Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't download anything from any browser. Am told it might be a VIRUS.


  • This topic is locked This topic is locked
26 replies to this topic

#1 PhantomPhelix

PhantomPhelix

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:14 PM

Posted 23 January 2014 - 01:43 AM

Hi there,

 

I encountered this problem about a month or so ago. All of a sudden I can't download any file on any browser. At first it was any file over 100mb and then almost every file I try to download ends up failing. I say almost because really small files that take seconds to donwload manage to get by. Now through other software, say games that update with serveral gb of data, everything works fine. It's only when I try to donwload anything in a browser does it not work. I tried clearing the dowloads list, resetting download preferences, changing the downloads folder, clearing registry files (as recommended by my anti virus, which is norton. I know, as soon as it expires I'm thinking of getting kaspersky), disabling addons, extentions and even doing a system restore to before the problem started occuring but it was all to no avail. I really think it may be a virus.

 

Any help would be greatly appreciated as it's been real frustrating trying to deal with this problem. I've searched everywhere for a solution but have yet to find one that works.

 

Thanks in advance.



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:14 PM

Posted 23 January 2014 - 05:08 PM





Hello PhantomPhelix

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.

Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

I would like you to run this program for me.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 PhantomPhelix

PhantomPhelix
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:14 PM

Posted 23 January 2014 - 07:31 PM

Hi Gringo,

 

Thanks for responding promptly. So I downloaded the 64bit version of the farbar software and ran it. It scanned for a bit and then windows said the program stopped working as something was preventing it from working properly. I tried opening it and scanning again but it stopped working again. I even tried the 32bit version of farbar but that straightout would not launch. Never the less 64bit version still managed to make a FRST.txt file. Here is what was in it:

 

Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Windows\SysWOW64\ASGT.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe
() C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\N360.exe
(Seagate) C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(VIA Technologies, Inc.) C:\VIA_XHCI\usb3Monitor.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\N360.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
() C:\Program Files (x86)\ASUS\GPU Tweak\2dpainting.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Seagate) C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Intel® Corporation) C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(CyberLink) A:\Programs\Power2Go8\CLMLSvc_P2G8.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Apple Inc.) A:\Programs\iTunes\iTunesHelper.exe
(Seagate) C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel® Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\HSSCP.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Mozilla Corporation) A:\Programs\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\af_proxy_cmd.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [VIAxHCUtl] - C:\VIA_XHCI\usb3Monitor.exe [331776 2011-07-12] (VIA Technologies, Inc.)
HKLM\...\Run: [IntelTBRunOnce] - C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs [4123 2012-05-30] ()
HKLM\...\Run: [Launch LCore] - C:\Program Files\Logitech Gaming Software\LCore.exe [8290584 2013-08-01] (Logitech Inc.)
HKLM\...\Run: [Seagate Scheduler2 Service] - C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe [395152 2011-06-30] (Seagate)
HKLM-x32\...\Run: [HDAudDeck] - C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5263504 2012-08-09] (VIA)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-20] (Intel Corporation)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] - A:\Programs\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] - "A:\Programs\Power2Go8\VirtualDrive.exe" /R
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [641704 2012-06-11] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - A:\Programs\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)
HKLM-x32\...\Run: [DiscWizardMonitor.exe] - C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe [2638152 2011-06-30] (Seagate)
HKCU\...\Run: [Power2GoExpress8] - NA
HKCU\...\Run: [Google Update] - C:\Users\TBC\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-08-18] (Google Inc.)
HKCU\...\Run: [HydraVisionDesktopManager] - C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [393216 2012-06-11] (AMD)
MountPoints2: {0e1f8048-7c9a-11e3-aa9f-902b34dcddf8} - H:\laucher.exe
MountPoints2: {b3ace249-0740-11e3-820e-806e6f6e6963} - D:\Run.exe
MountPoints2: {fe2f5e4a-0742-11e3-a942-806e6f6e6963} - D:\setup.exe
Startup: C:\Users\TBC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel® Turbo Boost Technology Monitor 2.6.lnk
ShortcutTarget: Intel® Turbo Boost Technology Monitor 2.6.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation)

==================== Internet (Whitelisted) ====================

ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:8555;https=127.0.0.1:8555
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.search.us.com/v/2/?guid={B8C318E1-9E74-4E58-9875-D43D55A2CE3D}&serpv=5
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x55E96FC85B9BCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.search.us.com/v/2/?guid={B8C318E1-9E74-4E58-9875-D43D55A2CE3D}&serpv=5
SearchScopes: HKCU - {17C553AF-6829-4151-AC6E-F26E359681B8} URL = http://search.us.com/serp?guid={B8C318E1-9E74-4E58-9875-D43D55A2CE3D}&action=default_search&serpv=5&k={searchTerms}
SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=360&chn=retail&geo=CA&ver=20&locale=en_CA&gct=sb&qsrc=2869
SearchScopes: HKCU - {D37746E0-8229-4F71-A796-99F1535E3045} URL = http://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=10563
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - A:\Programs\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine64\21.1.0.18\coIEPlg.dll (Symantec Corporation)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - A:\Programs\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - A:\Programs\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - A:\Programs\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - A:\Programs\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.1.0.18\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - A:\Programs\Office15\MSOSB.DLL (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\TBC\AppData\Roaming\Mozilla\Firefox\Profiles\0f9k9otw.default-1379842455441
FF Homepage: https://www.google.ca/|https://www.facebook.com/|hxxp://www.youtube.com/feed/subscriptions
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @microsoft.com/SharePoint,version=14.0 - A:\Programs\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - A:\Programs\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - A:\Programs\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - A:\Programs\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - A:\Programs\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\TBC\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\TBC\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\TBC\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\TBC\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\TBC\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\TBC\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\TBC\AppData\Roaming\mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin ProgramFiles/Appdata: C:\Users\TBC\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Extension: GFACE Experience Plugin - C:\Users\TBC\AppData\Roaming\Mozilla\Firefox\Profiles\0f9k9otw.default-1379842455441\Extensions\cryenginebrowserplugin@crytek.com [2013-11-07]
FF Extension: Adblock Plus - C:\Users\TBC\AppData\Roaming\Mozilla\Firefox\Profiles\0f9k9otw.default-1379842455441\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-10-07]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\ []
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2014-01-21]
FF StartMenuInternet: FIREFOX.EXE - A:\Programs\firefox.exe

Chrome:
=======
CHR HomePage: hxxp://www.google.ca/
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\gcswf32.dll No File
CHR Plugin: (Norton Confidential) - C:\Users\TBC\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.0.0.72_0\npcoplgn.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Extension: (YouTube) - C:\Users\TBC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-17]
CHR Extension: (Adblock Plus) - C:\Users\TBC\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-10-16]
CHR Extension: (Google Search) - C:\Users\TBC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-17]
CHR Extension: (Skype Click to Call) - C:\Users\TBC\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-08-18]
CHR Extension: (Norton Identity Protection) - C:\Users\TBC\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2013-08-17]
CHR Extension: (Google Wallet) - C:\Users\TBC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
 



#4 PhantomPhelix

PhantomPhelix
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:14 PM

Posted 23 January 2014 - 07:36 PM

Also I don't know if this is of any help to the troubleshooting process but I thought I might include it. I run my win7 OS off a 128gb ssd and I try to install what software I can on a separate 3 tb hdd. On top of that I have 2 external harddrives (1tb and 3tb) that I recently (2 days ago) took out from their housing and connected internally via sata to my motherboard. Just including this because I'm not sure if there is something to with system files being on more than one harddrive.



#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:14 PM

Posted 23 January 2014 - 09:14 PM


Hello PhantomPhelix

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 PhantomPhelix

PhantomPhelix
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:14 PM

Posted 23 January 2014 - 10:01 PM

Hi Gringo,

 

So I disable all my norton tasks but for some reason the combofix said nortojn was still running. I even tried to end it using task manager but it said I didn't have permission to do so. As far as I can tell all my antivirus software is disable but I could be wrong. I tired downloading something again but status is still the same. The download fails at about 1-2 mins into the download (40-50mb).

 

Anyway here's the log:

 

ComboFix 14-01-23.02 - TBC 23/01/2014  21:44:43.1.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.2.1033.18.16344.9816 [GMT -5:00]
Running from: c:\users\TBC\Desktop\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
G:\Autorun.inf
G:\Setup.exe
.
.
(((((((((((((((((((((((((   Files Created from 2013-12-24 to 2014-01-24  )))))))))))))))))))))))))))))))
.
.
2014-01-24 00:25 . 2014-01-24 00:25    --------    d-----w-    C:\FRST
2014-01-21 09:37 . 2014-01-21 13:39    --------    d-----w-    c:\windows\system32\drivers\N360x64\1501000.012
2014-01-20 23:14 . 2014-01-20 23:14    --------    d-----w-    c:\program files (x86)\Common Files\logishrd
2014-01-20 23:14 . 2014-01-20 23:14    --------    d-----w-    c:\program files\Common Files\logishrd
2014-01-20 23:09 . 2014-01-20 23:09    --------    d-----w-    c:\users\TBC\AppData\Roaming\Seagate
2014-01-20 23:08 . 2014-01-20 23:08    --------    d-----w-    c:\programdata\Seagate
2014-01-20 23:08 . 2014-01-20 23:08    971360    ----a-w-    c:\windows\system32\drivers\timntr.sys
2014-01-20 23:08 . 2014-01-20 23:08    210016    ----a-w-    c:\windows\system32\drivers\vididr.sys
2014-01-20 23:08 . 2014-01-20 23:08    141920    ----a-w-    c:\windows\system32\drivers\vsflt53.sys
2014-01-20 23:08 . 2014-01-20 23:08    275552    ----a-w-    c:\windows\system32\drivers\snapman.sys
2014-01-20 23:08 . 2014-01-20 23:08    --------    d-----w-    c:\program files (x86)\Common Files\Acronis
2014-01-20 23:08 . 2014-01-20 23:08    --------    d-----w-    c:\program files (x86)\Common Files\Seagate
2014-01-20 23:08 . 2014-01-20 23:08    --------    d-----w-    c:\program files (x86)\Seagate
2014-01-20 21:48 . 2013-11-27 01:41    343040    ----a-w-    c:\windows\system32\drivers\usbhub.sys
2014-01-20 21:48 . 2013-11-27 01:41    99840    ----a-w-    c:\windows\system32\drivers\usbccgp.sys
2014-01-20 21:48 . 2013-11-27 01:41    53248    ----a-w-    c:\windows\system32\drivers\usbehci.sys
2014-01-20 21:48 . 2013-11-27 01:41    325120    ----a-w-    c:\windows\system32\drivers\usbport.sys
2014-01-20 21:48 . 2013-11-27 01:41    25600    ----a-w-    c:\windows\system32\drivers\usbohci.sys
2014-01-20 21:48 . 2013-11-27 01:41    30720    ----a-w-    c:\windows\system32\drivers\usbuhci.sys
2014-01-20 21:48 . 2013-11-27 01:41    7808    ----a-w-    c:\windows\system32\drivers\usbd.sys
2014-01-20 21:48 . 2013-11-26 10:32    3156480    ----a-w-    c:\windows\system32\win32k.sys
2014-01-20 21:48 . 2013-11-26 11:40    376768    ----a-w-    c:\windows\system32\drivers\netio.sys
2014-01-16 01:00 . 2014-01-16 01:01    --------    d-----w-    c:\users\TBC\AppData\Roaming\TrueCrypt
2014-01-10 23:58 . 2007-10-22 08:37    17928    ----a-w-    c:\windows\SysWow64\X3DAudio1_2.dll
2014-01-08 23:46 . 2014-01-08 23:46    18960    ----a-w-    c:\windows\system32\drivers\LNonPnP.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-21 09:37 . 2013-08-17 15:07    177752    ----a-w-    c:\windows\system32\drivers\SYMEVENT64x86.SYS
2014-01-06 21:20 . 2013-08-19 02:42    86054176    ----a-w-    c:\windows\system32\MRT.exe
2013-12-11 01:58 . 2013-08-21 20:19    692616    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-12-11 01:58 . 2013-08-17 15:35    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-11-29 23:21 . 2013-08-17 13:43    30528    ----a-w-    c:\windows\GVTDrv64.sys
2013-11-29 23:21 . 2013-08-17 13:43    25640    ----a-w-    c:\windows\gdrv.sys
2013-11-26 11:54 . 2013-12-12 04:49    23183360    ----a-w-    c:\windows\system32\mshtml.dll
2013-11-26 10:19 . 2013-12-12 04:49    2724864    ----a-w-    c:\windows\system32\mshtml.tlb
2013-11-26 10:18 . 2013-12-12 04:49    4096    ----a-w-    c:\windows\system32\ieetwcollectorres.dll
2013-11-26 09:48 . 2013-12-12 04:49    66048    ----a-w-    c:\windows\system32\iesetup.dll
2013-11-26 09:46 . 2013-12-12 04:49    48640    ----a-w-    c:\windows\system32\ieetwproxystub.dll
2013-11-26 09:41 . 2013-12-12 04:49    2764288    ----a-w-    c:\windows\system32\iertutil.dll
2013-11-26 09:29 . 2013-12-12 04:49    53760    ----a-w-    c:\windows\system32\jsproxy.dll
2013-11-26 09:27 . 2013-12-12 04:49    33792    ----a-w-    c:\windows\system32\iernonce.dll
2013-11-26 09:23 . 2013-12-12 04:49    2724864    ----a-w-    c:\windows\SysWow64\mshtml.tlb
2013-11-26 09:21 . 2013-12-12 04:49    574976    ----a-w-    c:\windows\system32\ieui.dll
2013-11-26 09:18 . 2013-12-12 04:49    139264    ----a-w-    c:\windows\system32\ieUnatt.exe
2013-11-26 09:18 . 2013-12-12 04:49    111616    ----a-w-    c:\windows\system32\ieetwcollector.exe
2013-11-26 09:16 . 2013-12-12 04:49    708608    ----a-w-    c:\windows\system32\jscript9diag.dll
2013-11-26 08:57 . 2013-12-12 04:49    218624    ----a-w-    c:\windows\system32\ie4uinit.exe
2013-11-26 08:35 . 2013-12-12 04:49    5769216    ----a-w-    c:\windows\system32\jscript9.dll
2013-11-26 08:28 . 2013-12-12 04:49    553472    ----a-w-    c:\windows\SysWow64\jscript9diag.dll
2013-11-26 08:16 . 2013-12-12 04:49    4243968    ----a-w-    c:\windows\SysWow64\jscript9.dll
2013-11-26 08:02 . 2013-12-12 04:49    1995264    ----a-w-    c:\windows\system32\inetcpl.cpl
2013-11-26 08:00 . 2013-11-26 08:00    940032    ----a-w-    c:\windows\system32\MsSpellCheckingFacility.exe
2013-11-26 08:00 . 2013-11-26 08:00    194048    ----a-w-    c:\windows\SysWow64\elshyph.dll
2013-11-26 08:00 . 2013-11-26 08:00    71680    ----a-w-    c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-11-26 08:00 . 2013-11-26 08:00    645120    ----a-w-    c:\windows\SysWow64\jsIntl.dll
2013-11-26 08:00 . 2013-11-26 08:00    235008    ----a-w-    c:\windows\system32\elshyph.dll
2013-11-26 08:00 . 2013-11-26 08:00    182272    ----a-w-    c:\windows\SysWow64\msls31.dll
2013-11-26 08:00 . 2013-11-26 08:00    942592    ----a-w-    c:\windows\system32\jsIntl.dll
2013-11-26 08:00 . 2013-11-26 08:00    90112    ----a-w-    c:\windows\system32\SetIEInstalledDate.exe
2013-11-26 08:00 . 2013-11-26 08:00    86016    ----a-w-    c:\windows\SysWow64\iesysprep.dll
2013-11-26 08:00 . 2013-11-26 08:00    86016    ----a-w-    c:\windows\system32\RegisterIEPKEYs.exe
2013-11-26 08:00 . 2013-11-26 08:00    84992    ----a-w-    c:\windows\system32\mshtmled.dll
2013-11-26 08:00 . 2013-11-26 08:00    83968    ----a-w-    c:\windows\system32\MshtmlDac.dll
2013-11-26 08:00 . 2013-11-26 08:00    81408    ----a-w-    c:\windows\system32\icardie.dll
2013-11-26 08:00 . 2013-11-26 08:00    774144    ----a-w-    c:\windows\system32\jscript.dll
2013-11-26 08:00 . 2013-11-26 08:00    77312    ----a-w-    c:\windows\system32\tdc.ocx
2013-11-26 08:00 . 2013-11-26 08:00    74240    ----a-w-    c:\windows\SysWow64\SetIEInstalledDate.exe
2013-11-26 08:00 . 2013-11-26 08:00    626176    ----a-w-    c:\windows\system32\msfeeds.dll
2013-11-26 08:00 . 2013-11-26 08:00    62464    ----a-w-    c:\windows\SysWow64\tdc.ocx
2013-11-26 08:00 . 2013-11-26 08:00    62464    ----a-w-    c:\windows\system32\pngfilt.dll
2013-11-26 08:00 . 2013-11-26 08:00    61952    ----a-w-    c:\windows\SysWow64\MshtmlDac.dll
2013-11-26 08:00 . 2013-11-26 08:00    61952    ----a-w-    c:\windows\SysWow64\iesetup.dll
2013-11-26 08:00 . 2013-11-26 08:00    616104    ----a-w-    c:\windows\system32\ieapfltr.dat
2013-11-26 08:00 . 2013-11-26 08:00    548352    ----a-w-    c:\windows\system32\vbscript.dll
2013-11-26 08:00 . 2013-11-26 08:00    52224    ----a-w-    c:\windows\system32\msfeedsbs.dll
2013-11-26 08:00 . 2013-11-26 08:00    51200    ----a-w-    c:\windows\SysWow64\ieetwproxystub.dll
2013-11-26 08:00 . 2013-11-26 08:00    48640    ----a-w-    c:\windows\SysWow64\mshtmler.dll
2013-11-26 08:00 . 2013-11-26 08:00    48640    ----a-w-    c:\windows\system32\mshtmler.dll
2013-11-26 08:00 . 2013-11-26 08:00    48128    ----a-w-    c:\windows\system32\imgutil.dll
2013-11-26 08:00 . 2013-11-26 08:00    454656    ----a-w-    c:\windows\SysWow64\vbscript.dll
2013-11-26 08:00 . 2013-11-26 08:00    453120    ----a-w-    c:\windows\system32\dxtmsft.dll
2013-11-26 08:00 . 2013-11-26 08:00    413696    ----a-w-    c:\windows\system32\html.iec
2013-11-26 08:00 . 2013-11-26 08:00    40448    ----a-w-    c:\windows\system32\JavaScriptCollectionAgent.dll
2013-11-26 08:00 . 2013-11-26 08:00    36352    ----a-w-    c:\windows\SysWow64\imgutil.dll
2013-11-26 08:00 . 2013-11-26 08:00    34816    ----a-w-    c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2013-11-26 08:00 . 2013-11-26 08:00    337408    ----a-w-    c:\windows\SysWow64\html.iec
2013-11-26 08:00 . 2013-11-26 08:00    30208    ----a-w-    c:\windows\system32\licmgr10.dll
2013-11-26 08:00 . 2013-11-26 08:00    296960    ----a-w-    c:\windows\system32\dxtrans.dll
2013-11-26 08:00 . 2013-11-26 08:00    263376    ----a-w-    c:\windows\system32\iedkcs32.dll
2013-11-26 08:00 . 2013-11-26 08:00    247808    ----a-w-    c:\windows\system32\msls31.dll
2013-11-26 08:00 . 2013-11-26 08:00    24576    ----a-w-    c:\windows\SysWow64\licmgr10.dll
2013-11-26 08:00 . 2013-11-26 08:00    243200    ----a-w-    c:\windows\system32\webcheck.dll
2013-11-26 08:00 . 2013-11-26 08:00    235520    ----a-w-    c:\windows\system32\url.dll
2013-11-26 08:00 . 2013-11-26 08:00    195584    ----a-w-    c:\windows\system32\msrating.dll
2013-11-26 08:00 . 2013-11-26 08:00    167424    ----a-w-    c:\windows\system32\iexpress.exe
2013-11-26 08:00 . 2013-11-26 08:00    151552    ----a-w-    c:\windows\SysWow64\iexpress.exe
2013-11-26 08:00 . 2013-11-26 08:00    147968    ----a-w-    c:\windows\system32\occache.dll
2013-11-26 08:00 . 2013-11-26 08:00    143872    ----a-w-    c:\windows\system32\wextract.exe
2013-11-26 08:00 . 2013-11-26 08:00    139264    ----a-w-    c:\windows\SysWow64\wextract.exe
2013-11-26 08:00 . 2013-11-26 08:00    13824    ----a-w-    c:\windows\system32\mshta.exe
2013-11-26 08:00 . 2013-11-26 08:00    135680    ----a-w-    c:\windows\system32\iepeers.dll
2013-11-26 08:00 . 2013-11-26 08:00    13312    ----a-w-    c:\windows\SysWow64\mshta.exe
2013-11-26 08:00 . 2013-11-26 08:00    13312    ----a-w-    c:\windows\system32\msfeedssync.exe
2013-11-26 08:00 . 2013-11-26 08:00    131072    ----a-w-    c:\windows\system32\IEAdvpack.dll
2013-11-26 08:00 . 2013-11-26 08:00    1228800    ----a-w-    c:\windows\system32\mshtmlmedia.dll
2013-11-26 08:00 . 2013-11-26 08:00    112128    ----a-w-    c:\windows\SysWow64\ieUnatt.exe
2013-11-26 08:00 . 2013-11-26 08:00    111616    ----a-w-    c:\windows\SysWow64\IEAdvpack.dll
2013-11-26 08:00 . 2013-11-26 08:00    105984    ----a-w-    c:\windows\system32\iesysprep.dll
2013-11-26 08:00 . 2013-11-26 08:00    1051136    ----a-w-    c:\windows\SysWow64\mshtmlmedia.dll
2013-11-26 08:00 . 2013-11-26 08:00    101376    ----a-w-    c:\windows\system32\inseng.dll
2013-11-26 07:48 . 2013-12-12 04:49    12996608    ----a-w-    c:\windows\system32\ieframe.dll
2013-11-26 07:32 . 2013-12-12 04:49    1928192    ----a-w-    c:\windows\SysWow64\inetcpl.cpl
2013-11-26 07:07 . 2013-12-12 04:49    2334208    ----a-w-    c:\windows\system32\wininet.dll
2013-11-26 06:40 . 2013-12-12 04:49    1395200    ----a-w-    c:\windows\system32\urlmon.dll
2013-11-26 06:34 . 2013-12-12 04:49    817664    ----a-w-    c:\windows\system32\ieapfltr.dll
2013-11-26 06:33 . 2013-12-12 04:49    1820160    ----a-w-    c:\windows\SysWow64\wininet.dll
2013-11-23 18:26 . 2013-12-12 01:58    417792    ----a-w-    c:\windows\SysWow64\WMPhoto.dll
2013-11-23 17:47 . 2013-12-12 01:58    465920    ----a-w-    c:\windows\system32\WMPhoto.dll
2013-11-12 02:23 . 2013-12-12 01:58    2048    ----a-w-    c:\windows\system32\tzres.dll
2013-11-12 02:07 . 2013-12-12 01:58    2048    ----a-w-    c:\windows\SysWow64\tzres.dll
2013-11-06 00:02 . 2013-10-29 10:19    25640    ----a-w-    c:\windows\etdrv.sys
2013-10-30 02:32 . 2013-12-12 01:58    335360    ----a-w-    c:\windows\system32\msieftp.dll
2013-10-30 02:19 . 2013-12-12 01:58    301568    ----a-w-    c:\windows\SysWow64\msieftp.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2013-11-02 17:35    1727176    ----a-w-    c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2013-11-02 17:35    1727176    ----a-w-    c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2013-11-02 17:35    1727176    ----a-w-    c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress8"="NA" [X]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2012-06-11 393216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2012-08-09 5263504]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" [2012-02-29 56088]
"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-05-20 291648]
"CLMLServer_For_P2G8"="a:\programs\Power2Go8\CLMLSvc_P2G8.exe" [2012-06-08 111120]
"CLVirtualDrive"="a:\programs\Power2Go8\VirtualDrive.exe" [2012-08-14 491120]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-06-11 641704]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"iTunesHelper"="a:\programs\iTunes\iTunesHelper.exe" [2013-08-16 152392]
"DiscWizardMonitor.exe"="c:\program files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe" [2011-06-30 2638152]
.
c:\users\TBC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Intel® Turbo Boost Technology Monitor 2.6.lnk - c:\program files\Intel\TurboBoost\SignalIslandUi.exe [2012-5-30 207400]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 ASGT;ASGT;c:\windows\SysWOW64\ASGT.exe;c:\windows\SysWOW64\ASGT.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe;c:\windows\SYSNATIVE\AppleChargerSrv.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 etdrv;etdrv;c:\windows\etdrv.sys;c:\windows\etdrv.sys [x]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys;c:\windows\GVTDrv64.sys [x]
R3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\1501000.012\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1501000.012\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\1501000.012\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1501000.012\SYMEFA64.SYS [x]
S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys;c:\windows\SYSNATIVE\DRIVERS\vididr.sys [x]
S0 vidsflt53;Acronis Disk Storage Filter (53);c:\windows\system32\DRIVERS\vsflt53.sys;c:\windows\SYSNATIVE\DRIVERS\vsflt53.sys [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AppleCharger.sys [x]
S1 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20140121.001\BHDrvx64.sys;c:\program files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20140121.001\BHDrvx64.sys [x]
S1 ccSet_N360;N360 Settings Manager;c:\windows\system32\drivers\N360x64\1501000.012\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\N360x64\1501000.012\ccSetx64.sys [x]
S1 CLVirtualDrive;CLVirtualDrive;c:\windows\system32\DRIVERS\CLVirtualDrive.sys;c:\windows\SYSNATIVE\DRIVERS\CLVirtualDrive.sys [x]
S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys;c:\windows\SYSNATIVE\DRIVERS\hssdrv6.sys [x]
S1 IDSVia64;IDSVia64;c:\program files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20140123.001\IDSvia64.sys;c:\program files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20140123.001\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1501000.012\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1501000.012\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\1501000.012\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\N360x64\1501000.012\SYMNETS.SYS [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 hshld;Hotspot Shield Service;c:\program files (x86)\Hotspot Shield\bin\cmw_srv.exe;c:\program files (x86)\Hotspot Shield\bin\cmw_srv.exe [x]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\21.1.0.18\N360.exe;c:\program files (x86)\Norton 360\Engine\21.1.0.18\N360.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files (x86)\Common Files\Seagate\Schedule2\schedul2.exe;c:\program files (x86)\Common Files\Seagate\Schedule2\schedul2.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe;c:\windows\SYSNATIVE\viakaraokesrv.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 LADF_CaptureOnly;LADF Capture Filter Driver;c:\windows\system32\DRIVERS\ladfGSCamd64.sys;c:\windows\SYSNATIVE\DRIVERS\ladfGSCamd64.sys [x]
S3 LADF_RenderOnly;LADF Render Filter Driver;c:\windows\system32\DRIVERS\ladfGSRamd64.sys;c:\windows\SYSNATIVE\DRIVERS\ladfGSRamd64.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
S3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;c:\windows\system32\DRIVERS\LGSHidFilt.Sys;c:\windows\SYSNATIVE\DRIVERS\LGSHidFilt.Sys [x]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]
S3 LVUVC64;Logitech HD Webcam C270(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
S3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.6;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
S3 VUSB3HUB;VIA USB 3 Root Hub Service;c:\windows\system32\DRIVERS\ViaHub3.sys;c:\windows\SYSNATIVE\DRIVERS\ViaHub3.sys [x]
S3 xhcdrv;VIA USB eXtensible Host Controller Service;c:\windows\system32\DRIVERS\xhcdrv.sys;c:\windows\SYSNATIVE\DRIVERS\xhcdrv.sys [x]
S4 IOMap;IOMap;c:\windows\system32\drivers\IOMap64.sys;c:\windows\SYSNATIVE\drivers\IOMap64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-01-20 21:52    1211672    ----a-w-    c:\program files (x86)\Google\Chrome\Application\32.0.1700.76\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-01-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-21 01:58]
.
2014-01-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-17 13:32]
.
2014-01-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-17 13:32]
.
2014-01-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-484513837-3127913391-2740358490-1000Core.job
- c:\users\TBC\AppData\Local\Google\Update\GoogleUpdate.exe [2013-08-18 21:51]
.
2014-01-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-484513837-3127913391-2740358490-1000UA.job
- c:\users\TBC\AppData\Local\Google\Update\GoogleUpdate.exe [2013-08-18 21:51]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2013-11-02 17:30    2331336    ----a-w-    a:\programs\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2013-11-02 17:30    2331336    ----a-w-    a:\programs\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2013-11-02 17:30    2331336    ----a-w-    a:\programs\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VIAxHCUtl"="c:\via_xhci\usb3Monitor.exe" [2011-07-12 331776]
"IntelTBRunOnce"="wscript.exe" [2013-10-12 168960]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2013-08-01 8290584]
"Seagate Scheduler2 Service"="c:\program files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe" [2011-06-30 395152]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://start.search.us.com/v/2/?guid={B8C318E1-9E74-4E58-9875-D43D55A2CE3D}&serpv=5
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>127.0.0.1;localhost;10.*;192.168.*;127.0.0.1:895;127.0.0.1:896
uInternet Settings,ProxyServer = http=127.0.0.1:8555;https=127.0.0.1:8555
IE: E&xport to Microsoft Excel - a:\programs\Office15\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: Open Client to monitor &1 - c:\windows\web\AOpenClient.htm
IE: Open Client to monitor &2 - c:\windows\web\AOpenClient.htm
IE: Se&nd to OneNote - a:\programs\Office15\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
FF - ProfilePath - c:\users\TBC\AppData\Roaming\Mozilla\Firefox\Profiles\0f9k9otw.default-1379842455441\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.ca/|https://www.facebook.com/|http://www.youtube.com/feed/subscriptions
FF - ExtSQL: 2013-12-07 05:16; afproxy@anchorfree.com; a:\programs\browser\extensions\afproxy@anchorfree.com
.
- - - - ORPHANS REMOVED - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\21.1.0.18\N360.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\21.1.0.18\diMaster.dll\" /prefetch:1"
"ImagePath"="\SystemRoot\System32\Drivers\N360x64\1501000.012\SYMNETS.SYS"
"TrustedImagePaths"="c:\program files (x86)\Norton 360\Engine\21.1.0.18;c:\program files (x86)\Norton 360\Engine64\21.1.0.18"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-01-23  21:47:51
ComboFix-quarantined-files.txt  2014-01-24 02:47
.
Pre-Run: 62,306,516,992 bytes free
Post-Run: 62,513,217,536 bytes free
.
- - End Of File - - 7061DEEE6706917548590F5965797BC6
 



#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:14 PM

Posted 23 January 2014 - 10:03 PM





Hello PhantomPhelix

Malwarebytes Anti-Rootkit

1.Download Malwarebytes Anti-Rootkit
2.Unzip the contents to a folder in a convenient location.
3.Open the folder where the contents were unzipped and run mbar.exe
4.Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
5.Click on the Cleanup button to remove any threats and reboot if prompted to do so.
6.Wait while the system shuts down and the cleanup process is performed.
7.Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
8.If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:
  • •Internet access
    •Windows Update
    •Windows Firewall
9.If there are additional problems with your system, such as any of those listed above or other system issues, then run the 'fixdamage' tool included with Malwarebytes Anti-Rootkit and reboot.
10.Verify that your system is now functioning normally.


--RogueKiller--

Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
  • Quit all programs that you may have started.
  • Please disconnect any external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • the scan will make two reports the one I would like to see is called RKreport[2].txt on your Desktop
  • Exit/Close RogueKiller+
send me the reports made from MBAR and Roguekiller and also let me know how the computer is doing at this time.

Gringo






When you are complete please send me both reports

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 PhantomPhelix

PhantomPhelix
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:14 PM

Posted 23 January 2014 - 10:30 PM

Hey Gringo,

 

So I did everything you said. The mbar produced two logs. One is labeled mbar-log-2014-01-23 (22-17-02) and the other is the system-log. I am posting both because I wasn't sure which is the one you were looking for. Also for RogueKiller it produce two reports but both of them were RKreport[0] so I'm postem them both too, just incase.

 

Here is the mbar reports:

 

Malwarebytes Anti-Rootkit BETA 1.07.0.1009
www.malwarebytes.org

Database version: v2014.01.24.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
TBC :: TBC-PC [administrator]

23/01/2014 10:17:02 PM
mbar-log-2014-01-23 (22-17-02).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 260280
Time elapsed: 3 minute(s), 29 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
 

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.16476

File system is: NTFS
Disk drives: A:\ DRIVE_FIXED, C:\ DRIVE_FIXED, G:\ DRIVE_FIXED, H:\ DRIVE_FIXED
CPU speed: 3.403000 GHz
Memory total: 17137967104, free: 10217136128

Downloaded database version: v2014.01.24.01
Downloaded database version: v2013.12.18.01
=======================================
Initializing...
------------ Kernel report ------------
     01/23/2014 22:17:00
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\DRIVERS\iusb3hcs.sys
\SystemRoot\system32\DRIVERS\vsflt53.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\DRIVERS\mvs91xx.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\mvxxmm.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\N360x64\1501000.012\SYMDS64.SYS
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\drivers\N360x64\1501000.012\SYMEFA64.SYS
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\vididr.sys
\SystemRoot\system32\DRIVERS\timntr.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\system32\DRIVERS\snapman.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\drivers\N360x64\1501000.012\ccSetx64.sys
\SystemRoot\system32\drivers\N360x64\1501000.012\Ironx64.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\hssdrv6.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\System32\drivers\truecrypt.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\System32\Drivers\N360x64\1501000.012\SYMNETS.SYS
\??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
\SystemRoot\system32\drivers\N360x64\1501000.012\SRTSPX64.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\CLVirtualDrive.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\??\C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20140121.001\BHDrvx64.sys
\SystemRoot\system32\DRIVERS\AppleCharger.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\iusb3xhc.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\xhcdrv.sys
\SystemRoot\system32\DRIVERS\L1C62x64.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\taphss6.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\drivers\LGBusEnum.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\AtihdW76.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\iusb3hub.sys
\SystemRoot\system32\drivers\viahduaa.sys
\SystemRoot\system32\DRIVERS\ViaHub3.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\LGSHidFilt.Sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\udfs.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\usbprint.sys
\SystemRoot\system32\DRIVERS\lvuvc64.sys
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\system32\DRIVERS\ladfGSRamd64.sys
\SystemRoot\system32\DRIVERS\ladfGSCamd64.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\DRIVERS\TurboB.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\??\C:\Windows\system32\drivers\IOMap64.sys
\SystemRoot\system32\drivers\LGVirHid.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\System32\Drivers\N360x64\1501000.012\SRTSP64.SYS
\SystemRoot\system32\drivers\qwavedrv.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\??\C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140123.002\EX64.SYS
\??\C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140123.002\ENG64.SYS
\SystemRoot\System32\ATMFD.DLL
\??\C:\Windows\system32\Drivers\PROCEXP113.SYS
\??\C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20140123.001\IDSvia64.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR3
Upper Device Object: 0xfffffa800cfd9060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-4\
Lower Device Object: 0xfffffa800cddb050
Lower Device Driver Name: \Driver\iaStor\
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xfffffa800cfd8060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-3\
Lower Device Object: 0xfffffa800cdd7050
Lower Device Driver Name: \Driver\iaStor\
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa800cfd7060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-2\
Lower Device Object: 0xfffffa800cb71050
Lower Device Driver Name: \Driver\iaStor\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa800cfd6060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa800cb6d050
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa800cfd6060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800cedc940, DeviceName: Unknown, DriverName: \Driver\snapman\
DevicePointer: 0xfffffa800cfd6b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800cfd6060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800cedb9b0, DeviceName: Unknown, DriverName: \Driver\vidsflt53\
DevicePointer: 0xfffffa800cb6ab10, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa800cb6d050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\partmgr\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 2BCFB554

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 204800
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848  Numsec = 249860096

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 128035676160 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-250049680-250069680)...
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa800cfd7060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800cfd7980, DeviceName: Unknown, DriverName: \Driver\snapman\
DevicePointer: 0xfffffa800cfd7b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800cfd7060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800cee0880, DeviceName: Unknown, DriverName: \Driver\vidsflt53\
DevicePointer: 0xfffffa800cb6a910, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa800cb71050, DeviceName: \Device\Ide\IAAStorageDevice-2\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\partmgr\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: 190EE734

GPT Protective MBR Partition information:

    Partition 0 type is EFI-GPT (0xee)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1  Numsec = 4294967295

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

GPT Partition information:

    GPT Header Signature 4546492050415254
    GPT Header Revision 65536 Size 92 CRC 3436494681
    GPT Header CurrentLba = 1 BackupLba 5860533167
    GPT Header FirstUsableLba 34  LastUsableLba 5860533134
    GPT Header Guid 78c8795a-a385-493e-beeb-e1dc5bd2bac9
    GPT Header Contains 128 partition entries starting at LBA 2
    GPT Header Partition entry size = 128

    Backup GPT header Signature 4546492050415254
    Backup GPT header Revision 65536 Size 92 CRC 3436494681
    Backup GPT header CurrentLba = 5860533167 BackupLba 1
    Backup GPT header FirstUsableLba 34  LastUsableLba 5860533134
    Backup GPT header Guid 78c8795a-a385-493e-beeb-e1dc5bd2bac9
    Backup GPT header Contains 128 partition entries starting at LBA 5860533135
    Backup GPT header Partition entry size = 128

    Partition 0 Type e3c9e316-b5c-4db8-817d-f92df0215ae
    Partition ID 43926d9b-f7cf-4299-8ebc-21f924e3415b
    FirstLBA 34  Last LBA 262177
    Attributes 0
    Partition Name         Microsoft reserved partition

    Partition 1 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID 7083ca-2f94-4816-9dd-73d3bc5e8285
    FirstLBA 264192  Last LBA 5860532223
    Attributes 0
    Partition Name                 Basic data partition

Disk Size: 3000592982016 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 512
Drive: 2, DevicePointer: 0xfffffa800cfd8060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800ceee9b0, DeviceName: Unknown, DriverName: \Driver\snapman\
DevicePointer: 0xfffffa800cfd8b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800cfd8060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800ceebe30, DeviceName: Unknown, DriverName: \Driver\vidsflt53\
DevicePointer: 0xfffffa800cb6a510, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa800cdd7050, DeviceName: \Device\Ide\IAAStorageDevice-3\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\partmgr\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 2
Scanning MBR on drive 2...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: A4B57300

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63  Numsec = 1953520001

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 1000204886016 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 512
Drive: 3, DevicePointer: 0xfffffa800cfd9060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800cef3940, DeviceName: Unknown, DriverName: \Driver\snapman\
DevicePointer: 0xfffffa800cfd9b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800cfd9060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800ceeba90, DeviceName: Unknown, DriverName: \Driver\vidsflt53\
DevicePointer: 0xfffffa800cb6ee40, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa800cddb050, DeviceName: \Device\Ide\IAAStorageDevice-4\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\partmgr\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 3
Scanning MBR on drive 3...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: C0A975E1

GPT Protective MBR Partition information:

    Partition 0 type is EFI-GPT (0xee)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1  Numsec = 4294967295

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

GPT Partition information:

    GPT Header Signature 4546492050415254
    GPT Header Revision 65536 Size 92 CRC 1752020903
    GPT Header CurrentLba = 1 BackupLba 5860533167
    GPT Header FirstUsableLba 34  LastUsableLba 5860533134
    GPT Header Guid bc6428ac-a44b-40f0-9950-2518a368c8
    GPT Header Contains 128 partition entries starting at LBA 2
    GPT Header Partition entry size = 128

    Backup GPT header Signature 4546492050415254
    Backup GPT header Revision 65536 Size 92 CRC 1752020903
    Backup GPT header CurrentLba = 5860533167 BackupLba 1
    Backup GPT header FirstUsableLba 34  LastUsableLba 5860533134
    Backup GPT header Guid bc6428ac-a44b-40f0-9950-2518a368c8
    Backup GPT header Contains 128 partition entries starting at LBA 5860533135
    Backup GPT header Partition entry size = 128

    Partition 0 Type e3c9e316-b5c-4db8-817d-f92df0215ae
    Partition ID 8ab31792-af6e-4efe-9176-968942a6a96d
    FirstLBA 34  Last LBA 262177
    Attributes 0
    Partition Name         Microsoft reserved partition

    Partition 1 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID 7c7ad1fb-a53f-4d03-8c95-4c4b8616be2
    FirstLBA 264192  Last LBA 5860532223
    Attributes 0
    Partition Name                 Basic data partition

Disk Size: 3000592982016 bytes
Sector size: 512 bytes

Done!
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-2-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-2-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-3-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-3-r.mbam...
Removal finished
 


And here are the reports from RogueKiller:

 

RogueKiller V8.8.2 _x64_ [Jan 17 2014] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : TBC [Admin rights]
Mode : Scan -- Date : 01/23/2014 22:25:04
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 7 ¤¤¤
[PROXY IE][PUM] HKCU\[...]\Internet Settings : ProxyServer (hxxp=127.0.0.1:8555;hxxps=127.0.0.1:8555 [Country: (Private Address) (XX), City: (Private Address)]) -> FOUND
[PROXY IE][PUM] HKCU\[...]\Internet Settings : ProxyEnable (1) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1       localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ADATA SX900 +++++
--- User ---
[MBR] 1493671618165cabcc6fa80bacb331e9
[BSP] 81f671c510a1301ea18505cae75c279b : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 122002 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ IDE) ST3000DM001-1CH166 +++++
--- User ---
[MBR] 41f11eff0536d230330b26f0791db227
[BSP] 36e0adfd39484f0bbcce556b8a91324c : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 1 | Size: 2097152 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive2: (\\.\PHYSICALDRIVE2 @ IDE) ST31000528AS +++++
--- User ---
[MBR] ff0b517702293986d40468d89de9ed93
[BSP] 5cab7fac78b6fe5301595cea6da44b25 : Empty MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 953867 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive3: (\\.\PHYSICALDRIVE3 @ IDE) ST3000DM001-9YN166 +++++
--- User ---
[MBR] 6713e4aa6149c960395cb258063b1181
[BSP] 799e6ba6c08dd9ef02a83433e1fe26d3 : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 1 | Size: 2097152 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_01232014_222504.txt >>



 

 

RogueKiller V8.8.2 _x64_ [Jan 17 2014] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : TBC [Admin rights]
Mode : Remove -- Date : 01/23/2014 22:25:11
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 5 ¤¤¤
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> [0x2] The system cannot find the file specified.
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1       localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ADATA SX900 +++++
--- User ---
[MBR] 1493671618165cabcc6fa80bacb331e9
[BSP] 81f671c510a1301ea18505cae75c279b : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 122002 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ IDE) ST3000DM001-1CH166 +++++
--- User ---
[MBR] 41f11eff0536d230330b26f0791db227
[BSP] 36e0adfd39484f0bbcce556b8a91324c : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 1 | Size: 2097152 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive2: (\\.\PHYSICALDRIVE2 @ IDE) ST31000528AS +++++
--- User ---
[MBR] ff0b517702293986d40468d89de9ed93
[BSP] 5cab7fac78b6fe5301595cea6da44b25 : Empty MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 953867 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive3: (\\.\PHYSICALDRIVE3 @ IDE) ST3000DM001-9YN166 +++++
--- User ---
[MBR] 6713e4aa6149c960395cb258063b1181
[BSP] 799e6ba6c08dd9ef02a83433e1fe26d3 : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 1 | Size: 2097152 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_01232014_222511.txt >>
RKreport[0]_S_01232014_222504.txt


 



#9 PhantomPhelix

PhantomPhelix
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:14 PM

Posted 23 January 2014 - 10:32 PM

I tried another dowload again, but this time it failed almost instantly at about 2mb in. Somehow it seems worse.



#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:14 PM

Posted 25 January 2014 - 09:47 PM

Hello

I want YOU TO RUN frst FOR ME AGAIN AND SEND ME THE REPORT PLEASE


GRINGO
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 PhantomPhelix

PhantomPhelix
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:14 PM

Posted 26 January 2014 - 12:42 AM

Hi Gringo,

 

Ran it, and this time it managed to complete it without failing first reply is the FRST.txt file, the second is the Addition.txt file.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-01-2014 01
Ran by TBC (administrator) on TBC-PC on 26-01-2014 00:37:22
Running from C:\Users\TBC\Downloads\Farbar recovery scan tool
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Windows\SysWOW64\ASGT.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe
() C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\N360.exe
(Seagate) C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(VIA Technologies, Inc.) C:\VIA_XHCI\usb3Monitor.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\N360.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Seagate) C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Intel® Corporation) C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(CyberLink) A:\Programs\Power2Go8\CLMLSvc_P2G8.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Apple Inc.) A:\Programs\iTunes\iTunesHelper.exe
(Seagate) C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel® Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Mozilla Corporation) A:\Programs\firefox.exe
(AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\HSSCP.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Mozilla Corporation) A:\Programs\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(Valve Corporation) A:\Programs\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Microsoft Corporation) C:\Windows\System32\SndVol.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Windows\System32\dinotify.exe
(Mozilla Corporation) A:\Programs\plugin-container.exe
(Google) C:\Users\TBC\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
(AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\af_proxy_cmd.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [VIAxHCUtl] - C:\VIA_XHCI\usb3Monitor.exe [331776 2011-07-12] (VIA Technologies, Inc.)
HKLM\...\Run: [IntelTBRunOnce] - C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs [4123 2012-05-30] ()
HKLM\...\Run: [Launch LCore] - C:\Program Files\Logitech Gaming Software\LCore.exe [8290584 2013-08-01] (Logitech Inc.)
HKLM\...\Run: [Seagate Scheduler2 Service] - C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe [395152 2011-06-30] (Seagate)
HKLM-x32\...\Run: [HDAudDeck] - C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5263504 2012-08-09] (VIA)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-20] (Intel Corporation)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] - A:\Programs\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] - "A:\Programs\Power2Go8\VirtualDrive.exe" /R
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [641704 2012-06-11] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - A:\Programs\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)
HKLM-x32\...\Run: [DiscWizardMonitor.exe] - C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe [2638152 2011-06-30] (Seagate)
HKCU\...\Run: [Power2GoExpress8] - NA
Startup: C:\Users\TBC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel® Turbo Boost Technology Monitor 2.6.lnk
ShortcutTarget: Intel® Turbo Boost Technology Monitor 2.6.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation)

==================== Internet (Whitelisted) ====================

ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:8555;https=127.0.0.1:8555
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.search.us.com/v/2/?guid={b8c318e1-9e74-4e58-9875-d43d55a2ce3d}&serpv=5
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x55E96FC85B9BCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {17C553AF-6829-4151-AC6E-F26E359681B8} URL = http://search.us.com/serp?guid={B8C318E1-9E74-4E58-9875-D43D55A2CE3D}&action=default_search&serpv=5&k={searchTerms}
SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=360&chn=retail&geo=CA&ver=20&locale=en_CA&gct=sb&qsrc=2869
SearchScopes: HKCU - {D37746E0-8229-4F71-A796-99F1535E3045} URL = http://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=10563
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - A:\Programs\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine64\21.1.0.18\coIEPlg.dll (Symantec Corporation)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - A:\Programs\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - A:\Programs\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - A:\Programs\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - A:\Programs\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.1.0.18\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.1.0.18\coIEPlg.dll (Symantec Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - A:\Programs\Office15\MSOSB.DLL (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\TBC\AppData\Roaming\Mozilla\Firefox\Profiles\0f9k9otw.default-1379842455441
FF Homepage: https://www.google.ca/|https://www.facebook.com/|hxxp://www.youtube.com/feed/subscriptions
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @microsoft.com/SharePoint,version=14.0 - A:\Programs\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - A:\Programs\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - A:\Programs\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - A:\Programs\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - A:\Programs\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\TBC\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\TBC\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\TBC\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\TBC\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\TBC\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\TBC\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\TBC\AppData\Roaming\mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin ProgramFiles/Appdata: C:\Users\TBC\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Extension: GFACE Experience Plugin - C:\Users\TBC\AppData\Roaming\Mozilla\Firefox\Profiles\0f9k9otw.default-1379842455441\Extensions\cryenginebrowserplugin@crytek.com [2013-11-07]
FF Extension: Adblock Plus - C:\Users\TBC\AppData\Roaming\Mozilla\Firefox\Profiles\0f9k9otw.default-1379842455441\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-10-07]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\ []
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2014-01-21]
FF StartMenuInternet: FIREFOX.EXE - A:\Programs\firefox.exe

Chrome:
=======
CHR HomePage: hxxp://www.google.ca/
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\gcswf32.dll No File
CHR Plugin: (Norton Confidential) - C:\Users\TBC\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.0.0.72_0\npcoplgn.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Extension: (YouTube) - C:\Users\TBC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-17]
CHR Extension: (Adblock Plus) - C:\Users\TBC\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-10-16]
CHR Extension: (Google Search) - C:\Users\TBC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-17]
CHR Extension: (Skype Click to Call) - C:\Users\TBC\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-08-18]
CHR Extension: (Norton Identity Protection) - C:\Users\TBC\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2013-08-17]
CHR Extension: (Google Wallet) - C:\Users\TBC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Gmail) - C:\Users\TBC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-17]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\Exts\Chrome.crx [2014-01-22]

==================== Services (Whitelisted) =================

S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 ASGT; C:\Windows\SysWOW64\ASGT.exe [55296 2012-01-17] ()
R2 hshld; C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [906024 2013-11-26] (AnchorFree Inc.)
S3 HssTrayService; C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE [78512 2013-11-13] ()
R2 HssWd; C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [555304 2013-11-26] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\N360.exe [264360 2013-10-08] (Symantec Corporation)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27792 2012-08-03] (VIA Technologies, Inc.)

==================== Drivers (Whitelisted) ====================

R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22680 2012-10-25] ()
R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20140121.001\BHDrvx64.sys [1526488 2014-01-09] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1501000.012\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\System32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2014-01-20] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2014-01-20] (Symantec Corporation)
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2013-11-29] ()
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [44744 2013-10-15] (AnchorFree Inc.)
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20140124.001\IDSvia64.sys [521944 2014-01-18] (Symantec Corporation)
R4 IOMap; C:\Windows\system32\drivers\IOMap64.sys [23680 2010-02-23] (ASUSTeK Computer Inc.)
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [110744 2012-07-19] (Qualcomm Atheros Co., Ltd.)
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140125.005\ENG64.SYS [126040 2014-01-20] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140125.005\EX64.SYS [2099288 2014-01-20] (Symantec Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1501000.012\SRTSP64.SYS [858200 2013-09-26] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1501000.012\SRTSPX64.SYS [36952 2013-09-09] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1501000.012\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1501000.012\SYMEFA64.SYS [1147480 2013-09-26] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-01-21] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1501000.012\Ironx64.SYS [264280 2013-09-26] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1501000.012\SYMNETS.SYS [590936 2013-09-25] (Symantec Corporation)
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-08-12] (Anchorfree Inc.)
R0 vidsflt53; C:\Windows\System32\DRIVERS\vsflt53.sys [141920 2014-01-20] (Acronis)
R3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [205312 2012-01-19] (VIA Technologies, Inc.)
R3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [254464 2012-01-19] (VIA Technologies, Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-24 22:54 - 2014-01-24 22:54 - 02621440 _____ C:\Users\TBC\Downloads\CSS Maps.rar.part
2014-01-24 22:43 - 2014-01-24 22:45 - 00000000 ____D C:\Users\TBC\Downloads\CSS Content Addon (Dec2013)
2014-01-24 22:41 - 2014-01-24 22:41 - 690662708 _____ C:\Users\TBC\Downloads\CSS_Content_Addon_(Dec2013).rar
2014-01-23 22:25 - 2014-01-23 22:25 - 00002991 _____ C:\Users\TBC\Desktop\RKreport[0]_S_01232014_222504.txt
2014-01-23 22:25 - 2014-01-23 22:25 - 00002849 _____ C:\Users\TBC\Desktop\RKreport[0]_D_01232014_222511.txt
2014-01-23 22:23 - 2014-01-23 22:37 - 00000000 ____D C:\Users\TBC\Desktop\RK_Quarantine
2014-01-23 22:22 - 2014-01-23 22:22 - 04406784 _____ C:\Users\TBC\Desktop\RogueKillerX64.exe
2014-01-23 22:17 - 2014-01-23 22:20 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-01-23 22:17 - 2014-01-23 22:17 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-01-23 22:17 - 2014-01-23 22:17 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-23 22:14 - 2014-01-23 22:14 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-01-23 22:14 - 2014-01-23 22:14 - 00000000 ____D C:\Users\TBC\Downloads\mbar
2014-01-23 21:51 - 2014-01-23 22:55 - 77135624 _____ C:\Users\TBC\Downloads\cmmhdN.part2.rar.part
2014-01-23 21:47 - 2014-01-23 21:47 - 00032943 _____ C:\ComboFix.txt
2014-01-23 21:44 - 2011-06-26 01:45 - 00256000 _____ C:\Windows\PEV.exe
2014-01-23 21:44 - 2010-11-07 12:20 - 00208896 _____ C:\Windows\MBR.exe
2014-01-23 21:44 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-01-23 21:44 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-01-23 21:44 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-01-23 21:44 - 2000-08-30 19:00 - 00098816 _____ C:\Windows\sed.exe
2014-01-23 21:44 - 2000-08-30 19:00 - 00080412 _____ C:\Windows\grep.exe
2014-01-23 21:44 - 2000-08-30 19:00 - 00068096 _____ C:\Windows\zip.exe
2014-01-23 21:36 - 2014-01-23 21:47 - 00000000 ____D C:\Windows\erdnt
2014-01-23 21:36 - 2014-01-23 21:47 - 00000000 ____D C:\Qoobox
2014-01-23 21:32 - 2014-01-23 21:32 - 05175240 ____R (Swearware) C:\Users\TBC\Desktop\ComboFix.exe
2014-01-23 19:25 - 2014-01-26 00:37 - 00000000 ____D C:\FRST
2014-01-23 19:25 - 2014-01-23 19:26 - 00000000 ____D C:\Users\TBC\Downloads\Farbar recovery scan tool 32
2014-01-23 19:24 - 2014-01-26 00:37 - 00000000 ____D C:\Users\TBC\Downloads\Farbar recovery scan tool
2014-01-22 17:07 - 2014-01-22 17:07 - 00000021 _____ C:\Users\TBC\Documents\teksavvy.txt
2014-01-21 08:39 - 2014-01-21 08:39 - 00000000 ____D C:\Windows\System32\Tasks\Norton 360
2014-01-21 01:46 - 2014-01-17 02:39 - 378033775 _____ C:\Users\TBC\Downloads\ReleaseThread_Community.S05E04.720p.HDTV.X264-DIMENSION.mkv
2014-01-20 18:14 - 2014-01-20 18:20 - 00004631 _____ C:\Windows\system32\lvcoinst.log
2014-01-20 18:14 - 2014-01-20 18:14 - 00000000 ____D C:\Program Files\Common Files\logishrd
2014-01-20 18:09 - 2014-01-20 18:09 - 00000000 ____D C:\Users\TBC\AppData\Roaming\Seagate
2014-01-20 18:08 - 2014-01-20 18:08 - 00971360 _____ (Acronis) C:\Windows\system32\Drivers\timntr.sys
2014-01-20 18:08 - 2014-01-20 18:08 - 00275552 _____ (Acronis) C:\Windows\system32\Drivers\snapman.sys
2014-01-20 18:08 - 2014-01-20 18:08 - 00210016 _____ (Acronis) C:\Windows\system32\Drivers\vididr.sys
2014-01-20 18:08 - 2014-01-20 18:08 - 00141920 _____ (Acronis) C:\Windows\system32\Drivers\vsflt53.sys
2014-01-20 18:08 - 2014-01-20 18:08 - 00001139 _____ C:\Users\Public\Desktop\Seagate DiscWizard.lnk
2014-01-20 18:08 - 2014-01-20 18:08 - 00000000 ____D C:\ProgramData\Seagate
2014-01-20 18:08 - 2014-01-20 18:08 - 00000000 ____D C:\Program Files (x86)\Seagate
2014-01-20 16:48 - 2013-11-26 20:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-20 16:48 - 2013-11-26 20:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-20 16:48 - 2013-11-26 20:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-20 16:48 - 2013-11-26 20:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-20 16:48 - 2013-11-26 20:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-20 16:48 - 2013-11-26 20:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-20 16:48 - 2013-11-26 20:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-20 16:48 - 2013-11-26 06:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-20 16:48 - 2013-11-26 05:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-15 20:00 - 2014-01-15 20:01 - 00000000 ____D C:\Users\TBC\AppData\Roaming\TrueCrypt
2014-01-10 18:59 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2014-01-10 18:59 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2014-01-10 18:59 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2014-01-10 18:59 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2014-01-10 18:59 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2014-01-10 18:59 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2014-01-10 18:59 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2014-01-10 18:59 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2014-01-10 18:59 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2014-01-10 18:59 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2014-01-10 18:59 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2014-01-10 18:59 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2014-01-10 18:59 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2014-01-10 18:59 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2014-01-10 18:59 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2014-01-10 18:59 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2014-01-10 18:59 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2014-01-10 18:59 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2014-01-10 18:59 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2014-01-10 18:59 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2014-01-10 18:59 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2014-01-10 18:59 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2014-01-10 18:59 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2014-01-10 18:59 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2014-01-10 18:59 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2014-01-10 18:59 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
2014-01-10 18:59 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2014-01-10 18:59 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2014-01-10 18:59 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2014-01-10 18:59 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2014-01-10 18:59 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2014-01-10 18:59 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2014-01-10 18:59 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2014-01-10 18:59 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2014-01-10 18:59 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2014-01-10 18:59 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2014-01-10 18:59 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2014-01-10 18:59 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2014-01-10 18:59 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2014-01-10 18:59 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2014-01-10 18:59 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2014-01-10 18:59 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2014-01-10 18:59 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2014-01-10 18:59 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2014-01-10 18:59 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2014-01-10 18:59 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2014-01-10 18:59 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2014-01-10 18:59 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2014-01-10 18:59 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2014-01-10 18:59 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_41.dll
2014-01-10 18:59 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2014-01-10 18:59 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_41.dll
2014-01-10 18:59 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2014-01-10 18:59 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2014-01-10 18:59 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2014-01-10 18:59 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2014-01-10 18:59 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2014-01-10 18:59 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2014-01-10 18:59 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2014-01-10 18:59 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2014-01-10 18:59 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2014-01-10 18:59 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2014-01-10 18:59 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2014-01-10 18:59 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2014-01-10 18:59 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2014-01-10 18:59 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2014-01-10 18:59 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2014-01-10 18:59 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2014-01-10 18:59 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2014-01-10 18:59 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2014-01-10 18:59 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2014-01-10 18:59 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2014-01-10 18:59 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2014-01-10 18:59 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2014-01-10 18:59 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2014-01-10 18:59 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2014-01-10 18:59 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2014-01-10 18:59 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2014-01-10 18:59 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2014-01-10 18:59 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2014-01-10 18:59 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2014-01-10 18:59 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2014-01-10 18:59 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2014-01-10 18:59 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2014-01-10 18:59 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2014-01-10 18:59 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2014-01-10 18:59 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2014-01-10 18:59 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2014-01-10 18:59 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2014-01-10 18:59 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2014-01-10 18:59 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2014-01-10 18:59 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2014-01-10 18:59 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2014-01-10 18:59 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2014-01-10 18:59 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2014-01-10 18:59 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2014-01-10 18:59 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2014-01-10 18:59 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2014-01-10 18:59 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2014-01-10 18:59 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2014-01-10 18:59 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2014-01-10 18:59 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2014-01-10 18:59 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2014-01-10 18:59 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2014-01-10 18:59 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2014-01-10 18:59 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2014-01-10 18:59 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2014-01-10 18:59 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2014-01-10 18:59 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2014-01-10 18:59 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2014-01-10 18:59 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2014-01-10 18:59 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2014-01-10 18:59 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
2014-01-10 18:59 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2014-01-10 18:59 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2014-01-10 18:59 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2014-01-10 18:59 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2014-01-10 18:58 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2014-01-10 18:58 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2014-01-10 18:58 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2014-01-10 18:58 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2014-01-10 18:58 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2014-01-10 18:58 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2014-01-10 18:58 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2014-01-10 18:58 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2014-01-10 18:58 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2014-01-10 18:58 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2014-01-10 18:58 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2014-01-10 18:58 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2014-01-10 18:58 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2014-01-10 18:58 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2014-01-10 18:58 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2014-01-10 18:58 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2014-01-10 18:58 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2014-01-10 18:58 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2014-01-10 18:58 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2014-01-10 18:58 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2014-01-10 18:58 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2014-01-10 18:58 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2014-01-10 18:58 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2014-01-10 18:58 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2014-01-10 18:58 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
2014-01-10 18:58 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2014-01-10 18:58 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2014-01-10 18:58 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2014-01-10 18:58 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2014-01-10 18:58 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2014-01-10 18:58 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2014-01-10 18:58 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2014-01-10 18:58 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2014-01-10 18:58 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2014-01-10 18:58 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2014-01-10 18:58 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2014-01-10 18:58 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2014-01-10 18:58 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2014-01-10 18:58 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2014-01-10 18:58 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2014-01-10 18:58 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2014-01-10 18:58 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2014-01-10 18:58 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2014-01-10 18:58 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2014-01-10 18:58 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2014-01-10 18:58 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2014-01-10 18:58 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2014-01-10 18:58 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2014-01-10 18:58 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2014-01-10 18:58 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2014-01-10 18:58 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2014-01-10 18:58 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2014-01-10 18:58 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2014-01-10 18:58 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2014-01-10 18:58 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2014-01-10 18:58 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2014-01-10 18:58 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2014-01-10 18:58 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2014-01-10 18:58 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2014-01-10 18:58 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2014-01-10 18:58 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2014-01-10 18:58 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2014-01-08 18:57 - 2014-01-08 18:57 - 00000000 ____D C:\Users\TBC\Documents\Logitech Gaming Software
2014-01-08 18:46 - 2014-01-08 18:46 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2014-01-08 18:46 - 2014-01-08 18:46 - 00000388 _____ C:\Windows\LkmdfCoInst.log

==================== One Month Modified Files and Folders =======

2014-01-26 00:37 - 2014-01-23 19:25 - 00000000 ____D C:\FRST
2014-01-26 00:37 - 2014-01-23 19:24 - 00000000 ____D C:\Users\TBC\Downloads\Farbar recovery scan tool
2014-01-26 00:33 - 2013-08-18 16:12 - 00000000 ____D C:\Users\TBC\AppData\Roaming\Skype
2014-01-26 00:22 - 2013-08-18 08:11 - 01606099 _____ C:\Windows\WindowsUpdate.log
2014-01-26 00:08 - 2013-08-18 16:51 - 00000900 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-484513837-3127913391-2740358490-1000UA.job
2014-01-25 23:58 - 2013-08-21 15:19 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-25 23:52 - 2013-08-17 08:32 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-25 21:07 - 2013-08-17 10:29 - 00000000 ____D C:\Users\TBC\AppData\Local\PMB Files
2014-01-25 21:07 - 2013-08-17 10:29 - 00000000 ____D C:\ProgramData\PMB Files
2014-01-25 20:08 - 2013-08-18 16:51 - 00000848 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-484513837-3127913391-2740358490-1000Core.job
2014-01-25 19:10 - 2013-08-18 13:59 - 00000000 ____D C:\Users\TBC\AppData\Roaming\Mozilla
2014-01-25 18:57 - 2013-08-17 08:32 - 00000888 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-24 23:47 - 2013-08-18 18:17 - 00000000 ____D C:\Users\TBC\AppData\Roaming\Mumble
2014-01-24 22:54 - 2014-01-24 22:54 - 02621440 _____ C:\Users\TBC\Downloads\CSS Maps.rar.part
2014-01-24 22:45 - 2014-01-24 22:43 - 00000000 ____D C:\Users\TBC\Downloads\CSS Content Addon (Dec2013)
2014-01-24 22:41 - 2014-01-24 22:41 - 690662708 _____ C:\Users\TBC\Downloads\CSS_Content_Addon_(Dec2013).rar
2014-01-24 19:16 - 2009-07-14 00:13 - 00779266 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-24 17:58 - 2009-07-13 23:45 - 00022080 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-24 17:58 - 2009-07-13 23:45 - 00022080 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-24 17:56 - 2009-07-13 23:51 - 00107009 _____ C:\Windows\setupact.log
2014-01-24 17:51 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-24 17:50 - 2010-11-20 22:47 - 00873770 _____ C:\Windows\PFRO.log
2014-01-23 22:55 - 2014-01-23 21:51 - 77135624 _____ C:\Users\TBC\Downloads\cmmhdN.part2.rar.part
2014-01-23 22:37 - 2014-01-23 22:23 - 00000000 ____D C:\Users\TBC\Desktop\RK_Quarantine
2014-01-23 22:25 - 2014-01-23 22:25 - 00002991 _____ C:\Users\TBC\Desktop\RKreport[0]_S_01232014_222504.txt
2014-01-23 22:25 - 2014-01-23 22:25 - 00002849 _____ C:\Users\TBC\Desktop\RKreport[0]_D_01232014_222511.txt
2014-01-23 22:22 - 2014-01-23 22:22 - 04406784 _____ C:\Users\TBC\Desktop\RogueKillerX64.exe
2014-01-23 22:20 - 2014-01-23 22:17 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-01-23 22:17 - 2014-01-23 22:17 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-01-23 22:17 - 2014-01-23 22:17 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-23 22:14 - 2014-01-23 22:14 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-01-23 22:14 - 2014-01-23 22:14 - 00000000 ____D C:\Users\TBC\Downloads\mbar
2014-01-23 21:47 - 2014-01-23 21:47 - 00032943 _____ C:\ComboFix.txt
2014-01-23 21:47 - 2014-01-23 21:36 - 00000000 ____D C:\Windows\erdnt
2014-01-23 21:47 - 2014-01-23 21:36 - 00000000 ____D C:\Qoobox
2014-01-23 21:47 - 2009-07-13 22:20 - 00000000 __RHD C:\Users\Default
2014-01-23 21:46 - 2009-07-13 21:34 - 00000215 _____ C:\Windows\system.ini
2014-01-23 21:32 - 2014-01-23 21:32 - 05175240 ____R (Swearware) C:\Users\TBC\Desktop\ComboFix.exe
2014-01-23 19:29 - 2013-09-09 13:22 - 00000000 ____D C:\Users\TBC\AppData\Local\CrashDumps
2014-01-23 19:26 - 2014-01-23 19:25 - 00000000 ____D C:\Users\TBC\Downloads\Farbar recovery scan tool 32
2014-01-22 18:17 - 2013-10-20 17:16 - 00000000 ____D C:\Users\TBC\AppData\Roaming\ftblauncher
2014-01-22 17:07 - 2014-01-22 17:07 - 00000021 _____ C:\Users\TBC\Documents\teksavvy.txt
2014-01-22 17:03 - 2009-07-13 23:45 - 00441472 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-22 02:08 - 2013-08-17 08:45 - 00111056 _____ C:\Users\TBC\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-21 08:39 - 2014-01-21 08:39 - 00000000 ____D C:\Windows\System32\Tasks\Norton 360
2014-01-21 08:39 - 2013-08-17 10:07 - 00003206 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2014-01-21 08:39 - 2013-08-17 10:07 - 00002319 _____ C:\Users\Public\Desktop\Norton 360.lnk
2014-01-21 08:39 - 2013-08-17 10:07 - 00000000 ____D C:\Windows\system32\Drivers\N360x64
2014-01-21 04:37 - 2013-08-17 10:07 - 00177752 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2014-01-21 04:37 - 2013-08-17 10:07 - 00008222 _____ C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2014-01-21 04:37 - 2013-08-17 10:07 - 00000000 ____D C:\Program Files (x86)\Norton 360
2014-01-21 04:37 - 2013-08-17 08:34 - 00000000 ____D C:\ProgramData\Norton
2014-01-21 04:36 - 2013-08-17 10:02 - 00000000 ____D C:\Users\Public\Downloads\Norton
2014-01-20 18:20 - 2014-01-20 18:14 - 00004631 _____ C:\Windows\system32\lvcoinst.log
2014-01-20 18:14 - 2014-01-20 18:14 - 00000000 ____D C:\Program Files\Common Files\logishrd
2014-01-20 18:13 - 2013-09-19 03:34 - 00000000 ____D C:\ProgramData\Microsoft Help
2014-01-20 18:13 - 2009-07-13 21:34 - 00000478 _____ C:\Windows\win.ini
2014-01-20 18:12 - 2013-08-18 21:42 - 00000000 ____D C:\Windows\system32\MRT
2014-01-20 18:09 - 2014-01-20 18:09 - 00000000 ____D C:\Users\TBC\AppData\Roaming\Seagate
2014-01-20 18:08 - 2014-01-20 18:08 - 00971360 _____ (Acronis) C:\Windows\system32\Drivers\timntr.sys
2014-01-20 18:08 - 2014-01-20 18:08 - 00275552 _____ (Acronis) C:\Windows\system32\Drivers\snapman.sys
2014-01-20 18:08 - 2014-01-20 18:08 - 00210016 _____ (Acronis) C:\Windows\system32\Drivers\vididr.sys
2014-01-20 18:08 - 2014-01-20 18:08 - 00141920 _____ (Acronis) C:\Windows\system32\Drivers\vsflt53.sys
2014-01-20 18:08 - 2014-01-20 18:08 - 00001139 _____ C:\Users\Public\Desktop\Seagate DiscWizard.lnk
2014-01-20 18:08 - 2014-01-20 18:08 - 00000000 ____D C:\ProgramData\Seagate
2014-01-20 18:08 - 2014-01-20 18:08 - 00000000 ____D C:\Program Files (x86)\Seagate
2014-01-20 16:53 - 2013-08-17 08:32 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2014-01-17 02:39 - 2014-01-21 01:46 - 378033775 _____ C:\Users\TBC\Downloads\ReleaseThread_Community.S05E04.720p.HDTV.X264-DIMENSION.mkv
2014-01-15 20:01 - 2014-01-15 20:00 - 00000000 ____D C:\Users\TBC\AppData\Roaming\TrueCrypt
2014-01-10 18:59 - 2013-09-09 04:20 - 00026740 _____ C:\Windows\DirectX.log
2014-01-08 18:57 - 2014-01-08 18:57 - 00000000 ____D C:\Users\TBC\Documents\Logitech Gaming Software
2014-01-08 18:46 - 2014-01-08 18:46 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2014-01-08 18:46 - 2014-01-08 18:46 - 00000388 _____ C:\Windows\LkmdfCoInst.log
2014-01-06 16:20 - 2013-08-18 21:42 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-04 22:33 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2014-01-03 06:53 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF
2014-01-03 06:49 - 2013-08-17 08:12 - 00000000 ____D C:\Users\TBC
2014-01-03 06:48 - 2013-09-16 01:55 - 00000000 ____D C:\Users\TBC\AppData\Roaming\uTorrent
2014-01-03 06:48 - 2013-08-21 15:19 - 00000000 ____D C:\Windows\system32\Macromed
2014-01-03 06:48 - 2009-07-13 22:20 - 00000000 __RSD C:\Windows\Media
2014-01-03 06:48 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\servicing
2014-01-03 06:48 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration
2014-01-03 06:48 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\AppCompat
2014-01-03 02:44 - 2013-09-01 23:58 - 00000000 ____D C:\Users\TBC\AppData\Roaming\Media Player Classic

Some content of TEMP:
====================
C:\Users\TBC\AppData\Local\Temp\ntdll_dump.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-19 18:52

==================== End Of Log ============================


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-01-2014 01
Ran by TBC at 2014-01-26 00:37:37
Running from C:\Users\TBC\Downloads\Farbar recovery scan tool
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Norton 360 (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton 360 (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

==================== Installed Programs ======================

@BIOS (x32 Version: 2.28 - GIGABYTE)
µTorrent (HKCU Version: 3.3.2.30303 - BitTorrent Inc.)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (x32 Version: 11.0.06 - Adobe Systems Incorporated)
AMD APP SDK Runtime (Version: 10.0.938.1 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
Apple Application Support (x32 Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
Arduino (x32 Version: 1.0.5 - Arduino LLC)
ASUS GPU Tweak (x32 Version: 2.2.8.1 - ASUSTek COMPUTER INC.)
ASUS GPU Tweak (x32 Version: 2.2.8.1 - ASUSTek COMPUTER INC.) Hidden
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (x32 Version: 2.1.0.7 - Atheros Communications Inc.)
AutoGreen B12.0206.1 (x32 Version: 1.00.0000 - GIGABYTE)
AutoGreen B12.0206.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
BioShock Infinite (x32 Version:  - Irrational Games)
Bonjour (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (x32 Version: 2012.0611.1251.21046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.0611.1251.21046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.0611.1251.21046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Profiles Desktop (x32 Version: 2012.0611.1251.21046 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.0611.1250.21046 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.0611.1251.21046 - Advanced Micro Devices, Inc.) Hidden
Counter-Strike: Condition Zero (x32 Version:  - Valve)
Counter-Strike: Global Offensive (x32 Version:  - Valve)
CPUID HWMonitor 1.24 (Version:  - )
CyberLink Power2Go 8 (x32 Version: 8.0.0.2014 - CyberLink Corp.)
CyberLink Power2Go 8 (x32 Version: 8.0.0.2014 - CyberLink Corp.) Hidden
Definition Update for Microsoft Office 2013 (KB2760587) 64-Bit Edition (Version:  - Microsoft)
Easy Tune 6 B12.1121.1 (x32 Version: 1.00.0000 - GIGABYTE)
Easy Tune 6 B12.1121.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
Garry's Mod (x32 Version:  - Garry)
Google Chrome (x32 Version: 32.0.1700.76 - Google Inc.)
Google Talk Plugin (x32 Version: 4.9.1.16010 - Google)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
Hotspot Shield 3.20 (x32 Version: 3.20 - AnchorFree Inc.)
HydraVision (x32 Version: 4.2.236.0 - Advanced Micro Devices, Inc.) Hidden
Intel® Control Center (x32 Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (x32 Version: 8.1.0.1252 - Intel Corporation)
Intel® Rapid Storage Technology (x32 Version: 11.1.0.1006 - Intel Corporation)
Intel® Turbo Boost Technology Monitor 2.6 (Version: 2.6.2.0 - Intel)
Intel® USB 3.0 eXtensible Host Controller Driver (x32 Version: 1.0.5.235 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
iTunes (Version: 11.0.5.5 - Apple Inc.)
Java 7 Update 45 (x32 Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
League of Legends (x32 Version: 3.0.0 - Riot Games)
League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden
Logitech Gaming Software (Version: 8.45.88 - Logitech Inc.) Hidden
Logitech Gaming Software 8.50 (Version: 8.50.281 - Logitech Inc.)
LOLReplay (x32 Version: 0.8.2.2 - www.leaguereplays.com)
marvell 91xx driver (x32 Version: 1.2.0.1020 - Marvell)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Access MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Access Setup Metadata MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft DCF MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Excel MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Groove MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft InfoPath MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Lync MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office 32-bit Components 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office OSM MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office OSM UX MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2013 (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - English (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - Español (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft OneNote MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Outlook MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft PowerPoint MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Publisher MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Microsoft Word MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Mozilla Firefox 23.0.1 (x86 en-US) (x32 Version: 23.0.1 - Mozilla)
Mozilla Firefox 26.0 (x86 en-US) (HKCU Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 23.0.1 - Mozilla)
MPC-HC 1.6.8 (x32 Version: 1.6.8.7417 - MPC-HC Team)
Mumble 1.2.4 (x32 Version: 1.2.4 - Thorvald Natvig)
Nero 12 Essentials OEM.a01 (x32 Version: 12.5.00400 - Nero AG)
Nero ControlCenter (x32 Version: 11.0.15200 - Nero AG) Hidden
Nero ControlCenter Help (CHM) (x32 Version: 12.0.0003 - Nero AG) Hidden
Nero Core Components (x32 Version: 11.0.17800 - Nero AG) Hidden
Nero Express (x32 Version: 12.0.19000 - Nero AG) Hidden
Nero Express Help (CHM) (x32 Version: 12.0.1000 - Nero AG) Hidden
Nero Update (x32 Version: 11.0.11800.31.0 - Nero AG) Hidden
Norton 360 (x32 Version: 21.1.0.18 - Symantec Corporation)
ON_OFF Charge B12.1025.1 (x32 Version: 1.00.0001 - GIGABYTE)
ORION: Dino Horde (x32 Version:  - Spiral Game Studios)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Pando Media Booster (x32 Version: 2.6.0.7 - Pando Networks Inc.)
Platform (x32 Version: 1.39 - VIA Technologies, Inc.) Hidden
Prerequisite installer (x32 Version: 12.0.0002 - Nero AG) Hidden
Saints Row: The Third (x32 Version:  - Volition)
Seagate DiscWizard (x32 Version: 13.0.14387 - Seagate)
Skype Click to Call (x32 Version: 6.13.13771 - Skype Technologies S.A.)
Skype™ 6.9 (x32 Version: 6.9.106 - Skype Technologies S.A.)
Star Wars - Battlefront II (x32 Version:  - Pandemic Studios)
Steam (x32 Version: 1.0.0.0 - Valve Corporation)
Tomb Raider (x32 Version:  - Crystal Dynamics)
TrueCrypt (x32 Version: 7.1a - TrueCrypt Foundation)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
Update for Microsoft Access 2013 (KB2768008) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Access 2013 (KB2827233) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft InfoPath 2013 (KB2837648) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Lync 2013 (KB2817678) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2726954) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2726996) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2738038) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760224) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760242) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760267) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760539) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760553) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760610) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2767845) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2768016) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2817314) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2817316) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2817490) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2817626) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2826004) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2827225) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2827227) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2827230) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2827239) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2837626) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2837637) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2837638) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2837655) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2850066) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft OneNote 2013 (KB2850063) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Outlook 2013 (KB2850061) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft PowerPoint 2013 (KB2767850) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Project 2013 (KB2727085) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Publisher 2013 (KB2837635) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft SkyDrive Pro (KB2817495) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft SkyDrive Pro (KB2837652) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Visio 2013 (KB2817306) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2768338) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2837647) 64-Bit Edition (Version:  - Microsoft)
VIA Platform Device Manager (x32 Version: 1.39 - VIA Technologies, Inc.)
VLC media player 2.1.0 (x32 Version: 2.1.0 - VideoLAN)
WinRAR 5.00 (64-bit) (Version: 5.00.0 - win.rar GmbH)

==================== Restore Points  =========================

21-01-2014 06:31:45 Norton 360 Registry Clean
24-01-2014 02:44:09 ComboFix created restore point

==================== Hosts content: ==========================

2009-07-13 21:34 - 2014-01-23 21:46 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {0C9368FE-897E-4414-A8B6-4A29ABF8E6BE} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {15FA1D8B-C817-4896-A445-FFA175BCEB14} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-484513837-3127913391-2740358490-1000Core => C:\Users\TBC\AppData\Local\Google\Update\GoogleUpdate.exe [2013-08-18] (Google Inc.)
Task: {32A95C9E-282A-49A7-A334-8512AB6D191A} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {3C303874-6360-4C96-A043-A0E6B3AC1A89} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\WSCStub.exe [2013-10-08] (Symantec Corporation)
Task: {637C77BD-D774-4138-A4FD-D67EA48C986A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-484513837-3127913391-2740358490-1000UA => C:\Users\TBC\AppData\Local\Google\Update\GoogleUpdate.exe [2013-08-18] (Google Inc.)
Task: {77839D00-9DE0-4648-BDAF-944021080D67} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {9C73DE2E-73AC-4FF5-9390-8BB75D22FA53} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-10] (Adobe Systems Incorporated)
Task: {A1EEA30F-03EE-4505-BFE7-C482A8E94AF0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-17] (Google Inc.)
Task: {A487203E-14C4-438F-823E-3C2DDBDFD700} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-17] (Google Inc.)
Task: {EF8CA3C7-94B7-47EC-9570-D5F3B16E0B4C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => A:\Programs\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {F32342C9-4B2C-4CFD-9F3C-A839922A121F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => A:\Programs\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {FC44D8D9-3FAC-40C8-8BFA-EA4A7CF01321} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-484513837-3127913391-2740358490-1000Core.job => C:\Users\TBC\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-484513837-3127913391-2740358490-1000UA.job => C:\Users\TBC\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-01-20 17:31 - 2013-10-17 11:25 - 08866472 _____ () A:\Programs\Office15\1033\GrooveIntlResource.dll
2013-08-17 08:35 - 2012-08-09 05:55 - 00078480 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2013-08-17 08:35 - 2012-08-09 05:55 - 00386192 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2012-05-04 15:42 - 2012-05-04 15:42 - 00430080 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2012-05-04 15:42 - 2012-05-04 15:42 - 00032768 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\BrandingResources.dll
2012-06-11 11:45 - 2012-06-11 11:45 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2013-04-21 20:44 - 2013-04-21 20:44 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-04-21 20:44 - 2013-04-21 20:44 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-11-26 19:35 - 2013-11-26 19:35 - 00903464 _____ () C:\Program Files (x86)\Hotspot Shield\bin\af_proxy.dll
2014-01-20 17:31 - 2012-06-07 22:34 - 00627216 _____ () A:\Programs\Power2Go8\CLMediaLibrary.dll
2014-01-20 17:31 - 2012-06-08 10:34 - 00016400 _____ () A:\Programs\Power2Go8\CLMLSvcPS.dll
2014-01-20 17:31 - 2014-01-20 17:47 - 03559024 _____ () A:\Programs\mozjs.dll
2013-10-17 11:25 - 2013-10-17 11:25 - 08866472 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-08-18 23:35 - 2013-08-18 23:35 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\67f2d87ba056e1075fce76a8c50bb57e\IsdiInterop.ni.dll
2013-08-17 08:36 - 2012-02-01 15:25 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2013-08-17 08:35 - 2012-06-25 09:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2013-12-10 20:58 - 2013-12-10 20:58 - 16242056 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
2014-01-24 21:56 - 2013-12-12 17:19 - 00142848 _____ () A:\Programs\Steam\libavresample-1.dll
2014-01-24 21:56 - 2013-11-04 20:12 - 00890592 _____ () A:\Programs\Steam\libavutil-52.dll
2014-01-20 17:31 - 2013-12-12 17:04 - 00716800 _____ () A:\Programs\Steam\SDL2.dll
2014-01-20 17:31 - 2014-01-07 16:00 - 01138088 _____ () A:\Programs\Steam\bin\chromehtml.DLL
2014-01-20 17:31 - 2013-12-12 17:04 - 20625832 _____ () A:\Programs\Steam\bin\libcef.dll
2014-01-20 17:31 - 2013-06-14 18:49 - 01100800 _____ () A:\Programs\Steam\bin\avcodec-53.dll
2014-01-20 17:31 - 2013-06-14 18:49 - 00124416 _____ () A:\Programs\Steam\bin\avutil-51.dll
2014-01-20 17:31 - 2013-06-14 18:49 - 00192000 _____ () A:\Programs\Steam\bin\avformat-53.dll
2014-01-20 16:53 - 2014-01-11 05:28 - 00715544 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\libglesv2.dll
2014-01-20 16:53 - 2014-01-11 05:28 - 00100120 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\libegl.dll
2014-01-20 16:53 - 2014-01-11 05:29 - 04055320 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\pdf.dll
2014-01-20 16:53 - 2014-01-11 05:29 - 00399640 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll
2014-01-20 16:53 - 2014-01-11 05:28 - 01634584 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\ffmpegsumo.dll
2014-01-20 16:53 - 2014-01-11 05:29 - 13615896 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/25/2014 07:33:10 PM) (Source: Application Error) (User: )
Description: Faulting application name: af_proxy_cmd.exe, version: 3.20.0.21481, time stamp: 0x52953f01
Faulting module name: af_proxy.dll, version: 0.0.0.0, time stamp: 0x52953e4f
Exception code: 0xc0000005
Fault offset: 0x0001dc22
Faulting process id: 0x1500
Faulting application start time: 0xaf_proxy_cmd.exe0
Faulting application path: af_proxy_cmd.exe1
Faulting module path: af_proxy_cmd.exe2
Report Id: af_proxy_cmd.exe3

Error: (01/25/2014 07:10:04 PM) (Source: Microsoft-Windows-RestartManager) (User: TBC-PC)
Description: Application or service 'Plugin Container for Firefox' could not be shut down.

Error: (01/24/2014 09:59:03 PM) (Source: Application Hang) (User: )
Description: The program Steam.exe version 2.6.70.5 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1e58

Start Time: 01cf19791ef8fe6e

Termination Time: 6

Application Path: A:\Programs\Steam\Steam.exe

Report Id: a20b819b-856c-11e3-a5e0-902b34dcddf8

Error: (01/24/2014 09:55:45 PM) (Source: Application Hang) (User: )
Description: The program Steam.exe version 1.97.82.80 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 6ac

Start Time: 01cf19786b42f1cb

Termination Time: 8

Application Path: A:\Programs\Steam\Steam.exe

Report Id: 2dc84c7d-856c-11e3-a5e0-902b34dcddf8

Error: (01/24/2014 05:52:53 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/23/2014 07:29:21 PM) (Source: Application Error) (User: )
Description: Faulting application name: FRST64.exe, version: 0.0.0.0, time stamp: 0x52e18d3f
Faulting module name: FRST64.exe, version: 0.0.0.0, time stamp: 0x52e18d3f
Exception code: 0xc00000fd
Fault offset: 0x000000000000af93
Faulting process id: 0x2c4
Faulting application start time: 0xFRST64.exe0
Faulting application path: FRST64.exe1
Faulting module path: FRST64.exe2
Report Id: FRST64.exe3

Error: (01/23/2014 07:25:23 PM) (Source: Application Error) (User: )
Description: Faulting application name: FRST64.exe, version: 0.0.0.0, time stamp: 0x52e18d3f
Faulting module name: FRST64.exe, version: 0.0.0.0, time stamp: 0x52e18d3f
Exception code: 0xc00000fd
Fault offset: 0x000000000000af93
Faulting process id: 0x1a7c
Faulting application start time: 0xFRST64.exe0
Faulting application path: FRST64.exe1
Faulting module path: FRST64.exe2
Report Id: FRST64.exe3

Error: (01/23/2014 07:18:12 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/22/2014 05:05:18 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/21/2014 10:55:48 PM) (Source: Application Error) (User: )
Description: Faulting application name: N360.exe, version: 12.11.0.16, time stamp: 0x524cbb5e
Faulting module name: WINHTTP.dll, version: 6.1.7601.17514, time stamp: 0x4ce7ba3e
Exception code: 0xc0000005
Fault offset: 0x0000f107
Faulting process id: 0x1778
Faulting application start time: 0xN360.exe0
Faulting application path: N360.exe1
Faulting module path: N360.exe2
Report Id: N360.exe3


System errors:
=============
Error: (01/24/2014 09:57:05 PM) (Source: Service Control Manager) (User: )
Description: The Steam Client Service service failed to start due to the following error:
%%1053

Error: (01/24/2014 09:57:05 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

Error: (01/24/2014 07:14:32 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk4\DR7.

Error: (01/24/2014 07:14:31 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk4\DR7.

Error: (01/24/2014 07:14:29 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk4\DR7.

Error: (01/24/2014 07:14:29 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk4\DR7.

Error: (01/24/2014 07:14:28 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk4\DR7.

Error: (01/24/2014 07:14:26 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk4\DR7.

Error: (01/24/2014 07:14:25 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk4\DR7.

Error: (01/24/2014 01:23:16 AM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}


Microsoft Office Sessions:
=========================
Error: (01/25/2014 07:33:10 PM) (Source: Application Error)(User: )
Description: af_proxy_cmd.exe3.20.0.2148152953f01af_proxy.dll0.0.0.052953e4fc00000050001dc22150001cf1a2d587b6324C:\Program Files (x86)\Hotspot Shield\bin\af_proxy_cmd.exeC:\Program Files (x86)\Hotspot Shield\bin\af_proxy.dll6e35b41a-8621-11e3-a5e0-902b34dcddf8

Error: (01/25/2014 07:10:04 PM) (Source: Microsoft-Windows-RestartManager)(User: TBC-PC)
Description: 1A:\Programs\plugin-container.exePlugin Container for Firefox02117118640

Error: (01/24/2014 09:59:03 PM) (Source: Application Hang)(User: )
Description: Steam.exe2.6.70.51e5801cf19791ef8fe6e6A:\Programs\Steam\Steam.exea20b819b-856c-11e3-a5e0-902b34dcddf8

Error: (01/24/2014 09:55:45 PM) (Source: Application Hang)(User: )
Description: Steam.exe1.97.82.806ac01cf19786b42f1cb8A:\Programs\Steam\Steam.exe2dc84c7d-856c-11e3-a5e0-902b34dcddf8

Error: (01/24/2014 05:52:53 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/23/2014 07:29:21 PM) (Source: Application Error)(User: )
Description: FRST64.exe0.0.0.052e18d3fFRST64.exe0.0.0.052e18d3fc00000fd000000000000af932c401cf189b4507ecb5C:\Users\TBC\Downloads\Farbar recovery scan tool\FRST64.exeC:\Users\TBC\Downloads\Farbar recovery scan tool\FRST64.exe90e10d0c-848e-11e3-a923-902b34dcddf8

Error: (01/23/2014 07:25:23 PM) (Source: Application Error)(User: )
Description: FRST64.exe0.0.0.052e18d3fFRST64.exe0.0.0.052e18d3fc00000fd000000000000af931a7c01cf189abce5e40bC:\Users\TBC\Downloads\Farbar recovery scan tool\FRST64.exeC:\Users\TBC\Downloads\Farbar recovery scan tool\FRST64.exe03065083-848e-11e3-a923-902b34dcddf8

Error: (01/23/2014 07:18:12 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/22/2014 05:05:18 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/21/2014 10:55:48 PM) (Source: Application Error)(User: )
Description: N360.exe12.11.0.16524cbb5eWINHTTP.dll6.1.7601.175144ce7ba3ec00000050000f107177801cf16fa31f2dec4C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\N360.exeC:\Windows\system32\WINHTTP.dll13a74d6b-8319-11e3-be4c-902b34dcddf8


CodeIntegrity Errors:
===================================
  Date: 2014-01-23 21:46:42.314
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-01-23 21:46:42.291
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Percentage of memory in use: 67%
Total physical RAM: 16344.04 MB
Available physical RAM: 5283.44 MB
Total Pagefile: 32686.26 MB
Available Pagefile: 18956.7 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive a: (TBC NEXUS) (Fixed) (Total:2794.39 GB) (Free:2292.27 GB) NTFS
Drive c: () (Fixed) (Total:119.14 GB) (Free:56.18 GB) NTFS
Drive d: (X_MEN_ORIGINS_WOLVERINE) (CDROM) (Total:7.44 GB) (Free:0 GB) UDF
Drive g: (TBC FIBRE) (Fixed) (Total:931.51 GB) (Free:140.19 GB) NTFS
Drive h: (TBC DREADNAUGHT) (Fixed) (Total:2794.39 GB) (Free:756 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119 GB) (Disk ID: 2BCFB554)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=119 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 2795 GB) (Disk ID: 190EE734)

Partition: GPT Partition Type
========================================================
Disk: 2 (Size: 932 GB) (Disk ID: A4B57300)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (Size: 2795 GB) (Disk ID: C0A975E1)

Partition: GPT Partition Type
==================== End Of Log ============================



#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:14 PM

Posted 26 January 2014 - 01:34 PM

Hello




HitmanPro

  • Please download HitmanPro.
  • Launch the program by double clicking on the 5vo5F.jpg icon. (Windows Vista/7 users right click on the HitmanPro icon and select run as administrator).
  • Click on the next button. You must agree with the terms of EULA.
  • Check the box beside "No, I only want to perform a one-time scan to check this computer".
  • Click on the next button.
  • The program will start to scan the computer. The scan will typically take no more than 2-3 minutes.
  • When the scan is done click on drop-down menu of the found entries (if any) and choose - Apply to all => Ignore <= IMPORTANT!!!
  • Click on the next button.
  • Click on the "Export scan results to XML file".
  • Save that file to your desktop and zip and attach it in your next reply.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 PhantomPhelix

PhantomPhelix
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:14 PM

Posted 27 January 2014 - 04:01 AM

Hi Gringo,

 

I downloaded and ran hitmanpro. When I got to the step after clicking "Apply to all => Ignore, there was no "Export scan results to XML file." Instead it gave an option to save the log file so I did so and am attaching that in my reply.

 

HitmanPro 3.7.8.208
www.hitmanpro.com

   Computer name . . . . : TBC-PC
   Windows . . . . . . . : 6.1.1.7601.X64/4
   User name . . . . . . : TBC-PC\TBC
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2014-01-27 04:00:11
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 36s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 62

   Objects scanned . . . : 1,337,427
   Files scanned . . . . : 38,579
   Remnants scanned  . . : 260,766 files / 1,038,082 keys

Repairs _____________________________________________________________________

   Proxy server on this computer (User)
   127.0.0.1:8555


Cookies _____________________________________________________________________

   C:\Users\TBC\AppData\Roaming\Microsoft\Windows\Cookies\067MW245.txt
   C:\Users\TBC\AppData\Roaming\Microsoft\Windows\Cookies\1FMXO5TN.txt
   C:\Users\TBC\AppData\Roaming\Microsoft\Windows\Cookies\2EIMG7OB.txt
   C:\Users\TBC\AppData\Roaming\Microsoft\Windows\Cookies\4O9CLR4F.txt
   C:\Users\TBC\AppData\Roaming\Microsoft\Windows\Cookies\9FLKIVHQ.txt
   C:\Users\TBC\AppData\Roaming\Microsoft\Windows\Cookies\GJON7FGQ.txt
   C:\Users\TBC\AppData\Roaming\Microsoft\Windows\Cookies\HEWB9BOY.txt
   C:\Users\TBC\AppData\Roaming\Microsoft\Windows\Cookies\HP6OSB0S.txt
   C:\Users\TBC\AppData\Roaming\Microsoft\Windows\Cookies\J0X0TLKU.txt
   C:\Users\TBC\AppData\Roaming\Microsoft\Windows\Cookies\JEBLCV2Q.txt
   C:\Users\TBC\AppData\Roaming\Microsoft\Windows\Cookies\RHZ3WM1Y.txt
   C:\Users\TBC\AppData\Roaming\Microsoft\Windows\Cookies\RQYJPF63.txt
   C:\Users\TBC\AppData\Roaming\Microsoft\Windows\Cookies\SE1E79PH.txt
   C:\Users\TBC\AppData\Roaming\Microsoft\Windows\Cookies\SVZA16D3.txt
   C:\Users\TBC\AppData\Roaming\Microsoft\Windows\Cookies\TOLKFC5B.txt
   C:\Users\TBC\AppData\Roaming\Microsoft\Windows\Cookies\X39D0VK8.txt
   C:\Users\TBC\AppData\Roaming\Microsoft\Windows\Cookies\ZPB0O6C1.txt
   C:\Users\TBC\AppData\Roaming\Mozilla\Firefox\Profiles\0f9k9otw.default-1379842455441\cookies.sqlite:ad.360yield.com
   C:\Users\TBC\AppData\Roaming\Mozilla\Firefox\Profiles\0f9k9otw.default-1379842455441\cookies.sqlite:ad.mlnadvertising.com
   C:\Users\TBC\AppData\Roaming\Mozilla\Firefox\Profiles\0f9k9otw.default-1379842455441\cookies.sqlite:ad.propellerads.com
   C:\Users\TBC\AppData\Roaming\Mozilla\Firefox\Profiles\0f9k9otw.default-1379842455441\cookies.sqlite:ads.bleepingcomputer.com
   C:\Users\TBC\AppData\Roaming\Mozilla\Firefox\Profiles\0f9k9otw.default-1379842455441\cookies.sqlite:ads.p161.net
   C:\Users\TBC\AppData\Roaming\Mozilla\Firefox\Profiles\0f9k9otw.default-1379842455441\cookies.sqlite:ads.pubmatic.com
   C:\Users\TBC\AppData\Roaming\Mozilla\Firefox\Profiles\0f9k9otw.default-1379842455441\cookies.sqlite:ads.stickyadstv.com
   C:\Users\TBC\AppData\Roaming\Mozilla\Firefox\Profiles\0f9k9otw.default-1379842455441\cookies.sqlite:ads.undertone.com
   C:\Users\TBC\AppData\Roaming\Mozilla\Firefox\Profiles\0f9k9otw.default-1379842455441\cookies.sqlite:ads.yahoo.com
   C:\Users\TBC\AppData\Roaming\Mozilla\Firefox\Profiles\0f9k9otw.default-1379842455441\cookies.sqlite:adtech.de
   C:\Users\TBC\AppData\Roaming\Mozilla\Firefox\Profiles\0f9k9otw.default-1379842455441\cookies.sqlite:adtechus.com
   C:\Users\TBC\AppData\Roaming\Mozilla\Firefox\Profiles\0f9k9otw.default-1379842455441\cookies.sqlite:advertising.com
   C:\Users\TBC\AppData\Roaming\Mozilla\Firefox\Profiles\0f9k9otw.default-1379842455441\cookies.sqlite:advertstream.com
   C:\Users\TBC\AppData\Roaming\Mozilla\Firefox\Profiles\0f9k9otw.default-1379842455441\cookies.sqlite:ar.atwola.com
   C:\Users\TBC\AppData\Roaming\Mozilla\Firefox\Profiles\0f9k9otw.default-1379842455441\cookies.sqlite:at.atwola.com
   C:\Users\TBC\AppData\Roaming\Mozilla\Firefox\Profiles\0f9k9otw.default-1379842455441\cookies.sqlite:atdmt.com
   C:\Users\TBC\AppData\Roaming\Mozilla\Firefox\Profiles\0f9k9otw.default-1379842455441\cookies.sqlite:c1.atdmt.com
   C:\Users\TBC\AppData\Roaming\Mozilla\Firefox\Profiles\0f9k9otw.default-1379842455441\cookies.sqlite:casalemedia.com
   C:\Users\TBC\AppData\Roaming\Mozilla\Firefox\Profiles\0f9k9otw.default-1379842455441\cookies.sqlite:collective-media.net
   C:\Users\TBC\AppData\Roaming\Mozilla\Firefox\Profiles\0f9k9otw.default-1379842455441\cookies.sqlite:dmtracker.com
   C:\Users\TBC\AppData\Roaming\Mozilla\Firefox\Profiles\0f9k9otw.default-1379842455441\cookies.sqlite:doubleclick.net
   C:\Users\TBC\AppData\Roaming\Mozilla\Firefox\Profiles\0f9k9otw.default-1379842455441\cookies.sqlite:exoclick.com
   C:\Users\TBC\AppData\Roaming\Mozilla\Firefox\Profiles\0f9k9otw.default-1379842455441\cookies.sqlite:fastclick.net
   C:\Users\TBC\AppData\Roaming\Mozilla\Firefox\Profiles\0f9k9otw.default-1379842455441\cookies.sqlite:h.atdmt.com
   C:\Users\TBC\AppData\Roaming\Mozilla\Firefox\Profiles\0f9k9otw.default-1379842455441\cookies.sqlite:interclick.com
   C:\Users\TBC\AppData\Roaming\Mozilla\Firefox\Profiles\0f9k9otw.default-1379842455441\cookies.sqlite:invitemedia.com
   C:\Users\TBC\AppData\Roaming\Mozilla\Firefox\Profiles\0f9k9otw.default-1379842455441\cookies.sqlite:kontera.com
   C:\Users\TBC\AppData\Roaming\Mozilla\Firefox\Profiles\0f9k9otw.default-1379842455441\cookies.sqlite:media6degrees.com
   C:\Users\TBC\AppData\Roaming\Mozilla\Firefox\Profiles\0f9k9otw.default-1379842455441\cookies.sqlite:mediaplex.com
   C:\Users\TBC\AppData\Roaming\Mozilla\Firefox\Profiles\0f9k9otw.default-1379842455441\cookies.sqlite:myroitracking.com
   C:\Users\TBC\AppData\Roaming\Mozilla\Firefox\Profiles\0f9k9otw.default-1379842455441\cookies.sqlite:network.realmedia.com
   C:\Users\TBC\AppData\Roaming\Mozilla\Firefox\Profiles\0f9k9otw.default-1379842455441\cookies.sqlite:realmedia.com
   C:\Users\TBC\AppData\Roaming\Mozilla\Firefox\Profiles\0f9k9otw.default-1379842455441\cookies.sqlite:revsci.net
   C:\Users\TBC\AppData\Roaming\Mozilla\Firefox\Profiles\0f9k9otw.default-1379842455441\cookies.sqlite:ru4.com
   C:\Users\TBC\AppData\Roaming\Mozilla\Firefox\Profiles\0f9k9otw.default-1379842455441\cookies.sqlite:server.cpmstar.com
   C:\Users\TBC\AppData\Roaming\Mozilla\Firefox\Profiles\0f9k9otw.default-1379842455441\cookies.sqlite:smartadserver.com
   C:\Users\TBC\AppData\Roaming\Mozilla\Firefox\Profiles\0f9k9otw.default-1379842455441\cookies.sqlite:stats.adotube.com
   C:\Users\TBC\AppData\Roaming\Mozilla\Firefox\Profiles\0f9k9otw.default-1379842455441\cookies.sqlite:survey.g.doubleclick.net
   C:\Users\TBC\AppData\Roaming\Mozilla\Firefox\Profiles\0f9k9otw.default-1379842455441\cookies.sqlite:tacoda.at.atwola.com
   C:\Users\TBC\AppData\Roaming\Mozilla\Firefox\Profiles\0f9k9otw.default-1379842455441\cookies.sqlite:track.adform.net
   C:\Users\TBC\AppData\Roaming\Mozilla\Firefox\Profiles\0f9k9otw.default-1379842455441\cookies.sqlite:tribalfusion.com
   C:\Users\TBC\AppData\Roaming\Mozilla\Firefox\Profiles\0f9k9otw.default-1379842455441\cookies.sqlite:www.googleadservices.com
   C:\Users\TBC\AppData\Roaming\Mozilla\Firefox\Profiles\0f9k9otw.default-1379842455441\cookies.sqlite:xiti.com
   C:\Users\TBC\AppData\Roaming\Mozilla\Firefox\Profiles\0f9k9otw.default-1379842455441\cookies.sqlite:yadro.ru
 

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:14 PM

Posted 27 January 2014 - 01:20 PM

Hello PhantomPhelix

Well it is not a virus causing the trouble


Have you tried any other browsers and have you tried to reinstall IE?


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 PhantomPhelix

PhantomPhelix
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:14 PM

Posted 27 January 2014 - 02:07 PM

Hey Gringo,

Ah, I see. Well the problem isn't just with IE. Like I mentioned previously it is with all my browsers. I'll try uninstalling and reinstalling fire fix and chrome to see if that fixes anything. I am not sure if I can uninstall IE because it comepreinstalled with win7 right? Anyways, I'll give it a shot and get back to with the results.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users