Solved Fake Google Virus iztztxyd.exe

Sam22

Posts: 20   +0
Hello,
I have a virus that appears in my task manager as "google chrome."
In the task manager, under "Processes" there are multiple instaces of the "Image Name" --- "iztztxyd.exe" which has a description of "google Chrome."
In the following place: AppData\LocalLow\Macromedia\oarvfwa\gjnjucxf There is a google chrome icon called "iztztxyd.exe" that cannot be deleted.
I can't delete it bcause it says that the "file is open in Gooogle Chrome" even though I already uninstalled Google Chrome.
My computer is slow and the CPU usage spikes from 20% to 98% in short periods of times.
How do I get rid of it?!
Thank you so, so much!!!!
 
Welcome aboard


Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 11/23/2014
Scan Time: 12:50:13 AM
Logfile:
Administrator: Yes
Version: 2.00.3.1025
Malware Database: v2014.11.23.03
Rootkit Database: v2014.11.22.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Samuel Avila
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 336156
Time Elapsed: 30 min, 7 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 4
Trojan.Chrome.INJ, C:\Users\Samuel Avila\AppData\Local\PACE Anti-Piracy\Kqucelq.dll, Delete-on-Reboot, [3df21f20e19bd85e26c4ebfe6d9414ec],
Trojan.Chrome.INJ, C:\Users\Samuel Avila\AppData\Local\PACE Anti-Piracy\Kqucelq.dll, Delete-on-Reboot, [3df21f20e19bd85e26c4ebfe6d9414ec],
Trojan.Chrome.INJ, C:\Users\Samuel Avila\AppData\Local\PACE Anti-Piracy\Kqucelq.dll, Delete-on-Reboot, [3df21f20e19bd85e26c4ebfe6d9414ec],
Trojan.Chrome.INJ, C:\Users\Samuel Avila\AppData\Local\PACE Anti-Piracy\Kqucelq.dll, Delete-on-Reboot, [3df21f20e19bd85e26c4ebfe6d9414ec],
Registry Keys: 7
PUP.Optional.MySearchDial.A, HKU\S-1-5-21-706833560-2454557567-1944840316-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}, Quarantined, [0926f847bbc194a24d980ab3778b47b9],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}, Quarantined, [0926f847bbc194a24d980ab3778b47b9],
PUP.Optional.RocketTab.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\ibnjmihbbanannlbobkbmnmckjnmdnom, Quarantined, [fd3255ea225a2c0a7a3989c77a89728e],
PUP.Optional.RocketTab.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\ibnjmihbbanannlbobkbmnmckjnmdnom, Quarantined, [ca653708106c3105d3e0df712bd85ea2],
PUP.Optional.RocketTab.A, HKU\S-1-5-21-706833560-2454557567-1944840316-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\ibnjmihbbanannlbobkbmnmckjnmdnom, Quarantined, [99960f30fd7f05317f35b19fb25159a7],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-706833560-2454557567-1944840316-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, Quarantined, [bb748bb486f692a4338ddf99a3609e62],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-706833560-2454557567-1944840316-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, Quarantined, [af800d3214683bfbdf169cf293710af6],
Registry Values: 3
Trojan.Chrome.INJ, HKU\S-1-5-21-706833560-2454557567-1944840316-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Kqucelq, regsvr32.exe /s "C:\Users\Samuel Avila\AppData\Local\PACE Anti-Piracy\Kqucelq.dll", Quarantined, [3df21f20e19bd85e26c4ebfe6d9414ec]
Trojan.Agent.KED, HKU\S-1-5-21-706833560-2454557567-1944840316-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|{a7dd7ec0-0ac3-fac1-8587-9bbf8bba7421}, "C:\Users\Samuel Avila\AppData\Local\{a7dd7ec0-0ac3-fac1-8587-9bbf8bba7421}\{a7dd7ec0-0ac3-fac1-8587-9bbf8bba7421}.exe", Quarantined, [e04f9ea117650a2c2512e0661bea16ea]
PUP.Optional.InstallCore.A, HKU\S-1-5-21-706833560-2454557567-1944840316-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0S0TzrtN0V1M1O1H, Quarantined, [af800d3214683bfbdf169cf293710af6]
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 5
Trojan.Chrome.INJ, C:\Users\Samuel Avila\AppData\Local\PACE Anti-Piracy\Kqucelq.dll, Delete-on-Reboot, [3df21f20e19bd85e26c4ebfe6d9414ec],
Trojan.Agent.KED, C:\Users\Samuel Avila\AppData\Local\{a7dd7ec0-0ac3-fac1-8587-9bbf8bba7421}\{a7dd7ec0-0ac3-fac1-8587-9bbf8bba7421}.exe, Delete-on-Reboot, [e04f9ea117650a2c2512e0661bea16ea],
Trojan.BitcoinMiner, C:\Users\Samuel Avila\Desktop\pooler-cpuminer-2.2.3-win32.zip, Quarantined, [999681be23594fe7461c869a2bd68977],
PUP.Optional.Bunndle, C:\Program Files\CamStudio 2.7\BunndleOfferManager.exe, Quarantined, [88a72e11e29a201677d5bf9ec8380cf4],
Trojan.Chrome.INJ, C:\Users\Samuel Avila\AppData\Local\Temp\ysncdmc.dll, Quarantined, [d956f54af08c5ed8e70335b468991ae6],
Physical Sectors: 0
(No malicious items detected)

(end)
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 9/13/2013 11:21:09 PM
System Uptime: 11/23/2014 1:21:35 AM (0 hours ago)
.
Motherboard: TOSHIBA | | QHRAE
Processor: AMD A6-3400M APU with Radeon(tm) HD Graphics | P0 | 1400/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 580 GiB total, 396.985 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP150: 11/13/2014 7:17:24 PM - Windows Update
RP151: 11/14/2014 3:00:16 AM - Windows Update
RP152: 11/18/2014 10:26:31 PM - Windows Update
RP153: 11/19/2014 3:00:13 AM - Windows Update
RP154: 11/22/2014 10:42:15 AM - Windows Update
RP155: 11/22/2014 1:34:24 PM - Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
RP156: 11/22/2014 1:37:04 PM - Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
RP157: 11/22/2014 3:31:55 PM - Windows Update
RP158: 11/22/2014 7:36:51 PM - zoek.exe restore point
RP159: 11/22/2014 8:32:43 PM - Malwarebytes Anti-Rootkit Restore Point
.
==== Installed Programs ======================
.
µTorrent
Adobe After Effects CS6
Adobe AIR
Adobe Dreamweaver CS5.5
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Help Manager
Adobe Illustrator CS6
Adobe Photoshop CS6
Adobe Reader X MUI
Adobe Widget Browser
AMD Accelerated Video Transcoding
AMD Catalyst Control Center
AMD Catalyst Install Manager
Ample Guitar M version 1.1.2
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASIO4ALL
Axure RP Pro 6.5
Bejeweled 3
Bonjour
Brackets
Camel Audio CamelCrusher
CamStudio 2.7.2
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Chuzzle Deluxe
Corel WinDVD
D3DX10
ESET Online Scanner v3
Facebook Video Calling 3.1.0.521
FATE - The Traitor Soul
FileZilla Client 3.8.0
Fishdom (TM) 2
FL Studio 11
FlowStone FL 3.0
GitHub
IL Download Manager
IL Gross Beat
IL Harmless
IL Harmor
IL Juice Pack
IL MiniHost
IL Shared Libraries
iTunes
Java Auto Updater
Java(TM) 6 Update 25
JMicron Flash Media Controller Driver
Junk Mail filter update
Label@Once 1.0
League of Legends
magicJack
Malwarebytes Anti-Malware version 2.0.3.1025
Mesh Runtime
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Native Instruments Battery 4
Native Instruments Kontakt 5
Native Instruments Massive
Native Instruments Massive v1.0.1.008 VSTi DXi RTAS
Native Instruments Service Center
Native Instruments Supercharger
NETGEAR WNDA3100v2 wireless USB 2.0 adapter
PDF Settings CS6
Penguins!
Plants vs. Zombies - Game of the Year
PlayReady PC Runtime amd64
PlayReady PC Runtime x86
PoiZone
Polar Bowler
QuickTime
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Realtek WLAN Driver
reFX Nexus VSTi RTAS v2.2.0
Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
Security Update for Microsoft .NET Framework 4.5.1 (KB2978128)
Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)
Seven Phases Spectrum Analyzer
Sid Meier's Civilization V
Skype Launcher
Steam
swMSM
Synaptics Pointing Device Driver
thinkorswim
Tom Clancy's Splinter Cell
Toshiba App Place
TOSHIBA Application Installer
TOSHIBA Assist
Toshiba Book Place
TOSHIBA Bulletin Board
TOSHIBA Disc Creator
TOSHIBA eco Utility
TOSHIBA Face Recognition
TOSHIBA Flash Cards Support Utility
TOSHIBA Hardware Setup
TOSHIBA HDD Protection
TOSHIBA HDD/SSD Alert
Toshiba Laptop Checkup
TOSHIBA Media Controller
TOSHIBA Media Controller Plug-in
Toshiba Online Backup
TOSHIBA PC Health Monitor
TOSHIBA Quality Application
TOSHIBA Recovery Media Creator
TOSHIBA ReelTime
TOSHIBA Resolution+ Plug-in for Windows Media Player
TOSHIBA Service Station
TOSHIBA Sleep Utility
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
TOSHIBA VIDEO PLAYER
TOSHIBA Web Camera Application
TOSHIBA Wireless LAN Indicator
TOSHIBARegistration
Update Installer for WildTangent Games App
Utility Common Driver
Virtual Villagers 5 - New Believers
WildTangent Games
WildTangent Games App (Toshiba Games)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR 5.00 (32-bit)
WMV9/VC-1 Video Playback
XAMPP 1.8.1
Yamaha USB-MIDI Driver
Zuma's Revenge
.
==== Event Viewer Messages From Past Week ========
.
11/23/2014 1:25:23 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom
11/22/2014 7:55:23 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
11/22/2014 7:53:23 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
11/22/2014 7:53:23 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
11/22/2014 7:53:23 PM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/22/2014 7:53:23 PM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/22/2014 7:53:23 PM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
11/22/2014 7:53:23 PM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/22/2014 7:53:23 PM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/22/2014 7:53:23 PM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
11/22/2014 7:53:23 PM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
11/22/2014 7:53:23 PM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
11/22/2014 7:53:23 PM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
11/22/2014 7:53:23 PM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
11/22/2014 7:52:40 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000116 (0xfffffa80078f64e0, 0xfffff880040ba40c, 0x0000000000000000, 0x0000000000000002). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 112214-166780-01.
11/22/2014 2:58:47 PM, Error: Service Control Manager [7034] - The Diagnostic System Host service terminated unexpectedly. It has done this 1 time(s).
11/22/2014 2:58:47 PM, Error: Service Control Manager [7031] - The WLAN AutoConfig service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
11/22/2014 2:58:47 PM, Error: Service Control Manager [7031] - The Windows Audio Endpoint Builder service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/22/2014 2:58:47 PM, Error: Service Control Manager [7031] - The Superfetch service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/22/2014 2:58:47 PM, Error: Service Control Manager [7031] - The Program Compatibility Assistant Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/22/2014 2:58:47 PM, Error: Service Control Manager [7031] - The Network Connections service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
11/22/2014 2:58:47 PM, Error: Service Control Manager [7031] - The Human Interface Device Access service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
11/22/2014 2:58:47 PM, Error: Service Control Manager [7031] - The Distributed Link Tracking Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
11/22/2014 2:58:47 PM, Error: Service Control Manager [7031] - The Desktop Window Manager Session Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
11/22/2014 12:39:15 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000116 (0xfffffa8008fb54e0, 0xfffff8800400740c, 0x0000000000000000, 0x0000000000000002). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 112214-184190-01.
11/22/2014 12:20:50 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000116 (0xfffffa800979d340, 0xfffff8800408740c, 0x0000000000000000, 0x0000000000000002). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 112214-174767-01.
11/22/2014 12:06:26 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000116 (0xfffffa800a3234e0, 0xfffff8800411440c, 0x0000000000000000, 0x0000000000000002). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 112214-144363-01.
11/22/2014 10:56:22 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000116 (0xfffffa800a2f9010, 0xfffff88003f0840c, 0x0000000000000000, 0x0000000000000002). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 112214-170821-01.
11/22/2014 10:25:41 PM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
11/22/2014 10:25:35 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000116 (0xfffffa800aac9010, 0xfffff8800413e40c, 0x0000000000000000, 0x0000000000000002). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 112214-143895-01.
11/22/2014 10:25:34 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Application Virtualization Client service to connect.
11/22/2014 10:25:34 PM, Error: Service Control Manager [7000] - The Application Virtualization Client service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/22/2014 1:16:31 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the iPod Service service to connect.
11/22/2014 1:16:31 PM, Error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/22/2014 1:16:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
11/22/2014 1:14:28 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000116 (0xfffffa8009a80010, 0xfffff8800406640c, 0x0000000000000000, 0x0000000000000002). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 112214-152974-01.
11/22/2014 1:03:09 PM, Error: Schannel [36887] - The following fatal alert was received: 20.
11/16/2014 1:17:42 AM, Error: Schannel [36887] - The following fatal alert was received: 40.
.
==== End Of File ===========================
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17420
Run by Samuel Avila at 1:37:29 on 2014-11-23
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5609.3491 [GMT -5:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\atieclxx.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\windows\system32\ThpSrv.exe
C:\windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\servicing\TrustedInstaller.exe
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
C:\windows\system32\Dwm.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\windows\Explorer.EXE
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\ThpSrv.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Users\Samuel Avila\AppData\Roaming\uTorrent\uTorrent.exe
C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe
C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\windows\system32\taskmgr.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\windows\system32\Macromed\Flash\FlashUtil64_11_8_800_174_ActiveX.exe
C:\windows\System32\MsSpellCheckingFacility.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com/
uDefault_Page_URL = hxxp://start.toshiba.com
uProxyOverride = <local>;*.local
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
uRun: [uTorrent] "C:\Users\Samuel Avila\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
uRun: [AdobeBridge] <no file>
mRun: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
mRun: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
mRun: [KeNotify] "C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe" LPCM
mRun: [TSleepSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
mRun: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NETGEA~1.LNK - C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{33D63F88-8D75-4747-9850-47EE39A42BCB} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{33D63F88-8D75-4747-9850-47EE39A42BCB}\B416A757B6F68723 : DHCPNameServer = 192.168.0.1 205.171.2.226
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [HSON] C:\Program Files (x86)\TOSHIBA\TBS\HSON.exe
x64-Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3 /MAXX3
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [ThpSrv] C:\windows\System32\thpsrv /logon
x64-Run: [Teco] "C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe" /r
x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
x64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\windows\System32\drivers\amd_sata.sys [2013-9-14 79488]
R0 amd_xata;amd_xata;C:\windows\System32\drivers\amd_xata.sys [2013-9-14 40064]
R0 SCMNdisP;General NDIS Protocol Driver;C:\windows\System32\drivers\SCMNdisP.sys [2014-10-20 25312]
R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\windows\System32\drivers\thpdrv.sys [2011-3-23 36992]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\windows\System32\drivers\Thpevm.sys [2009-6-29 14784]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\drivers\tos_sps64.sys [2013-9-14 482384]
R2 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2013-9-14 204288]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-11-23 1871160]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-11-23 968504]
R2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [2013-9-14 123320]
R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2013-9-14 126392]
R2 regi;regi;C:\windows\System32\drivers\regi.sys [2013-9-14 14112]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2011-5-24 294848]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\drivers\TVALZFL.sys [2009-6-19 14472]
R2 WSWNDA3100;WSWNDA3100;C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [2014-10-20 278528]
R3 amdhub30;AMD USB 3.0 Hub Driver;C:\windows\System32\drivers\amdhub30.sys [2013-9-14 87168]
R3 amdxhc;AMD USB 3.0 Host Controller Driver;C:\windows\System32\drivers\amdxhc.sys [2013-9-14 188544]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\windows\System32\drivers\AtihdW76.sys [2013-9-14 115216]
R3 CeKbFilter;CeKbFilter;C:\windows\System32\drivers\CeKbFilter.sys [2013-9-14 20592]
R3 JMCR;JMCR;C:\windows\System32\drivers\jmcr.sys [2011-5-2 175192]
R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2014-11-23 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\windows\System32\drivers\MBAMSwissArmy.sys [2014-11-22 129752]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\windows\System32\drivers\mwac.sys [2014-11-23 63704]
R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2013-9-14 38096]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2013-9-14 413800]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\System32\drivers\rtl8192ce.sys [2013-9-14 1142376]
R3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2013-9-14 57216]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-6-9 138152]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;C:\windows\System32\drivers\bcmwlhigh664.sys [2011-4-19 1254464]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2014-11-13 114688]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TPCHSrv;TPCH Service;"C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe" --> C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [?]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2013-9-15 1255736]
S3 YMIDUSBW;Yamaha USB-MIDI Driver (WDM);C:\windows\System32\drivers\ymidusbx64.sys [2013-4-4 51496]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
FileExt: .js: jsfile="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5.5\Dreamweaver.exe","%1"
ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5.5\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2014-11-23 05:47:55 63704 ----a-w- C:\windows\System32\drivers\mwac.sys
2014-11-23 05:47:55 25816 ----a-w- C:\windows\System32\drivers\mbam.sys
2014-11-23 05:47:55 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-23 05:47:17 -------- d-----w- C:\Users\Samuel Avila\AppData\Local\Programs
2014-11-23 03:54:45 -------- d-----w- C:\Program Files (x86)\ESET
2014-11-23 03:27:10 -------- d-----w- C:\Users\Samuel Avila\AppData\Local\VirtualStore
2014-11-23 03:27:09 -------- d-----w- C:\Users\Samuel Avila\AppData\Local\tjnet
2014-11-23 03:16:42 -------- d-----w- C:\Users\Samuel Avila\AppData\Local\CrashDumps
2014-11-23 02:32:09 -------- d-----w- C:\Users\Samuel Avila\AppData\Local\SoftGrid Client
2014-11-23 02:32:08 -------- d-----w- C:\Users\Samuel Avila\AppData\Local\Apps
2014-11-23 02:31:02 -------- d-----w- C:\Users\Samuel Avila\AppData\Local\Adobe
2014-11-23 01:33:10 79064 ----a-w- C:\windows\System32\drivers\imofugc.sys
2014-11-23 00:58:08 -------- d-----w- C:\ProgramData\Malwarebytes
2014-11-23 00:57:54 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-11-23 00:57:53 129752 ----a-w- C:\windows\System32\drivers\MBAMSwissArmy.sys
2014-11-23 00:47:25 93400 ----a-w- C:\windows\System32\drivers\mbamchameleon.sys
2014-11-23 00:33:51 -------- d-----w- C:\zoek_backup
2014-11-23 00:00:06 -------- d-----w- C:\FRST
2014-11-22 21:02:12 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{90770DB7-9119-4DC4-9B5B-26D4162AC21D}\offreg.dll
2014-11-22 20:33:07 -------- d-----w- C:\windows\System32\MRT
2014-11-22 18:42:15 -------- d-----w- C:\ProgramData\AMD
2014-11-22 18:42:14 -------- d-----w- C:\Program Files (x86)\AMD AVT
2014-11-22 18:34:42 -------- d-----w- C:\ProgramData\Package Cache
2014-11-22 18:34:06 -------- d-----w- C:\Program Files\ATI Technologies
2014-11-22 15:43:08 11632448 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{90770DB7-9119-4DC4-9B5B-26D4162AC21D}\mpengine.dll
2014-11-22 15:38:32 -------- d-----w- C:\Users\Samuel Avila\AppData\Local\{a7dd7ec0-0ac3-fac1-8587-9bbf8bba7421}
2014-11-19 03:26:30 728064 ----a-w- C:\windows\System32\kerberos.dll
2014-11-19 03:26:30 241152 ----a-w- C:\windows\System32\pku2u.dll
2014-11-19 03:26:30 186880 ----a-w- C:\windows\SysWow64\pku2u.dll
2014-11-19 03:26:29 550912 ----a-w- C:\windows\SysWow64\kerberos.dll
2014-11-15 15:19:32 -------- d-sh--w- C:\Users\Samuel Avila\AppData\Local\EmieBrowserModeList
2014-11-14 01:05:59 814080 ----a-w- C:\windows\System32\jscript9diag.dll
2014-11-14 01:05:59 6040064 ----a-w- C:\windows\System32\jscript9.dll
2014-11-14 01:05:59 1359360 ----a-w- C:\windows\System32\mshtmlmedia.dll
2014-11-14 01:05:58 950784 ----a-w- C:\Program Files\Internet Explorer\iedvtool.dll
2014-11-14 01:05:58 580096 ----a-w- C:\windows\System32\vbscript.dll
2014-11-14 01:05:58 378880 ----a-w- C:\Program Files\Internet Explorer\IEShims.dll
2014-11-14 01:05:58 2365440 ----a-w- C:\windows\System32\wininet.dll
2014-11-14 01:05:57 88064 ----a-w- C:\windows\System32\MshtmlDac.dll
2014-11-14 01:05:57 293040 ----a-w- C:\Program Files\Internet Explorer\sqmapi.dll
2014-11-14 01:05:57 1016832 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
2014-11-14 00:43:17 424448 ----a-w- C:\windows\System32\aeinv.dll
2014-11-14 00:43:17 304640 ----a-w- C:\windows\System32\generaltel.dll
2014-11-14 00:43:17 228864 ----a-w- C:\windows\System32\aepdu.dll
2014-11-14 00:42:53 683520 ----a-w- C:\windows\System32\termsrv.dll
2014-11-14 00:42:53 681984 ----a-w- C:\windows\SysWow64\adtschema.dll
2014-11-14 00:42:53 681984 ----a-w- C:\windows\System32\adtschema.dll
2014-11-14 00:42:53 155064 ----a-w- C:\windows\System32\drivers\ksecpkg.sys
2014-11-14 00:42:52 96768 ----a-w- C:\windows\SysWow64\sspicli.dll
2014-11-14 00:42:52 22016 ----a-w- C:\windows\SysWow64\secur32.dll
2014-11-14 00:42:52 146432 ----a-w- C:\windows\SysWow64\msaudite.dll
2014-11-14 00:42:52 146432 ----a-w- C:\windows\System32\msaudite.dll
2014-11-14 00:42:52 1460736 ----a-w- C:\windows\System32\lsasrv.dll
2014-11-14 00:37:19 2048 ----a-w- C:\windows\SysWow64\msxml3r.dll
2014-11-14 00:37:19 2048 ----a-w- C:\windows\System32\msxml3r.dll
2014-11-14 00:37:19 1882624 ----a-w- C:\windows\System32\msxml3.dll
2014-11-14 00:37:19 1237504 ----a-w- C:\windows\SysWow64\msxml3.dll
2014-11-14 00:37:07 878080 ----a-w- C:\windows\System32\IMJP10K.DLL
2014-11-14 00:37:07 701440 ----a-w- C:\windows\SysWow64\IMJP10K.DLL
2014-11-14 00:36:56 680960 ----a-w- C:\windows\System32\audiosrv.dll
2014-11-14 00:36:56 500224 ----a-w- C:\windows\System32\AUDIOKSE.dll
2014-11-14 00:36:56 442880 ----a-w- C:\windows\SysWow64\AUDIOKSE.dll
2014-11-14 00:36:55 440832 ----a-w- C:\windows\System32\AudioEng.dll
2014-11-14 00:36:55 374784 ----a-w- C:\windows\SysWow64\AudioEng.dll
2014-11-14 00:36:55 296448 ----a-w- C:\windows\System32\AudioSes.dll
2014-11-14 00:36:55 284672 ----a-w- C:\windows\System32\EncDump.dll
2014-11-14 00:36:55 195584 ----a-w- C:\windows\SysWow64\AudioSes.dll
2014-11-14 00:31:38 342016 ----a-w- C:\windows\System32\schannel.dll
2014-11-14 00:31:38 309760 ----a-w- C:\windows\System32\ncrypt.dll
2014-11-14 00:31:38 248832 ----a-w- C:\windows\SysWow64\schannel.dll
2014-11-14 00:31:38 221184 ----a-w- C:\windows\SysWow64\ncrypt.dll
2014-11-14 00:31:37 86528 ----a-w- C:\windows\System32\TSpkg.dll
2014-11-14 00:31:37 65536 ----a-w- C:\windows\SysWow64\TSpkg.dll
2014-11-14 00:31:37 314880 ----a-w- C:\windows\System32\msv1_0.dll
2014-11-14 00:31:37 259584 ----a-w- C:\windows\SysWow64\msv1_0.dll
2014-11-14 00:31:37 22016 ----a-w- C:\windows\System32\credssp.dll
2014-11-14 00:31:37 210944 ----a-w- C:\windows\System32\wdigest.dll
2014-11-14 00:31:37 17408 ----a-w- C:\windows\SysWow64\credssp.dll
2014-11-14 00:31:37 172032 ----a-w- C:\windows\SysWow64\wdigest.dll
2014-11-14 00:30:57 77824 ----a-w- C:\windows\System32\packager.dll
2014-11-14 00:30:57 67584 ----a-w- C:\windows\SysWow64\packager.dll
2014-11-14 00:30:41 3198976 ----a-w- C:\windows\System32\win32k.sys
2014-11-14 00:30:33 3241984 ----a-w- C:\windows\System32\msi.dll
2014-11-14 00:30:33 2363904 ----a-w- C:\windows\SysWow64\msi.dll
2014-11-14 00:30:28 861696 ----a-w- C:\windows\System32\oleaut32.dll
2014-11-14 00:30:28 571904 ----a-w- C:\windows\SysWow64\oleaut32.dll
.
==================== Find3M ====================
.
2014-11-06 04:04:03 2724864 ----a-w- C:\windows\System32\mshtml.tlb
2014-11-06 04:03:50 4096 ----a-w- C:\windows\System32\ieetwcollectorres.dll
2014-11-06 03:47:03 66560 ----a-w- C:\windows\System32\iesetup.dll
2014-11-06 03:46:12 48640 ----a-w- C:\windows\System32\ieetwproxystub.dll
2014-11-06 03:30:22 144384 ----a-w- C:\windows\System32\ieUnatt.exe
2014-11-06 03:30:08 114688 ----a-w- C:\windows\System32\ieetwcollector.exe
2014-11-06 03:28:20 2724864 ----a-w- C:\windows\SysWow64\mshtml.tlb
2014-11-06 03:20:18 968704 ----a-w- C:\windows\System32\MsSpellCheckingFacility.exe
2014-11-06 03:13:43 501248 ----a-w- C:\windows\SysWow64\vbscript.dll
2014-11-06 03:13:36 62464 ----a-w- C:\windows\SysWow64\iesetup.dll
2014-11-06 03:12:44 47616 ----a-w- C:\windows\SysWow64\ieetwproxystub.dll
2014-11-06 03:10:58 64000 ----a-w- C:\windows\SysWow64\MshtmlDac.dll
2014-11-06 03:07:29 77824 ----a-w- C:\windows\System32\JavaScriptCollectionAgent.dll
2014-11-06 02:59:36 115712 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2014-11-06 02:58:38 620032 ----a-w- C:\windows\SysWow64\jscript9diag.dll
2014-11-06 02:42:36 60416 ----a-w- C:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-06 02:38:25 2124288 ----a-w- C:\windows\System32\inetcpl.cpl
2014-11-06 02:21:49 4298240 ----a-w- C:\windows\SysWow64\jscript9.dll
2014-11-06 02:21:25 2051072 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2014-11-06 02:20:37 1155072 ----a-w- C:\windows\SysWow64\mshtmlmedia.dll
2014-11-06 01:52:35 1892864 ----a-w- C:\windows\SysWow64\wininet.dll
2014-11-04 19:30:58 275080 ------w- C:\windows\System32\MpSigStub.exe
2014-09-25 02:08:38 371712 ----a-w- C:\windows\System32\qdvd.dll
2014-09-25 01:40:50 519680 ----a-w- C:\windows\SysWow64\qdvd.dll
2014-09-09 22:11:04 2048 ----a-w- C:\windows\System32\tzres.dll
2014-09-09 21:47:10 2048 ----a-w- C:\windows\SysWow64\tzres.dll
2014-09-04 05:23:20 424448 ----a-w- C:\windows\System32\rastls.dll
2014-09-04 05:04:15 372736 ----a-w- C:\windows\SysWow64\rastls.dll
.
============= FINISH: 1:38:20.96 ===============
 
Here are all of the logs!
Once I finished running the malwarebytes scan, my computer started running faster and the fake Google chrome instances aren't seen on the task manager.
 
I don't see any AV program running.
Why?
Step 1 in our preliminaries calls for installing one of proposed AV programs if you don't have any.
 
I'm so sorry, I had downloaded the install for Avast but never ran it.
Just finished installing it and scan is running, Please let me know what I have to do thanks :)
BTW, I uninstalled Google Chrome yesterday and I just checked my programs and it is there.I have no idea how it was installed because I didn't do it.
Also, is it normal for a computer to be using up 58% physical memory? I see that number in the task manager.
Please let me know what to do because my computer has been running slowly and I have no idea what he problem is.
 
is it normal for a computer to be using up 58% physical memory?
Yes, Windows 7 handles RAM in different way than Windows XP.

When done with Avast...

redtarget.gif
Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

  • Close all the running programs
  • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

redtarget.gif
Create new restore point before proceeding with the next step....
How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

Download
51a5f31352b88-icon_MBAR.png
Malwarebytes Anti-Rootkit to your desktop.
  • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
  • Double click on downloaded file. OK self extracting prompt.
  • MBAR will start. Click "Next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
  • When the scan is finished and no malware has been found select "Exit".
  • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
  • Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
    • "mbar-log-{date} (xx-xx-xx).txt"
    • "system-log.txt"
NOTE. If you see This version requires you to completely exit the Anti Malware application message right click on the Malwarebytes icon in the system tray and click on Exit.
 
RogueKiller V10.0.8.0 [Nov 20 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Samuel Avila [Administrator]
Mode : Scan -- Date : 11/23/2014 21:05:29
¤¤¤ Processes : 0 ¤¤¤
¤¤¤ Registry : 7 ¤¤¤
[PUM.SearchPage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 -> Found
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-706833560-2454557567-1944840316-1001\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 -> Found
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-706833560-2454557567-1944840316-1001\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found
¤¤¤ Tasks : 2 ¤¤¤
[Suspicious.Path] Rocket Updater.job -- C:\Users\SAMUEL~1\AppData\Roaming\ROCKET~1\UPDATE~1\UPDATE~1.EXE (/Check) -> Found
[Suspicious.Path] \\Rocket Updater -- C:\Users\SAMUEL~1\AppData\Roaming\ROCKET~1\UPDATE~1\UPDATE~1.EXE (/Check) -> Found
¤¤¤ Files : 0 ¤¤¤
¤¤¤ Hosts File : 0 ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MK6476GSXN SATA Disk Device +++++
--- User ---
[MBR] c587b64a9ee3b8f0c65ec95ea67aaaa3
[BSP] acac5b4a884c72d03fa0114f145b6644 : HP MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 3074048 | Size: 594364 MB
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 1220331520 | Size: 14615 MB
User = LL1 ... OK
User = LL2 ... OK
 
Malwarebytes Anti-Rootkit BETA 1.08.2.1001
www.malwarebytes.org
Database version: v2014.11.24.01
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17420
Samuel Avila :: SAMUELAVILA-PC [administrator]
11/23/2014 9:12:05 PM
mbar-log-2014-11-23 (21-12-05).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 340472
Time elapsed: 38 minute(s), 37 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
 
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.08.2.1001
(c) Malwarebytes Corporation 2011-2012
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
Account is Administrative
Internet Explorer version: 11.0.9600.17420
Java version: 1.6.0_25
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, Q:\ DRIVE_FIXED
CPU speed: 1.397000 GHz
Memory total: 5881118720, free: 2099970048
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.08.2.1001
(c) Malwarebytes Corporation 2011-2012
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
Account is Administrative
Internet Explorer version: 11.0.9600.17420
Java version: 1.6.0_25
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, Q:\ DRIVE_FIXED
CPU speed: 1.397000 GHz
Memory total: 5881118720, free: 4257325056
=======================================
Initializing...
------------ Kernel report ------------
11/22/2014 19:57:53
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\DRIVERS\LPCFilter.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\compbatt.sys
\SystemRoot\system32\drivers\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\DRIVERS\amd_sata.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\amd_xata.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\scmndisp.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\system32\DRIVERS\TVALZ_O.SYS
\SystemRoot\system32\DRIVERS\tos_sps64.sys
\SystemRoot\system32\DRIVERS\Thpevm.SYS
\SystemRoot\system32\DRIVERS\thpdrv.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\drivers\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\rtl8192Ce.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\amdxhc.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\drivers\i8042prt.sys
\SystemRoot\system32\DRIVERS\CeKbFilter.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\drivers\CmBatt.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\jmcr.sys
\SystemRoot\system32\DRIVERS\SCSIPORT.SYS
\SystemRoot\system32\DRIVERS\amdppm.sys
\SystemRoot\system32\DRIVERS\TVALZFL.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\amdhub30.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\AtihdW76.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_amd_sata.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\pgeffect.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\Sftvollh.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\??\C:\windows\system32\drivers\regi.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\system32\DRIVERS\Sftfslh.sys
\SystemRoot\system32\DRIVERS\Sftplaylh.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\system32\DRIVERS\Sftredirlh.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\spsys.sys
\??\C:\windows\system32\drivers\mbamchameleon.sys
\??\C:\windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\msctf.dll
\Windows\System32\imagehlp.dll
\Windows\System32\user32.dll
\Windows\System32\kernel32.dll
\Windows\System32\iertutil.dll
\Windows\System32\urlmon.dll
\Windows\System32\imm32.dll
\Windows\System32\sechost.dll
\Windows\System32\usp10.dll
\Windows\System32\psapi.dll
\Windows\System32\nsi.dll
\Windows\System32\msvcrt.dll
\Windows\System32\ole32.dll
\Windows\System32\wininet.dll
\Windows\System32\shell32.dll
\Windows\System32\shlwapi.dll
\Windows\System32\clbcatq.dll
\Windows\System32\oleaut32.dll
\Windows\System32\lpk.dll
\Windows\System32\gdi32.dll
\Windows\System32\normaliz.dll
\Windows\System32\advapi32.dll
\Windows\System32\comdlg32.dll
\Windows\System32\ws2_32.dll
\Windows\System32\setupapi.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\Wldap32.dll
\Windows\System32\difxapi.dll
\Windows\System32\userenv.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\crypt32.dll
\Windows\System32\comctl32.dll
\Windows\System32\KernelBase.dll
\Windows\System32\wintrust.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\devobj.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\profapi.dll
\Windows\System32\msasn1.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa800652a060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000006f\
Lower Device Object: 0xfffffa8005f43060
Lower Device Driver Name: \Driver\amd_sata\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa800652a060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800652ab90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800652a060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80064fb710, DeviceName: \Device\THPDRV1\, DriverName: \Driver\Thpdrv\
DevicePointer: 0xfffffa8005f45ac0, DeviceName: Unknown, DriverName: \Driver\amd_xata\
DevicePointer: 0xfffffa8005f43060, DeviceName: \Device\0000006f\, DriverName: \Driver\amd_sata\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: F0641918
Partition information:
Partition 0 type is Other (0x27)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 3072000
Partition file system is NTFS
Partition is bootable
Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 3074048 Numsec = 1217257472
Partition 2 type is HIDDEN (0x17)
Partition is NOT ACTIVE.
Partition starts at LBA: 1220331520 Numsec = 29931520
Partition is not bootable
Hidden partition VBR is not infected.
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 640135028736 bytes
Sector size: 512 bytes
Done!
Infected: C:\Program Files (x86)\Feathercoin\minerd.exe --> [Trojan.BitcoinMiner]
Scan finished
Creating System Restore point...
Cleaning up...
Removal scheduling successful. System shutdown needed.
=======================================

Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-I.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-I.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-2-1220331520-I.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.08.2.1001
(c) Malwarebytes Corporation 2011-2012
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
Account is Administrative
Internet Explorer version: 11.0.9600.17420
Java version: 1.6.0_25
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, Q:\ DRIVE_FIXED
CPU speed: 1.397000 GHz
Memory total: 5881118720, free: 1433612288
Downloaded database version: v2014.11.24.01
Downloaded database version: v2014.11.22.01
=======================================
Initializing...
This version of Malwarebytes Anti-Rootkit requires you to completely exit the Malwarebytes Anti-Malware application to continue.
=======================================
Initializing...
------------ Kernel report ------------
11/23/2014 21:11:47
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\DRIVERS\LPCFilter.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\compbatt.sys
\SystemRoot\system32\drivers\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\DRIVERS\amd_sata.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\amd_xata.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\scmndisp.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\system32\DRIVERS\TVALZ_O.SYS
\SystemRoot\system32\DRIVERS\tos_sps64.sys
\SystemRoot\system32\DRIVERS\Thpevm.SYS
\SystemRoot\system32\DRIVERS\thpdrv.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\aswVmm.sys
\SystemRoot\System32\Drivers\aswRvrt.sys
\SystemRoot\system32\drivers\aswSnx.sys
\SystemRoot\system32\drivers\aswSP.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\drivers\aswRdr2.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\drivers\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\rtl8192Ce.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\amdxhc.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\drivers\i8042prt.sys
\SystemRoot\system32\DRIVERS\CeKbFilter.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\drivers\CmBatt.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\SCSIPORT.SYS
\SystemRoot\system32\DRIVERS\amdppm.sys
\SystemRoot\system32\DRIVERS\TVALZFL.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\amdhub30.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\AtihdW76.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\pgeffect.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_amd_sata.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\aswMonFlt.sys
\SystemRoot\system32\DRIVERS\Sftvollh.sys
\SystemRoot\system32\drivers\aswStm.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\aswHwid.sys
\SystemRoot\system32\drivers\peauth.sys
\??\C:\windows\system32\drivers\regi.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\system32\DRIVERS\Sftfslh.sys
\SystemRoot\system32\DRIVERS\Sftplaylh.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\spsys.sys
\??\C:\windows\system32\drivers\mbamchameleon.sys
\??\C:\windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8006547060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000074\
Lower Device Object: 0xfffffa8005f4d290
Lower Device Driver Name: \Driver\amd_sata\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8006547060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8006547b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8006547060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800653e710, DeviceName: \Device\THPDRV1\, DriverName: \Driver\Thpdrv\
DevicePointer: 0xfffffa8005f60040, DeviceName: Unknown, DriverName: \Driver\amd_xata\
DevicePointer: 0xfffffa8005f4d290, DeviceName: \Device\00000074\, DriverName: \Driver\amd_sata\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: F0641918
Partition information:
Partition 0 type is Other (0x27)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 3072000
Partition file system is NTFS
Partition is bootable
Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 3074048 Numsec = 1217257472
Partition 2 type is HIDDEN (0x17)
Partition is NOT ACTIVE.
Partition starts at LBA: 1220331520 Numsec = 29931520
Partition is not bootable
Hidden partition VBR is not infected.
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 640135028736 bytes
Sector size: 512 bytes
Done!
Scan finished
=======================================

Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-I.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-I.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-2-1220331520-I.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
 
Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    If the connection is not there use restore point you created prior to running Combofix.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
 
ComboFix 14-11-24.02 - Samuel Avila 11/24/2014 12:20:35.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5609.4034 [GMT -5:00]
Running from: c:\users\Samuel Avila\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2014-10-24 to 2014-11-24 )))))))))))))))))))))))))))))))
.
.
2014-11-24 17:30 . 2014-11-24 17:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-11-24 01:25 . 2014-11-24 01:25 34808 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2014-11-24 01:25 . 2014-11-24 01:25 -------- d-----w- c:\programdata\RogueKiller
2014-11-23 23:46 . 2014-11-23 23:49 -------- d-----w- c:\windows\SysWow64\vbox
2014-11-23 23:46 . 2014-11-23 23:49 -------- d-----w- c:\windows\system32\vbox
2014-11-23 23:46 . 2014-11-23 23:46 -------- d-----w- c:\users\Samuel Avila\AppData\Roaming\AVAST Software
2014-11-23 23:42 . 2014-11-23 23:46 -------- d-----w- c:\users\Samuel Avila\AppData\Local\Google
2014-11-23 23:42 . 2014-11-23 23:45 -------- d-----w- c:\program files (x86)\Google
2014-11-23 23:42 . 2014-11-23 23:41 116728 ----a-w- c:\windows\system32\drivers\aswStm.sys
2014-11-23 23:42 . 2014-11-23 23:41 267632 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-11-23 23:42 . 2014-11-23 23:41 436624 ----a-w- c:\windows\system32\drivers\aswSP.sys
2014-11-23 23:42 . 2014-11-23 23:41 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-11-23 23:42 . 2014-11-23 23:41 83280 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-11-23 23:42 . 2014-11-23 23:41 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-11-23 23:42 . 2014-11-23 23:41 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-11-23 23:41 . 2014-11-23 23:45 1050432 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-11-23 23:41 . 2014-11-23 23:41 364512 ----a-w- c:\windows\system32\aswBoot.exe
2014-11-23 23:41 . 2014-11-23 23:41 43152 ----a-w- c:\windows\avastSS.scr
2014-11-23 23:40 . 2014-11-23 23:40 -------- d-----w- c:\program files\AVAST Software
2014-11-23 23:36 . 2014-11-23 23:40 -------- d-----w- c:\programdata\AVAST Software
2014-11-23 00:57 . 2014-11-24 03:04 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-11-23 00:57 . 2014-11-24 13:35 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-11-23 00:47 . 2014-11-24 02:10 96472 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-11-23 00:33 . 2014-11-23 00:33 -------- d-----w- C:\zoek_backup
2014-11-23 00:00 . 2014-11-23 00:07 -------- d-----w- C:\FRST
2014-11-22 21:02 . 2014-11-22 21:02 -------- d-----w- c:\programdata\ATI
2014-11-22 20:33 . 2014-11-22 20:41 -------- d-----w- c:\windows\system32\MRT
2014-11-22 18:42 . 2014-11-22 18:42 -------- d-----w- c:\programdata\AMD
2014-11-22 18:42 . 2014-11-22 18:42 -------- d-----w- c:\program files (x86)\AMD AVT
2014-11-22 18:34 . 2014-11-22 18:37 -------- d-----w- c:\programdata\Package Cache
2014-11-22 18:34 . 2014-11-22 18:41 -------- d-----w- c:\program files\ATI Technologies
2014-11-22 15:43 . 2014-11-02 04:20 11632448 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{90770DB7-9119-4DC4-9B5B-26D4162AC21D}\mpengine.dll
2014-11-19 03:26 . 2014-11-11 03:08 241152 ----a-w- c:\windows\system32\pku2u.dll
2014-11-19 03:26 . 2014-11-11 03:08 728064 ----a-w- c:\windows\system32\kerberos.dll
2014-11-19 03:26 . 2014-11-11 02:44 186880 ----a-w- c:\windows\SysWow64\pku2u.dll
2014-11-19 03:26 . 2014-11-11 02:44 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
2014-11-15 15:19 . 2014-11-15 15:19 -------- d-sh--w- c:\users\Samuel Avila\AppData\Local\EmieBrowserModeList
2014-11-14 01:05 . 2014-11-06 03:29 814080 ----a-w- c:\windows\system32\jscript9diag.dll
2014-11-14 01:05 . 2014-11-06 03:23 6040064 ----a-w- c:\windows\system32\jscript9.dll
2014-11-14 01:05 . 2014-11-06 03:00 92160 ----a-w- c:\windows\system32\mshtmled.dll
2014-11-14 01:05 . 2014-11-06 02:39 1359360 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-11-14 01:05 . 2014-11-06 04:11 950784 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2014-11-14 01:05 . 2014-11-06 03:46 580096 ----a-w- c:\windows\system32\vbscript.dll
2014-11-14 01:05 . 2014-11-06 02:17 2365440 ----a-w- c:\windows\system32\wininet.dll
2014-11-14 01:05 . 2014-11-06 01:58 378880 ----a-w- c:\program files\Internet Explorer\IEShims.dll
2014-11-14 01:05 . 2014-11-07 19:49 293040 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2014-11-14 01:05 . 2014-11-06 04:03 25110016 ----a-w- c:\windows\system32\mshtml.dll
2014-11-14 01:05 . 2014-11-06 03:44 88064 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-11-14 01:05 . 2014-11-06 03:02 199680 ----a-w- c:\windows\system32\msrating.dll
2014-11-14 01:05 . 2014-11-06 03:00 1016832 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2014-11-14 00:43 . 2014-11-05 17:56 304640 ----a-w- c:\windows\system32\generaltel.dll
2014-11-14 00:43 . 2014-11-05 17:56 228864 ----a-w- c:\windows\system32\aepdu.dll
2014-11-14 00:43 . 2014-11-05 17:52 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-11-14 00:42 . 2014-10-14 02:16 155064 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2014-11-14 00:42 . 2014-10-14 02:13 683520 ----a-w- c:\windows\system32\termsrv.dll
2014-11-14 00:42 . 2014-10-14 02:07 681984 ----a-w- c:\windows\system32\adtschema.dll
2014-11-14 00:42 . 2014-10-14 01:46 681984 ----a-w- c:\windows\SysWow64\adtschema.dll
2014-11-14 00:42 . 2014-10-14 02:12 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-11-14 00:42 . 2014-10-14 02:09 146432 ----a-w- c:\windows\system32\msaudite.dll
2014-11-14 00:42 . 2014-10-14 01:50 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-11-14 00:42 . 2014-10-14 01:49 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2014-11-14 00:42 . 2014-10-14 01:47 146432 ----a-w- c:\windows\SysWow64\msaudite.dll
2014-11-14 00:37 . 2014-08-21 06:43 1882624 ----a-w- c:\windows\system32\msxml3.dll
2014-11-14 00:37 . 2014-08-21 06:40 2048 ----a-w- c:\windows\system32\msxml3r.dll
2014-11-14 00:37 . 2014-08-21 06:26 1237504 ----a-w- c:\windows\SysWow64\msxml3.dll
2014-11-14 00:37 . 2014-08-21 06:23 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2014-11-14 00:37 . 2014-08-12 02:02 878080 ----a-w- c:\windows\system32\IMJP10K.DLL
2014-11-14 00:37 . 2014-08-12 01:36 701440 ----a-w- c:\windows\SysWow64\IMJP10K.DLL
2014-11-14 00:36 . 2014-10-03 02:12 500224 ----a-w- c:\windows\system32\AUDIOKSE.dll
2014-11-14 00:36 . 2014-10-03 02:11 680960 ----a-w- c:\windows\system32\audiosrv.dll
2014-11-14 00:36 . 2014-10-03 01:44 442880 ----a-w- c:\windows\SysWow64\AUDIOKSE.dll
2014-11-14 00:36 . 2014-10-03 02:11 284672 ----a-w- c:\windows\system32\EncDump.dll
2014-11-14 00:36 . 2014-10-03 02:11 440832 ----a-w- c:\windows\system32\AudioEng.dll
2014-11-14 00:36 . 2014-10-03 02:11 296448 ----a-w- c:\windows\system32\AudioSes.dll
2014-11-14 00:36 . 2014-10-03 01:44 374784 ----a-w- c:\windows\SysWow64\AudioEng.dll
2014-11-14 00:36 . 2014-10-03 01:44 195584 ----a-w- c:\windows\SysWow64\AudioSes.dll
2014-11-14 00:31 . 2014-09-19 09:42 342016 ----a-w- c:\windows\system32\schannel.dll
2014-11-14 00:31 . 2014-09-19 09:42 309760 ----a-w- c:\windows\system32\ncrypt.dll
2014-11-14 00:31 . 2014-09-19 09:23 248832 ----a-w- c:\windows\SysWow64\schannel.dll
2014-11-14 00:31 . 2014-09-19 09:23 221184 ----a-w- c:\windows\SysWow64\ncrypt.dll
2014-11-14 00:31 . 2014-09-19 09:42 210944 ----a-w- c:\windows\system32\wdigest.dll
2014-11-14 00:31 . 2014-09-19 09:42 86528 ----a-w- c:\windows\system32\TSpkg.dll
2014-11-14 00:31 . 2014-09-19 09:42 314880 ----a-w- c:\windows\system32\msv1_0.dll
2014-11-14 00:31 . 2014-09-19 09:42 22016 ----a-w- c:\windows\system32\credssp.dll
2014-11-14 00:31 . 2014-09-19 09:23 172032 ----a-w- c:\windows\SysWow64\wdigest.dll
2014-11-14 00:31 . 2014-09-19 09:23 65536 ----a-w- c:\windows\SysWow64\TSpkg.dll
2014-11-14 00:31 . 2014-09-19 09:23 259584 ----a-w- c:\windows\SysWow64\msv1_0.dll
2014-11-14 00:31 . 2014-09-19 09:23 17408 ----a-w- c:\windows\SysWow64\credssp.dll
2014-11-14 00:30 . 2014-10-25 01:57 77824 ----a-w- c:\windows\system32\packager.dll
2014-11-14 00:30 . 2014-10-25 01:32 67584 ----a-w- c:\windows\SysWow64\packager.dll
2014-11-14 00:30 . 2014-10-10 00:57 3198976 ----a-w- c:\windows\system32\win32k.sys
2014-11-14 00:30 . 2014-10-14 02:13 3241984 ----a-w- c:\windows\system32\msi.dll
2014-11-14 00:30 . 2014-10-14 01:50 2363904 ----a-w- c:\windows\SysWow64\msi.dll
2014-11-14 00:30 . 2014-10-18 02:05 861696 ----a-w- c:\windows\system32\oleaut32.dll
2014-11-14 00:30 . 2014-10-18 01:33 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-11-04 19:30 . 2010-11-21 03:27 275080 ------w- c:\windows\system32\MpSigStub.exe
2014-09-25 02:08 . 2014-10-01 00:37 371712 ----a-w- c:\windows\system32\qdvd.dll
2014-09-25 01:40 . 2014-10-01 00:37 519680 ----a-w- c:\windows\SysWow64\qdvd.dll
2014-09-09 22:11 . 2014-09-23 21:28 2048 ----a-w- c:\windows\system32\tzres.dll
2014-09-09 21:47 . 2014-09-23 21:28 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2014-09-04 05:23 . 2014-10-20 16:43 424448 ----a-w- c:\windows\system32\rastls.dll
2014-09-04 05:04 . 2014-10-20 16:43 372736 ----a-w- c:\windows\SysWow64\rastls.dll
2014-08-29 19:43 . 2011-03-29 01:36 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\users\Samuel Avila\AppData\Roaming\uTorrent\uTorrent.exe" [2014-11-22 1385808]
"cdloader"="c:\users\Samuel Avila\AppData\Roaming\mjusbsp\cdloader2.exe" [2012-02-01 50592]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2011-03-10 532480]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2011-03-10 423936]
"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2010-08-16 34160]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-07-12 1298816]
"NortonOnlineBackupReminder"="c:\program files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" [2011-06-22 3218864]
"ToshibaAppPlace"="c:\program files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [2010-09-23 552960]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-11-02 152392]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2013-08-26 766208]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-11-23 5226600]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NETGEAR WNDA3100v2 Smart Wizard.lnk - c:\program files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe [2014-10-20 3280896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 WSWNDA3100;WSWNDA3100;c:\program files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe;c:\program files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [x]
R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh664.sys;c:\windows\SYSNATIVE\DRIVERS\bcmwlhigh664.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 YMIDUSBW;Yamaha USB-MIDI Driver (WDM);c:\windows\system32\drivers\ymidusbx64.sys;c:\windows\SYSNATIVE\drivers\ymidusbx64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys;c:\windows\SYSNATIVE\DRIVERS\scmndisp.sys [x]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys;c:\windows\SYSNATIVE\DRIVERS\thpdrv.sys [x]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS;c:\windows\SYSNATIVE\DRIVERS\Thpevm.SYS [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys;c:\windows\SYSNATIVE\DRIVERS\tos_sps64.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [x]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [x]
S2 regi;regi;c:\windows\system32\drivers\regi.sys;c:\windows\SYSNATIVE\drivers\regi.sys [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe;c:\program files\TOSHIBA\TECO\TecoService.exe [x]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys;c:\windows\SYSNATIVE\DRIVERS\TVALZFL.sys [x]
S2 VBoxAswDrv;VBoxAsw Support Driver;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [x]
S3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\amdhub30.sys;c:\windows\SYSNATIVE\DRIVERS\amdhub30.sys [x]
S3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\amdxhc.sys;c:\windows\SYSNATIVE\DRIVERS\amdxhc.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 AvastVBoxSvc;AvastVBox COM Service;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [x]
S3 CeKbFilter;CeKbFilter;c:\windows\system32\DRIVERS\CeKbFilter.sys;c:\windows\SYSNATIVE\DRIVERS\CeKbFilter.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192Ce.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-11-23 23:44 1087304 ----a-w- c:\program files (x86)\Google\Chrome\Application\39.0.2171.65\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-11-23 23:42]
.
2014-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-11-23 23:42]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-11-23 23:41 860984 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [BU]
"HSON"="c:\program files (x86)\TOSHIBA\TBS\HSON.exe" [BU]
"TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [BU]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-02-24 11780712]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-01-18 2188904]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"Teco"="c:\program files (x86)\TOSHIBA\TECO\Teco.exe" [BU]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2011-06-10 710560]
"TosWaitSrv"="c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe" [BU]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"TosNC"="c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe" [BU]
"TosReelTimeMonitor"="c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [BU]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
uInternet Settings,ProxyOverride = <local>;*.local
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
AddRemove-reFX Nexus_is1 - c:\program files (x86)\Uninstall Nexus\unins000.exe
AddRemove-WildTangentGDF-toshiba-clubpenguin - c:\program files (x86)\TOSHIBA Games\Web Link - Club Penguin\Uninstall.exe
AddRemove-WildTangentGDF-toshiba-darkorbit - c:\program files (x86)\TOSHIBA Games\Web Link - Dark Orbit\Uninstall.exe
AddRemove-WildTangentGDF-toshiba-seafight - c:\program files (x86)\TOSHIBA Games\Web Link - Seafight\Uninstall.exe
AddRemove-WildTangentGDF-toshiba-shaiya - c:\program files (x86)\TOSHIBA Games\Web Link - Shaiya\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_174_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_174_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_174_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_174_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_174.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_174.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_174.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_174.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-11-24 12:33:19
ComboFix-quarantined-files.txt 2014-11-24 17:33
ComboFix2.txt 2014-11-24 06:26
.
Pre-Run: 422,219,530,240 bytes free
Post-Run: 422,172,286,976 bytes free
.
- - End Of File - - A93D1E20104157669B142F77327226E4
5B5E648D12FCADC244C1EC30318E1EB9
 
Looks good.

redtarget.gif
Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

redtarget.gif
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

redtarget.gif
Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.
 
# AdwCleaner v4.102 - Report created 25/11/2014 at 01:29:30
# Updated 23/11/2014 by Xplode
# Database : 2014-11-24.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Samuel Avila - SAMUELAVILA-PC
# Running from : C:\Users\Samuel Avila\Desktop\adwcleaner_4.102.exe
# Option : Clean
***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C9F3DDAD-CAC6-4783-887A-D9A113A4545A}
Key Deleted : HKCU\Software\Rocket Browser
Key Deleted : HKCU\Software\RocketUpdater
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17420

-\\ Google Chrome v39.0.2171.65
[C:\Users\Samuel Avila\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Samuel Avila\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
*************************
AdwCleaner[R0].txt - [1600 octets] - [25/11/2014 01:25:59]
AdwCleaner[S0].txt - [1327 octets] - [25/11/2014 01:29:30]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1387 octets] ##########


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.9 (11.15.2014:2)
OS: Windows 7 Home Premium x64
Ran by Samuel Avila on Tue 11/25/2014 at 1:41:45.33
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL
~~~ Registry Keys
~~~ Files
~~~ Folders
Successfully deleted: [Empty Folder] C:\Users\Samuel Avila\appdata\local\{a7dd7ec0-0ac3-fac1-8587-9bbf8bba7421}
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 11/25/2014 at 1:47:50.30
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-11-2014 01
Ran by Samuel Avila (administrator) on SAMUELAVILA-PC on 25-11-2014 01:50:01
Running from C:\Users\Samuel Avila\Desktop
Loaded Profile: Samuel Avila (Available profiles: Samuel Avila)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
() C:\Program Files\TOSHIBA\FlashCards\Hotkey\TCrdKBB.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(BitTorrent Inc.) C:\Users\Samuel Avila\AppData\Roaming\uTorrent\uTorrent.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
() C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe

==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [590256 2011-05-17] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [296824 2010-09-25] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [972672 2011-04-27] (TOSHIBA Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11780712 2011-02-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2188904 2011-01-18] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated)
HKLM\...\Run: [ThpSrv] => C:\windows\system32\thpsrv /logon
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1544624 2011-05-24] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2011-06-09] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [597936 2011-07-27] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38824 2011-06-28] (TOSHIBA Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SVPWUTIL] => C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [532480 2011-03-10] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [HWSetup] => C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [423936 2011-03-10] (TOSHIBA Electronics, Inc.)
HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2010-08-16] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1298816 2011-07-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe [3218864 2011-06-22] (Toshiba)
HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-26] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5226600 2014-11-23] (AVAST Software)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKU\S-1-5-21-706833560-2454557567-1944840316-1001\...\Run: [uTorrent] => C:\Users\Samuel Avila\AppData\Roaming\uTorrent\uTorrent.exe [1385808 2014-11-22] (BitTorrent Inc.)
HKU\S-1-5-21-706833560-2454557567-1944840316-1001\...\Run: [cdloader] => C:\Users\Samuel Avila\AppData\Roaming\mjusbsp\cdloader2.exe [50592 2012-02-01] (magicJack L.P.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNDA3100v2 Smart Wizard.lnk
ShortcutTarget: NETGEAR WNDA3100v2 Smart Wizard.lnk -> C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-706833560-2454557567-1944840316-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-706833560-2454557567-1944840316-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01
HKU\S-1-5-21-706833560-2454557567-1944840316-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM -> DefaultScope {9F97B713-F8C9-4FF5-A3A8-B22C6C95A126} URL = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {9F97B713-F8C9-4FF5-A3A8-B22C6C95A126} URL = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
SearchScopes: HKLM-x32 -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM-x32 -> {9F97B713-F8C9-4FF5-A3A8-B22C6C95A126} URL = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
SearchScopes: HKU\S-1-5-21-706833560-2454557567-1944840316-1001 -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-706833560-2454557567-1944840316-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-706833560-2454557567-1944840316-1001 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-706833560-2454557567-1944840316-1001 -> {9F97B713-F8C9-4FF5-A3A8-B22C6C95A126} URL = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-706833560-2454557567-1944840316-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKU\S-1-5-21-706833560-2454557567-1944840316-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin HKU\S-1-5-21-706833560-2454557567-1944840316-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Samuel Avila\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-11-23]
Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Samuel Avila\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Samuel Avila\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-23]
CHR Extension: (Google Docs) - C:\Users\Samuel Avila\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-23]
CHR Extension: (Google Drive) - C:\Users\Samuel Avila\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-23]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Samuel Avila\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-23]
CHR Extension: (YouTube) - C:\Users\Samuel Avila\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-23]
CHR Extension: (Google Search) - C:\Users\Samuel Avila\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-23]
CHR Extension: (Google Sheets) - C:\Users\Samuel Avila\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-23]
CHR Extension: (Avast Online Security) - C:\Users\Samuel Avila\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-11-23]
CHR Extension: (Google Wallet) - C:\Users\Samuel Avila\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-23]
CHR Extension: (Gmail) - C:\Users\Samuel Avila\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-23]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-23]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-23] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-11-23] (Avast Software)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
R2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [123320 2014-10-20] (Symantec Corporation)
R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [126392 2011-07-19] (Symantec Corporation)
S3 RasAuto; C:\Windows\System32\svchost.exe [27648 2011-03-01] (Microsoft Corporation)
S3 RasAuto; C:\Windows\SysWOW64\svchost.exe [21504 2011-03-01] (Microsoft Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 Thpsrv; C:\windows\system32\ThpSrv.exe [558592 2011-04-20] (TOSHIBA Corporation) [File not signed]
S2 WSWNDA3100; C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [278528 2009-11-04] () [File not signed]
S3 TPCHSrv; "C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe" [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2011-03-01] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-23] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-23] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-23] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-23] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-23] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-23] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-23] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-23] ()
S3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [34808 2014-11-23] ()
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-11-23] (Avast Software)
R3 VSTWinDriver6; C:\Windows\System32\drivers\VSTwindrvr6.sys [252928 2014-06-03] (Jungo)
S3 YMIDUSBW; C:\Windows\System32\drivers\ymidusbx64.sys [51496 2013-04-04] (Yamaha Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-25 01:50 - 2014-11-25 01:50 - 00021605 _____ () C:\Users\Samuel Avila\Desktop\FRST.txt
2014-11-25 01:47 - 2014-11-25 01:47 - 00000889 _____ () C:\Users\Samuel Avila\Desktop\JRT.txt
2014-11-25 01:41 - 2014-11-25 01:41 - 00000000 ____D () C:\windows\ERUNT
2014-11-25 01:40 - 2014-11-25 01:40 - 00001467 _____ () C:\Users\Samuel Avila\Desktop\AdwCleaner[S0].txt
2014-11-25 01:40 - 2014-11-25 01:40 - 00000197 _____ () C:\windows\system32\2014-11-25-06-40-16.043-AvastVBoxSVC.exe-4336.log
2014-11-25 01:29 - 2014-11-25 01:29 - 00320260 _____ () C:\Users\Samuel Avila\AppData\Local\Q$_140066.ENU_SoftGridUserSettings_settings.cp.temp
2014-11-25 01:25 - 2014-11-25 01:30 - 00000000 ____D () C:\AdwCleaner
2014-11-25 01:25 - 2014-11-25 01:25 - 00001685 _____ () C:\Users\Samuel Avila\Desktop\roror.txt
2014-11-25 01:23 - 2014-11-25 01:23 - 02148864 _____ () C:\Users\Samuel Avila\Desktop\adwcleaner_4.102.exe
2014-11-25 01:23 - 2014-11-25 01:23 - 02118144 _____ (Farbar) C:\Users\Samuel Avila\Desktop\FRST64.exe
2014-11-25 01:21 - 2014-11-25 01:21 - 01707532 _____ (Thisisu) C:\Users\Samuel Avila\Desktop\JRT.exe
2014-11-24 18:31 - 2014-11-24 18:31 - 00001060 _____ () C:\Users\Public\Desktop\Logger Pro 3.8.7.lnk
2014-11-24 18:31 - 2014-11-24 18:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vernier Software
2014-11-24 18:31 - 2014-11-24 18:31 - 00000000 ____D () C:\Program Files\DIFX
2014-11-24 18:31 - 2014-06-03 11:42 - 00049536 _____ (Texas Instruments Incorporated) C:\windows\SysWOW64\Drivers\tiehdusb.sys
2014-11-24 18:31 - 2014-06-03 11:42 - 00011520 _____ (Walter Oney Software) C:\windows\SysWOW64\Drivers\wdmstub.sys
2014-11-24 18:28 - 2014-11-24 18:28 - 00000000 ____D () C:\ProgramData\Vernier
2014-11-24 18:28 - 2014-11-24 18:28 - 00000000 ____D () C:\Program Files (x86)\Vernier Software
2014-11-24 18:27 - 2014-11-24 18:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-11-24 18:26 - 2014-11-24 18:27 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-11-24 18:21 - 2014-11-24 18:21 - 326470520 _____ (Vernier Software & Technology) C:\Users\Samuel Avila\Downloads\LoggerPro3_8_7.exe
2014-11-24 15:19 - 2014-11-24 15:19 - 00000000 ____D () C:\Users\Samuel Avila\AppData\Local\Apple
2014-11-24 13:38 - 2014-11-24 13:38 - 00000000 ____D () C:\Users\Samuel Avila\AppData\Local\Native Instruments
2014-11-24 13:37 - 2014-11-24 13:37 - 00000197 _____ () C:\windows\system32\2014-11-24-18-37-47.097-AvastVBoxSVC.exe-2672.log
2014-11-24 13:32 - 2014-11-24 13:33 - 01700192 _____ () C:\windows\Minidump\112414-176312-01.dmp
2014-11-24 12:33 - 2014-11-24 12:33 - 00028574 _____ () C:\ComboFix.txt
2014-11-24 01:06 - 2014-11-24 01:06 - 00000197 _____ () C:\windows\system32\2014-11-24-06-06-25.094-AvastVBoxSVC.exe-3620.log
2014-11-24 00:19 - 2011-06-26 01:45 - 00256000 _____ () C:\windows\PEV.exe
2014-11-24 00:19 - 2010-11-07 12:20 - 00208896 _____ () C:\windows\MBR.exe
2014-11-24 00:19 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2014-11-24 00:19 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2014-11-24 00:19 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2014-11-24 00:19 - 2000-08-30 19:00 - 00098816 _____ () C:\windows\sed.exe
2014-11-24 00:19 - 2000-08-30 19:00 - 00080412 _____ () C:\windows\grep.exe
2014-11-24 00:19 - 2000-08-30 19:00 - 00068096 _____ () C:\windows\zip.exe
2014-11-24 00:18 - 2014-11-24 12:33 - 00000000 ____D () C:\Qoobox
2014-11-24 00:17 - 2014-11-24 01:23 - 00000000 ____D () C:\windows\erdnt
2014-11-24 00:12 - 2014-11-24 12:17 - 05598874 ____R (Swearware) C:\Users\Samuel Avila\Desktop\ComboFix.exe
2014-11-23 23:02 - 2014-11-23 23:02 - 01239386 _____ () C:\Users\Samuel Avila\Downloads\gegnts and jaws take 2.wav
2014-11-23 21:21 - 2014-11-24 00:00 - 72259491 _____ () C:\Users\Samuel Avila\Downloads\gegnts and jaws take 2.zip
2014-11-23 21:08 - 2014-11-23 21:08 - 16448208 _____ (Malwarebytes Corp.) C:\Users\Samuel Avila\Desktop\mbar-1.08.2.1001 (1).exe
2014-11-23 20:25 - 2014-11-23 20:25 - 00034808 _____ () C:\windows\system32\Drivers\TrueSight.sys
2014-11-23 20:25 - 2014-11-23 20:25 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-11-23 20:18 - 2014-11-23 20:19 - 15196248 _____ () C:\Users\Samuel Avila\Downloads\RogueKiller.exe
2014-11-23 20:13 - 2014-11-23 20:13 - 00000247 _____ () C:\windows\system32\2014-11-24-01-13-38.078-aswFe.exe-1076.log
2014-11-23 20:08 - 2014-11-23 20:13 - 00000247 _____ () C:\windows\system32\2014-11-24-01-08-08.023-aswFe.exe-8524.log
2014-11-23 20:08 - 2014-11-23 20:08 - 00000197 _____ () C:\windows\system32\2014-11-24-01-08-00.087-AvastVBoxSVC.exe-4772.log
2014-11-23 18:46 - 2014-11-23 18:49 - 00000000 ____D () C:\windows\SysWOW64\vbox
2014-11-23 18:46 - 2014-11-23 18:49 - 00000000 ____D () C:\windows\system32\vbox
2014-11-23 18:46 - 2014-11-23 18:46 - 00000000 ____D () C:\Users\Samuel Avila\AppData\Roaming\AVAST Software
2014-11-23 18:45 - 2014-11-25 01:38 - 00004182 _____ () C:\windows\System32\Tasks\avast! Emergency Update
2014-11-23 18:45 - 2014-11-23 18:45 - 00001975 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2014-11-23 18:45 - 2014-11-23 18:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2014-11-23 18:44 - 2014-11-23 18:44 - 00002266 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-11-23 18:44 - 2014-11-23 18:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-11-23 18:42 - 2014-11-25 01:36 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-23 18:42 - 2014-11-25 00:54 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-23 18:42 - 2014-11-23 18:49 - 00003894 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-23 18:42 - 2014-11-23 18:49 - 00003642 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-23 18:42 - 2014-11-23 18:46 - 00000000 ____D () C:\Users\Samuel Avila\AppData\Local\Google
2014-11-23 18:42 - 2014-11-23 18:45 - 00000000 ____D () C:\Program Files (x86)\Google
2014-11-23 18:42 - 2014-11-23 18:41 - 00436624 _____ (AVAST Software) C:\windows\system32\Drivers\aswSP.sys
2014-11-23 18:42 - 2014-11-23 18:41 - 00267632 _____ () C:\windows\system32\Drivers\aswVmm.sys
2014-11-23 18:42 - 2014-11-23 18:41 - 00116728 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys
2014-11-23 18:42 - 2014-11-23 18:41 - 00093568 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2014-11-23 18:42 - 2014-11-23 18:41 - 00083280 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2014-11-23 18:42 - 2014-11-23 18:41 - 00065776 _____ () C:\windows\system32\Drivers\aswRvrt.sys
2014-11-23 18:42 - 2014-11-23 18:41 - 00029208 _____ () C:\windows\system32\Drivers\aswHwid.sys
2014-11-23 18:41 - 2014-11-23 18:45 - 01050432 _____ (AVAST Software) C:\windows\system32\Drivers\aswsnx.sys
2014-11-23 18:41 - 2014-11-23 18:41 - 00364512 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2014-11-23 18:41 - 2014-11-23 18:41 - 00043152 _____ (AVAST Software) C:\windows\avastSS.scr
2014-11-23 18:40 - 2014-11-23 18:40 - 00000000 ____D () C:\Program Files\AVAST Software
2014-11-23 18:36 - 2014-11-23 18:40 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-11-23 18:00 - 2014-11-23 18:36 - 132469808 _____ (AVAST Software) C:\Users\Samuel Avila\Downloads\avast_free_antivirus_setup.exe
2014-11-23 09:58 - 2014-11-23 09:58 - 00142941 _____ () C:\Users\Samuel Avila\Downloads\examplelabreport.pages
2014-11-23 01:38 - 2014-11-23 01:38 - 00023759 _____ () C:\Users\Samuel Avila\Desktop\dds.txt
2014-11-23 01:38 - 2014-11-23 01:38 - 00016725 _____ () C:\Users\Samuel Avila\Desktop\attach.txt
2014-11-23 00:48 - 2014-11-23 00:48 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-23 00:48 - 2014-11-23 00:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-23 00:47 - 2014-11-23 00:48 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-23 00:47 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-11-23 00:47 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-11-22 22:54 - 2014-11-22 22:54 - 00009204 _____ () C:\Users\Samuel Avila\Desktop\ESETPoweliksCleaner.exe_20141122.225410.8212.log
2014-11-22 22:54 - 2014-11-22 22:54 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-11-22 22:29 - 2014-11-24 19:21 - 00069512 _____ () C:\Users\Samuel Avila\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-22 22:27 - 2014-11-24 13:42 - 00000000 ____D () C:\Users\Samuel Avila\AppData\Local\VirtualStore
2014-11-22 22:27 - 2014-11-22 22:27 - 00000000 ____D () C:\Users\Samuel Avila\AppData\Local\tjnet
2014-11-22 22:24 - 2014-11-22 22:25 - 01700136 _____ () C:\windows\Minidump\112214-143895-01.dmp
2014-11-22 22:16 - 2014-11-24 13:27 - 00000000 ____D () C:\Users\Samuel Avila\AppData\Local\CrashDumps
2014-11-22 21:32 - 2014-11-24 12:33 - 00000000 ____D () C:\Users\Samuel Avila\AppData\Local\Apps\2.0
2014-11-22 21:32 - 2014-11-22 21:32 - 00000000 ____D () C:\Users\Samuel Avila\AppData\Local\SoftGrid Client
2014-11-22 21:31 - 2014-11-24 21:19 - 00000000 ____D () C:\Users\Samuel Avila\AppData\Local\Adobe
2014-11-22 20:33 - 2014-11-22 20:33 - 00079064 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\imofugc.sys
2014-11-22 20:00 - 2014-11-22 20:00 - 00000913 _____ () C:\Users\Samuel Avila\Downloads\Downloads - Shortcut.lnk
2014-11-22 19:58 - 2014-11-23 00:47 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-22 19:57 - 2014-11-25 01:39 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-22 19:57 - 2014-11-23 22:04 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-11-22 19:51 - 2014-11-22 19:52 - 00372896 _____ () C:\windows\Minidump\112214-166780-01.dmp
2014-11-22 19:47 - 2014-11-23 22:04 - 00000000 ____D () C:\Users\Samuel Avila\Desktop\mbar
2014-11-22 19:47 - 2014-11-23 21:10 - 00096472 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-11-22 19:47 - 2014-11-22 19:47 - 16448208 _____ (Malwarebytes Corp.) C:\Users\Samuel Avila\Downloads\mbar-1.08.2.1001.exe
2014-11-22 19:36 - 2014-11-22 19:37 - 00000428 _____ () C:\zoek-results.log
2014-11-22 19:33 - 2014-11-22 19:45 - 00000626 _____ () C:\runcheck.txt
2014-11-22 19:33 - 2014-11-22 19:33 - 00000000 ____D () C:\zoek_backup
2014-11-22 19:01 - 2014-11-22 22:54 - 02347384 _____ (ESET) C:\Users\Samuel Avila\Downloads\esetsmartinstaller_enu.exe
2014-11-22 19:00 - 2014-11-25 01:50 - 00000000 ____D () C:\FRST
2014-11-22 16:02 - 2014-11-22 16:02 - 00000000 ____D () C:\ProgramData\ATI
2014-11-22 15:33 - 2014-11-22 15:41 - 00000000 ____D () C:\windows\system32\MRT
2014-11-22 15:32 - 2014-10-31 23:26 - 103374192 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-11-22 13:42 - 2014-11-22 13:42 - 00055445 _____ () C:\windows\SysWOW64\CCCInstall_201411221342059497.log
2014-11-22 13:42 - 2014-11-22 13:42 - 00000000 ____D () C:\ProgramData\AMD
2014-11-22 13:42 - 2014-11-22 13:42 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-11-22 13:41 - 2014-11-22 13:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2014-11-22 13:34 - 2014-11-22 13:41 - 00000000 ____D () C:\Program Files\ATI Technologies
2014-11-22 13:34 - 2014-11-22 13:37 - 00000000 ____D () C:\ProgramData\Package Cache
2014-11-22 13:13 - 2014-11-22 13:14 - 00641360 _____ () C:\windows\Minidump\112214-152974-01.dmp
2014-11-22 13:08 - 2014-11-22 13:08 - 00020598 _____ () C:\Users\Samuel Avila\Downloads\Oct-Nov.xlsx
2014-11-22 13:08 - 2014-11-22 13:08 - 00000165 ____H () C:\Users\Samuel Avila\Downloads\~$Oct-Nov.xlsx
2014-11-22 13:03 - 2014-11-22 13:03 - 00017177 _____ () C:\Users\Samuel Avila\Downloads\Sep-Oct.xlsx
2014-11-22 12:38 - 2014-11-22 12:39 - 00372864 _____ () C:\windows\Minidump\112214-184190-01.dmp
2014-11-22 12:19 - 2014-11-22 12:20 - 01043704 _____ () C:\windows\Minidump\112214-174767-01.dmp
2014-11-22 12:05 - 2014-11-22 12:06 - 00641344 _____ () C:\windows\Minidump\112214-144363-01.dmp
2014-11-22 10:55 - 2014-11-24 13:32 - 750936404 _____ () C:\windows\MEMORY.DMP
2014-11-22 10:55 - 2014-11-22 10:56 - 00775584 _____ () C:\windows\Minidump\112214-170821-01.dmp
2014-11-18 22:26 - 2014-11-10 22:08 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-11-18 22:26 - 2014-11-10 22:08 - 00241152 _____ (Microsoft Corporation) C:\windows\system32\pku2u.dll
2014-11-18 22:26 - 2014-11-10 21:44 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-11-18 22:26 - 2014-11-10 21:44 - 00186880 _____ (Microsoft Corporation) C:\windows\SysWOW64\pku2u.dll
2014-11-16 01:26 - 2014-11-16 01:27 - 11525200 _____ () C:\Users\Samuel Avila\Downloads\stream-2.wav
2014-11-16 01:25 - 2014-11-16 01:26 - 11522120 _____ () C:\Users\Samuel Avila\Downloads\stream-3.wav
2014-11-16 01:25 - 2014-11-16 01:26 - 11522120 _____ () C:\Users\Samuel Avila\Downloads\river-6.wav
2014-11-16 01:02 - 2014-11-16 01:02 - 11521068 _____ () C:\Users\Samuel Avila\Downloads\street-traffic-1.wav
2014-11-16 01:01 - 2014-11-16 01:01 - 10581984 _____ () C:\Users\Samuel Avila\Downloads\spring-weather-1.wav
2014-11-16 01:01 - 2014-11-16 01:01 - 07232736 _____ () C:\Users\Samuel Avila\Downloads\boarding-accouncement-1.wav
2014-11-15 23:44 - 2014-11-16 00:18 - 113461751 _____ () C:\Users\Samuel Avila\Downloads\Fade Holly Drummond Remix Stems.zip
2014-11-15 23:01 - 2014-11-15 23:01 - 00083348 _____ () C:\Users\Samuel Avila\Downloads\google.csv
2014-11-15 10:19 - 2014-11-15 10:19 - 00000000 __SHD () C:\Users\Samuel Avila\AppData\Local\EmieBrowserModeList
2014-11-13 20:06 - 2014-11-07 14:49 - 00388272 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-11-13 20:06 - 2014-11-07 14:23 - 00341168 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-11-13 20:06 - 2014-11-05 23:04 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-11-13 20:06 - 2014-11-05 23:03 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-11-13 20:06 - 2014-11-05 22:47 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-11-13 20:06 - 2014-11-05 22:46 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-11-13 20:06 - 2014-11-05 22:43 - 02884096 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-11-13 20:06 - 2014-11-05 22:36 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-11-13 20:06 - 2014-11-05 22:35 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-11-13 20:06 - 2014-11-05 22:31 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-11-13 20:06 - 2014-11-05 22:30 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-11-13 20:06 - 2014-11-05 22:30 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-11-13 20:06 - 2014-11-05 22:28 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-11-13 20:06 - 2014-11-05 22:20 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-11-13 20:06 - 2014-11-05 22:16 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-11-13 20:06 - 2014-11-05 22:13 - 00501248 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-11-13 20:06 - 2014-11-05 22:13 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-11-13 20:06 - 2014-11-05 22:12 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-11-13 20:06 - 2014-11-05 22:10 - 19781632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-11-13 20:06 - 2014-11-05 22:10 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-11-13 20:06 - 2014-11-05 22:07 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-11-13 20:06 - 2014-11-05 22:05 - 02277376 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-11-13 20:06 - 2014-11-05 22:04 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-11-13 20:06 - 2014-11-05 22:03 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-11-13 20:06 - 2014-11-05 22:00 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-11-13 20:06 - 2014-11-05 21:59 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-11-13 20:06 - 2014-11-05 21:58 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-11-13 20:06 - 2014-11-05 21:57 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-11-13 20:06 - 2014-11-05 21:48 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-11-13 20:06 - 2014-11-05 21:42 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-13 20:06 - 2014-11-05 21:41 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-11-13 20:06 - 2014-11-05 21:41 - 00716800 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-11-13 20:06 - 2014-11-05 21:38 - 02124288 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-11-13 20:06 - 2014-11-05 21:37 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-11-13 20:06 - 2014-11-05 21:36 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-11-13 20:06 - 2014-11-05 21:34 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-11-13 20:06 - 2014-11-05 21:30 - 14390272 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-11-13 20:06 - 2014-11-05 21:22 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-11-13 20:06 - 2014-11-05 21:21 - 04298240 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-11-13 20:06 - 2014-11-05 21:21 - 02051072 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-11-13 20:06 - 2014-11-05 21:20 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-11-13 20:06 - 2014-11-05 21:04 - 01550336 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-11-13 20:06 - 2014-11-05 21:03 - 12819456 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-11-13 20:06 - 2014-11-05 20:53 - 00799232 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-11-13 20:06 - 2014-11-05 20:52 - 01892864 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-11-13 20:06 - 2014-11-05 20:48 - 01310208 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-11-13 20:06 - 2014-11-05 20:47 - 00708096 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-11-13 20:05 - 2014-11-05 23:03 - 25110016 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-11-13 20:05 - 2014-11-05 22:46 - 00580096 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-11-13 20:05 - 2014-11-05 22:44 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-11-13 20:05 - 2014-11-05 22:29 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-11-13 20:05 - 2014-11-05 22:23 - 06040064 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-11-13 20:05 - 2014-11-05 22:02 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-11-13 20:05 - 2014-11-05 22:00 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-11-13 20:05 - 2014-11-05 21:39 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-11-13 20:05 - 2014-11-05 21:17 - 02365440 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-11-13 19:43 - 2014-11-05 12:56 - 00304640 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2014-11-13 19:43 - 2014-11-05 12:56 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-11-13 19:43 - 2014-11-05 12:52 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-11-13 19:42 - 2014-10-13 21:16 - 00155064 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2014-11-13 19:42 - 2014-10-13 21:13 - 00683520 _____ (Microsoft Corporation) C:\windows\system32\termsrv.dll
2014-11-13 19:42 - 2014-10-13 21:12 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-11-13 19:42 - 2014-10-13 21:09 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2014-11-13 19:42 - 2014-10-13 21:07 - 00681984 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2014-11-13 19:42 - 2014-10-13 20:50 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2014-11-13 19:42 - 2014-10-13 20:49 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2014-11-13 19:42 - 2014-10-13 20:47 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2014-11-13 19:42 - 2014-10-13 20:46 - 00681984 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2014-11-13 19:37 - 2014-08-21 01:43 - 01882624 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2014-11-13 19:37 - 2014-08-21 01:40 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2014-11-13 19:37 - 2014-08-21 01:26 - 01237504 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2014-11-13 19:37 - 2014-08-21 01:23 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
2014-11-13 19:37 - 2014-08-11 21:02 - 00878080 _____ (Microsoft Corporation) C:\windows\system32\IMJP10K.DLL
2014-11-13 19:37 - 2014-08-11 20:36 - 00701440 _____ (Microsoft Corporation) C:\windows\SysWOW64\IMJP10K.DLL
2014-11-13 19:36 - 2014-10-02 21:12 - 00500224 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll
2014-11-13 19:36 - 2014-10-02 21:11 - 00680960 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
2014-11-13 19:36 - 2014-10-02 21:11 - 00440832 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll
2014-11-13 19:36 - 2014-10-02 21:11 - 00296448 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll
2014-11-13 19:36 - 2014-10-02 21:11 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll
2014-11-13 19:36 - 2014-10-02 20:44 - 00442880 _____ (Microsoft Corporation) C:\windows\SysWOW64\AUDIOKSE.dll
2014-11-13 19:36 - 2014-10-02 20:44 - 00374784 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioEng.dll
2014-11-13 19:36 - 2014-10-02 20:44 - 00195584 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioSes.dll
2014-11-13 19:31 - 2014-09-19 04:42 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-11-13 19:31 - 2014-09-19 04:42 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2014-11-13 19:31 - 2014-09-19 04:42 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2014-11-13 19:31 - 2014-09-19 04:42 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2014-11-13 19:31 - 2014-09-19 04:42 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-11-13 19:31 - 2014-09-19 04:42 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-11-13 19:31 - 2014-09-19 04:23 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2014-11-13 19:31 - 2014-09-19 04:23 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2014-11-13 19:31 - 2014-09-19 04:23 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2014-11-13 19:31 - 2014-09-19 04:23 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2014-11-13 19:31 - 2014-09-19 04:23 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2014-11-13 19:31 - 2014-09-19 04:23 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2014-11-13 19:30 - 2014-10-24 20:57 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\packager.dll
2014-11-13 19:30 - 2014-10-24 20:32 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\packager.dll
2014-11-13 19:30 - 2014-10-17 21:05 - 00861696 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2014-11-13 19:30 - 2014-10-17 20:33 - 00571904 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll
2014-11-13 19:30 - 2014-10-13 21:13 - 03241984 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2014-11-13 19:30 - 2014-10-13 20:50 - 02363904 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2014-11-13 19:30 - 2014-10-09 19:57 - 03198976 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-11-11 21:26 - 2014-11-11 21:26 - 00000000 ____D () C:\Users\Samuel Avila\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Native Instruments Massive
2014-11-11 19:04 - 2014-11-11 19:32 - 185285415 _____ () C:\Users\Samuel Avila\Downloads\BeatportRemixPackage-GentAndJawns-Fireball.zip
2014-11-08 20:55 - 2014-11-08 20:58 - 17825869 _____ () C:\Users\Samuel Avila\Downloads\Future Bass Free FLP.zip
2014-11-08 20:55 - 2014-11-08 20:55 - 00024460 _____ () C:\Users\Samuel Avila\Downloads\FruityPresets.rar
2014-11-08 20:45 - 2014-11-08 20:45 - 00000000 ____D () C:\Users\Samuel Avila\Downloads\fl
2014-11-02 20:43 - 2014-11-02 20:45 - 06126536 _____ (Tim Kosse) C:\Users\Samuel Avila\Downloads\FileZilla_3.9.0.6_win32-setup.exe
2014-11-02 20:38 - 2014-11-02 20:38 - 00029425 _____ () C:\Users\Samuel Avila\Downloads\SimplejQueryDropdowns.zip
 
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-25 01:50 - 2013-09-14 21:42 - 00000000 ____D () C:\Users\Samuel Avila\AppData\Roaming\uTorrent
2014-11-25 01:45 - 2009-07-13 23:45 - 00025120 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-25 01:45 - 2009-07-13 23:45 - 00025120 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-25 01:41 - 2013-09-14 00:22 - 02092820 _____ () C:\windows\WindowsUpdate.log
2014-11-25 01:36 - 2009-07-14 00:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-11-25 01:36 - 2009-07-13 23:45 - 04926104 _____ () C:\windows\system32\FNTCACHE.DAT
2014-11-25 01:35 - 2014-09-12 23:04 - 00010172 _____ () C:\windows\setupact.log
2014-11-25 01:34 - 2010-11-20 22:47 - 00820106 _____ () C:\windows\PFRO.log
2014-11-24 18:31 - 2013-09-14 00:34 - 00015792 _____ () C:\windows\DPINST.LOG
2014-11-24 13:32 - 2013-10-13 16:27 - 00000000 ____D () C:\windows\Minidump
2014-11-24 12:30 - 2009-07-13 21:34 - 00000215 _____ () C:\windows\system.ini
2014-11-24 01:26 - 2009-07-13 22:20 - 00000000 __RHD () C:\Users\Default
2014-11-23 19:55 - 2009-07-14 00:08 - 00032638 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2014-11-23 18:45 - 2013-09-14 00:55 - 00000000 ____D () C:\Program Files\Google
2014-11-23 18:45 - 2013-09-14 00:54 - 00000000 ____D () C:\ProgramData\Google
2014-11-23 01:23 - 2014-02-24 21:30 - 00000000 ____D () C:\Users\Samuel Avila\AppData\Local\PACE Anti-Piracy
2014-11-23 01:20 - 2014-07-11 12:45 - 00000000 ____D () C:\Program Files\CamStudio 2.7
2014-11-22 20:33 - 2013-11-23 17:04 - 00000000 ____D () C:\Program Files (x86)\Feathercoin
2014-11-22 20:33 - 2009-07-14 00:32 - 00000000 ____D () C:\windows\addins
2014-11-22 18:51 - 2011-08-09 21:37 - 00000000 ____D () C:\windows\SysWOW64\Macromed
2014-11-22 15:55 - 2013-09-14 00:51 - 00000000 ____D () C:\Program Files (x86)\TOSHIBA Games
2014-11-22 13:39 - 2013-09-14 00:21 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies
2014-11-22 13:03 - 2013-09-24 20:53 - 00000000 ____D () C:\Users\Samuel Avila\AppData\Roaming\SoftGrid Client
2014-11-16 00:45 - 2014-07-30 13:45 - 00000102 _____ () C:\Users\Samuel Avila\AppData\Roaming\WB.CFG
2014-11-14 04:37 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\rescache
2014-11-14 03:20 - 2014-05-07 09:44 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-11-13 19:17 - 2009-07-14 00:13 - 00783336 _____ () C:\windows\system32\PerfStringBackup.INI
2014-11-12 22:34 - 2013-09-13 23:57 - 00000000 ____D () C:\Users\Samuel Avila\AppData\Roaming\FileZilla
2014-11-11 21:26 - 2013-09-14 21:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments Massive
2014-11-11 21:25 - 2013-09-16 17:33 - 00000000 ____D () C:\Program Files (x86)\Native Instruments
2014-11-06 16:45 - 2013-11-05 18:34 - 00000000 ____D () C:\Users\Samuel Avila\Desktop\euro tst
2014-11-04 14:30 - 2010-11-20 22:27 - 00275080 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
Some content of TEMP:
====================
C:\Users\Samuel Avila\AppData\Local\Temp\Quarantine.exe
C:\Users\Samuel Avila\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-11-19 03:51
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-11-2014 01
Ran by Samuel Avila at 2014-11-25 01:51:02
Running from C:\Users\Samuel Avila\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-706833560-2454557567-1944840316-1001\...\uTorrent) (Version: 3.4.2.35702 - BitTorrent Inc.)
Adobe After Effects CS6 (HKLM-x32\...\{4817D846-700B-474E-A31B-80892B3E92E3}) (Version: 11 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Dreamweaver CS5.5 (HKLM-x32\...\{0215A652-E081-4B09-9333-DC85AAB67FFA}) (Version: 11.5 - Adobe Systems Incorporated)
Adobe Flash Player 10 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 10.3.181.34 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.8.800.174 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Illustrator CS6 (HKLM-x32\...\{4869414E-7AEA-4C8E-BE1C-8D40977FD517}) (Version: 16.0 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Reader X MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.0.0 - Adobe Systems Incorporated)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1) (Version: 2.0 Build 230 - Adobe Systems Incorporated.)
AMD Catalyst Install Manager (HKLM\...\{7A36AF9D-AA8C-770B-B35E-7F2269C245CA}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
Ample Guitar M version 1.1.2 (HKLM-x32\...\{F0855D86-F7D9-4E24-987C-CD7CEBB61AF4}_is1) (Version: 1.1.2 - Ample Sound Technology Co., Ltd.)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.11 Beta1 - Michael Tippach)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
Axure RP Pro 6.5 (HKLM-x32\...\Axure RP Pro 6.5) (Version: 6.5.0.3049 - Axure Software Solutions, Inc.)
Axure RP Pro 6.5 (x32 Version: 6.5.0.3049 - Axure Software Solutions, Inc.) Hidden
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brackets (HKLM-x32\...\{8F3D2997-8FB1-4989-9BE4-40D43AC41BAA}) (Version: 0.43 - brackets.io)
Camel Audio CamelCrusher (HKLM-x32\...\Camel Audio CamelCrusher) (Version: 1.01.0 - Camel Audio)
CamStudio 2.7.2 (HKLM\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7.2 - CamStudio Open Source)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Corel WinDVD (HKLM-x32\...\{5C1F18D2-F6B7-4242-B803-B5A78648185D}) (Version: 10.0.5.871 - Corel Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
FATE - The Traitor Soul (x32 Version: 2.2.0.95 - WildTangent) Hidden
FileZilla Client 3.8.0 (HKU\S-1-5-21-706833560-2454557567-1944840316-1001\...\FileZilla Client) (Version: 3.8.0 - Tim Kosse)
Fishdom (TM) 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
FL Studio 11 (HKLM-x32\...\FL Studio 11) (Version: - Image-Line)
FlowStone FL 3.0 (HKLM-x32\...\FlowStone) (Version: - )
GitHub (HKU\S-1-5-21-706833560-2454557567-1944840316-1001\...\5f7eb300e2ea4ebf) (Version: 1.2.5.0 - GitHub, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.65 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version: - Image-Line)
IL Gross Beat (HKLM-x32\...\IL Gross Beat) (Version: - Image-Line)
IL Harmless (HKLM-x32\...\IL Harmless) (Version: - Image-Line)
IL Harmor (HKLM-x32\...\IL Harmor) (Version: - Image-Line)
IL Juice Pack (HKLM-x32\...\IL Juice Pack) (Version: - Image-Line)
IL MiniHost (HKLM-x32\...\IL MiniHost) (Version: - Image-Line)
IL Shared Libraries (HKLM-x32\...\IL Shared Libraries) (Version: - Image-Line)
iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
Java(TM) 6 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216025FF}) (Version: 6.0.250 - Oracle)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.59.2 - JMicron Technology Corp.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Label@Once 1.0 (HKLM-x32\...\{0D795777-9D60-4692-8386-F2B3F2B5E5BF}) (Version: 1.0 - Corel)
League of Legends (HKLM-x32\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)
Logger Pro 3.8.7 (HKLM-x32\...\{91723F06-AEC9-48CA-7AAE-806AD81D8C60}) (Version: 5.182.429 - Vernier Software & Technology)
magicJack (HKU\S-1-5-21-706833560-2454557567-1944840316-1001\...\magicJack) (Version: 2.0.6073.4413 - magicJack L.P.)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Native Instruments Battery 4 (HKLM-x32\...\Native Instruments Battery 4) (Version: 4.0.1.2234 - Native Instruments)
Native Instruments Kontakt 5 (HKLM-x32\...\Native Instruments Kontakt 5) (Version: 5.2.1.6382 - Native Instruments)
Native Instruments Massive (HKLM-x32\...\Native Instruments Massive) (Version: - Native Instruments)
Native Instruments Massive v1.0.1.008 VSTi DXi RTAS (HKLM-x32\...\Native Instruments Massive v1.0.1.008 VSTi DXi RTAS) (Version: - )
Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version: 2.5.2.1549 - Native Instruments)
Native Instruments Supercharger (HKLM-x32\...\Native Instruments Supercharger) (Version: 1.1.0.418 - Native Instruments)
NETGEAR WNDA3100v2 wireless USB 2.0 adapter (HKLM-x32\...\{3C7839E7-21F4-49E0-B4D5-AC8ED818CCB0}) (Version: 1.0.0.133 - NETGEAR)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
PoiZone (HKLM-x32\...\PoiZone) (Version: - Image-Line)
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.38.113.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6316 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0016 - REALTEK Semiconductor Corp.)
reFX Nexus VSTi RTAS v2.2.0 (HKLM-x32\...\reFX Nexus_is1) (Version: - )
Seven Phases Spectrum Analyzer (HKU\S-1-5-21-706833560-2454557567-1944840316-1001\...\Seven Phases Spectrum Analyzer) (Version: - )
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version: - 2K Games, Inc.)
Skype Launcher (HKLM-x32\...\{DA84ECBF-4B79-47F2-B34C-95C38484C058}) (Version: 2.01 - TOSHIBA Corporation)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.11.1 - Synaptics Incorporated)
thinkorswim (HKLM\...\9968-4488-2169-7623) (Version: desktop - thinkorswim, Inc)
Tom Clancy's Splinter Cell (x32 Version: 2.2.0.97 - WildTangent) Hidden
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.2 - TOSHIBA)
TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.2.3.0 - TOSHIBA CORPORATION)
Toshiba Book Place (HKLM-x32\...\{A14962A7-2B7D-456E-BFCD-F54E3A88D41F}) (Version: 2.2.7530 - K-NFB Reading Technology, Inc.)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{1C8C049A-145F-4A6E-8290-B5C245EBE39D}) (Version: 1.6.11.64 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.11 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM\...\{C2F94B5E-201A-4754-8F2F-4395E1D90DA3}) (Version: 1.3.5.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.17.64 - TOSHIBA Corporation)
TOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.63.0.12C - TOSHIBA CORPORATION)
TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.63.1.37C - TOSHIBA CORPORATION)
TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.2.2.15 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM\...\{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.9 - TOSHIBA Corporation)
Toshiba Laptop Checkup (HKLM-x32\...\NortonPCCheckup) (Version: 2.0.13.11 - Symantec Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.87.4 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.7.5 - TOSHIBA CORPORATION)
Toshiba Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 2.0.0.31 - Toshiba)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.20.6401 - TOSHIBA Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.3 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.5.5109a - TOSHIBA CORPORATION)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.21.64 - TOSHIBA Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.1.2001 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.12 - TOSHIBA)
TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.2.8 - TOSHIBA Corporation)
TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.63.51.3C - TOSHIBA CORPORATION)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.6.1.64 - TOSHIBA Corporation)
TOSHIBA VIDEO PLAYER (HKLM-x32\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 4.00.7.06-A - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.3.3 - TOSHIBA Corporation)
TOSHIBA Wireless LAN Indicator (HKLM-x32\...\{5B01BCB7-A5D3-476F-AF11-E515BA206591}) (Version: 1.0.5 - TOSHIBA CORPORATION)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.6 - TOSHIBA)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Utility Common Driver (x32 Version: 1.0.52.3C - TOSHIBA) Hidden
Virtual Villagers 5 - New Believers (x32 Version: 2.2.0.97 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.2.5 - WildTangent)
WildTangent Games App (Toshiba Games) (x32 Version: 4.0.5.14 - WildTangent) Hidden
Windows Driver Package - Texas Instruments Inc. (SilvrLnk) USB (06/11/2009 1.0.0.0) (HKLM\...\EC3E466026556D3EB760B01C4772277614354E11) (Version: 06/11/2009 1.0.0.0 - Texas Instruments Inc.)
Windows Driver Package - Texas Instruments Inc. (TIEHDUSB) USB (09/02/2009 1.0.0.1) (HKLM\...\7511B29C86C398B4D11A0B0E4176CAD68D1B7057) (Version: 09/02/2009 1.0.0.1 - Texas Instruments Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 5.00 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
WMV9/VC-1 Video Playback (Version: 1.00.0000 - ATI Technologies Inc.) Hidden
XAMPP 1.8.1 (HKLM-x32\...\xampp) (Version: - )
Yamaha USB-MIDI Driver (HKLM-x32\...\InstallShield_{71E75F05-930E-41BA-BDBC-15E3134DD45B}) (Version: 3.1.3.1 - Yamaha Corporation)
Yamaha USB-MIDI Driver (Version: 3.1.3.1 - Yamaha Corporation) Hidden
Zuma's Revenge (x32 Version: 2.2.0.97 - WildTangent) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points =========================
14-11-2014 00:17:24 Windows Update
14-11-2014 08:00:16 Windows Update
19-11-2014 03:26:31 Windows Update
19-11-2014 08:00:13 Windows Update
22-11-2014 15:42:15 Windows Update
22-11-2014 18:34:24 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
22-11-2014 18:37:04 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
22-11-2014 20:31:55 Windows Update
23-11-2014 00:36:51 zoek.exe restore point
23-11-2014 01:32:43 Malwarebytes Anti-Rootkit Restore Point
23-11-2014 23:40:18 avast! antivirus system restore point
24-11-2014 02:08:34 before antivirus
24-11-2014 23:24:55 Installed QuickTime 7
24-11-2014 23:27:45 Installed Logger Pro 3.8.7.
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 21:34 - 2014-11-24 01:19 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {637CAA6D-8E7A-47C3-BEC3-DB8520A47260} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-23] (AVAST Software)
Task: {80B01256-40DA-4C9A-A70E-818B1557C68B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-23] (Google Inc.)
Task: {8D2095ED-1BEB-4C71-95A1-6EA78E7C168F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-23] (Google Inc.)
Task: {A527B911-CA48-417E-A380-8FBCC2D13F4B} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {A8F45855-B64D-47E7-A584-A1BE70B975FA} - System32\Tasks\AdobeAAMUpdater-1.0-SamuelAvila-PC-Samuel Avila => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04] (Adobe Systems Incorporated)
Task: {FFAD9256-8EC5-4ABA-997E-AC4F01CCA992} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2010-11-18 19:18 - 2010-11-18 19:18 - 11190784 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2010-12-15 17:19 - 2010-12-15 17:19 - 00124320 _____ () C:\Program Files\TOSHIBA\TECO\MUIHelp.dll
2011-02-22 21:22 - 2011-02-22 21:22 - 00429432 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe
2014-10-20 12:13 - 2010-02-11 09:00 - 03280896 _____ () C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
2014-11-23 18:41 - 2014-11-23 18:41 - 00388208 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll
2014-11-23 18:41 - 2014-11-23 18:41 - 05851328 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll
2011-06-09 23:09 - 2011-06-09 23:09 - 00079784 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2010-01-02 09:42 - 2010-01-02 09:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2014-11-24 17:35 - 2014-11-24 17:35 - 02903552 _____ () C:\Program Files\AVAST Software\Avast\defs\14112401\algo.dll
2014-11-23 18:41 - 2014-11-23 18:41 - 04495336 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\x86\VBoxRT-x86.dll
2013-04-21 20:44 - 2013-04-21 20:44 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-04-21 20:44 - 2013-04-21 20:44 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-10-20 12:13 - 2009-09-03 10:15 - 00278528 _____ () C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvcLib.dll
2014-11-23 18:41 - 2014-11-23 18:41 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:BF3D62E7
AlternateDataStreams: C:\Users\Samuel Avila\AppData\Local\KYfhAl7qzh:wojlmIhrq9e2hfVDf6gK
AlternateDataStreams: C:\Users\Samuel Avila\AppData\Local\TTC1O7onq0:7stCAwhUMu1lt27bvcOwzPztA
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)

========================= Accounts: ==========================
Administrator (S-1-5-21-706833560-2454557567-1944840316-500 - Administrator - Disabled)
Guest (S-1-5-21-706833560-2454557567-1944840316-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-706833560-2454557567-1944840316-1002 - Limited - Enabled)
Samuel Avila (S-1-5-21-706833560-2454557567-1944840316-1001 - Administrator - Enabled) => C:\Users\Samuel Avila
==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
Microsoft Office Sessions:
=========================
CodeIntegrity Errors:
===================================
Date: 2014-11-24 00:33:03.874
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-11-24 00:33:03.781
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-06-11 19:07:54.871
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\win32k.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-06-11 19:07:54.731
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\win32k.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================
Processor: AMD A6-3400M APU with Radeon(tm) HD Graphics
Percentage of memory in use: 28%
Total physical RAM: 5608.67 MB
Available physical RAM: 3990.19 MB
Total Pagefile: 11215.52 MB
Available Pagefile: 9451.8 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: (TI106242W0C) (Fixed) (Total:580.43 GB) (Free:387.84 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 596.2 GB) (Disk ID: F0641918)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=580.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=14.3 GB) - (Type=17)
==================== End Of Log ============================
 
From everything you've told me to do so far, my computer is running faster, thank you very much!!
There is this thing that happened today though, my computer out of no where froze and turned to a blue screen that was saying something about "dumping files" and then completely turned off and turned back on. I have no idea why that happened, and it would be great if you could tell me what caused this, Thanks!!!
 
If it happened just once I wouldn't worry too much about it.

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

  • fixlist.txt
    1.2 KB · Views: 1
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 23-11-2014 01
Ran by Samuel Avila at 2014-11-25 22:03:26 Run:1
Running from C:\Users\Samuel Avila\Desktop
Loaded Profile: Samuel Avila (Available profiles: Samuel Avila)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
HKU\S-1-5-21-706833560-2454557567-1944840316-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKU\S-1-5-21-706833560-2454557567-1944840316-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin HKU\S-1-5-21-706833560-2454557567-1944840316-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Samuel Avila\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
S3 TPCHSrv; "C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe" [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
C:\Users\Samuel Avila\AppData\Local\Temp\Quarantine.exe
C:\Users\Samuel Avila\AppData\Local\Temp\sqlite3.dll
AlternateDataStreams: C:\ProgramData\TEMP:BF3D62E7
AlternateDataStreams: C:\Users\Samuel Avila\AppData\Local\KYfhAl7qzh:wojlmIhrq9e2hfVDf6gK
AlternateDataStreams: C:\Users\Samuel Avila\AppData\Local\TTC1O7onq0:7stCAwhUMu1lt27bvcOwzPztA
*****************
"HKU\S-1-5-21-706833560-2454557567-1944840316-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
"HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
HKU\S-1-5-21-706833560-2454557567-1944840316-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value deleted successfully.
"HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" => Key not found.
"HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => Key deleted successfully.
"HKU\S-1-5-21-706833560-2454557567-1944840316-1001\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin" => Key deleted successfully.
C:\Users\Samuel Avila\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll not found.
TPCHSrv => Service deleted successfully.
catchme => Service deleted successfully.
VBoxNetFlt => Service deleted successfully.
C:\Users\Samuel Avila\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Samuel Avila\AppData\Local\Temp\sqlite3.dll => Moved successfully.
C:\ProgramData\TEMP => ":BF3D62E7" ADS removed successfully.
C:\Users\Samuel Avila\AppData\Local\KYfhAl7qzh => ":wojlmIhrq9e2hfVDf6gK" ADS removed successfully.
C:\Users\Samuel Avila\AppData\Local\TTC1O7onq0 => ":7stCAwhUMu1lt27bvcOwzPztA" ADS removed successfully.
==== End of Fixlog ====
 
How is computer doing?

Last scans...

redtarget.gif
Download Security Check from here or here and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


redtarget.gif
Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

redtarget.gif
Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.

redtarget.gif
Download Sophos Free Virus Removal Tool and save it to your desktop.
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
 
My computer is running slowly right now and I have no idea why. When I try to watch a YouTube video, this gray exclamation mark appears instead of the video.
Adobe says that it is the "Gray Circle of Death" and it occurs when an application is asking for more memory available on the browser.
http://blogs.adobe.com/dekesmith/20...gray-circle-with-an-exclamation-mark-or-bang/

Is this a virus? Please let me know, thanks!
Also will post the logs in about 10 minutes.
 
Results of screen317's Security Check version 0.99.91
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 2.0.3.1025
Java(TM) 6 Update 25
Java version 32-bit out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Google Chrome (39.0.2171.65)
Google Chrome (39.0.2171.71)
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbam.exe
Malwarebytes Anti-Malware mbamscheduler.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast avastui.exe
AVAST Software Avast ng vbox\AvastVBoxSVC.exe
AVAST Software Avast ng ngservice.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````
 
Back