Jump to content

Recommended Posts

Hello again.

 

@AdvancedSetup sent me here. I used to have BSOD's every time I wake my PC up from sleep. I fixed that by uninstalling my Bluetooth software. Now I have to manually connect to the internet after the computer sleeps because it times out. I re installed my WiFi drivers twice but the problem still occurs. 

 

Here are the 2 DDS logs:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 10.45.2
Run by Ryan at 11:27:59 on 2013-12-29
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.61.1033.18.4056.2760 [GMT 8:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\atieclxx.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\GFNEXSrv.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\System32\spoolsv.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\windows\system32\wbem\unsecapp.exe
C:\windows\System32\rundll32.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files (x86)\RocketDock\RocketDock.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\windows\system32\taskeng.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
BHO: Adblock Plus for IE Browser Helper Object: {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll
TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe"
mRun: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRunOnce: [20131224] C:\Program Files\AVAST Software\Avast\setup\emupdate\349aaa23-446a-4e57-804e-cb907287bb6d.exe /check
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Add to TOSHIBA Bulletin Board - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{3DE52DFC-B9B9-42C8-BABF-A21352F85728} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{3DE52DFC-B9B9-42C8-BABF-A21352F85728}\051657C62E08993702960586F6E656 : DHCPNameServer = 198.142.0.51 61.88.88.88
TCP: Interfaces\{3DE52DFC-B9B9-42C8-BABF-A21352F85728}\055565D277966696 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{3DE52DFC-B9B9-42C8-BABF-A21352F85728}\24967605F6E646138383433424 : DHCPNameServer = 10.0.0.138
TCP: Interfaces\{3DE52DFC-B9B9-42C8-BABF-A21352F85728}\24967605F6E646535424344493 : DHCPNameServer = 10.0.0.138
TCP: Interfaces\{3DE52DFC-B9B9-42C8-BABF-A21352F85728}\24967605F6E646931444830344 : DHCPNameServer = 10.0.0.138
TCP: Interfaces\{3DE52DFC-B9B9-42C8-BABF-A21352F85728}\27573736F656 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{3DE52DFC-B9B9-42C8-BABF-A21352F85728}\E45445745414254343 : DHCPNameServer = 192.168.0.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll
x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll
x64-BHO: Adblock Plus for IE Browser Helper Object: {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
x64-Run: [TFNF5] TFNF5.exe
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-IE: {97F922BD-8563-4184-87EE-8C4ACA438823} - {5D29E593-73A5-400A-B3BD-6B7A1AF05A31} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom64.dll
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\windows\System32\drivers\aswRvrt.sys [2013-10-24 65776]
R0 aswVmm;avast! VM Monitor;C:\windows\System32\drivers\aswVmm.sys [2013-10-24 207904]
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\windows\System32\drivers\iusb3hcs.sys [2012-1-5 16152]
R1 aswSnx;aswSnx;C:\windows\System32\drivers\aswSnx.sys [2013-10-24 1034464]
R1 aswSP;aswSP;C:\windows\System32\drivers\aswsp.sys [2013-11-9 422216]
R2 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2012-6-6 235520]
R2 aswMonFlt;aswMonFlt;C:\windows\System32\drivers\aswMonFlt.sys [2013-10-24 78648]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-12-20 50344]
R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFIWmxSvcs64.exe [2011-6-8 250296]
R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe [2011-6-8 47032]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 GFNEXSrv;GFNEX Service;C:\windows\System32\GFNEXSrv.exe [2012-6-6 162824]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-3 628448]
R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2012-6-6 128280]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-6-6 161560]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-10-9 3275136]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\drivers\TVALZFL.sys [2009-6-20 14472]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-6-6 363800]
R3 aswStm;aswStm;C:\windows\System32\drivers\aswstm.sys [2013-12-20 79672]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\windows\System32\drivers\AtihdW76.sys [2012-6-6 93712]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\windows\System32\drivers\iusb3hub.sys [2012-1-5 355096]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\windows\System32\drivers\iusb3xhc.sys [2012-1-5 786200]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\windows\System32\drivers\LEqdUsb.sys [2013-5-23 77592]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\windows\System32\drivers\LHidEqd.sys [2013-5-23 13080]
R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2012-6-6 38096]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2012-6-6 251496]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2012-6-6 565352]
R3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-19 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-19 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]
S3 BtFilter;Bluetooth LowerFilter Class Filter Driver;C:\windows\System32\drivers\btfilter.sys [2011-8-9 45168]
S3 fssfltr;fssfltr;C:\windows\System32\drivers\fssfltr.sys [2013-4-14 57856]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2013-2-5 1512448]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2013-12-12 111616]
S3 LVUVC64;Logitech Webcam C100(UVC);C:\windows\System32\drivers\lvuvc64.sys [2012-9-22 4763680]
S3 ManyCam;ManyCam Virtual Webcam;C:\windows\System32\drivers\mcvidrv_x64.sys [2013-9-29 44928]
S3 mcaudrv_simple;ManyCam Virtual Microphone;C:\windows\System32\drivers\mcaudrv_x64.sys [2013-1-31 28160]
S3 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2012-6-6 57216]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-11-26 138152]
S3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2011-12-15 833976]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2013-4-14 1255736]
.
=============== Created Last 30 ================
.
2013-12-28 05:21:36 -------- d-----w- C:\windows\pss
2013-12-28 01:28:28 10315576 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{722E8B9F-C9D2-412A-A579-0E3172032636}\mpengine.dll
2013-12-26 00:52:18 53248 ----a-r- C:\Users\Ryan\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2013-12-26 00:52:07 18960 ----a-w- C:\windows\System32\drivers\LNonPnP.sys
2013-12-26 00:50:14 -------- d-----w- C:\Users\Ryan\AppData\Roaming\Logishrd
2013-12-25 02:05:29 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-12-25 00:52:29 -------- d-----w- C:\Program Files (x86)\Windows Phone
2013-12-25 00:46:55 -------- d-----w- C:\ProgramData\Applications
2013-12-20 04:05:20 -------- d-----w- C:\Users\Ryan\AppData\Roaming\NCH Software
2013-12-20 01:18:26 79672 ----a-w- C:\windows\System32\drivers\aswstm.sys
2013-12-19 11:02:45 -------- d-----w- C:\Users\Ryan\AppData\Roaming\SongManager
2013-12-19 10:42:09 -------- d-----w- C:\Program Files (x86)\ASIO4ALL v2
2013-12-19 10:41:54 -------- d-----w- C:\Program Files (x86)\VstPlugins
2013-12-19 10:41:05 -------- d-----w- C:\Program Files (x86)\DSPRobotics
2013-12-13 07:49:26 -------- d-----w- C:\Program Files (x86)\Inkscape
2013-12-12 10:06:05 -------- d-----w- C:\Users\Ryan\AppData\Local\fontconfig
2013-12-12 10:03:08 -------- d-----w- C:\Program Files\GIMP 2
2013-12-12 07:44:04 -------- d-----w- C:\Program Files (x86)\Scratch 2
2013-12-12 07:25:14 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
2013-12-12 07:25:14 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2013-12-12 07:25:14 12625920 ----a-w- C:\windows\System32\wmploc.DLL
2013-12-12 07:25:13 12625408 ----a-w- C:\windows\SysWow64\wmploc.DLL
2013-12-11 07:42:57 335360 ----a-w- C:\windows\System32\msieftp.dll
2013-12-01 07:52:57 -------- d-----w- C:\Users\Ryan\AppData\Local\SmallBasic
2013-12-01 07:52:13 923416 ----a-r- C:\Users\Ryan\AppData\Roaming\Microsoft\Installer\{7AAA27E4-CDB3-49C0-AA2D-41827C001BA3}\StartMenuIcon.exe
2013-12-01 07:52:11 -------- d-----w- C:\Program Files (x86)\Microsoft
2013-11-29 11:10:05 -------- d-----w- C:\Users\Ryan\AppData\Roaming\WildTangent
2013-11-29 11:10:03 -------- d-----w- C:\ProgramData\WildTangent
.
==================== Find3M  ====================
.
2013-12-20 08:02:16 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-20 08:02:16 692616 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2013-12-20 01:18:25 78648 ----a-w- C:\windows\System32\drivers\aswMonFlt.sys
2013-12-20 01:18:25 207904 ----a-w- C:\windows\System32\drivers\aswVmm.sys
2013-12-20 01:18:25 1034464 ----a-w- C:\windows\System32\drivers\aswSnx.sys
2013-12-20 01:18:23 43152 ----a-w- C:\windows\avastSS.scr
2013-11-26 10:19:07 2724864 ----a-w- C:\windows\System32\mshtml.tlb
2013-11-26 10:18:23 4096 ----a-w- C:\windows\System32\ieetwcollectorres.dll
2013-11-26 09:48:07 66048 ----a-w- C:\windows\System32\iesetup.dll
2013-11-26 09:46:25 48640 ----a-w- C:\windows\System32\ieetwproxystub.dll
2013-11-26 09:23:02 2724864 ----a-w- C:\windows\SysWow64\mshtml.tlb
2013-11-26 09:18:39 139264 ----a-w- C:\windows\System32\ieUnatt.exe
2013-11-26 09:18:09 111616 ----a-w- C:\windows\System32\ieetwcollector.exe
2013-11-26 09:16:57 708608 ----a-w- C:\windows\System32\jscript9diag.dll
2013-11-26 08:35:02 5769216 ----a-w- C:\windows\System32\jscript9.dll
2013-11-26 08:28:16 553472 ----a-w- C:\windows\SysWow64\jscript9diag.dll
2013-11-26 08:16:12 4243968 ----a-w- C:\windows\SysWow64\jscript9.dll
2013-11-26 08:02:16 1995264 ----a-w- C:\windows\System32\inetcpl.cpl
2013-11-26 07:32:06 1928192 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2013-11-26 07:07:57 2334208 ----a-w- C:\windows\System32\wininet.dll
2013-11-26 06:33:33 1820160 ----a-w- C:\windows\SysWow64\wininet.dll
2013-11-24 12:01:43 50053120 ----a-w- C:\Program Files (x86)\GUT5071.tmp
2013-11-23 18:26:20 417792 ----a-w- C:\windows\SysWow64\WMPhoto.dll
2013-11-23 17:47:34 465920 ----a-w- C:\windows\System32\WMPhoto.dll
2013-11-18 19:33:38 267936 ------w- C:\windows\System32\MpSigStub.exe
2013-11-15 07:32:59 942592 ----a-w- C:\windows\System32\jsIntl.dll
2013-11-12 02:23:09 2048 ----a-w- C:\windows\System32\tzres.dll
2013-11-12 02:07:29 2048 ----a-w- C:\windows\SysWow64\tzres.dll
2013-11-09 04:31:59 91352 ----a-w- C:\windows\System32\drivers\mbamchameleon.sys
2013-10-30 02:19:52 301568 ----a-w- C:\windows\SysWow64\msieftp.dll
2013-10-30 01:24:31 3155968 ----a-w- C:\windows\System32\win32k.sys
2013-10-23 23:40:26 92544 ----a-w- C:\windows\System32\drivers\aswRdr2.sys
2013-10-23 23:40:26 65776 ----a-w- C:\windows\System32\drivers\aswRvrt.sys
2013-10-19 02:18:57 81408 ----a-w- C:\windows\System32\imagehlp.dll
2013-10-19 01:36:59 159232 ----a-w- C:\windows\SysWow64\imagehlp.dll
2013-10-18 08:35:04 108968 ----a-w- C:\windows\System32\WindowsAccessBridge-64.dll
2013-10-18 08:33:31 96168 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-12 02:32:04 150016 ----a-w- C:\windows\System32\wshom.ocx
2013-10-12 02:31:04 202752 ----a-w- C:\windows\System32\scrrun.dll
2013-10-12 02:30:42 830464 ----a-w- C:\windows\System32\nshwfp.dll
2013-10-12 02:29:21 859648 ----a-w- C:\windows\System32\IKEEXT.DLL
2013-10-12 02:29:08 324096 ----a-w- C:\windows\System32\FWPUCLNT.DLL
2013-10-12 02:04:36 121856 ----a-w- C:\windows\SysWow64\wshom.ocx
2013-10-12 02:03:31 163840 ----a-w- C:\windows\SysWow64\scrrun.dll
2013-10-12 02:03:08 656896 ----a-w- C:\windows\SysWow64\nshwfp.dll
2013-10-12 02:01:25 216576 ----a-w- C:\windows\SysWow64\FWPUCLNT.DLL
2013-10-12 01:33:39 156160 ----a-w- C:\windows\System32\cscript.exe
2013-10-12 01:33:26 168960 ----a-w- C:\windows\System32\wscript.exe
2013-10-12 01:15:48 141824 ----a-w- C:\windows\SysWow64\wscript.exe
2013-10-12 01:15:48 126976 ----a-w- C:\windows\SysWow64\cscript.exe
2013-10-05 20:25:35 1474048 ----a-w- C:\windows\System32\crypt32.dll
2013-10-05 19:57:25 1168384 ----a-w- C:\windows\SysWow64\crypt32.dll
2013-10-04 02:28:31 190464 ----a-w- C:\windows\System32\SmartcardCredentialProvider.dll
2013-10-04 02:25:17 197120 ----a-w- C:\windows\System32\credui.dll
2013-10-04 02:24:49 1930752 ----a-w- C:\windows\System32\authui.dll
2013-10-04 02:16:30 116736 ----a-w- C:\windows\System32\drivers\drmk.sys
2013-10-04 01:58:50 152576 ----a-w- C:\windows\SysWow64\SmartcardCredentialProvider.dll
2013-10-04 01:56:25 168960 ----a-w- C:\windows\SysWow64\credui.dll
2013-10-04 01:56:00 1796096 ----a-w- C:\windows\SysWow64\authui.dll
2013-10-04 01:36:04 230400 ----a-w- C:\windows\System32\drivers\portcls.sys
2013-10-03 02:23:48 404480 ----a-w- C:\windows\System32\gdi32.dll
2013-10-03 02:00:44 311808 ----a-w- C:\windows\SysWow64\gdi32.dll
.
============= FINISH: 11:28:30.72 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume1
Install Date: 14/04/2013 7:14:07 AM
System Uptime: 29/12/2013 10:27:14 AM (1 hours ago)
.
Motherboard: Type2 - Board Vendor Name1 |  | Type2 - Board Product Name1
Processor: Intel® Core i7-3610QM CPU @ 2.30GHz | U3E1 | 2301/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 485 GiB total, 412.56 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP176: 12/12/2013 4:11:27 PM - Windows Update
RP177: 14/12/2013 10:42:06 AM - Installed Google Drive
RP178: 17/12/2013 3:33:55 PM - Windows Update
RP179: 20/12/2013 9:16:24 AM - avast! antivirus system restore point
RP180: 21/12/2013 7:48:58 AM - Windows Update
RP181: 25/12/2013 8:47:06 AM - Windows Update
RP182: 25/12/2013 8:52:09 AM - Installed Windows Phone app for desktop
RP183: 26/12/2013 8:55:42 AM - Windows Update
RP184: 26/12/2013 12:00:14 PM - Windows Update
RP185: 27/12/2013 2:51:29 PM - Installed Microsoft Fix it 50848
RP186: 28/12/2013 1:35:56 PM - Removed Bluetooth Stack for Windows by Toshiba.
.
==== Installed Programs ======================
.
Adblock Plus for IE
Adblock Plus for IE (32-bit and 64-bit)
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
AMD APP SDK Runtime
AMD Catalyst Install Manager
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASIO4ALL
Atheros Bluetooth Filter Driver Package
Atheros Driver Installation Program
Audacity 2.0.3
avast! Free Antivirus
Bonjour
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
CloudReading
D3DX10
Deckadance 2
eReg
ESET Online Scanner v3
FileHippo.com Update Checker
FL Studio 11
FlowStone FL 3.0
Foxit Reader
GIMP 2.8.10
Google Chrome
Google Drive
Google Update Helper
IL Shared Libraries
Inkscape 0.48.4
Intel Android Device USB driver
Intel® Manageability Engine Firmware Recovery Agent
Intel® Management Engine Components
Intel® Rapid Storage Technology
Intel® USB 3.0 eXtensible Host Controller Driver
Intel® Trusted Connect Service Client
iTunes
Java 7 Update 45
Java 7 Update 45 (64-bit)
Java Auto Updater
Junk Mail filter update
Logitech SetPoint 6.61
Logitech Webcam Software
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Primary Interoperability Assemblies 2005
Microsoft Silverlight
Microsoft Small Basic v1.0
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft WSE 3.0 Runtime
Movie Maker
MSVCRT
MSVCRT_amd64
MSVCRT110
MSVCRT110_amd64
Origin
Paint.NET v3.5.11
Photo Common
Photo Gallery
PlayReady PC Runtime amd64
Premium Sound HD
QuickTime
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
RocketDock 1.3.5
Scratch 2 Offline Editor
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
SimCity 4
Skype Click to Call
Skype™ 6.11
swMSM
Synaptics Pointing Device Driver
The Sims™ 3
The Sims™ 3 Ambitions
The Sims™ 3 High-End Loft Stuff
The Sims™ 3 Outdoor Living Stuff
The Sims™ 3 Pets
The Sims™ 3 Seasons
TOSHIBA Assist
TOSHIBA Bulletin Board
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA Face Recognition
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
TOSHIBA Hotkey Utility for Display Devices
TOSHIBA Media Controller
TOSHIBA Media Controller Plug-in
TOSHIBA PC Health Monitor
TOSHIBA Peak Shift Control
TOSHIBA Recovery Media Creator
TOSHIBA ReelTime
TOSHIBA Resolution+ Plug-in for Windows Media Player
TOSHIBA Service Station
TOSHIBA Sleep Utility
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
TOSHIBA Wireless LAN Indicator
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
VirusTotal Uploader 2.0
VLC media player 2.1.2
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Phone app for desktop
.
==== Event Viewer Messages From Past Week ========
.
28/12/2013 7:19:57 PM, Error: bowser [8003]  - The master browser has received a server announcement from the computer PAUL-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{3DE52DFC-B9B9-42C8-BABF-A21352F85728}. The master browser is stopping or an election is being forced.
28/12/2013 12:55:43 PM, Error: Service Control Manager [7001]  - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:  The dependency service or group failed to start.
28/12/2013 12:55:43 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
28/12/2013 12:55:31 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
28/12/2013 12:55:30 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
28/12/2013 12:54:59 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000007e (0xffffffffc0000005, 0xfffff880068a7a2b, 0xfffff88002bb7398, 0xfffff88002bb6bf0). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 122813-29749-01.
28/12/2013 12:54:56 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  aswRvrt aswSnx aswSP aswVmm discache spldr Tosrfcom Wanarpv6
28/12/2013 12:54:56 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
28/12/2013 12:54:53 PM, Error: Service Control Manager [7001]  - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error:  The dependency service or group failed to start.
28/12/2013 10:27:30 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x000000f7 (0xfffff88099d4a6ea, 0x0000f88006b4cc88, 0xffff077ff94b3377, 0x0000000000000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 122813-27892-01.
28/12/2013 10:06:12 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000007e (0xffffffffc0000005, 0xfffff88005454a2b, 0xfffff88008577398, 0xfffff88008576bf0). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 122813-35490-01.
28/12/2013 1:04:24 PM, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
27/12/2013 6:10:33 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000007e (0xffffffffc0000005, 0xfffff88005ae7a2b, 0xfffff880025bf398, 0xfffff880025bebf0). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 122713-38750-01.
27/12/2013 2:43:51 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000007e (0xffffffffc0000005, 0xfffff880052c2a2b, 0xfffff88008b54398, 0xfffff88008b53bf0). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 122713-33103-01.
26/12/2013 8:56:13 AM, Error: Service Control Manager [7043]  - The Windows Update service did not shut down properly after receiving a preshutdown control.
26/12/2013 11:54:30 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000007e (0xffffffffc0000005, 0xfffff880068f2a2b, 0xfffff880089ec398, 0xfffff880089ebbf0). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 122613-45240-01.
.
==== End Of File ===========================
 

 

Link to post
Share on other sites

  • Root Admin

Sorry for the delay.

 

Please go ahead and run through the following steps and post back the logs when ready.

STEP 03
Please download Malwarebytes Anti-Rootkit from here

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt

STEP 04
Please download Junkware Removal Tool to your desktop.
  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus



STEP 05
Lets clean out any adware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.


Then..................

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.


STEP 06
button_eos.gif

Please go here to run the online antivirus scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology

    [*]Click Scan [*]Wait for the scan to finish [*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.



STEP 07
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.


 

Link to post
Share on other sites

Malwarebytes Anti-Rootkit BETA 1.07.0.1008

www.malwarebytes.org

 

Database version: v2014.01.01.01

 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 11.0.9600.16476

Ryan :: RYAN-PC [administrator]

 

1/01/2014 11:03:46 AM

mbar-log-2014-01-01 (11-03-46).txt

 

Scan type: Quick scan

Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken

Scan options disabled: 

Objects scanned: 242247

Time elapsed: 35 minute(s), 52 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

Physical Sectors Detected: 0

(No malicious items detected)

 

(end)


---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.07.0.1008

 

© Malwarebytes Corporation 2011-2012

 

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

 

Account is Administrative

 

Internet Explorer version: 11.0.9600.16476

 

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED, Q:\ DRIVE_FIXED

CPU speed: 2.294000 GHz

Memory total: 4252819456, free: 2459451392

 

Downloaded database version: v2014.01.01.01

Downloaded database version: v2013.12.18.01

=======================================

Initializing...

------------ Kernel report ------------

     01/01/2014 11:03:43

------------ Loaded modules -----------

\SystemRoot\system32\ntoskrnl.exe

\SystemRoot\system32\hal.dll

\SystemRoot\system32\kdcom.dll

\SystemRoot\system32\mcupdate_GenuineIntel.dll

\SystemRoot\system32\PSHED.dll

\SystemRoot\system32\CLFS.SYS

\SystemRoot\system32\CI.dll

\SystemRoot\system32\drivers\Wdf01000.sys

\SystemRoot\system32\drivers\WDFLDR.SYS

\SystemRoot\system32\drivers\ACPI.sys

\SystemRoot\system32\drivers\WMILIB.SYS

\SystemRoot\system32\drivers\msisadrv.sys

\SystemRoot\system32\drivers\pci.sys

\SystemRoot\system32\drivers\vdrvroot.sys

\SystemRoot\System32\drivers\partmgr.sys

\SystemRoot\system32\drivers\compbatt.sys

\SystemRoot\system32\drivers\BATTC.SYS

\SystemRoot\system32\drivers\volmgr.sys

\SystemRoot\System32\drivers\volmgrx.sys

\SystemRoot\System32\drivers\mountmgr.sys

\SystemRoot\system32\drivers\pciide.sys

\SystemRoot\system32\drivers\PCIIDEX.SYS

\SystemRoot\system32\DRIVERS\iaStor.sys

\SystemRoot\system32\drivers\atapi.sys

\SystemRoot\system32\drivers\ataport.SYS

\SystemRoot\system32\drivers\msahci.sys

\SystemRoot\system32\drivers\amdxata.sys

\SystemRoot\system32\drivers\fltmgr.sys

\SystemRoot\system32\drivers\fileinfo.sys

\SystemRoot\System32\Drivers\Ntfs.sys

\SystemRoot\System32\Drivers\msrpc.sys

\SystemRoot\System32\Drivers\ksecdd.sys

\SystemRoot\System32\Drivers\cng.sys

\SystemRoot\System32\drivers\pcw.sys

\SystemRoot\System32\Drivers\Fs_Rec.sys

\SystemRoot\system32\drivers\ndis.sys

\SystemRoot\system32\drivers\NETIO.SYS

\SystemRoot\System32\Drivers\ksecpkg.sys

\SystemRoot\System32\drivers\tcpip.sys

\SystemRoot\System32\drivers\fwpkclnt.sys

\SystemRoot\system32\drivers\wd.sys

\SystemRoot\system32\drivers\volsnap.sys

\SystemRoot\system32\DRIVERS\TVALZ_O.SYS

\SystemRoot\System32\Drivers\spldr.sys

\SystemRoot\System32\drivers\rdyboost.sys

\SystemRoot\System32\Drivers\mup.sys

\SystemRoot\system32\DRIVERS\iusb3hcs.sys

\SystemRoot\System32\drivers\hwpolicy.sys

\SystemRoot\System32\DRIVERS\fvevol.sys

\SystemRoot\system32\drivers\disk.sys

\SystemRoot\system32\drivers\CLASSPNP.SYS

\SystemRoot\System32\Drivers\aswVmm.sys

\SystemRoot\System32\Drivers\aswRvrt.sys

\SystemRoot\system32\DRIVERS\cdrom.sys

\??\C:\windows\system32\drivers\aswSnx.sys

\??\C:\windows\system32\drivers\aswSP.sys

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\drivers\VIDEOPRT.SYS

\SystemRoot\System32\drivers\watchdog.sys

\SystemRoot\System32\DRIVERS\RDPCDD.sys

\SystemRoot\system32\drivers\rdpencdd.sys

\SystemRoot\system32\drivers\rdprefmp.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\system32\DRIVERS\tdx.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\system32\drivers\afd.sys

\??\C:\windows\system32\drivers\aswRdr2.sys

\SystemRoot\System32\DRIVERS\netbt.sys

\SystemRoot\system32\drivers\ws2ifsl.sys

\SystemRoot\system32\DRIVERS\wfplwf.sys

\SystemRoot\system32\DRIVERS\pacer.sys

\SystemRoot\system32\DRIVERS\vwififlt.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\wanarp.sys

\SystemRoot\system32\DRIVERS\termdd.sys

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\drivers\nsiproxy.sys

\SystemRoot\system32\DRIVERS\mssmbios.sys

\SystemRoot\System32\drivers\discache.sys

\SystemRoot\System32\Drivers\dfsc.sys

\SystemRoot\system32\DRIVERS\blbdrive.sys

\SystemRoot\system32\DRIVERS\tunnel.sys

\SystemRoot\system32\DRIVERS\atikmpag.sys

\SystemRoot\system32\DRIVERS\atikmdag.sys

\SystemRoot\System32\drivers\dxgkrnl.sys

\SystemRoot\System32\drivers\dxgmms1.sys

\SystemRoot\system32\DRIVERS\HDAudBus.sys

\SystemRoot\system32\DRIVERS\iusb3xhc.sys

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\system32\DRIVERS\HECIx64.sys

\SystemRoot\system32\drivers\usbehci.sys

\SystemRoot\system32\drivers\USBPORT.SYS

\SystemRoot\system32\DRIVERS\athrx.sys

\SystemRoot\system32\DRIVERS\vwifibus.sys

\SystemRoot\system32\DRIVERS\Rt64win7.sys

\SystemRoot\system32\DRIVERS\i8042prt.sys

\SystemRoot\system32\DRIVERS\kbdclass.sys

\SystemRoot\system32\DRIVERS\SynTP.sys

\SystemRoot\system32\DRIVERS\mouclass.sys

\SystemRoot\system32\DRIVERS\tdcmdpst.sys

\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

\SystemRoot\system32\DRIVERS\CmBatt.sys

\SystemRoot\system32\DRIVERS\intelppm.sys

\SystemRoot\system32\DRIVERS\TVALZFL.sys

\SystemRoot\system32\DRIVERS\wmiacpi.sys

\SystemRoot\system32\DRIVERS\tosrfec.sys

\SystemRoot\system32\DRIVERS\CompositeBus.sys

\SystemRoot\system32\DRIVERS\AgileVpn.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\rassstp.sys

\SystemRoot\system32\DRIVERS\swenum.sys

\SystemRoot\system32\DRIVERS\ks.sys

\SystemRoot\system32\DRIVERS\umbus.sys

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\system32\drivers\AtihdW76.sys

\SystemRoot\system32\drivers\portcls.sys

\SystemRoot\system32\drivers\drmk.sys

\SystemRoot\system32\drivers\ksthunk.sys

\SystemRoot\system32\DRIVERS\iusb3hub.sys

\SystemRoot\system32\drivers\RTKVHD64.sys

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\System32\Drivers\crashdmp.sys

\SystemRoot\System32\Drivers\dump_iaStor.sys

\SystemRoot\System32\Drivers\dump_dumpfve.sys

\SystemRoot\System32\Drivers\RtsUStor.sys

\SystemRoot\System32\TSDDD.dll

\SystemRoot\System32\cdd.dll

\SystemRoot\system32\DRIVERS\usbccgp.sys

\SystemRoot\system32\DRIVERS\hidusb.sys

\SystemRoot\system32\DRIVERS\HIDCLASS.SYS

\SystemRoot\system32\DRIVERS\HIDPARSE.SYS

\SystemRoot\system32\DRIVERS\LEqdUsb.Sys

\SystemRoot\system32\DRIVERS\kbdhid.sys

\SystemRoot\system32\DRIVERS\mouhid.sys

\SystemRoot\system32\DRIVERS\LHidEqd.Sys

\SystemRoot\system32\DRIVERS\LHidFilt.Sys

\SystemRoot\system32\DRIVERS\LMouFilt.Sys

\SystemRoot\system32\drivers\luafv.sys

\??\C:\windows\system32\drivers\aswMonFlt.sys

\SystemRoot\system32\DRIVERS\Sftvollh.sys

\SystemRoot\System32\Drivers\usbvideo.sys

\SystemRoot\system32\DRIVERS\pgeffect.sys

\SystemRoot\system32\DRIVERS\lltdio.sys

\SystemRoot\system32\DRIVERS\nwifi.sys

\SystemRoot\system32\DRIVERS\ndisuio.sys

\SystemRoot\system32\DRIVERS\rspndr.sys

\SystemRoot\system32\DRIVERS\vwifimp.sys

\SystemRoot\system32\drivers\HTTP.sys

\SystemRoot\system32\DRIVERS\bowser.sys

\SystemRoot\System32\drivers\mpsdrv.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\system32\DRIVERS\mrxsmb10.sys

\SystemRoot\system32\DRIVERS\mrxsmb20.sys

\SystemRoot\system32\drivers\peauth.sys

\SystemRoot\System32\Drivers\secdrv.SYS

\SystemRoot\system32\DRIVERS\Sftfslh.sys

\SystemRoot\system32\DRIVERS\Sftplaylh.sys

\SystemRoot\System32\DRIVERS\srvnet.sys

\SystemRoot\System32\drivers\tcpipreg.sys

\SystemRoot\System32\DRIVERS\srv2.sys

\SystemRoot\System32\DRIVERS\srv.sys

\SystemRoot\system32\DRIVERS\Sftredirlh.sys

\??\C:\windows\system32\drivers\aswStm.sys

\SystemRoot\system32\DRIVERS\udfs.sys

\SystemRoot\System32\ATMFD.DLL

\SystemRoot\system32\drivers\WudfPf.sys

\??\C:\windows\system32\drivers\mbamchameleon.sys

\??\C:\windows\system32\drivers\MBAMSwissArmy.sys

\Windows\System32\ntdll.dll

\Windows\System32\smss.exe

\Windows\System32\apisetschema.dll

\Windows\System32\autochk.exe

\Windows\System32\difxapi.dll

----------- End -----------

Done!

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xfffffa80050b6790

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\Ide\IAAStorageDevice-1\

Lower Device Object: 0xfffffa80050b5050

Lower Device Driver Name: \Driver\iaStor\

<<<2>>>

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xfffffa80050b6790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa8004fbb9d0, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa80050b6790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa80050b5050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\

------------ End ----------

Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

Upper DeviceData: 0x0, 0x0, 0x0

Lower DeviceData: 0x0, 0x0, 0x0

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

<<<2>>>

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...

<<<2>>>

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Done!

Drive 0

Scanning MBR on drive 0...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: 3A46F848

 

Partition information:

 

    Partition 0 type is Other (0x27)

    Partition is ACTIVE.

    Partition starts at LBA: 2048  Numsec = 3072000

    Partition file system is NTFS

    Partition is bootable

 

    Partition 1 type is Primary (0x7)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 3074048  Numsec = 1016702913

 

    Partition 2 type is HIDDEN (0x17)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 1438658560  Numsec = 26488832

    Partition is not bootable

Hidden partition VBR is not infected.

 

    Partition 3 type is Extended with CSH (0x5)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 1019777022  Numsec = 418881538

 

Disk Size: 750156374016 bytes

Sector size: 512 bytes

 

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1465129168-1465149168)...

Done!

Scan finished

=======================================

 

 

Removal queue found; removal started

Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...

Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_0_2048_i.mbam...

Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_2_1438658560_i.mbam...

Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...

Removal finished


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.0.8 (11.05.2013:1)

OS: Windows 7 Home Premium x64

Ran by Ryan on Wed 01/01/2014 at 11:40:46.16

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

 

 

~~~ Registry Keys

 

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit

 

 

 

~~~ Files

 

 

 

~~~ Folders

 

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Wed 01/01/2014 at 11:46:06.23

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


# AdwCleaner v3.016 - Report created 01/01/2014 at 11:51:38

# Updated 23/12/2013 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : Ryan - RYAN-PC

# Running from : C:\Users\Ryan\Desktop\AdwCleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\ProgramData\NCH Software

Folder Deleted : C:\Users\Ryan\AppData\Roaming\NCH Software

File Deleted : C:\windows\System32\Tasks\NCH Software

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKCU\Software\NCH Software

Key Deleted : HKLM\Software\NCH Software

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v11.0.9600.16428

 

 

-\\ Google Chrome v31.0.1650.63

 

[ File : C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

*************************

 

AdwCleaner[R0].txt - [1034 octets] - [01/01/2014 11:50:43]

AdwCleaner[s0].txt - [925 octets] - [01/01/2014 11:51:38]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [984 octets] ##########

 

 

ESET AND MBAM FOUND NO THREATS

 


Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-12-2013 01

Ran by Ryan (administrator) on RYAN-PC on 01-01-2014 12:01:27

Running from C:\Users\Ryan\Desktop\MRT

Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)

Internet Explorer Version 11

Boot Mode: Normal

 

==================== Processes (Whitelisted) =================

 

(AMD) C:\Windows\System32\atiesrxx.exe

(AMD) C:\Windows\System32\atieclxx.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

() C:\Windows\System32\GFNEXSrv.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

() C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\ConfigFree\NDSTray.exe

() C:\Program Files (x86)\RocketDock\RocketDock.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\ConfigFree\CFSwMgr.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\ConfigFree\CFIWmxSvcs64.exe

(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2866960 2011-12-20] (Synaptics Incorporated)

HKLM\...\Run: [TosVolRegulator] - C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-12] (TOSHIBA Corporation)

HKLM\...\Run: [TFNF5] - C:\Windows\System32\TFNF5.exe [1201472 2010-04-13] (TOSHIBA Corp.)

HKLM-x32\...\Run: [uSB3MON] - C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-05] (Intel Corporation)

HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3764024 2013-12-20] (AVAST Software)

Winlogon\Notify\LBTWlgn: C:\Program Files\Common Files\logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)

HKCU\...\Run: [RocketDock] - C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] ()

 

==================== Internet (Whitelisted) ====================

 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

SearchScopes: HKLM - DefaultScope value is missing.

SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear

BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)

BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)

BHO: Adblock Plus for IE Browser Helper Object - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll (Adblock Plus)

BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)

BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)

BHO-x32: Adblock Plus for IE Browser Helper Object - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll (Adblock Plus)

Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)

Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

 

Chrome: 

=======



CHR DefaultSearchKeyword: google.com.au

CHR Extension: (Bejeweled) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpkifcfcacgmnggcbpbjbkdijciiigm\2_0

CHR Extension: (Angry Birds) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0

CHR Extension: (Google Docs) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0

CHR Extension: (Google Drive) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0

CHR Extension: (YouTube) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0

CHR Extension: (Thesaurus.com - Synonyms and Antonyms) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\clljlcapeomdokpgadmegpabakieebci\1.6_0

CHR Extension: (Google Search) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0

CHR Extension: (Logitech Smooth Scrolling) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk\6.60.170_0

CHR Extension: (Google News) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dllkocilcinkggkchnjgegijklcililc\3.0_0

CHR Extension: (Google Calendar) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0

CHR Extension: (DoNotTrackMe: Online Privacy Protection) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd\3.1.1016_0

CHR Extension: (AdBlock) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.14_0

CHR Extension: (Dictionary by Dictionary.com) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gikhgcaliglmioibbockkmjknfnepbdh\1.6_0

CHR Extension: (Translator by Dictionary.com) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\glacllipodbjfijgkcdifnlhmoddlkon\1.6_0

CHR Extension: (avast! Online Security) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2005.45_0

CHR Extension: (Pixlr Touch Up) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jklljiahjgoglchglekebfljnmbaleig\1.1.3_0

CHR Extension: (Google Play) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi\3.0_0

CHR Extension: (Skype Click to Call) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.13.0.13771_0

CHR Extension: (Google Maps) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.7_0

CHR Extension: (Google Wallet) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0

CHR Extension: (My Chrome Theme) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic\2.0_0

CHR Extension: (Where is the red) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohpblkkbmfceapbolfogbfpkcjdlhonb\2_0

CHR Extension: (Gmail) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1

CHR HKLM-x32\...\Chrome\Extension: [fplhdcjmbpfkejbhngmlngaecbjmoimd] - C:\Program Files\AVAST Software\Avast\AdBlocker\Chrome\avast-adblocker-chrome.crx

CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx

CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

 

==================== Services (Whitelisted) =================

 

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2013-12-20] (AVAST Software)

R2 GFNEXSrv; C:\Windows\System32\GFNEXSrv.exe [162824 2010-09-10] ()

R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-22] ()

R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-22] (Intel Corporation)

 

==================== Drivers (Whitelisted) ====================

 

R2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [78648 2013-12-20] (AVAST Software)

R1 aswRdr; C:\windows\system32\drivers\aswRdr2.sys [92544 2013-10-24] (AVAST Software)

R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-10-24] ()

R1 aswSnx; C:\windows\system32\drivers\aswSnx.sys [1034464 2013-12-20] (AVAST Software)

R1 aswSP; C:\windows\system32\drivers\aswSP.sys [422216 2013-12-20] (AVAST Software)

R3 aswStm; C:\windows\system32\drivers\aswStm.sys [79672 2013-12-22] (AVAST Software)

R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2013-12-20] ()

S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv_x64.sys [44928 2012-10-11] (ManyCam LLC)

S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [28160 2013-01-31] (ManyCam LLC)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2011-03-01] (Microsoft Corporation)

S3 TDEIO; \??\C:\Windows\SysWOW64\sysprep\BOOTPRIO\tdeio64.sys [x]

S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [x]

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2014-01-01 12:01 - 2014-01-01 12:01 - 00000000 ____D C:\FRST

2014-01-01 12:00 - 2014-01-01 12:01 - 01931302 _____ (Farbar) C:\Users\Ryan\Downloads\FRST64.exe

2014-01-01 11:50 - 2014-01-01 11:54 - 00000000 ____D C:\AdwCleaner

2014-01-01 11:49 - 2014-01-01 11:49 - 01233962 _____ C:\Users\Ryan\Downloads\AdwCleaner.exe

2014-01-01 11:39 - 2014-01-01 11:39 - 01034531 _____ (Thisisu) C:\Users\Ryan\Downloads\JRT.exe

2014-01-01 11:02 - 2014-01-01 12:01 - 00000000 ____D C:\Users\Ryan\Desktop\MRT

2014-01-01 11:02 - 2014-01-01 11:02 - 12582688 _____ (Malwarebytes Corp.) C:\Users\Ryan\Downloads\mbar-1.07.0.1008.exe

2013-12-30 15:57 - 2013-12-30 15:57 - 00003637 _____ C:\Users\Ryan\AppData\Local\recently-used.xbel

2013-12-30 11:28 - 2013-12-30 11:30 - 33440584 _____ (Foxit Corporation                                           ) C:\Users\Ryan\Downloads\FoxitReader612.1224_enu_Setup.exe

2013-12-29 10:18 - 2014-01-01 11:52 - 00000280 _____ C:\windows\setupact.log

2013-12-29 10:18 - 2013-12-29 10:18 - 00000000 _____ C:\windows\setuperr.log

2013-12-28 14:51 - 2013-12-28 14:51 - 00302674 _____ C:\Users\Ryan\Downloads\A-Tone-His_Self-1266414414.wav

2013-12-28 13:21 - 2013-12-28 13:21 - 00000000 ____D C:\windows\pss

2013-12-28 10:29 - 2013-12-28 10:30 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\Ryan\Downloads\tdsskiller.exe

2013-12-27 20:53 - 2013-12-27 20:53 - 00003544 ____N C:\bootsqm.dat

2013-12-27 17:47 - 2013-12-27 17:47 - 00013336 _____ C:\Users\Ryan\Downloads\high_thin_light.zip

2013-12-27 17:46 - 2013-12-27 17:46 - 01798007 _____ C:\Users\Ryan\Downloads\weblysleek_ui.zip

2013-12-26 11:54 - 2013-12-28 17:23 - 00000000 ____D C:\windows\Minidump

2013-12-26 08:52 - 2013-12-26 08:52 - 00018960 _____ (Logitech, Inc.) C:\windows\system32\Drivers\LNonPnP.sys

2013-12-26 08:52 - 2013-12-26 08:52 - 00000000 ____D C:\Users\Public\Documents\Logishrd

2013-12-26 08:52 - 2013-12-26 08:52 - 00000000 ____D C:\ProgramData\Logitech

2013-12-26 08:50 - 2013-12-26 08:52 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\Logitech

2013-12-26 08:50 - 2013-12-26 08:50 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\Logishrd

2013-12-26 08:50 - 2013-12-26 08:50 - 00000000 ____D C:\Program Files\Logitech

2013-12-25 10:05 - 2013-12-25 10:05 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2013-12-25 08:52 - 2013-12-25 08:52 - 00000000 ____D C:\Program Files (x86)\Windows Phone

2013-12-25 08:46 - 2013-12-25 08:46 - 00000000 ____D C:\ProgramData\Applications

2013-12-24 15:02 - 2013-12-24 15:02 - 00000000 ____D C:\Users\Ryan\Documents\Bluetooth

2013-12-20 12:05 - 2013-12-23 16:56 - 00000000 ____D C:\windows\System32\Tasks\NCH Software

2013-12-20 09:18 - 2013-12-22 09:07 - 00079672 _____ (AVAST Software) C:\windows\system32\Drivers\aswstm.sys

2013-12-20 08:34 - 2013-12-20 08:34 - 00002051 _____ C:\Users\Ryan\Desktop\FL Studio 11.lnk

2013-12-19 19:02 - 2013-12-20 12:04 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\SongManager

2013-12-19 18:42 - 2013-12-19 18:42 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2

2013-12-19 18:42 - 2013-12-19 18:42 - 00000000 ____D C:\Program Files (x86)\ASIO4ALL v2

2013-12-19 18:41 - 2013-12-19 19:00 - 00000000 ____D C:\Program Files (x86)\VstPlugins

2013-12-19 18:41 - 2013-12-19 18:41 - 00000000 ____D C:\Users\Ryan\Documents\Image-Line

2013-12-19 18:41 - 2013-12-19 18:41 - 00000000 ____D C:\Program Files (x86)\DSPRobotics

2013-12-16 18:29 - 2013-12-22 15:06 - 00000000 ____D C:\Users\Ryan\Downloads\Other

2013-12-16 15:34 - 2013-12-21 19:47 - 00000000 ____D C:\Users\Ryan\Desktop\Icons

2013-12-13 15:49 - 2013-12-13 15:51 - 00000000 ____D C:\Program Files (x86)\Inkscape

2013-12-12 18:03 - 2013-12-12 18:03 - 00000000 ____D C:\Program Files\GIMP 2

2013-12-12 15:44 - 2013-12-12 15:44 - 00000000 ____D C:\Program Files (x86)\Scratch 2

2013-12-12 15:25 - 2013-05-10 13:56 - 14631424 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll

2013-12-12 15:25 - 2013-05-10 13:56 - 12625920 _____ (Microsoft Corporation) C:\windows\system32\wmploc.DLL

2013-12-12 15:25 - 2013-05-10 12:56 - 12625408 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmploc.DLL

2013-12-12 15:25 - 2013-05-10 12:56 - 11410432 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmp.dll

2013-12-12 15:24 - 2013-11-26 19:54 - 23183360 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll

2013-12-12 15:24 - 2013-11-26 18:19 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb

2013-12-12 15:24 - 2013-11-26 18:18 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll

2013-12-12 15:24 - 2013-11-26 18:11 - 17112576 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll

2013-12-12 15:24 - 2013-11-26 17:48 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll

2013-12-12 15:24 - 2013-11-26 17:46 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll

2013-12-12 15:24 - 2013-11-26 17:41 - 02764288 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll

2013-12-12 15:24 - 2013-11-26 17:29 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll

2013-12-12 15:24 - 2013-11-26 17:27 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll

2013-12-12 15:24 - 2013-11-26 17:23 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb

2013-12-12 15:24 - 2013-11-26 17:21 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll

2013-12-12 15:24 - 2013-11-26 17:18 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe

2013-12-12 15:24 - 2013-11-26 17:18 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe

2013-12-12 15:24 - 2013-11-26 17:16 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll

2013-12-12 15:24 - 2013-11-26 16:57 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe

2013-12-12 15:24 - 2013-11-26 16:38 - 02166784 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll

2013-12-12 15:24 - 2013-11-26 16:38 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll

2013-12-12 15:24 - 2013-11-26 16:35 - 05769216 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll

2013-12-12 15:24 - 2013-11-26 16:32 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll

2013-12-12 15:24 - 2013-11-26 16:28 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll

2013-12-12 15:24 - 2013-11-26 16:16 - 04243968 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll

2013-12-12 15:24 - 2013-11-26 16:02 - 01995264 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl

2013-12-12 15:24 - 2013-11-26 15:48 - 12996608 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll

2013-12-12 15:24 - 2013-11-26 15:32 - 01928192 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl

2013-12-12 15:24 - 2013-11-26 15:26 - 11221504 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll

2013-12-12 15:24 - 2013-11-26 15:07 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll

2013-12-12 15:24 - 2013-11-26 14:40 - 01395200 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll

2013-12-12 15:24 - 2013-11-26 14:34 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll

2013-12-12 15:24 - 2013-11-26 14:34 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll

2013-12-12 15:24 - 2013-11-26 14:33 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll

2013-12-12 15:24 - 2013-11-26 14:27 - 01157632 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll

2013-12-11 15:42 - 2013-11-24 02:26 - 00417792 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMPhoto.dll

2013-12-11 15:42 - 2013-11-24 01:47 - 00465920 _____ (Microsoft Corporation) C:\windows\system32\WMPhoto.dll

2013-12-11 15:42 - 2013-11-12 10:23 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll

2013-12-11 15:42 - 2013-11-12 10:07 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll

2013-12-11 15:42 - 2013-10-30 10:32 - 00335360 _____ (Microsoft Corporation) C:\windows\system32\msieftp.dll

2013-12-11 15:42 - 2013-10-30 10:19 - 00301568 _____ (Microsoft Corporation) C:\windows\SysWOW64\msieftp.dll

2013-12-11 15:42 - 2013-10-30 09:24 - 03155968 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys

2013-12-11 15:42 - 2013-10-19 10:18 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\imagehlp.dll

2013-12-11 15:42 - 2013-10-19 09:36 - 00159232 _____ (Microsoft Corporation) C:\windows\SysWOW64\imagehlp.dll

2013-12-11 15:42 - 2013-10-12 10:32 - 00150016 _____ (Microsoft Corporation) C:\windows\system32\wshom.ocx

2013-12-11 15:42 - 2013-10-12 10:31 - 00202752 _____ (Microsoft Corporation) C:\windows\system32\scrrun.dll

2013-12-11 15:42 - 2013-10-12 10:04 - 00121856 _____ (Microsoft Corporation) C:\windows\SysWOW64\wshom.ocx

2013-12-11 15:42 - 2013-10-12 10:03 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\scrrun.dll

2013-12-11 15:42 - 2013-10-12 09:33 - 00168960 _____ (Microsoft Corporation) C:\windows\system32\wscript.exe

2013-12-11 15:42 - 2013-10-12 09:33 - 00156160 _____ (Microsoft Corporation) C:\windows\system32\cscript.exe

2013-12-11 15:42 - 2013-10-12 09:15 - 00141824 _____ (Microsoft Corporation) C:\windows\SysWOW64\wscript.exe

2013-12-11 15:42 - 2013-10-12 09:15 - 00126976 _____ (Microsoft Corporation) C:\windows\SysWOW64\cscript.exe

2013-12-11 15:42 - 2013-10-04 10:16 - 00116736 _____ (Microsoft Corporation) C:\windows\system32\Drivers\drmk.sys

2013-12-11 15:42 - 2013-10-04 09:36 - 00230400 _____ (Microsoft Corporation) C:\windows\system32\Drivers\portcls.sys

2013-12-10 18:52 - 2013-12-11 17:00 - 00000000 ____D C:\Users\Ryan\Desktop\Epiq

 

==================== One Month Modified Files and Folders =======

 

2014-01-01 12:01 - 2014-01-01 12:01 - 00000000 ____D C:\FRST

2014-01-01 12:01 - 2014-01-01 12:00 - 01931302 _____ (Farbar) C:\Users\Ryan\Downloads\FRST64.exe

2014-01-01 12:01 - 2014-01-01 11:02 - 00000000 ____D C:\Users\Ryan\Desktop\MRT

2014-01-01 12:01 - 2013-06-29 15:59 - 00003918 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{8026917B-7D6F-48BA-A505-F0209815DCB0}

2014-01-01 12:00 - 2013-11-14 18:16 - 01048535 _____ C:\windows\WindowsUpdate.log

2014-01-01 12:00 - 2009-07-14 12:45 - 00025120 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-01-01 12:00 - 2009-07-14 12:45 - 00025120 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-01-01 11:54 - 2014-01-01 11:50 - 00000000 ____D C:\AdwCleaner

2014-01-01 11:53 - 2012-06-06 06:06 - 00000908 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-01-01 11:53 - 2012-06-06 05:37 - 00000828 _____ C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job

2014-01-01 11:52 - 2013-12-29 10:18 - 00000280 _____ C:\windows\setupact.log

2014-01-01 11:52 - 2009-07-14 13:08 - 00000006 ____H C:\windows\Tasks\SA.DAT

2014-01-01 11:50 - 2012-04-10 11:56 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job

2014-01-01 11:49 - 2014-01-01 11:49 - 01233962 _____ C:\Users\Ryan\Downloads\AdwCleaner.exe

2014-01-01 11:48 - 2013-04-14 07:23 - 00004182 _____ C:\windows\System32\Tasks\avast! Emergency Update

2014-01-01 11:39 - 2014-01-01 11:39 - 01034531 _____ (Thisisu) C:\Users\Ryan\Downloads\JRT.exe

2014-01-01 11:39 - 2013-09-02 07:13 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2014-01-01 11:33 - 2012-06-06 06:06 - 00000912 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-01-01 11:03 - 2013-11-09 12:31 - 00089304 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys

2014-01-01 11:02 - 2014-01-01 11:02 - 12582688 _____ (Malwarebytes Corp.) C:\Users\Ryan\Downloads\mbar-1.07.0.1008.exe

2014-01-01 10:58 - 2012-06-06 05:37 - 00000830 _____ C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job

2013-12-31 13:37 - 2013-05-01 09:02 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\.minecraft

2013-12-31 13:36 - 2013-04-14 09:46 - 00000000 ____D C:\Program Files (x86)\Electronic Arts

2013-12-31 13:36 - 2012-04-10 11:57 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information

2013-12-30 18:08 - 2013-07-02 16:07 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\Audacity

2013-12-30 16:42 - 2013-08-09 15:44 - 00000000 ____D C:\Users\Ryan\AppData\Local\Paint.NET

2013-12-30 15:57 - 2013-12-30 15:57 - 00003637 _____ C:\Users\Ryan\AppData\Local\recently-used.xbel

2013-12-30 12:57 - 2013-04-14 08:40 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\Skype

2013-12-30 11:30 - 2013-12-30 11:28 - 33440584 _____ (Foxit Corporation                                           ) C:\Users\Ryan\Downloads\FoxitReader612.1224_enu_Setup.exe

2013-12-29 11:28 - 2013-11-30 08:27 - 00118784 ___SH C:\Users\Ryan\Thumbs.db

2013-12-29 11:02 - 2013-11-26 15:36 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\inkscape

2013-12-29 10:21 - 2012-06-06 05:48 - 00000000 ____D C:\Program Files (x86)\Atheros

2013-12-29 10:18 - 2013-12-29 10:18 - 00000000 _____ C:\windows\setuperr.log

2013-12-28 19:41 - 2013-08-30 16:52 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\edu.media.mit.Scratch2Editor

2013-12-28 19:15 - 2009-07-14 13:13 - 00784234 _____ C:\windows\system32\PerfStringBackup.INI

2013-12-28 17:23 - 2013-12-26 11:54 - 00000000 ____D C:\windows\Minidump

2013-12-28 16:04 - 2013-10-29 15:35 - 00000000 ____D C:\Users\Ryan\Desktop\Scratch stuff

2013-12-28 14:51 - 2013-12-28 14:51 - 00302674 _____ C:\Users\Ryan\Downloads\A-Tone-His_Self-1266414414.wav

2013-12-28 13:37 - 2012-06-06 05:47 - 00000000 ____D C:\Program Files (x86)\Toshiba

2013-12-28 13:36 - 2012-06-06 05:55 - 00000000 ____D C:\ProgramData\Toshiba

2013-12-28 13:21 - 2013-12-28 13:21 - 00000000 ____D C:\windows\pss

2013-12-28 13:21 - 2013-04-14 07:17 - 00000000 ___RD C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2013-12-28 10:30 - 2013-12-28 10:29 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\Ryan\Downloads\tdsskiller.exe

2013-12-28 10:20 - 2009-07-14 11:20 - 00000000 ____D C:\windows\system32\NDF

2013-12-27 20:53 - 2013-12-27 20:53 - 00003544 ____N C:\bootsqm.dat

2013-12-27 18:11 - 2013-04-14 07:14 - 00114360 _____ C:\Users\Ryan\AppData\Local\GDIPFONTCACHEV1.DAT

2013-12-27 18:10 - 2009-07-14 12:45 - 00428616 _____ C:\windows\system32\FNTCACHE.DAT

2013-12-27 17:47 - 2013-12-27 17:47 - 00013336 _____ C:\Users\Ryan\Downloads\high_thin_light.zip

2013-12-27 17:46 - 2013-12-27 17:46 - 01798007 _____ C:\Users\Ryan\Downloads\weblysleek_ui.zip

2013-12-26 12:07 - 2013-04-14 08:03 - 00770146 _____ C:\windows\SysWOW64\PerfStringBackup.INI

2013-12-26 08:52 - 2013-12-26 08:52 - 00018960 _____ (Logitech, Inc.) C:\windows\system32\Drivers\LNonPnP.sys

2013-12-26 08:52 - 2013-12-26 08:52 - 00000000 ____D C:\Users\Public\Documents\Logishrd

2013-12-26 08:52 - 2013-12-26 08:52 - 00000000 ____D C:\ProgramData\Logitech

2013-12-26 08:52 - 2013-12-26 08:50 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\Logitech

2013-12-26 08:52 - 2013-04-19 17:49 - 00000000 ____D C:\ProgramData\LogiShrd

2013-12-26 08:52 - 2013-04-19 17:46 - 00000000 ____D C:\Program Files\Common Files\logishrd

2013-12-26 08:50 - 2013-12-26 08:50 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\Logishrd

2013-12-26 08:50 - 2013-12-26 08:50 - 00000000 ____D C:\Program Files\Logitech

2013-12-25 10:05 - 2013-12-25 10:05 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2013-12-25 08:52 - 2013-12-25 08:52 - 00000000 ____D C:\Program Files (x86)\Windows Phone

2013-12-25 08:46 - 2013-12-25 08:46 - 00000000 ____D C:\ProgramData\Applications

2013-12-24 15:02 - 2013-12-24 15:02 - 00000000 ____D C:\Users\Ryan\Documents\Bluetooth

2013-12-23 16:56 - 2013-12-20 12:05 - 00000000 ____D C:\windows\System32\Tasks\NCH Software

2013-12-23 16:51 - 2013-08-09 11:02 - 00000000 ____D C:\Users\Ryan\.gimp-2.8

2013-12-22 15:06 - 2013-12-16 18:29 - 00000000 ____D C:\Users\Ryan\Downloads\Other

2013-12-22 09:07 - 2013-12-20 09:18 - 00079672 _____ (AVAST Software) C:\windows\system32\Drivers\aswstm.sys

2013-12-21 19:47 - 2013-12-16 15:34 - 00000000 ____D C:\Users\Ryan\Desktop\Icons

2013-12-21 08:50 - 2013-09-29 09:29 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\vlc

2013-12-20 16:02 - 2013-04-14 08:20 - 00000000 ____D C:\Users\Ryan\AppData\Local\Adobe

2013-12-20 16:02 - 2012-04-10 11:56 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe

2013-12-20 16:02 - 2012-04-10 11:56 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl

2013-12-20 16:02 - 2012-04-10 11:56 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater

2013-12-20 12:04 - 2013-12-19 19:02 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\SongManager

2013-12-20 09:20 - 2009-07-14 13:09 - 00000000 ____D C:\windows\System32\Tasks\WPD

2013-12-20 09:18 - 2013-11-09 13:48 - 00422216 _____ (AVAST Software) C:\windows\system32\Drivers\aswsp.sys

2013-12-20 09:18 - 2013-10-24 07:40 - 01034464 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys

2013-12-20 09:18 - 2013-10-24 07:40 - 00207904 _____ C:\windows\system32\Drivers\aswVmm.sys

2013-12-20 09:18 - 2013-10-24 07:40 - 00078648 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys

2013-12-20 09:18 - 2013-10-24 07:40 - 00043152 _____ (AVAST Software) C:\windows\avastSS.scr

2013-12-20 09:18 - 2013-04-14 07:23 - 00334136 _____ (AVAST Software) C:\windows\system32\aswBoot.exe

2013-12-20 09:15 - 2013-11-29 19:17 - 00000833 _____ C:\Users\Public\Desktop\CCleaner.lnk

2013-12-20 09:15 - 2013-04-14 07:45 - 00000000 ____D C:\Program Files\CCleaner

2013-12-20 08:38 - 2013-06-16 15:53 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\FlowStone

2013-12-20 08:34 - 2013-12-20 08:34 - 00002051 _____ C:\Users\Ryan\Desktop\FL Studio 11.lnk

2013-12-19 19:03 - 2013-06-16 15:54 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\Image-Line

2013-12-19 19:00 - 2013-12-19 18:41 - 00000000 ____D C:\Program Files (x86)\VstPlugins

2013-12-19 19:00 - 2013-06-16 15:54 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line

2013-12-19 18:42 - 2013-12-19 18:42 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2

2013-12-19 18:42 - 2013-12-19 18:42 - 00000000 ____D C:\Program Files (x86)\ASIO4ALL v2

2013-12-19 18:41 - 2013-12-19 18:41 - 00000000 ____D C:\Users\Ryan\Documents\Image-Line

2013-12-19 18:41 - 2013-12-19 18:41 - 00000000 ____D C:\Program Files (x86)\DSPRobotics

2013-12-19 18:41 - 2013-06-16 15:54 - 00000000 ____D C:\Program Files\Image-Line

2013-12-19 18:41 - 2013-06-16 15:49 - 00000000 ____D C:\Program Files (x86)\Image-Line

2013-12-19 15:46 - 2013-04-14 16:29 - 00000000 ____D C:\Users\Ryan\AppData\Local\Windows Live

2013-12-18 18:58 - 2013-08-09 15:35 - 00000000 ____D C:\Users\Ryan\AppData\Local\gtk-2.0

2013-12-13 15:51 - 2013-12-13 15:49 - 00000000 ____D C:\Program Files (x86)\Inkscape

2013-12-12 18:03 - 2013-12-12 18:03 - 00000000 ____D C:\Program Files\GIMP 2

2013-12-12 16:13 - 2013-08-14 17:20 - 00000000 ____D C:\windows\system32\MRT

2013-12-12 16:11 - 2013-04-14 13:44 - 90708896 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe

2013-12-12 16:06 - 2013-04-14 08:03 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\SoftGrid Client

2013-12-12 15:44 - 2013-12-12 15:44 - 00000000 ____D C:\Program Files (x86)\Scratch 2

2013-12-11 17:00 - 2013-12-10 18:52 - 00000000 ____D C:\Users\Ryan\Desktop\Epiq

2013-12-07 17:28 - 2012-06-06 06:06 - 00003908 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA

2013-12-07 17:28 - 2012-06-06 06:06 - 00003656 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore

2013-12-05 16:29 - 2013-11-24 08:56 - 00002154 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2013-12-05 15:27 - 2009-07-14 13:08 - 00032582 _____ C:\windows\Tasks\SCHEDLGU.TXT

 

Some content of TEMP:

====================

C:\Users\Ryan\AppData\Local\Temp\i4jdel0.exe

C:\Users\Ryan\AppData\Local\Temp\Quarantine.exe

 

 

==================== Bamital & volsnap Check =================

 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

 

 

LastRegBack: 2013-12-19 18:59

 

==================== End Of Log ============================


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-12-2013 01

Ran by Ryan at 2014-01-01 12:02:40

Running from C:\Users\Ryan\Desktop\MRT

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

 

==================== Installed Programs ======================

 

Adblock Plus for IE (32-bit and 64-bit) (Version: 1.1 - Eyeo GmbH)

Adblock Plus for IE (x32 Version: 1.1 - )

Adobe AIR (x32 Version: 3.9.0.1380 - Adobe Systems Incorporated)

Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)

Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)

AMD APP SDK Runtime (Version: 10.0.851.6 - Advanced Micro Devices Inc.)

AMD Catalyst Install Manager (Version: 3.0.859.0 - Advanced Micro Devices, Inc.)

Apple Application Support (x32 Version: 2.3.6 - Apple Inc.)

Apple Mobile Device Support (Version: 7.0.0.117 - Apple Inc.)

Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)

ASIO4ALL (x32 Version: 2.11 Beta2 - Michael Tippach)

Atheros Bluetooth Filter Driver Package (Version: 1.0.0.12 - Atheros Communications)

Atheros Driver Installation Program (x32 Version: 9.2 - Atheros)

Audacity 2.0.3 (x32 Version: 2.0.3 - Audacity Team)

avast! Free Antivirus (x32 Version: 9.0.2011 - Avast Software)

Bonjour (Version: 3.0.0.10 - Apple Inc.)

Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.)

Catalyst Control Center (x32 Version: 2012.0120.420.7502 - Advanced Micro Devices, Inc.)

Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0120.420.7502 - Advanced Micro Devices, Inc.)

Catalyst Control Center InstallProxy (x32 Version: 2012.0120.420.7502 - Advanced Micro Devices, Inc.)

Catalyst Control Center Localization All (x32 Version: 2012.0120.420.7502 - Advanced Micro Devices, Inc.)

CCC Help Chinese Standard (x32 Version: 2012.0120.0419.7502 - Advanced Micro Devices, Inc.)

CCC Help Chinese Traditional (x32 Version: 2012.0120.0419.7502 - Advanced Micro Devices, Inc.)

CCC Help Czech (x32 Version: 2012.0120.0419.7502 - Advanced Micro Devices, Inc.)

CCC Help Danish (x32 Version: 2012.0120.0419.7502 - Advanced Micro Devices, Inc.)

CCC Help Dutch (x32 Version: 2012.0120.0419.7502 - Advanced Micro Devices, Inc.)

CCC Help English (x32 Version: 2012.0120.0419.7502 - Advanced Micro Devices, Inc.)

CCC Help Finnish (x32 Version: 2012.0120.0419.7502 - Advanced Micro Devices, Inc.)

CCC Help French (x32 Version: 2012.0120.0419.7502 - Advanced Micro Devices, Inc.)

CCC Help German (x32 Version: 2012.0120.0419.7502 - Advanced Micro Devices, Inc.)

CCC Help Greek (x32 Version: 2012.0120.0419.7502 - Advanced Micro Devices, Inc.)

CCC Help Hungarian (x32 Version: 2012.0120.0419.7502 - Advanced Micro Devices, Inc.)

CCC Help Italian (x32 Version: 2012.0120.0419.7502 - Advanced Micro Devices, Inc.)

CCC Help Japanese (x32 Version: 2012.0120.0419.7502 - Advanced Micro Devices, Inc.)

CCC Help Korean (x32 Version: 2012.0120.0419.7502 - Advanced Micro Devices, Inc.)

CCC Help Norwegian (x32 Version: 2012.0120.0419.7502 - Advanced Micro Devices, Inc.)

CCC Help Polish (x32 Version: 2012.0120.0419.7502 - Advanced Micro Devices, Inc.)

CCC Help Portuguese (x32 Version: 2012.0120.0419.7502 - Advanced Micro Devices, Inc.)

CCC Help Russian (x32 Version: 2012.0120.0419.7502 - Advanced Micro Devices, Inc.)

CCC Help Spanish (x32 Version: 2012.0120.0419.7502 - Advanced Micro Devices, Inc.)

CCC Help Swedish (x32 Version: 2012.0120.0419.7502 - Advanced Micro Devices, Inc.)

CCC Help Thai (x32 Version: 2012.0120.0419.7502 - Advanced Micro Devices, Inc.)

CCC Help Turkish (x32 Version: 2012.0120.0419.7502 - Advanced Micro Devices, Inc.)

ccc-utility64 (Version: 2012.0120.420.7502 - Advanced Micro Devices, Inc.)

CCleaner (Version: 4.09 - Piriform)

CloudReading (x32 Version: 1.0.27.1025 - Foxit Corporation)

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft)

Deckadance 2 (x32 Version: 2.0 - Image-Line)

eReg (x32 Version: 1.20.138.34 - Logitech, Inc.)

ESET Online Scanner v3 (x32 Version:  - )

FileHippo.com Update Checker (x32 Version:  - )

FL Studio 11 (x32 Version:  - Image-Line)

FlowStone FL 3.0 (x32 Version:  - )

Foxit Reader (x32 Version: 6.1.1.1031 - Foxit Corporation)

GIMP 2.8.10 (Version: 2.8.10 - The GIMP Team)

Google Chrome (x32 Version: 31.0.1650.63 - Google Inc.)

Google Drive (x32 Version: 1.13.5782.599 - Google, Inc.)

Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.)

IL Shared Libraries (x32 Version:  - Image-Line)

Inkscape 0.48.4 (x32 Version: 0.48.4 - )

Intel Android Device USB driver (Version: 1.1.5 - Intel)

Intel® Manageability Engine Firmware Recovery Agent (x32 Version: 1.0.0.35342 - Intel Corporation)

Intel® Management Engine Components (x32 Version: 8.0.3.1427 - Intel Corporation)

Intel® Rapid Storage Technology (x32 Version: 11.0.0.1032 - Intel Corporation)

Intel® USB 3.0 eXtensible Host Controller Driver (x32 Version: 1.0.1.209 - Intel Corporation)

Intel® Trusted Connect Service Client (Version: 1.23.605.1 - Intel Corporation)

iTunes (Version: 11.1.3.8 - Apple Inc.)

Java 7 Update 45 (64-bit) (Version: 7.0.450 - Oracle)

Java 7 Update 45 (x32 Version: 7.0.450 - Oracle)

Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.)

Junk Mail filter update (x32 Version: 16.4.3508.0205 - Microsoft Corporation)

Logitech SetPoint 6.61 (Version: 6.61.15 - Logitech)

Logitech Webcam Software (x32 Version: 2.51 - Logitech Inc.)

Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)

Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation)

Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation)

Microsoft Office 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation)

Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation)

Microsoft Office Click-to-Run 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation)

Microsoft Office Starter 2010 - English (x32 Version: 14.0.4763.1000 - Microsoft Corporation)

Microsoft Primary Interoperability Assemblies 2005 (x32 Version: 9.0.21022 - Microsoft Corporation)

Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)

Microsoft Small Basic v1.0 (x32 Version: 1.0.0.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)

Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0 - Microsoft Corp.)

Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation)

MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft)

MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft)

MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft)

MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft)

Origin (x32 Version: 9.1.15.109 - Electronic Arts, Inc.)

Paint.NET v3.5.11 (Version: 3.61.0 - dotPDN LLC)

Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation)

PlayReady PC Runtime amd64 (Version: 1.3.0 - Microsoft Corporation)

Premium Sound HD (Version: 1.12.0300 - SRS Labs, Inc.)

Premium Sound HD (Version: 1.12.1800 - SRS Labs, Inc.)

QuickTime (x32 Version: 7.74.80.86 - Apple Inc.)

Realtek Ethernet Controller Driver (x32 Version: 7.48.823.2011 - Realtek)

Realtek High Definition Audio Driver (x32 Version: 6.0.1.6597 - Realtek Semiconductor Corp.)

Realtek USB 2.0 Card Reader (x32 Version: 6.1.7601.30130 - Realtek Semiconductor Corp.)

RocketDock 1.3.5 (x32 Version:  - Punk Software)

Scratch 2 Offline Editor (x32 Version: 255 - MIT Media Lab)

Scratch 2 Offline Editor (x32 Version: 385 - MIT Media Lab)

SimCity 4 (x32 Version:  - )

Skype Click to Call (x32 Version: 6.13.13771 - Skype Technologies S.A.)

Skype™ 6.11 (x32 Version: 6.11.102 - Skype Technologies S.A.)

swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc)

Synaptics Pointing Device Driver (Version: 15.3.38.2 - Synaptics Incorporated)

The Sims™ 3 (x32 Version: 1.63.4 - Electronic Arts)

The Sims™ 3 Ambitions (x32 Version: 4.0.87 - Electronic Arts)

The Sims™ 3 High-End Loft Stuff (x32 Version: 3.0.38 - Electronic Arts)

The Sims™ 3 Late Night (x32 Version: 6.0.81 - Electronic Arts)

The Sims™ 3 Outdoor Living Stuff (x32 Version: 7.3.2 - Electronic Arts)

The Sims™ 3 Pets (x32 Version: 10.0.96 - Electronic Arts)

The Sims™ 3 Seasons (x32 Version: 16.0.136 - Electronic Arts)

The Sims™ 3 Town Life Stuff (x32 Version: 9.0.73 - Electronic Arts)

TOSHIBA Assist (x32 Version: 4.2.3.0 - TOSHIBA CORPORATION)

TOSHIBA Bulletin Board (Version: 2.1.17.64 - TOSHIBA Corporation)

TOSHIBA Bulletin Board (x32 Version: 2.1.17.64 - TOSHIBA Corporation)

TOSHIBA ConfigFree (x32 Version: 8.0.43 - TOSHIBA CORPORATION)

TOSHIBA Disc Creator (Version: 2.1.0.11 for x64 - TOSHIBA Corporation)

TOSHIBA Face Recognition (Version: 3.1.18.64 - TOSHIBA Corporation)

TOSHIBA Face Recognition (x32 Version: 3.1.18.64 - TOSHIBA Corporation)

TOSHIBA Hardware Setup (x32 Version: 2.00.0020 - TOSHIBA)

TOSHIBA HDD/SSD Alert (Version: 3.1.64.11 - TOSHIBA Corporation)

TOSHIBA Hotkey Utility for Display Devices (Version:  - )

TOSHIBA Media Controller (x32 Version: 1.0.87.5 - TOSHIBA CORPORATION)

TOSHIBA Media Controller Plug-in (x32 Version: 1.0.7.7 - TOSHIBA CORPORATION)

TOSHIBA PC Health Monitor (Version: 1.7.15.64 - TOSHIBA Corporation)

TOSHIBA Peak Shift Control (Version: 3.00.07.64 - TOSHIBA Corporation)

TOSHIBA Recovery Media Creator (x32 Version: 2.1.6.52020009 - TOSHIBA CORPORATION)

TOSHIBA ReelTime (Version: 1.7.21.64 - TOSHIBA Corporation)

TOSHIBA ReelTime (x32 Version: 1.7.21.64 - TOSHIBA Corporation)

TOSHIBA Resolution+ Plug-in for Windows Media Player (x32 Version: 1.1.2004 - TOSHIBA Corporation)

TOSHIBA Service Station (x32 Version: 2.2.13 - TOSHIBA)

TOSHIBA Sleep Utility (x32 Version: 1.4.0022.000104 - TOSHIBA Corporation)

TOSHIBA Speech System Applications (x32 Version: 1.00.2518 - )

TOSHIBA Speech System SR Engine(U.S.) Version1.0 (x32 Version:  - )

TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (x32 Version:  - )

TOSHIBA Supervisor Password (x32 Version: 2.00.0009 - TOSHIBA)

TOSHIBA Value Added Package (Version: 1.6.0021.640203 - TOSHIBA Corporation)

TOSHIBA Value Added Package (x32 Version: 1.6.0021.640203 - TOSHIBA Corporation)

TOSHIBA Web Camera Application (x32 Version: 2.0.3.33 - TOSHIBA Corporation)

TOSHIBA Wireless LAN Indicator (x32 Version: 1.0.5 - TOSHIBA CORPORATION)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1 - Microsoft Corporation)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)

VirusTotal Uploader 2.0 (x32 Version:  - )

VLC media player 2.1.2 (Version: 2.1.2 - VideoLAN)

VLC media player 2.1.2 (x32 Version: 2.1.2 - VideoLAN)

Windows Live Communications Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation)

Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation)

Windows Live Family Safety (Version: 16.4.3508.0205 - Microsoft Corporation)

Windows Live Family Safety (x32 Version: 16.4.3508.0205 - Microsoft Corporation)

Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation)

Windows Live Installer (x32 Version: 16.4.3508.0205 - Microsoft Corporation)

Windows Live Mail (x32 Version: 16.4.3508.0205 - Microsoft Corporation)

Windows Live Messenger (x32 Version: 16.4.3508.0205 - Microsoft Corporation)

Windows Live MIME IFilter (Version: 16.4.3508.0205 - Microsoft Corporation)

Windows Live Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation)

Windows Live PIMT Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation)

Windows Live SOXE (x32 Version: 16.4.3508.0205 - Microsoft Corporation)

Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205 - Microsoft Corporation)

Windows Live UX Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation)

Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation)

Windows Live Writer (x32 Version: 16.4.3508.0205 - Microsoft Corporation)

Windows Live Writer Resources (x32 Version: 16.4.3508.0205 - Microsoft Corporation)

Windows Phone app for desktop (x32 Version: 1.0.1720.1 - Microsoft Corporation)

 

==================== Restore Points  =========================

 

17-12-2013 07:33:55 Windows Update

20-12-2013 01:16:24 avast! antivirus system restore point

20-12-2013 23:48:58 Windows Update

25-12-2013 00:47:06 Windows Update

25-12-2013 00:52:09 Installed Windows Phone app for desktop

26-12-2013 00:55:42 Windows Update

26-12-2013 04:00:14 Windows Update

27-12-2013 06:51:29 Installed Microsoft Fix it 50848

28-12-2013 05:35:56 Removed Bluetooth Stack for Windows by Toshiba.

31-12-2013 05:25:33 Installed The Sims 3 Late Night

31-12-2013 05:36:16 Installed The Sims 3 Town Life Stuff

01-01-2014 03:10:20 Windows Update

 

==================== Hosts content: ==========================

 

2009-07-14 10:34 - 2009-06-11 05:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

 

==================== Scheduled Tasks (whitelisted) =============

 

Task: {0A70EF2D-45AB-4CAF-9A4F-8B6BF4956600} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-26] (Intel Corporation)

Task: {33D25A8B-9AAD-4FF4-B644-20FE1E1F3F42} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-26] (Intel Corporation)

Task: {3D0574BC-5D1F-4C47-95F9-184B39DDEBB1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-06-06] (Google Inc.)

Task: {81F65747-40A1-49C6-968C-DD364777C2B5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-20] (Adobe Systems Incorporated)

Task: {90B891B9-E285-4C0E-8141-0CC356FBE9E0} - System32\Tasks\Games\UpdateCheck_S-1-5-21-4266384117-2620689861-2090972873-1001

Task: {99FE39E7-0B8A-47B9-BFCA-E8F93020F539} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-12-17] (Piriform Ltd)

Task: {A798501A-F67B-4750-A211-9978FE130553} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup

Task: {C300771A-1F66-4286-9494-12989443D7D2} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {C43837AD-5118-4D0F-A073-1B83C053914F} - System32\Tasks\PandaUSBVaccine => C:\Program Files (x86)\Panda USB Vaccine\RunInteractiveWin.exe

Task: {CABF3D54-F942-4645-A135-9450AEF53B7A} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-12-20] (AVAST Software)

Task: {DBF1C2CC-E31E-4FF2-9868-756895C3F728} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-06-06] (Google Inc.)

Task: {DEA457C7-AE3D-43F7-A0D2-77BE1EB26C96} - System32\Tasks\{2B032D2E-14FC-478C-B1C9-FB982DFF2041} => Chrome.exe http://www.skype.com/go/downloading?source=lightinstaller&ver=6.11.0.102&LastError=12002

Task: {FF4B8CBD-65B2-4725-AA8B-75CB3C902DF5} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\Toshiba\ConfigFree\NDSTray.exe [2011-10-25] (TOSHIBA CORPORATION)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe

Task: C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe

 

==================== Loaded Modules (whitelisted) =============

 

2014-01-01 11:48 - 2014-01-01 01:55 - 02152960 _____ () C:\Program Files\AVAST Software\Avast\defs\13123101\algo.dll

2013-01-28 13:08 - 2013-01-28 13:08 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

2013-01-28 13:08 - 2013-01-28 13:08 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

2013-10-01 09:37 - 2007-09-02 13:57 - 00069632 _____ () C:\Program Files (x86)\RocketDock\RocketDock.dll

2013-10-24 07:40 - 2013-10-24 07:40 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

2013-12-05 16:28 - 2013-12-04 10:47 - 00702416 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libglesv2.dll

2013-12-05 16:28 - 2013-12-04 10:47 - 00099792 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libegl.dll

2013-12-05 16:28 - 2013-12-04 10:48 - 04055504 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll

2013-12-05 16:28 - 2013-12-04 10:48 - 00399312 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll

2013-12-05 16:28 - 2013-12-04 10:47 - 01619408 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll

2012-06-06 05:36 - 2012-02-22 03:09 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

AlternateDataStreams: C:\ProgramData\TEMP:5C321E34

 

==================== Safe Mode (whitelisted) ===================

 

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (01/01/2014 11:53:11 AM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (01/01/2014 11:47:49 AM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

 

System errors:

=============

Error: (01/01/2014 11:57:51 AM) (Source: bowser) (User: )

Description: The master browser has received a server announcement from the computer PAUL-PC

that believes that it is the master browser for the domain on transport NetBT_Tcpip_{3DE52DFC-B9B9-42C8-BABF-A21352F85728}.

The master browser is stopping or an election is being forced.

 

Error: (01/01/2014 11:51:01 AM) (Source: bowser) (User: )

Description: The master browser has received a server announcement from the computer PAUL-PC

that believes that it is the master browser for the domain on transport NetBT_Tcpip_{3DE52DFC-B9B9-42C8-BABF-A21352F85728}.

The master browser is stopping or an election is being forced.

 

 

Microsoft Office Sessions:

=========================

Error: (01/01/2014 11:53:11 AM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (01/01/2014 11:47:49 AM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

 

==================== Memory info =========================== 

 

Percentage of memory in use: 41%

Total physical RAM: 4055.8 MB

Available physical RAM: 2353.93 MB

Total Pagefile: 8109.79 MB

Available Pagefile: 6133.96 MB

Total Virtual: 8192 MB

Available Virtual: 8191.81 MB

 

==================== Drives ================================

 

Drive c: (S3A9565D003) (Fixed) (Total:484.8 GB) (Free:409.88 GB) NTFS ==>[system with boot components (obtained from reading drive)]

Drive d: (Sims3EP08) (CDROM) (Total:3.9 GB) (Free:0 GB) UDF

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (Size: 699 GB) (Disk ID: 3A46F848)

Partition 1: (Active) - (Size=1 GB) - (Type=27)

Partition 2: (Not Active) - (Size=485 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=13 GB) - (Type=17)

Partition 4: (Not Active) - (Size=200 GB) - (Type=05)

 

==================== End Of Log ============================





Link to post
Share on other sites

  • Root Admin

Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.
 

fixlist.txt

Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-01-2014 01

Ran by Ryan at 2014-01-02 09:00:47 Run:1

Running from C:\Users\Ryan\Desktop

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

C:\Users\Ryan\AppData\Local\Temp\i4jdel0.exe

C:\Users\Ryan\AppData\Local\Temp\Quarantine.exe

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...=ie&ar=iesearch

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.skype.com...LastError=12002

Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

 

 

 

*****************

 

C:\Users\Ryan\AppData\Local\Temp\i4jdel0.exe => Moved successfully.

C:\Users\Ryan\AppData\Local\Temp\Quarantine.exe => Moved successfully.

HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.

HKCU\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.

HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.

HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.

HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.

HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key deleted successfully.

HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key not found.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key deleted successfully.

HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key deleted successfully.

HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key deleted successfully.

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key deleted successfully.

HKCR\Wow6432Node\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key deleted successfully.

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key deleted successfully.

HKCR\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key deleted successfully.

HKLM\SOFTWARE\Policies\Google => Key deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3D0574BC-5D1F-4C47-95F9-184B39DDEBB1} => Key deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3D0574BC-5D1F-4C47-95F9-184B39DDEBB1} => Key deleted successfully.

C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => Moved successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore => Key deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{90B891B9-E285-4C0E-8141-0CC356FBE9E0} => Key deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{90B891B9-E285-4C0E-8141-0CC356FBE9E0} => Key deleted successfully.

C:\Windows\System32\Tasks\Games\UpdateCheck_S-1-5-21-4266384117-2620689861-2090972873-1001 => Moved successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Games\UpdateCheck_S-1-5-21-4266384117-2620689861-2090972873-1001 => Key deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DBF1C2CC-E31E-4FF2-9868-756895C3F728} => Key deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DBF1C2CC-E31E-4FF2-9868-756895C3F728} => Key deleted successfully.

C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => Moved successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA => Key deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DEA457C7-AE3D-43F7-A0D2-77BE1EB26C96} => Key deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DEA457C7-AE3D-43F7-A0D2-77BE1EB26C96} => Key deleted successfully.

C:\Windows\System32\Tasks\{2B032D2E-14FC-478C-B1C9-FB982DFF2041} => Moved successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{2B032D2E-14FC-478C-B1C9-FB982DFF2041} => Key deleted successfully.

C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.

C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.

 

==== End of Fixlog ====

 

Thanks!

Link to post
Share on other sites

  • Root Admin

Please Run TFC by OldTimer to clear temporary files:

  • Download TFC from here and save it to your desktop.
  • http://oldtimer.geekstogo.com/TFC.exe
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.

 

 

Then restart the computer and run the following.

 

 
Please download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • If you get Unsupported operating system. Aborting now, just reboot and try again.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!
Link to post
Share on other sites

 Results of screen317's Security Check version 0.99.78  

 Windows 7 Service Pack 1 x64 (UAC is enabled)  

 Internet Explorer 11  

``````````````Antivirus/Firewall Check:`````````````` 

 Windows Firewall Enabled!  

avast! Antivirus   

 Antivirus up to date!   

`````````Anti-malware/Other Utilities Check:````````` 

 VirusTotal Uploader 2.0   

 Malwarebytes Anti-Malware version 1.75.0.1300  

 Java 7 Update 45  

 Adobe Flash Player 11.9.900.170  

 Google Chrome 31.0.1650.57  

 Google Chrome 31.0.1650.63  

````````Process Check: objlist.exe by Laurent````````  

 AVAST Software Avast AvastSvc.exe  

 AVAST Software Avast AvastUI.exe  

`````````````````System Health check````````````````` 

 Total Fragmentation on Drive C: 22% Defragment your hard drive soon! (Do NOT defrag if SSD!)

````````````````````End of Log`````````````````````` 

 

 

Ok, still have to manually connect to the Internet, thanks for you help. Ready for next steps

Link to post
Share on other sites

  • Root Admin

That is more than likely a Windows Management driver issue.  You can visit your computer MFG website and see if they have a specific driver for power management and if so try reinstalling it.  Or if they have an updated wireless network card driver that  you can install and see if that helps or not.

Link to post
Share on other sites

  • Root Admin

Sorry to hear that it did not correct it.  Not sure what else to do except maybe try an in-place Windows reinstall and if that does not fix it then backup your data and do a Factory Restore to the original way it was when you got the computer.

 

At this time there are no more signs of an infection on your system.
However if you are still seeing any signs of an infection please let me know.

Let's go ahead and remove the tools and logs we've used during this process.

Most of the tools used are potentially dangerous to use unsupervised or if ran at the wrong time.
They are often updated daily so if you went to use them again in the future they would be outdated anyways.

The following procedures will implement some cleanup procedures to remove these tools.
It will also reset your System Restore by flushing out previous restore points and create a new restore point.
It will also remove all the backups our tools may have created.

Uninstall ComboFix (if used):

  • Turn off all active protection software including your antivirus.
  • Push the "Windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • Please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.

CF-Uninstall.png

 
Remove the rest of the tools used:
 
Please download
OTCleanIt
and save it to your Desktop. This tool will remove all the tools we used to clean your pc.

  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not go ahead and delete it by yourself.
  • If asked to restart the computer, please do so


Note:

If you receive a warning from your firewall or other security programs regarding
OTCleanIt
attempting to contact the internet, please allow it to do so.


AdwCleaner Removal:
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Uninstall
  • Confirm with Yes

ESET antivirus Removal:
  • This tool can be uninstalled via the Control Panel, Programs, Uninstall


 
 
If there are any other left over Folders, Files, Logs then you can delete them on your own.
 
Please visit the following link to see how to delete old System Restore Points. Please delete all of them and create a new one at this time.
How to Delete System Protection Restore Points in Windows 7 and Windows 8

Remove all but the most recent Restore Point on Windows XP


As Java seems to get exploited on a regular basis I advise not using Java if possible but to at least disable java in your web browsers
How do I disable Java in my web browser? - Disable Java

A lot of reading here but if you take the time to read a bit of it you'll see why/how infections and general damage are so easily inflicted on the computer. There is also advice on how to prevent it and keep the system working well. Don't forget about good, solid backups of your data to an external drive that is not connected except when backing up your data. If you leave a backup drive connected and you do get infected it can easily damage, encrypt, delete, or corrupt your backups as well and then you'd lose all data.
Nothing is 100% bulletproof but with a little bit of education you can certainly swing things in your favor.


If you're not currently using Malwarebytes PRO then you may want to consider purchasing the product which can also help greatly reduce the risk of a future infection.

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.