Inactive-A Computer slowing down to snail speed

[keepmovingup2]

Hi there,

over the last few weeks ive noticed the performance of my computer has reduced dramatically. I have even started to get "memory error" messages appear on startup.

I have downloaded various antispyware/virus software (malwarebytes,spybot search and destroy, AVG 2013 I even installed Panda pro 2013 but to no avail. tried uninstalling them too. I noticed ive got a lot of Service host things going on which is using a lot of memory (over 100mb avg). but can't seem to get rid of it.

any further advice would be greatly welcome

 

[Broni]

Welcome aboard

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

 

[keepmovingup2]

Hi thanks for the assist, here is the malwarebytes and DDS log.

Malwarebytes Anti-Malware (Trial) 1.70.0.1100
www.malwarebytes.org

Database version: v2013.01.04.09

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16466
jonesy :: JACK [limited]

Protection: Enabled

05/01/2013 21:58:17
mbam-log-2013-01-05 (21-58-17).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 400272
Time elapsed: 44 minute(s), 44 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16519 BrowserJavaVersion: 10.17.2
Run by jonesy at 23:49:37 on 2013-04-20
Microsoft Windows 8 6.2.9200.0.1252.44.2057.18.5595.4030 [GMT 1:00]
.
AV: Panda Antivirus Pro 2013 *Enabled/Updated* {65216B53-8D58-3C85-9923-623F89CF692B}
AV: AVG AntiVirus Free Edition 2013 *Disabled/Outdated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Panda Antivirus Pro 2013 *Enabled/Updated* {DE408AB7-AB62-330B-A393-594DF2482396}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\PskSvc.exe
C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\TPSrvWow.exe
C:\windows\system32\atiesrxx.exe
C:\windows\system32\dwm.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\PROGRAM FILES (X86)\PANDA SECURITY\PANDA ANTIVIRUS PRO 2013\WebProxy.exe
C:\windows\system32\svchost.exe -k LocalService
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\atieclxx.exe
C:\windows\system32\WLANExt.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe
C:\windows\system32\dashost.exe
C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\PsCtrls.exe
C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\PavFnSvr.exe
C:\Program Files (x86)\Common Files\Panda Security\PavShld\pavprsrv.exe
C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\pavsrvx86.exe
C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\PsImSvc.exe
C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\AVENGINE.EXE
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe
C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\windows\system32\taskhostex.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler.exe
C:\Program Files (x86)\Samsung\Settings\sSettings.exe
C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler64.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\ApVxdWin.exe
C:\Program Files\Samsung\S Agent\CommonAgent.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://mysearch.avg.com/?cid={56E2F325-46FC-4A4E-B7F7-34AEF4BB6495}&mid=f805911c97f147d39d1681fe858541b7-972a946a9c20a48148a7ac59df0e54cd6de6e563&lang=en&ds=AVG&pr=fr&d=&v=&pid=safeguard&sg=2&sap=hp
uDefault_Page_URL = hxxp://samsung13.msn.com
uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
mWinlogon: Userinit = userinit.exe,
BHO: Giant Savings Extension: {11111111-1111-1111-1111-110211181110} - C:\Program Files (x86)\Giant Savings Extension\Giant Savings Extension.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Vuze Remote Toolbar: {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
uRun: [AdobeBridge] <no file>
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [CLVirtualDrive] "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
mRun: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [APVXDWIN] "C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\APVXDWIN.EXE" /s
mRun: [SCANINICIO] "C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\Inicio.exe"
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
StartupFolder: C:\Users\jonesy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
mPolicies-System: DisableCAD = dword:1
TCP: NameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{0D6C284F-5D1A-4158-AC09-F33F4E7B0A25} : DHCPNameServer = 100.100.0.101
TCP: Interfaces\{8A6E8A24-289F-4C48-BEE0-634559093CCC} : DHCPNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{8A6E8A24-289F-4C48-BEE0-634559093CCC}\13230254C667163747F6E60205C6163656 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{8A6E8A24-289F-4C48-BEE0-634559093CCC}\33D4F62696C65675966496D283264353 : DHCPNameServer = 192.168.1.1 192.168.1.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [BtTray] "C:\Program Files (x86)\Bluetooth Suite\BtTray.exe"
x64-Run: [BtvStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
x64-mPolicies-System: DisableCAD = dword:1
x64-IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: avldr - avldr64.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\windows\System32\Drivers\amd_sata.sys [2012-9-2 79528]
R0 amd_xata;amd_xata;C:\windows\System32\Drivers\amd_xata.sys [2012-9-2 26280]
R0 amdkmpfd;AMD PCI Root Bus Lower Filter;C:\windows\System32\Drivers\amdkmpfd.sys [2012-7-9 35496]
R2 AmFSM;AmFSM;C:\windows\System32\Drivers\amm6460.sys [2013-4-16 71432]
R2 APXACC;AppEx Networks Accelerator LWF;C:\windows\System32\Drivers\appexDrv.sys [2012-10-19 199008]
R3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;C:\windows\System32\Drivers\btath_flt.sys [2012-10-19 88728]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\windows\System32\Drivers\AtihdW86.sys [2012-8-21 91648]
R3 BazisVirtualCDBus;WinCDEmu Virtual Bus Driver;C:\windows\System32\Drivers\BazisVirtualCDBus.sys [2011-6-4 198480]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\windows\System32\Drivers\btath_a2dp.sys [2012-10-19 344216]
R3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service;C:\windows\System32\Drivers\btath_avdt.sys [2012-10-19 114840]
R3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;C:\windows\System32\Drivers\btath_bus.sys [2012-10-19 33944]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\windows\System32\Drivers\btath_hcrp.sys [2012-10-19 178840]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\windows\System32\Drivers\btath_lwflt.sys [2012-10-19 76952]
R3 BTATH_RCP;Bluetooth AVRCP Device;C:\windows\System32\Drivers\btath_rcp.sys [2012-10-19 135832]
R3 BtFilter;BtFilter;C:\windows\System32\Drivers\btfilter.sys [2012-10-19 575128]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\windows\System32\NOTEPAD.EXE %1 [UserChoice]
FileExt: .vbe: VBEFile=C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\PavScrip.exe "%1" %*
FileExt: .vbs: VBSFile=C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\PavScrip.exe "%1" %*
FileExt: .js: JSFile=C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\PavScrip.exe "%1" %*
FileExt: .jse: JSEFile=C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\PavScrip.exe "%1" %*
FileExt: .wsf: WSFFile=C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\PavScrip.exe "%1" %*
.
=============== Created Last 30 ================
.
2013-04-20 21:50:2025928----a-w-C:\windows\System32\drivers\mbam.sys
2013-04-20 21:46:51--------d-----w-C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-04-20 21:25:36--------d-----w-C:\Users\jonesy\AppData\Local\ElevatedDiagnostics
2013-04-20 20:51:43--------d-----w-C:\Users\jonesy\AppData\Local\Avg2013
2013-04-20 19:46:4878176----a-w-C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-20 19:46:47692576----a-w-C:\windows\SysWow64\FlashPlayerApp.exe
2013-04-19 10:44:05193200----a-w-C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10199.bin
2013-04-17 21:06:01375808----a-w-C:\windows\SysWow64\ReAgent.dll
2013-04-17 21:06:011011200----a-w-C:\windows\System32\reseteng.dll
2013-04-16 20:26:46--------d-----w-C:\windows\FltMgr
2013-04-16 20:26:39--------d-----w-C:\Users\jonesy\AppData\Local\Panda Security
2013-04-16 20:24:1330792----a-w-C:\windows\System32\drivers\pavboot64.sys
2013-04-16 20:23:4546640----a-w-C:\windows\System32\pavcpl64.cpl
2013-04-16 20:23:15446464----a-w-C:\windows\SysWow64\HHActiveX.dll
2013-04-16 20:23:0287328----a-w-C:\windows\SysWow64\PavLspHookWow.dll
2013-04-16 20:23:0225344----a-w-C:\windows\SysWow64\sysHelper32.dll
2013-04-16 20:23:02202048----a-w-C:\windows\SysWow64\TpUtilWow.dll
2013-04-16 20:23:0190944----a-w-C:\windows\System32\PavIpc64.dll
2013-04-16 20:23:0166880----a-w-C:\windows\SysWow64\PavIpcWow.dll
2013-04-16 20:23:01323392----a-w-C:\windows\System32\TpUtil64.dll
2013-04-16 20:23:0124064----a-w-C:\windows\System32\sysHelper64.dll
2013-04-16 20:23:01117024----a-w-C:\windows\System32\PavLspHook64.dll
2013-04-16 20:23:00837920----a-w-C:\windows\System32\PavSHook64.dll
2013-04-16 20:23:00545056----a-w-C:\windows\SysWow64\PavSHookWow.dll
2013-04-16 20:22:4571432----a-w-C:\windows\System32\drivers\amm6460.sys
2013-04-16 20:22:4564768----a-w-C:\windows\System32\avldr64.dll
2013-04-16 20:22:45--------d-----w-C:\windows\SysWow64\PAV
2013-04-16 20:22:42--------d-----w-C:\Users\jonesy\AppData\Roaming\Panda Security
2013-04-16 20:22:42--------d-----w-C:\ProgramData\Panda Security
2013-04-16 20:22:2348136----a-w-C:\windows\System32\drivers\ShldFlt.sys
2013-04-16 20:22:23--------d-----w-C:\Program Files (x86)\Common Files\Panda Security
2013-04-16 20:16:07--------d-----w-C:\Program Files (x86)\Panda Security
2013-04-10 20:19:55108448----a-w-C:\windows\System32\WindowsAccessBridge-64.dll
2013-04-10 15:33:49--------d-----w-C:\Users\jonesy\AppData\Roaming\TuneUp Software
2013-04-10 15:33:15--------d--h--w-C:\$AVG
2013-04-10 15:33:15--------d-----w-C:\ProgramData\AVG2013
2013-04-10 15:27:563618304------w-C:\windows\System32\athw8x.sys
2013-04-10 15:27:4664128------w-C:\windows\System32\athihvui.dll
2013-04-10 15:27:46443008------w-C:\windows\System32\athihvs.dll
2013-04-10 15:27:46--------d-----w-C:\windows\System32\nn-NO
2013-04-10 15:27:31--------d-----w-C:\Program Files (x86)\Cisco
2013-04-10 15:24:01--------d--h--w-C:\ProgramData\Common Files
2013-04-10 15:24:01--------d-----w-C:\Users\jonesy\AppData\Local\MFAData
2013-04-10 15:24:01--------d-----w-C:\ProgramData\MFAData
.
==================== Find3M ====================
.
2013-04-10 20:19:36963488----a-w-C:\windows\System32\deployJava1.dll
2013-04-10 20:19:361085344----a-w-C:\windows\System32\npDeployJava1.dll
2013-03-07 16:10:4495648----a-w-C:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-07 16:10:44861088----a-w-C:\windows\SysWow64\npDeployJava1.dll
2013-03-07 16:10:44782240----a-w-C:\windows\SysWow64\deployJava1.dll
2013-03-06 10:38:36770384----a-w-C:\windows\SysWow64\msvcr100.dll
2013-03-06 10:38:36421200----a-w-C:\windows\SysWow64\msvcp100.dll
2013-03-03 17:42:40314016----a-w-C:\windows\System32\drivers\atksgt.sys
2013-03-03 17:42:3843680----a-w-C:\windows\System32\drivers\lirsgt.sys
2013-03-02 08:22:18361984----a-w-C:\windows\SysWow64\MFMediaEngine.dll
2013-03-02 02:44:30468992----a-w-C:\windows\System32\MFMediaEngine.dll
2013-02-15 07:58:5939936----a-w-C:\windows\apppatch\apppatch64\acspecfc.dll
2013-02-15 06:35:40444416----a-w-C:\windows\apppatch\AcSpecfc.dll
2013-02-12 01:30:0444032----a-w-C:\windows\SysWow64\UXInit.dll
2013-02-12 00:56:1953760----a-w-C:\windows\System32\UXInit.dll
2013-02-12 00:25:184041728----a-w-C:\windows\System32\win32k.sys
2013-02-12 00:17:5020992----a-w-C:\windows\System32\drivers\usb8023x.sys
2013-02-12 00:17:5020992----a-w-C:\windows\System32\drivers\usb8023.sys
2013-02-07 04:09:5669864----a-w-C:\windows\System32\drivers\pdc.sys
2013-02-07 03:34:5810115072----a-w-C:\windows\System32\twinui.dll
2013-02-07 03:33:472302464----a-w-C:\windows\System32\authui.dll
2013-02-07 03:33:422146816----a-w-C:\windows\System32\actxprxy.dll
2013-02-07 01:34:008856576----a-w-C:\windows\SysWow64\twinui.dll
2013-02-07 01:33:032033664----a-w-C:\windows\SysWow64\authui.dll
2013-02-07 01:33:01754176----a-w-C:\windows\SysWow64\actxprxy.dll
2013-02-05 22:31:11622080----a-w-C:\windows\System32\drivers\srv2.sys
2013-02-05 22:29:09370688----a-w-C:\windows\System32\drivers\mrxsmb.sys
2013-02-05 22:28:48247808----a-w-C:\windows\System32\drivers\srvnet.sys
2013-02-05 22:28:36215552----a-w-C:\windows\System32\drivers\mrxsmb20.sys
2013-02-05 04:58:011766912----a-w-C:\windows\SysWow64\wininet.dll
2013-02-05 04:56:332877952----a-w-C:\windows\SysWow64\jscript9.dll
2013-02-05 04:56:2761440----a-w-C:\windows\SysWow64\iesetup.dll
2013-02-05 04:56:27109056----a-w-C:\windows\SysWow64\iesysprep.dll
2013-02-05 03:55:272706432----a-w-C:\windows\SysWow64\mshtml.tlb
2013-02-05 01:44:50534528----a-w-C:\windows\SysWow64\uxtheme.dll
2013-02-04 22:39:472246656----a-w-C:\windows\System32\wininet.dll
2013-02-04 22:39:39907776----a-w-C:\windows\System32\uxtheme.dll
2013-02-04 22:38:553966464----a-w-C:\windows\System32\jscript9.dll
2013-02-04 22:38:53136704----a-w-C:\windows\System32\iesysprep.dll
2013-02-02 11:19:44496872----a-w-C:\windows\System32\drivers\usbhub.sys
2013-02-02 11:19:44446184----a-w-C:\windows\System32\drivers\USBHUB3.SYS
2013-02-02 11:19:41329960----a-w-C:\windows\System32\drivers\storport.sys
2013-02-02 11:19:3361672----a-w-C:\windows\System32\drivers\crashdmp.sys
2013-02-02 10:54:541933544----a-w-C:\windows\System32\drivers\ntfs.sys
2013-02-02 10:28:54993512----a-w-C:\windows\System32\drivers\ndis.sys
2013-02-02 10:28:542226408----a-w-C:\windows\System32\drivers\tcpip.sys
2013-02-02 09:42:072207232----a-w-C:\windows\SysWow64\PrintConfig.dll
2013-02-02 08:40:58375808----a-w-C:\windows\SysWow64\wbem\WmiPrvSE.exe
2013-02-02 08:40:5580896----a-w-C:\windows\SysWow64\tasklist.exe
2013-02-02 08:40:5579360----a-w-C:\windows\SysWow64\taskkill.exe
2013-02-02 08:40:36155136----a-w-C:\windows\SysWow64\XpsRasterService.dll
2013-02-02 08:40:35370688----a-w-C:\windows\SysWow64\WWanAPI.dll
2013-02-02 08:40:27131072----a-w-C:\windows\SysWow64\wbem\WmiDcPrv.dll
2013-02-02 08:40:26410624----a-w-C:\windows\SysWow64\wlroamextension.dll
2013-02-02 08:40:22197632----a-w-C:\windows\SysWow64\Windows.Networking.Connectivity.dll
2013-02-02 08:40:2210792448----a-w-C:\windows\SysWow64\Windows.UI.Xaml.dll
2013-02-02 08:40:01356352----a-w-C:\windows\SysWow64\SettingSync.dll
2013-02-02 08:39:59325632----a-w-C:\windows\SysWow64\schannel.dll
2013-02-02 08:39:4718432----a-w-C:\windows\SysWow64\npmproxy.dll
2013-02-02 08:39:3455296----a-w-C:\windows\SysWow64\nlaapi.dll
2013-02-02 08:39:3415872----a-w-C:\windows\SysWow64\nlmproxy.dll
2013-02-02 08:39:3412288----a-w-C:\windows\SysWow64\nlmsprep.dll
2013-02-02 08:39:33115712----a-w-C:\windows\SysWow64\netprofm.dll
2013-02-02 08:39:285090816----a-w-C:\windows\SysWow64\mstscax.dll
2013-02-02 08:39:15157696----a-w-C:\windows\SysWow64\mbsmsapi.dll
2013-02-02 08:38:54567808----a-w-C:\windows\SysWow64\duser.dll
2013-02-02 08:24:19107520----a-w-C:\windows\System32\taskkill.exe
2013-02-02 08:24:19102400----a-w-C:\windows\System32\tasklist.exe
2013-02-02 08:23:44228352----a-w-C:\windows\System32\XpsRasterService.dll
2013-02-02 08:23:43475136----a-w-C:\windows\System32\WWanAPI.dll
2013-02-02 08:23:37611840----a-w-C:\windows\System32\wpd_ci.dll
2013-02-02 08:23:37105472----a-w-C:\windows\System32\wpdbusenum.dll
2013-02-02 08:23:30830464----a-w-C:\windows\System32\wbem\WmiPrvSD.dll
2013-02-02 08:23:28543232----a-w-C:\windows\System32\wlroamextension.dll
2013-02-02 08:23:2113643264----a-w-C:\windows\System32\Windows.UI.Xaml.dll
2013-02-02 08:23:19293376----a-w-C:\windows\System32\Windows.Networking.Connectivity.dll
2013-02-02 08:23:18731648----a-w-C:\windows\System32\win32spl.dll
2013-02-02 08:23:1687552----a-w-C:\windows\System32\wersvc.dll
2013-02-02 08:22:28448512----a-w-C:\windows\System32\SettingSync.dll
2013-02-02 08:22:22416256----a-w-C:\windows\System32\schannel.dll
2013-02-02 08:21:45467456----a-w-C:\windows\System32\netprofmsvc.dll
2013-02-02 08:21:44385024----a-w-C:\windows\System32\ncsi.dll
2013-02-02 08:21:385977600----a-w-C:\windows\System32\mstscax.dll
2013-02-02 08:21:10225280----a-w-C:\windows\System32\mbsmsapi.dll
2013-02-02 08:20:47260096----a-w-C:\windows\System32\hotspotauth.dll
2013-02-02 08:20:31729600----a-w-C:\windows\System32\duser.dll
2013-02-02 07:30:052706432----a-w-C:\windows\System32\mshtml.tlb
2013-02-02 07:25:52297984----a-w-C:\windows\System32\drivers\ks.sys
2013-02-02 07:25:2682944----a-w-C:\windows\System32\drivers\hidclass.sys
2013-02-02 07:25:2337632----a-w-C:\windows\System32\drivers\BthAvrcpTg.sys
2013-02-02 05:41:571437184----a-w-C:\windows\SysWow64\GdiPlus.dll
2013-02-02 05:31:541690624----a-w-C:\windows\System32\GdiPlus.dll
2013-01-29 01:57:0535232----a-w-C:\windows\System32\drivers\WdBoot.sys
2013-01-28 23:08:22230904----a-w-C:\windows\System32\drivers\WdFilter.sys
.
============= FINISH: 23:52:05.52 ===============

 

[Broni]

I still need Attach.txt part of DDS.

You're running 3 AV programs, Panda, AVG and Norton.
You must uninstall TWO of them.
If Norton use this tool: http://www.majorgeeks.com/Norton_Removal_Tool_d4749.html
If AVG use AVG Remover: http://www.avg.com/us-en/utilities

 

[keepmovingup2]

Downloaded, unininstalled AV, restarted computer.

uploaded the attach.zip

 

[Broni]

Uninstalled TWO AV programs?

Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

 

[keepmovingup2]

Yup uninstalled avg and norton

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16519 BrowserJavaVersion: 10.17.2
Run by jonesy at 0:41:26 on 2013-04-21
Microsoft Windows 8 6.2.9200.0.1252.44.2057.18.5595.4093 [GMT 1:00]
.
AV: Panda Antivirus Pro 2013 *Enabled/Updated* {65216B53-8D58-3C85-9923-623F89CF692B}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Panda Antivirus Pro 2013 *Enabled/Updated* {DE408AB7-AB62-330B-A393-594DF2482396}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\PskSvc.exe
C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\TPSrvWow.exe
C:\windows\system32\atiesrxx.exe
C:\windows\system32\dwm.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\atieclxx.exe
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\WLANExt.exe
C:\PROGRAM FILES (X86)\PANDA SECURITY\PANDA ANTIVIRUS PRO 2013\WebProxy.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe
C:\windows\system32\dashost.exe
C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\PsCtrls.exe
C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\PavFnSvr.exe
C:\windows\system32\taskhostex.exe
C:\Program Files (x86)\Common Files\Panda Security\PavShld\pavprsrv.exe
C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\pavsrvx86.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\PsImSvc.exe
C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\AVENGINE.EXE
C:\windows\Explorer.EXE
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe
C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler.exe
C:\Program Files (x86)\Samsung\Settings\sSettings.exe
C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler64.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\ApVxdWin.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files\Samsung\S Agent\CommonAgent.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://mysearch.avg.com/?cid={56E2F325-46FC-4A4E-B7F7-34AEF4BB6495}&mid=f805911c97f147d39d1681fe858541b7-972a946a9c20a48148a7ac59df0e54cd6de6e563&lang=en&ds=AVG&pr=fr&d=&v=&pid=safeguard&sg=2&sap=hp
uDefault_Page_URL = hxxp://samsung13.msn.com
uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
mWinlogon: Userinit = userinit.exe,
BHO: Giant Savings Extension: {11111111-1111-1111-1111-110211181110} - C:\Program Files (x86)\Giant Savings Extension\Giant Savings Extension.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Vuze Remote Toolbar: {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
uRun: [AdobeBridge] <no file>
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [CLVirtualDrive] "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
mRun: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [APVXDWIN] "C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\APVXDWIN.EXE" /s
mRun: [SCANINICIO] "C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\Inicio.exe"
StartupFolder: C:\Users\jonesy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
mPolicies-System: DisableCAD = dword:1
TCP: NameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{0D6C284F-5D1A-4158-AC09-F33F4E7B0A25} : DHCPNameServer = 100.100.0.101
TCP: Interfaces\{8A6E8A24-289F-4C48-BEE0-634559093CCC} : DHCPNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{8A6E8A24-289F-4C48-BEE0-634559093CCC}\13230254C667163747F6E60205C6163656 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{8A6E8A24-289F-4C48-BEE0-634559093CCC}\33D4F62696C65675966496D283264353 : DHCPNameServer = 192.168.1.1 192.168.1.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [BtTray] "C:\Program Files (x86)\Bluetooth Suite\BtTray.exe"
x64-Run: [BtvStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
x64-mPolicies-System: DisableCAD = dword:1
x64-IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: avldr - avldr64.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\windows\System32\Drivers\amd_sata.sys [2012-9-2 79528]
R0 amd_xata;amd_xata;C:\windows\System32\Drivers\amd_xata.sys [2012-9-2 26280]
R0 amdkmpfd;AMD PCI Root Bus Lower Filter;C:\windows\System32\Drivers\amdkmpfd.sys [2012-7-9 35496]
R2 AmFSM;AmFSM;C:\windows\System32\Drivers\amm6460.sys [2013-4-16 71432]
R2 APXACC;AppEx Networks Accelerator LWF;C:\windows\System32\Drivers\appexDrv.sys [2012-10-19 199008]
R3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;C:\windows\System32\Drivers\btath_flt.sys [2012-10-19 88728]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\windows\System32\Drivers\AtihdW86.sys [2012-8-21 91648]
R3 BazisVirtualCDBus;WinCDEmu Virtual Bus Driver;C:\windows\System32\Drivers\BazisVirtualCDBus.sys [2011-6-4 198480]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\windows\System32\Drivers\btath_a2dp.sys [2012-10-19 344216]
R3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service;C:\windows\System32\Drivers\btath_avdt.sys [2012-10-19 114840]
R3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;C:\windows\System32\Drivers\btath_bus.sys [2012-10-19 33944]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\windows\System32\Drivers\btath_hcrp.sys [2012-10-19 178840]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\windows\System32\Drivers\btath_lwflt.sys [2012-10-19 76952]
R3 BTATH_RCP;Bluetooth AVRCP Device;C:\windows\System32\Drivers\btath_rcp.sys [2012-10-19 135832]
R3 BtFilter;BtFilter;C:\windows\System32\Drivers\btfilter.sys [2012-10-19 575128]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\windows\System32\NOTEPAD.EXE %1 [UserChoice]
FileExt: .vbe: VBEFile=C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\PavScrip.exe "%1" %*
FileExt: .vbs: VBSFile=C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\PavScrip.exe "%1" %*
FileExt: .js: JSFile=C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\PavScrip.exe "%1" %*
FileExt: .jse: JSEFile=C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\PavScrip.exe "%1" %*
FileExt: .wsf: WSFFile=C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\PavScrip.exe "%1" %*
.
=============== Created Last 30 ================
.
2013-04-20 23:09:01--------d-----w-C:\ProgramData\Symantec
2013-04-20 23:07:10--------d-----w-C:\Panda Software
2013-04-20 21:50:2025928----a-w-C:\windows\System32\drivers\mbam.sys
2013-04-20 21:46:51--------d-----w-C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-04-20 21:25:36--------d-----w-C:\Users\jonesy\AppData\Local\ElevatedDiagnostics
2013-04-20 19:46:4878176----a-w-C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-20 19:46:47692576----a-w-C:\windows\SysWow64\FlashPlayerApp.exe
2013-04-19 10:44:05193200----a-w-C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10199.bin
2013-04-17 21:06:01375808----a-w-C:\windows\SysWow64\ReAgent.dll
2013-04-17 21:06:011011200----a-w-C:\windows\System32\reseteng.dll
2013-04-16 20:26:46--------d-----w-C:\windows\FltMgr
2013-04-16 20:26:39--------d-----w-C:\Users\jonesy\AppData\Local\Panda Security
2013-04-16 20:24:1330792----a-w-C:\windows\System32\drivers\pavboot64.sys
2013-04-16 20:23:4546640----a-w-C:\windows\System32\pavcpl64.cpl
2013-04-16 20:23:15446464----a-w-C:\windows\SysWow64\HHActiveX.dll
2013-04-16 20:23:0287328----a-w-C:\windows\SysWow64\PavLspHookWow.dll
2013-04-16 20:23:0225344----a-w-C:\windows\SysWow64\sysHelper32.dll
2013-04-16 20:23:02202048----a-w-C:\windows\SysWow64\TpUtilWow.dll
2013-04-16 20:23:0190944----a-w-C:\windows\System32\PavIpc64.dll
2013-04-16 20:23:0166880----a-w-C:\windows\SysWow64\PavIpcWow.dll
2013-04-16 20:23:01323392----a-w-C:\windows\System32\TpUtil64.dll
2013-04-16 20:23:0124064----a-w-C:\windows\System32\sysHelper64.dll
2013-04-16 20:23:01117024----a-w-C:\windows\System32\PavLspHook64.dll
2013-04-16 20:23:00837920----a-w-C:\windows\System32\PavSHook64.dll
2013-04-16 20:23:00545056----a-w-C:\windows\SysWow64\PavSHookWow.dll
2013-04-16 20:22:4571432----a-w-C:\windows\System32\drivers\amm6460.sys
2013-04-16 20:22:4564768----a-w-C:\windows\System32\avldr64.dll
2013-04-16 20:22:45--------d-----w-C:\windows\SysWow64\PAV
2013-04-16 20:22:42--------d-----w-C:\Users\jonesy\AppData\Roaming\Panda Security
2013-04-16 20:22:42--------d-----w-C:\ProgramData\Panda Security
2013-04-16 20:22:2348136----a-w-C:\windows\System32\drivers\ShldFlt.sys
2013-04-16 20:22:23--------d-----w-C:\Program Files (x86)\Common Files\Panda Security
2013-04-16 20:16:07--------d-----w-C:\Program Files (x86)\Panda Security
2013-04-10 20:19:55108448----a-w-C:\windows\System32\WindowsAccessBridge-64.dll
2013-04-10 15:33:49--------d-----w-C:\Users\jonesy\AppData\Roaming\TuneUp Software
2013-04-10 15:33:15--------d--h--w-C:\$AVG
2013-04-10 15:27:563618304------w-C:\windows\System32\athw8x.sys
2013-04-10 15:27:4664128------w-C:\windows\System32\athihvui.dll
2013-04-10 15:27:46443008------w-C:\windows\System32\athihvs.dll
2013-04-10 15:27:46--------d-----w-C:\windows\System32\nn-NO
2013-04-10 15:27:31--------d-----w-C:\Program Files (x86)\Cisco
2013-04-10 15:24:01--------d--h--w-C:\ProgramData\Common Files
.
==================== Find3M ====================
.
2013-04-10 20:19:36963488----a-w-C:\windows\System32\deployJava1.dll
2013-04-10 20:19:361085344----a-w-C:\windows\System32\npDeployJava1.dll
2013-03-07 16:10:4495648----a-w-C:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-07 16:10:44861088----a-w-C:\windows\SysWow64\npDeployJava1.dll
2013-03-07 16:10:44782240----a-w-C:\windows\SysWow64\deployJava1.dll
2013-03-06 10:38:36770384----a-w-C:\windows\SysWow64\msvcr100.dll
2013-03-06 10:38:36421200----a-w-C:\windows\SysWow64\msvcp100.dll
2013-03-03 17:42:40314016----a-w-C:\windows\System32\drivers\atksgt.sys
2013-03-03 17:42:3843680----a-w-C:\windows\System32\drivers\lirsgt.sys
2013-03-02 08:22:18361984----a-w-C:\windows\SysWow64\MFMediaEngine.dll
2013-03-02 02:44:30468992----a-w-C:\windows\System32\MFMediaEngine.dll
2013-02-15 07:58:5939936----a-w-C:\windows\apppatch\apppatch64\acspecfc.dll
2013-02-15 06:35:40444416----a-w-C:\windows\apppatch\AcSpecfc.dll
2013-02-12 01:30:0444032----a-w-C:\windows\SysWow64\UXInit.dll
2013-02-12 00:56:1953760----a-w-C:\windows\System32\UXInit.dll
2013-02-12 00:25:184041728----a-w-C:\windows\System32\win32k.sys
2013-02-12 00:17:5020992----a-w-C:\windows\System32\drivers\usb8023x.sys
2013-02-12 00:17:5020992----a-w-C:\windows\System32\drivers\usb8023.sys
2013-02-07 04:09:5669864----a-w-C:\windows\System32\drivers\pdc.sys
2013-02-07 03:34:5810115072----a-w-C:\windows\System32\twinui.dll
2013-02-07 03:33:472302464----a-w-C:\windows\System32\authui.dll
2013-02-07 03:33:422146816----a-w-C:\windows\System32\actxprxy.dll
2013-02-07 01:34:008856576----a-w-C:\windows\SysWow64\twinui.dll
2013-02-07 01:33:032033664----a-w-C:\windows\SysWow64\authui.dll
2013-02-07 01:33:01754176----a-w-C:\windows\SysWow64\actxprxy.dll
2013-02-05 22:31:11622080----a-w-C:\windows\System32\drivers\srv2.sys
2013-02-05 22:29:09370688----a-w-C:\windows\System32\drivers\mrxsmb.sys
2013-02-05 22:28:48247808----a-w-C:\windows\System32\drivers\srvnet.sys
2013-02-05 22:28:36215552----a-w-C:\windows\System32\drivers\mrxsmb20.sys
2013-02-05 04:58:011766912----a-w-C:\windows\SysWow64\wininet.dll
2013-02-05 04:56:332877952----a-w-C:\windows\SysWow64\jscript9.dll
2013-02-05 04:56:2761440----a-w-C:\windows\SysWow64\iesetup.dll
2013-02-05 04:56:27109056----a-w-C:\windows\SysWow64\iesysprep.dll
2013-02-05 03:55:272706432----a-w-C:\windows\SysWow64\mshtml.tlb
2013-02-05 01:44:50534528----a-w-C:\windows\SysWow64\uxtheme.dll
2013-02-04 22:39:472246656----a-w-C:\windows\System32\wininet.dll
2013-02-04 22:39:39907776----a-w-C:\windows\System32\uxtheme.dll
2013-02-04 22:38:553966464----a-w-C:\windows\System32\jscript9.dll
2013-02-04 22:38:53136704----a-w-C:\windows\System32\iesysprep.dll
2013-02-02 11:19:44496872----a-w-C:\windows\System32\drivers\usbhub.sys
2013-02-02 11:19:44446184----a-w-C:\windows\System32\drivers\USBHUB3.SYS
2013-02-02 11:19:41329960----a-w-C:\windows\System32\drivers\storport.sys
2013-02-02 11:19:3361672----a-w-C:\windows\System32\drivers\crashdmp.sys
2013-02-02 10:54:541933544----a-w-C:\windows\System32\drivers\ntfs.sys
2013-02-02 10:28:54993512----a-w-C:\windows\System32\drivers\ndis.sys
2013-02-02 10:28:542226408----a-w-C:\windows\System32\drivers\tcpip.sys
2013-02-02 09:42:072207232----a-w-C:\windows\SysWow64\PrintConfig.dll
2013-02-02 08:40:58375808----a-w-C:\windows\SysWow64\wbem\WmiPrvSE.exe
2013-02-02 08:40:5580896----a-w-C:\windows\SysWow64\tasklist.exe
2013-02-02 08:40:5579360----a-w-C:\windows\SysWow64\taskkill.exe
2013-02-02 08:40:36155136----a-w-C:\windows\SysWow64\XpsRasterService.dll
2013-02-02 08:40:35370688----a-w-C:\windows\SysWow64\WWanAPI.dll
2013-02-02 08:40:27131072----a-w-C:\windows\SysWow64\wbem\WmiDcPrv.dll
2013-02-02 08:40:26410624----a-w-C:\windows\SysWow64\wlroamextension.dll
2013-02-02 08:40:22197632----a-w-C:\windows\SysWow64\Windows.Networking.Connectivity.dll
2013-02-02 08:40:2210792448----a-w-C:\windows\SysWow64\Windows.UI.Xaml.dll
2013-02-02 08:40:01356352----a-w-C:\windows\SysWow64\SettingSync.dll
2013-02-02 08:39:59325632----a-w-C:\windows\SysWow64\schannel.dll
2013-02-02 08:39:4718432----a-w-C:\windows\SysWow64\npmproxy.dll
2013-02-02 08:39:3455296----a-w-C:\windows\SysWow64\nlaapi.dll
2013-02-02 08:39:3415872----a-w-C:\windows\SysWow64\nlmproxy.dll
2013-02-02 08:39:3412288----a-w-C:\windows\SysWow64\nlmsprep.dll
2013-02-02 08:39:33115712----a-w-C:\windows\SysWow64\netprofm.dll
2013-02-02 08:39:285090816----a-w-C:\windows\SysWow64\mstscax.dll
2013-02-02 08:39:15157696----a-w-C:\windows\SysWow64\mbsmsapi.dll
2013-02-02 08:38:54567808----a-w-C:\windows\SysWow64\duser.dll
2013-02-02 08:24:19107520----a-w-C:\windows\System32\taskkill.exe
2013-02-02 08:24:19102400----a-w-C:\windows\System32\tasklist.exe
2013-02-02 08:23:44228352----a-w-C:\windows\System32\XpsRasterService.dll
2013-02-02 08:23:43475136----a-w-C:\windows\System32\WWanAPI.dll
2013-02-02 08:23:37611840----a-w-C:\windows\System32\wpd_ci.dll
2013-02-02 08:23:37105472----a-w-C:\windows\System32\wpdbusenum.dll
2013-02-02 08:23:30830464----a-w-C:\windows\System32\wbem\WmiPrvSD.dll
2013-02-02 08:23:28543232----a-w-C:\windows\System32\wlroamextension.dll
2013-02-02 08:23:2113643264----a-w-C:\windows\System32\Windows.UI.Xaml.dll
2013-02-02 08:23:19293376----a-w-C:\windows\System32\Windows.Networking.Connectivity.dll
2013-02-02 08:23:18731648----a-w-C:\windows\System32\win32spl.dll
2013-02-02 08:23:1687552----a-w-C:\windows\System32\wersvc.dll
2013-02-02 08:22:28448512----a-w-C:\windows\System32\SettingSync.dll
2013-02-02 08:22:22416256----a-w-C:\windows\System32\schannel.dll
2013-02-02 08:21:45467456----a-w-C:\windows\System32\netprofmsvc.dll
2013-02-02 08:21:44385024----a-w-C:\windows\System32\ncsi.dll
2013-02-02 08:21:385977600----a-w-C:\windows\System32\mstscax.dll
2013-02-02 08:21:10225280----a-w-C:\windows\System32\mbsmsapi.dll
2013-02-02 08:20:47260096----a-w-C:\windows\System32\hotspotauth.dll
2013-02-02 08:20:31729600----a-w-C:\windows\System32\duser.dll
2013-02-02 07:30:052706432----a-w-C:\windows\System32\mshtml.tlb
2013-02-02 07:25:52297984----a-w-C:\windows\System32\drivers\ks.sys
2013-02-02 07:25:2682944----a-w-C:\windows\System32\drivers\hidclass.sys
2013-02-02 07:25:2337632----a-w-C:\windows\System32\drivers\BthAvrcpTg.sys
2013-02-02 05:41:571437184----a-w-C:\windows\SysWow64\GdiPlus.dll
2013-02-02 05:31:541690624----a-w-C:\windows\System32\GdiPlus.dll
2013-01-29 01:57:0535232----a-w-C:\windows\System32\drivers\WdBoot.sys
2013-01-28 23:08:22230904----a-w-C:\windows\System32\drivers\WdFilter.sys
.
============= FINISH: 0:42:39.52 ===============

 

[Broni]

You posted that log already.
I need Attach.txt log.

 

[keepmovingup2]

Apologies, here is the attach log

 

[Broni]

One more time:

Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

 

[keepmovingup2]

Ah sorry it said at the top to attach the log via zip

DDS (Ver_2012-11-20.01)
.
Microsoft Windows 8
Boot Device: \Device\HarddiskVolume2
Install Date: 25/12/2012 13:06:39
System Uptime: 21/04/2013 00:07:20 (0 hours ago)
.
Motherboard: SAMSUNG ELECTRONICS CO., LTD. | | NP355V5C-A07UK
Processor: AMD A8-4500M APU with Radeon(tm) HD Graphics | P0 | 1400/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 673 GiB total, 531.346 GiB free.
D: is CDROM ()
F: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP21: 02/04/2013 11:53:26 - Scheduled Checkpoint
RP22: 09/04/2013 18:44:18 - Installed SW Update
RP23: 10/04/2013 21:18:11 - Installed Java 7 Update 17 (64-bit)
RP24: 17/04/2013 19:19:57 - Windows Update
RP25: 20/04/2013 21:48:52 - Removed AVG 2013
.
==== Installed Programs ======================
.
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Reader X (10.1.6) MUI
Adobe Setup
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
AMD Accelerated Video Transcoding
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Quick Stream
AMD VISION Engine Control Center
ANNO 1404
Apple Application Support
Apple Software Update
Canon Utilities EOS Utility
Catalyst Control Center - Branding
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Chivalry: Medieval Warfare
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Cool Edit Pro 2.0
CyberLink Power2Go 8
CyberLink PowerDVD 10
D3DX10
DivX Setup
E-POP
Easy File Share
Fotogalerie
Free Audio Editor
Galerie de photos
Giant Savings Extension
GIMP 2.8.2
Google Chrome
Google Earth
Google Update Helper
Help Desk
Hitman Absolution
Inkscape 0.48.4
IrfanView (remove only)
Java 7 Update 17
Java 7 Update 17 (64-bit)
Java Auto Updater
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft Application Error Reporting
Microsoft Office
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft_VC80_CRT_x86
Microsoft_VC90_CRT_x86
Movie Maker
MSVCRT
MSVCRT110
MSVCRT110_amd64
Norton Online Backup
Norton Online Backup ARA
OpenOffice.org 3.4.1
Panda Antivirus Pro 2013
Password Depot 6 - Panda Secure Vault Edition
PDF Settings
PDFCreator
Photo Common
Photo Gallery
Plants vs. Zombies
PowerISO
Qualcomm Atheros Bluetooth Suite (64)
Qualcomm Atheros Client Installation Program
QuickTime
Raccolta foto
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Recovery
S Agent
Sculptris Alpha 6
Search Protect by conduit
Settings
Silo 2.1.1
SketchUp 8
Steam
Support Center
Support Center FAQ
SW Update
Synaptics Pointing Device Driver
System Requirements Lab CYRI
Tales of Monkey Island
TouchFreeze
User Guide
VC80CRTRedist - 8.0.50727.6195
VideoPad Video Editor
Visual Studio 2010 x64 Redistributables
Vuze
Vuze Remote Toolbar
WavePad Sound Editor
WinCDEmu
Windows Driver Package - Samsung Electronics Co. Ltd. (RadioHIDMini) HIDClass (07/27/2012 20.57.1.735)
Windows Live
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
WinRAR 4.20 (32-bit)
WinRAR Packages
Xerox PhotoCafe
.
==== Event Viewer Messages From Past Week ========
.
21/04/2013 00:06:57, Error: Service Control Manager [7023] - The Panda On-Access Anti-Malware Service service terminated with the following error: Incorrect function.
20/04/2013 22:14:49, Error: Service Control Manager [7034] - The Diagnostic System Host service terminated unexpectedly. It has done this 2 time(s).
20/04/2013 22:14:49, Error: Service Control Manager [7034] - The Device Association Service service terminated unexpectedly. It has done this 2 time(s).
20/04/2013 22:14:49, Error: Service Control Manager [7031] - The WLAN AutoConfig service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
20/04/2013 22:14:49, Error: Service Control Manager [7031] - The Windows Audio Endpoint Builder service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
20/04/2013 22:14:49, Error: Service Control Manager [7031] - The Superfetch service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
20/04/2013 22:14:49, Error: Service Control Manager [7031] - The Program Compatibility Assistant Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
20/04/2013 22:14:49, Error: Service Control Manager [7031] - The Network Connections service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
20/04/2013 22:14:49, Error: Service Control Manager [7031] - The Human Interface Device Access service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
20/04/2013 22:14:49, Error: Service Control Manager [7031] - The HomeGroup Listener service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
20/04/2013 22:14:49, Error: Service Control Manager [7031] - The Distributed Link Tracking Client service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
20/04/2013 21:54:32, Error: Service Control Manager [7034] - The Diagnostic System Host service terminated unexpectedly. It has done this 1 time(s).
20/04/2013 21:54:32, Error: Service Control Manager [7034] - The Device Association Service service terminated unexpectedly. It has done this 1 time(s).
20/04/2013 21:54:32, Error: Service Control Manager [7031] - The WLAN AutoConfig service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
20/04/2013 21:54:32, Error: Service Control Manager [7031] - The Windows Audio Endpoint Builder service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
20/04/2013 21:54:32, Error: Service Control Manager [7031] - The Superfetch service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
20/04/2013 21:54:32, Error: Service Control Manager [7031] - The Program Compatibility Assistant Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
20/04/2013 21:54:32, Error: Service Control Manager [7031] - The Network Connections service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
20/04/2013 21:54:32, Error: Service Control Manager [7031] - The HomeGroup Listener service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
20/04/2013 21:54:32, Error: Service Control Manager [7031] - The Distributed Link Tracking Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
20/04/2013 21:07:16, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {7022A3B3-D004-4F52-AF11-E9E987FEE25F} and APPID {ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D} to the user jack\jonesy SID (S-1-5-21-1225493163-4127186220-2738876131-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
20/04/2013 21:04:20, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
16/04/2013 21:24:40, Error: Service Control Manager [7030] - The Panda Software Controller service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
.
==== End Of File ===========================

 

[Broni]

Download RogueKiller on the desktop

• Close all the running programs
• Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
• Otherwise just double-click on RogueKiller.exe
• Pre-scan will start. Let it finish.
• Click on SCAN button.
• Wait until the Status box shows Scan Finished
• Click on Delete.
• Wait until the Status box shows Deleting Finished.
• Click on Report and copy/paste the content of the Notepad into your next reply.
• RKreport.txt could also be found on your desktop.
• If more than one log is produced post all logs.
• If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

Download Malwarebytes Anti-Rootkit (MBAR) from HERE

• Unzip downloaded file.
• Open the folder where the contents were unzipped and run mbar.exe
• Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
• Click on the Cleanup button to remove any threats and reboot if prompted to do so.
• Wait while the system shuts down and the cleanup process is performed.
• Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
• When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt

 

[keepmovingup2]

Malware anti root didn't detect anything.


RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : https://www.techspot.com/downloads/5562-roguekiller.html
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 8 (6.2.9200 ) 64 bits version
Started in : Normal mode
User : jonesy [Admin rights]
Mode : Remove -- Date : 04/21/2013 01:26:32
| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[RESIDUE] mbar.exe -- C:\Users\jonesy\AppData\Local\Temp\Rar$EXa0.544\mbar\mbar.exe [7] -> ERROR [0x5]

¤¤¤ Registry Entries : 5 ¤¤¤
[RUN][SUSP PATH] HKLM\[...]\Wow6432Node\RunOnce : Z1 (cmd /c "C:\Users\jonesy\AppData\Local\Temp\Rar$EXa0.544\mbar\mbar.exe" /cleanup /s) [7] -> DELETED
[TASK][ROGUE ST] 0 : c:\program files\internet explorer\iexplore.exe -> DELETED
[TASK][ROGUE ST] 4845 : wscript.exe C:\Users\jonesy\AppData\Local\Temp\launchie.vbs //B -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS547575A9E384 SATA Disk Device +++++
--- User ---
[MBR] 5bf46dee27444ed1f956755d7f628fbc
[BSP] ee2d6439a9bd4f529c0770cfda452cb0 : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0xee) [VISIBLE] Offset (sectors): 1 | Size: 715404 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: SDHC Card +++++
--- User ---
[MBR] 2dd27a2bd9b0b305e974b4defc45b985
[BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 8192 | Size: 15189 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[2]_D_04212013_02d0126.txt >>
RKreport[1]_S_04212013_02d0123.txt ; RKreport[2]_D_04212013_02d0126.txt

 

[keepmovingup2]

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.05.0.1001

(c) Malwarebytes Corporation 2011-2012

OS version: 6.2.9200 Windows 8 x64

Account is Administrative

Internet Explorer version: 10.0.9200.16519

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.897000 GHz
Memory total: 5866868736, free: 4270817280

------------ Kernel report ------------
04/21/2013 02:05:50
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\Drivers\pavboot64.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\amd_sata.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\System32\drivers\amd_xata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\wfplwfs.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\amdkmpfd.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\system32\drivers\NARAx64\0401000.00B\ccSetx64.sys
\SystemRoot\System32\DRIVERS\ShldFlt.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\System32\Drivers\SCDEmu.SYS
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\CLVirtualDrive.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\System32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\Rt630x64.sys
\SystemRoot\system32\DRIVERS\athw8x.sys
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\System32\drivers\USBXHCI.SYS
\SystemRoot\System32\drivers\ucx01000.sys
\SystemRoot\System32\drivers\usbohci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbfilter.sys
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\CmBatt.sys
\SystemRoot\System32\drivers\BATTC.SYS
\SystemRoot\System32\drivers\i8042prt.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\System32\drivers\wmiacpi.sys
\SystemRoot\System32\drivers\amdppm.sys
\SystemRoot\System32\drivers\RadioHIDMini.sys
\SystemRoot\System32\drivers\mshidkmdf.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\System32\drivers\btath_bus.sys
\SystemRoot\System32\drivers\BazisVirtualCDBus.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\System32\drivers\UsbHub3.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\AtihdW86.sys
\SystemRoot\System32\Drivers\RtsUVStor.sys
\SystemRoot\system32\DRIVERS\btfilter.sys
\SystemRoot\System32\Drivers\BTHUSB.sys
\SystemRoot\System32\Drivers\bthport.sys
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\BthLEEnum.sys
\SystemRoot\system32\DRIVERS\rfcomm.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\BthEnum.sys
\SystemRoot\system32\DRIVERS\bthpan.sys
\SystemRoot\System32\drivers\btath_rcp.sys
\SystemRoot\system32\drivers\btath_avdt.sys
\SystemRoot\system32\drivers\btath_a2dp.sys
\SystemRoot\System32\drivers\btath_hcrp.sys
\SystemRoot\system32\DRIVERS\btath_flt.sys
\SystemRoot\system32\DRIVERS\btath_lwflt.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_amd_sata.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\amm6460.sys
\??\C:\windows\system32\PavTPK.sys
\SystemRoot\system32\DRIVERS\appexDrv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\System32\drivers\condrv.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\atksgt.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\DRIVERS\lirsgt.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\Prot6Flt.sys
\??\C:\windows\system32\drivers\mbam.sys
\??\C:\windows\system32\drivers\mbamchameleon.sys
\??\C:\windows\system32\drivers\mbamswissarmy.sys
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa80081d6060
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000049\
Lower Device Object: 0xfffffa80080ff060
Lower Device Driver Name: \Driver\RSUSBVSTOR\
Driver name found: RSUSBVSTOR
Load Function returned 0xc0000001
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8006bd2300
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\0000002c\
Lower Device Object: 0xfffffa8006bc47f0
Lower Device Driver Name: \Driver\amd_sata\
Device already Exists: 0xfffffa8009888a50
=======================================

 

[Broni]

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Double-click to run it. When the tool opens click Yes to disclaimer.[/*]
• Press Scan button.[/*]
• It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.[/*]
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.[/*]

 

[keepmovingup2]

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-04-2013 01
Ran by jonesy (administrator) on 21-04-2013 10:30:16
Running from C:\Users\jonesy\Downloads
Windows 8 (X64) OS Language: English(UK)
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================

(Panda Security, S.L.) [932] C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\PskSvc.exe
(Panda Security, S.L.) [1036] C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\TPSrvWow.exe
(AMD) [1060] C:\windows\system32\atiesrxx.exe
(AMD) [1336] C:\windows\system32\atieclxx.exe
(Panda Security) [1992] C:\PROGRAM FILES (X86)\PANDA SECURITY\PANDA ANTIVIRUS PRO 2013\WebProxy.exe
(Qualcomm Atheros Commnucations) [1508] C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
(Apple Computer, Inc.) [1328] C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Conduit) [1836] C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe
(Microsoft Corporation) [1916] C:\windows\system32\dashost.exe
(Samsung Electronics CO., LTD.) [1740] C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
(Panda Security, S.L.) [2988] C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\PsCtrls.exe
() [2180] C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
(Panda Security, S.L.) [2252] C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\PavFnSvr.exe
(Panda Security, S.L.) [2444] C:\Program Files (x86)\Common Files\Panda Security\PavShld\pavprsrv.exe
(Panda Security, S.L.) [2260] C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\pavsrvx86.exe
(Synaptics Incorporated) [2120] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Panda Security S.L.) [2652] C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\PsImSvc.exe
(Panda Security, S.L.) [2228] C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\AVENGINE.EXE
(Samsung Electronics CO., LTD.) [2828] C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe
(Atheros) [2732] C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Google Inc.) [3212] C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler.exe
(Samsung Electronics CO., LTD.) [3344] C:\Program Files (x86)\Samsung\Settings\sSettings.exe
(Google Inc.) [3952] C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler64.exe
(Malwarebytes Corporation) [4360] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) [5088] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) [4856] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Qualcomm Atheros Commnucations) [4632] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Symantec Corporation) [4248] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
() [4256] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
() [648] C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Panda Security, S.L.) [4212] C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\ApVxdWin.exe
(Synaptics Incorporated) [5048] C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Samsung Electronics CO., LTD.) [5268] C:\Program Files\Samsung\S Agent\CommonAgent.exe
(Symantec Corporation) [5368] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Alexander Roshal) [1776] C:\Program Files (x86)\WinRAR\WinRAR.exe
(Microsoft Corporation) [1260] C:\windows\System32\Taskmgr.exe
(Microsoft Corporation) [2200] C:\windows\system32\WLANExt.exe
(Google Inc.) [4300] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) [4044] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) [3928] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) [6360] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) [4340] \\?\C:\windows\system32\wbem\WMIADAP.EXE
(Farbar) [3224] C:\Users\jonesy\Downloads\FRST64 (1).exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [BtTray] "C:\Program Files (x86)\Bluetooth Suite\BtTray.exe" [765056 2012-09-29] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe" [127616 2012-09-29] (Qualcomm Atheros Commnucations)
Winlogon\Notify\avldr: avldr64.dll (On-Access Anti-Malware Scanner Sync)
HKCU\...\Run: [AdobeBridge] [x]
HKCU\...\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent [1632680 2013-03-15] (Valve Corporation)
MountPoints2: E - "E:\autorun.exe"
MountPoints2: {7620a866-8357-11e2-bea2-50b7c361a844} - "V:\Autorun.exe"
MountPoints2: {7dc8bbd6-882e-11e2-bea5-50b7c361a844} - "V:\autorun.exe"
HKLM-x32\...\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2995904 2012-07-11] (Symantec Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [38112 2012-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [CLVirtualDrive] "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R [491120 2012-07-12] (CyberLink Corp.)
HKLM-x32\...\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2012-11-13] ()
HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1263512 2012-11-30] ()
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [APVXDWIN] "C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\APVXDWIN.EXE" /s [1038192 2012-12-12] (Panda Security, S.L.)
HKLM-x32\...\Run: [SCANINICIO] "C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\Inicio.exe" [70432 2012-11-08] (Panda Security, S.L.)
Startup: C:\Users\jonesy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mysearch.avg.com/?cid={56E2F...&ds=AVG&pr=fr&d=&v=&pid=safeguard&sg=2&sap=hp
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung13.msn.com
URLSearchHook: (No Name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - No File
HKLM-x32 SearchScopes: DefaultScope {F53AFB22-BAA6-458C-97A4-2C6F37D35516} URL =
HKCU SearchScopes: DefaultScope {F53AFB22-BAA6-458C-97A4-2C6F37D35516} URL = http://search.conduit.com/ResultsEx...4&ctid=CT3227981&CUI=UN30680797142174727&UM=2
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.delta-search.com/?q={sea...SP_ss&mntrId=46bd14d800000000000052b7c361a843
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://mysearch.avg.com/search?cid=...v=&pid=safeguard&sg=2&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {CFAA2CD5-5AA6-405A-A7FD-92AB2F3C3A18} URL =
SearchScopes: HKCU - {F53AFB22-BAA6-458C-97A4-2C6F37D35516} URL = http://search.conduit.com/ResultsEx...4&ctid=CT3227981&CUI=UN30680797142174727&UM=2
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Giant Savings Extension - {11111111-1111-1111-1111-110211181110} - C:\Program Files (x86)\Giant Savings Extension\Giant Savings Extension.dll (215 Apps)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
Toolbar: HKCU - No Name - {BA14329E-9550-4989-B3F2-9732E92D17CC} - No File
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - No File
Handler-x32: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
Winsock: Catalog5 07 %SystemRoot%\system32\wshbth.dll [50688] (Microsoft Corporation)
Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [94208] (Apple Computer, Inc.)
Winsock: Catalog5-x64 07 %SystemRoot%\system32\wshbth.dll [64000] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100

FireFox:
========
FF ProfilePath: C:\Users\jonesy\AppData\Roaming\Mozilla\Firefox\Profiles\0
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: torntv - C:\Users\jonesy\AppData\Roaming\Mozilla\Firefox\Profiles\0\Extensions\torntv@torntv.com.xpi

Chrome:
=======
CHR HomePage: hxxp://search.conduit.com/?ctid=CT3227981&SearchSource=48&CUI=UN15774060031723729&UM=2
CHR RestoreOnStartup: hxxp://search.conduit.com/?ctid=CT3227981&SearchSource=48&CUI=UN15774060031723729&UM=2
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll ()
CHR Plugin: (BrowserProtect) - C:\Users\jonesy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0_0\spext.dll No File
CHR Plugin: (Babylon ToolBar) - C:\Users\jonesy\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.9_0\BabylonChromeToolBar.dll No File
CHR Plugin: (Norton Identity Safe) - C:\Users\jonesy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.2.0.18_0\npcoplgn.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U10) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.100.18) - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Extension: (Google Drive) - C:\Users\jonesy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\jonesy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\jonesy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Gmail) - C:\Users\jonesy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

==================== Services (Whitelisted) =================

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [220288 2012-09-29] (Qualcomm Atheros Commnucations)
R2 CltMngSvc; C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe [93984 2013-03-06] (Conduit)
R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1593976 2012-09-05] (Samsung Electronics CO., LTD.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3939008 2012-07-11] (Symantec Corporation)
R2 Panda Software Controller; C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\PsCtrls.exe [177440 2012-11-19] (Panda Security, S.L.)
R2 PAVFNSVR; C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\PavFnSvr.exe [202016 2012-09-21] (Panda Security, S.L.)
R2 PavPrSrv; C:\Program Files (x86)\Common Files\Panda Security\PavShld\pavprsrv.exe [62768 2008-02-04] (Panda Security, S.L.)
R2 PAVSRV; C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\pavsrvx86.exe [313664 2011-04-13] (Panda Security, S.L.)
R2 PSIMSVC; C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\PsImSvc.exe [108288 2008-06-19] (Panda Security S.L.)
R2 PskSvcRetail; C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\PskSvc.exe [28992 2010-08-16] (Panda Security, S.L.)
R2 SWUpdateService; C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe [2912304 2013-03-14] (Samsung Electronics CO., LTD.)
R2 TPSrv; C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\TPSrvWow.exe [173344 2012-11-16] (Panda Security, S.L.)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-29] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-09-29] (Atheros)

==================== Drivers (Whitelisted) ====================

R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [35496 2012-07-09] (Advanced Micro Devices, Inc.)
R2 AmFSM; C:\Windows\System32\DRIVERS\amm6460.sys [71432 2012-03-26] (Panda Security, S.L.)
R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [199008 2012-06-22] (AppEx Networks Corporation)
R3 AthBTPort; C:\Windows\system32\DRIVERS\btath_flt.sys [88728 2012-09-29] (Qualcomm Atheros)
R3 athr; C:\Windows\system32\DRIVERS\athw8x.sys [3618304 2012-07-24] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [91648 2012-08-21] (Advanced Micro Devices)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2013-03-03] ()
R3 BTATH_A2DP; C:\Windows\system32\drivers\btath_a2dp.sys [344216 2012-09-29] (Qualcomm Atheros)
R3 btath_avdt; C:\Windows\system32\drivers\btath_avdt.sys [114840 2012-09-29] (Qualcomm Atheros)
R3 BTATH_BUS; C:\Windows\System32\drivers\btath_bus.sys [33944 2012-09-29] (Qualcomm Atheros)
R3 BTATH_HCRP; C:\Windows\System32\drivers\btath_hcrp.sys [178840 2012-09-29] (Qualcomm Atheros)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-09-29] (Qualcomm Atheros)
R3 BTATH_RCP; C:\Windows\System32\drivers\btath_rcp.sys [135832 2012-09-29] (Qualcomm Atheros)
R3 BtFilter; C:\Windows\system32\DRIVERS\btfilter.sys [575128 2012-09-29] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2013-03-03] ()
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows (R) Win 7 DDK provider)
S3 WUDFSensorLP; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-26] (Microsoft Corporation)
S3 WUDFWpdMtp; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-26] (Microsoft Corporation)
R1 ccSet_NARA; \SystemRoot\system32\drivers\NARAx64\0401000.00B\ccSetx64.sys [x]
R0 pavboot; system32\Drivers\pavboot64.sys [x]
R3 PavTPK.sys; \??\C:\windows\system32\PavTPK.sys [x]
R3 Prot6Flt; system32\DRIVERS\Prot6Flt.sys [x]
R1 ShldFlt; System32\DRIVERS\ShldFlt.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-04-21 10:30 - 2013-04-21 10:30 - 00000000 ____D C:\FRST
2013-04-21 10:29 - 2013-04-21 10:29 - 01707098 ____A (Farbar) C:\Users\jonesy\Downloads\FRST64 (1).exe
2013-04-21 10:28 - 2013-04-21 10:28 - 01707098 ____A (Farbar) C:\Users\jonesy\Downloads\FRST64.exe
2013-04-21 02:39 - 2013-04-21 02:39 - 13164134 ____A C:\Users\jonesy\Downloads\mbar-1.05.0.1001.zip
2013-04-21 02:38 - 2013-04-21 02:38 - 00001728 ____A C:\Users\jonesy\Desktop\RKreport[3]_D_04212013_02d0238.txt
2013-04-21 01:26 - 2013-04-21 01:26 - 00002067 ____A C:\Users\jonesy\Desktop\RKreport[2]_D_04212013_02d0126.txt
2013-04-21 01:23 - 2013-04-21 01:23 - 00001752 ____A C:\Users\jonesy\Desktop\RKreport[1]_S_04212013_02d0123.txt
2013-04-21 01:19 - 2013-04-21 02:34 - 00000000 ____D C:\Users\jonesy\Desktop\RK_Quarantine
2013-04-21 01:18 - 2013-04-21 01:18 - 00816128 ____A C:\Users\jonesy\Downloads\RogueKiller.exe
2013-04-21 01:12 - 2013-04-21 01:12 - 00003302 ____A C:\Users\jonesy\Desktop\attach.zip
2013-04-21 00:07 - 2013-04-21 00:07 - 00000000 ____D C:\Panda Software
2013-04-21 00:04 - 2013-04-21 00:04 - 00866592 ____A C:\Users\jonesy\Downloads\Norton_Removal_Tool.exe
2013-04-21 00:02 - 2013-04-21 00:02 - 03222280 ____A (AVG Technologies CZ, s.r.o.) C:\Users\jonesy\Downloads\avg_remover_stf_x64_2013_2706.exe
2013-04-21 00:02 - 2013-04-21 00:02 - 00177561 ____A C:\Users\jonesy\Downloads\avgremover.log
2013-04-20 23:52 - 2013-04-21 01:12 - 00010478 ____A C:\Users\jonesy\Desktop\attach.txt
2013-04-20 23:52 - 2013-04-21 00:42 - 00020827 ____A C:\Users\jonesy\Desktop\dds.txt
2013-04-20 23:48 - 2013-04-20 23:48 - 00688992 ____R (Swearware) C:\Users\jonesy\Downloads\dds.com
2013-04-20 22:50 - 2013-04-20 22:50 - 00001141 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-04-20 22:50 - 2013-04-04 14:50 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-04-20 22:46 - 2013-04-20 22:50 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-04-20 21:19 - 2013-04-20 21:19 - 00370291 ____A C:\Users\jonesy\Downloads\OptiFine_1.4.6_HD_U_D5.zip
2013-04-20 20:46 - 2013-04-02 23:08 - 00692576 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-04-20 20:46 - 2013-04-02 23:08 - 00078176 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-04-17 22:06 - 2013-03-02 09:23 - 00375808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ReAgent.dll
2013-04-17 22:06 - 2013-03-02 03:44 - 01011200 ____A (Microsoft Corporation) C:\Windows\System32\reseteng.dll
2013-04-16 22:31 - 2013-04-16 22:31 - 00013155 ____A C:\Users\jonesy\Downloads\JurassicCock - Jewel Bancroft-[rarbg.com].torrent
2013-04-16 21:28 - 2013-04-19 09:42 - 00008627 ____A C:\Windows\SysWOW64\PAV_FOG.OPC
2013-04-16 21:26 - 2013-04-16 21:26 - 00000000 ____D C:\Windows\FltMgr
2013-04-16 21:26 - 2013-04-16 21:26 - 00000000 ____D C:\Users\jonesy\AppData\Local\Panda Security
2013-04-16 21:24 - 2013-04-16 21:24 - 00002247 ____A C:\Users\Public\Desktop\Panda Antivirus Pro 2013.lnk
2013-04-16 21:24 - 2013-04-16 21:24 - 00000262 ____A C:\Windows\System32\PavCPL64.dat
2013-04-16 21:24 - 2010-06-22 17:20 - 00030792 ____A (Panda Security, S.L.) C:\Windows\System32\Drivers\pavboot64.sys
2013-04-16 21:23 - 2012-11-20 11:20 - 00545056 ____A (Panda Security, S.L.) C:\Windows\SysWOW64\PavSHookWow.dll
2013-04-16 21:23 - 2012-11-16 11:08 - 00837920 ____A (Panda Security, S.L.) C:\Windows\System32\PavSHook64.dll
2013-04-16 21:23 - 2012-05-22 14:54 - 00087328 ____A (Panda Security, S.L.) C:\Windows\SysWOW64\PavLspHookWow.dll
2013-04-16 21:23 - 2012-05-22 14:52 - 00117024 ____A (Panda Security, S.L.) C:\Windows\System32\PavLspHook64.dll
2013-04-16 21:23 - 2012-04-20 12:42 - 00024064 ____A (Panda Security, S.L.) C:\Windows\System32\sysHelper64.dll
2013-04-16 21:23 - 2010-06-21 16:02 - 00323392 ____A (Panda Security, S.L.) C:\Windows\System32\TpUtil64.dll
2013-04-16 21:23 - 2010-06-21 16:02 - 00202048 ____A (Panda Security, S.L.) C:\Windows\SysWOW64\TpUtilWow.dll
2013-04-16 21:23 - 2010-06-21 16:01 - 00090944 ____A (Panda Security, S.L.) C:\Windows\System32\PavIpc64.dll
2013-04-16 21:23 - 2010-06-21 16:01 - 00066880 ____A (Panda Security, S.L.) C:\Windows\SysWOW64\PavIpcWow.dll
2013-04-16 21:23 - 2009-08-10 12:46 - 00025344 ____A (Panda Security, S.L.) C:\Windows\SysWOW64\sysHelper32.dll
2013-04-16 21:23 - 2007-03-15 18:38 - 00046640 ____A (Panda Software) C:\Windows\System32\pavcpl64.cpl
2013-04-16 21:23 - 2003-10-22 17:23 - 00446464 ____A (eHelp Corporation.) C:\Windows\SysWOW64\HHActiveX.dll
2013-04-16 21:22 - 2013-04-16 21:22 - 00000000 ____D C:\Windows\SysWOW64\PAV
2013-04-16 21:22 - 2013-04-16 21:22 - 00000000 ____D C:\Users\jonesy\AppData\Roaming\Panda Security
2013-04-16 21:22 - 2012-03-26 17:57 - 00071432 ____A (Panda Security, S.L.) C:\Windows\System32\Drivers\amm6460.sys
2013-04-16 21:22 - 2010-03-24 11:56 - 00064768 ____A (On-Access Anti-Malware Scanner Sync) C:\Windows\System32\avldr64.dll
2013-04-16 21:22 - 2009-10-27 11:07 - 00048136 ____A (Panda Security, S.L.) C:\Windows\System32\Drivers\ShldFlt.sys
2013-04-16 21:18 - 2013-04-16 21:18 - 00000218 ____A C:\Users\jonesy\AppData\Local\recently-used.xbel
2013-04-16 21:16 - 2013-04-16 21:24 - 00000000 ____D C:\Program Files (x86)\Panda Security
2013-04-16 21:12 - 2013-04-16 21:12 - 00928496 ____A C:\Users\jonesy\Downloads\PandaAP13.exe
2013-04-14 20:46 - 2013-04-16 21:18 - 00010240 ____A C:\Users\jonesy\Desktop\Shop Work schedule and volunteers.xls
2013-04-14 20:46 - 2013-04-14 20:46 - 00013549 ____A C:\Users\jonesy\Desktop\Shop Work schedule and volunteers.ods
2013-04-13 08:18 - 2013-04-13 08:18 - 00013180 ____A C:\Users\jonesy\Downloads\jack timesheet (1).xlsx
2013-04-13 08:16 - 2013-04-13 08:16 - 00013180 ____A C:\Users\jonesy\Downloads\jack timesheet.xlsx
2013-04-10 21:20 - 2013-04-10 21:19 - 00310688 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-04-10 21:19 - 2013-04-10 21:19 - 00188832 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-04-10 21:19 - 2013-04-10 21:19 - 00188320 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2013-04-10 21:19 - 2013-04-10 21:19 - 00108448 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge-64.dll
2013-04-10 21:19 - 2013-04-10 21:19 - 00000000 ____D C:\Program Files\Java
2013-04-10 21:17 - 2013-04-10 21:17 - 33003424 ____A (Oracle Corporation) C:\Users\jonesy\Downloads\jre-7u17-windows-x64.exe
2013-04-10 21:16 - 2013-04-10 21:16 - 00896928 ____A (Oracle Corporation) C:\Users\jonesy\Downloads\chromeinstall-7u17 (2).exe
2013-04-10 18:03 - 2013-04-10 18:04 - 58674136 ____A (AVG) C:\Users\jonesy\Downloads\avg_tuh_stf_all_2013_2_24c28.exe
2013-04-10 17:52 - 2013-04-10 17:52 - 00002029 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk
2013-04-10 16:58 - 2013-04-10 16:58 - 00896928 ____A (Oracle Corporation) C:\Users\jonesy\Downloads\chromeinstall-7u17 (1).exe
2013-04-10 16:48 - 2013-04-10 16:48 - 00000000 ____D C:\Users\jonesy\Documents\Adobe
2013-04-10 16:33 - 2013-04-20 21:51 - 00000000 ___HD C:\$AVG
2013-04-10 16:33 - 2013-04-10 16:33 - 00000000 ____D C:\Users\jonesy\AppData\Roaming\TuneUp Software
2013-04-10 16:27 - 2013-04-10 16:27 - 00000000 ____D C:\Windows\System32\nn-NO
2013-04-10 16:27 - 2013-04-10 16:27 - 00000000 ____D C:\Program Files (x86)\Cisco
2013-04-10 16:27 - 2012-07-31 22:24 - 00443008 ____N (Atheros) C:\Windows\System32\athihvs.dll
2013-04-10 16:27 - 2012-07-31 22:24 - 00064128 ____N (Atheros) C:\Windows\System32\athihvui.dll
2013-04-10 16:27 - 2012-07-31 22:18 - 00079352 ____N C:\Windows\System32\athw8x.cat
2013-04-10 16:27 - 2012-07-24 08:44 - 03618304 ____N (Qualcomm Atheros Communications, Inc.) C:\Windows\System32\athw8x.sys
2013-04-10 16:23 - 2013-04-10 16:23 - 04446832 ____A (AVG Technologies) C:\Users\jonesy\Downloads\avg_free_stb_all_2013_3272_cnet.exe
2013-04-09 18:09 - 2013-04-10 20:41 - 00000000 ____D C:\Users\jonesy\Downloads\Ultimate
2013-04-09 18:01 - 2013-04-09 18:01 - 00482549 ____A C:\Users\jonesy\Desktop\FTB_Launcher.jar
2013-04-01 17:07 - 2013-04-06 09:36 - 00000000 ____D C:\Users\jonesy\Desktop\New folder (2)
2013-03-30 16:00 - 2013-03-25 18:02 - 00011486 ____A C:\Users\jonesy\Documents\untitled_1.odt

==================== One Month Modified Files and Folders =======

2013-04-21 10:30 - 2013-04-21 10:30 - 00000000 ____D C:\FRST
2013-04-21 10:30 - 2012-07-26 08:28 - 00848230 ____A C:\Windows\System32\PerfStringBackup.INI
2013-04-21 10:29 - 2013-04-21 10:29 - 01707098 ____A (Farbar) C:\Users\jonesy\Downloads\FRST64 (1).exe
2013-04-21 10:28 - 2013-04-21 10:28 - 01707098 ____A (Farbar) C:\Users\jonesy\Downloads\FRST64.exe
2013-04-21 10:27 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\System32\sru
2013-04-21 02:55 - 2012-12-30 01:44 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-04-21 02:52 - 2012-10-19 07:20 - 00000360 ____A C:\Windows\Tasks\Xerox PhotoCafe Communicator.job
2013-04-21 02:39 - 2013-04-21 02:39 - 13164134 ____A C:\Users\jonesy\Downloads\mbar-1.05.0.1001.zip
2013-04-21 02:38 - 2013-04-21 02:38 - 00001728 ____A C:\Users\jonesy\Desktop\RKreport[3]_D_04212013_02d0238.txt
2013-04-21 02:34 - 2013-04-21 01:19 - 00000000 ____D C:\Users\jonesy\Desktop\RK_Quarantine
2013-04-21 01:26 - 2013-04-21 01:26 - 00002067 ____A C:\Users\jonesy\Desktop\RKreport[2]_D_04212013_02d0126.txt
2013-04-21 01:23 - 2013-04-21 01:23 - 00001752 ____A C:\Users\jonesy\Desktop\RKreport[1]_S_04212013_02d0123.txt
2013-04-21 01:18 - 2013-04-21 01:18 - 00816128 ____A C:\Users\jonesy\Downloads\RogueKiller.exe
2013-04-21 01:12 - 2013-04-21 01:12 - 00003302 ____A C:\Users\jonesy\Desktop\attach.zip
2013-04-21 01:12 - 2013-04-20 23:52 - 00010478 ____A C:\Users\jonesy\Desktop\attach.txt
2013-04-21 00:42 - 2013-04-20 23:52 - 00020827 ____A C:\Users\jonesy\Desktop\dds.txt
2013-04-21 00:10 - 2012-12-25 14:07 - 00000000 ____D C:\Users\jonesy\AppData\Local\CrashDumps
2013-04-21 00:08 - 2012-12-30 01:44 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-04-21 00:08 - 2012-07-26 08:22 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-04-21 00:07 - 2013-04-21 00:07 - 00000000 ____D C:\Panda Software
2013-04-21 00:07 - 2012-08-05 22:07 - 00768458 ____A C:\Windows\PFRO.log
2013-04-21 00:04 - 2013-04-21 00:04 - 00866592 ____A C:\Users\jonesy\Downloads\Norton_Removal_Tool.exe
2013-04-21 00:02 - 2013-04-21 00:02 - 03222280 ____A (AVG Technologies CZ, s.r.o.) C:\Users\jonesy\Downloads\avg_remover_stf_x64_2013_2706.exe
2013-04-21 00:02 - 2013-04-21 00:02 - 00177561 ____A C:\Users\jonesy\Downloads\avgremover.log
2013-04-20 23:48 - 2013-04-20 23:48 - 00688992 ____R (Swearware) C:\Users\jonesy\Downloads\dds.com
2013-04-20 22:50 - 2013-04-20 22:50 - 00001141 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-04-20 22:50 - 2013-04-20 22:46 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-04-20 22:01 - 2012-12-25 14:23 - 00000000 ____D C:\Users\jonesy\AppData\Roaming\.minecraft
2013-04-20 21:56 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\System32\NDF
2013-04-20 21:51 - 2013-04-10 16:33 - 00000000 ___HD C:\$AVG
2013-04-20 21:50 - 2012-07-26 09:12 - 00000000 ___HD C:\Windows\ELAMBKUP
2013-04-20 21:43 - 2013-01-20 22:01 - 00040659 ____A C:\Users\jonesy\Desktop\server.log
2013-04-20 21:19 - 2013-04-20 21:19 - 00370291 ____A C:\Users\jonesy\Downloads\OptiFine_1.4.6_HD_U_D5.zip
2013-04-20 21:07 - 2013-03-13 17:25 - 00000000 ____D C:\Users\jonesy\Desktop\photoshop
2013-04-20 21:02 - 2012-07-26 06:26 - 00262144 __ASH C:\Windows\System32\config\ELAM
2013-04-20 20:43 - 2013-01-01 16:32 - 00000000 ____D C:\Users\jonesy\AppData\Roaming\Azureus
2013-04-20 20:31 - 2012-10-19 06:03 - 01463360 ____A C:\Windows\WindowsUpdate.log
2013-04-19 16:27 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\AUInstallAgent
2013-04-19 09:42 - 2013-04-16 21:28 - 00008627 ____A C:\Windows\SysWOW64\PAV_FOG.OPC
2013-04-17 19:22 - 2012-12-26 13:50 - 72702784 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-04-16 22:31 - 2013-04-16 22:31 - 00013155 ____A C:\Users\jonesy\Downloads\JurassicCock - Jewel Bancroft-[rarbg.com].torrent
2013-04-16 21:26 - 2013-04-16 21:26 - 00000000 ____D C:\Windows\FltMgr
2013-04-16 21:26 - 2013-04-16 21:26 - 00000000 ____D C:\Users\jonesy\AppData\Local\Panda Security
2013-04-16 21:26 - 2012-07-26 06:26 - 00000179 ____A C:\Windows\win.ini
2013-04-16 21:24 - 2013-04-16 21:24 - 00002247 ____A C:\Users\Public\Desktop\Panda Antivirus Pro 2013.lnk
2013-04-16 21:24 - 2013-04-16 21:24 - 00000262 ____A C:\Windows\System32\PavCPL64.dat
2013-04-16 21:24 - 2013-04-16 21:16 - 00000000 ____D C:\Program Files (x86)\Panda Security
2013-04-16 21:22 - 2013-04-16 21:22 - 00000000 ____D C:\Windows\SysWOW64\PAV
2013-04-16 21:22 - 2013-04-16 21:22 - 00000000 ____D C:\Users\jonesy\AppData\Roaming\Panda Security
2013-04-16 21:22 - 2012-10-19 05:58 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-04-16 21:18 - 2013-04-16 21:18 - 00000218 ____A C:\Users\jonesy\AppData\Local\recently-used.xbel
2013-04-16 21:18 - 2013-04-14 20:46 - 00010240 ____A C:\Users\jonesy\Desktop\Shop Work schedule and volunteers.xls
2013-04-16 21:12 - 2013-04-16 21:12 - 00928496 ____A C:\Users\jonesy\Downloads\PandaAP13.exe
2013-04-14 20:46 - 2013-04-14 20:46 - 00013549 ____A C:\Users\jonesy\Desktop\Shop Work schedule and volunteers.ods
2013-04-13 08:18 - 2013-04-13 08:18 - 00013180 ____A C:\Users\jonesy\Downloads\jack timesheet (1).xlsx
2013-04-13 08:16 - 2013-04-13 08:16 - 00013180 ____A C:\Users\jonesy\Downloads\jack timesheet.xlsx
2013-04-12 14:58 - 2013-01-18 15:32 - 00163328 __ASH C:\Users\jonesy\Downloads\Thumbs.db
2013-04-12 13:41 - 2013-01-29 02:56 - 00275968 __ASH C:\Users\jonesy\Desktop\Thumbs.db
2013-04-11 17:56 - 2013-02-01 16:04 - 00002195 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-04-10 21:19 - 2013-04-10 21:20 - 00310688 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-04-10 21:19 - 2013-04-10 21:19 - 00188832 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-04-10 21:19 - 2013-04-10 21:19 - 00188320 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2013-04-10 21:19 - 2013-04-10 21:19 - 00108448 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge-64.dll
2013-04-10 21:19 - 2013-04-10 21:19 - 00000000 ____D C:\Program Files\Java
2013-04-10 21:19 - 2012-12-27 13:52 - 01085344 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2013-04-10 21:19 - 2012-12-27 13:52 - 00963488 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2013-04-10 21:17 - 2013-04-10 21:17 - 33003424 ____A (Oracle Corporation) C:\Users\jonesy\Downloads\jre-7u17-windows-x64.exe
2013-04-10 21:16 - 2013-04-10 21:16 - 00896928 ____A (Oracle Corporation) C:\Users\jonesy\Downloads\chromeinstall-7u17 (2).exe
2013-04-10 20:41 - 2013-04-09 18:09 - 00000000 ____D C:\Users\jonesy\Downloads\Ultimate
2013-04-10 19:55 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\rescache
2013-04-10 18:04 - 2013-04-10 18:03 - 58674136 ____A (AVG) C:\Users\jonesy\Downloads\avg_tuh_stf_all_2013_2_24c28.exe
2013-04-10 18:00 - 2012-12-27 03:49 - 00000000 ____D C:\Users\jonesy\Downloads\Direwolf20
2013-04-10 17:52 - 2013-04-10 17:52 - 00002029 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk
2013-04-10 16:58 - 2013-04-10 16:58 - 00896928 ____A (Oracle Corporation) C:\Users\jonesy\Downloads\chromeinstall-7u17 (1).exe
2013-04-10 16:58 - 2012-10-19 07:14 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-04-10 16:49 - 2012-12-25 14:08 - 00000000 ____D C:\Users\jonesy\AppData\Roaming\Adobe
2013-04-10 16:48 - 2013-04-10 16:48 - 00000000 ____D C:\Users\jonesy\Documents\Adobe
2013-04-10 16:33 - 2013-04-10 16:33 - 00000000 ____D C:\Users\jonesy\AppData\Roaming\TuneUp Software
2013-04-10 16:28 - 2012-10-19 05:59 - 00000000 ____D C:\Program Files (x86)\Qualcomm Atheros
2013-04-10 16:27 - 2013-04-10 16:27 - 00000000 ____D C:\Windows\System32\nn-NO
2013-04-10 16:27 - 2013-04-10 16:27 - 00000000 ____D C:\Program Files (x86)\Cisco
2013-04-10 16:27 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\System32\tr-TR
2013-04-10 16:24 - 2013-01-01 16:33 - 00000000 ____D C:\Users\jonesy\AppData\Local\Conduit
2013-04-10 16:23 - 2013-04-10 16:23 - 04446832 ____A (AVG Technologies) C:\Users\jonesy\Downloads\avg_free_stb_all_2013_3272_cnet.exe
2013-04-10 16:07 - 2013-01-02 17:49 - 00000000 ____D C:\Users\jonesy\AppData\Local\Adobe
2013-04-09 18:41 - 2013-01-01 16:49 - 00000000 ____D C:\Program Files (x86)\Steam
2013-04-09 18:01 - 2013-04-09 18:01 - 00482549 ____A C:\Users\jonesy\Desktop\FTB_Launcher.jar
2013-04-09 18:01 - 2012-12-27 03:32 - 00000000 ____D C:\Users\jonesy\AppData\Roaming\ftblauncher
2013-04-06 09:36 - 2013-04-01 17:07 - 00000000 ____D C:\Users\jonesy\Desktop\New folder (2)
2013-04-04 14:50 - 2013-04-20 22:50 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-04-02 23:08 - 2013-04-20 20:46 - 00692576 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-04-02 23:08 - 2013-04-20 20:46 - 00078176 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-03-25 18:02 - 2013-03-30 16:00 - 00011486 ____A C:\Users\jonesy\Documents\untitled_1.odt

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


Last Boot: 2013-04-12 13:49

==================== End Of Log ============================

 

[keepmovingup2]

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-04-2013 01
Ran by jonesy at 2013-04-21 10:32:54 Run:
Running from C:\Users\jonesy\Downloads
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

Adobe Anchor Service CS3 (Version: 1.0)
Adobe Asset Services CS3 (Version: 3)
Adobe Bridge CS3 (Version: 2)
Adobe Bridge Start Meeting (Version: 1.0)
Adobe Camera Raw 4.0 (Version: 4.0)
Adobe CMaps (Version: 1.0)
Adobe Color - Photoshop Specific (Version: 1.0)
Adobe Color Common Settings (Version: 1.0)
Adobe Color EU Extra Settings (Version: 1.0)
Adobe Color JA Extra Settings (Version: 1.0)
Adobe Color NA Recommended Settings (Version: 1.0)
Adobe Default Language CS3 (Version: 1.0)
Adobe Device Central CS3 (Version: 1.0)
Adobe ExtendScript Toolkit 2 (Version: 2.0)
Adobe Fonts All (Version: 1.0)
Adobe Help Viewer CS3 (Version: 1)
Adobe Linguistics CS3 (Version: 3.0.0)
Adobe PDF Library Files (Version: 8.0)
Adobe Photoshop CS3 (Version: 10)
Adobe Photoshop CS3 (Version: 10.0)
Adobe Reader X (10.1.6) MUI (Version: 10.1.6)
Adobe Setup (Version: 1.0)
Adobe Stock Photos CS3 (Version: 1.5)
Adobe Type Support (Version: 1.0)
Adobe Update Manager CS3 (Version: 5.1.0)
Adobe Version Cue CS3 Client (Version: 3)
Adobe WinSoft Linguistics Plugin (Version: 1.0)
Adobe XMP Panels CS3 (Version: 1.0)
AMD Accelerated Video Transcoding (Version: 12.5.100.20912)
AMD APP SDK Runtime (Version: 10.0.938.2)
AMD Catalyst Install Manager (Version: 8.0.881.0)
AMD Quick Stream (Version: 3.3.26.0)
AMD VISION Engine Control Center (Version: 2012.0912.1709.28839)
Anno 1404 (Version: 1.00.0000)
ANNO 1404 (Version: 1.01.0000)
Apple Application Support (Version: 2.3)
Apple Software Update (Version: 2.1.3.127)
Canon Utilities EOS Utility (Version: 2.12.3.1)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center InstallProxy (Version: 2012.0912.1709.28839)
Catalyst Control Center Localization All (Version: 2012.0912.1709.28839)
CCC Help Chinese Standard (Version: 2012.0912.1708.28839)
CCC Help Chinese Traditional (Version: 2012.0912.1708.28839)
CCC Help Czech (Version: 2012.0912.1708.28839)
CCC Help Danish (Version: 2012.0912.1708.28839)
CCC Help Dutch (Version: 2012.0912.1708.28839)
CCC Help English (Version: 2012.0912.1708.28839)
CCC Help Finnish (Version: 2012.0912.1708.28839)
CCC Help French (Version: 2012.0912.1708.28839)
CCC Help German (Version: 2012.0912.1708.28839)
CCC Help Greek (Version: 2012.0912.1708.28839)
CCC Help Hungarian (Version: 2012.0912.1708.28839)
CCC Help Italian (Version: 2012.0912.1708.28839)
CCC Help Japanese (Version: 2012.0912.1708.28839)
CCC Help Korean (Version: 2012.0912.1708.28839)
CCC Help Norwegian (Version: 2012.0912.1708.28839)
CCC Help Polish (Version: 2012.0912.1708.28839)
CCC Help Portuguese (Version: 2012.0912.1708.28839)
CCC Help Russian (Version: 2012.0912.1708.28839)
CCC Help Spanish (Version: 2012.0912.1708.28839)
CCC Help Swedish (Version: 2012.0912.1708.28839)
CCC Help Thai (Version: 2012.0912.1708.28839)
CCC Help Turkish (Version: 2012.0912.1708.28839)
ccc-utility64 (Version: 2012.0912.1709.28839)
Chivalry: Medieval Warfare
Cisco EAP-FAST Module (Version: 2.2.14)
Cisco LEAP Module (Version: 1.0.19)
Cisco PEAP Module (Version: 1.1.6)
Cool Edit Pro 2.0
CyberLink Power2Go 8 (Version: 8.0.0.1912)
CyberLink PowerDVD 10 (Version: 10.0.4421.02)
D3DX10 (Version: 15.4.2368.0902)
DivX Setup (Version: 2.6.1.22)
Easy File Share (Version: 1.3.4)
E-POP (Version: 1.0.1)
Fotogalerie (Version: 16.4.3503.0728)
Free Audio Editor
Galerie de photos (Version: 16.4.3503.0728)
Giant Savings Extension (Version: 1.24.151.151)
GIMP 2.8.2 (Version: 2.8.2)
Google Chrome (Version: 26.0.1410.64)
Google Earth (Version: 7.0.3.8542)
Google Update Helper (Version: 1.3.21.135)
Help Desk (Version: 1.0.5)
Hitman Absolution
Inkscape 0.48.4 (Version: 0.48.4)
IrfanView (remove only) (Version: 4.35)
Java 7 Update 17 (64-bit) (Version: 7.0.170)
Java 7 Update 17 (Version: 7.0.170)
Java Auto Updater (Version: 2.1.9.0)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office (Version: 14.0.6120.5004)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Movie Maker (Version: 16.4.3503.0728)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT110 (Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1108.0727)
Norton Online Backup (Version: 2.2.3.45)
Norton Online Backup ARA (Version: 4.1.0.11)
OpenOffice.org 3.4.1 (Version: 3.41.9593)
Panda Antivirus Pro 2013 (Version: 12.01.01)
Password Depot 6 - Panda Secure Vault Edition (Version: 6.1.5)
PDF Settings (Version: 1.0)
PDFCreator (Version: 1.2.0)
Photo Common (Version: 16.4.3503.0728)
Photo Gallery (Version: 16.4.3503.0728)
Plants vs. Zombies
PowerISO (Version: 4.7)
Qualcomm Atheros Bluetooth Suite (64) (Version: 8.0.0.210)
Qualcomm Atheros Client Installation Program (Version: 10.0)
QuickTime (Version: 7.73.80.64)
Raccolta foto (Version: 16.4.3503.0728)
Realtek Ethernet Controller Driver (Version: 8.3.730.2012)
Realtek High Definition Audio Driver (Version: 6.0.1.6702)
Realtek USB 2.0 Card Reader (Version: 6.1.8400.39030)
Recovery (Version: 6.0.6.5)
S Agent (Version: 1.1.30)
Sculptris Alpha 6 (Version: 0.6)
Search Protect by conduit (Version: 1.4.1.12)
Settings (Version: 2.0.0)
Silo 2.1.1 (Version: 2.1.10)
SketchUp 8 (Version: 3.0.16846)
Steam (Version: 1.0.0.0)
Support Center (Version: 2.0.12)
Support Center FAQ (Version: 1.0.5)
SW Update (Version: 2.1.11)
Synaptics Pointing Device Driver (Version: 16.2.21.0)
System Requirements Lab CYRI (Version: 5.0.6.0)
Tales of Monkey Island (Version: 2.0.0.0)
TouchFreeze (Version: 1.1.0)
User Guide (Version: 1.3.00)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
VideoPad Video Editor
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1)
Vuze (Version: 4.8.1.2)
Vuze Remote Toolbar (Version: 6.9.0.16)
WavePad Sound Editor
WinCDEmu (Version: 3.6)
Windows Driver Package - Samsung Electronics Co. Ltd. (RadioHIDMini) HIDClass (07/27/2012 20.57.1.735) (Version: 07/27/2012 20.57.1.735)
Windows Live (Version: 16.4.3503.0728)
Windows Live Communications Platform (Version: 16.4.3503.0728)
Windows Live Essentials (Version: 16.4.3503.0728)
Windows Live Installer (Version: 16.4.3503.0728)
Windows Live Photo Common (Version: 16.4.3503.0728)
Windows Live PIMT Platform (Version: 16.4.3503.0728)
Windows Live SOXE (Version: 16.4.3503.0728)
Windows Live SOXE Definitions (Version: 16.4.3503.0728)
Windows Live UX Platform (Version: 16.4.3503.0728)
Windows Live UX Platform Language Pack (Version: 16.4.3503.0728)
WinRAR 4.20 (32-bit) (Version: 4.20.0)
WinRAR Packages
Xerox PhotoCafe (Version: 1.0.0.6162)

==================== Restore Points =========================

02-04-2013 10:53:26 Scheduled Checkpoint
09-04-2013 17:44:18 Installed SW Update
10-04-2013 20:18:11 Installed Java 7 Update 17 (64-bit)
17-04-2013 18:19:57 Windows Update
20-04-2013 20:48:52 Removed AVG 2013

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/21/2013 00:10:15 AM) (Source: Application Error) (User: )
Description: Faulting application name: MakeMarkerFile.exe, version: 1.0.0.2, time stamp: 0x5021e5e8
Faulting module name: MakeMarkerFile.exe, version: 1.0.0.2, time stamp: 0x5021e5e8
Exception code: 0xc0000417
Fault offset: 0x000000000014d7cc
Faulting process ID: 0x90c
Faulting application start time: 0xMakeMarkerFile.exe0
Faulting application path: MakeMarkerFile.exe1
Faulting module path: MakeMarkerFile.exe2
Report ID: MakeMarkerFile.exe3
Faulting package full name: MakeMarkerFile.exe4
Faulting package-relative application ID: MakeMarkerFile.exe5

Error: (04/20/2013 10:20:52 PM) (Source: Application Error) (User: )
Description: Faulting application name: MakeMarkerFile.exe, version: 1.0.0.2, time stamp: 0x5021e5e8
Faulting module name: MakeMarkerFile.exe, version: 1.0.0.2, time stamp: 0x5021e5e8
Exception code: 0xc0000417
Fault offset: 0x000000000014d7cc
Faulting process ID: 0xd64
Faulting application start time: 0xMakeMarkerFile.exe0
Faulting application path: MakeMarkerFile.exe1
Faulting module path: MakeMarkerFile.exe2
Report ID: MakeMarkerFile.exe3
Faulting package full name: MakeMarkerFile.exe4
Faulting package-relative application ID: MakeMarkerFile.exe5

Error: (04/20/2013 09:07:52 PM) (Source: Application Error) (User: )
Description: Faulting application name: MakeMarkerFile.exe, version: 1.0.0.2, time stamp: 0x5021e5e8
Faulting module name: MakeMarkerFile.exe, version: 1.0.0.2, time stamp: 0x5021e5e8
Exception code: 0xc0000417
Fault offset: 0x000000000014d7cc
Faulting process ID: 0x750
Faulting application start time: 0xMakeMarkerFile.exe0
Faulting application path: MakeMarkerFile.exe1
Faulting module path: MakeMarkerFile.exe2
Report ID: MakeMarkerFile.exe3
Faulting package full name: MakeMarkerFile.exe4
Faulting package-relative application ID: MakeMarkerFile.exe5

Error: (04/20/2013 08:47:55 PM) (Source: Application Error) (User: )
Description: Faulting application name: MakeMarkerFile.exe, version: 1.0.0.2, time stamp: 0x5021e5e8
Faulting module name: MakeMarkerFile.exe, version: 1.0.0.2, time stamp: 0x5021e5e8
Exception code: 0xc0000417
Fault offset: 0x000000000014d7cc
Faulting process ID: 0x1224
Faulting application start time: 0xMakeMarkerFile.exe0
Faulting application path: MakeMarkerFile.exe1
Faulting module path: MakeMarkerFile.exe2
Report ID: MakeMarkerFile.exe3
Faulting package full name: MakeMarkerFile.exe4
Faulting package-relative application ID: MakeMarkerFile.exe5

Error: (04/17/2013 07:22:48 PM) (Source: Application Error) (User: )
Description: Faulting application name: MRT.exe, version: 4.19.7304.0, time stamp: 0x515a4575
Faulting module name: ntdll.dll, version: 6.2.9200.16420, time stamp: 0x505ab405
Exception code: 0xc0000005
Fault offset: 0x00000000000115d0
Faulting process ID: 0x2088
Faulting application start time: 0xMRT.exe0
Faulting application path: MRT.exe1
Faulting module path: MRT.exe2
Report ID: MRT.exe3
Faulting package full name: MRT.exe4
Faulting package-relative application ID: MRT.exe5

Error: (04/16/2013 09:24:18 PM) (Source: Application Error) (User: )
Description: Faulting application name: GuaranaAgent.exe, version: 2.0.12.0, time stamp: 0x5053040f
Faulting module name: GuaranaAgent.exe, version: 2.0.12.0, time stamp: 0x5053040f
Exception code: 0x40000015
Fault offset: 0x000000000021df11
Faulting process ID: 0x170c
Faulting application start time: 0xGuaranaAgent.exe0
Faulting application path: GuaranaAgent.exe1
Faulting module path: GuaranaAgent.exe2
Report ID: GuaranaAgent.exe3
Faulting package full name: GuaranaAgent.exe4
Faulting package-relative application ID: GuaranaAgent.exe5

Error: (04/16/2013 09:22:13 PM) (Source: Application Error) (User: )
Description: Faulting application name: MakeMarkerFile.exe, version: 1.0.0.2, time stamp: 0x5021e5e8
Faulting module name: MakeMarkerFile.exe, version: 1.0.0.2, time stamp: 0x5021e5e8
Exception code: 0xc0000417
Fault offset: 0x000000000014d7cc
Faulting process ID: 0x458
Faulting application start time: 0xMakeMarkerFile.exe0
Faulting application path: MakeMarkerFile.exe1
Faulting module path: MakeMarkerFile.exe2
Report ID: MakeMarkerFile.exe3
Faulting package full name: MakeMarkerFile.exe4
Faulting package-relative application ID: MakeMarkerFile.exe5

Error: (04/14/2013 05:35:35 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80070005

Error: (04/12/2013 11:01:52 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80070005

Error: (04/10/2013 09:29:39 PM) (Source: Application Error) (User: )
Description: Faulting application name: GuaranaAgent.exe, version: 2.0.12.0, time stamp: 0x5053040f
Faulting module name: GuaranaAgent.exe, version: 2.0.12.0, time stamp: 0x5053040f
Exception code: 0x40000015
Fault offset: 0x000000000021df11
Faulting process ID: 0x1720
Faulting application start time: 0xGuaranaAgent.exe0
Faulting application path: GuaranaAgent.exe1
Faulting module path: GuaranaAgent.exe2
Report ID: GuaranaAgent.exe3
Faulting package full name: GuaranaAgent.exe4
Faulting package-relative application ID: GuaranaAgent.exe5


System errors:
=============
Error: (04/21/2013 00:06:57 AM) (Source: Service Control Manager) (User: )
Description: The Panda On-Access Anti-Malware Service service terminated with the following error:
%%1

Error: (04/20/2013 10:18:38 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 21:45:42 on ?20/?04/?2013 was unexpected.

Error: (04/20/2013 10:14:49 PM) (Source: Service Control Manager) (User: )
Description: The WLAN AutoConfig service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.

Error: (04/20/2013 10:14:49 PM) (Source: Service Control Manager) (User: )
Description: The Diagnostic System Host service terminated unexpectedly. It has done this 2 time(s).

Error: (04/20/2013 10:14:49 PM) (Source: Service Control Manager) (User: )
Description: The Distributed Link Tracking Client service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.

Error: (04/20/2013 10:14:49 PM) (Source: Service Control Manager) (User: )
Description: The Superfetch service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (04/20/2013 10:14:49 PM) (Source: Service Control Manager) (User: )
Description: The Program Compatibility Assistant Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (04/20/2013 10:14:49 PM) (Source: Service Control Manager) (User: )
Description: The Network Connections service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.

Error: (04/20/2013 10:14:49 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Listener service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (04/20/2013 10:14:49 PM) (Source: Service Control Manager) (User: )
Description: The Human Interface Device Access service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.


Microsoft Office Sessions:
=========================
Error: (04/21/2013 00:10:15 AM) (Source: Application Error)(User: )
Description: MakeMarkerFile.exe1.0.0.25021e5e8MakeMarkerFile.exe1.0.0.25021e5e8c0000417000000000014d7cc90c01ce3e1bedda9113C:\ProgramData\MakeMarkerFile.exeC:\ProgramData\MakeMarkerFile.exe7597e9c1-aa0f-11e2-beb4-50b7c361a844

Error: (04/20/2013 10:20:52 PM) (Source: Application Error)(User: )
Description: MakeMarkerFile.exe1.0.0.25021e5e8MakeMarkerFile.exe1.0.0.25021e5e8c0000417000000000014d7ccd6401ce3e0cb962b014C:\ProgramData\MakeMarkerFile.exeC:\ProgramData\MakeMarkerFile.exe2d5f1c6e-aa00-11e2-beb3-50b7c361a844

Error: (04/20/2013 09:07:52 PM) (Source: Application Error)(User: )
Description: MakeMarkerFile.exe1.0.0.25021e5e8MakeMarkerFile.exe1.0.0.25021e5e8c0000417000000000014d7cc75001ce3e027666cc07C:\ProgramData\MakeMarkerFile.exeC:\ProgramData\MakeMarkerFile.exefaeb939e-a9f5-11e2-beb2-50b7c361a844

Error: (04/20/2013 08:47:55 PM) (Source: Application Error)(User: )
Description: MakeMarkerFile.exe1.0.0.25021e5e8MakeMarkerFile.exe1.0.0.25021e5e8c0000417000000000014d7cc122401ce3dffd3c24df8C:\ProgramData\MakeMarkerFile.exeC:\ProgramData\MakeMarkerFile.exe3115b955-a9f3-11e2-beb1-50b7c361a844

Error: (04/17/2013 07:22:48 PM) (Source: Application Error)(User: )
Description: MRT.exe4.19.7304.0515a4575ntdll.dll6.2.9200.16420505ab405c000000500000000000115d0208801ce3b988baeaa5cC:\windows\system32\MRT.exeC:\windows\SYSTEM32\ntdll.dllce69b508-a78b-11e2-beb0-50b7c361a844

Error: (04/16/2013 09:24:18 PM) (Source: Application Error)(User: )
Description: GuaranaAgent.exe2.0.12.05053040fGuaranaAgent.exe2.0.12.05053040f40000015000000000021df11170c01ce3ae04d84defeC:\Program Files\Samsung\Support Center\GuaranaAgent.exeC:\Program Files\Samsung\Support Center\GuaranaAgent.exe9cf3f7ab-a6d3-11e2-beb0-50b7c361a844

Error: (04/16/2013 09:22:13 PM) (Source: Application Error)(User: )
Description: MakeMarkerFile.exe1.0.0.25021e5e8MakeMarkerFile.exe1.0.0.25021e5e8c0000417000000000014d7cc45801ce3ae0010868b0C:\ProgramData\MakeMarkerFile.exeC:\ProgramData\MakeMarkerFile.exe52aba8c6-a6d3-11e2-beb0-50b7c361a844

Error: (04/14/2013 05:35:35 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80070005

Error: (04/12/2013 11:01:52 AM) (Source: Customer Experience Improvement Program)(User: )
Description: 80070005

Error: (04/10/2013 09:29:39 PM) (Source: Application Error)(User: )
Description: GuaranaAgent.exe2.0.12.05053040fGuaranaAgent.exe2.0.12.05053040f40000015000000000021df11172001ce362a1da9120fC:\Program Files\Samsung\Support Center\GuaranaAgent.exeC:\Program Files\Samsung\Support Center\GuaranaAgent.exe5d89c5b9-a21d-11e2-beaf-50b7c361a844


==================== Memory info ===========================

Percentage of memory in use: 25%
Total physical RAM: 5595.08 MB
Available physical RAM: 4142.63 MB
Total Pagefile: 16859.08 MB
Available Pagefile: 14957.96 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:672.94 GB) (Free:531.09 GB) NTFS (Disk=0 Partition=4)
Drive f: (EOS_DIGITAL) (Removable) (Total:14.83 GB) (Free:14.43 GB) FAT32 (Disk=1 Partition=1)


Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 698 GB 0 B *
Disk 1 Online 14 GB 0 B

Partitions of Disk 0:
===============

Disk ID: {6BE46D82-1F8A-4899-9D00-988E8BA4661B}

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 500 MB 1024 KB
Partition 2 System (partition with boot components) 300 MB 501 MB
Partition 3 Reserved 128 MB 801 MB
Partition 4 Primary 672 GB 929 MB
Partition 5 Recovery 23 GB 673 GB
Partition 6 Recovery 1024 MB 697 GB

==================================================================================

Disk: 0
Partition 1
Type : de94bba4-06d1-4d40-a16a-bfd50179d6ac
Hidden : Yes
Required: Yes
Attrib : 0X8000000000000001

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 Windows RE NTFS Partition 500 MB Healthy Hidden

=========================================================

Disk: 0
Partition 2
Type : c12a7328-f81f-11d2-ba4b-00a0c93ec93b
Hidden : Yes
Required: No
Attrib : 0X8000000000000000

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 SYSTEM FAT32 Partition 300 MB Healthy System (partition with boot components)

=========================================================

Disk: 0
Partition 3
Type : e3c9e316-0b5c-4db8-817d-f92df00215ae
Hidden : Yes
Required: No
Attrib : 0X8000000000000000

There is no volume associated with this partition.

=========================================================

Disk: 0
Partition 4
Type : ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Hidden : No
Required: No
Attrib : 0000000000000000

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C NTFS Partition 672 GB Healthy Boot

=========================================================

Disk: 0
Partition 5
Type : de94bba4-06d1-4d40-a16a-bfd50179d6ac
Hidden : Yes
Required: Yes
Attrib : 0X0000000000000001

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 SAMSUNG_REC NTFS Partition 23 GB Healthy Hidden

=========================================================

Disk: 0
Partition 6
Type : de94bba4-06d1-4d40-a16a-bfd50179d6ac
Hidden : Yes
Required: Yes
Attrib : 0X0000000000000001

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 SAMSUNG_REC FAT32 Partition 1024 MB Healthy Hidden

=========================================================

Partitions of Disk 1:
===============

Disk ID: 00000000

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 14 GB 4096 KB

==================================================================================

Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 6 F EOS_DIGITAL FAT32 Removable 14 GB Healthy

=========================================================
============================== MBR & Partition Table ==================

====================================================================
Disk: 0 (Size: 699 GB) (Disk ID: 3945EBAC)

Partition 1: GPT Partition Type
====================================================================
Disk: 1 (Size: 15 GB) (Disk ID: 00000000)

Partition 1: (Not Active) - (Size=15 GB) - (Type=0C)

 

[Broni]

I don't see anything malicious there.

How is computer doing since you uninstalled those two AV programs?

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on adwcleaner.exe to run the tool.
• Click on Delete.
• Confirm each time with Ok.
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the contents of that logfile with your next reply.
• You can find the logfile at C:\AdwCleaner[S1].txt as well.

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click the Scan All Users checkbox.
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

[Broni]

Still with me?

 

[Broni]

This topic is marked as abandoned and closed due to inactivity.
This member will NOT be eligible to receive any more help in malware removal forum.