task: {702E20B1-5E8E-453E-A1A5-13B189515CAF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-05-20] (Google Inc.)

Task: {AD5080E6-CE8F-40A1-BE17-09BC93F154CC} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1389979042-1133768856-884714788-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2012-04-30] (RealNetworks, Inc.)

Task: {C5B8A959-C920-47EE-90C9-181A03544905} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-11] (Adobe Systems Incorporated)

Task: {CF071282-A7E2-43F0-9998-437C5559BEFB} - System32\Tasks\4596 => Wscript.exe C:\Users\User\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION

Task: {D6ADE738-04AB-4BDF-9065-CC13E7F84625} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION

Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()

Task: {E58301C2-8E52-485B-8D54-5ED513829C35} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-05-20] (Google Inc.)

Task: {E66B41EE-68E4-4FA7-9A93-EB9731022B00} - System32\Tasks\{1EA5384E-6D5A-4C09-9453-696D79AEED5E} => C:\Program Files\Skype\Phone\Skype.exe [2014-02-10] (Skype Technologies S.A.)

Task: {FBC15712-CCA6-464F-BD8B-1FF1D2FE251B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{42A9BD99-D9AC-4121-BC86-DE629C13D16A}.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job => C:\Program Files\AVG Secure Search\PostInstall\ROC.exe

 

==================== Loaded Modules (whitelisted) =============

 

2011-09-27 07:23 - 2011-09-27 07:23 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

2011-09-27 07:22 - 2011-09-27 07:22 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

2014-03-24 14:59 - 2014-03-24 14:59 - 00159768 _____ () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\loggingserver.exe

2014-03-24 14:59 - 2014-03-24 14:59 - 00519704 _____ () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\log4cplusU.dll

2008-08-22 20:07 - 2008-08-22 20:07 - 00126976 _____ () C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVCtrl.dll

2008-08-22 20:07 - 2008-08-22 20:07 - 06701056 _____ () C:\Program Files\TOSHIBA\SmartFaceV\FaceHI.dll

2008-08-22 20:07 - 2008-08-22 20:07 - 00995328 _____ () C:\Program Files\TOSHIBA\SmartFaceV\FaceRec.dll

2008-10-08 10:24 - 2008-04-22 21:05 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll

2008-02-04 13:29 - 2008-02-04 13:29 - 00688128 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll

2011-12-08 14:10 - 2014-03-24 14:59 - 02544664 _____ () C:\Program Files\AVG Secure Search\vprot.exe

2007-01-13 03:01 - 2007-01-13 03:01 - 00397312 ____R () C:\Program Files\Adobe\Reader 8.0\Reader\cryptocme2.dll

2007-01-13 03:01 - 2007-01-13 03:01 - 00475136 ____R () C:\Program Files\Adobe\Reader 8.0\Reader\ccme_base.dll

2014-03-15 23:51 - 2014-03-15 01:50 - 00051016 _____ () C:\Program Files\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll

2014-03-15 23:51 - 2014-03-15 01:50 - 04061000 _____ () C:\Program Files\Google\Chrome\Application\33.0.1750.154\pdf.dll

2014-03-15 23:51 - 2014-03-15 01:50 - 00394568 _____ () C:\Program Files\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll

2014-03-15 23:51 - 2014-03-15 01:50 - 01647432 _____ () C:\Program Files\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll

2014-01-19 02:48 - 2014-01-19 02:48 - 04591616 _____ () C:\Users\User\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.5.0\libglesv2.dll

2014-01-19 02:48 - 2014-01-19 02:48 - 00112128 _____ () C:\Users\User\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.5.0\libegl.dll

2014-04-09 02:40 - 2014-04-09 02:40 - 03972608 _____ () C:\Users\User\Documents\Unhelpful folders folder\Downloads\RogueKiller.exe

 

==================== Alternate Data Streams (whitelisted) =========

 

 

==================== Safe Mode (whitelisted) ===================

 

 

==================== Disabled items from MSCONFIG ==============

 

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Audible Download Manager.lnk => C:\Windows\pss\Audible Download Manager.lnk.CommonStartup

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk => C:\Windows\pss\Microsoft Office.lnk.CommonStartup

MSCONFIG\startupfolder: C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^BBC iPlayer Desktop.lnk => C:\Windows\pss\BBC iPlayer Desktop.lnk.Startup

MSCONFIG\startupreg: 00TCrdMain => %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

MSCONFIG\startupreg: AVG_TRAY => C:\Program Files\AVG\AVG10\avgtray.exe

MSCONFIG\startupreg: Camera Assistant Software => "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start

MSCONFIG\startupreg: cfFncEnabler.exe => cfFncEnabler.exe

MSCONFIG\startupreg: ehTray.exe => C:\Windows\ehome\ehTray.exe

MSCONFIG\startupreg: Google Desktop Search => "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

MSCONFIG\startupreg: jswtrayutil => "C:\Program Files\Jumpstart\jswtrayutil.exe"

MSCONFIG\startupreg: NDSTray.exe => NDSTray.exe

MSCONFIG\startupreg: NetFxUpdate_v1.1.4322 => "C:\Windows\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe" 1 v1.1.4322 GAC + NI NID

MSCONFIG\startupreg: RtHDVCpl => RtHDVCpl.exe

MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

MSCONFIG\startupreg: Skytel => Skytel.exe

MSCONFIG\startupreg: SmoothView => %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe

MSCONFIG\startupreg: SoftAuto.exe => "C:\Program Files\Creative\Software Update 3\SoftAuto.exe"

MSCONFIG\startupreg: StartCCC => "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"

MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

MSCONFIG\startupreg: swg => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

MSCONFIG\startupreg: SynTPEnh => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

MSCONFIG\startupreg: TkBellExe => "c:\program files\real\realplayer\Update\realsched.exe" -osboot

MSCONFIG\startupreg: topi => C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup

MSCONFIG\startupreg: TOSCDSPD => TOSCDSPD.EXE

MSCONFIG\startupreg: Toshiba Registration => C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe

MSCONFIG\startupreg: Toshiba TEMPO => C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe

MSCONFIG\startupreg: TPwrMain => %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE

MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide

MSCONFIG\startupreg: WMPNSCFG => C:\Program Files\Windows Media Player\WMPNSCFG.exe

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (04/09/2014 00:23:11 AM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 1763

 

Error: (04/09/2014 00:23:11 AM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 1763

 

Error: (04/09/2014 00:23:11 AM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (04/08/2014 07:50:14 PM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 4618

 

Error: (04/08/2014 07:50:14 PM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 4618

 

Error: (04/08/2014 07:50:14 PM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (04/08/2014 07:50:13 PM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 3619

 

Error: (04/08/2014 07:50:13 PM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 3619

 

Error: (04/08/2014 07:50:13 PM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (04/08/2014 07:50:12 PM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 2481

 

 

System errors:

=============

Error: (04/07/2014 07:22:01 PM) (Source: Service Control Manager) (User: )

Description: Windows Search%%1053

 

Error: (04/07/2014 07:22:01 PM) (Source: Service Control Manager) (User: )

Description: 30000Windows Search

 

Error: (04/07/2014 07:22:01 PM) (Source: DCOM) (User: )

Description: 1053WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

 

Error: (04/07/2014 07:15:22 PM) (Source: Service Control Manager) (User: )

Description: Computer Browser%%1060

 

Error: (04/07/2014 07:15:22 PM) (Source: Service Control Manager) (User: )

Description: HitmanPro 3.7 Crusader (Boot)%%3

 

Error: (04/07/2014 07:12:35 PM) (Source: Service Control Manager) (User: )

Description: ScRegSetValueExWFailureActions%%5

 

Error: (04/07/2014 02:30:22 AM) (Source: Service Control Manager) (User: )

Description: Computer Browser%%1060

 

Error: (04/07/2014 02:30:22 AM) (Source: Service Control Manager) (User: )

Description: HitmanPro 3.7 Crusader (Boot)%%3

 

Error: (04/07/2014 02:29:00 AM) (Source: EventLog) (User: )

Description: The previous system shutdown at 02:24:30 on 07/04/2014 was unexpected.

 

Error: (04/06/2014 08:01:17 PM) (Source: Service Control Manager) (User: )

Description: Computer Browser%%1060

 

 

Microsoft Office Sessions:

=========================

Error: (04/09/2014 00:23:11 AM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 1763

 

Error: (04/09/2014 00:23:11 AM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: m->NextScheduledEvent 1763

 

Error: (04/09/2014 00:23:11 AM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (04/08/2014 07:50:14 PM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 4618

 

Error: (04/08/2014 07:50:14 PM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: m->NextScheduledEvent 4618

 

Error: (04/08/2014 07:50:14 PM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (04/08/2014 07:50:13 PM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 3619

 

Error: (04/08/2014 07:50:13 PM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: m->NextScheduledEvent 3619

 

Error: (04/08/2014 07:50:13 PM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (04/08/2014 07:50:12 PM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 2481

 

 

CodeIntegrity Errors:

===================================

  Date: 2014-04-09 03:11:12.321

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-04-09 03:11:11.320

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-04-09 03:11:10.303

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-04-09 03:11:09.313

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-04-09 03:11:08.157

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-04-09 03:11:07.226

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-04-09 03:11:06.224

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-04-09 03:11:05.218

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-04-08 19:26:25.574

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\AVG\AVG2013\Drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-04-08 19:26:24.624

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\AVG\AVG2013\Drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system.

 

 

==================== Memory info =========================== 

 

Percentage of memory in use: 70%

Total physical RAM: 2813.1 MB

Available physical RAM: 825.53 MB

Total Pagefile: 5852.72 MB

Available Pagefile: 2670.17 MB

Total Virtual: 2047.88 MB

Available Virtual: 1901.63 MB

 

==================== Drives ================================

 

Drive c: (Vista) (Fixed) (Total:116.29 GB) (Free:21.14 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

Drive e: (Data) (Fixed) (Total:115.13 GB) (Free:83.05 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 233 GB) (Disk ID: 1CFF666E)

Partition 1: (Not Active) - (Size=1 GB) - (Type=27)

Partition 2: (Active) - (Size=116 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=115 GB) - (Type=07 NTFS)

 

==================== End Of Log ============================

 


 


 


 


Any help would be hugely appreciated! 


Many thanks in advance!  :)


 


 


Link to post
Share on other sites

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 
 
 
 
Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.zip and extract to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt



Please attach this file to your next reply.

 

 

 

 

Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.

  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )

    [*]Leave everything else as it is. [*]Close all other running programs as well as your Browser. [*]Click the Scan button & wait for it to finish. [*]Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post. [*]Save it where you can easily find it, such as your desktop. [*]Please post the content of the ark.txt here.


**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.