TechSpot

Computer slowing down to snail speed

Inactive-A
By keepmovingup2
Apr 20, 2013
  1. Hi there,

    over the last few weeks ive noticed the performance of my computer has reduced dramatically. I have even started to get "memory error" messages appear on startup.

    I have downloaded various antispyware/virus software (malwarebytes,spybot search and destroy, AVG 2013 I even installed Panda pro 2013 but to no avail. tried uninstalling them too. I noticed ive got a lot of Service host things going on which is using a lot of memory (over 100mb avg). but can't seem to get rid of it.

    any further advice would be greatly welcome
     
  2. Broni

    Broni Malware Annihilator Posts: 47,078   +258

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  3. keepmovingup2

    keepmovingup2 TS Rookie Topic Starter

    Hi thanks for the assist, here is the malwarebytes and DDS log.

    Malwarebytes Anti-Malware (Trial) 1.70.0.1100
    www.malwarebytes.org

    Database version: v2013.01.04.09

    Windows 8 x64 NTFS
    Internet Explorer 10.0.9200.16466
    jonesy :: JACK [limited]

    Protection: Enabled

    05/01/2013 21:58:17
    mbam-log-2013-01-05 (21-58-17).txt

    Scan type: Full scan (C:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 400272
    Time elapsed: 44 minute(s), 44 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)



    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 10.0.9200.16519 BrowserJavaVersion: 10.17.2
    Run by jonesy at 23:49:37 on 2013-04-20
    Microsoft Windows 8 6.2.9200.0.1252.44.2057.18.5595.4030 [GMT 1:00]
    .
    AV: Panda Antivirus Pro 2013 *Enabled/Updated* {65216B53-8D58-3C85-9923-623F89CF692B}
    AV: AVG AntiVirus Free Edition 2013 *Disabled/Outdated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
    AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    SP: Panda Antivirus Pro 2013 *Enabled/Updated* {DE408AB7-AB62-330B-A393-594DF2482396}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
    SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    .
    ============== Running Processes ===============
    .
    C:\windows\system32\svchost.exe -k DcomLaunch
    C:\windows\system32\svchost.exe -k RPCSS
    C:\windows\system32\svchost.exe -k NetworkService
    C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\PskSvc.exe
    C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\TPSrvWow.exe
    C:\windows\system32\atiesrxx.exe
    C:\windows\system32\dwm.exe
    C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\windows\system32\svchost.exe -k netsvcs
    C:\PROGRAM FILES (X86)\PANDA SECURITY\PANDA ANTIVIRUS PRO 2013\WebProxy.exe
    C:\windows\system32\svchost.exe -k LocalService
    C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\windows\system32\atieclxx.exe
    C:\windows\system32\WLANExt.exe
    C:\windows\System32\spoolsv.exe
    C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
    C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe
    C:\windows\system32\dashost.exe
    C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
    C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\PsCtrls.exe
    C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\PavFnSvr.exe
    C:\Program Files (x86)\Common Files\Panda Security\PavShld\pavprsrv.exe
    C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\pavsrvx86.exe
    C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\PsImSvc.exe
    C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\AVENGINE.EXE
    C:\windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe
    C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
    C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\windows\system32\taskhostex.exe
    C:\windows\Explorer.EXE
    C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler.exe
    C:\Program Files (x86)\Samsung\Settings\sSettings.exe
    C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler64.exe
    C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\windows\System32\svchost.exe -k LocalServicePeerNet
    C:\windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
    C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
    C:\windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\ApVxdWin.exe
    C:\Program Files\Samsung\S Agent\CommonAgent.exe
    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
    C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\windows\system32\SearchProtocolHost.exe
    C:\windows\system32\SearchFilterHost.exe
    C:\windows\system32\wbem\wmiprvse.exe
    C:\windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://mysearch.avg.com/?cid={56E2F325-46FC-4A4E-B7F7-34AEF4BB6495}&mid=f805911c97f147d39d1681fe858541b7-972a946a9c20a48148a7ac59df0e54cd6de6e563&lang=en&ds=AVG&pr=fr&d=&v=&pid=safeguard&sg=2&sap=hp
    uDefault_Page_URL = hxxp://samsung13.msn.com
    uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
    mWinlogon: Userinit = userinit.exe,
    BHO: Giant Savings Extension: {11111111-1111-1111-1111-110211181110} - C:\Program Files (x86)\Giant Savings Extension\Giant Savings Extension.dll
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    TB: Vuze Remote Toolbar: {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
    TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
    uRun: [AdobeBridge] <no file>
    mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [CLVirtualDrive] "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
    mRun: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
    mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [APVXDWIN] "C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\APVXDWIN.EXE" /s
    mRun: [SCANINICIO] "C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\Inicio.exe"
    mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    StartupFolder: C:\Users\jonesy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
    mPolicies-System: DisableCAD = dword:1
    TCP: NameServer = 194.168.4.100 194.168.8.100
    TCP: Interfaces\{0D6C284F-5D1A-4158-AC09-F33F4E7B0A25} : DHCPNameServer = 100.100.0.101
    TCP: Interfaces\{8A6E8A24-289F-4C48-BEE0-634559093CCC} : DHCPNameServer = 194.168.4.100 194.168.8.100
    TCP: Interfaces\{8A6E8A24-289F-4C48-BEE0-634559093CCC}\13230254C667163747F6E60205C6163656 : DHCPNameServer = 192.168.2.1
    TCP: Interfaces\{8A6E8A24-289F-4C48-BEE0-634559093CCC}\33D4F62696C65675966496D283264353 : DHCPNameServer = 192.168.1.1 192.168.1.1
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SSODL: WebCheck - <orphaned>
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
    x64-BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
    x64-Run: [BtTray] "C:\Program Files (x86)\Bluetooth Suite\BtTray.exe"
    x64-Run: [BtvStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
    x64-mPolicies-System: DisableCAD = dword:1
    x64-IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-Notify: avldr - avldr64.dll
    x64-SSODL: WebCheck - <orphaned>
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 amd_sata;amd_sata;C:\windows\System32\Drivers\amd_sata.sys [2012-9-2 79528]
    R0 amd_xata;amd_xata;C:\windows\System32\Drivers\amd_xata.sys [2012-9-2 26280]
    R0 amdkmpfd;AMD PCI Root Bus Lower Filter;C:\windows\System32\Drivers\amdkmpfd.sys [2012-7-9 35496]
    R2 AmFSM;AmFSM;C:\windows\System32\Drivers\amm6460.sys [2013-4-16 71432]
    R2 APXACC;AppEx Networks Accelerator LWF;C:\windows\System32\Drivers\appexDrv.sys [2012-10-19 199008]
    R3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;C:\windows\System32\Drivers\btath_flt.sys [2012-10-19 88728]
    R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\windows\System32\Drivers\AtihdW86.sys [2012-8-21 91648]
    R3 BazisVirtualCDBus;WinCDEmu Virtual Bus Driver;C:\windows\System32\Drivers\BazisVirtualCDBus.sys [2011-6-4 198480]
    R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\windows\System32\Drivers\btath_a2dp.sys [2012-10-19 344216]
    R3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service;C:\windows\System32\Drivers\btath_avdt.sys [2012-10-19 114840]
    R3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;C:\windows\System32\Drivers\btath_bus.sys [2012-10-19 33944]
    R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\windows\System32\Drivers\btath_hcrp.sys [2012-10-19 178840]
    R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\windows\System32\Drivers\btath_lwflt.sys [2012-10-19 76952]
    R3 BTATH_RCP;Bluetooth AVRCP Device;C:\windows\System32\Drivers\btath_rcp.sys [2012-10-19 135832]
    R3 BtFilter;BtFilter;C:\windows\System32\Drivers\btfilter.sys [2012-10-19 575128]
    .
    =============== File Associations ===============
    .
    FileExt: .txt: txtfile=C:\windows\System32\NOTEPAD.EXE %1 [UserChoice]
    FileExt: .vbe: VBEFile=C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\PavScrip.exe "%1" %*
    FileExt: .vbs: VBSFile=C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\PavScrip.exe "%1" %*
    FileExt: .js: JSFile=C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\PavScrip.exe "%1" %*
    FileExt: .jse: JSEFile=C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\PavScrip.exe "%1" %*
    FileExt: .wsf: WSFFile=C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\PavScrip.exe "%1" %*
    .
    =============== Created Last 30 ================
    .
    2013-04-20 21:50:2025928----a-w-C:\windows\System32\drivers\mbam.sys
    2013-04-20 21:46:51--------d-----w-C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2013-04-20 21:25:36--------d-----w-C:\Users\jonesy\AppData\Local\ElevatedDiagnostics
    2013-04-20 20:51:43--------d-----w-C:\Users\jonesy\AppData\Local\Avg2013
    2013-04-20 19:46:4878176----a-w-C:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-04-20 19:46:47692576----a-w-C:\windows\SysWow64\FlashPlayerApp.exe
    2013-04-19 10:44:05193200----a-w-C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10199.bin
    2013-04-17 21:06:01375808----a-w-C:\windows\SysWow64\ReAgent.dll
    2013-04-17 21:06:011011200----a-w-C:\windows\System32\reseteng.dll
    2013-04-16 20:26:46--------d-----w-C:\windows\FltMgr
    2013-04-16 20:26:39--------d-----w-C:\Users\jonesy\AppData\Local\Panda Security
    2013-04-16 20:24:1330792----a-w-C:\windows\System32\drivers\pavboot64.sys
    2013-04-16 20:23:4546640----a-w-C:\windows\System32\pavcpl64.cpl
    2013-04-16 20:23:15446464----a-w-C:\windows\SysWow64\HHActiveX.dll
    2013-04-16 20:23:0287328----a-w-C:\windows\SysWow64\PavLspHookWow.dll
    2013-04-16 20:23:0225344----a-w-C:\windows\SysWow64\sysHelper32.dll
    2013-04-16 20:23:02202048----a-w-C:\windows\SysWow64\TpUtilWow.dll
    2013-04-16 20:23:0190944----a-w-C:\windows\System32\PavIpc64.dll
    2013-04-16 20:23:0166880----a-w-C:\windows\SysWow64\PavIpcWow.dll
    2013-04-16 20:23:01323392----a-w-C:\windows\System32\TpUtil64.dll
    2013-04-16 20:23:0124064----a-w-C:\windows\System32\sysHelper64.dll
    2013-04-16 20:23:01117024----a-w-C:\windows\System32\PavLspHook64.dll
    2013-04-16 20:23:00837920----a-w-C:\windows\System32\PavSHook64.dll
    2013-04-16 20:23:00545056----a-w-C:\windows\SysWow64\PavSHookWow.dll
    2013-04-16 20:22:4571432----a-w-C:\windows\System32\drivers\amm6460.sys
    2013-04-16 20:22:4564768----a-w-C:\windows\System32\avldr64.dll
    2013-04-16 20:22:45--------d-----w-C:\windows\SysWow64\PAV
    2013-04-16 20:22:42--------d-----w-C:\Users\jonesy\AppData\Roaming\Panda Security
    2013-04-16 20:22:42--------d-----w-C:\ProgramData\Panda Security
    2013-04-16 20:22:2348136----a-w-C:\windows\System32\drivers\ShldFlt.sys
    2013-04-16 20:22:23--------d-----w-C:\Program Files (x86)\Common Files\Panda Security
    2013-04-16 20:16:07--------d-----w-C:\Program Files (x86)\Panda Security
    2013-04-10 20:19:55108448----a-w-C:\windows\System32\WindowsAccessBridge-64.dll
    2013-04-10 15:33:49--------d-----w-C:\Users\jonesy\AppData\Roaming\TuneUp Software
    2013-04-10 15:33:15--------d--h--w-C:\$AVG
    2013-04-10 15:33:15--------d-----w-C:\ProgramData\AVG2013
    2013-04-10 15:27:563618304------w-C:\windows\System32\athw8x.sys
    2013-04-10 15:27:4664128------w-C:\windows\System32\athihvui.dll
    2013-04-10 15:27:46443008------w-C:\windows\System32\athihvs.dll
    2013-04-10 15:27:46--------d-----w-C:\windows\System32\nn-NO
    2013-04-10 15:27:31--------d-----w-C:\Program Files (x86)\Cisco
    2013-04-10 15:24:01--------d--h--w-C:\ProgramData\Common Files
    2013-04-10 15:24:01--------d-----w-C:\Users\jonesy\AppData\Local\MFAData
    2013-04-10 15:24:01--------d-----w-C:\ProgramData\MFAData
    .
    ==================== Find3M ====================
    .
    2013-04-10 20:19:36963488----a-w-C:\windows\System32\deployJava1.dll
    2013-04-10 20:19:361085344----a-w-C:\windows\System32\npDeployJava1.dll
    2013-03-07 16:10:4495648----a-w-C:\windows\SysWow64\WindowsAccessBridge-32.dll
    2013-03-07 16:10:44861088----a-w-C:\windows\SysWow64\npDeployJava1.dll
    2013-03-07 16:10:44782240----a-w-C:\windows\SysWow64\deployJava1.dll
    2013-03-06 10:38:36770384----a-w-C:\windows\SysWow64\msvcr100.dll
    2013-03-06 10:38:36421200----a-w-C:\windows\SysWow64\msvcp100.dll
    2013-03-03 17:42:40314016----a-w-C:\windows\System32\drivers\atksgt.sys
    2013-03-03 17:42:3843680----a-w-C:\windows\System32\drivers\lirsgt.sys
    2013-03-02 08:22:18361984----a-w-C:\windows\SysWow64\MFMediaEngine.dll
    2013-03-02 02:44:30468992----a-w-C:\windows\System32\MFMediaEngine.dll
    2013-02-15 07:58:5939936----a-w-C:\windows\apppatch\apppatch64\acspecfc.dll
    2013-02-15 06:35:40444416----a-w-C:\windows\apppatch\AcSpecfc.dll
    2013-02-12 01:30:0444032----a-w-C:\windows\SysWow64\UXInit.dll
    2013-02-12 00:56:1953760----a-w-C:\windows\System32\UXInit.dll
    2013-02-12 00:25:184041728----a-w-C:\windows\System32\win32k.sys
    2013-02-12 00:17:5020992----a-w-C:\windows\System32\drivers\usb8023x.sys
    2013-02-12 00:17:5020992----a-w-C:\windows\System32\drivers\usb8023.sys
    2013-02-07 04:09:5669864----a-w-C:\windows\System32\drivers\pdc.sys
    2013-02-07 03:34:5810115072----a-w-C:\windows\System32\twinui.dll
    2013-02-07 03:33:472302464----a-w-C:\windows\System32\authui.dll
    2013-02-07 03:33:422146816----a-w-C:\windows\System32\actxprxy.dll
    2013-02-07 01:34:008856576----a-w-C:\windows\SysWow64\twinui.dll
    2013-02-07 01:33:032033664----a-w-C:\windows\SysWow64\authui.dll
    2013-02-07 01:33:01754176----a-w-C:\windows\SysWow64\actxprxy.dll
    2013-02-05 22:31:11622080----a-w-C:\windows\System32\drivers\srv2.sys
    2013-02-05 22:29:09370688----a-w-C:\windows\System32\drivers\mrxsmb.sys
    2013-02-05 22:28:48247808----a-w-C:\windows\System32\drivers\srvnet.sys
    2013-02-05 22:28:36215552----a-w-C:\windows\System32\drivers\mrxsmb20.sys
    2013-02-05 04:58:011766912----a-w-C:\windows\SysWow64\wininet.dll
    2013-02-05 04:56:332877952----a-w-C:\windows\SysWow64\jscript9.dll
    2013-02-05 04:56:2761440----a-w-C:\windows\SysWow64\iesetup.dll
    2013-02-05 04:56:27109056----a-w-C:\windows\SysWow64\iesysprep.dll
    2013-02-05 03:55:272706432----a-w-C:\windows\SysWow64\mshtml.tlb
    2013-02-05 01:44:50534528----a-w-C:\windows\SysWow64\uxtheme.dll
    2013-02-04 22:39:472246656----a-w-C:\windows\System32\wininet.dll
    2013-02-04 22:39:39907776----a-w-C:\windows\System32\uxtheme.dll
    2013-02-04 22:38:553966464----a-w-C:\windows\System32\jscript9.dll
    2013-02-04 22:38:53136704----a-w-C:\windows\System32\iesysprep.dll
    2013-02-02 11:19:44496872----a-w-C:\windows\System32\drivers\usbhub.sys
    2013-02-02 11:19:44446184----a-w-C:\windows\System32\drivers\USBHUB3.SYS
    2013-02-02 11:19:41329960----a-w-C:\windows\System32\drivers\storport.sys
    2013-02-02 11:19:3361672----a-w-C:\windows\System32\drivers\crashdmp.sys
    2013-02-02 10:54:541933544----a-w-C:\windows\System32\drivers\ntfs.sys
    2013-02-02 10:28:54993512----a-w-C:\windows\System32\drivers\ndis.sys
    2013-02-02 10:28:542226408----a-w-C:\windows\System32\drivers\tcpip.sys
    2013-02-02 09:42:072207232----a-w-C:\windows\SysWow64\PrintConfig.dll
    2013-02-02 08:40:58375808----a-w-C:\windows\SysWow64\wbem\WmiPrvSE.exe
    2013-02-02 08:40:5580896----a-w-C:\windows\SysWow64\tasklist.exe
    2013-02-02 08:40:5579360----a-w-C:\windows\SysWow64\taskkill.exe
    2013-02-02 08:40:36155136----a-w-C:\windows\SysWow64\XpsRasterService.dll
    2013-02-02 08:40:35370688----a-w-C:\windows\SysWow64\WWanAPI.dll
    2013-02-02 08:40:27131072----a-w-C:\windows\SysWow64\wbem\WmiDcPrv.dll
    2013-02-02 08:40:26410624----a-w-C:\windows\SysWow64\wlroamextension.dll
    2013-02-02 08:40:22197632----a-w-C:\windows\SysWow64\Windows.Networking.Connectivity.dll
    2013-02-02 08:40:2210792448----a-w-C:\windows\SysWow64\Windows.UI.Xaml.dll
    2013-02-02 08:40:01356352----a-w-C:\windows\SysWow64\SettingSync.dll
    2013-02-02 08:39:59325632----a-w-C:\windows\SysWow64\schannel.dll
    2013-02-02 08:39:4718432----a-w-C:\windows\SysWow64\npmproxy.dll
    2013-02-02 08:39:3455296----a-w-C:\windows\SysWow64\nlaapi.dll
    2013-02-02 08:39:3415872----a-w-C:\windows\SysWow64\nlmproxy.dll
    2013-02-02 08:39:3412288----a-w-C:\windows\SysWow64\nlmsprep.dll
    2013-02-02 08:39:33115712----a-w-C:\windows\SysWow64\netprofm.dll
    2013-02-02 08:39:285090816----a-w-C:\windows\SysWow64\mstscax.dll
    2013-02-02 08:39:15157696----a-w-C:\windows\SysWow64\mbsmsapi.dll
    2013-02-02 08:38:54567808----a-w-C:\windows\SysWow64\duser.dll
    2013-02-02 08:24:19107520----a-w-C:\windows\System32\taskkill.exe
    2013-02-02 08:24:19102400----a-w-C:\windows\System32\tasklist.exe
    2013-02-02 08:23:44228352----a-w-C:\windows\System32\XpsRasterService.dll
    2013-02-02 08:23:43475136----a-w-C:\windows\System32\WWanAPI.dll
    2013-02-02 08:23:37611840----a-w-C:\windows\System32\wpd_ci.dll
    2013-02-02 08:23:37105472----a-w-C:\windows\System32\wpdbusenum.dll
    2013-02-02 08:23:30830464----a-w-C:\windows\System32\wbem\WmiPrvSD.dll
    2013-02-02 08:23:28543232----a-w-C:\windows\System32\wlroamextension.dll
    2013-02-02 08:23:2113643264----a-w-C:\windows\System32\Windows.UI.Xaml.dll
    2013-02-02 08:23:19293376----a-w-C:\windows\System32\Windows.Networking.Connectivity.dll
    2013-02-02 08:23:18731648----a-w-C:\windows\System32\win32spl.dll
    2013-02-02 08:23:1687552----a-w-C:\windows\System32\wersvc.dll
    2013-02-02 08:22:28448512----a-w-C:\windows\System32\SettingSync.dll
    2013-02-02 08:22:22416256----a-w-C:\windows\System32\schannel.dll
    2013-02-02 08:21:45467456----a-w-C:\windows\System32\netprofmsvc.dll
    2013-02-02 08:21:44385024----a-w-C:\windows\System32\ncsi.dll
    2013-02-02 08:21:385977600----a-w-C:\windows\System32\mstscax.dll
    2013-02-02 08:21:10225280----a-w-C:\windows\System32\mbsmsapi.dll
    2013-02-02 08:20:47260096----a-w-C:\windows\System32\hotspotauth.dll
    2013-02-02 08:20:31729600----a-w-C:\windows\System32\duser.dll
    2013-02-02 07:30:052706432----a-w-C:\windows\System32\mshtml.tlb
    2013-02-02 07:25:52297984----a-w-C:\windows\System32\drivers\ks.sys
    2013-02-02 07:25:2682944----a-w-C:\windows\System32\drivers\hidclass.sys
    2013-02-02 07:25:2337632----a-w-C:\windows\System32\drivers\BthAvrcpTg.sys
    2013-02-02 05:41:571437184----a-w-C:\windows\SysWow64\GdiPlus.dll
    2013-02-02 05:31:541690624----a-w-C:\windows\System32\GdiPlus.dll
    2013-01-29 01:57:0535232----a-w-C:\windows\System32\drivers\WdBoot.sys
    2013-01-28 23:08:22230904----a-w-C:\windows\System32\drivers\WdFilter.sys
    .
    ============= FINISH: 23:52:05.52 ===============
     
  4. Broni

    Broni Malware Annihilator Posts: 47,078   +258

  5. keepmovingup2

    keepmovingup2 TS Rookie Topic Starter

    Downloaded, unininstalled AV, restarted computer.

    uploaded the attach.zip
     

    Attached Files:

  6. Broni

    Broni Malware Annihilator Posts: 47,078   +258

    Uninstalled TWO AV programs?

     
  7. keepmovingup2

    keepmovingup2 TS Rookie Topic Starter

    Yup uninstalled avg and norton

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 10.0.9200.16519 BrowserJavaVersion: 10.17.2
    Run by jonesy at 0:41:26 on 2013-04-21
    Microsoft Windows 8 6.2.9200.0.1252.44.2057.18.5595.4093 [GMT 1:00]
    .
    AV: Panda Antivirus Pro 2013 *Enabled/Updated* {65216B53-8D58-3C85-9923-623F89CF692B}
    AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Panda Antivirus Pro 2013 *Enabled/Updated* {DE408AB7-AB62-330B-A393-594DF2482396}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\windows\system32\svchost.exe -k DcomLaunch
    C:\windows\system32\svchost.exe -k RPCSS
    C:\windows\system32\svchost.exe -k NetworkService
    C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\PskSvc.exe
    C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\TPSrvWow.exe
    C:\windows\system32\atiesrxx.exe
    C:\windows\system32\dwm.exe
    C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\windows\system32\svchost.exe -k netsvcs
    C:\windows\system32\svchost.exe -k LocalService
    C:\windows\system32\atieclxx.exe
    C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\windows\system32\WLANExt.exe
    C:\PROGRAM FILES (X86)\PANDA SECURITY\PANDA ANTIVIRUS PRO 2013\WebProxy.exe
    C:\windows\System32\spoolsv.exe
    C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
    C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe
    C:\windows\system32\dashost.exe
    C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
    C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\PsCtrls.exe
    C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
    C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\PavFnSvr.exe
    C:\windows\system32\taskhostex.exe
    C:\Program Files (x86)\Common Files\Panda Security\PavShld\pavprsrv.exe
    C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\pavsrvx86.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\PsImSvc.exe
    C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\AVENGINE.EXE
    C:\windows\Explorer.EXE
    C:\windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe
    C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
    C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler.exe
    C:\Program Files (x86)\Samsung\Settings\sSettings.exe
    C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler64.exe
    C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\windows\system32\wbem\wmiprvse.exe
    C:\windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
    C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
    C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
    C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\ApVxdWin.exe
    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
    C:\Program Files\Samsung\S Agent\CommonAgent.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\windows\system32\wbem\wmiprvse.exe
    C:\windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://mysearch.avg.com/?cid={56E2F325-46FC-4A4E-B7F7-34AEF4BB6495}&mid=f805911c97f147d39d1681fe858541b7-972a946a9c20a48148a7ac59df0e54cd6de6e563&lang=en&ds=AVG&pr=fr&d=&v=&pid=safeguard&sg=2&sap=hp
    uDefault_Page_URL = hxxp://samsung13.msn.com
    uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
    mWinlogon: Userinit = userinit.exe,
    BHO: Giant Savings Extension: {11111111-1111-1111-1111-110211181110} - C:\Program Files (x86)\Giant Savings Extension\Giant Savings Extension.dll
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    TB: Vuze Remote Toolbar: {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
    TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
    uRun: [AdobeBridge] <no file>
    mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [CLVirtualDrive] "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
    mRun: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
    mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [APVXDWIN] "C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\APVXDWIN.EXE" /s
    mRun: [SCANINICIO] "C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\Inicio.exe"
    StartupFolder: C:\Users\jonesy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
    mPolicies-System: DisableCAD = dword:1
    TCP: NameServer = 194.168.4.100 194.168.8.100
    TCP: Interfaces\{0D6C284F-5D1A-4158-AC09-F33F4E7B0A25} : DHCPNameServer = 100.100.0.101
    TCP: Interfaces\{8A6E8A24-289F-4C48-BEE0-634559093CCC} : DHCPNameServer = 194.168.4.100 194.168.8.100
    TCP: Interfaces\{8A6E8A24-289F-4C48-BEE0-634559093CCC}\13230254C667163747F6E60205C6163656 : DHCPNameServer = 192.168.2.1
    TCP: Interfaces\{8A6E8A24-289F-4C48-BEE0-634559093CCC}\33D4F62696C65675966496D283264353 : DHCPNameServer = 192.168.1.1 192.168.1.1
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SSODL: WebCheck - <orphaned>
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
    x64-BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
    x64-Run: [BtTray] "C:\Program Files (x86)\Bluetooth Suite\BtTray.exe"
    x64-Run: [BtvStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
    x64-mPolicies-System: DisableCAD = dword:1
    x64-IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-Notify: avldr - avldr64.dll
    x64-SSODL: WebCheck - <orphaned>
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 amd_sata;amd_sata;C:\windows\System32\Drivers\amd_sata.sys [2012-9-2 79528]
    R0 amd_xata;amd_xata;C:\windows\System32\Drivers\amd_xata.sys [2012-9-2 26280]
    R0 amdkmpfd;AMD PCI Root Bus Lower Filter;C:\windows\System32\Drivers\amdkmpfd.sys [2012-7-9 35496]
    R2 AmFSM;AmFSM;C:\windows\System32\Drivers\amm6460.sys [2013-4-16 71432]
    R2 APXACC;AppEx Networks Accelerator LWF;C:\windows\System32\Drivers\appexDrv.sys [2012-10-19 199008]
    R3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;C:\windows\System32\Drivers\btath_flt.sys [2012-10-19 88728]
    R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\windows\System32\Drivers\AtihdW86.sys [2012-8-21 91648]
    R3 BazisVirtualCDBus;WinCDEmu Virtual Bus Driver;C:\windows\System32\Drivers\BazisVirtualCDBus.sys [2011-6-4 198480]
    R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\windows\System32\Drivers\btath_a2dp.sys [2012-10-19 344216]
    R3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service;C:\windows\System32\Drivers\btath_avdt.sys [2012-10-19 114840]
    R3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;C:\windows\System32\Drivers\btath_bus.sys [2012-10-19 33944]
    R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\windows\System32\Drivers\btath_hcrp.sys [2012-10-19 178840]
    R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\windows\System32\Drivers\btath_lwflt.sys [2012-10-19 76952]
    R3 BTATH_RCP;Bluetooth AVRCP Device;C:\windows\System32\Drivers\btath_rcp.sys [2012-10-19 135832]
    R3 BtFilter;BtFilter;C:\windows\System32\Drivers\btfilter.sys [2012-10-19 575128]
    .
    =============== File Associations ===============
    .
    FileExt: .txt: txtfile=C:\windows\System32\NOTEPAD.EXE %1 [UserChoice]
    FileExt: .vbe: VBEFile=C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\PavScrip.exe "%1" %*
    FileExt: .vbs: VBSFile=C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\PavScrip.exe "%1" %*
    FileExt: .js: JSFile=C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\PavScrip.exe "%1" %*
    FileExt: .jse: JSEFile=C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\PavScrip.exe "%1" %*
    FileExt: .wsf: WSFFile=C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\PavScrip.exe "%1" %*
    .
    =============== Created Last 30 ================
    .
    2013-04-20 23:09:01--------d-----w-C:\ProgramData\Symantec
    2013-04-20 23:07:10--------d-----w-C:\Panda Software
    2013-04-20 21:50:2025928----a-w-C:\windows\System32\drivers\mbam.sys
    2013-04-20 21:46:51--------d-----w-C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2013-04-20 21:25:36--------d-----w-C:\Users\jonesy\AppData\Local\ElevatedDiagnostics
    2013-04-20 19:46:4878176----a-w-C:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-04-20 19:46:47692576----a-w-C:\windows\SysWow64\FlashPlayerApp.exe
    2013-04-19 10:44:05193200----a-w-C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10199.bin
    2013-04-17 21:06:01375808----a-w-C:\windows\SysWow64\ReAgent.dll
    2013-04-17 21:06:011011200----a-w-C:\windows\System32\reseteng.dll
    2013-04-16 20:26:46--------d-----w-C:\windows\FltMgr
    2013-04-16 20:26:39--------d-----w-C:\Users\jonesy\AppData\Local\Panda Security
    2013-04-16 20:24:1330792----a-w-C:\windows\System32\drivers\pavboot64.sys
    2013-04-16 20:23:4546640----a-w-C:\windows\System32\pavcpl64.cpl
    2013-04-16 20:23:15446464----a-w-C:\windows\SysWow64\HHActiveX.dll
    2013-04-16 20:23:0287328----a-w-C:\windows\SysWow64\PavLspHookWow.dll
    2013-04-16 20:23:0225344----a-w-C:\windows\SysWow64\sysHelper32.dll
    2013-04-16 20:23:02202048----a-w-C:\windows\SysWow64\TpUtilWow.dll
    2013-04-16 20:23:0190944----a-w-C:\windows\System32\PavIpc64.dll
    2013-04-16 20:23:0166880----a-w-C:\windows\SysWow64\PavIpcWow.dll
    2013-04-16 20:23:01323392----a-w-C:\windows\System32\TpUtil64.dll
    2013-04-16 20:23:0124064----a-w-C:\windows\System32\sysHelper64.dll
    2013-04-16 20:23:01117024----a-w-C:\windows\System32\PavLspHook64.dll
    2013-04-16 20:23:00837920----a-w-C:\windows\System32\PavSHook64.dll
    2013-04-16 20:23:00545056----a-w-C:\windows\SysWow64\PavSHookWow.dll
    2013-04-16 20:22:4571432----a-w-C:\windows\System32\drivers\amm6460.sys
    2013-04-16 20:22:4564768----a-w-C:\windows\System32\avldr64.dll
    2013-04-16 20:22:45--------d-----w-C:\windows\SysWow64\PAV
    2013-04-16 20:22:42--------d-----w-C:\Users\jonesy\AppData\Roaming\Panda Security
    2013-04-16 20:22:42--------d-----w-C:\ProgramData\Panda Security
    2013-04-16 20:22:2348136----a-w-C:\windows\System32\drivers\ShldFlt.sys
    2013-04-16 20:22:23--------d-----w-C:\Program Files (x86)\Common Files\Panda Security
    2013-04-16 20:16:07--------d-----w-C:\Program Files (x86)\Panda Security
    2013-04-10 20:19:55108448----a-w-C:\windows\System32\WindowsAccessBridge-64.dll
    2013-04-10 15:33:49--------d-----w-C:\Users\jonesy\AppData\Roaming\TuneUp Software
    2013-04-10 15:33:15--------d--h--w-C:\$AVG
    2013-04-10 15:27:563618304------w-C:\windows\System32\athw8x.sys
    2013-04-10 15:27:4664128------w-C:\windows\System32\athihvui.dll
    2013-04-10 15:27:46443008------w-C:\windows\System32\athihvs.dll
    2013-04-10 15:27:46--------d-----w-C:\windows\System32\nn-NO
    2013-04-10 15:27:31--------d-----w-C:\Program Files (x86)\Cisco
    2013-04-10 15:24:01--------d--h--w-C:\ProgramData\Common Files
    .
    ==================== Find3M ====================
    .
    2013-04-10 20:19:36963488----a-w-C:\windows\System32\deployJava1.dll
    2013-04-10 20:19:361085344----a-w-C:\windows\System32\npDeployJava1.dll
    2013-03-07 16:10:4495648----a-w-C:\windows\SysWow64\WindowsAccessBridge-32.dll
    2013-03-07 16:10:44861088----a-w-C:\windows\SysWow64\npDeployJava1.dll
    2013-03-07 16:10:44782240----a-w-C:\windows\SysWow64\deployJava1.dll
    2013-03-06 10:38:36770384----a-w-C:\windows\SysWow64\msvcr100.dll
    2013-03-06 10:38:36421200----a-w-C:\windows\SysWow64\msvcp100.dll
    2013-03-03 17:42:40314016----a-w-C:\windows\System32\drivers\atksgt.sys
    2013-03-03 17:42:3843680----a-w-C:\windows\System32\drivers\lirsgt.sys
    2013-03-02 08:22:18361984----a-w-C:\windows\SysWow64\MFMediaEngine.dll
    2013-03-02 02:44:30468992----a-w-C:\windows\System32\MFMediaEngine.dll
    2013-02-15 07:58:5939936----a-w-C:\windows\apppatch\apppatch64\acspecfc.dll
    2013-02-15 06:35:40444416----a-w-C:\windows\apppatch\AcSpecfc.dll
    2013-02-12 01:30:0444032----a-w-C:\windows\SysWow64\UXInit.dll
    2013-02-12 00:56:1953760----a-w-C:\windows\System32\UXInit.dll
    2013-02-12 00:25:184041728----a-w-C:\windows\System32\win32k.sys
    2013-02-12 00:17:5020992----a-w-C:\windows\System32\drivers\usb8023x.sys
    2013-02-12 00:17:5020992----a-w-C:\windows\System32\drivers\usb8023.sys
    2013-02-07 04:09:5669864----a-w-C:\windows\System32\drivers\pdc.sys
    2013-02-07 03:34:5810115072----a-w-C:\windows\System32\twinui.dll
    2013-02-07 03:33:472302464----a-w-C:\windows\System32\authui.dll
    2013-02-07 03:33:422146816----a-w-C:\windows\System32\actxprxy.dll
    2013-02-07 01:34:008856576----a-w-C:\windows\SysWow64\twinui.dll
    2013-02-07 01:33:032033664----a-w-C:\windows\SysWow64\authui.dll
    2013-02-07 01:33:01754176----a-w-C:\windows\SysWow64\actxprxy.dll
    2013-02-05 22:31:11622080----a-w-C:\windows\System32\drivers\srv2.sys
    2013-02-05 22:29:09370688----a-w-C:\windows\System32\drivers\mrxsmb.sys
    2013-02-05 22:28:48247808----a-w-C:\windows\System32\drivers\srvnet.sys
    2013-02-05 22:28:36215552----a-w-C:\windows\System32\drivers\mrxsmb20.sys
    2013-02-05 04:58:011766912----a-w-C:\windows\SysWow64\wininet.dll
    2013-02-05 04:56:332877952----a-w-C:\windows\SysWow64\jscript9.dll
    2013-02-05 04:56:2761440----a-w-C:\windows\SysWow64\iesetup.dll
    2013-02-05 04:56:27109056----a-w-C:\windows\SysWow64\iesysprep.dll
    2013-02-05 03:55:272706432----a-w-C:\windows\SysWow64\mshtml.tlb
    2013-02-05 01:44:50534528----a-w-C:\windows\SysWow64\uxtheme.dll
    2013-02-04 22:39:472246656----a-w-C:\windows\System32\wininet.dll
    2013-02-04 22:39:39907776----a-w-C:\windows\System32\uxtheme.dll
    2013-02-04 22:38:553966464----a-w-C:\windows\System32\jscript9.dll
    2013-02-04 22:38:53136704----a-w-C:\windows\System32\iesysprep.dll
    2013-02-02 11:19:44496872----a-w-C:\windows\System32\drivers\usbhub.sys
    2013-02-02 11:19:44446184----a-w-C:\windows\System32\drivers\USBHUB3.SYS
    2013-02-02 11:19:41329960----a-w-C:\windows\System32\drivers\storport.sys
    2013-02-02 11:19:3361672----a-w-C:\windows\System32\drivers\crashdmp.sys
    2013-02-02 10:54:541933544----a-w-C:\windows\System32\drivers\ntfs.sys
    2013-02-02 10:28:54993512----a-w-C:\windows\System32\drivers\ndis.sys
    2013-02-02 10:28:542226408----a-w-C:\windows\System32\drivers\tcpip.sys
    2013-02-02 09:42:072207232----a-w-C:\windows\SysWow64\PrintConfig.dll
    2013-02-02 08:40:58375808----a-w-C:\windows\SysWow64\wbem\WmiPrvSE.exe
    2013-02-02 08:40:5580896----a-w-C:\windows\SysWow64\tasklist.exe
    2013-02-02 08:40:5579360----a-w-C:\windows\SysWow64\taskkill.exe
    2013-02-02 08:40:36155136----a-w-C:\windows\SysWow64\XpsRasterService.dll
    2013-02-02 08:40:35370688----a-w-C:\windows\SysWow64\WWanAPI.dll
    2013-02-02 08:40:27131072----a-w-C:\windows\SysWow64\wbem\WmiDcPrv.dll
    2013-02-02 08:40:26410624----a-w-C:\windows\SysWow64\wlroamextension.dll
    2013-02-02 08:40:22197632----a-w-C:\windows\SysWow64\Windows.Networking.Connectivity.dll
    2013-02-02 08:40:2210792448----a-w-C:\windows\SysWow64\Windows.UI.Xaml.dll
    2013-02-02 08:40:01356352----a-w-C:\windows\SysWow64\SettingSync.dll
    2013-02-02 08:39:59325632----a-w-C:\windows\SysWow64\schannel.dll
    2013-02-02 08:39:4718432----a-w-C:\windows\SysWow64\npmproxy.dll
    2013-02-02 08:39:3455296----a-w-C:\windows\SysWow64\nlaapi.dll
    2013-02-02 08:39:3415872----a-w-C:\windows\SysWow64\nlmproxy.dll
    2013-02-02 08:39:3412288----a-w-C:\windows\SysWow64\nlmsprep.dll
    2013-02-02 08:39:33115712----a-w-C:\windows\SysWow64\netprofm.dll
    2013-02-02 08:39:285090816----a-w-C:\windows\SysWow64\mstscax.dll
    2013-02-02 08:39:15157696----a-w-C:\windows\SysWow64\mbsmsapi.dll
    2013-02-02 08:38:54567808----a-w-C:\windows\SysWow64\duser.dll
    2013-02-02 08:24:19107520----a-w-C:\windows\System32\taskkill.exe
    2013-02-02 08:24:19102400----a-w-C:\windows\System32\tasklist.exe
    2013-02-02 08:23:44228352----a-w-C:\windows\System32\XpsRasterService.dll
    2013-02-02 08:23:43475136----a-w-C:\windows\System32\WWanAPI.dll
    2013-02-02 08:23:37611840----a-w-C:\windows\System32\wpd_ci.dll
    2013-02-02 08:23:37105472----a-w-C:\windows\System32\wpdbusenum.dll
    2013-02-02 08:23:30830464----a-w-C:\windows\System32\wbem\WmiPrvSD.dll
    2013-02-02 08:23:28543232----a-w-C:\windows\System32\wlroamextension.dll
    2013-02-02 08:23:2113643264----a-w-C:\windows\System32\Windows.UI.Xaml.dll
    2013-02-02 08:23:19293376----a-w-C:\windows\System32\Windows.Networking.Connectivity.dll
    2013-02-02 08:23:18731648----a-w-C:\windows\System32\win32spl.dll
    2013-02-02 08:23:1687552----a-w-C:\windows\System32\wersvc.dll
    2013-02-02 08:22:28448512----a-w-C:\windows\System32\SettingSync.dll
    2013-02-02 08:22:22416256----a-w-C:\windows\System32\schannel.dll
    2013-02-02 08:21:45467456----a-w-C:\windows\System32\netprofmsvc.dll
    2013-02-02 08:21:44385024----a-w-C:\windows\System32\ncsi.dll
    2013-02-02 08:21:385977600----a-w-C:\windows\System32\mstscax.dll
    2013-02-02 08:21:10225280----a-w-C:\windows\System32\mbsmsapi.dll
    2013-02-02 08:20:47260096----a-w-C:\windows\System32\hotspotauth.dll
    2013-02-02 08:20:31729600----a-w-C:\windows\System32\duser.dll
    2013-02-02 07:30:052706432----a-w-C:\windows\System32\mshtml.tlb
    2013-02-02 07:25:52297984----a-w-C:\windows\System32\drivers\ks.sys
    2013-02-02 07:25:2682944----a-w-C:\windows\System32\drivers\hidclass.sys
    2013-02-02 07:25:2337632----a-w-C:\windows\System32\drivers\BthAvrcpTg.sys
    2013-02-02 05:41:571437184----a-w-C:\windows\SysWow64\GdiPlus.dll
    2013-02-02 05:31:541690624----a-w-C:\windows\System32\GdiPlus.dll
    2013-01-29 01:57:0535232----a-w-C:\windows\System32\drivers\WdBoot.sys
    2013-01-28 23:08:22230904----a-w-C:\windows\System32\drivers\WdFilter.sys
    .
    ============= FINISH: 0:42:39.52 ===============
     
  8. Broni

    Broni Malware Annihilator Posts: 47,078   +258

    You posted that log already.
    I need Attach.txt log.
     
  9. keepmovingup2

    keepmovingup2 TS Rookie Topic Starter

    Apologies, here is the attach log
     

    Attached Files:

  10. Broni

    Broni Malware Annihilator Posts: 47,078   +258

    One more time:

     
  11. keepmovingup2

    keepmovingup2 TS Rookie Topic Starter

    Ah sorry it said at the top to attach the log via zip

    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 8
    Boot Device: \Device\HarddiskVolume2
    Install Date: 25/12/2012 13:06:39
    System Uptime: 21/04/2013 00:07:20 (0 hours ago)
    .
    Motherboard: SAMSUNG ELECTRONICS CO., LTD. | | NP355V5C-A07UK
    Processor: AMD A8-4500M APU with Radeon(tm) HD Graphics | P0 | 1400/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 673 GiB total, 531.346 GiB free.
    D: is CDROM ()
    F: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP21: 02/04/2013 11:53:26 - Scheduled Checkpoint
    RP22: 09/04/2013 18:44:18 - Installed SW Update
    RP23: 10/04/2013 21:18:11 - Installed Java 7 Update 17 (64-bit)
    RP24: 17/04/2013 19:19:57 - Windows Update
    RP25: 20/04/2013 21:48:52 - Removed AVG 2013
    .
    ==== Installed Programs ======================
    .
    Adobe Anchor Service CS3
    Adobe Asset Services CS3
    Adobe Bridge CS3
    Adobe Bridge Start Meeting
    Adobe Camera Raw 4.0
    Adobe CMaps
    Adobe Color - Photoshop Specific
    Adobe Color Common Settings
    Adobe Color EU Extra Settings
    Adobe Color JA Extra Settings
    Adobe Color NA Recommended Settings
    Adobe Default Language CS3
    Adobe Device Central CS3
    Adobe ExtendScript Toolkit 2
    Adobe Fonts All
    Adobe Help Viewer CS3
    Adobe Linguistics CS3
    Adobe PDF Library Files
    Adobe Photoshop CS3
    Adobe Reader X (10.1.6) MUI
    Adobe Setup
    Adobe Stock Photos CS3
    Adobe Type Support
    Adobe Update Manager CS3
    Adobe Version Cue CS3 Client
    Adobe WinSoft Linguistics Plugin
    Adobe XMP Panels CS3
    AMD Accelerated Video Transcoding
    AMD APP SDK Runtime
    AMD Catalyst Install Manager
    AMD Quick Stream
    AMD VISION Engine Control Center
    ANNO 1404
    Apple Application Support
    Apple Software Update
    Canon Utilities EOS Utility
    Catalyst Control Center - Branding
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    ccc-utility64
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    Chivalry: Medieval Warfare
    Cisco EAP-FAST Module
    Cisco LEAP Module
    Cisco PEAP Module
    Cool Edit Pro 2.0
    CyberLink Power2Go 8
    CyberLink PowerDVD 10
    D3DX10
    DivX Setup
    E-POP
    Easy File Share
    Fotogalerie
    Free Audio Editor
    Galerie de photos
    Giant Savings Extension
    GIMP 2.8.2
    Google Chrome
    Google Earth
    Google Update Helper
    Help Desk
    Hitman Absolution
    Inkscape 0.48.4
    IrfanView (remove only)
    Java 7 Update 17
    Java 7 Update 17 (64-bit)
    Java Auto Updater
    Malwarebytes Anti-Malware version 1.75.0.1300
    Microsoft Application Error Reporting
    Microsoft Office
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable (x64)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft_VC80_CRT_x86
    Microsoft_VC90_CRT_x86
    Movie Maker
    MSVCRT
    MSVCRT110
    MSVCRT110_amd64
    Norton Online Backup
    Norton Online Backup ARA
    OpenOffice.org 3.4.1
    Panda Antivirus Pro 2013
    Password Depot 6 - Panda Secure Vault Edition
    PDF Settings
    PDFCreator
    Photo Common
    Photo Gallery
    Plants vs. Zombies
    PowerISO
    Qualcomm Atheros Bluetooth Suite (64)
    Qualcomm Atheros Client Installation Program
    QuickTime
    Raccolta foto
    Realtek Ethernet Controller Driver
    Realtek High Definition Audio Driver
    Realtek USB 2.0 Card Reader
    Recovery
    S Agent
    Sculptris Alpha 6
    Search Protect by conduit
    Settings
    Silo 2.1.1
    SketchUp 8
    Steam
    Support Center
    Support Center FAQ
    SW Update
    Synaptics Pointing Device Driver
    System Requirements Lab CYRI
    Tales of Monkey Island
    TouchFreeze
    User Guide
    VC80CRTRedist - 8.0.50727.6195
    VideoPad Video Editor
    Visual Studio 2010 x64 Redistributables
    Vuze
    Vuze Remote Toolbar
    WavePad Sound Editor
    WinCDEmu
    Windows Driver Package - Samsung Electronics Co. Ltd. (RadioHIDMini) HIDClass (07/27/2012 20.57.1.735)
    Windows Live
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Photo Common
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    WinRAR 4.20 (32-bit)
    WinRAR Packages
    Xerox PhotoCafe
    .
    ==== Event Viewer Messages From Past Week ========
    .
    21/04/2013 00:06:57, Error: Service Control Manager [7023] - The Panda On-Access Anti-Malware Service service terminated with the following error: Incorrect function.
    20/04/2013 22:14:49, Error: Service Control Manager [7034] - The Diagnostic System Host service terminated unexpectedly. It has done this 2 time(s).
    20/04/2013 22:14:49, Error: Service Control Manager [7034] - The Device Association Service service terminated unexpectedly. It has done this 2 time(s).
    20/04/2013 22:14:49, Error: Service Control Manager [7031] - The WLAN AutoConfig service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    20/04/2013 22:14:49, Error: Service Control Manager [7031] - The Windows Audio Endpoint Builder service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    20/04/2013 22:14:49, Error: Service Control Manager [7031] - The Superfetch service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    20/04/2013 22:14:49, Error: Service Control Manager [7031] - The Program Compatibility Assistant Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    20/04/2013 22:14:49, Error: Service Control Manager [7031] - The Network Connections service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
    20/04/2013 22:14:49, Error: Service Control Manager [7031] - The Human Interface Device Access service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    20/04/2013 22:14:49, Error: Service Control Manager [7031] - The HomeGroup Listener service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    20/04/2013 22:14:49, Error: Service Control Manager [7031] - The Distributed Link Tracking Client service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    20/04/2013 21:54:32, Error: Service Control Manager [7034] - The Diagnostic System Host service terminated unexpectedly. It has done this 1 time(s).
    20/04/2013 21:54:32, Error: Service Control Manager [7034] - The Device Association Service service terminated unexpectedly. It has done this 1 time(s).
    20/04/2013 21:54:32, Error: Service Control Manager [7031] - The WLAN AutoConfig service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    20/04/2013 21:54:32, Error: Service Control Manager [7031] - The Windows Audio Endpoint Builder service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    20/04/2013 21:54:32, Error: Service Control Manager [7031] - The Superfetch service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    20/04/2013 21:54:32, Error: Service Control Manager [7031] - The Program Compatibility Assistant Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    20/04/2013 21:54:32, Error: Service Control Manager [7031] - The Network Connections service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
    20/04/2013 21:54:32, Error: Service Control Manager [7031] - The HomeGroup Listener service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    20/04/2013 21:54:32, Error: Service Control Manager [7031] - The Distributed Link Tracking Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    20/04/2013 21:07:16, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {7022A3B3-D004-4F52-AF11-E9E987FEE25F} and APPID {ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D} to the user jack\jonesy SID (S-1-5-21-1225493163-4127186220-2738876131-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
    20/04/2013 21:04:20, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
    16/04/2013 21:24:40, Error: Service Control Manager [7030] - The Panda Software Controller service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    .
    ==== End Of File ===========================
     
     
  12. Broni

    Broni Malware Annihilator Posts: 47,078   +258

    [​IMG] Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Download Malwarebytes Anti-Rootkit (MBAR) from HERE
    • Unzip downloaded file.
    • Open the folder where the contents were unzipped and run mbar.exe
    • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
    • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
    • Wait while the system shuts down and the cleanup process is performed.
    • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
     
  13. keepmovingup2

    keepmovingup2 TS Rookie Topic Starter

    Malware anti root didn't detect anything.


    RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows 8 (6.2.9200 ) 64 bits version
    Started in : Normal mode
    User : jonesy [Admin rights]
    Mode : Remove -- Date : 04/21/2013 01:26:32
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 1 ¤¤¤
    [RESIDUE] mbar.exe -- C:\Users\jonesy\AppData\Local\Temp\Rar$EXa0.544\mbar\mbar.exe [7] -> ERROR [0x5]

    ¤¤¤ Registry Entries : 5 ¤¤¤
    [RUN][SUSP PATH] HKLM\[...]\Wow6432Node\RunOnce : Z1 (cmd /c "C:\Users\jonesy\AppData\Local\Temp\Rar$EXa0.544\mbar\mbar.exe" /cleanup /s) [7] -> DELETED
    [TASK][ROGUE ST] 0 : c:\program files\internet explorer\iexplore.exe -> DELETED
    [TASK][ROGUE ST] 4845 : wscript.exe C:\Users\jonesy\AppData\Local\Temp\launchie.vbs //B -> DELETED
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\windows\system32\drivers\etc\hosts



    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: Hitachi HTS547575A9E384 SATA Disk Device +++++
    --- User ---
    [MBR] 5bf46dee27444ed1f956755d7f628fbc
    [BSP] ee2d6439a9bd4f529c0770cfda452cb0 : Empty MBR Code
    Partition table:
    0 - [XXXXXX] UNKNOWN (0xee) [VISIBLE] Offset (sectors): 1 | Size: 715404 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    +++++ PhysicalDrive1: SDHC Card +++++
    --- User ---
    [MBR] 2dd27a2bd9b0b305e974b4defc45b985
    [BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
    Partition table:
    0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 8192 | Size: 15189 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!

    Finished : << RKreport[2]_D_04212013_02d0126.txt >>
    RKreport[1]_S_04212013_02d0123.txt ; RKreport[2]_D_04212013_02d0126.txt
     
  14. keepmovingup2

    keepmovingup2 TS Rookie Topic Starter

    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.05.0.1001

    (c) Malwarebytes Corporation 2011-2012

    OS version: 6.2.9200 Windows 8 x64

    Account is Administrative

    Internet Explorer version: 10.0.9200.16519

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED
    CPU speed: 1.897000 GHz
    Memory total: 5866868736, free: 4270817280

    ------------ Kernel report ------------
    04/21/2013 02:05:50
    ------------ Loaded modules -----------
    \SystemRoot\system32\ntoskrnl.exe
    \SystemRoot\system32\hal.dll
    \SystemRoot\system32\kd.dll
    \SystemRoot\system32\mcupdate_AuthenticAMD.dll
    \SystemRoot\System32\drivers\CLFS.SYS
    \SystemRoot\System32\drivers\tm.sys
    \SystemRoot\system32\PSHED.dll
    \SystemRoot\system32\BOOTVID.dll
    \SystemRoot\system32\CI.dll
    \SystemRoot\System32\drivers\msrpc.sys
    \SystemRoot\system32\drivers\Wdf01000.sys
    \SystemRoot\system32\drivers\WDFLDR.SYS
    \SystemRoot\System32\Drivers\acpiex.sys
    \SystemRoot\System32\Drivers\WppRecorder.sys
    \SystemRoot\System32\drivers\ACPI.sys
    \SystemRoot\System32\drivers\WMILIB.SYS
    \SystemRoot\System32\Drivers\cng.sys
    \SystemRoot\System32\drivers\msisadrv.sys
    \SystemRoot\System32\drivers\pci.sys
    \SystemRoot\System32\drivers\vdrvroot.sys
    \SystemRoot\system32\drivers\pdc.sys
    \SystemRoot\System32\drivers\partmgr.sys
    \SystemRoot\System32\drivers\spaceport.sys
    \SystemRoot\System32\drivers\volmgr.sys
    \SystemRoot\System32\drivers\volmgrx.sys
    \SystemRoot\system32\Drivers\pavboot64.sys
    \SystemRoot\System32\drivers\mountmgr.sys
    \SystemRoot\System32\drivers\amd_sata.sys
    \SystemRoot\System32\drivers\storport.sys
    \SystemRoot\System32\drivers\amd_xata.sys
    \SystemRoot\system32\drivers\fltmgr.sys
    \SystemRoot\System32\drivers\fileinfo.sys
    \SystemRoot\System32\Drivers\Ntfs.sys
    \SystemRoot\System32\Drivers\ksecdd.sys
    \SystemRoot\System32\drivers\pcw.sys
    \SystemRoot\System32\Drivers\Fs_Rec.sys
    \SystemRoot\system32\drivers\ndis.sys
    \SystemRoot\system32\drivers\NETIO.SYS
    \SystemRoot\System32\Drivers\ksecpkg.sys
    \SystemRoot\System32\drivers\tcpip.sys
    \SystemRoot\System32\drivers\fwpkclnt.sys
    \SystemRoot\system32\DRIVERS\wfplwfs.sys
    \SystemRoot\System32\DRIVERS\fvevol.sys
    \SystemRoot\System32\drivers\amdkmpfd.sys
    \SystemRoot\System32\drivers\volsnap.sys
    \SystemRoot\System32\drivers\rdyboost.sys
    \SystemRoot\System32\Drivers\mup.sys
    \SystemRoot\System32\drivers\disk.sys
    \SystemRoot\System32\drivers\CLASSPNP.SYS
    \SystemRoot\System32\Drivers\crashdmp.sys
    \SystemRoot\System32\drivers\cdrom.sys
    \SystemRoot\system32\drivers\NARAx64\0401000.00B\ccSetx64.sys
    \SystemRoot\System32\DRIVERS\ShldFlt.sys
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\System32\drivers\BasicRender.sys
    \SystemRoot\System32\drivers\dxgkrnl.sys
    \SystemRoot\System32\drivers\watchdog.sys
    \SystemRoot\System32\drivers\dxgmms1.sys
    \SystemRoot\System32\drivers\BasicDisplay.sys
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\system32\DRIVERS\tdx.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\System32\DRIVERS\netbt.sys
    \SystemRoot\system32\drivers\afd.sys
    \SystemRoot\system32\DRIVERS\pacer.sys
    \SystemRoot\system32\DRIVERS\vwififlt.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\System32\Drivers\SCDEmu.SYS
    \SystemRoot\system32\drivers\nsiproxy.sys
    \SystemRoot\System32\drivers\npsvctrig.sys
    \SystemRoot\System32\drivers\mssmbios.sys
    \SystemRoot\System32\drivers\discache.sys
    \SystemRoot\System32\Drivers\dfsc.sys
    \SystemRoot\system32\DRIVERS\CLVirtualDrive.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\rassstp.sys
    \SystemRoot\system32\DRIVERS\AgileVpn.sys
    \SystemRoot\system32\DRIVERS\tunnel.sys
    \SystemRoot\System32\drivers\CompositeBus.sys
    \SystemRoot\system32\DRIVERS\kdnic.sys
    \SystemRoot\System32\drivers\umbus.sys
    \SystemRoot\system32\DRIVERS\atikmpag.sys
    \SystemRoot\system32\DRIVERS\atikmdag.sys
    \SystemRoot\System32\drivers\HDAudBus.sys
    \SystemRoot\system32\DRIVERS\Rt630x64.sys
    \SystemRoot\system32\DRIVERS\athw8x.sys
    \SystemRoot\System32\drivers\vwifibus.sys
    \SystemRoot\System32\drivers\USBXHCI.SYS
    \SystemRoot\System32\drivers\ucx01000.sys
    \SystemRoot\System32\drivers\usbohci.sys
    \SystemRoot\System32\drivers\USBPORT.SYS
    \SystemRoot\system32\DRIVERS\usbfilter.sys
    \SystemRoot\System32\drivers\usbehci.sys
    \SystemRoot\System32\drivers\CmBatt.sys
    \SystemRoot\System32\drivers\BATTC.SYS
    \SystemRoot\System32\drivers\i8042prt.sys
    \SystemRoot\system32\DRIVERS\SynTP.sys
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\System32\drivers\mouclass.sys
    \SystemRoot\System32\drivers\kbdclass.sys
    \SystemRoot\System32\drivers\wmiacpi.sys
    \SystemRoot\System32\drivers\amdppm.sys
    \SystemRoot\System32\drivers\RadioHIDMini.sys
    \SystemRoot\System32\drivers\mshidkmdf.sys
    \SystemRoot\System32\drivers\HIDCLASS.SYS
    \SystemRoot\System32\drivers\HIDPARSE.SYS
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\System32\drivers\swenum.sys
    \SystemRoot\System32\drivers\ks.sys
    \SystemRoot\System32\drivers\btath_bus.sys
    \SystemRoot\System32\drivers\BazisVirtualCDBus.sys
    \SystemRoot\System32\drivers\rdpbus.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\System32\Drivers\fastfat.SYS
    \SystemRoot\System32\drivers\usbhub.sys
    \SystemRoot\System32\drivers\UsbHub3.sys
    \SystemRoot\system32\drivers\RTKVHD64.sys
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\system32\drivers\ksthunk.sys
    \SystemRoot\system32\drivers\AtihdW86.sys
    \SystemRoot\System32\Drivers\RtsUVStor.sys
    \SystemRoot\system32\DRIVERS\btfilter.sys
    \SystemRoot\System32\Drivers\BTHUSB.sys
    \SystemRoot\System32\Drivers\bthport.sys
    \SystemRoot\System32\drivers\usbccgp.sys
    \SystemRoot\System32\Drivers\usbvideo.sys
    \SystemRoot\system32\DRIVERS\BthLEEnum.sys
    \SystemRoot\system32\DRIVERS\rfcomm.sys
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\BthEnum.sys
    \SystemRoot\system32\DRIVERS\bthpan.sys
    \SystemRoot\System32\drivers\btath_rcp.sys
    \SystemRoot\system32\drivers\btath_avdt.sys
    \SystemRoot\system32\drivers\btath_a2dp.sys
    \SystemRoot\System32\drivers\btath_hcrp.sys
    \SystemRoot\system32\DRIVERS\btath_flt.sys
    \SystemRoot\system32\DRIVERS\btath_lwflt.sys
    \SystemRoot\System32\Drivers\dump_diskdump.sys
    \SystemRoot\System32\Drivers\dump_amd_sata.sys
    \SystemRoot\System32\Drivers\dump_dumpfve.sys
    \SystemRoot\system32\DRIVERS\monitor.sys
    \SystemRoot\System32\TSDDD.dll
    \SystemRoot\System32\ATMFD.DLL
    \SystemRoot\System32\cdd.dll
    \SystemRoot\system32\drivers\luafv.sys
    \SystemRoot\system32\DRIVERS\amm6460.sys
    \??\C:\windows\system32\PavTPK.sys
    \SystemRoot\system32\DRIVERS\appexDrv.sys
    \SystemRoot\system32\DRIVERS\lltdio.sys
    \SystemRoot\system32\DRIVERS\nwifi.sys
    \SystemRoot\system32\DRIVERS\ndisuio.sys
    \SystemRoot\system32\DRIVERS\rspndr.sys
    \SystemRoot\System32\drivers\condrv.sys
    \SystemRoot\system32\drivers\HTTP.sys
    \SystemRoot\system32\DRIVERS\bowser.sys
    \SystemRoot\System32\drivers\mpsdrv.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    \SystemRoot\system32\DRIVERS\atksgt.sys
    \SystemRoot\system32\DRIVERS\vwifimp.sys
    \SystemRoot\system32\DRIVERS\lirsgt.sys
    \SystemRoot\system32\drivers\Ndu.sys
    \SystemRoot\system32\drivers\peauth.sys
    \SystemRoot\System32\Drivers\secdrv.SYS
    \SystemRoot\System32\DRIVERS\srvnet.sys
    \SystemRoot\System32\drivers\tcpipreg.sys
    \SystemRoot\System32\DRIVERS\srv2.sys
    \SystemRoot\System32\DRIVERS\srv.sys
    \SystemRoot\system32\DRIVERS\Prot6Flt.sys
    \??\C:\windows\system32\drivers\mbam.sys
    \??\C:\windows\system32\drivers\mbamchameleon.sys
    \??\C:\windows\system32\drivers\mbamswissarmy.sys
    ----------- End -----------
    <<<1>>>
    Upper Device Name: \Device\Harddisk1\DR1
    Upper Device Object: 0xfffffa80081d6060
    Upper Device Driver Name: \Driver\disk\
    Lower Device Name: \Device\00000049\
    Lower Device Object: 0xfffffa80080ff060
    Lower Device Driver Name: \Driver\RSUSBVSTOR\
    Driver name found: RSUSBVSTOR
    Load Function returned 0xc0000001
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xfffffa8006bd2300
    Upper Device Driver Name: \Driver\disk\
    Lower Device Name: \Device\0000002c\
    Lower Device Object: 0xfffffa8006bc47f0
    Lower Device Driver Name: \Driver\amd_sata\
    Device already Exists: 0xfffffa8009888a50
    =======================================
     
  15. Broni

    Broni Malware Annihilator Posts: 47,078   +258

    Please download Farbar Recovery Scan Tool and save it to your desktop.

    Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Double-click to run it. When the tool opens click Yes to disclaimer.[/*]
    • Press Scan button.[/*]
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.[/*]
    • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.[/*]
     
  16. keepmovingup2

    keepmovingup2 TS Rookie Topic Starter

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-04-2013 01
    Ran by jonesy (administrator) on 21-04-2013 10:30:16
    Running from C:\Users\jonesy\Downloads
    Windows 8 (X64) OS Language: English(UK)
    Internet Explorer Version 9
    Boot Mode: Normal
    ==================== Processes (Whitelisted) =================

    (Panda Security, S.L.) [932] C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\PskSvc.exe
    (Panda Security, S.L.) [1036] C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\TPSrvWow.exe
    (AMD) [1060] C:\windows\system32\atiesrxx.exe
    (AMD) [1336] C:\windows\system32\atieclxx.exe
    (Panda Security) [1992] C:\PROGRAM FILES (X86)\PANDA SECURITY\PANDA ANTIVIRUS PRO 2013\WebProxy.exe
    (Qualcomm Atheros Commnucations) [1508] C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
    (Apple Computer, Inc.) [1328] C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    (Conduit) [1836] C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe
    (Microsoft Corporation) [1916] C:\windows\system32\dashost.exe
    (Samsung Electronics CO., LTD.) [1740] C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
    (Panda Security, S.L.) [2988] C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\PsCtrls.exe
    () [2180] C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
    (Panda Security, S.L.) [2252] C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\PavFnSvr.exe
    (Panda Security, S.L.) [2444] C:\Program Files (x86)\Common Files\Panda Security\PavShld\pavprsrv.exe
    (Panda Security, S.L.) [2260] C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\pavsrvx86.exe
    (Synaptics Incorporated) [2120] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Panda Security S.L.) [2652] C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\PsImSvc.exe
    (Panda Security, S.L.) [2228] C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\AVENGINE.EXE
    (Samsung Electronics CO., LTD.) [2828] C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe
    (Atheros) [2732] C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
    (Google Inc.) [3212] C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler.exe
    (Samsung Electronics CO., LTD.) [3344] C:\Program Files (x86)\Samsung\Settings\sSettings.exe
    (Google Inc.) [3952] C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler64.exe
    (Malwarebytes Corporation) [4360] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    (Malwarebytes Corporation) [5088] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    (Malwarebytes Corporation) [4856] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    (Qualcomm Atheros Commnucations) [4632] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
    (Symantec Corporation) [4248] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
    () [4256] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    () [648] C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
    (Panda Security, S.L.) [4212] C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\ApVxdWin.exe
    (Synaptics Incorporated) [5048] C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
    (Samsung Electronics CO., LTD.) [5268] C:\Program Files\Samsung\S Agent\CommonAgent.exe
    (Symantec Corporation) [5368] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
    (Alexander Roshal) [1776] C:\Program Files (x86)\WinRAR\WinRAR.exe
    (Microsoft Corporation) [1260] C:\windows\System32\Taskmgr.exe
    (Microsoft Corporation) [2200] C:\windows\system32\WLANExt.exe
    (Google Inc.) [4300] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) [4044] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) [3928] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) [6360] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) [4340] \\?\C:\windows\system32\wbem\WMIADAP.EXE
    (Farbar) [3224] C:\Users\jonesy\Downloads\FRST64 (1).exe

    ==================== Registry (Whitelisted) ==================

    HKLM\...\Run: [BtTray] "C:\Program Files (x86)\Bluetooth Suite\BtTray.exe" [765056 2012-09-29] (Qualcomm Atheros)
    HKLM\...\Run: [BtvStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe" [127616 2012-09-29] (Qualcomm Atheros Commnucations)
    Winlogon\Notify\avldr: avldr64.dll (On-Access Anti-Malware Scanner Sync)
    HKCU\...\Run: [AdobeBridge] [x]
    HKCU\...\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent [1632680 2013-03-15] (Valve Corporation)
    MountPoints2: E - "E:\autorun.exe"
    MountPoints2: {7620a866-8357-11e2-bea2-50b7c361a844} - "V:\Autorun.exe"
    MountPoints2: {7dc8bbd6-882e-11e2-bea5-50b7c361a844} - "V:\autorun.exe"
    HKLM-x32\...\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2995904 2012-07-11] (Symantec Corporation)
    HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [38112 2012-12-18] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-03] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [CLVirtualDrive] "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R [491120 2012-07-12] (CyberLink Corp.)
    HKLM-x32\...\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2012-11-13] ()
    HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1263512 2012-11-30] ()
    HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-10-11] (Apple Inc.)
    HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-10-25] (Apple Inc.)
    HKLM-x32\...\Run: [APVXDWIN] "C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\APVXDWIN.EXE" /s [1038192 2012-12-12] (Panda Security, S.L.)
    HKLM-x32\...\Run: [SCANINICIO] "C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\Inicio.exe" [70432 2012-11-08] (Panda Security, S.L.)
    Startup: C:\Users\jonesy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
    ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

    ==================== Internet (Whitelisted) ====================

    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mysearch.avg.com/?cid={56E2F...&ds=AVG&pr=fr&d=&v=&pid=safeguard&sg=2&sap=hp
    HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung13.msn.com
    URLSearchHook: (No Name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - No File
    HKLM-x32 SearchScopes: DefaultScope {F53AFB22-BAA6-458C-97A4-2C6F37D35516} URL =
    HKCU SearchScopes: DefaultScope {F53AFB22-BAA6-458C-97A4-2C6F37D35516} URL = http://search.conduit.com/ResultsEx...4&ctid=CT3227981&CUI=UN30680797142174727&UM=2
    SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.delta-search.com/?q={sea...SP_ss&mntrId=46bd14d800000000000052b7c361a843
    SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://mysearch.avg.com/search?cid=...v=&pid=safeguard&sg=2&sap=dsp&q={searchTerms}
    SearchScopes: HKCU - {CFAA2CD5-5AA6-405A-A7FD-92AB2F3C3A18} URL =
    SearchScopes: HKCU - {F53AFB22-BAA6-458C-97A4-2C6F37D35516} URL = http://search.conduit.com/ResultsEx...4&ctid=CT3227981&CUI=UN30680797142174727&UM=2
    BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
    BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    BHO-x32: Giant Savings Extension - {11111111-1111-1111-1111-110211181110} - C:\Program Files (x86)\Giant Savings Extension\Giant Savings Extension.dll (215 Apps)
    BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
    BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
    BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO-x32: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    Toolbar: HKLM-x32 - Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
    Toolbar: HKCU - No Name - {BA14329E-9550-4989-B3F2-9732E92D17CC} - No File
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - No File
    Handler-x32: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
    Winsock: Catalog5 07 %SystemRoot%\system32\wshbth.dll [50688] (Microsoft Corporation)
    Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [94208] (Apple Computer, Inc.)
    Winsock: Catalog5-x64 07 %SystemRoot%\system32\wshbth.dll [64000] (Microsoft Corporation)
    Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100

    FireFox:
    ========
    FF ProfilePath: C:\Users\jonesy\AppData\Roaming\Mozilla\Firefox\Profiles\0
    FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF Plugin-x32: google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Extension: torntv - C:\Users\jonesy\AppData\Roaming\Mozilla\Firefox\Profiles\0\Extensions\torntv@torntv.com.xpi

    Chrome:
    =======
    CHR HomePage: hxxp://search.conduit.com/?ctid=CT3227981&SearchSource=48&CUI=UN15774060031723729&UM=2
    CHR RestoreOnStartup: hxxp://search.conduit.com/?ctid=CT3227981&SearchSource=48&CUI=UN15774060031723729&UM=2
    CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
    CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
    CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll ()
    CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
    CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll ()
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll ()
    CHR Plugin: (BrowserProtect) - C:\Users\jonesy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0_0\spext.dll No File
    CHR Plugin: (Babylon ToolBar) - C:\Users\jonesy\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.9_0\BabylonChromeToolBar.dll No File
    CHR Plugin: (Norton Identity Safe) - C:\Users\jonesy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.2.0.18_0\npcoplgn.dll No File
    CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
    CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
    CHR Plugin: (Java(TM) Platform SE 7 U10) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    CHR Plugin: (Java Deployment Toolkit 7.0.100.18) - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    CHR Extension: (Google Drive) - C:\Users\jonesy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
    CHR Extension: (YouTube) - C:\Users\jonesy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
    CHR Extension: (Google Search) - C:\Users\jonesy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
    CHR Extension: (Gmail) - C:\Users\jonesy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

    ==================== Services (Whitelisted) =================

    R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [220288 2012-09-29] (Qualcomm Atheros Commnucations)
    R2 CltMngSvc; C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe [93984 2013-03-06] (Conduit)
    R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1593976 2012-09-05] (Samsung Electronics CO., LTD.)
    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
    R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
    R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3939008 2012-07-11] (Symantec Corporation)
    R2 Panda Software Controller; C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\PsCtrls.exe [177440 2012-11-19] (Panda Security, S.L.)
    R2 PAVFNSVR; C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\PavFnSvr.exe [202016 2012-09-21] (Panda Security, S.L.)
    R2 PavPrSrv; C:\Program Files (x86)\Common Files\Panda Security\PavShld\pavprsrv.exe [62768 2008-02-04] (Panda Security, S.L.)
    R2 PAVSRV; C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\pavsrvx86.exe [313664 2011-04-13] (Panda Security, S.L.)
    R2 PSIMSVC; C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\PsImSvc.exe [108288 2008-06-19] (Panda Security S.L.)
    R2 PskSvcRetail; C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\PskSvc.exe [28992 2010-08-16] (Panda Security, S.L.)
    R2 SWUpdateService; C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe [2912304 2013-03-14] (Samsung Electronics CO., LTD.)
    R2 TPSrv; C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\TPSrvWow.exe [173344 2012-11-16] (Panda Security, S.L.)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-29] (Microsoft Corporation)
    R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-09-29] (Atheros)

    ==================== Drivers (Whitelisted) ====================

    R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [35496 2012-07-09] (Advanced Micro Devices, Inc.)
    R2 AmFSM; C:\Windows\System32\DRIVERS\amm6460.sys [71432 2012-03-26] (Panda Security, S.L.)
    R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [199008 2012-06-22] (AppEx Networks Corporation)
    R3 AthBTPort; C:\Windows\system32\DRIVERS\btath_flt.sys [88728 2012-09-29] (Qualcomm Atheros)
    R3 athr; C:\Windows\system32\DRIVERS\athw8x.sys [3618304 2012-07-24] (Qualcomm Atheros Communications, Inc.)
    R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [91648 2012-08-21] (Advanced Micro Devices)
    R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2013-03-03] ()
    R3 BTATH_A2DP; C:\Windows\system32\drivers\btath_a2dp.sys [344216 2012-09-29] (Qualcomm Atheros)
    R3 btath_avdt; C:\Windows\system32\drivers\btath_avdt.sys [114840 2012-09-29] (Qualcomm Atheros)
    R3 BTATH_BUS; C:\Windows\System32\drivers\btath_bus.sys [33944 2012-09-29] (Qualcomm Atheros)
    R3 BTATH_HCRP; C:\Windows\System32\drivers\btath_hcrp.sys [178840 2012-09-29] (Qualcomm Atheros)
    R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-09-29] (Qualcomm Atheros)
    R3 BTATH_RCP; C:\Windows\System32\drivers\btath_rcp.sys [135832 2012-09-29] (Qualcomm Atheros)
    R3 BtFilter; C:\Windows\system32\DRIVERS\btfilter.sys [575128 2012-09-29] (Qualcomm Atheros)
    R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
    R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
    R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2013-03-03] ()
    R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
    R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows (R) Win 7 DDK provider)
    S3 WUDFSensorLP; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-26] (Microsoft Corporation)
    S3 WUDFWpdMtp; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-26] (Microsoft Corporation)
    R1 ccSet_NARA; \SystemRoot\system32\drivers\NARAx64\0401000.00B\ccSetx64.sys [x]
    R0 pavboot; system32\Drivers\pavboot64.sys [x]
    R3 PavTPK.sys; \??\C:\windows\system32\PavTPK.sys [x]
    R3 Prot6Flt; system32\DRIVERS\Prot6Flt.sys [x]
    R1 ShldFlt; System32\DRIVERS\ShldFlt.sys [x]

    ==================== NetSvcs (Whitelisted) ===================


    ==================== One Month Created Files and Folders ========

    2013-04-21 10:30 - 2013-04-21 10:30 - 00000000 ____D C:\FRST
    2013-04-21 10:29 - 2013-04-21 10:29 - 01707098 ____A (Farbar) C:\Users\jonesy\Downloads\FRST64 (1).exe
    2013-04-21 10:28 - 2013-04-21 10:28 - 01707098 ____A (Farbar) C:\Users\jonesy\Downloads\FRST64.exe
    2013-04-21 02:39 - 2013-04-21 02:39 - 13164134 ____A C:\Users\jonesy\Downloads\mbar-1.05.0.1001.zip
    2013-04-21 02:38 - 2013-04-21 02:38 - 00001728 ____A C:\Users\jonesy\Desktop\RKreport[3]_D_04212013_02d0238.txt
    2013-04-21 01:26 - 2013-04-21 01:26 - 00002067 ____A C:\Users\jonesy\Desktop\RKreport[2]_D_04212013_02d0126.txt
    2013-04-21 01:23 - 2013-04-21 01:23 - 00001752 ____A C:\Users\jonesy\Desktop\RKreport[1]_S_04212013_02d0123.txt
    2013-04-21 01:19 - 2013-04-21 02:34 - 00000000 ____D C:\Users\jonesy\Desktop\RK_Quarantine
    2013-04-21 01:18 - 2013-04-21 01:18 - 00816128 ____A C:\Users\jonesy\Downloads\RogueKiller.exe
    2013-04-21 01:12 - 2013-04-21 01:12 - 00003302 ____A C:\Users\jonesy\Desktop\attach.zip
    2013-04-21 00:07 - 2013-04-21 00:07 - 00000000 ____D C:\Panda Software
    2013-04-21 00:04 - 2013-04-21 00:04 - 00866592 ____A C:\Users\jonesy\Downloads\Norton_Removal_Tool.exe
    2013-04-21 00:02 - 2013-04-21 00:02 - 03222280 ____A (AVG Technologies CZ, s.r.o.) C:\Users\jonesy\Downloads\avg_remover_stf_x64_2013_2706.exe
    2013-04-21 00:02 - 2013-04-21 00:02 - 00177561 ____A C:\Users\jonesy\Downloads\avgremover.log
    2013-04-20 23:52 - 2013-04-21 01:12 - 00010478 ____A C:\Users\jonesy\Desktop\attach.txt
    2013-04-20 23:52 - 2013-04-21 00:42 - 00020827 ____A C:\Users\jonesy\Desktop\dds.txt
    2013-04-20 23:48 - 2013-04-20 23:48 - 00688992 ____R (Swearware) C:\Users\jonesy\Downloads\dds.com
    2013-04-20 22:50 - 2013-04-20 22:50 - 00001141 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2013-04-20 22:50 - 2013-04-04 14:50 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2013-04-20 22:46 - 2013-04-20 22:50 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2013-04-20 21:19 - 2013-04-20 21:19 - 00370291 ____A C:\Users\jonesy\Downloads\OptiFine_1.4.6_HD_U_D5.zip
    2013-04-20 20:46 - 2013-04-02 23:08 - 00692576 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2013-04-20 20:46 - 2013-04-02 23:08 - 00078176 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2013-04-17 22:06 - 2013-03-02 09:23 - 00375808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ReAgent.dll
    2013-04-17 22:06 - 2013-03-02 03:44 - 01011200 ____A (Microsoft Corporation) C:\Windows\System32\reseteng.dll
    2013-04-16 22:31 - 2013-04-16 22:31 - 00013155 ____A C:\Users\jonesy\Downloads\JurassicCock - Jewel Bancroft-[rarbg.com].torrent
    2013-04-16 21:28 - 2013-04-19 09:42 - 00008627 ____A C:\Windows\SysWOW64\PAV_FOG.OPC
    2013-04-16 21:26 - 2013-04-16 21:26 - 00000000 ____D C:\Windows\FltMgr
    2013-04-16 21:26 - 2013-04-16 21:26 - 00000000 ____D C:\Users\jonesy\AppData\Local\Panda Security
    2013-04-16 21:24 - 2013-04-16 21:24 - 00002247 ____A C:\Users\Public\Desktop\Panda Antivirus Pro 2013.lnk
    2013-04-16 21:24 - 2013-04-16 21:24 - 00000262 ____A C:\Windows\System32\PavCPL64.dat
    2013-04-16 21:24 - 2010-06-22 17:20 - 00030792 ____A (Panda Security, S.L.) C:\Windows\System32\Drivers\pavboot64.sys
    2013-04-16 21:23 - 2012-11-20 11:20 - 00545056 ____A (Panda Security, S.L.) C:\Windows\SysWOW64\PavSHookWow.dll
    2013-04-16 21:23 - 2012-11-16 11:08 - 00837920 ____A (Panda Security, S.L.) C:\Windows\System32\PavSHook64.dll
    2013-04-16 21:23 - 2012-05-22 14:54 - 00087328 ____A (Panda Security, S.L.) C:\Windows\SysWOW64\PavLspHookWow.dll
    2013-04-16 21:23 - 2012-05-22 14:52 - 00117024 ____A (Panda Security, S.L.) C:\Windows\System32\PavLspHook64.dll
    2013-04-16 21:23 - 2012-04-20 12:42 - 00024064 ____A (Panda Security, S.L.) C:\Windows\System32\sysHelper64.dll
    2013-04-16 21:23 - 2010-06-21 16:02 - 00323392 ____A (Panda Security, S.L.) C:\Windows\System32\TpUtil64.dll
    2013-04-16 21:23 - 2010-06-21 16:02 - 00202048 ____A (Panda Security, S.L.) C:\Windows\SysWOW64\TpUtilWow.dll
    2013-04-16 21:23 - 2010-06-21 16:01 - 00090944 ____A (Panda Security, S.L.) C:\Windows\System32\PavIpc64.dll
    2013-04-16 21:23 - 2010-06-21 16:01 - 00066880 ____A (Panda Security, S.L.) C:\Windows\SysWOW64\PavIpcWow.dll
    2013-04-16 21:23 - 2009-08-10 12:46 - 00025344 ____A (Panda Security, S.L.) C:\Windows\SysWOW64\sysHelper32.dll
    2013-04-16 21:23 - 2007-03-15 18:38 - 00046640 ____A (Panda Software) C:\Windows\System32\pavcpl64.cpl
    2013-04-16 21:23 - 2003-10-22 17:23 - 00446464 ____A (eHelp Corporation.) C:\Windows\SysWOW64\HHActiveX.dll
    2013-04-16 21:22 - 2013-04-16 21:22 - 00000000 ____D C:\Windows\SysWOW64\PAV
    2013-04-16 21:22 - 2013-04-16 21:22 - 00000000 ____D C:\Users\jonesy\AppData\Roaming\Panda Security
    2013-04-16 21:22 - 2012-03-26 17:57 - 00071432 ____A (Panda Security, S.L.) C:\Windows\System32\Drivers\amm6460.sys
    2013-04-16 21:22 - 2010-03-24 11:56 - 00064768 ____A (On-Access Anti-Malware Scanner Sync) C:\Windows\System32\avldr64.dll
    2013-04-16 21:22 - 2009-10-27 11:07 - 00048136 ____A (Panda Security, S.L.) C:\Windows\System32\Drivers\ShldFlt.sys
    2013-04-16 21:18 - 2013-04-16 21:18 - 00000218 ____A C:\Users\jonesy\AppData\Local\recently-used.xbel
    2013-04-16 21:16 - 2013-04-16 21:24 - 00000000 ____D C:\Program Files (x86)\Panda Security
    2013-04-16 21:12 - 2013-04-16 21:12 - 00928496 ____A C:\Users\jonesy\Downloads\PandaAP13.exe
    2013-04-14 20:46 - 2013-04-16 21:18 - 00010240 ____A C:\Users\jonesy\Desktop\Shop Work schedule and volunteers.xls
    2013-04-14 20:46 - 2013-04-14 20:46 - 00013549 ____A C:\Users\jonesy\Desktop\Shop Work schedule and volunteers.ods
    2013-04-13 08:18 - 2013-04-13 08:18 - 00013180 ____A C:\Users\jonesy\Downloads\jack timesheet (1).xlsx
    2013-04-13 08:16 - 2013-04-13 08:16 - 00013180 ____A C:\Users\jonesy\Downloads\jack timesheet.xlsx
    2013-04-10 21:20 - 2013-04-10 21:19 - 00310688 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
    2013-04-10 21:19 - 2013-04-10 21:19 - 00188832 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
    2013-04-10 21:19 - 2013-04-10 21:19 - 00188320 ____A (Oracle Corporation) C:\Windows\System32\java.exe
    2013-04-10 21:19 - 2013-04-10 21:19 - 00108448 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge-64.dll
    2013-04-10 21:19 - 2013-04-10 21:19 - 00000000 ____D C:\Program Files\Java
    2013-04-10 21:17 - 2013-04-10 21:17 - 33003424 ____A (Oracle Corporation) C:\Users\jonesy\Downloads\jre-7u17-windows-x64.exe
    2013-04-10 21:16 - 2013-04-10 21:16 - 00896928 ____A (Oracle Corporation) C:\Users\jonesy\Downloads\chromeinstall-7u17 (2).exe
    2013-04-10 18:03 - 2013-04-10 18:04 - 58674136 ____A (AVG) C:\Users\jonesy\Downloads\avg_tuh_stf_all_2013_2_24c28.exe
    2013-04-10 17:52 - 2013-04-10 17:52 - 00002029 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk
    2013-04-10 16:58 - 2013-04-10 16:58 - 00896928 ____A (Oracle Corporation) C:\Users\jonesy\Downloads\chromeinstall-7u17 (1).exe
    2013-04-10 16:48 - 2013-04-10 16:48 - 00000000 ____D C:\Users\jonesy\Documents\Adobe
    2013-04-10 16:33 - 2013-04-20 21:51 - 00000000 ___HD C:\$AVG
    2013-04-10 16:33 - 2013-04-10 16:33 - 00000000 ____D C:\Users\jonesy\AppData\Roaming\TuneUp Software
    2013-04-10 16:27 - 2013-04-10 16:27 - 00000000 ____D C:\Windows\System32\nn-NO
    2013-04-10 16:27 - 2013-04-10 16:27 - 00000000 ____D C:\Program Files (x86)\Cisco
    2013-04-10 16:27 - 2012-07-31 22:24 - 00443008 ____N (Atheros) C:\Windows\System32\athihvs.dll
    2013-04-10 16:27 - 2012-07-31 22:24 - 00064128 ____N (Atheros) C:\Windows\System32\athihvui.dll
    2013-04-10 16:27 - 2012-07-31 22:18 - 00079352 ____N C:\Windows\System32\athw8x.cat
    2013-04-10 16:27 - 2012-07-24 08:44 - 03618304 ____N (Qualcomm Atheros Communications, Inc.) C:\Windows\System32\athw8x.sys
    2013-04-10 16:23 - 2013-04-10 16:23 - 04446832 ____A (AVG Technologies) C:\Users\jonesy\Downloads\avg_free_stb_all_2013_3272_cnet.exe
    2013-04-09 18:09 - 2013-04-10 20:41 - 00000000 ____D C:\Users\jonesy\Downloads\Ultimate
    2013-04-09 18:01 - 2013-04-09 18:01 - 00482549 ____A C:\Users\jonesy\Desktop\FTB_Launcher.jar
    2013-04-01 17:07 - 2013-04-06 09:36 - 00000000 ____D C:\Users\jonesy\Desktop\New folder (2)
    2013-03-30 16:00 - 2013-03-25 18:02 - 00011486 ____A C:\Users\jonesy\Documents\untitled_1.odt

    ==================== One Month Modified Files and Folders =======

    2013-04-21 10:30 - 2013-04-21 10:30 - 00000000 ____D C:\FRST
    2013-04-21 10:30 - 2012-07-26 08:28 - 00848230 ____A C:\Windows\System32\PerfStringBackup.INI
    2013-04-21 10:29 - 2013-04-21 10:29 - 01707098 ____A (Farbar) C:\Users\jonesy\Downloads\FRST64 (1).exe
    2013-04-21 10:28 - 2013-04-21 10:28 - 01707098 ____A (Farbar) C:\Users\jonesy\Downloads\FRST64.exe
    2013-04-21 10:27 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\System32\sru
    2013-04-21 02:55 - 2012-12-30 01:44 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2013-04-21 02:52 - 2012-10-19 07:20 - 00000360 ____A C:\Windows\Tasks\Xerox PhotoCafe Communicator.job
    2013-04-21 02:39 - 2013-04-21 02:39 - 13164134 ____A C:\Users\jonesy\Downloads\mbar-1.05.0.1001.zip
    2013-04-21 02:38 - 2013-04-21 02:38 - 00001728 ____A C:\Users\jonesy\Desktop\RKreport[3]_D_04212013_02d0238.txt
    2013-04-21 02:34 - 2013-04-21 01:19 - 00000000 ____D C:\Users\jonesy\Desktop\RK_Quarantine
    2013-04-21 01:26 - 2013-04-21 01:26 - 00002067 ____A C:\Users\jonesy\Desktop\RKreport[2]_D_04212013_02d0126.txt
    2013-04-21 01:23 - 2013-04-21 01:23 - 00001752 ____A C:\Users\jonesy\Desktop\RKreport[1]_S_04212013_02d0123.txt
    2013-04-21 01:18 - 2013-04-21 01:18 - 00816128 ____A C:\Users\jonesy\Downloads\RogueKiller.exe
    2013-04-21 01:12 - 2013-04-21 01:12 - 00003302 ____A C:\Users\jonesy\Desktop\attach.zip
    2013-04-21 01:12 - 2013-04-20 23:52 - 00010478 ____A C:\Users\jonesy\Desktop\attach.txt
    2013-04-21 00:42 - 2013-04-20 23:52 - 00020827 ____A C:\Users\jonesy\Desktop\dds.txt
    2013-04-21 00:10 - 2012-12-25 14:07 - 00000000 ____D C:\Users\jonesy\AppData\Local\CrashDumps
    2013-04-21 00:08 - 2012-12-30 01:44 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2013-04-21 00:08 - 2012-07-26 08:22 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2013-04-21 00:07 - 2013-04-21 00:07 - 00000000 ____D C:\Panda Software
    2013-04-21 00:07 - 2012-08-05 22:07 - 00768458 ____A C:\Windows\PFRO.log
    2013-04-21 00:04 - 2013-04-21 00:04 - 00866592 ____A C:\Users\jonesy\Downloads\Norton_Removal_Tool.exe
    2013-04-21 00:02 - 2013-04-21 00:02 - 03222280 ____A (AVG Technologies CZ, s.r.o.) C:\Users\jonesy\Downloads\avg_remover_stf_x64_2013_2706.exe
    2013-04-21 00:02 - 2013-04-21 00:02 - 00177561 ____A C:\Users\jonesy\Downloads\avgremover.log
    2013-04-20 23:48 - 2013-04-20 23:48 - 00688992 ____R (Swearware) C:\Users\jonesy\Downloads\dds.com
    2013-04-20 22:50 - 2013-04-20 22:50 - 00001141 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2013-04-20 22:50 - 2013-04-20 22:46 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2013-04-20 22:01 - 2012-12-25 14:23 - 00000000 ____D C:\Users\jonesy\AppData\Roaming\.minecraft
    2013-04-20 21:56 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\System32\NDF
    2013-04-20 21:51 - 2013-04-10 16:33 - 00000000 ___HD C:\$AVG
    2013-04-20 21:50 - 2012-07-26 09:12 - 00000000 ___HD C:\Windows\ELAMBKUP
    2013-04-20 21:43 - 2013-01-20 22:01 - 00040659 ____A C:\Users\jonesy\Desktop\server.log
    2013-04-20 21:19 - 2013-04-20 21:19 - 00370291 ____A C:\Users\jonesy\Downloads\OptiFine_1.4.6_HD_U_D5.zip
    2013-04-20 21:07 - 2013-03-13 17:25 - 00000000 ____D C:\Users\jonesy\Desktop\photoshop
    2013-04-20 21:02 - 2012-07-26 06:26 - 00262144 __ASH C:\Windows\System32\config\ELAM
    2013-04-20 20:43 - 2013-01-01 16:32 - 00000000 ____D C:\Users\jonesy\AppData\Roaming\Azureus
    2013-04-20 20:31 - 2012-10-19 06:03 - 01463360 ____A C:\Windows\WindowsUpdate.log
    2013-04-19 16:27 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\AUInstallAgent
    2013-04-19 09:42 - 2013-04-16 21:28 - 00008627 ____A C:\Windows\SysWOW64\PAV_FOG.OPC
    2013-04-17 19:22 - 2012-12-26 13:50 - 72702784 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2013-04-16 22:31 - 2013-04-16 22:31 - 00013155 ____A C:\Users\jonesy\Downloads\JurassicCock - Jewel Bancroft-[rarbg.com].torrent
    2013-04-16 21:26 - 2013-04-16 21:26 - 00000000 ____D C:\Windows\FltMgr
    2013-04-16 21:26 - 2013-04-16 21:26 - 00000000 ____D C:\Users\jonesy\AppData\Local\Panda Security
    2013-04-16 21:26 - 2012-07-26 06:26 - 00000179 ____A C:\Windows\win.ini
    2013-04-16 21:24 - 2013-04-16 21:24 - 00002247 ____A C:\Users\Public\Desktop\Panda Antivirus Pro 2013.lnk
    2013-04-16 21:24 - 2013-04-16 21:24 - 00000262 ____A C:\Windows\System32\PavCPL64.dat
    2013-04-16 21:24 - 2013-04-16 21:16 - 00000000 ____D C:\Program Files (x86)\Panda Security
    2013-04-16 21:22 - 2013-04-16 21:22 - 00000000 ____D C:\Windows\SysWOW64\PAV
    2013-04-16 21:22 - 2013-04-16 21:22 - 00000000 ____D C:\Users\jonesy\AppData\Roaming\Panda Security
    2013-04-16 21:22 - 2012-10-19 05:58 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
    2013-04-16 21:18 - 2013-04-16 21:18 - 00000218 ____A C:\Users\jonesy\AppData\Local\recently-used.xbel
    2013-04-16 21:18 - 2013-04-14 20:46 - 00010240 ____A C:\Users\jonesy\Desktop\Shop Work schedule and volunteers.xls
    2013-04-16 21:12 - 2013-04-16 21:12 - 00928496 ____A C:\Users\jonesy\Downloads\PandaAP13.exe
    2013-04-14 20:46 - 2013-04-14 20:46 - 00013549 ____A C:\Users\jonesy\Desktop\Shop Work schedule and volunteers.ods
    2013-04-13 08:18 - 2013-04-13 08:18 - 00013180 ____A C:\Users\jonesy\Downloads\jack timesheet (1).xlsx
    2013-04-13 08:16 - 2013-04-13 08:16 - 00013180 ____A C:\Users\jonesy\Downloads\jack timesheet.xlsx
    2013-04-12 14:58 - 2013-01-18 15:32 - 00163328 __ASH C:\Users\jonesy\Downloads\Thumbs.db
    2013-04-12 13:41 - 2013-01-29 02:56 - 00275968 __ASH C:\Users\jonesy\Desktop\Thumbs.db
    2013-04-11 17:56 - 2013-02-01 16:04 - 00002195 ____A C:\Users\Public\Desktop\Google Chrome.lnk
    2013-04-10 21:19 - 2013-04-10 21:20 - 00310688 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
    2013-04-10 21:19 - 2013-04-10 21:19 - 00188832 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
    2013-04-10 21:19 - 2013-04-10 21:19 - 00188320 ____A (Oracle Corporation) C:\Windows\System32\java.exe
    2013-04-10 21:19 - 2013-04-10 21:19 - 00108448 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge-64.dll
    2013-04-10 21:19 - 2013-04-10 21:19 - 00000000 ____D C:\Program Files\Java
    2013-04-10 21:19 - 2012-12-27 13:52 - 01085344 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
    2013-04-10 21:19 - 2012-12-27 13:52 - 00963488 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
    2013-04-10 21:17 - 2013-04-10 21:17 - 33003424 ____A (Oracle Corporation) C:\Users\jonesy\Downloads\jre-7u17-windows-x64.exe
    2013-04-10 21:16 - 2013-04-10 21:16 - 00896928 ____A (Oracle Corporation) C:\Users\jonesy\Downloads\chromeinstall-7u17 (2).exe
    2013-04-10 20:41 - 2013-04-09 18:09 - 00000000 ____D C:\Users\jonesy\Downloads\Ultimate
    2013-04-10 19:55 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\rescache
    2013-04-10 18:04 - 2013-04-10 18:03 - 58674136 ____A (AVG) C:\Users\jonesy\Downloads\avg_tuh_stf_all_2013_2_24c28.exe
    2013-04-10 18:00 - 2012-12-27 03:49 - 00000000 ____D C:\Users\jonesy\Downloads\Direwolf20
    2013-04-10 17:52 - 2013-04-10 17:52 - 00002029 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk
    2013-04-10 16:58 - 2013-04-10 16:58 - 00896928 ____A (Oracle Corporation) C:\Users\jonesy\Downloads\chromeinstall-7u17 (1).exe
    2013-04-10 16:58 - 2012-10-19 07:14 - 00000000 ____D C:\Program Files (x86)\Adobe
    2013-04-10 16:49 - 2012-12-25 14:08 - 00000000 ____D C:\Users\jonesy\AppData\Roaming\Adobe
    2013-04-10 16:48 - 2013-04-10 16:48 - 00000000 ____D C:\Users\jonesy\Documents\Adobe
    2013-04-10 16:33 - 2013-04-10 16:33 - 00000000 ____D C:\Users\jonesy\AppData\Roaming\TuneUp Software
    2013-04-10 16:28 - 2012-10-19 05:59 - 00000000 ____D C:\Program Files (x86)\Qualcomm Atheros
    2013-04-10 16:27 - 2013-04-10 16:27 - 00000000 ____D C:\Windows\System32\nn-NO
    2013-04-10 16:27 - 2013-04-10 16:27 - 00000000 ____D C:\Program Files (x86)\Cisco
    2013-04-10 16:27 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\System32\tr-TR
    2013-04-10 16:24 - 2013-01-01 16:33 - 00000000 ____D C:\Users\jonesy\AppData\Local\Conduit
    2013-04-10 16:23 - 2013-04-10 16:23 - 04446832 ____A (AVG Technologies) C:\Users\jonesy\Downloads\avg_free_stb_all_2013_3272_cnet.exe
    2013-04-10 16:07 - 2013-01-02 17:49 - 00000000 ____D C:\Users\jonesy\AppData\Local\Adobe
    2013-04-09 18:41 - 2013-01-01 16:49 - 00000000 ____D C:\Program Files (x86)\Steam
    2013-04-09 18:01 - 2013-04-09 18:01 - 00482549 ____A C:\Users\jonesy\Desktop\FTB_Launcher.jar
    2013-04-09 18:01 - 2012-12-27 03:32 - 00000000 ____D C:\Users\jonesy\AppData\Roaming\ftblauncher
    2013-04-06 09:36 - 2013-04-01 17:07 - 00000000 ____D C:\Users\jonesy\Desktop\New folder (2)
    2013-04-04 14:50 - 2013-04-20 22:50 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2013-04-02 23:08 - 2013-04-20 20:46 - 00692576 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2013-04-02 23:08 - 2013-04-20 20:46 - 00078176 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2013-03-25 18:02 - 2013-03-30 16:00 - 00011486 ____A C:\Users\jonesy\Documents\untitled_1.odt

    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


    Last Boot: 2013-04-12 13:49

    ==================== End Of Log ============================
     
  17. keepmovingup2

    keepmovingup2 TS Rookie Topic Starter

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-04-2013 01
    Ran by jonesy at 2013-04-21 10:32:54 Run:
    Running from C:\Users\jonesy\Downloads
    Boot Mode: Normal
    ==========================================================


    ==================== Installed Programs =======================

    Adobe Anchor Service CS3 (Version: 1.0)
    Adobe Asset Services CS3 (Version: 3)
    Adobe Bridge CS3 (Version: 2)
    Adobe Bridge Start Meeting (Version: 1.0)
    Adobe Camera Raw 4.0 (Version: 4.0)
    Adobe CMaps (Version: 1.0)
    Adobe Color - Photoshop Specific (Version: 1.0)
    Adobe Color Common Settings (Version: 1.0)
    Adobe Color EU Extra Settings (Version: 1.0)
    Adobe Color JA Extra Settings (Version: 1.0)
    Adobe Color NA Recommended Settings (Version: 1.0)
    Adobe Default Language CS3 (Version: 1.0)
    Adobe Device Central CS3 (Version: 1.0)
    Adobe ExtendScript Toolkit 2 (Version: 2.0)
    Adobe Fonts All (Version: 1.0)
    Adobe Help Viewer CS3 (Version: 1)
    Adobe Linguistics CS3 (Version: 3.0.0)
    Adobe PDF Library Files (Version: 8.0)
    Adobe Photoshop CS3 (Version: 10)
    Adobe Photoshop CS3 (Version: 10.0)
    Adobe Reader X (10.1.6) MUI (Version: 10.1.6)
    Adobe Setup (Version: 1.0)
    Adobe Stock Photos CS3 (Version: 1.5)
    Adobe Type Support (Version: 1.0)
    Adobe Update Manager CS3 (Version: 5.1.0)
    Adobe Version Cue CS3 Client (Version: 3)
    Adobe WinSoft Linguistics Plugin (Version: 1.0)
    Adobe XMP Panels CS3 (Version: 1.0)
    AMD Accelerated Video Transcoding (Version: 12.5.100.20912)
    AMD APP SDK Runtime (Version: 10.0.938.2)
    AMD Catalyst Install Manager (Version: 8.0.881.0)
    AMD Quick Stream (Version: 3.3.26.0)
    AMD VISION Engine Control Center (Version: 2012.0912.1709.28839)
    Anno 1404 (Version: 1.00.0000)
    ANNO 1404 (Version: 1.01.0000)
    Apple Application Support (Version: 2.3)
    Apple Software Update (Version: 2.1.3.127)
    Canon Utilities EOS Utility (Version: 2.12.3.1)
    Catalyst Control Center - Branding (Version: 1.00.0000)
    Catalyst Control Center InstallProxy (Version: 2012.0912.1709.28839)
    Catalyst Control Center Localization All (Version: 2012.0912.1709.28839)
    CCC Help Chinese Standard (Version: 2012.0912.1708.28839)
    CCC Help Chinese Traditional (Version: 2012.0912.1708.28839)
    CCC Help Czech (Version: 2012.0912.1708.28839)
    CCC Help Danish (Version: 2012.0912.1708.28839)
    CCC Help Dutch (Version: 2012.0912.1708.28839)
    CCC Help English (Version: 2012.0912.1708.28839)
    CCC Help Finnish (Version: 2012.0912.1708.28839)
    CCC Help French (Version: 2012.0912.1708.28839)
    CCC Help German (Version: 2012.0912.1708.28839)
    CCC Help Greek (Version: 2012.0912.1708.28839)
    CCC Help Hungarian (Version: 2012.0912.1708.28839)
    CCC Help Italian (Version: 2012.0912.1708.28839)
    CCC Help Japanese (Version: 2012.0912.1708.28839)
    CCC Help Korean (Version: 2012.0912.1708.28839)
    CCC Help Norwegian (Version: 2012.0912.1708.28839)
    CCC Help Polish (Version: 2012.0912.1708.28839)
    CCC Help Portuguese (Version: 2012.0912.1708.28839)
    CCC Help Russian (Version: 2012.0912.1708.28839)
    CCC Help Spanish (Version: 2012.0912.1708.28839)
    CCC Help Swedish (Version: 2012.0912.1708.28839)
    CCC Help Thai (Version: 2012.0912.1708.28839)
    CCC Help Turkish (Version: 2012.0912.1708.28839)
    ccc-utility64 (Version: 2012.0912.1709.28839)
    Chivalry: Medieval Warfare
    Cisco EAP-FAST Module (Version: 2.2.14)
    Cisco LEAP Module (Version: 1.0.19)
    Cisco PEAP Module (Version: 1.1.6)
    Cool Edit Pro 2.0
    CyberLink Power2Go 8 (Version: 8.0.0.1912)
    CyberLink PowerDVD 10 (Version: 10.0.4421.02)
    D3DX10 (Version: 15.4.2368.0902)
    DivX Setup (Version: 2.6.1.22)
    Easy File Share (Version: 1.3.4)
    E-POP (Version: 1.0.1)
    Fotogalerie (Version: 16.4.3503.0728)
    Free Audio Editor
    Galerie de photos (Version: 16.4.3503.0728)
    Giant Savings Extension (Version: 1.24.151.151)
    GIMP 2.8.2 (Version: 2.8.2)
    Google Chrome (Version: 26.0.1410.64)
    Google Earth (Version: 7.0.3.8542)
    Google Update Helper (Version: 1.3.21.135)
    Help Desk (Version: 1.0.5)
    Hitman Absolution
    Inkscape 0.48.4 (Version: 0.48.4)
    IrfanView (remove only) (Version: 4.35)
    Java 7 Update 17 (64-bit) (Version: 7.0.170)
    Java 7 Update 17 (Version: 7.0.170)
    Java Auto Updater (Version: 2.1.9.0)
    Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
    Microsoft Application Error Reporting (Version: 12.0.6015.5000)
    Microsoft Office (Version: 14.0.6120.5004)
    Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
    Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
    Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
    Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
    Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
    Movie Maker (Version: 16.4.3503.0728)
    MSVCRT (Version: 15.4.2862.0708)
    MSVCRT110 (Version: 16.4.1108.0727)
    MSVCRT110_amd64 (Version: 16.4.1108.0727)
    Norton Online Backup (Version: 2.2.3.45)
    Norton Online Backup ARA (Version: 4.1.0.11)
    OpenOffice.org 3.4.1 (Version: 3.41.9593)
    Panda Antivirus Pro 2013 (Version: 12.01.01)
    Password Depot 6 - Panda Secure Vault Edition (Version: 6.1.5)
    PDF Settings (Version: 1.0)
    PDFCreator (Version: 1.2.0)
    Photo Common (Version: 16.4.3503.0728)
    Photo Gallery (Version: 16.4.3503.0728)
    Plants vs. Zombies
    PowerISO (Version: 4.7)
    Qualcomm Atheros Bluetooth Suite (64) (Version: 8.0.0.210)
    Qualcomm Atheros Client Installation Program (Version: 10.0)
    QuickTime (Version: 7.73.80.64)
    Raccolta foto (Version: 16.4.3503.0728)
    Realtek Ethernet Controller Driver (Version: 8.3.730.2012)
    Realtek High Definition Audio Driver (Version: 6.0.1.6702)
    Realtek USB 2.0 Card Reader (Version: 6.1.8400.39030)
    Recovery (Version: 6.0.6.5)
    S Agent (Version: 1.1.30)
    Sculptris Alpha 6 (Version: 0.6)
    Search Protect by conduit (Version: 1.4.1.12)
    Settings (Version: 2.0.0)
    Silo 2.1.1 (Version: 2.1.10)
    SketchUp 8 (Version: 3.0.16846)
    Steam (Version: 1.0.0.0)
    Support Center (Version: 2.0.12)
    Support Center FAQ (Version: 1.0.5)
    SW Update (Version: 2.1.11)
    Synaptics Pointing Device Driver (Version: 16.2.21.0)
    System Requirements Lab CYRI (Version: 5.0.6.0)
    Tales of Monkey Island (Version: 2.0.0.0)
    TouchFreeze (Version: 1.1.0)
    User Guide (Version: 1.3.00)
    VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
    VideoPad Video Editor
    Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1)
    Vuze (Version: 4.8.1.2)
    Vuze Remote Toolbar (Version: 6.9.0.16)
    WavePad Sound Editor
    WinCDEmu (Version: 3.6)
    Windows Driver Package - Samsung Electronics Co. Ltd. (RadioHIDMini) HIDClass (07/27/2012 20.57.1.735) (Version: 07/27/2012 20.57.1.735)
    Windows Live (Version: 16.4.3503.0728)
    Windows Live Communications Platform (Version: 16.4.3503.0728)
    Windows Live Essentials (Version: 16.4.3503.0728)
    Windows Live Installer (Version: 16.4.3503.0728)
    Windows Live Photo Common (Version: 16.4.3503.0728)
    Windows Live PIMT Platform (Version: 16.4.3503.0728)
    Windows Live SOXE (Version: 16.4.3503.0728)
    Windows Live SOXE Definitions (Version: 16.4.3503.0728)
    Windows Live UX Platform (Version: 16.4.3503.0728)
    Windows Live UX Platform Language Pack (Version: 16.4.3503.0728)
    WinRAR 4.20 (32-bit) (Version: 4.20.0)
    WinRAR Packages
    Xerox PhotoCafe (Version: 1.0.0.6162)

    ==================== Restore Points =========================

    02-04-2013 10:53:26 Scheduled Checkpoint
    09-04-2013 17:44:18 Installed SW Update
    10-04-2013 20:18:11 Installed Java 7 Update 17 (64-bit)
    17-04-2013 18:19:57 Windows Update
    20-04-2013 20:48:52 Removed AVG 2013

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (04/21/2013 00:10:15 AM) (Source: Application Error) (User: )
    Description: Faulting application name: MakeMarkerFile.exe, version: 1.0.0.2, time stamp: 0x5021e5e8
    Faulting module name: MakeMarkerFile.exe, version: 1.0.0.2, time stamp: 0x5021e5e8
    Exception code: 0xc0000417
    Fault offset: 0x000000000014d7cc
    Faulting process ID: 0x90c
    Faulting application start time: 0xMakeMarkerFile.exe0
    Faulting application path: MakeMarkerFile.exe1
    Faulting module path: MakeMarkerFile.exe2
    Report ID: MakeMarkerFile.exe3
    Faulting package full name: MakeMarkerFile.exe4
    Faulting package-relative application ID: MakeMarkerFile.exe5

    Error: (04/20/2013 10:20:52 PM) (Source: Application Error) (User: )
    Description: Faulting application name: MakeMarkerFile.exe, version: 1.0.0.2, time stamp: 0x5021e5e8
    Faulting module name: MakeMarkerFile.exe, version: 1.0.0.2, time stamp: 0x5021e5e8
    Exception code: 0xc0000417
    Fault offset: 0x000000000014d7cc
    Faulting process ID: 0xd64
    Faulting application start time: 0xMakeMarkerFile.exe0
    Faulting application path: MakeMarkerFile.exe1
    Faulting module path: MakeMarkerFile.exe2
    Report ID: MakeMarkerFile.exe3
    Faulting package full name: MakeMarkerFile.exe4
    Faulting package-relative application ID: MakeMarkerFile.exe5

    Error: (04/20/2013 09:07:52 PM) (Source: Application Error) (User: )
    Description: Faulting application name: MakeMarkerFile.exe, version: 1.0.0.2, time stamp: 0x5021e5e8
    Faulting module name: MakeMarkerFile.exe, version: 1.0.0.2, time stamp: 0x5021e5e8
    Exception code: 0xc0000417
    Fault offset: 0x000000000014d7cc
    Faulting process ID: 0x750
    Faulting application start time: 0xMakeMarkerFile.exe0
    Faulting application path: MakeMarkerFile.exe1
    Faulting module path: MakeMarkerFile.exe2
    Report ID: MakeMarkerFile.exe3
    Faulting package full name: MakeMarkerFile.exe4
    Faulting package-relative application ID: MakeMarkerFile.exe5

    Error: (04/20/2013 08:47:55 PM) (Source: Application Error) (User: )
    Description: Faulting application name: MakeMarkerFile.exe, version: 1.0.0.2, time stamp: 0x5021e5e8
    Faulting module name: MakeMarkerFile.exe, version: 1.0.0.2, time stamp: 0x5021e5e8
    Exception code: 0xc0000417
    Fault offset: 0x000000000014d7cc
    Faulting process ID: 0x1224
    Faulting application start time: 0xMakeMarkerFile.exe0
    Faulting application path: MakeMarkerFile.exe1
    Faulting module path: MakeMarkerFile.exe2
    Report ID: MakeMarkerFile.exe3
    Faulting package full name: MakeMarkerFile.exe4
    Faulting package-relative application ID: MakeMarkerFile.exe5

    Error: (04/17/2013 07:22:48 PM) (Source: Application Error) (User: )
    Description: Faulting application name: MRT.exe, version: 4.19.7304.0, time stamp: 0x515a4575
    Faulting module name: ntdll.dll, version: 6.2.9200.16420, time stamp: 0x505ab405
    Exception code: 0xc0000005
    Fault offset: 0x00000000000115d0
    Faulting process ID: 0x2088
    Faulting application start time: 0xMRT.exe0
    Faulting application path: MRT.exe1
    Faulting module path: MRT.exe2
    Report ID: MRT.exe3
    Faulting package full name: MRT.exe4
    Faulting package-relative application ID: MRT.exe5

    Error: (04/16/2013 09:24:18 PM) (Source: Application Error) (User: )
    Description: Faulting application name: GuaranaAgent.exe, version: 2.0.12.0, time stamp: 0x5053040f
    Faulting module name: GuaranaAgent.exe, version: 2.0.12.0, time stamp: 0x5053040f
    Exception code: 0x40000015
    Fault offset: 0x000000000021df11
    Faulting process ID: 0x170c
    Faulting application start time: 0xGuaranaAgent.exe0
    Faulting application path: GuaranaAgent.exe1
    Faulting module path: GuaranaAgent.exe2
    Report ID: GuaranaAgent.exe3
    Faulting package full name: GuaranaAgent.exe4
    Faulting package-relative application ID: GuaranaAgent.exe5

    Error: (04/16/2013 09:22:13 PM) (Source: Application Error) (User: )
    Description: Faulting application name: MakeMarkerFile.exe, version: 1.0.0.2, time stamp: 0x5021e5e8
    Faulting module name: MakeMarkerFile.exe, version: 1.0.0.2, time stamp: 0x5021e5e8
    Exception code: 0xc0000417
    Fault offset: 0x000000000014d7cc
    Faulting process ID: 0x458
    Faulting application start time: 0xMakeMarkerFile.exe0
    Faulting application path: MakeMarkerFile.exe1
    Faulting module path: MakeMarkerFile.exe2
    Report ID: MakeMarkerFile.exe3
    Faulting package full name: MakeMarkerFile.exe4
    Faulting package-relative application ID: MakeMarkerFile.exe5

    Error: (04/14/2013 05:35:35 PM) (Source: Customer Experience Improvement Program) (User: )
    Description: 80070005

    Error: (04/12/2013 11:01:52 AM) (Source: Customer Experience Improvement Program) (User: )
    Description: 80070005

    Error: (04/10/2013 09:29:39 PM) (Source: Application Error) (User: )
    Description: Faulting application name: GuaranaAgent.exe, version: 2.0.12.0, time stamp: 0x5053040f
    Faulting module name: GuaranaAgent.exe, version: 2.0.12.0, time stamp: 0x5053040f
    Exception code: 0x40000015
    Fault offset: 0x000000000021df11
    Faulting process ID: 0x1720
    Faulting application start time: 0xGuaranaAgent.exe0
    Faulting application path: GuaranaAgent.exe1
    Faulting module path: GuaranaAgent.exe2
    Report ID: GuaranaAgent.exe3
    Faulting package full name: GuaranaAgent.exe4
    Faulting package-relative application ID: GuaranaAgent.exe5


    System errors:
    =============
    Error: (04/21/2013 00:06:57 AM) (Source: Service Control Manager) (User: )
    Description: The Panda On-Access Anti-Malware Service service terminated with the following error:
    %%1

    Error: (04/20/2013 10:18:38 PM) (Source: EventLog) (User: )
    Description: The previous system shutdown at 21:45:42 on ?20/?04/?2013 was unexpected.

    Error: (04/20/2013 10:14:49 PM) (Source: Service Control Manager) (User: )
    Description: The WLAN AutoConfig service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.

    Error: (04/20/2013 10:14:49 PM) (Source: Service Control Manager) (User: )
    Description: The Diagnostic System Host service terminated unexpectedly. It has done this 2 time(s).

    Error: (04/20/2013 10:14:49 PM) (Source: Service Control Manager) (User: )
    Description: The Distributed Link Tracking Client service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.

    Error: (04/20/2013 10:14:49 PM) (Source: Service Control Manager) (User: )
    Description: The Superfetch service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

    Error: (04/20/2013 10:14:49 PM) (Source: Service Control Manager) (User: )
    Description: The Program Compatibility Assistant Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

    Error: (04/20/2013 10:14:49 PM) (Source: Service Control Manager) (User: )
    Description: The Network Connections service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.

    Error: (04/20/2013 10:14:49 PM) (Source: Service Control Manager) (User: )
    Description: The HomeGroup Listener service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

    Error: (04/20/2013 10:14:49 PM) (Source: Service Control Manager) (User: )
    Description: The Human Interface Device Access service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.


    Microsoft Office Sessions:
    =========================
    Error: (04/21/2013 00:10:15 AM) (Source: Application Error)(User: )
    Description: MakeMarkerFile.exe1.0.0.25021e5e8MakeMarkerFile.exe1.0.0.25021e5e8c0000417000000000014d7cc90c01ce3e1bedda9113C:\ProgramData\MakeMarkerFile.exeC:\ProgramData\MakeMarkerFile.exe7597e9c1-aa0f-11e2-beb4-50b7c361a844

    Error: (04/20/2013 10:20:52 PM) (Source: Application Error)(User: )
    Description: MakeMarkerFile.exe1.0.0.25021e5e8MakeMarkerFile.exe1.0.0.25021e5e8c0000417000000000014d7ccd6401ce3e0cb962b014C:\ProgramData\MakeMarkerFile.exeC:\ProgramData\MakeMarkerFile.exe2d5f1c6e-aa00-11e2-beb3-50b7c361a844

    Error: (04/20/2013 09:07:52 PM) (Source: Application Error)(User: )
    Description: MakeMarkerFile.exe1.0.0.25021e5e8MakeMarkerFile.exe1.0.0.25021e5e8c0000417000000000014d7cc75001ce3e027666cc07C:\ProgramData\MakeMarkerFile.exeC:\ProgramData\MakeMarkerFile.exefaeb939e-a9f5-11e2-beb2-50b7c361a844

    Error: (04/20/2013 08:47:55 PM) (Source: Application Error)(User: )
    Description: MakeMarkerFile.exe1.0.0.25021e5e8MakeMarkerFile.exe1.0.0.25021e5e8c0000417000000000014d7cc122401ce3dffd3c24df8C:\ProgramData\MakeMarkerFile.exeC:\ProgramData\MakeMarkerFile.exe3115b955-a9f3-11e2-beb1-50b7c361a844

    Error: (04/17/2013 07:22:48 PM) (Source: Application Error)(User: )
    Description: MRT.exe4.19.7304.0515a4575ntdll.dll6.2.9200.16420505ab405c000000500000000000115d0208801ce3b988baeaa5cC:\windows\system32\MRT.exeC:\windows\SYSTEM32\ntdll.dllce69b508-a78b-11e2-beb0-50b7c361a844

    Error: (04/16/2013 09:24:18 PM) (Source: Application Error)(User: )
    Description: GuaranaAgent.exe2.0.12.05053040fGuaranaAgent.exe2.0.12.05053040f40000015000000000021df11170c01ce3ae04d84defeC:\Program Files\Samsung\Support Center\GuaranaAgent.exeC:\Program Files\Samsung\Support Center\GuaranaAgent.exe9cf3f7ab-a6d3-11e2-beb0-50b7c361a844

    Error: (04/16/2013 09:22:13 PM) (Source: Application Error)(User: )
    Description: MakeMarkerFile.exe1.0.0.25021e5e8MakeMarkerFile.exe1.0.0.25021e5e8c0000417000000000014d7cc45801ce3ae0010868b0C:\ProgramData\MakeMarkerFile.exeC:\ProgramData\MakeMarkerFile.exe52aba8c6-a6d3-11e2-beb0-50b7c361a844

    Error: (04/14/2013 05:35:35 PM) (Source: Customer Experience Improvement Program)(User: )
    Description: 80070005

    Error: (04/12/2013 11:01:52 AM) (Source: Customer Experience Improvement Program)(User: )
    Description: 80070005

    Error: (04/10/2013 09:29:39 PM) (Source: Application Error)(User: )
    Description: GuaranaAgent.exe2.0.12.05053040fGuaranaAgent.exe2.0.12.05053040f40000015000000000021df11172001ce362a1da9120fC:\Program Files\Samsung\Support Center\GuaranaAgent.exeC:\Program Files\Samsung\Support Center\GuaranaAgent.exe5d89c5b9-a21d-11e2-beaf-50b7c361a844


    ==================== Memory info ===========================

    Percentage of memory in use: 25%
    Total physical RAM: 5595.08 MB
    Available physical RAM: 4142.63 MB
    Total Pagefile: 16859.08 MB
    Available Pagefile: 14957.96 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.8 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:672.94 GB) (Free:531.09 GB) NTFS (Disk=0 Partition=4)
    Drive f: (EOS_DIGITAL) (Removable) (Total:14.83 GB) (Free:14.43 GB) FAT32 (Disk=1 Partition=1)


    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 698 GB 0 B *
    Disk 1 Online 14 GB 0 B

    Partitions of Disk 0:
    ===============

    Disk ID: {6BE46D82-1F8A-4899-9D00-988E8BA4661B}

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Recovery 500 MB 1024 KB
    Partition 2 System (partition with boot components) 300 MB 501 MB
    Partition 3 Reserved 128 MB 801 MB
    Partition 4 Primary 672 GB 929 MB
    Partition 5 Recovery 23 GB 673 GB
    Partition 6 Recovery 1024 MB 697 GB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : de94bba4-06d1-4d40-a16a-bfd50179d6ac
    Hidden : Yes
    Required: Yes
    Attrib : 0X8000000000000001

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 Windows RE NTFS Partition 500 MB Healthy Hidden

    =========================================================

    Disk: 0
    Partition 2
    Type : c12a7328-f81f-11d2-ba4b-00a0c93ec93b
    Hidden : Yes
    Required: No
    Attrib : 0X8000000000000000

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 SYSTEM FAT32 Partition 300 MB Healthy System (partition with boot components)

    =========================================================

    Disk: 0
    Partition 3
    Type : e3c9e316-0b5c-4db8-817d-f92df00215ae
    Hidden : Yes
    Required: No
    Attrib : 0X8000000000000000

    There is no volume associated with this partition.

    =========================================================

    Disk: 0
    Partition 4
    Type : ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Hidden : No
    Required: No
    Attrib : 0000000000000000

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 C NTFS Partition 672 GB Healthy Boot

    =========================================================

    Disk: 0
    Partition 5
    Type : de94bba4-06d1-4d40-a16a-bfd50179d6ac
    Hidden : Yes
    Required: Yes
    Attrib : 0X0000000000000001

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 SAMSUNG_REC NTFS Partition 23 GB Healthy Hidden

    =========================================================

    Disk: 0
    Partition 6
    Type : de94bba4-06d1-4d40-a16a-bfd50179d6ac
    Hidden : Yes
    Required: Yes
    Attrib : 0X0000000000000001

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 5 SAMSUNG_REC FAT32 Partition 1024 MB Healthy Hidden

    =========================================================

    Partitions of Disk 1:
    ===============

    Disk ID: 00000000

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 14 GB 4096 KB

    ==================================================================================

    Disk: 1
    Partition 1
    Type : 0C
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 6 F EOS_DIGITAL FAT32 Removable 14 GB Healthy

    =========================================================
    ============================== MBR & Partition Table ==================

    ====================================================================
    Disk: 0 (Size: 699 GB) (Disk ID: 3945EBAC)

    Partition 1: GPT Partition Type
    ====================================================================
    Disk: 1 (Size: 15 GB) (Disk ID: 00000000)

    Partition 1: (Not Active) - (Size=15 GB) - (Type=0C)
     
  18. Broni

    Broni Malware Annihilator Posts: 47,078   +258

    I don't see anything malicious there.

    How is computer doing since you uninstalled those two AV programs?

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.

    [​IMG] Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  19. Broni

    Broni Malware Annihilator Posts: 47,078   +258

    Still with me?
     
  20. Broni

    Broni Malware Annihilator Posts: 47,078   +258

    This topic is marked as abandoned and closed due to inactivity.
    This member will NOT be eligible to receive any more help in malware removal forum.
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.