TechSpot

Fake Google Virus iztztxyd.exe

By Sam22
Nov 22, 2014
  1. Hello,
    I have a virus that appears in my task manager as "google chrome."
    In the task manager, under "Processes" there are multiple instaces of the "Image Name" --- "iztztxyd.exe" which has a description of "google Chrome."
    In the following place: AppData\LocalLow\Macromedia\oarvfwa\gjnjucxf There is a google chrome icon called "iztztxyd.exe" that cannot be deleted.
    I can't delete it bcause it says that the "file is open in Gooogle Chrome" even though I already uninstalled Google Chrome.
    My computer is slow and the CPU usage spikes from 20% to 98% in short periods of times.
    How do I get rid of it?!
    Thank you so, so much!!!!
     
  2. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Welcome aboard [​IMG]


    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  3. Sam22

    Sam22 TS Rookie Topic Starter Posts: 20

    Malwarebytes Anti-Malware
    www.malwarebytes.org
    Scan Date: 11/23/2014
    Scan Time: 12:50:13 AM
    Logfile:
    Administrator: Yes
    Version: 2.00.3.1025
    Malware Database: v2014.11.23.03
    Rootkit Database: v2014.11.22.01
    License: Trial
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Self-protection: Disabled
    OS: Windows 7 Service Pack 1
    CPU: x64
    File System: NTFS
    User: Samuel Avila
    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 336156
    Time Elapsed: 30 min, 7 sec
    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled
    Processes: 0
    (No malicious items detected)
    Modules: 4
    Trojan.Chrome.INJ, C:\Users\Samuel Avila\AppData\Local\PACE Anti-Piracy\Kqucelq.dll, Delete-on-Reboot, [3df21f20e19bd85e26c4ebfe6d9414ec],
    Trojan.Chrome.INJ, C:\Users\Samuel Avila\AppData\Local\PACE Anti-Piracy\Kqucelq.dll, Delete-on-Reboot, [3df21f20e19bd85e26c4ebfe6d9414ec],
    Trojan.Chrome.INJ, C:\Users\Samuel Avila\AppData\Local\PACE Anti-Piracy\Kqucelq.dll, Delete-on-Reboot, [3df21f20e19bd85e26c4ebfe6d9414ec],
    Trojan.Chrome.INJ, C:\Users\Samuel Avila\AppData\Local\PACE Anti-Piracy\Kqucelq.dll, Delete-on-Reboot, [3df21f20e19bd85e26c4ebfe6d9414ec],
    Registry Keys: 7
    PUP.Optional.MySearchDial.A, HKU\S-1-5-21-706833560-2454557567-1944840316-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}, Quarantined, [0926f847bbc194a24d980ab3778b47b9],
    PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}, Quarantined, [0926f847bbc194a24d980ab3778b47b9],
    PUP.Optional.RocketTab.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\ibnjmihbbanannlbobkbmnmckjnmdnom, Quarantined, [fd3255ea225a2c0a7a3989c77a89728e],
    PUP.Optional.RocketTab.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\ibnjmihbbanannlbobkbmnmckjnmdnom, Quarantined, [ca653708106c3105d3e0df712bd85ea2],
    PUP.Optional.RocketTab.A, HKU\S-1-5-21-706833560-2454557567-1944840316-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\ibnjmihbbanannlbobkbmnmckjnmdnom, Quarantined, [99960f30fd7f05317f35b19fb25159a7],
    PUP.Optional.InstallCore.A, HKU\S-1-5-21-706833560-2454557567-1944840316-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, Quarantined, [bb748bb486f692a4338ddf99a3609e62],
    PUP.Optional.InstallCore.A, HKU\S-1-5-21-706833560-2454557567-1944840316-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, Quarantined, [af800d3214683bfbdf169cf293710af6],
    Registry Values: 3
    Trojan.Chrome.INJ, HKU\S-1-5-21-706833560-2454557567-1944840316-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Kqucelq, regsvr32.exe /s "C:\Users\Samuel Avila\AppData\Local\PACE Anti-Piracy\Kqucelq.dll", Quarantined, [3df21f20e19bd85e26c4ebfe6d9414ec]
    Trojan.Agent.KED, HKU\S-1-5-21-706833560-2454557567-1944840316-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|{a7dd7ec0-0ac3-fac1-8587-9bbf8bba7421}, "C:\Users\Samuel Avila\AppData\Local\{a7dd7ec0-0ac3-fac1-8587-9bbf8bba7421}\{a7dd7ec0-0ac3-fac1-8587-9bbf8bba7421}.exe", Quarantined, [e04f9ea117650a2c2512e0661bea16ea]
    PUP.Optional.InstallCore.A, HKU\S-1-5-21-706833560-2454557567-1944840316-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0S0TzrtN0V1M1O1H, Quarantined, [af800d3214683bfbdf169cf293710af6]
    Registry Data: 0
    (No malicious items detected)
    Folders: 0
    (No malicious items detected)
    Files: 5
    Trojan.Chrome.INJ, C:\Users\Samuel Avila\AppData\Local\PACE Anti-Piracy\Kqucelq.dll, Delete-on-Reboot, [3df21f20e19bd85e26c4ebfe6d9414ec],
    Trojan.Agent.KED, C:\Users\Samuel Avila\AppData\Local\{a7dd7ec0-0ac3-fac1-8587-9bbf8bba7421}\{a7dd7ec0-0ac3-fac1-8587-9bbf8bba7421}.exe, Delete-on-Reboot, [e04f9ea117650a2c2512e0661bea16ea],
    Trojan.BitcoinMiner, C:\Users\Samuel Avila\Desktop\pooler-cpuminer-2.2.3-win32.zip, Quarantined, [999681be23594fe7461c869a2bd68977],
    PUP.Optional.Bunndle, C:\Program Files\CamStudio 2.7\BunndleOfferManager.exe, Quarantined, [88a72e11e29a201677d5bf9ec8380cf4],
    Trojan.Chrome.INJ, C:\Users\Samuel Avila\AppData\Local\Temp\ysncdmc.dll, Quarantined, [d956f54af08c5ed8e70335b468991ae6],
    Physical Sectors: 0
    (No malicious items detected)

    (end)
     
  4. Sam22

    Sam22 TS Rookie Topic Starter Posts: 20

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 9/13/2013 11:21:09 PM
    System Uptime: 11/23/2014 1:21:35 AM (0 hours ago)
    .
    Motherboard: TOSHIBA | | QHRAE
    Processor: AMD A6-3400M APU with Radeon(tm) HD Graphics | P0 | 1400/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 580 GiB total, 396.985 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP150: 11/13/2014 7:17:24 PM - Windows Update
    RP151: 11/14/2014 3:00:16 AM - Windows Update
    RP152: 11/18/2014 10:26:31 PM - Windows Update
    RP153: 11/19/2014 3:00:13 AM - Windows Update
    RP154: 11/22/2014 10:42:15 AM - Windows Update
    RP155: 11/22/2014 1:34:24 PM - Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
    RP156: 11/22/2014 1:37:04 PM - Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
    RP157: 11/22/2014 3:31:55 PM - Windows Update
    RP158: 11/22/2014 7:36:51 PM - zoek.exe restore point
    RP159: 11/22/2014 8:32:43 PM - Malwarebytes Anti-Rootkit Restore Point
    .
    ==== Installed Programs ======================
    .
    µTorrent
    Adobe After Effects CS6
    Adobe AIR
    Adobe Dreamweaver CS5.5
    Adobe Flash Player 10 Plugin
    Adobe Flash Player 11 ActiveX
    Adobe Help Manager
    Adobe Illustrator CS6
    Adobe Photoshop CS6
    Adobe Reader X MUI
    Adobe Widget Browser
    AMD Accelerated Video Transcoding
    AMD Catalyst Control Center
    AMD Catalyst Install Manager
    Ample Guitar M version 1.1.2
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ASIO4ALL
    Axure RP Pro 6.5
    Bejeweled 3
    Bonjour
    Brackets
    Camel Audio CamelCrusher
    CamStudio 2.7.2
    Catalyst Control Center - Branding
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    ccc-utility64
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    Chuzzle Deluxe
    Corel WinDVD
    D3DX10
    ESET Online Scanner v3
    Facebook Video Calling 3.1.0.521
    FATE - The Traitor Soul
    FileZilla Client 3.8.0
    Fishdom (TM) 2
    FL Studio 11
    FlowStone FL 3.0
    GitHub
    IL Download Manager
    IL Gross Beat
    IL Harmless
    IL Harmor
    IL Juice Pack
    IL MiniHost
    IL Shared Libraries
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 25
    JMicron Flash Media Controller Driver
    Junk Mail filter update
    Label@Once 1.0
    League of Legends
    magicJack
    Malwarebytes Anti-Malware version 2.0.3.1025
    Mesh Runtime
    Microsoft .NET Framework 4.5.1
    Microsoft Application Error Reporting
    Microsoft Office 2010
    Microsoft Office Click-to-Run 2010
    Microsoft Office Starter 2010 - English
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable (x64)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
    Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
    Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
    Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727
    Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_MFC_x86
    Microsoft_VC90_MFCLOC_x86
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Native Instruments Battery 4
    Native Instruments Kontakt 5
    Native Instruments Massive
    Native Instruments Massive v1.0.1.008 VSTi DXi RTAS
    Native Instruments Service Center
    Native Instruments Supercharger
    NETGEAR WNDA3100v2 wireless USB 2.0 adapter
    PDF Settings CS6
    Penguins!
    Plants vs. Zombies - Game of the Year
    PlayReady PC Runtime amd64
    PlayReady PC Runtime x86
    PoiZone
    Polar Bowler
    QuickTime
    Realtek Ethernet Controller Driver
    Realtek High Definition Audio Driver
    Realtek WLAN Driver
    reFX Nexus VSTi RTAS v2.2.0
    Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2978128)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)
    Seven Phases Spectrum Analyzer
    Sid Meier's Civilization V
    Skype Launcher
    Steam
    swMSM
    Synaptics Pointing Device Driver
    thinkorswim
    Tom Clancy's Splinter Cell
    Toshiba App Place
    TOSHIBA Application Installer
    TOSHIBA Assist
    Toshiba Book Place
    TOSHIBA Bulletin Board
    TOSHIBA Disc Creator
    TOSHIBA eco Utility
    TOSHIBA Face Recognition
    TOSHIBA Flash Cards Support Utility
    TOSHIBA Hardware Setup
    TOSHIBA HDD Protection
    TOSHIBA HDD/SSD Alert
    Toshiba Laptop Checkup
    TOSHIBA Media Controller
    TOSHIBA Media Controller Plug-in
    Toshiba Online Backup
    TOSHIBA PC Health Monitor
    TOSHIBA Quality Application
    TOSHIBA Recovery Media Creator
    TOSHIBA ReelTime
    TOSHIBA Resolution+ Plug-in for Windows Media Player
    TOSHIBA Service Station
    TOSHIBA Sleep Utility
    TOSHIBA Supervisor Password
    TOSHIBA Value Added Package
    TOSHIBA VIDEO PLAYER
    TOSHIBA Web Camera Application
    TOSHIBA Wireless LAN Indicator
    TOSHIBARegistration
    Update Installer for WildTangent Games App
    Utility Common Driver
    Virtual Villagers 5 - New Believers
    WildTangent Games
    WildTangent Games App (Toshiba Games)
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Language Selector
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live Remote Client
    Windows Live Remote Client Resources
    Windows Live Remote Service
    Windows Live Remote Service Resources
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    WinRAR 5.00 (32-bit)
    WMV9/VC-1 Video Playback
    XAMPP 1.8.1
    Yamaha USB-MIDI Driver
    Zuma's Revenge
    .
    ==== Event Viewer Messages From Past Week ========
    .
    11/23/2014 1:25:23 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom
    11/22/2014 7:55:23 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
    11/22/2014 7:53:23 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    11/22/2014 7:53:23 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    11/22/2014 7:53:23 PM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    11/22/2014 7:53:23 PM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    11/22/2014 7:53:23 PM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    11/22/2014 7:53:23 PM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    11/22/2014 7:53:23 PM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    11/22/2014 7:53:23 PM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    11/22/2014 7:53:23 PM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    11/22/2014 7:53:23 PM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    11/22/2014 7:53:23 PM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    11/22/2014 7:53:23 PM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    11/22/2014 7:52:40 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000116 (0xfffffa80078f64e0, 0xfffff880040ba40c, 0x0000000000000000, 0x0000000000000002). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 112214-166780-01.
    11/22/2014 2:58:47 PM, Error: Service Control Manager [7034] - The Diagnostic System Host service terminated unexpectedly. It has done this 1 time(s).
    11/22/2014 2:58:47 PM, Error: Service Control Manager [7031] - The WLAN AutoConfig service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    11/22/2014 2:58:47 PM, Error: Service Control Manager [7031] - The Windows Audio Endpoint Builder service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    11/22/2014 2:58:47 PM, Error: Service Control Manager [7031] - The Superfetch service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    11/22/2014 2:58:47 PM, Error: Service Control Manager [7031] - The Program Compatibility Assistant Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    11/22/2014 2:58:47 PM, Error: Service Control Manager [7031] - The Network Connections service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
    11/22/2014 2:58:47 PM, Error: Service Control Manager [7031] - The Human Interface Device Access service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    11/22/2014 2:58:47 PM, Error: Service Control Manager [7031] - The Distributed Link Tracking Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    11/22/2014 2:58:47 PM, Error: Service Control Manager [7031] - The Desktop Window Manager Session Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    11/22/2014 12:39:15 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000116 (0xfffffa8008fb54e0, 0xfffff8800400740c, 0x0000000000000000, 0x0000000000000002). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 112214-184190-01.
    11/22/2014 12:20:50 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000116 (0xfffffa800979d340, 0xfffff8800408740c, 0x0000000000000000, 0x0000000000000002). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 112214-174767-01.
    11/22/2014 12:06:26 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000116 (0xfffffa800a3234e0, 0xfffff8800411440c, 0x0000000000000000, 0x0000000000000002). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 112214-144363-01.
    11/22/2014 10:56:22 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000116 (0xfffffa800a2f9010, 0xfffff88003f0840c, 0x0000000000000000, 0x0000000000000002). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 112214-170821-01.
    11/22/2014 10:25:41 PM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
    11/22/2014 10:25:35 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000116 (0xfffffa800aac9010, 0xfffff8800413e40c, 0x0000000000000000, 0x0000000000000002). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 112214-143895-01.
    11/22/2014 10:25:34 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Application Virtualization Client service to connect.
    11/22/2014 10:25:34 PM, Error: Service Control Manager [7000] - The Application Virtualization Client service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    11/22/2014 1:16:31 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the iPod Service service to connect.
    11/22/2014 1:16:31 PM, Error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    11/22/2014 1:16:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
    11/22/2014 1:14:28 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000116 (0xfffffa8009a80010, 0xfffff8800406640c, 0x0000000000000000, 0x0000000000000002). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 112214-152974-01.
    11/22/2014 1:03:09 PM, Error: Schannel [36887] - The following fatal alert was received: 20.
    11/16/2014 1:17:42 AM, Error: Schannel [36887] - The following fatal alert was received: 40.
    .
    ==== End Of File ===========================
     
  5. Sam22

    Sam22 TS Rookie Topic Starter Posts: 20

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 11.0.9600.17420
    Run by Samuel Avila at 1:37:29 on 2014-11-23
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5609.3491 [GMT -5:00]
    .
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\windows\system32\lsm.exe
    C:\windows\system32\svchost.exe -k DcomLaunch
    C:\windows\system32\svchost.exe -k RPCSS
    C:\windows\system32\atiesrxx.exe
    C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\windows\system32\svchost.exe -k LocalService
    C:\windows\system32\svchost.exe -k netsvcs
    C:\windows\system32\svchost.exe -k NetworkService
    C:\windows\System32\spoolsv.exe
    C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\windows\system32\atieclxx.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
    C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    C:\windows\system32\ThpSrv.exe
    C:\windows\system32\TODDSrv.exe
    C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\TOSHIBA\TECO\TecoService.exe
    C:\windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe
    C:\windows\System32\svchost.exe -k secsvcs
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\windows\system32\SearchIndexer.exe
    C:\windows\servicing\TrustedInstaller.exe
    C:\windows\system32\taskhost.exe
    C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
    C:\windows\system32\Dwm.exe
    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    C:\windows\Explorer.EXE
    C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
    C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\System32\ThpSrv.exe
    C:\Program Files\TOSHIBA\TECO\Teco.exe
    C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
    C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
    C:\Users\Samuel Avila\AppData\Roaming\uTorrent\uTorrent.exe
    C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
    C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe
    C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
    C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
    C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
    C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    C:\windows\system32\taskmgr.exe
    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    C:\windows\system32\Macromed\Flash\FlashUtil64_11_8_800_174_ActiveX.exe
    C:\windows\System32\MsSpellCheckingFacility.exe
    C:\windows\system32\wbem\wmiprvse.exe
    C:\windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://google.com/
    uDefault_Page_URL = hxxp://start.toshiba.com
    uProxyOverride = <local>;*.local
    mWinlogon: Userinit = userinit.exe,
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
    uRun: [uTorrent] "C:\Users\Samuel Avila\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
    uRun: [AdobeBridge] <no file>
    mRun: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
    mRun: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
    mRun: [KeNotify] "C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe" LPCM
    mRun: [TSleepSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
    mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
    mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
    mRun: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
    mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NETGEA~1.LNK - C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{33D63F88-8D75-4747-9850-47EE39A42BCB} : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{33D63F88-8D75-4747-9850-47EE39A42BCB}\B416A757B6F68723 : DHCPNameServer = 192.168.0.1 205.171.2.226
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SSODL: WebCheck - <orphaned>
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll
    x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
    x64-Run: [HSON] C:\Program Files (x86)\TOSHIBA\TBS\HSON.exe
    x64-Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
    x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3 /MAXX3
    x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
    x64-Run: [ThpSrv] C:\windows\System32\thpsrv /logon
    x64-Run: [Teco] "C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe" /r
    x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
    x64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
    x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
    x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
    x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
    x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-SSODL: WebCheck - <orphaned>
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 amd_sata;amd_sata;C:\windows\System32\drivers\amd_sata.sys [2013-9-14 79488]
    R0 amd_xata;amd_xata;C:\windows\System32\drivers\amd_xata.sys [2013-9-14 40064]
    R0 SCMNdisP;General NDIS Protocol Driver;C:\windows\System32\drivers\SCMNdisP.sys [2014-10-20 25312]
    R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\windows\System32\drivers\thpdrv.sys [2011-3-23 36992]
    R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\windows\System32\drivers\Thpevm.sys [2009-6-29 14784]
    R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\drivers\tos_sps64.sys [2013-9-14 482384]
    R2 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2013-9-14 204288]
    R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
    R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-11-23 1871160]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-11-23 968504]
    R2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [2013-9-14 123320]
    R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2013-9-14 126392]
    R2 regi;regi;C:\windows\System32\drivers\regi.sys [2013-9-14 14112]
    R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
    R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2011-5-24 294848]
    R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\drivers\TVALZFL.sys [2009-6-19 14472]
    R2 WSWNDA3100;WSWNDA3100;C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [2014-10-20 278528]
    R3 amdhub30;AMD USB 3.0 Hub Driver;C:\windows\System32\drivers\amdhub30.sys [2013-9-14 87168]
    R3 amdxhc;AMD USB 3.0 Host Controller Driver;C:\windows\System32\drivers\amdxhc.sys [2013-9-14 188544]
    R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\windows\System32\drivers\AtihdW76.sys [2013-9-14 115216]
    R3 CeKbFilter;CeKbFilter;C:\windows\System32\drivers\CeKbFilter.sys [2013-9-14 20592]
    R3 JMCR;JMCR;C:\windows\System32\drivers\jmcr.sys [2011-5-2 175192]
    R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2014-11-23 25816]
    R3 MBAMSwissArmy;MBAMSwissArmy;C:\windows\System32\drivers\MBAMSwissArmy.sys [2014-11-22 129752]
    R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\windows\System32\drivers\mwac.sys [2014-11-23 63704]
    R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2013-9-14 38096]
    R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2013-9-14 413800]
    R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\System32\drivers\rtl8192ce.sys [2013-9-14 1142376]
    R3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
    R3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
    R3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
    R3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
    R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
    R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2013-9-14 57216]
    R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-6-9 138152]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
    S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;C:\windows\System32\drivers\bcmwlhigh664.sys [2011-4-19 1254464]
    S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2014-11-13 114688]
    S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
    S3 TPCHSrv;TPCH Service;"C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe" --> C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [?]
    S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2013-9-15 1255736]
    S3 YMIDUSBW;Yamaha USB-MIDI Driver (WDM);C:\windows\System32\drivers\ymidusbx64.sys [2013-4-4 51496]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== File Associations ===============
    .
    FileExt: .js: jsfile="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5.5\Dreamweaver.exe","%1"
    ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5.5\dreamweaver.exe", "%1"
    .
    =============== Created Last 30 ================
    .
    2014-11-23 05:47:55 63704 ----a-w- C:\windows\System32\drivers\mwac.sys
    2014-11-23 05:47:55 25816 ----a-w- C:\windows\System32\drivers\mbam.sys
    2014-11-23 05:47:55 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-11-23 05:47:17 -------- d-----w- C:\Users\Samuel Avila\AppData\Local\Programs
    2014-11-23 03:54:45 -------- d-----w- C:\Program Files (x86)\ESET
    2014-11-23 03:27:10 -------- d-----w- C:\Users\Samuel Avila\AppData\Local\VirtualStore
    2014-11-23 03:27:09 -------- d-----w- C:\Users\Samuel Avila\AppData\Local\tjnet
    2014-11-23 03:16:42 -------- d-----w- C:\Users\Samuel Avila\AppData\Local\CrashDumps
    2014-11-23 02:32:09 -------- d-----w- C:\Users\Samuel Avila\AppData\Local\SoftGrid Client
    2014-11-23 02:32:08 -------- d-----w- C:\Users\Samuel Avila\AppData\Local\Apps
    2014-11-23 02:31:02 -------- d-----w- C:\Users\Samuel Avila\AppData\Local\Adobe
    2014-11-23 01:33:10 79064 ----a-w- C:\windows\System32\drivers\imofugc.sys
    2014-11-23 00:58:08 -------- d-----w- C:\ProgramData\Malwarebytes
    2014-11-23 00:57:54 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2014-11-23 00:57:53 129752 ----a-w- C:\windows\System32\drivers\MBAMSwissArmy.sys
    2014-11-23 00:47:25 93400 ----a-w- C:\windows\System32\drivers\mbamchameleon.sys
    2014-11-23 00:33:51 -------- d-----w- C:\zoek_backup
    2014-11-23 00:00:06 -------- d-----w- C:\FRST
    2014-11-22 21:02:12 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{90770DB7-9119-4DC4-9B5B-26D4162AC21D}\offreg.dll
    2014-11-22 20:33:07 -------- d-----w- C:\windows\System32\MRT
    2014-11-22 18:42:15 -------- d-----w- C:\ProgramData\AMD
    2014-11-22 18:42:14 -------- d-----w- C:\Program Files (x86)\AMD AVT
    2014-11-22 18:34:42 -------- d-----w- C:\ProgramData\Package Cache
    2014-11-22 18:34:06 -------- d-----w- C:\Program Files\ATI Technologies
    2014-11-22 15:43:08 11632448 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{90770DB7-9119-4DC4-9B5B-26D4162AC21D}\mpengine.dll
    2014-11-22 15:38:32 -------- d-----w- C:\Users\Samuel Avila\AppData\Local\{a7dd7ec0-0ac3-fac1-8587-9bbf8bba7421}
    2014-11-19 03:26:30 728064 ----a-w- C:\windows\System32\kerberos.dll
    2014-11-19 03:26:30 241152 ----a-w- C:\windows\System32\pku2u.dll
    2014-11-19 03:26:30 186880 ----a-w- C:\windows\SysWow64\pku2u.dll
    2014-11-19 03:26:29 550912 ----a-w- C:\windows\SysWow64\kerberos.dll
    2014-11-15 15:19:32 -------- d-sh--w- C:\Users\Samuel Avila\AppData\Local\EmieBrowserModeList
    2014-11-14 01:05:59 814080 ----a-w- C:\windows\System32\jscript9diag.dll
    2014-11-14 01:05:59 6040064 ----a-w- C:\windows\System32\jscript9.dll
    2014-11-14 01:05:59 1359360 ----a-w- C:\windows\System32\mshtmlmedia.dll
    2014-11-14 01:05:58 950784 ----a-w- C:\Program Files\Internet Explorer\iedvtool.dll
    2014-11-14 01:05:58 580096 ----a-w- C:\windows\System32\vbscript.dll
    2014-11-14 01:05:58 378880 ----a-w- C:\Program Files\Internet Explorer\IEShims.dll
    2014-11-14 01:05:58 2365440 ----a-w- C:\windows\System32\wininet.dll
    2014-11-14 01:05:57 88064 ----a-w- C:\windows\System32\MshtmlDac.dll
    2014-11-14 01:05:57 293040 ----a-w- C:\Program Files\Internet Explorer\sqmapi.dll
    2014-11-14 01:05:57 1016832 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
    2014-11-14 00:43:17 424448 ----a-w- C:\windows\System32\aeinv.dll
    2014-11-14 00:43:17 304640 ----a-w- C:\windows\System32\generaltel.dll
    2014-11-14 00:43:17 228864 ----a-w- C:\windows\System32\aepdu.dll
    2014-11-14 00:42:53 683520 ----a-w- C:\windows\System32\termsrv.dll
    2014-11-14 00:42:53 681984 ----a-w- C:\windows\SysWow64\adtschema.dll
    2014-11-14 00:42:53 681984 ----a-w- C:\windows\System32\adtschema.dll
    2014-11-14 00:42:53 155064 ----a-w- C:\windows\System32\drivers\ksecpkg.sys
    2014-11-14 00:42:52 96768 ----a-w- C:\windows\SysWow64\sspicli.dll
    2014-11-14 00:42:52 22016 ----a-w- C:\windows\SysWow64\secur32.dll
    2014-11-14 00:42:52 146432 ----a-w- C:\windows\SysWow64\msaudite.dll
    2014-11-14 00:42:52 146432 ----a-w- C:\windows\System32\msaudite.dll
    2014-11-14 00:42:52 1460736 ----a-w- C:\windows\System32\lsasrv.dll
    2014-11-14 00:37:19 2048 ----a-w- C:\windows\SysWow64\msxml3r.dll
    2014-11-14 00:37:19 2048 ----a-w- C:\windows\System32\msxml3r.dll
    2014-11-14 00:37:19 1882624 ----a-w- C:\windows\System32\msxml3.dll
    2014-11-14 00:37:19 1237504 ----a-w- C:\windows\SysWow64\msxml3.dll
    2014-11-14 00:37:07 878080 ----a-w- C:\windows\System32\IMJP10K.DLL
    2014-11-14 00:37:07 701440 ----a-w- C:\windows\SysWow64\IMJP10K.DLL
    2014-11-14 00:36:56 680960 ----a-w- C:\windows\System32\audiosrv.dll
    2014-11-14 00:36:56 500224 ----a-w- C:\windows\System32\AUDIOKSE.dll
    2014-11-14 00:36:56 442880 ----a-w- C:\windows\SysWow64\AUDIOKSE.dll
    2014-11-14 00:36:55 440832 ----a-w- C:\windows\System32\AudioEng.dll
    2014-11-14 00:36:55 374784 ----a-w- C:\windows\SysWow64\AudioEng.dll
    2014-11-14 00:36:55 296448 ----a-w- C:\windows\System32\AudioSes.dll
    2014-11-14 00:36:55 284672 ----a-w- C:\windows\System32\EncDump.dll
    2014-11-14 00:36:55 195584 ----a-w- C:\windows\SysWow64\AudioSes.dll
    2014-11-14 00:31:38 342016 ----a-w- C:\windows\System32\schannel.dll
    2014-11-14 00:31:38 309760 ----a-w- C:\windows\System32\ncrypt.dll
    2014-11-14 00:31:38 248832 ----a-w- C:\windows\SysWow64\schannel.dll
    2014-11-14 00:31:38 221184 ----a-w- C:\windows\SysWow64\ncrypt.dll
    2014-11-14 00:31:37 86528 ----a-w- C:\windows\System32\TSpkg.dll
    2014-11-14 00:31:37 65536 ----a-w- C:\windows\SysWow64\TSpkg.dll
    2014-11-14 00:31:37 314880 ----a-w- C:\windows\System32\msv1_0.dll
    2014-11-14 00:31:37 259584 ----a-w- C:\windows\SysWow64\msv1_0.dll
    2014-11-14 00:31:37 22016 ----a-w- C:\windows\System32\credssp.dll
    2014-11-14 00:31:37 210944 ----a-w- C:\windows\System32\wdigest.dll
    2014-11-14 00:31:37 17408 ----a-w- C:\windows\SysWow64\credssp.dll
    2014-11-14 00:31:37 172032 ----a-w- C:\windows\SysWow64\wdigest.dll
    2014-11-14 00:30:57 77824 ----a-w- C:\windows\System32\packager.dll
    2014-11-14 00:30:57 67584 ----a-w- C:\windows\SysWow64\packager.dll
    2014-11-14 00:30:41 3198976 ----a-w- C:\windows\System32\win32k.sys
    2014-11-14 00:30:33 3241984 ----a-w- C:\windows\System32\msi.dll
    2014-11-14 00:30:33 2363904 ----a-w- C:\windows\SysWow64\msi.dll
    2014-11-14 00:30:28 861696 ----a-w- C:\windows\System32\oleaut32.dll
    2014-11-14 00:30:28 571904 ----a-w- C:\windows\SysWow64\oleaut32.dll
    .
    ==================== Find3M ====================
    .
    2014-11-06 04:04:03 2724864 ----a-w- C:\windows\System32\mshtml.tlb
    2014-11-06 04:03:50 4096 ----a-w- C:\windows\System32\ieetwcollectorres.dll
    2014-11-06 03:47:03 66560 ----a-w- C:\windows\System32\iesetup.dll
    2014-11-06 03:46:12 48640 ----a-w- C:\windows\System32\ieetwproxystub.dll
    2014-11-06 03:30:22 144384 ----a-w- C:\windows\System32\ieUnatt.exe
    2014-11-06 03:30:08 114688 ----a-w- C:\windows\System32\ieetwcollector.exe
    2014-11-06 03:28:20 2724864 ----a-w- C:\windows\SysWow64\mshtml.tlb
    2014-11-06 03:20:18 968704 ----a-w- C:\windows\System32\MsSpellCheckingFacility.exe
    2014-11-06 03:13:43 501248 ----a-w- C:\windows\SysWow64\vbscript.dll
    2014-11-06 03:13:36 62464 ----a-w- C:\windows\SysWow64\iesetup.dll
    2014-11-06 03:12:44 47616 ----a-w- C:\windows\SysWow64\ieetwproxystub.dll
    2014-11-06 03:10:58 64000 ----a-w- C:\windows\SysWow64\MshtmlDac.dll
    2014-11-06 03:07:29 77824 ----a-w- C:\windows\System32\JavaScriptCollectionAgent.dll
    2014-11-06 02:59:36 115712 ----a-w- C:\windows\SysWow64\ieUnatt.exe
    2014-11-06 02:58:38 620032 ----a-w- C:\windows\SysWow64\jscript9diag.dll
    2014-11-06 02:42:36 60416 ----a-w- C:\windows\SysWow64\JavaScriptCollectionAgent.dll
    2014-11-06 02:38:25 2124288 ----a-w- C:\windows\System32\inetcpl.cpl
    2014-11-06 02:21:49 4298240 ----a-w- C:\windows\SysWow64\jscript9.dll
    2014-11-06 02:21:25 2051072 ----a-w- C:\windows\SysWow64\inetcpl.cpl
    2014-11-06 02:20:37 1155072 ----a-w- C:\windows\SysWow64\mshtmlmedia.dll
    2014-11-06 01:52:35 1892864 ----a-w- C:\windows\SysWow64\wininet.dll
    2014-11-04 19:30:58 275080 ------w- C:\windows\System32\MpSigStub.exe
    2014-09-25 02:08:38 371712 ----a-w- C:\windows\System32\qdvd.dll
    2014-09-25 01:40:50 519680 ----a-w- C:\windows\SysWow64\qdvd.dll
    2014-09-09 22:11:04 2048 ----a-w- C:\windows\System32\tzres.dll
    2014-09-09 21:47:10 2048 ----a-w- C:\windows\SysWow64\tzres.dll
    2014-09-04 05:23:20 424448 ----a-w- C:\windows\System32\rastls.dll
    2014-09-04 05:04:15 372736 ----a-w- C:\windows\SysWow64\rastls.dll
    .
    ============= FINISH: 1:38:20.96 ===============
     
  6. Sam22

    Sam22 TS Rookie Topic Starter Posts: 20

    Here are all of the logs!
    Once I finished running the malwarebytes scan, my computer started running faster and the fake Google chrome instances aren't seen on the task manager.
     
  7. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    I don't see any AV program running.
    Why?
    Step 1 in our preliminaries calls for installing one of proposed AV programs if you don't have any.
     
  8. Sam22

    Sam22 TS Rookie Topic Starter Posts: 20

    I'm so sorry, I had downloaded the install for Avast but never ran it.
    Just finished installing it and scan is running, Please let me know what I have to do thanks :)
    BTW, I uninstalled Google Chrome yesterday and I just checked my programs and it is there.I have no idea how it was installed because I didn't do it.
    Also, is it normal for a computer to be using up 58% physical memory? I see that number in the task manager.
    Please let me know what to do because my computer has been running slowly and I have no idea what he problem is.
     
  9. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Yes, Windows 7 handles RAM in different way than Windows XP.

    When done with Avast...

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2

    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Create new restore point before proceeding with the next step....
    How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

    Download [​IMG] Malwarebytes Anti-Rootkit to your desktop.
    • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
    • Double click on downloaded file. OK self extracting prompt.
    • MBAR will start. Click "Next" to continue.
    • Click in the following screen "Update" to obtain the latest malware definitions.
    • Once the update is complete select "Next" and click "Scan".
    • When the scan is finished and no malware has been found select "Exit".
    • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
    • Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
      • "mbar-log-{date} (xx-xx-xx).txt"
      • "system-log.txt"
    NOTE. If you see This version requires you to completely exit the Anti Malware application message right click on the Malwarebytes icon in the system tray and click on Exit.
     
  10. Sam22

    Sam22 TS Rookie Topic Starter Posts: 20

    RogueKiller V10.0.8.0 [Nov 20 2014] by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com
    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Samuel Avila [Administrator]
    Mode : Scan -- Date : 11/23/2014 21:05:29
    ¤¤¤ Processes : 0 ¤¤¤
    ¤¤¤ Registry : 7 ¤¤¤
    [PUM.SearchPage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 -> Found
    [PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-706833560-2454557567-1944840316-1001\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 -> Found
    [PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-706833560-2454557567-1944840316-1001\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 -> Found
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found
    ¤¤¤ Tasks : 2 ¤¤¤
    [Suspicious.Path] Rocket Updater.job -- C:\Users\SAMUEL~1\AppData\Roaming\ROCKET~1\UPDATE~1\UPDATE~1.EXE (/Check) -> Found
    [Suspicious.Path] \\Rocket Updater -- C:\Users\SAMUEL~1\AppData\Roaming\ROCKET~1\UPDATE~1\UPDATE~1.EXE (/Check) -> Found
    ¤¤¤ Files : 0 ¤¤¤
    ¤¤¤ Hosts File : 0 ¤¤¤
    ¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤
    ¤¤¤ Web browsers : 0 ¤¤¤
    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: TOSHIBA MK6476GSXN SATA Disk Device +++++
    --- User ---
    [MBR] c587b64a9ee3b8f0c65ec95ea67aaaa3
    [BSP] acac5b4a884c72d03fa0114f145b6644 : HP MBR Code
    Partition table:
    0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 MB
    1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 3074048 | Size: 594364 MB
    2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 1220331520 | Size: 14615 MB
    User = LL1 ... OK
    User = LL2 ... OK
     
  11. Sam22

    Sam22 TS Rookie Topic Starter Posts: 20

    Malwarebytes Anti-Rootkit BETA 1.08.2.1001
    www.malwarebytes.org
    Database version: v2014.11.24.01
    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 11.0.9600.17420
    Samuel Avila :: SAMUELAVILA-PC [administrator]
    11/23/2014 9:12:05 PM
    mbar-log-2014-11-23 (21-12-05).txt
    Scan type: Quick scan
    Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
    Scan options disabled:
    Objects scanned: 340472
    Time elapsed: 38 minute(s), 37 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 0
    (No malicious items detected)
    Physical Sectors Detected: 0
    (No malicious items detected)
    (end)
     
  12. Sam22

    Sam22 TS Rookie Topic Starter Posts: 20

    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.08.2.1001
    (c) Malwarebytes Corporation 2011-2012
    OS version: 6.1.7601 Windows 7 Service Pack 1 x64
    Account is Administrative
    Internet Explorer version: 11.0.9600.17420
    Java version: 1.6.0_25
    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, Q:\ DRIVE_FIXED
    CPU speed: 1.397000 GHz
    Memory total: 5881118720, free: 2099970048
    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.08.2.1001
    (c) Malwarebytes Corporation 2011-2012
    OS version: 6.1.7601 Windows 7 Service Pack 1 x64
    Account is Administrative
    Internet Explorer version: 11.0.9600.17420
    Java version: 1.6.0_25
    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, Q:\ DRIVE_FIXED
    CPU speed: 1.397000 GHz
    Memory total: 5881118720, free: 4257325056
    =======================================
    Initializing...
    ------------ Kernel report ------------
    11/22/2014 19:57:53
    ------------ Loaded modules -----------
    \SystemRoot\system32\ntoskrnl.exe
    \SystemRoot\system32\hal.dll
    \SystemRoot\system32\kdcom.dll
    \SystemRoot\system32\mcupdate_AuthenticAMD.dll
    \SystemRoot\system32\PSHED.dll
    \SystemRoot\system32\CLFS.SYS
    \SystemRoot\system32\CI.dll
    \SystemRoot\system32\drivers\Wdf01000.sys
    \SystemRoot\system32\drivers\WDFLDR.SYS
    \SystemRoot\system32\drivers\ACPI.sys
    \SystemRoot\system32\drivers\WMILIB.SYS
    \SystemRoot\system32\drivers\msisadrv.sys
    \SystemRoot\system32\drivers\pci.sys
    \SystemRoot\system32\drivers\vdrvroot.sys
    \SystemRoot\system32\DRIVERS\LPCFilter.sys
    \SystemRoot\System32\drivers\partmgr.sys
    \SystemRoot\system32\drivers\compbatt.sys
    \SystemRoot\system32\drivers\BATTC.SYS
    \SystemRoot\system32\drivers\volmgr.sys
    \SystemRoot\System32\drivers\volmgrx.sys
    \SystemRoot\System32\drivers\mountmgr.sys
    \SystemRoot\system32\drivers\pciide.sys
    \SystemRoot\system32\drivers\PCIIDEX.SYS
    \SystemRoot\system32\drivers\atapi.sys
    \SystemRoot\system32\drivers\ataport.SYS
    \SystemRoot\system32\drivers\msahci.sys
    \SystemRoot\system32\DRIVERS\amd_sata.sys
    \SystemRoot\system32\DRIVERS\storport.sys
    \SystemRoot\system32\DRIVERS\amd_xata.sys
    \SystemRoot\system32\drivers\amdxata.sys
    \SystemRoot\system32\drivers\fltmgr.sys
    \SystemRoot\system32\drivers\fileinfo.sys
    \SystemRoot\System32\Drivers\Ntfs.sys
    \SystemRoot\System32\Drivers\msrpc.sys
    \SystemRoot\System32\Drivers\ksecdd.sys
    \SystemRoot\System32\Drivers\cng.sys
    \SystemRoot\System32\drivers\pcw.sys
    \SystemRoot\System32\Drivers\Fs_Rec.sys
    \SystemRoot\system32\drivers\ndis.sys
    \SystemRoot\system32\drivers\NETIO.SYS
    \SystemRoot\System32\Drivers\ksecpkg.sys
    \SystemRoot\System32\drivers\tcpip.sys
    \SystemRoot\System32\drivers\fwpkclnt.sys
    \SystemRoot\system32\DRIVERS\scmndisp.sys
    \SystemRoot\system32\drivers\volsnap.sys
    \SystemRoot\system32\DRIVERS\TVALZ_O.SYS
    \SystemRoot\system32\DRIVERS\tos_sps64.sys
    \SystemRoot\system32\DRIVERS\Thpevm.SYS
    \SystemRoot\system32\DRIVERS\thpdrv.sys
    \SystemRoot\System32\Drivers\spldr.sys
    \SystemRoot\System32\drivers\rdyboost.sys
    \SystemRoot\System32\Drivers\mup.sys
    \SystemRoot\System32\drivers\hwpolicy.sys
    \SystemRoot\System32\DRIVERS\fvevol.sys
    \SystemRoot\system32\drivers\disk.sys
    \SystemRoot\system32\drivers\CLASSPNP.SYS
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\drivers\VIDEOPRT.SYS
    \SystemRoot\System32\drivers\watchdog.sys
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\system32\drivers\rdpencdd.sys
    \SystemRoot\system32\drivers\rdprefmp.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\system32\DRIVERS\tdx.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\system32\drivers\afd.sys
    \SystemRoot\System32\DRIVERS\netbt.sys
    \SystemRoot\system32\DRIVERS\wfplwf.sys
    \SystemRoot\system32\DRIVERS\pacer.sys
    \SystemRoot\system32\DRIVERS\vwififlt.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\system32\drivers\termdd.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\drivers\nsiproxy.sys
    \SystemRoot\system32\drivers\mssmbios.sys
    \SystemRoot\System32\drivers\discache.sys
    \SystemRoot\System32\Drivers\dfsc.sys
    \SystemRoot\system32\drivers\blbdrive.sys
    \SystemRoot\system32\DRIVERS\tunnel.sys
    \SystemRoot\system32\DRIVERS\atikmpag.sys
    \SystemRoot\system32\DRIVERS\atikmdag.sys
    \SystemRoot\System32\drivers\dxgkrnl.sys
    \SystemRoot\System32\drivers\dxgmms1.sys
    \SystemRoot\system32\drivers\HDAudBus.sys
    \SystemRoot\system32\DRIVERS\Rt64win7.sys
    \SystemRoot\system32\DRIVERS\rtl8192Ce.sys
    \SystemRoot\system32\DRIVERS\vwifibus.sys
    \SystemRoot\system32\DRIVERS\amdxhc.sys
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\system32\DRIVERS\usbohci.sys
    \SystemRoot\system32\DRIVERS\USBPORT.SYS
    \SystemRoot\system32\DRIVERS\usbehci.sys
    \SystemRoot\system32\drivers\i8042prt.sys
    \SystemRoot\system32\DRIVERS\CeKbFilter.sys
    \SystemRoot\system32\DRIVERS\kbdclass.sys
    \SystemRoot\system32\drivers\CmBatt.sys
    \SystemRoot\system32\DRIVERS\SynTP.sys
    \SystemRoot\system32\DRIVERS\mouclass.sys
    \SystemRoot\system32\DRIVERS\jmcr.sys
    \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
    \SystemRoot\system32\DRIVERS\amdppm.sys
    \SystemRoot\system32\DRIVERS\TVALZFL.sys
    \SystemRoot\system32\drivers\CompositeBus.sys
    \SystemRoot\system32\DRIVERS\AgileVpn.sys
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\rassstp.sys
    \SystemRoot\system32\drivers\swenum.sys
    \SystemRoot\system32\drivers\ks.sys
    \SystemRoot\system32\DRIVERS\umbus.sys
    \SystemRoot\system32\DRIVERS\amdhub30.sys
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\drivers\AtihdW76.sys
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\system32\drivers\ksthunk.sys
    \SystemRoot\system32\drivers\RTKVHD64.sys
    \SystemRoot\System32\Drivers\crashdmp.sys
    \SystemRoot\System32\Drivers\dump_diskdump.sys
    \SystemRoot\System32\Drivers\dump_amd_sata.sys
    \SystemRoot\System32\Drivers\dump_dumpfve.sys
    \SystemRoot\system32\DRIVERS\hidusb.sys
    \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    \SystemRoot\system32\DRIVERS\mouhid.sys
    \SystemRoot\system32\DRIVERS\usbccgp.sys
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\System32\Drivers\usbvideo.sys
    \SystemRoot\system32\DRIVERS\pgeffect.sys
    \SystemRoot\system32\DRIVERS\kbdhid.sys
    \SystemRoot\system32\DRIVERS\monitor.sys
    \SystemRoot\System32\TSDDD.dll
    \SystemRoot\System32\cdd.dll
    \SystemRoot\System32\ATMFD.DLL
    \SystemRoot\system32\drivers\luafv.sys
    \SystemRoot\system32\DRIVERS\Sftvollh.sys
    \SystemRoot\system32\DRIVERS\lltdio.sys
    \SystemRoot\system32\DRIVERS\nwifi.sys
    \SystemRoot\system32\DRIVERS\ndisuio.sys
    \SystemRoot\system32\DRIVERS\rspndr.sys
    \SystemRoot\system32\drivers\HTTP.sys
    \SystemRoot\system32\DRIVERS\bowser.sys
    \SystemRoot\System32\drivers\mpsdrv.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    \SystemRoot\system32\drivers\peauth.sys
    \??\C:\windows\system32\drivers\regi.sys
    \SystemRoot\System32\Drivers\secdrv.SYS
    \SystemRoot\system32\DRIVERS\Sftfslh.sys
    \SystemRoot\system32\DRIVERS\Sftplaylh.sys
    \SystemRoot\System32\DRIVERS\srvnet.sys
    \SystemRoot\System32\drivers\tcpipreg.sys
    \SystemRoot\System32\DRIVERS\srv2.sys
    \SystemRoot\system32\DRIVERS\Sftredirlh.sys
    \SystemRoot\System32\DRIVERS\srv.sys
    \SystemRoot\system32\drivers\spsys.sys
    \??\C:\windows\system32\drivers\mbamchameleon.sys
    \??\C:\windows\system32\drivers\MBAMSwissArmy.sys
    \Windows\System32\ntdll.dll
    \Windows\System32\smss.exe
    \Windows\System32\apisetschema.dll
    \Windows\System32\autochk.exe
    \Windows\System32\msctf.dll
    \Windows\System32\imagehlp.dll
    \Windows\System32\user32.dll
    \Windows\System32\kernel32.dll
    \Windows\System32\iertutil.dll
    \Windows\System32\urlmon.dll
    \Windows\System32\imm32.dll
    \Windows\System32\sechost.dll
    \Windows\System32\usp10.dll
    \Windows\System32\psapi.dll
    \Windows\System32\nsi.dll
    \Windows\System32\msvcrt.dll
    \Windows\System32\ole32.dll
    \Windows\System32\wininet.dll
    \Windows\System32\shell32.dll
    \Windows\System32\shlwapi.dll
    \Windows\System32\clbcatq.dll
    \Windows\System32\oleaut32.dll
    \Windows\System32\lpk.dll
    \Windows\System32\gdi32.dll
    \Windows\System32\normaliz.dll
    \Windows\System32\advapi32.dll
    \Windows\System32\comdlg32.dll
    \Windows\System32\ws2_32.dll
    \Windows\System32\setupapi.dll
    \Windows\System32\rpcrt4.dll
    \Windows\System32\Wldap32.dll
    \Windows\System32\difxapi.dll
    \Windows\System32\userenv.dll
    \Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
    \Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
    \Windows\System32\crypt32.dll
    \Windows\System32\comctl32.dll
    \Windows\System32\KernelBase.dll
    \Windows\System32\wintrust.dll
    \Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
    \Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
    \Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
    \Windows\System32\devobj.dll
    \Windows\System32\cfgmgr32.dll
    \Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
    \Windows\System32\profapi.dll
    \Windows\System32\msasn1.dll
    ----------- End -----------
    Done!
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xfffffa800652a060
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\0000006f\
    Lower Device Object: 0xfffffa8005f43060
    Lower Device Driver Name: \Driver\amd_sata\
    <<<2>>>
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xfffffa800652a060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa800652ab90, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa800652a060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa80064fb710, DeviceName: \Device\THPDRV1\, DriverName: \Driver\Thpdrv\
    DevicePointer: 0xfffffa8005f45ac0, DeviceName: Unknown, DriverName: \Driver\amd_xata\
    DevicePointer: 0xfffffa8005f43060, DeviceName: \Device\0000006f\, DriverName: \Driver\amd_sata\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    Upper DeviceData: 0x0, 0x0, 0x0
    Lower DeviceData: 0x0, 0x0, 0x0
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
    Done!
    Drive 0
    This is a System drive
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: F0641918
    Partition information:
    Partition 0 type is Other (0x27)
    Partition is ACTIVE.
    Partition starts at LBA: 2048 Numsec = 3072000
    Partition file system is NTFS
    Partition is bootable
    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 3074048 Numsec = 1217257472
    Partition 2 type is HIDDEN (0x17)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1220331520 Numsec = 29931520
    Partition is not bootable
    Hidden partition VBR is not infected.
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Disk Size: 640135028736 bytes
    Sector size: 512 bytes
    Done!
    Infected: C:\Program Files (x86)\Feathercoin\minerd.exe --> [Trojan.BitcoinMiner]
    Scan finished
    Creating System Restore point...
    Cleaning up...
    Removal scheduling successful. System shutdown needed.
    =======================================

    Removal queue found; removal started
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-I.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-I.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-2-1220331520-I.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
    Removal finished
    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.08.2.1001
    (c) Malwarebytes Corporation 2011-2012
    OS version: 6.1.7601 Windows 7 Service Pack 1 x64
    Account is Administrative
    Internet Explorer version: 11.0.9600.17420
    Java version: 1.6.0_25
    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, Q:\ DRIVE_FIXED
    CPU speed: 1.397000 GHz
    Memory total: 5881118720, free: 1433612288
    Downloaded database version: v2014.11.24.01
    Downloaded database version: v2014.11.22.01
    =======================================
    Initializing...
    This version of Malwarebytes Anti-Rootkit requires you to completely exit the Malwarebytes Anti-Malware application to continue.
    =======================================
    Initializing...
    ------------ Kernel report ------------
    11/23/2014 21:11:47
    ------------ Loaded modules -----------
    \SystemRoot\system32\ntoskrnl.exe
    \SystemRoot\system32\hal.dll
    \SystemRoot\system32\kdcom.dll
    \SystemRoot\system32\mcupdate_AuthenticAMD.dll
    \SystemRoot\system32\PSHED.dll
    \SystemRoot\system32\CLFS.SYS
    \SystemRoot\system32\CI.dll
    \SystemRoot\system32\drivers\Wdf01000.sys
    \SystemRoot\system32\drivers\WDFLDR.SYS
    \SystemRoot\system32\drivers\ACPI.sys
    \SystemRoot\system32\drivers\WMILIB.SYS
    \SystemRoot\system32\drivers\msisadrv.sys
    \SystemRoot\system32\drivers\pci.sys
    \SystemRoot\system32\drivers\vdrvroot.sys
    \SystemRoot\system32\DRIVERS\LPCFilter.sys
    \SystemRoot\System32\drivers\partmgr.sys
    \SystemRoot\system32\drivers\compbatt.sys
    \SystemRoot\system32\drivers\BATTC.SYS
    \SystemRoot\system32\drivers\volmgr.sys
    \SystemRoot\System32\drivers\volmgrx.sys
    \SystemRoot\System32\drivers\mountmgr.sys
    \SystemRoot\system32\drivers\pciide.sys
    \SystemRoot\system32\drivers\PCIIDEX.SYS
    \SystemRoot\system32\drivers\atapi.sys
    \SystemRoot\system32\drivers\ataport.SYS
    \SystemRoot\system32\drivers\msahci.sys
    \SystemRoot\system32\DRIVERS\amd_sata.sys
    \SystemRoot\system32\DRIVERS\storport.sys
    \SystemRoot\system32\DRIVERS\amd_xata.sys
    \SystemRoot\system32\drivers\amdxata.sys
    \SystemRoot\system32\drivers\fltmgr.sys
    \SystemRoot\system32\drivers\fileinfo.sys
    \SystemRoot\System32\Drivers\Ntfs.sys
    \SystemRoot\System32\Drivers\msrpc.sys
    \SystemRoot\System32\Drivers\ksecdd.sys
    \SystemRoot\System32\Drivers\cng.sys
    \SystemRoot\System32\drivers\pcw.sys
    \SystemRoot\System32\Drivers\Fs_Rec.sys
    \SystemRoot\system32\drivers\ndis.sys
    \SystemRoot\system32\drivers\NETIO.SYS
    \SystemRoot\System32\Drivers\ksecpkg.sys
    \SystemRoot\System32\drivers\tcpip.sys
    \SystemRoot\System32\drivers\fwpkclnt.sys
    \SystemRoot\system32\DRIVERS\scmndisp.sys
    \SystemRoot\system32\drivers\volsnap.sys
    \SystemRoot\system32\DRIVERS\TVALZ_O.SYS
    \SystemRoot\system32\DRIVERS\tos_sps64.sys
    \SystemRoot\system32\DRIVERS\Thpevm.SYS
    \SystemRoot\system32\DRIVERS\thpdrv.sys
    \SystemRoot\System32\Drivers\spldr.sys
    \SystemRoot\System32\drivers\rdyboost.sys
    \SystemRoot\System32\Drivers\mup.sys
    \SystemRoot\System32\drivers\hwpolicy.sys
    \SystemRoot\System32\DRIVERS\fvevol.sys
    \SystemRoot\system32\drivers\disk.sys
    \SystemRoot\system32\drivers\CLASSPNP.SYS
    \SystemRoot\System32\Drivers\aswVmm.sys
    \SystemRoot\System32\Drivers\aswRvrt.sys
    \SystemRoot\system32\drivers\aswSnx.sys
    \SystemRoot\system32\drivers\aswSP.sys
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\drivers\VIDEOPRT.SYS
    \SystemRoot\System32\drivers\watchdog.sys
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\system32\drivers\rdpencdd.sys
    \SystemRoot\system32\drivers\rdprefmp.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\system32\DRIVERS\tdx.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\system32\drivers\afd.sys
    \SystemRoot\system32\drivers\aswRdr2.sys
    \SystemRoot\System32\DRIVERS\netbt.sys
    \SystemRoot\system32\DRIVERS\wfplwf.sys
    \SystemRoot\system32\DRIVERS\pacer.sys
    \SystemRoot\system32\DRIVERS\vwififlt.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\system32\drivers\termdd.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\drivers\nsiproxy.sys
    \SystemRoot\system32\drivers\mssmbios.sys
    \SystemRoot\System32\drivers\discache.sys
    \SystemRoot\System32\Drivers\dfsc.sys
    \SystemRoot\system32\drivers\blbdrive.sys
    \SystemRoot\system32\DRIVERS\tunnel.sys
    \SystemRoot\system32\DRIVERS\atikmpag.sys
    \SystemRoot\system32\DRIVERS\atikmdag.sys
    \SystemRoot\System32\drivers\dxgkrnl.sys
    \SystemRoot\System32\drivers\dxgmms1.sys
    \SystemRoot\system32\drivers\HDAudBus.sys
    \SystemRoot\system32\DRIVERS\Rt64win7.sys
    \SystemRoot\system32\DRIVERS\rtl8192Ce.sys
    \SystemRoot\system32\DRIVERS\vwifibus.sys
    \SystemRoot\system32\DRIVERS\amdxhc.sys
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\system32\DRIVERS\usbohci.sys
    \SystemRoot\system32\DRIVERS\USBPORT.SYS
    \SystemRoot\system32\DRIVERS\usbehci.sys
    \SystemRoot\system32\drivers\i8042prt.sys
    \SystemRoot\system32\DRIVERS\CeKbFilter.sys
    \SystemRoot\system32\DRIVERS\kbdclass.sys
    \SystemRoot\system32\drivers\CmBatt.sys
    \SystemRoot\system32\DRIVERS\SynTP.sys
    \SystemRoot\system32\DRIVERS\mouclass.sys
    \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
    \SystemRoot\system32\DRIVERS\amdppm.sys
    \SystemRoot\system32\DRIVERS\TVALZFL.sys
    \SystemRoot\system32\drivers\CompositeBus.sys
    \SystemRoot\system32\DRIVERS\AgileVpn.sys
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\rassstp.sys
    \SystemRoot\system32\drivers\swenum.sys
    \SystemRoot\system32\drivers\ks.sys
    \SystemRoot\system32\DRIVERS\umbus.sys
    \SystemRoot\system32\DRIVERS\amdhub30.sys
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\drivers\AtihdW76.sys
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\system32\drivers\ksthunk.sys
    \SystemRoot\system32\drivers\RTKVHD64.sys
    \SystemRoot\system32\DRIVERS\hidusb.sys
    \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    \SystemRoot\system32\DRIVERS\mouhid.sys
    \SystemRoot\system32\DRIVERS\usbccgp.sys
    \SystemRoot\system32\DRIVERS\kbdhid.sys
    \SystemRoot\System32\Drivers\usbvideo.sys
    \SystemRoot\system32\DRIVERS\pgeffect.sys
    \SystemRoot\System32\Drivers\crashdmp.sys
    \SystemRoot\System32\Drivers\dump_diskdump.sys
    \SystemRoot\System32\Drivers\dump_amd_sata.sys
    \SystemRoot\System32\Drivers\dump_dumpfve.sys
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\system32\DRIVERS\monitor.sys
    \SystemRoot\System32\TSDDD.dll
    \SystemRoot\System32\cdd.dll
    \SystemRoot\System32\ATMFD.DLL
    \SystemRoot\system32\drivers\luafv.sys
    \SystemRoot\system32\drivers\aswMonFlt.sys
    \SystemRoot\system32\DRIVERS\Sftvollh.sys
    \SystemRoot\system32\drivers\aswStm.sys
    \SystemRoot\system32\DRIVERS\lltdio.sys
    \SystemRoot\system32\DRIVERS\nwifi.sys
    \SystemRoot\system32\DRIVERS\ndisuio.sys
    \SystemRoot\system32\DRIVERS\rspndr.sys
    \SystemRoot\system32\drivers\HTTP.sys
    \SystemRoot\system32\DRIVERS\bowser.sys
    \SystemRoot\System32\drivers\mpsdrv.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    \SystemRoot\system32\drivers\aswHwid.sys
    \SystemRoot\system32\drivers\peauth.sys
    \??\C:\windows\system32\drivers\regi.sys
    \SystemRoot\System32\Drivers\secdrv.SYS
    \SystemRoot\system32\DRIVERS\Sftfslh.sys
    \SystemRoot\system32\DRIVERS\Sftplaylh.sys
    \SystemRoot\System32\DRIVERS\srvnet.sys
    \SystemRoot\System32\drivers\tcpipreg.sys
    \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys
    \SystemRoot\System32\DRIVERS\srv2.sys
    \SystemRoot\System32\DRIVERS\srv.sys
    \SystemRoot\system32\drivers\spsys.sys
    \??\C:\windows\system32\drivers\mbamchameleon.sys
    \??\C:\windows\system32\drivers\MBAMSwissArmy.sys
    \Windows\System32\ntdll.dll
    \Windows\System32\smss.exe
    \Windows\System32\apisetschema.dll
    ----------- End -----------
    Done!
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xfffffa8006547060
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\00000074\
    Lower Device Object: 0xfffffa8005f4d290
    Lower Device Driver Name: \Driver\amd_sata\
    <<<2>>>
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xfffffa8006547060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa8006547b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa8006547060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa800653e710, DeviceName: \Device\THPDRV1\, DriverName: \Driver\Thpdrv\
    DevicePointer: 0xfffffa8005f60040, DeviceName: Unknown, DriverName: \Driver\amd_xata\
    DevicePointer: 0xfffffa8005f4d290, DeviceName: \Device\00000074\, DriverName: \Driver\amd_sata\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    Upper DeviceData: 0x0, 0x0, 0x0
    Lower DeviceData: 0x0, 0x0, 0x0
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
    Done!
    Drive 0
    This is a System drive
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: F0641918
    Partition information:
    Partition 0 type is Other (0x27)
    Partition is ACTIVE.
    Partition starts at LBA: 2048 Numsec = 3072000
    Partition file system is NTFS
    Partition is bootable
    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 3074048 Numsec = 1217257472
    Partition 2 type is HIDDEN (0x17)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1220331520 Numsec = 29931520
    Partition is not bootable
    Hidden partition VBR is not infected.
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Disk Size: 640135028736 bytes
    Sector size: 512 bytes
    Done!
    Scan finished
    =======================================

    Removal queue found; removal started
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-I.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-I.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-2-1220331520-I.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
    Removal finished
     
  13. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  14. Sam22

    Sam22 TS Rookie Topic Starter Posts: 20

    ComboFix 14-11-24.02 - Samuel Avila 11/24/2014 12:20:35.2.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5609.4034 [GMT -5:00]
    Running from: c:\users\Samuel Avila\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2014-10-24 to 2014-11-24 )))))))))))))))))))))))))))))))
    .
    .
    2014-11-24 17:30 . 2014-11-24 17:30 -------- d-----w- c:\users\Default\AppData\Local\temp
    2014-11-24 01:25 . 2014-11-24 01:25 34808 ----a-w- c:\windows\system32\drivers\TrueSight.sys
    2014-11-24 01:25 . 2014-11-24 01:25 -------- d-----w- c:\programdata\RogueKiller
    2014-11-23 23:46 . 2014-11-23 23:49 -------- d-----w- c:\windows\SysWow64\vbox
    2014-11-23 23:46 . 2014-11-23 23:49 -------- d-----w- c:\windows\system32\vbox
    2014-11-23 23:46 . 2014-11-23 23:46 -------- d-----w- c:\users\Samuel Avila\AppData\Roaming\AVAST Software
    2014-11-23 23:42 . 2014-11-23 23:46 -------- d-----w- c:\users\Samuel Avila\AppData\Local\Google
    2014-11-23 23:42 . 2014-11-23 23:45 -------- d-----w- c:\program files (x86)\Google
    2014-11-23 23:42 . 2014-11-23 23:41 116728 ----a-w- c:\windows\system32\drivers\aswStm.sys
    2014-11-23 23:42 . 2014-11-23 23:41 267632 ----a-w- c:\windows\system32\drivers\aswVmm.sys
    2014-11-23 23:42 . 2014-11-23 23:41 436624 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2014-11-23 23:42 . 2014-11-23 23:41 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
    2014-11-23 23:42 . 2014-11-23 23:41 83280 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2014-11-23 23:42 . 2014-11-23 23:41 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys
    2014-11-23 23:42 . 2014-11-23 23:41 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
    2014-11-23 23:41 . 2014-11-23 23:45 1050432 ----a-w- c:\windows\system32\drivers\aswsnx.sys
    2014-11-23 23:41 . 2014-11-23 23:41 364512 ----a-w- c:\windows\system32\aswBoot.exe
    2014-11-23 23:41 . 2014-11-23 23:41 43152 ----a-w- c:\windows\avastSS.scr
    2014-11-23 23:40 . 2014-11-23 23:40 -------- d-----w- c:\program files\AVAST Software
    2014-11-23 23:36 . 2014-11-23 23:40 -------- d-----w- c:\programdata\AVAST Software
    2014-11-23 00:57 . 2014-11-24 03:04 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
    2014-11-23 00:57 . 2014-11-24 13:35 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2014-11-23 00:47 . 2014-11-24 02:10 96472 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2014-11-23 00:33 . 2014-11-23 00:33 -------- d-----w- C:\zoek_backup
    2014-11-23 00:00 . 2014-11-23 00:07 -------- d-----w- C:\FRST
    2014-11-22 21:02 . 2014-11-22 21:02 -------- d-----w- c:\programdata\ATI
    2014-11-22 20:33 . 2014-11-22 20:41 -------- d-----w- c:\windows\system32\MRT
    2014-11-22 18:42 . 2014-11-22 18:42 -------- d-----w- c:\programdata\AMD
    2014-11-22 18:42 . 2014-11-22 18:42 -------- d-----w- c:\program files (x86)\AMD AVT
    2014-11-22 18:34 . 2014-11-22 18:37 -------- d-----w- c:\programdata\Package Cache
    2014-11-22 18:34 . 2014-11-22 18:41 -------- d-----w- c:\program files\ATI Technologies
    2014-11-22 15:43 . 2014-11-02 04:20 11632448 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{90770DB7-9119-4DC4-9B5B-26D4162AC21D}\mpengine.dll
    2014-11-19 03:26 . 2014-11-11 03:08 241152 ----a-w- c:\windows\system32\pku2u.dll
    2014-11-19 03:26 . 2014-11-11 03:08 728064 ----a-w- c:\windows\system32\kerberos.dll
    2014-11-19 03:26 . 2014-11-11 02:44 186880 ----a-w- c:\windows\SysWow64\pku2u.dll
    2014-11-19 03:26 . 2014-11-11 02:44 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
    2014-11-15 15:19 . 2014-11-15 15:19 -------- d-sh--w- c:\users\Samuel Avila\AppData\Local\EmieBrowserModeList
    2014-11-14 01:05 . 2014-11-06 03:29 814080 ----a-w- c:\windows\system32\jscript9diag.dll
    2014-11-14 01:05 . 2014-11-06 03:23 6040064 ----a-w- c:\windows\system32\jscript9.dll
    2014-11-14 01:05 . 2014-11-06 03:00 92160 ----a-w- c:\windows\system32\mshtmled.dll
    2014-11-14 01:05 . 2014-11-06 02:39 1359360 ----a-w- c:\windows\system32\mshtmlmedia.dll
    2014-11-14 01:05 . 2014-11-06 04:11 950784 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
    2014-11-14 01:05 . 2014-11-06 03:46 580096 ----a-w- c:\windows\system32\vbscript.dll
    2014-11-14 01:05 . 2014-11-06 02:17 2365440 ----a-w- c:\windows\system32\wininet.dll
    2014-11-14 01:05 . 2014-11-06 01:58 378880 ----a-w- c:\program files\Internet Explorer\IEShims.dll
    2014-11-14 01:05 . 2014-11-07 19:49 293040 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
    2014-11-14 01:05 . 2014-11-06 04:03 25110016 ----a-w- c:\windows\system32\mshtml.dll
    2014-11-14 01:05 . 2014-11-06 03:44 88064 ----a-w- c:\windows\system32\MshtmlDac.dll
    2014-11-14 01:05 . 2014-11-06 03:02 199680 ----a-w- c:\windows\system32\msrating.dll
    2014-11-14 01:05 . 2014-11-06 03:00 1016832 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
    2014-11-14 00:43 . 2014-11-05 17:56 304640 ----a-w- c:\windows\system32\generaltel.dll
    2014-11-14 00:43 . 2014-11-05 17:56 228864 ----a-w- c:\windows\system32\aepdu.dll
    2014-11-14 00:43 . 2014-11-05 17:52 424448 ----a-w- c:\windows\system32\aeinv.dll
    2014-11-14 00:42 . 2014-10-14 02:16 155064 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
    2014-11-14 00:42 . 2014-10-14 02:13 683520 ----a-w- c:\windows\system32\termsrv.dll
    2014-11-14 00:42 . 2014-10-14 02:07 681984 ----a-w- c:\windows\system32\adtschema.dll
    2014-11-14 00:42 . 2014-10-14 01:46 681984 ----a-w- c:\windows\SysWow64\adtschema.dll
    2014-11-14 00:42 . 2014-10-14 02:12 1460736 ----a-w- c:\windows\system32\lsasrv.dll
    2014-11-14 00:42 . 2014-10-14 02:09 146432 ----a-w- c:\windows\system32\msaudite.dll
    2014-11-14 00:42 . 2014-10-14 01:50 22016 ----a-w- c:\windows\SysWow64\secur32.dll
    2014-11-14 00:42 . 2014-10-14 01:49 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
    2014-11-14 00:42 . 2014-10-14 01:47 146432 ----a-w- c:\windows\SysWow64\msaudite.dll
    2014-11-14 00:37 . 2014-08-21 06:43 1882624 ----a-w- c:\windows\system32\msxml3.dll
    2014-11-14 00:37 . 2014-08-21 06:40 2048 ----a-w- c:\windows\system32\msxml3r.dll
    2014-11-14 00:37 . 2014-08-21 06:26 1237504 ----a-w- c:\windows\SysWow64\msxml3.dll
    2014-11-14 00:37 . 2014-08-21 06:23 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
    2014-11-14 00:37 . 2014-08-12 02:02 878080 ----a-w- c:\windows\system32\IMJP10K.DLL
    2014-11-14 00:37 . 2014-08-12 01:36 701440 ----a-w- c:\windows\SysWow64\IMJP10K.DLL
    2014-11-14 00:36 . 2014-10-03 02:12 500224 ----a-w- c:\windows\system32\AUDIOKSE.dll
    2014-11-14 00:36 . 2014-10-03 02:11 680960 ----a-w- c:\windows\system32\audiosrv.dll
    2014-11-14 00:36 . 2014-10-03 01:44 442880 ----a-w- c:\windows\SysWow64\AUDIOKSE.dll
    2014-11-14 00:36 . 2014-10-03 02:11 284672 ----a-w- c:\windows\system32\EncDump.dll
    2014-11-14 00:36 . 2014-10-03 02:11 440832 ----a-w- c:\windows\system32\AudioEng.dll
    2014-11-14 00:36 . 2014-10-03 02:11 296448 ----a-w- c:\windows\system32\AudioSes.dll
    2014-11-14 00:36 . 2014-10-03 01:44 374784 ----a-w- c:\windows\SysWow64\AudioEng.dll
    2014-11-14 00:36 . 2014-10-03 01:44 195584 ----a-w- c:\windows\SysWow64\AudioSes.dll
    2014-11-14 00:31 . 2014-09-19 09:42 342016 ----a-w- c:\windows\system32\schannel.dll
    2014-11-14 00:31 . 2014-09-19 09:42 309760 ----a-w- c:\windows\system32\ncrypt.dll
    2014-11-14 00:31 . 2014-09-19 09:23 248832 ----a-w- c:\windows\SysWow64\schannel.dll
    2014-11-14 00:31 . 2014-09-19 09:23 221184 ----a-w- c:\windows\SysWow64\ncrypt.dll
    2014-11-14 00:31 . 2014-09-19 09:42 210944 ----a-w- c:\windows\system32\wdigest.dll
    2014-11-14 00:31 . 2014-09-19 09:42 86528 ----a-w- c:\windows\system32\TSpkg.dll
    2014-11-14 00:31 . 2014-09-19 09:42 314880 ----a-w- c:\windows\system32\msv1_0.dll
    2014-11-14 00:31 . 2014-09-19 09:42 22016 ----a-w- c:\windows\system32\credssp.dll
    2014-11-14 00:31 . 2014-09-19 09:23 172032 ----a-w- c:\windows\SysWow64\wdigest.dll
    2014-11-14 00:31 . 2014-09-19 09:23 65536 ----a-w- c:\windows\SysWow64\TSpkg.dll
    2014-11-14 00:31 . 2014-09-19 09:23 259584 ----a-w- c:\windows\SysWow64\msv1_0.dll
    2014-11-14 00:31 . 2014-09-19 09:23 17408 ----a-w- c:\windows\SysWow64\credssp.dll
    2014-11-14 00:30 . 2014-10-25 01:57 77824 ----a-w- c:\windows\system32\packager.dll
    2014-11-14 00:30 . 2014-10-25 01:32 67584 ----a-w- c:\windows\SysWow64\packager.dll
    2014-11-14 00:30 . 2014-10-10 00:57 3198976 ----a-w- c:\windows\system32\win32k.sys
    2014-11-14 00:30 . 2014-10-14 02:13 3241984 ----a-w- c:\windows\system32\msi.dll
    2014-11-14 00:30 . 2014-10-14 01:50 2363904 ----a-w- c:\windows\SysWow64\msi.dll
    2014-11-14 00:30 . 2014-10-18 02:05 861696 ----a-w- c:\windows\system32\oleaut32.dll
    2014-11-14 00:30 . 2014-10-18 01:33 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2014-11-04 19:30 . 2010-11-21 03:27 275080 ------w- c:\windows\system32\MpSigStub.exe
    2014-09-25 02:08 . 2014-10-01 00:37 371712 ----a-w- c:\windows\system32\qdvd.dll
    2014-09-25 01:40 . 2014-10-01 00:37 519680 ----a-w- c:\windows\SysWow64\qdvd.dll
    2014-09-09 22:11 . 2014-09-23 21:28 2048 ----a-w- c:\windows\system32\tzres.dll
    2014-09-09 21:47 . 2014-09-23 21:28 2048 ----a-w- c:\windows\SysWow64\tzres.dll
    2014-09-04 05:23 . 2014-10-20 16:43 424448 ----a-w- c:\windows\system32\rastls.dll
    2014-09-04 05:04 . 2014-10-20 16:43 372736 ----a-w- c:\windows\SysWow64\rastls.dll
    2014-08-29 19:43 . 2011-03-29 01:36 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "uTorrent"="c:\users\Samuel Avila\AppData\Roaming\uTorrent\uTorrent.exe" [2014-11-22 1385808]
    "cdloader"="c:\users\Samuel Avila\AppData\Roaming\mjusbsp\cdloader2.exe" [2012-02-01 50592]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2011-03-10 532480]
    "HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2011-03-10 423936]
    "KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2010-08-16 34160]
    "ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-07-12 1298816]
    "NortonOnlineBackupReminder"="c:\program files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" [2011-06-22 3218864]
    "ToshibaAppPlace"="c:\program files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [2010-09-23 552960]
    "AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
    "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-11-02 152392]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2013-08-26 766208]
    "AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-11-23 5226600]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    NETGEAR WNDA3100v2 Smart Wizard.lnk - c:\program files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe [2014-10-20 3280896]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "SoftwareSASGeneration"= 1 (0x1)
    .
    R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
    R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
    R2 WSWNDA3100;WSWNDA3100;c:\program files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe;c:\program files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [x]
    R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh664.sys;c:\windows\SYSNATIVE\DRIVERS\bcmwlhigh664.sys [x]
    R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
    R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
    R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
    R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
    R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
    R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
    R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
    R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
    R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
    R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
    R3 YMIDUSBW;Yamaha USB-MIDI Driver (WDM);c:\windows\system32\drivers\ymidusbx64.sys;c:\windows\SYSNATIVE\drivers\ymidusbx64.sys [x]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
    S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]
    S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]
    S0 aswRvrt;avast! Revert; [x]
    S0 aswVmm;avast! VM Monitor; [x]
    S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys;c:\windows\SYSNATIVE\DRIVERS\scmndisp.sys [x]
    S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys;c:\windows\SYSNATIVE\DRIVERS\thpdrv.sys [x]
    S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS;c:\windows\SYSNATIVE\DRIVERS\Thpevm.SYS [x]
    S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys;c:\windows\SYSNATIVE\DRIVERS\tos_sps64.sys [x]
    S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
    S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
    S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
    S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
    S2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [x]
    S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [x]
    S2 regi;regi;c:\windows\system32\drivers\regi.sys;c:\windows\SYSNATIVE\drivers\regi.sys [x]
    S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
    S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe;c:\program files\TOSHIBA\TECO\TecoService.exe [x]
    S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys;c:\windows\SYSNATIVE\DRIVERS\TVALZFL.sys [x]
    S2 VBoxAswDrv;VBoxAsw Support Driver;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [x]
    S3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\amdhub30.sys;c:\windows\SYSNATIVE\DRIVERS\amdhub30.sys [x]
    S3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\amdxhc.sys;c:\windows\SYSNATIVE\DRIVERS\amdxhc.sys [x]
    S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
    S3 AvastVBoxSvc;AvastVBox COM Service;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [x]
    S3 CeKbFilter;CeKbFilter;c:\windows\system32\DRIVERS\CeKbFilter.sys;c:\windows\SYSNATIVE\DRIVERS\CeKbFilter.sys [x]
    S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
    S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192Ce.sys [x]
    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
    S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2014-11-23 23:44 1087304 ----a-w- c:\program files (x86)\Google\Chrome\Application\39.0.2171.65\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2014-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-11-23 23:42]
    .
    2014-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-11-23 23:42]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2014-11-23 23:41 860984 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ThpSrv"="c:\windows\system32\thpsrv" [X]
    "TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [BU]
    "HSON"="c:\program files (x86)\TOSHIBA\TBS\HSON.exe" [BU]
    "TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [BU]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-02-24 11780712]
    "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-01-18 2188904]
    "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
    "Teco"="c:\program files (x86)\TOSHIBA\TECO\Teco.exe" [BU]
    "TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2011-06-10 710560]
    "TosWaitSrv"="c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe" [BU]
    "TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
    "TosNC"="c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe" [BU]
    "TosReelTimeMonitor"="c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [BU]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    mSearch Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
    uInternet Settings,ProxyOverride = <local>;*.local
    TCP: DhcpNameServer = 192.168.1.1
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    AddRemove-reFX Nexus_is1 - c:\program files (x86)\Uninstall Nexus\unins000.exe
    AddRemove-WildTangentGDF-toshiba-clubpenguin - c:\program files (x86)\TOSHIBA Games\Web Link - Club Penguin\Uninstall.exe
    AddRemove-WildTangentGDF-toshiba-darkorbit - c:\program files (x86)\TOSHIBA Games\Web Link - Dark Orbit\Uninstall.exe
    AddRemove-WildTangentGDF-toshiba-seafight - c:\program files (x86)\TOSHIBA Games\Web Link - Seafight\Uninstall.exe
    AddRemove-WildTangentGDF-toshiba-shaiya - c:\program files (x86)\TOSHIBA Games\Web Link - Shaiya\Uninstall.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCCUJobMgr]
    "ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\diMaster.dll\" /prefetch:1"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_174_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_174_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_174_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_174_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_174.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_174.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_174.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_174.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2014-11-24 12:33:19
    ComboFix-quarantined-files.txt 2014-11-24 17:33
    ComboFix2.txt 2014-11-24 06:26
    .
    Pre-Run: 422,219,530,240 bytes free
    Post-Run: 422,172,286,976 bytes free
    .
    - - End Of File - - A93D1E20104157669B142F77327226E4
    5B5E648D12FCADC244C1EC30318E1EB9
     
  15. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Looks good.

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.

    [​IMG] Please download Farbar Recovery Scan Tool and save it to your Desktop.

    Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    • The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.
     
  16. Sam22

    Sam22 TS Rookie Topic Starter Posts: 20

    # AdwCleaner v4.102 - Report created 25/11/2014 at 01:29:30
    # Updated 23/11/2014 by Xplode
    # Database : 2014-11-24.1 [Live]
    # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Username : Samuel Avila - SAMUELAVILA-PC
    # Running from : C:\Users\Samuel Avila\Desktop\adwcleaner_4.102.exe
    # Option : Clean
    ***** [ Services ] *****

    ***** [ Files / Folders ] *****

    ***** [ Scheduled Tasks ] *****

    ***** [ Shortcuts ] *****

    ***** [ Registry ] *****
    Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
    Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C9F3DDAD-CAC6-4783-887A-D9A113A4545A}
    Key Deleted : HKCU\Software\Rocket Browser
    Key Deleted : HKCU\Software\RocketUpdater
    ***** [ Browsers ] *****
    -\\ Internet Explorer v11.0.9600.17420

    -\\ Google Chrome v39.0.2171.65
    [C:\Users\Samuel Avila\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
    [C:\Users\Samuel Avila\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
    *************************
    AdwCleaner[R0].txt - [1600 octets] - [25/11/2014 01:25:59]
    AdwCleaner[S0].txt - [1327 octets] - [25/11/2014 01:29:30]
    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1387 octets] ##########


    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.3.9 (11.15.2014:2)
    OS: Windows 7 Home Premium x64
    Ran by Samuel Avila on Tue 11/25/2014 at 1:41:45.33
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    ~~~ Services
    ~~~ Registry Values
    Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL
    ~~~ Registry Keys
    ~~~ Files
    ~~~ Folders
    Successfully deleted: [Empty Folder] C:\Users\Samuel Avila\appdata\local\{a7dd7ec0-0ac3-fac1-8587-9bbf8bba7421}
    ~~~ Event Viewer Logs were cleared
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Tue 11/25/2014 at 1:47:50.30
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  17. Sam22

    Sam22 TS Rookie Topic Starter Posts: 20

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-11-2014 01
    Ran by Samuel Avila (administrator) on SAMUELAVILA-PC on 25-11-2014 01:50:01
    Running from C:\Users\Samuel Avila\Desktop
    Loaded Profile: Samuel Avila (Available profiles: Samuel Avila)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
    ==================== Processes (Whitelisted) =================
    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
    (AMD) C:\Windows\System32\atiesrxx.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
    (Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    (TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
    (TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
    () C:\Program Files\TOSHIBA\FlashCards\Hotkey\TCrdKBB.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
    (BitTorrent Inc.) C:\Users\Samuel Avila\AppData\Roaming\uTorrent\uTorrent.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
    () C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
    (Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
    (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
    (TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
    (Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
    (TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
    (InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    (Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe

    ==================== Registry (Whitelisted) ==================
    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
    HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [590256 2011-05-17] (TOSHIBA Corporation)
    HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [296824 2010-09-25] (TOSHIBA Corporation)
    HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [972672 2011-04-27] (TOSHIBA Corporation)
    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11780712 2011-02-24] (Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2188904 2011-01-18] (Realtek Semiconductor)
    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated)
    HKLM\...\Run: [ThpSrv] => C:\windows\system32\thpsrv /logon
    HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1544624 2011-05-24] (TOSHIBA Corporation)
    HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2011-06-09] (TOSHIBA Corporation)
    HKLM\...\Run: [TosWaitSrv] => %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
    HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
    HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [597936 2011-07-27] (TOSHIBA Corporation)
    HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38824 2011-06-28] (TOSHIBA Corporation)
    HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [SVPWUTIL] => C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [532480 2011-03-10] (TOSHIBA CORPORATION)
    HKLM-x32\...\Run: [HWSetup] => C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [423936 2011-03-10] (TOSHIBA Electronics, Inc.)
    HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2010-08-16] (TOSHIBA CORPORATION)
    HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1298816 2011-07-11] (TOSHIBA Corporation)
    HKLM-x32\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe [3218864 2011-06-22] (Toshiba)
    HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
    HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
    HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
    HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-26] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5226600 2014-11-23] (AVAST Software)
    HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
    HKU\S-1-5-21-706833560-2454557567-1944840316-1001\...\Run: [uTorrent] => C:\Users\Samuel Avila\AppData\Roaming\uTorrent\uTorrent.exe [1385808 2014-11-22] (BitTorrent Inc.)
    HKU\S-1-5-21-706833560-2454557567-1944840316-1001\...\Run: [cdloader] => C:\Users\Samuel Avila\AppData\Roaming\mjusbsp\cdloader2.exe [50592 2012-02-01] (magicJack L.P.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNDA3100v2 Smart Wizard.lnk
    ShortcutTarget: NETGEAR WNDA3100v2 Smart Wizard.lnk -> C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe ()
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
    ==================== Internet (Whitelisted) ====================
    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\S-1-5-21-706833560-2454557567-1944840316-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\S-1-5-21-706833560-2454557567-1944840316-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01
    HKU\S-1-5-21-706833560-2454557567-1944840316-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
    SearchScopes: HKLM -> DefaultScope {9F97B713-F8C9-4FF5-A3A8-B22C6C95A126} URL = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM -> {9F97B713-F8C9-4FF5-A3A8-B22C6C95A126} URL = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
    SearchScopes: HKLM-x32 -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
    SearchScopes: HKLM-x32 -> {9F97B713-F8C9-4FF5-A3A8-B22C6C95A126} URL = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
    SearchScopes: HKU\S-1-5-21-706833560-2454557567-1944840316-1001 -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
    SearchScopes: HKU\S-1-5-21-706833560-2454557567-1944840316-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
    SearchScopes: HKU\S-1-5-21-706833560-2454557567-1944840316-1001 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
    SearchScopes: HKU\S-1-5-21-706833560-2454557567-1944840316-1001 -> {9F97B713-F8C9-4FF5-A3A8-B22C6C95A126} URL = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    BHO: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
    BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
    BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
    BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    Toolbar: HKU\S-1-5-21-706833560-2454557567-1944840316-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    Toolbar: HKU\S-1-5-21-706833560-2454557567-1944840316-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    FireFox:
    ========
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
    FF Plugin HKU\S-1-5-21-706833560-2454557567-1944840316-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Samuel Avila\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
    FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-11-23]
    Chrome:
    =======
    CHR StartupUrls: Default -> "hxxp://www.google.com/"
    CHR Profile: C:\Users\Samuel Avila\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Slides) - C:\Users\Samuel Avila\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-23]
    CHR Extension: (Google Docs) - C:\Users\Samuel Avila\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-23]
    CHR Extension: (Google Drive) - C:\Users\Samuel Avila\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-23]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Samuel Avila\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-23]
    CHR Extension: (YouTube) - C:\Users\Samuel Avila\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-23]
    CHR Extension: (Google Search) - C:\Users\Samuel Avila\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-23]
    CHR Extension: (Google Sheets) - C:\Users\Samuel Avila\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-23]
    CHR Extension: (Avast Online Security) - C:\Users\Samuel Avila\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-11-23]
    CHR Extension: (Google Wallet) - C:\Users\Samuel Avila\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-23]
    CHR Extension: (Gmail) - C:\Users\Samuel Avila\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-23]
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-23]
    ==================== Services (Whitelisted) =================
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-23] (AVAST Software)
    R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-11-23] (Avast Software)
    S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
    S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
    R2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [123320 2014-10-20] (Symantec Corporation)
    R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [126392 2011-07-19] (Symantec Corporation)
    S3 RasAuto; C:\Windows\System32\svchost.exe [27648 2011-03-01] (Microsoft Corporation)
    S3 RasAuto; C:\Windows\SysWOW64\svchost.exe [21504 2011-03-01] (Microsoft Corporation)
    S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
    R2 Thpsrv; C:\windows\system32\ThpSrv.exe [558592 2011-04-20] (TOSHIBA Corporation) [File not signed]
    S2 WSWNDA3100; C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [278528 2009-11-04] () [File not signed]
    S3 TPCHSrv; "C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe" [X]
    ==================== Drivers (Whitelisted) ====================
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
    U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2011-03-01] (Microsoft Corporation)
    R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-23] ()
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-23] (AVAST Software)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-23] (AVAST Software)
    R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-23] ()
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-23] (AVAST Software)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-23] (AVAST Software)
    S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-23] (AVAST Software)
    R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-23] ()
    S3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
    S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)
    U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [34808 2014-11-23] ()
    R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-11-23] (Avast Software)
    R3 VSTWinDriver6; C:\Windows\System32\drivers\VSTwindrvr6.sys [252928 2014-06-03] (Jungo)
    S3 YMIDUSBW; C:\Windows\System32\drivers\ymidusbx64.sys [51496 2013-04-04] (Yamaha Corporation)
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
    ==================== NetSvcs (Whitelisted) ===================
    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

    ==================== One Month Created Files and Folders ========
    (If an entry is included in the fixlist, the file\folder will be moved.)
    2014-11-25 01:50 - 2014-11-25 01:50 - 00021605 _____ () C:\Users\Samuel Avila\Desktop\FRST.txt
    2014-11-25 01:47 - 2014-11-25 01:47 - 00000889 _____ () C:\Users\Samuel Avila\Desktop\JRT.txt
    2014-11-25 01:41 - 2014-11-25 01:41 - 00000000 ____D () C:\windows\ERUNT
    2014-11-25 01:40 - 2014-11-25 01:40 - 00001467 _____ () C:\Users\Samuel Avila\Desktop\AdwCleaner[S0].txt
    2014-11-25 01:40 - 2014-11-25 01:40 - 00000197 _____ () C:\windows\system32\2014-11-25-06-40-16.043-AvastVBoxSVC.exe-4336.log
    2014-11-25 01:29 - 2014-11-25 01:29 - 00320260 _____ () C:\Users\Samuel Avila\AppData\Local\Q$_140066.ENU_SoftGridUserSettings_settings.cp.temp
    2014-11-25 01:25 - 2014-11-25 01:30 - 00000000 ____D () C:\AdwCleaner
    2014-11-25 01:25 - 2014-11-25 01:25 - 00001685 _____ () C:\Users\Samuel Avila\Desktop\roror.txt
    2014-11-25 01:23 - 2014-11-25 01:23 - 02148864 _____ () C:\Users\Samuel Avila\Desktop\adwcleaner_4.102.exe
    2014-11-25 01:23 - 2014-11-25 01:23 - 02118144 _____ (Farbar) C:\Users\Samuel Avila\Desktop\FRST64.exe
    2014-11-25 01:21 - 2014-11-25 01:21 - 01707532 _____ (Thisisu) C:\Users\Samuel Avila\Desktop\JRT.exe
    2014-11-24 18:31 - 2014-11-24 18:31 - 00001060 _____ () C:\Users\Public\Desktop\Logger Pro 3.8.7.lnk
    2014-11-24 18:31 - 2014-11-24 18:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vernier Software
    2014-11-24 18:31 - 2014-11-24 18:31 - 00000000 ____D () C:\Program Files\DIFX
    2014-11-24 18:31 - 2014-06-03 11:42 - 00049536 _____ (Texas Instruments Incorporated) C:\windows\SysWOW64\Drivers\tiehdusb.sys
    2014-11-24 18:31 - 2014-06-03 11:42 - 00011520 _____ (Walter Oney Software) C:\windows\SysWOW64\Drivers\wdmstub.sys
    2014-11-24 18:28 - 2014-11-24 18:28 - 00000000 ____D () C:\ProgramData\Vernier
    2014-11-24 18:28 - 2014-11-24 18:28 - 00000000 ____D () C:\Program Files (x86)\Vernier Software
    2014-11-24 18:27 - 2014-11-24 18:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
    2014-11-24 18:26 - 2014-11-24 18:27 - 00000000 ____D () C:\Program Files (x86)\QuickTime
    2014-11-24 18:21 - 2014-11-24 18:21 - 326470520 _____ (Vernier Software & Technology) C:\Users\Samuel Avila\Downloads\LoggerPro3_8_7.exe
    2014-11-24 15:19 - 2014-11-24 15:19 - 00000000 ____D () C:\Users\Samuel Avila\AppData\Local\Apple
    2014-11-24 13:38 - 2014-11-24 13:38 - 00000000 ____D () C:\Users\Samuel Avila\AppData\Local\Native Instruments
    2014-11-24 13:37 - 2014-11-24 13:37 - 00000197 _____ () C:\windows\system32\2014-11-24-18-37-47.097-AvastVBoxSVC.exe-2672.log
    2014-11-24 13:32 - 2014-11-24 13:33 - 01700192 _____ () C:\windows\Minidump\112414-176312-01.dmp
    2014-11-24 12:33 - 2014-11-24 12:33 - 00028574 _____ () C:\ComboFix.txt
    2014-11-24 01:06 - 2014-11-24 01:06 - 00000197 _____ () C:\windows\system32\2014-11-24-06-06-25.094-AvastVBoxSVC.exe-3620.log
    2014-11-24 00:19 - 2011-06-26 01:45 - 00256000 _____ () C:\windows\PEV.exe
    2014-11-24 00:19 - 2010-11-07 12:20 - 00208896 _____ () C:\windows\MBR.exe
    2014-11-24 00:19 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
    2014-11-24 00:19 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
    2014-11-24 00:19 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
    2014-11-24 00:19 - 2000-08-30 19:00 - 00098816 _____ () C:\windows\sed.exe
    2014-11-24 00:19 - 2000-08-30 19:00 - 00080412 _____ () C:\windows\grep.exe
    2014-11-24 00:19 - 2000-08-30 19:00 - 00068096 _____ () C:\windows\zip.exe
    2014-11-24 00:18 - 2014-11-24 12:33 - 00000000 ____D () C:\Qoobox
    2014-11-24 00:17 - 2014-11-24 01:23 - 00000000 ____D () C:\windows\erdnt
    2014-11-24 00:12 - 2014-11-24 12:17 - 05598874 ____R (Swearware) C:\Users\Samuel Avila\Desktop\ComboFix.exe
    2014-11-23 23:02 - 2014-11-23 23:02 - 01239386 _____ () C:\Users\Samuel Avila\Downloads\gegnts and jaws take 2.wav
    2014-11-23 21:21 - 2014-11-24 00:00 - 72259491 _____ () C:\Users\Samuel Avila\Downloads\gegnts and jaws take 2.zip
    2014-11-23 21:08 - 2014-11-23 21:08 - 16448208 _____ (Malwarebytes Corp.) C:\Users\Samuel Avila\Desktop\mbar-1.08.2.1001 (1).exe
    2014-11-23 20:25 - 2014-11-23 20:25 - 00034808 _____ () C:\windows\system32\Drivers\TrueSight.sys
    2014-11-23 20:25 - 2014-11-23 20:25 - 00000000 ____D () C:\ProgramData\RogueKiller
    2014-11-23 20:18 - 2014-11-23 20:19 - 15196248 _____ () C:\Users\Samuel Avila\Downloads\RogueKiller.exe
    2014-11-23 20:13 - 2014-11-23 20:13 - 00000247 _____ () C:\windows\system32\2014-11-24-01-13-38.078-aswFe.exe-1076.log
    2014-11-23 20:08 - 2014-11-23 20:13 - 00000247 _____ () C:\windows\system32\2014-11-24-01-08-08.023-aswFe.exe-8524.log
    2014-11-23 20:08 - 2014-11-23 20:08 - 00000197 _____ () C:\windows\system32\2014-11-24-01-08-00.087-AvastVBoxSVC.exe-4772.log
    2014-11-23 18:46 - 2014-11-23 18:49 - 00000000 ____D () C:\windows\SysWOW64\vbox
    2014-11-23 18:46 - 2014-11-23 18:49 - 00000000 ____D () C:\windows\system32\vbox
    2014-11-23 18:46 - 2014-11-23 18:46 - 00000000 ____D () C:\Users\Samuel Avila\AppData\Roaming\AVAST Software
    2014-11-23 18:45 - 2014-11-25 01:38 - 00004182 _____ () C:\windows\System32\Tasks\avast! Emergency Update
    2014-11-23 18:45 - 2014-11-23 18:45 - 00001975 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
    2014-11-23 18:45 - 2014-11-23 18:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
    2014-11-23 18:44 - 2014-11-23 18:44 - 00002266 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
    2014-11-23 18:44 - 2014-11-23 18:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
    2014-11-23 18:42 - 2014-11-25 01:36 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-11-23 18:42 - 2014-11-25 00:54 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-11-23 18:42 - 2014-11-23 18:49 - 00003894 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2014-11-23 18:42 - 2014-11-23 18:49 - 00003642 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2014-11-23 18:42 - 2014-11-23 18:46 - 00000000 ____D () C:\Users\Samuel Avila\AppData\Local\Google
    2014-11-23 18:42 - 2014-11-23 18:45 - 00000000 ____D () C:\Program Files (x86)\Google
    2014-11-23 18:42 - 2014-11-23 18:41 - 00436624 _____ (AVAST Software) C:\windows\system32\Drivers\aswSP.sys
    2014-11-23 18:42 - 2014-11-23 18:41 - 00267632 _____ () C:\windows\system32\Drivers\aswVmm.sys
    2014-11-23 18:42 - 2014-11-23 18:41 - 00116728 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys
    2014-11-23 18:42 - 2014-11-23 18:41 - 00093568 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
    2014-11-23 18:42 - 2014-11-23 18:41 - 00083280 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
    2014-11-23 18:42 - 2014-11-23 18:41 - 00065776 _____ () C:\windows\system32\Drivers\aswRvrt.sys
    2014-11-23 18:42 - 2014-11-23 18:41 - 00029208 _____ () C:\windows\system32\Drivers\aswHwid.sys
    2014-11-23 18:41 - 2014-11-23 18:45 - 01050432 _____ (AVAST Software) C:\windows\system32\Drivers\aswsnx.sys
    2014-11-23 18:41 - 2014-11-23 18:41 - 00364512 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
    2014-11-23 18:41 - 2014-11-23 18:41 - 00043152 _____ (AVAST Software) C:\windows\avastSS.scr
    2014-11-23 18:40 - 2014-11-23 18:40 - 00000000 ____D () C:\Program Files\AVAST Software
    2014-11-23 18:36 - 2014-11-23 18:40 - 00000000 ____D () C:\ProgramData\AVAST Software
    2014-11-23 18:00 - 2014-11-23 18:36 - 132469808 _____ (AVAST Software) C:\Users\Samuel Avila\Downloads\avast_free_antivirus_setup.exe
    2014-11-23 09:58 - 2014-11-23 09:58 - 00142941 _____ () C:\Users\Samuel Avila\Downloads\examplelabreport.pages
    2014-11-23 01:38 - 2014-11-23 01:38 - 00023759 _____ () C:\Users\Samuel Avila\Desktop\dds.txt
    2014-11-23 01:38 - 2014-11-23 01:38 - 00016725 _____ () C:\Users\Samuel Avila\Desktop\attach.txt
    2014-11-23 00:48 - 2014-11-23 00:48 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2014-11-23 00:48 - 2014-11-23 00:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-11-23 00:47 - 2014-11-23 00:48 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-11-23 00:47 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
    2014-11-23 00:47 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
    2014-11-22 22:54 - 2014-11-22 22:54 - 00009204 _____ () C:\Users\Samuel Avila\Desktop\ESETPoweliksCleaner.exe_20141122.225410.8212.log
    2014-11-22 22:54 - 2014-11-22 22:54 - 00000000 ____D () C:\Program Files (x86)\ESET
    2014-11-22 22:29 - 2014-11-24 19:21 - 00069512 _____ () C:\Users\Samuel Avila\AppData\Local\GDIPFONTCACHEV1.DAT
    2014-11-22 22:27 - 2014-11-24 13:42 - 00000000 ____D () C:\Users\Samuel Avila\AppData\Local\VirtualStore
    2014-11-22 22:27 - 2014-11-22 22:27 - 00000000 ____D () C:\Users\Samuel Avila\AppData\Local\tjnet
    2014-11-22 22:24 - 2014-11-22 22:25 - 01700136 _____ () C:\windows\Minidump\112214-143895-01.dmp
    2014-11-22 22:16 - 2014-11-24 13:27 - 00000000 ____D () C:\Users\Samuel Avila\AppData\Local\CrashDumps
    2014-11-22 21:32 - 2014-11-24 12:33 - 00000000 ____D () C:\Users\Samuel Avila\AppData\Local\Apps\2.0
    2014-11-22 21:32 - 2014-11-22 21:32 - 00000000 ____D () C:\Users\Samuel Avila\AppData\Local\SoftGrid Client
    2014-11-22 21:31 - 2014-11-24 21:19 - 00000000 ____D () C:\Users\Samuel Avila\AppData\Local\Adobe
    2014-11-22 20:33 - 2014-11-22 20:33 - 00079064 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\imofugc.sys
    2014-11-22 20:00 - 2014-11-22 20:00 - 00000913 _____ () C:\Users\Samuel Avila\Downloads\Downloads - Shortcut.lnk
    2014-11-22 19:58 - 2014-11-23 00:47 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2014-11-22 19:57 - 2014-11-25 01:39 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
    2014-11-22 19:57 - 2014-11-23 22:04 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2014-11-22 19:51 - 2014-11-22 19:52 - 00372896 _____ () C:\windows\Minidump\112214-166780-01.dmp
    2014-11-22 19:47 - 2014-11-23 22:04 - 00000000 ____D () C:\Users\Samuel Avila\Desktop\mbar
    2014-11-22 19:47 - 2014-11-23 21:10 - 00096472 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
    2014-11-22 19:47 - 2014-11-22 19:47 - 16448208 _____ (Malwarebytes Corp.) C:\Users\Samuel Avila\Downloads\mbar-1.08.2.1001.exe
    2014-11-22 19:36 - 2014-11-22 19:37 - 00000428 _____ () C:\zoek-results.log
    2014-11-22 19:33 - 2014-11-22 19:45 - 00000626 _____ () C:\runcheck.txt
    2014-11-22 19:33 - 2014-11-22 19:33 - 00000000 ____D () C:\zoek_backup
    2014-11-22 19:01 - 2014-11-22 22:54 - 02347384 _____ (ESET) C:\Users\Samuel Avila\Downloads\esetsmartinstaller_enu.exe
    2014-11-22 19:00 - 2014-11-25 01:50 - 00000000 ____D () C:\FRST
    2014-11-22 16:02 - 2014-11-22 16:02 - 00000000 ____D () C:\ProgramData\ATI
    2014-11-22 15:33 - 2014-11-22 15:41 - 00000000 ____D () C:\windows\system32\MRT
    2014-11-22 15:32 - 2014-10-31 23:26 - 103374192 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
    2014-11-22 13:42 - 2014-11-22 13:42 - 00055445 _____ () C:\windows\SysWOW64\CCCInstall_201411221342059497.log
    2014-11-22 13:42 - 2014-11-22 13:42 - 00000000 ____D () C:\ProgramData\AMD
    2014-11-22 13:42 - 2014-11-22 13:42 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
    2014-11-22 13:41 - 2014-11-22 13:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
    2014-11-22 13:34 - 2014-11-22 13:41 - 00000000 ____D () C:\Program Files\ATI Technologies
    2014-11-22 13:34 - 2014-11-22 13:37 - 00000000 ____D () C:\ProgramData\Package Cache
    2014-11-22 13:13 - 2014-11-22 13:14 - 00641360 _____ () C:\windows\Minidump\112214-152974-01.dmp
    2014-11-22 13:08 - 2014-11-22 13:08 - 00020598 _____ () C:\Users\Samuel Avila\Downloads\Oct-Nov.xlsx
    2014-11-22 13:08 - 2014-11-22 13:08 - 00000165 ____H () C:\Users\Samuel Avila\Downloads\~$Oct-Nov.xlsx
    2014-11-22 13:03 - 2014-11-22 13:03 - 00017177 _____ () C:\Users\Samuel Avila\Downloads\Sep-Oct.xlsx
    2014-11-22 12:38 - 2014-11-22 12:39 - 00372864 _____ () C:\windows\Minidump\112214-184190-01.dmp
    2014-11-22 12:19 - 2014-11-22 12:20 - 01043704 _____ () C:\windows\Minidump\112214-174767-01.dmp
    2014-11-22 12:05 - 2014-11-22 12:06 - 00641344 _____ () C:\windows\Minidump\112214-144363-01.dmp
    2014-11-22 10:55 - 2014-11-24 13:32 - 750936404 _____ () C:\windows\MEMORY.DMP
    2014-11-22 10:55 - 2014-11-22 10:56 - 00775584 _____ () C:\windows\Minidump\112214-170821-01.dmp
    2014-11-18 22:26 - 2014-11-10 22:08 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
    2014-11-18 22:26 - 2014-11-10 22:08 - 00241152 _____ (Microsoft Corporation) C:\windows\system32\pku2u.dll
    2014-11-18 22:26 - 2014-11-10 21:44 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
    2014-11-18 22:26 - 2014-11-10 21:44 - 00186880 _____ (Microsoft Corporation) C:\windows\SysWOW64\pku2u.dll
    2014-11-16 01:26 - 2014-11-16 01:27 - 11525200 _____ () C:\Users\Samuel Avila\Downloads\stream-2.wav
    2014-11-16 01:25 - 2014-11-16 01:26 - 11522120 _____ () C:\Users\Samuel Avila\Downloads\stream-3.wav
    2014-11-16 01:25 - 2014-11-16 01:26 - 11522120 _____ () C:\Users\Samuel Avila\Downloads\river-6.wav
    2014-11-16 01:02 - 2014-11-16 01:02 - 11521068 _____ () C:\Users\Samuel Avila\Downloads\street-traffic-1.wav
    2014-11-16 01:01 - 2014-11-16 01:01 - 10581984 _____ () C:\Users\Samuel Avila\Downloads\spring-weather-1.wav
    2014-11-16 01:01 - 2014-11-16 01:01 - 07232736 _____ () C:\Users\Samuel Avila\Downloads\boarding-accouncement-1.wav
    2014-11-15 23:44 - 2014-11-16 00:18 - 113461751 _____ () C:\Users\Samuel Avila\Downloads\Fade Holly Drummond Remix Stems.zip
    2014-11-15 23:01 - 2014-11-15 23:01 - 00083348 _____ () C:\Users\Samuel Avila\Downloads\google.csv
    2014-11-15 10:19 - 2014-11-15 10:19 - 00000000 __SHD () C:\Users\Samuel Avila\AppData\Local\EmieBrowserModeList
    2014-11-13 20:06 - 2014-11-07 14:49 - 00388272 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
    2014-11-13 20:06 - 2014-11-07 14:23 - 00341168 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
    2014-11-13 20:06 - 2014-11-05 23:04 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
    2014-11-13 20:06 - 2014-11-05 23:03 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
    2014-11-13 20:06 - 2014-11-05 22:47 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
    2014-11-13 20:06 - 2014-11-05 22:46 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
    2014-11-13 20:06 - 2014-11-05 22:43 - 02884096 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
    2014-11-13 20:06 - 2014-11-05 22:36 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
    2014-11-13 20:06 - 2014-11-05 22:35 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
    2014-11-13 20:06 - 2014-11-05 22:31 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
    2014-11-13 20:06 - 2014-11-05 22:30 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
    2014-11-13 20:06 - 2014-11-05 22:30 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
    2014-11-13 20:06 - 2014-11-05 22:28 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
    2014-11-13 20:06 - 2014-11-05 22:20 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
    2014-11-13 20:06 - 2014-11-05 22:16 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
    2014-11-13 20:06 - 2014-11-05 22:13 - 00501248 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
    2014-11-13 20:06 - 2014-11-05 22:13 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
    2014-11-13 20:06 - 2014-11-05 22:12 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
    2014-11-13 20:06 - 2014-11-05 22:10 - 19781632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
    2014-11-13 20:06 - 2014-11-05 22:10 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
    2014-11-13 20:06 - 2014-11-05 22:07 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
    2014-11-13 20:06 - 2014-11-05 22:05 - 02277376 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
    2014-11-13 20:06 - 2014-11-05 22:04 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
    2014-11-13 20:06 - 2014-11-05 22:03 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
    2014-11-13 20:06 - 2014-11-05 22:00 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
    2014-11-13 20:06 - 2014-11-05 21:59 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
    2014-11-13 20:06 - 2014-11-05 21:58 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
    2014-11-13 20:06 - 2014-11-05 21:57 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
    2014-11-13 20:06 - 2014-11-05 21:48 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
    2014-11-13 20:06 - 2014-11-05 21:42 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
    2014-11-13 20:06 - 2014-11-05 21:41 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
    2014-11-13 20:06 - 2014-11-05 21:41 - 00716800 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
    2014-11-13 20:06 - 2014-11-05 21:38 - 02124288 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
    2014-11-13 20:06 - 2014-11-05 21:37 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
    2014-11-13 20:06 - 2014-11-05 21:36 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
    2014-11-13 20:06 - 2014-11-05 21:34 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
    2014-11-13 20:06 - 2014-11-05 21:30 - 14390272 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
    2014-11-13 20:06 - 2014-11-05 21:22 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
    2014-11-13 20:06 - 2014-11-05 21:21 - 04298240 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
    2014-11-13 20:06 - 2014-11-05 21:21 - 02051072 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
    2014-11-13 20:06 - 2014-11-05 21:20 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
    2014-11-13 20:06 - 2014-11-05 21:04 - 01550336 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
    2014-11-13 20:06 - 2014-11-05 21:03 - 12819456 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
    2014-11-13 20:06 - 2014-11-05 20:53 - 00799232 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
    2014-11-13 20:06 - 2014-11-05 20:52 - 01892864 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
    2014-11-13 20:06 - 2014-11-05 20:48 - 01310208 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
    2014-11-13 20:06 - 2014-11-05 20:47 - 00708096 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
    2014-11-13 20:05 - 2014-11-05 23:03 - 25110016 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
    2014-11-13 20:05 - 2014-11-05 22:46 - 00580096 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
    2014-11-13 20:05 - 2014-11-05 22:44 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
    2014-11-13 20:05 - 2014-11-05 22:29 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
    2014-11-13 20:05 - 2014-11-05 22:23 - 06040064 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
    2014-11-13 20:05 - 2014-11-05 22:02 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
    2014-11-13 20:05 - 2014-11-05 22:00 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
    2014-11-13 20:05 - 2014-11-05 21:39 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
    2014-11-13 20:05 - 2014-11-05 21:17 - 02365440 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
    2014-11-13 19:43 - 2014-11-05 12:56 - 00304640 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
    2014-11-13 19:43 - 2014-11-05 12:56 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
    2014-11-13 19:43 - 2014-11-05 12:52 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
    2014-11-13 19:42 - 2014-10-13 21:16 - 00155064 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
    2014-11-13 19:42 - 2014-10-13 21:13 - 00683520 _____ (Microsoft Corporation) C:\windows\system32\termsrv.dll
    2014-11-13 19:42 - 2014-10-13 21:12 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
    2014-11-13 19:42 - 2014-10-13 21:09 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
    2014-11-13 19:42 - 2014-10-13 21:07 - 00681984 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
    2014-11-13 19:42 - 2014-10-13 20:50 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
    2014-11-13 19:42 - 2014-10-13 20:49 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
    2014-11-13 19:42 - 2014-10-13 20:47 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
    2014-11-13 19:42 - 2014-10-13 20:46 - 00681984 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
    2014-11-13 19:37 - 2014-08-21 01:43 - 01882624 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
    2014-11-13 19:37 - 2014-08-21 01:40 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
    2014-11-13 19:37 - 2014-08-21 01:26 - 01237504 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
    2014-11-13 19:37 - 2014-08-21 01:23 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
    2014-11-13 19:37 - 2014-08-11 21:02 - 00878080 _____ (Microsoft Corporation) C:\windows\system32\IMJP10K.DLL
    2014-11-13 19:37 - 2014-08-11 20:36 - 00701440 _____ (Microsoft Corporation) C:\windows\SysWOW64\IMJP10K.DLL
    2014-11-13 19:36 - 2014-10-02 21:12 - 00500224 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll
    2014-11-13 19:36 - 2014-10-02 21:11 - 00680960 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
    2014-11-13 19:36 - 2014-10-02 21:11 - 00440832 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll
    2014-11-13 19:36 - 2014-10-02 21:11 - 00296448 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll
    2014-11-13 19:36 - 2014-10-02 21:11 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll
    2014-11-13 19:36 - 2014-10-02 20:44 - 00442880 _____ (Microsoft Corporation) C:\windows\SysWOW64\AUDIOKSE.dll
    2014-11-13 19:36 - 2014-10-02 20:44 - 00374784 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioEng.dll
    2014-11-13 19:36 - 2014-10-02 20:44 - 00195584 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioSes.dll
    2014-11-13 19:31 - 2014-09-19 04:42 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
    2014-11-13 19:31 - 2014-09-19 04:42 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
    2014-11-13 19:31 - 2014-09-19 04:42 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
    2014-11-13 19:31 - 2014-09-19 04:42 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
    2014-11-13 19:31 - 2014-09-19 04:42 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
    2014-11-13 19:31 - 2014-09-19 04:42 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
    2014-11-13 19:31 - 2014-09-19 04:23 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
    2014-11-13 19:31 - 2014-09-19 04:23 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
    2014-11-13 19:31 - 2014-09-19 04:23 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
    2014-11-13 19:31 - 2014-09-19 04:23 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
    2014-11-13 19:31 - 2014-09-19 04:23 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
    2014-11-13 19:31 - 2014-09-19 04:23 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
    2014-11-13 19:30 - 2014-10-24 20:57 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\packager.dll
    2014-11-13 19:30 - 2014-10-24 20:32 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\packager.dll
    2014-11-13 19:30 - 2014-10-17 21:05 - 00861696 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
    2014-11-13 19:30 - 2014-10-17 20:33 - 00571904 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll
    2014-11-13 19:30 - 2014-10-13 21:13 - 03241984 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
    2014-11-13 19:30 - 2014-10-13 20:50 - 02363904 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
    2014-11-13 19:30 - 2014-10-09 19:57 - 03198976 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
    2014-11-11 21:26 - 2014-11-11 21:26 - 00000000 ____D () C:\Users\Samuel Avila\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Native Instruments Massive
    2014-11-11 19:04 - 2014-11-11 19:32 - 185285415 _____ () C:\Users\Samuel Avila\Downloads\BeatportRemixPackage-GentAndJawns-Fireball.zip
    2014-11-08 20:55 - 2014-11-08 20:58 - 17825869 _____ () C:\Users\Samuel Avila\Downloads\Future Bass Free FLP.zip
    2014-11-08 20:55 - 2014-11-08 20:55 - 00024460 _____ () C:\Users\Samuel Avila\Downloads\FruityPresets.rar
    2014-11-08 20:45 - 2014-11-08 20:45 - 00000000 ____D () C:\Users\Samuel Avila\Downloads\fl
    2014-11-02 20:43 - 2014-11-02 20:45 - 06126536 _____ (Tim Kosse) C:\Users\Samuel Avila\Downloads\FileZilla_3.9.0.6_win32-setup.exe
    2014-11-02 20:38 - 2014-11-02 20:38 - 00029425 _____ () C:\Users\Samuel Avila\Downloads\SimplejQueryDropdowns.zip
     
  18. Sam22

    Sam22 TS Rookie Topic Starter Posts: 20

    ==================== One Month Modified Files and Folders =======
    (If an entry is included in the fixlist, the file\folder will be moved.)
    2014-11-25 01:50 - 2013-09-14 21:42 - 00000000 ____D () C:\Users\Samuel Avila\AppData\Roaming\uTorrent
    2014-11-25 01:45 - 2009-07-13 23:45 - 00025120 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-11-25 01:45 - 2009-07-13 23:45 - 00025120 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-11-25 01:41 - 2013-09-14 00:22 - 02092820 _____ () C:\windows\WindowsUpdate.log
    2014-11-25 01:36 - 2009-07-14 00:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
    2014-11-25 01:36 - 2009-07-13 23:45 - 04926104 _____ () C:\windows\system32\FNTCACHE.DAT
    2014-11-25 01:35 - 2014-09-12 23:04 - 00010172 _____ () C:\windows\setupact.log
    2014-11-25 01:34 - 2010-11-20 22:47 - 00820106 _____ () C:\windows\PFRO.log
    2014-11-24 18:31 - 2013-09-14 00:34 - 00015792 _____ () C:\windows\DPINST.LOG
    2014-11-24 13:32 - 2013-10-13 16:27 - 00000000 ____D () C:\windows\Minidump
    2014-11-24 12:30 - 2009-07-13 21:34 - 00000215 _____ () C:\windows\system.ini
    2014-11-24 01:26 - 2009-07-13 22:20 - 00000000 __RHD () C:\Users\Default
    2014-11-23 19:55 - 2009-07-14 00:08 - 00032638 _____ () C:\windows\Tasks\SCHEDLGU.TXT
    2014-11-23 18:45 - 2013-09-14 00:55 - 00000000 ____D () C:\Program Files\Google
    2014-11-23 18:45 - 2013-09-14 00:54 - 00000000 ____D () C:\ProgramData\Google
    2014-11-23 01:23 - 2014-02-24 21:30 - 00000000 ____D () C:\Users\Samuel Avila\AppData\Local\PACE Anti-Piracy
    2014-11-23 01:20 - 2014-07-11 12:45 - 00000000 ____D () C:\Program Files\CamStudio 2.7
    2014-11-22 20:33 - 2013-11-23 17:04 - 00000000 ____D () C:\Program Files (x86)\Feathercoin
    2014-11-22 20:33 - 2009-07-14 00:32 - 00000000 ____D () C:\windows\addins
    2014-11-22 18:51 - 2011-08-09 21:37 - 00000000 ____D () C:\windows\SysWOW64\Macromed
    2014-11-22 15:55 - 2013-09-14 00:51 - 00000000 ____D () C:\Program Files (x86)\TOSHIBA Games
    2014-11-22 13:39 - 2013-09-14 00:21 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies
    2014-11-22 13:03 - 2013-09-24 20:53 - 00000000 ____D () C:\Users\Samuel Avila\AppData\Roaming\SoftGrid Client
    2014-11-16 00:45 - 2014-07-30 13:45 - 00000102 _____ () C:\Users\Samuel Avila\AppData\Roaming\WB.CFG
    2014-11-14 04:37 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\rescache
    2014-11-14 03:20 - 2014-05-07 09:44 - 00000000 ___SD () C:\windows\system32\CompatTel
    2014-11-13 19:17 - 2009-07-14 00:13 - 00783336 _____ () C:\windows\system32\PerfStringBackup.INI
    2014-11-12 22:34 - 2013-09-13 23:57 - 00000000 ____D () C:\Users\Samuel Avila\AppData\Roaming\FileZilla
    2014-11-11 21:26 - 2013-09-14 21:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments Massive
    2014-11-11 21:25 - 2013-09-16 17:33 - 00000000 ____D () C:\Program Files (x86)\Native Instruments
    2014-11-06 16:45 - 2013-11-05 18:34 - 00000000 ____D () C:\Users\Samuel Avila\Desktop\euro tst
    2014-11-04 14:30 - 2010-11-20 22:27 - 00275080 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
    Some content of TEMP:
    ====================
    C:\Users\Samuel Avila\AppData\Local\Temp\Quarantine.exe
    C:\Users\Samuel Avila\AppData\Local\Temp\sqlite3.dll

    ==================== Bamital & volsnap Check =================
    (There is no automatic fix for files that do not pass verification.)
    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2014-11-19 03:51
    ==================== End Of Log ============================
     
  19. Sam22

    Sam22 TS Rookie Topic Starter Posts: 20

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-11-2014 01
    Ran by Samuel Avila at 2014-11-25 01:51:02
    Running from C:\Users\Samuel Avila\Desktop
    Boot Mode: Normal
    ==========================================================

    ==================== Security Center ========================
    (If an entry is included in the fixlist, it will be removed.)
    AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
    ==================== Installed Programs ======================
    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
    µTorrent (HKU\S-1-5-21-706833560-2454557567-1944840316-1001\...\uTorrent) (Version: 3.4.2.35702 - BitTorrent Inc.)
    Adobe After Effects CS6 (HKLM-x32\...\{4817D846-700B-474E-A31B-80892B3E92E3}) (Version: 11 - Adobe Systems Incorporated)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
    Adobe Dreamweaver CS5.5 (HKLM-x32\...\{0215A652-E081-4B09-9333-DC85AAB67FFA}) (Version: 11.5 - Adobe Systems Incorporated)
    Adobe Flash Player 10 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 10.3.181.34 - Adobe Systems Incorporated)
    Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.8.800.174 - Adobe Systems Incorporated)
    Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
    Adobe Illustrator CS6 (HKLM-x32\...\{4869414E-7AEA-4C8E-BE1C-8D40977FD517}) (Version: 16.0 - Adobe Systems Incorporated)
    Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
    Adobe Reader X MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.0.0 - Adobe Systems Incorporated)
    Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1) (Version: 2.0 Build 230 - Adobe Systems Incorporated.)
    AMD Catalyst Install Manager (HKLM\...\{7A36AF9D-AA8C-770B-B35E-7F2269C245CA}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
    Ample Guitar M version 1.1.2 (HKLM-x32\...\{F0855D86-F7D9-4E24-987C-CD7CEBB61AF4}_is1) (Version: 1.1.2 - Ample Sound Technology Co., Ltd.)
    Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.11 Beta1 - Michael Tippach)
    Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
    Axure RP Pro 6.5 (HKLM-x32\...\Axure RP Pro 6.5) (Version: 6.5.0.3049 - Axure Software Solutions, Inc.)
    Axure RP Pro 6.5 (x32 Version: 6.5.0.3049 - Axure Software Solutions, Inc.) Hidden
    Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    Brackets (HKLM-x32\...\{8F3D2997-8FB1-4989-9BE4-40D43AC41BAA}) (Version: 0.43 - brackets.io)
    Camel Audio CamelCrusher (HKLM-x32\...\Camel Audio CamelCrusher) (Version: 1.01.0 - Camel Audio)
    CamStudio 2.7.2 (HKLM\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7.2 - CamStudio Open Source)
    Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Corel WinDVD (HKLM-x32\...\{5C1F18D2-F6B7-4242-B803-B5A78648185D}) (Version: 10.0.5.871 - Corel Inc.)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
    Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
    FATE - The Traitor Soul (x32 Version: 2.2.0.95 - WildTangent) Hidden
    FileZilla Client 3.8.0 (HKU\S-1-5-21-706833560-2454557567-1944840316-1001\...\FileZilla Client) (Version: 3.8.0 - Tim Kosse)
    Fishdom (TM) 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
    FL Studio 11 (HKLM-x32\...\FL Studio 11) (Version: - Image-Line)
    FlowStone FL 3.0 (HKLM-x32\...\FlowStone) (Version: - )
    GitHub (HKU\S-1-5-21-706833560-2454557567-1944840316-1001\...\5f7eb300e2ea4ebf) (Version: 1.2.5.0 - GitHub, Inc.)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.65 - Google Inc.)
    Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
    Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    IL Download Manager (HKLM-x32\...\IL Download Manager) (Version: - Image-Line)
    IL Gross Beat (HKLM-x32\...\IL Gross Beat) (Version: - Image-Line)
    IL Harmless (HKLM-x32\...\IL Harmless) (Version: - Image-Line)
    IL Harmor (HKLM-x32\...\IL Harmor) (Version: - Image-Line)
    IL Juice Pack (HKLM-x32\...\IL Juice Pack) (Version: - Image-Line)
    IL MiniHost (HKLM-x32\...\IL MiniHost) (Version: - Image-Line)
    IL Shared Libraries (HKLM-x32\...\IL Shared Libraries) (Version: - Image-Line)
    iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
    Java(TM) 6 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216025FF}) (Version: 6.0.250 - Oracle)
    JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.59.2 - JMicron Technology Corp.)
    Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Label@Once 1.0 (HKLM-x32\...\{0D795777-9D60-4692-8386-F2B3F2B5E5BF}) (Version: 1.0 - Corel)
    League of Legends (HKLM-x32\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)
    Logger Pro 3.8.7 (HKLM-x32\...\{91723F06-AEC9-48CA-7AAE-806AD81D8C60}) (Version: 5.182.429 - Vernier Software & Technology)
    magicJack (HKU\S-1-5-21-706833560-2454557567-1944840316-1001\...\magicJack) (Version: 2.0.6073.4413 - magicJack L.P.)
    Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
    Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
    Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
    Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    Native Instruments Battery 4 (HKLM-x32\...\Native Instruments Battery 4) (Version: 4.0.1.2234 - Native Instruments)
    Native Instruments Kontakt 5 (HKLM-x32\...\Native Instruments Kontakt 5) (Version: 5.2.1.6382 - Native Instruments)
    Native Instruments Massive (HKLM-x32\...\Native Instruments Massive) (Version: - Native Instruments)
    Native Instruments Massive v1.0.1.008 VSTi DXi RTAS (HKLM-x32\...\Native Instruments Massive v1.0.1.008 VSTi DXi RTAS) (Version: - )
    Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version: 2.5.2.1549 - Native Instruments)
    Native Instruments Supercharger (HKLM-x32\...\Native Instruments Supercharger) (Version: 1.1.0.418 - Native Instruments)
    NETGEAR WNDA3100v2 wireless USB 2.0 adapter (HKLM-x32\...\{3C7839E7-21F4-49E0-B4D5-AC8ED818CCB0}) (Version: 1.0.0.133 - NETGEAR)
    PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
    Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
    PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
    PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
    PoiZone (HKLM-x32\...\PoiZone) (Version: - Image-Line)
    Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
    QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.38.113.2011 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6316 - Realtek Semiconductor Corp.)
    Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0016 - REALTEK Semiconductor Corp.)
    reFX Nexus VSTi RTAS v2.2.0 (HKLM-x32\...\reFX Nexus_is1) (Version: - )
    Seven Phases Spectrum Analyzer (HKU\S-1-5-21-706833560-2454557567-1944840316-1001\...\Seven Phases Spectrum Analyzer) (Version: - )
    Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version: - 2K Games, Inc.)
    Skype Launcher (HKLM-x32\...\{DA84ECBF-4B79-47F2-B34C-95C38484C058}) (Version: 2.01 - TOSHIBA Corporation)
    Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
    swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.11.1 - Synaptics Incorporated)
    thinkorswim (HKLM\...\9968-4488-2169-7623) (Version: desktop - thinkorswim, Inc)
    Tom Clancy's Splinter Cell (x32 Version: 2.2.0.97 - WildTangent) Hidden
    Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
    TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.2 - TOSHIBA)
    TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.2.3.0 - TOSHIBA CORPORATION)
    Toshiba Book Place (HKLM-x32\...\{A14962A7-2B7D-456E-BFCD-F54E3A88D41F}) (Version: 2.2.7530 - K-NFB Reading Technology, Inc.)
    TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{1C8C049A-145F-4A6E-8290-B5C245EBE39D}) (Version: 1.6.11.64 - TOSHIBA Corporation)
    TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.11 for x64 - TOSHIBA Corporation)
    TOSHIBA eco Utility (HKLM\...\{C2F94B5E-201A-4754-8F2F-4395E1D90DA3}) (Version: 1.3.5.64 - TOSHIBA Corporation)
    TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.17.64 - TOSHIBA Corporation)
    TOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.63.0.12C - TOSHIBA CORPORATION)
    TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.63.1.37C - TOSHIBA CORPORATION)
    TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.2.2.15 - TOSHIBA Corporation)
    TOSHIBA HDD/SSD Alert (HKLM\...\{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.9 - TOSHIBA Corporation)
    Toshiba Laptop Checkup (HKLM-x32\...\NortonPCCheckup) (Version: 2.0.13.11 - Symantec Corporation)
    TOSHIBA Media Controller (HKLM-x32\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.87.4 - TOSHIBA CORPORATION)
    TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.7.5 - TOSHIBA CORPORATION)
    Toshiba Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 2.0.0.31 - Toshiba)
    TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.20.6401 - TOSHIBA Corporation)
    TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.3 - TOSHIBA)
    TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.5.5109a - TOSHIBA CORPORATION)
    TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.21.64 - TOSHIBA Corporation)
    TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.1.2001 - TOSHIBA Corporation)
    TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.12 - TOSHIBA)
    TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.2.8 - TOSHIBA Corporation)
    TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.63.51.3C - TOSHIBA CORPORATION)
    TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.6.1.64 - TOSHIBA Corporation)
    TOSHIBA VIDEO PLAYER (HKLM-x32\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 4.00.7.06-A - TOSHIBA Corporation)
    TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.3.3 - TOSHIBA Corporation)
    TOSHIBA Wireless LAN Indicator (HKLM-x32\...\{5B01BCB7-A5D3-476F-AF11-E515BA206591}) (Version: 1.0.5 - TOSHIBA CORPORATION)
    TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.6 - TOSHIBA)
    Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
    Utility Common Driver (x32 Version: 1.0.52.3C - TOSHIBA) Hidden
    Virtual Villagers 5 - New Believers (x32 Version: 2.2.0.97 - WildTangent) Hidden
    WildTangent Games (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.2.5 - WildTangent)
    WildTangent Games App (Toshiba Games) (x32 Version: 4.0.5.14 - WildTangent) Hidden
    Windows Driver Package - Texas Instruments Inc. (SilvrLnk) USB (06/11/2009 1.0.0.0) (HKLM\...\EC3E466026556D3EB760B01C4772277614354E11) (Version: 06/11/2009 1.0.0.0 - Texas Instruments Inc.)
    Windows Driver Package - Texas Instruments Inc. (TIEHDUSB) USB (09/02/2009 1.0.0.1) (HKLM\...\7511B29C86C398B4D11A0B0E4176CAD68D1B7057) (Version: 09/02/2009 1.0.0.1 - Texas Instruments Inc.)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
    Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
    WinRAR 5.00 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
    WMV9/VC-1 Video Playback (Version: 1.00.0000 - ATI Technologies Inc.) Hidden
    XAMPP 1.8.1 (HKLM-x32\...\xampp) (Version: - )
    Yamaha USB-MIDI Driver (HKLM-x32\...\InstallShield_{71E75F05-930E-41BA-BDBC-15E3134DD45B}) (Version: 3.1.3.1 - Yamaha Corporation)
    Yamaha USB-MIDI Driver (Version: 3.1.3.1 - Yamaha Corporation) Hidden
    Zuma's Revenge (x32 Version: 2.2.0.97 - WildTangent) Hidden
    ==================== Custom CLSID (selected items): ==========================
    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    ==================== Restore Points =========================
    14-11-2014 00:17:24 Windows Update
    14-11-2014 08:00:16 Windows Update
    19-11-2014 03:26:31 Windows Update
    19-11-2014 08:00:13 Windows Update
    22-11-2014 15:42:15 Windows Update
    22-11-2014 18:34:24 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
    22-11-2014 18:37:04 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
    22-11-2014 20:31:55 Windows Update
    23-11-2014 00:36:51 zoek.exe restore point
    23-11-2014 01:32:43 Malwarebytes Anti-Rootkit Restore Point
    23-11-2014 23:40:18 avast! antivirus system restore point
    24-11-2014 02:08:34 before antivirus
    24-11-2014 23:24:55 Installed QuickTime 7
    24-11-2014 23:27:45 Installed Logger Pro 3.8.7.
    ==================== Hosts content: ==========================
    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)
    2009-07-13 21:34 - 2014-11-24 01:19 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts
    127.0.0.1 localhost
    ==================== Scheduled Tasks (whitelisted) =============
    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
    Task: {637CAA6D-8E7A-47C3-BEC3-DB8520A47260} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-23] (AVAST Software)
    Task: {80B01256-40DA-4C9A-A70E-818B1557C68B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-23] (Google Inc.)
    Task: {8D2095ED-1BEB-4C71-95A1-6EA78E7C168F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-23] (Google Inc.)
    Task: {A527B911-CA48-417E-A380-8FBCC2D13F4B} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
    Task: {A8F45855-B64D-47E7-A584-A1BE70B975FA} - System32\Tasks\AdobeAAMUpdater-1.0-SamuelAvila-PC-Samuel Avila => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04] (Adobe Systems Incorporated)
    Task: {FFAD9256-8EC5-4ABA-997E-AC4F01CCA992} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    ==================== Loaded Modules (whitelisted) =============
    2010-11-18 19:18 - 2010-11-18 19:18 - 11190784 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
    2010-12-15 17:19 - 2010-12-15 17:19 - 00124320 _____ () C:\Program Files\TOSHIBA\TECO\MUIHelp.dll
    2011-02-22 21:22 - 2011-02-22 21:22 - 00429432 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe
    2014-10-20 12:13 - 2010-02-11 09:00 - 03280896 _____ () C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
    2014-11-23 18:41 - 2014-11-23 18:41 - 00388208 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll
    2014-11-23 18:41 - 2014-11-23 18:41 - 05851328 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll
    2011-06-09 23:09 - 2011-06-09 23:09 - 00079784 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
    2010-01-02 09:42 - 2010-01-02 09:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
    2014-11-24 17:35 - 2014-11-24 17:35 - 02903552 _____ () C:\Program Files\AVAST Software\Avast\defs\14112401\algo.dll
    2014-11-23 18:41 - 2014-11-23 18:41 - 04495336 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\x86\VBoxRT-x86.dll
    2013-04-21 20:44 - 2013-04-21 20:44 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2013-04-21 20:44 - 2013-04-21 20:44 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2014-10-20 12:13 - 2009-09-03 10:15 - 00278528 _____ () C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvcLib.dll
    2014-11-23 18:41 - 2014-11-23 18:41 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    ==================== Alternate Data Streams (whitelisted) =========
    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
    AlternateDataStreams: C:\ProgramData\TEMP:BF3D62E7
    AlternateDataStreams: C:\Users\Samuel Avila\AppData\Local\KYfhAl7qzh:wojlmIhrq9e2hfVDf6gK
    AlternateDataStreams: C:\Users\Samuel Avila\AppData\Local\TTC1O7onq0:7stCAwhUMu1lt27bvcOwzPztA
    ==================== Safe Mode (whitelisted) ===================
    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    ==================== EXE Association (whitelisted) =============
    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

    ==================== MSCONFIG/TASK MANAGER disabled items =========
    (Currently there is no automatic fix for this section.)

    ========================= Accounts: ==========================
    Administrator (S-1-5-21-706833560-2454557567-1944840316-500 - Administrator - Disabled)
    Guest (S-1-5-21-706833560-2454557567-1944840316-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-706833560-2454557567-1944840316-1002 - Limited - Enabled)
    Samuel Avila (S-1-5-21-706833560-2454557567-1944840316-1001 - Administrator - Enabled) => C:\Users\Samuel Avila
    ==================== Faulty Device Manager Devices =============

    ==================== Event log errors: =========================
    Application errors:
    ==================
    System errors:
    =============
    Microsoft Office Sessions:
    =========================
    CodeIntegrity Errors:
    ===================================
    Date: 2014-11-24 00:33:03.874
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
    Date: 2014-11-24 00:33:03.781
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
    Date: 2014-06-11 19:07:54.871
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\win32k.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
    Date: 2014-06-11 19:07:54.731
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\win32k.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    ==================== Memory info ===========================
    Processor: AMD A6-3400M APU with Radeon(tm) HD Graphics
    Percentage of memory in use: 28%
    Total physical RAM: 5608.67 MB
    Available physical RAM: 3990.19 MB
    Total Pagefile: 11215.52 MB
    Available Pagefile: 9451.8 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.84 MB
    ==================== Drives ================================
    Drive c: (TI106242W0C) (Fixed) (Total:580.43 GB) (Free:387.84 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    ==================== MBR & Partition Table ==================
    ========================================================
    Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 596.2 GB) (Disk ID: F0641918)
    Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
    Partition 2: (Not Active) - (Size=580.4 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=14.3 GB) - (Type=17)
    ==================== End Of Log ============================
     
  20. Sam22

    Sam22 TS Rookie Topic Starter Posts: 20

    From everything you've told me to do so far, my computer is running faster, thank you very much!!
    There is this thing that happened today though, my computer out of no where froze and turned to a blue screen that was saying something about "dumping files" and then completely turned off and turned back on. I have no idea why that happened, and it would be great if you could tell me what caused this, Thanks!!!
     
  21. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    If it happened just once I wouldn't worry too much about it.

    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
     

    Attached Files:

  22. Sam22

    Sam22 TS Rookie Topic Starter Posts: 20

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 23-11-2014 01
    Ran by Samuel Avila at 2014-11-25 22:03:26 Run:1
    Running from C:\Users\Samuel Avila\Desktop
    Loaded Profile: Samuel Avila (Available profiles: Samuel Avila)
    Boot Mode: Normal
    ==============================================
    Content of fixlist:
    *****************
    HKU\S-1-5-21-706833560-2454557567-1944840316-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    Toolbar: HKU\S-1-5-21-706833560-2454557567-1944840316-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
    FF Plugin HKU\S-1-5-21-706833560-2454557567-1944840316-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Samuel Avila\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
    S3 TPCHSrv; "C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe" [X]
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
    C:\Users\Samuel Avila\AppData\Local\Temp\Quarantine.exe
    C:\Users\Samuel Avila\AppData\Local\Temp\sqlite3.dll
    AlternateDataStreams: C:\ProgramData\TEMP:BF3D62E7
    AlternateDataStreams: C:\Users\Samuel Avila\AppData\Local\KYfhAl7qzh:wojlmIhrq9e2hfVDf6gK
    AlternateDataStreams: C:\Users\Samuel Avila\AppData\Local\TTC1O7onq0:7stCAwhUMu1lt27bvcOwzPztA
    *****************
    "HKU\S-1-5-21-706833560-2454557567-1944840316-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
    "HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
    "HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
    HKU\S-1-5-21-706833560-2454557567-1944840316-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value deleted successfully.
    "HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" => Key not found.
    "HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => Key deleted successfully.
    "HKU\S-1-5-21-706833560-2454557567-1944840316-1001\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin" => Key deleted successfully.
    C:\Users\Samuel Avila\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll not found.
    TPCHSrv => Service deleted successfully.
    catchme => Service deleted successfully.
    VBoxNetFlt => Service deleted successfully.
    C:\Users\Samuel Avila\AppData\Local\Temp\Quarantine.exe => Moved successfully.
    C:\Users\Samuel Avila\AppData\Local\Temp\sqlite3.dll => Moved successfully.
    C:\ProgramData\TEMP => ":BF3D62E7" ADS removed successfully.
    C:\Users\Samuel Avila\AppData\Local\KYfhAl7qzh => ":wojlmIhrq9e2hfVDf6gK" ADS removed successfully.
    C:\Users\Samuel Avila\AppData\Local\TTC1O7onq0 => ":7stCAwhUMu1lt27bvcOwzPztA" ADS removed successfully.
    ==== End of Fixlog ====
     
  23. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    How is computer doing?

    Last scans...

    [​IMG] Download Security Check from here or here and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
    NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
    NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


    [​IMG] Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
      • Other Services
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    [​IMG] Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    [​IMG] Download Sophos Free Virus Removal Tool and save it to your desktop.
    • Double click the icon and select Run
    • Click Next
    • Select I accept the terms in this license agreement, then click Next twice
    • Click Install
    • Click Finish to launch the program
    • Once the virus database has been updated click Start Scanning
    • If any threats are found click Details, then View log file... (bottom left hand corner)
    • Copy and paste the results in your reply
    • Close the Notepad document, close the Threat Details screen, then click Start cleanup
    • Click Exit to close the program
     
  24. Sam22

    Sam22 TS Rookie Topic Starter Posts: 20

    My computer is running slowly right now and I have no idea why. When I try to watch a YouTube video, this gray exclamation mark appears instead of the video.
    Adobe says that it is the "Gray Circle of Death" and it occurs when an application is asking for more memory available on the browser.
    http://blogs.adobe.com/dekesmith/20...gray-circle-with-an-exclamation-mark-or-bang/

    Is this a virus? Please let me know, thanks!
    Also will post the logs in about 10 minutes.
     
  25. Sam22

    Sam22 TS Rookie Topic Starter Posts: 20

    Results of screen317's Security Check version 0.99.91
    Windows 7 Service Pack 1 x64 (UAC is enabled)
    Internet Explorer 11
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    avast! Antivirus
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Malwarebytes Anti-Malware version 2.0.3.1025
    Java(TM) 6 Update 25
    Java version 32-bit out of Date!
    Adobe Flash Player 10 Flash Player out of Date!
    Google Chrome (39.0.2171.65)
    Google Chrome (39.0.2171.71)
    ````````Process Check: objlist.exe by Laurent````````
    Norton ccSvcHst.exe
    Malwarebytes Anti-Malware mbamservice.exe
    Malwarebytes Anti-Malware mbam.exe
    Malwarebytes Anti-Malware mbamscheduler.exe
    AVAST Software Avast AvastSvc.exe
    AVAST Software Avast avastui.exe
    AVAST Software Avast ng vbox\AvastVBoxSVC.exe
    AVAST Software Avast ng ngservice.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 1%
    ````````````````````End of Log``````````````````````
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...