Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Nothing will fix the svchost virus / trojan!


  • This topic is locked This topic is locked
46 replies to this topic

#1 Tom95

Tom95

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:34 AM

Posted 26 February 2014 - 09:37 AM

Hello everyone

 

I'm sure all the experts on this website have heard about the svchost problem a lot as I know it is a problem. I tried to fix this problem by following many guides including one on here - http://www.bleepingcomputer.com/forums/t/443050/svchostexe-trojan-impossible-to-remove/

 

but nothing seems to work!

 

So,let me give you a little run down of what has been happening:

 

When I first turn my laptop on everything seems to be running as usual. I will open task manager, look at processes and select 'show all processes' and everything seems to be relatively normal ( google chrome tabs at about 30-100k of memory, svchost files at about 15k and everything else below 10k)

 

 

However, after a while (maybe 3, 4 hours, whatever) on the computer,one of the svchost.exe files will rise and rise in memory to about 350k,in which time it brings my computer to a complete stand still. Eventually when I manage to open up task manager again I can see everything else seems to be using the normal amount of memory except for this one file. However if I right-click the svchost.exe file and select 'end process tree' it often seems to fix the problem for a while and my PC runes smoothly again.

 

I spoke to my friend about this who works in a computer shop in Germany and he suggested that I could try re-installing the firmware or something? His english isnt perfect and I didn't see anything on google about this so I haven't pursued this, but it is something to think about I guess.

 

Thanks to anyone that can help I would really appreciate it, this virus is a massive problem!!

 

Tom

 

p.s. My computer is windows 7 64-bit

p.p.s I don't know much about computers so if you can help please can you try and explain things in simple terms :)



BC AdBot (Login to Remove)

 


#2 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:04:34 AM

Posted 26 February 2014 - 10:22 AM

Hi and Welcome!!   
 
My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:
 
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • If you happen to have a flash drive/thumb drive please have that ready in the event that we need to use it.
  • Please be sure to subscribe to the topic if you have not already done so.
  • IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
    DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your operating system and losing all your programs and data.
     
    Having said that....   YBCQLm4.gif   Let's get going!!  
    ----------

    WFxJwA4.png
     
    mvp_horizontal_fullcolor-(copy2).jpeg
     


    #3 jeffce

    jeffce

      Bleepin' Super Saiyan


    • Malware Response Team
    • 3,442 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:USA
    • Local time:04:34 AM

    Posted 26 February 2014 - 10:23 AM

    Please download DDS from either of these links
     
    LINK 1
    LINK 2
     
    and save it to your desktop.

    • Disable any antivirus programs during the scan (If you have difficulty properly disabling your protective programs, refer to this link here )
    • Double click dds to run the tool.
    • When done, two DDS.txt's will open.
    • Save both reports to your desktop.

    ---------------------------------------------------
    Please include the contents of the following in your next reply:
     
    DDS.txt
     
    Attach.txt
    ----------
     

    LlJESjW.jpgMalwarebytes Anti-Rootkit
     
    Please download Malwarebytes Anti-Rootkit and save it to your desktop.

    • Be sure to print out and follow the instructions provided on that same page.
    • Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.
    • Scan your system for malware
    • If malware is found, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.

    If there is no malware found, please let me know as well.
    ----------
     

    81mYIKe.jpg  AdwCleaner
     
    Please download AdwCleaner by Xplode and save to your Desktop.

    • Double click on AdwCleaner.exe to run the tool
      Vista/Windows 7/8 users right-click and select Run As Administrator.
    • Click on the Scan button.
    • AdwCleaner will begin...be patient as the scan may take some time to complete.
    • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
    • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
    • Copy and paste the contents of that logfile in your next reply.
    • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

    ----------


    WFxJwA4.png
     
    mvp_horizontal_fullcolor-(copy2).jpeg
     


    #4 Tom95

    Tom95
    • Topic Starter

    • Members
    • 34 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:10:34 AM

    Posted 26 February 2014 - 02:49 PM

    Hi Jeff thanks for helping. Before I post the results of the scans I should note that before I did them, I restarted my computer and got the following message:

    "Checking file on system C:

    The type of file system is NTFS

    Volume label is os.

     

    One of your disks needs to be checekd for consistency. You may cancel the disk check, but it is strongly recommended that you continue. 

    Windows will now check the disk."

     

    I let it do its thing, and it took about 10 minutes.

     

    Now for the results of the scans:

     

     

    DDS:

    dds.exe:

     

    DDS (Ver_2012-11-20.01) - NTFS_AMD64 

    Internet Explorer: 10.0.9200.16798  BrowserJavaVersion: 10.51.2
    Run by Tom at 15:51:45 on 2014-02-26
    Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.3895.1464 [GMT 0:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
    AV: Norton AntiVirus *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
    SP: Norton AntiVirus *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Program Files\IDT\WDM\STacSV64.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\WLANExt.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\IDT\WDM\AESTSr64.exe
    C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Norton AntiVirus\Engine\21.1.0.18\NAV.exe
    C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\NST.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\Program Files (x86)\Norton AntiVirus\Engine\21.1.0.18\NAV.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\NST.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\IDT\WDM\sttray64.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files (x86)\LOLReplay\LOLRecorder.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files\CCleaner\CCleaner64.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    c:\Program Files\Microsoft Security Client\NisSrv.exe
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    c:\Program Files\Microsoft Security Client\MpCmdRun.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    mSearchAssistant = hxxp://www.google.com
    dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
    BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
    BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
    BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\21.1.0.18\IPS\IPSBHO.dll
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
    BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - <orphaned>
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO: Norton Identity Protection: {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\CoIEPlg.dll
    BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
    BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    TB: Norton Identity Safe Toolbar: {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\CoIEPlg.dll
    uRun: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
    mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
    mRun: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe /boot
    mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
    mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOLREC~1.LNK - C:\Program Files (x86)\LOLReplay\LOLRecorder.exe
    uPolicies-Explorer: NoDrives = dword:0
    mPolicies-Explorer: NoDrives = dword:0
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
    IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab
    DPF: {CAFEEFAC-0017-0000-0051-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab
    TCP: NameServer = 192.168.1.254 192.168.1.254
    TCP: Interfaces\{764C15A9-E77B-4623-A9A7-EEB1B16872AC} : DHCPNameServer = 192.168.1.254 192.168.1.254
    TCP: Interfaces\{764C15A9-E77B-4623-A9A7-EEB1B16872AC}\244584572633D2259383E4 : DHCPNameServer = 192.168.1.254
    TCP: Interfaces\{764C15A9-E77B-4623-A9A7-EEB1B16872AC}\244584F6D65684572623D234237393 : DHCPNameServer = 192.168.1.254
    TCP: Interfaces\{764C15A9-E77B-4623-A9A7-EEB1B16872AC}\348494C4455425E4 : DHCPNameServer = 192.168.0.1
    TCP: Interfaces\{764C15A9-E77B-4623-A9A7-EEB1B16872AC}\54C6C69637 : DHCPNameServer = 149.254.230.7 149.254.192.126
    TCP: Interfaces\{E8425C90-E77D-4385-8F97-62B90BDCA9F4} : NameServer = 0.0.0.0
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SSODL: WebCheck - <orphaned>
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll
    x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll
    x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Norton Identity Protection: {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.6.0.27\CoIEPlg.dll
    x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
    x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - 
    x64-BHO: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - 
    x64-TB: Norton Identity Safe Toolbar: {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.6.0.27\CoIEPlg.dll
    x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
    x64-Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
    x64-Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup
    x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
    x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
    x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
    x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    x64-IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll
    x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll
    x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\bj32ip0k.default\
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-4-19 28480]
    R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-1-31 36944]
    R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-11-8 307040]
    R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2011-12-23 47696]
    R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-4-11 384800]
    R1 BHDrvx64;BHDrvx64;C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\BASHDefs\20140214.001\BHDrvx64.sys [2014-2-14 1526488]
    R1 ccSet_NAV;NAV Settings Manager;C:\Windows\System32\drivers\NAVx64\1501000.012\ccSetx64.sys [2014-2-20 162392]
    R1 ccSet_NST;Norton Identity Safe Settings Manager;C:\Windows\System32\drivers\NSTx64\7DE06000.01B\ccSetx64.sys [2014-2-20 162392]
    R1 IDSVia64;IDSVia64;C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\IPSDefs\20140225.001\IDSviA64.sys [2014-2-26 521944]
    R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-12-10 127328]
    R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\avgidsfiltera.sys [2011-12-23 29776]
    R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2011-4-24 172704]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2014-2-21 137648]
    R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2011-4-24 56344]
    R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2011-4-24 158976]
    R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-8-23 317440]
    S3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2011-4-24 53800]
    S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2011-4-24 35104]
    S3 mbamchameleon;mbamchameleon;C:\Windows\System32\drivers\mbamchameleon.sys [2014-2-20 91352]
    .
    =============== Created Last 30 ================
    .
    2014-02-26 15:09:08 1031560 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6790DC7B-1975-48C7-9AF1-6F4B9A1E9855}\gapaengine.dll
    2014-02-26 15:09:03 10536864 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FC0A53F5-3887-43D4-854D-50BC72D78CB7}\mpengine.dll
    2014-02-26 15:03:26 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
    2014-02-26 15:03:21 -------- d-----w- C:\Program Files\Microsoft Security Client
    2014-02-26 15:00:12 -------- d-----w- C:\8fa6feb847bf92cd5b33f19ffcb5eaed
    2014-02-26 14:02:26 -------- d-----w- C:\cd5820c1c5853e9263ad04a8222d
    2014-02-26 14:02:26 -------- d-----w- C:\5466ea0d54236b026daeb8bfb2
    2014-02-25 03:16:34 -------- d-----w- C:\Windows\Migration
    2014-02-24 18:39:51 -------- d-----w- C:\d32a6793dcfe940d08f12665
    2014-02-21 23:02:09 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2014-02-21 22:46:36 -------- d-----w- C:\Users\Tom\AppData\Local\Adobe
    2014-02-21 22:29:27 -------- d-----w- C:\Program Files (x86)\VS Revo Group
    2014-02-21 22:01:48 -------- d-sh--w- C:\$RECYCLE.BIN
    2014-02-21 21:50:09 98816 ----a-w- C:\Windows\sed.exe
    2014-02-21 21:50:09 256000 ----a-w- C:\Windows\PEV.exe
    2014-02-21 21:50:09 208896 ----a-w- C:\Windows\MBR.exe
    2014-02-21 16:16:36 -------- d-----w- C:\553c43e0b7d409a2bc66e809487d
    2014-02-21 03:25:12 17858952 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
    2014-02-20 22:45:34 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
    2014-02-20 22:43:31 -------- d-----w- C:\Users\Tom\AppData\Local\CrashDumps
    2014-02-20 22:42:05 -------- d-----w- C:\ProgramData\NCOTEMP
    2014-02-20 22:41:53 162392 ----a-r- C:\Windows\System32\drivers\NSTx64\7DE06000.01B\ccSetx64.sys
    2014-02-20 22:41:49 -------- d-----w- C:\Windows\System32\drivers\NSTx64\7DE06000.01B
    2014-02-20 22:41:49 -------- d-----w- C:\Windows\System32\drivers\NSTx64
    2014-02-20 22:41:48 -------- d-----w- C:\Program Files (x86)\Norton Identity Safe
    2014-02-20 22:41:38 177752 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
    2014-02-20 22:41:38 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
    2014-02-20 22:40:54 590936 ----a-r- C:\Windows\System32\drivers\NAVx64\1501000.012\symnets.sys
    2014-02-20 22:40:54 493656 ----a-r- C:\Windows\System32\drivers\NAVx64\1501000.012\SymDS64.sys
    2014-02-20 22:40:54 23568 ----a-r- C:\Windows\System32\drivers\NAVx64\1501000.012\SymELAM.sys
    2014-02-20 22:40:54 1147480 ----a-r- C:\Windows\System32\drivers\NAVx64\1501000.012\SymEFA64.sys
    2014-02-20 22:40:53 858200 ----a-r- C:\Windows\System32\drivers\NAVx64\1501000.012\srtsp64.sys
    2014-02-20 22:40:53 36952 ----a-r- C:\Windows\System32\drivers\NAVx64\1501000.012\srtspx64.sys
    2014-02-20 22:40:53 264280 ----a-r- C:\Windows\System32\drivers\NAVx64\1501000.012\Ironx64.sys
    2014-02-20 22:40:53 162392 ----a-r- C:\Windows\System32\drivers\NAVx64\1501000.012\ccSetx64.sys
    2014-02-20 22:40:24 -------- d-----w- C:\Windows\System32\drivers\NAVx64\1501000.012
    2014-02-20 22:40:24 -------- d-----w- C:\Windows\System32\drivers\NAVx64
    2014-02-20 22:40:22 -------- d-----w- C:\Program Files (x86)\Norton AntiVirus
    2014-02-20 22:39:36 -------- d-----w- C:\Program Files (x86)\NortonInstaller
    2014-02-20 22:25:44 -------- d-----w- C:\Users\Tom\AppData\Roaming\ParetoLogic
    2014-02-20 22:25:44 -------- d-----w- C:\Users\Tom\AppData\Roaming\DriverCure
    2014-02-20 22:25:27 -------- d-----w- C:\ProgramData\ParetoLogic
    2014-02-20 00:46:42 119000 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
    2014-02-20 00:44:10 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
    2014-02-20 00:21:10 -------- d-----w- C:\FRST
    2014-02-19 05:17:12 -------- d-----w- C:\ProgramData\4shared Desktop
    2014-02-19 03:02:00 -------- d-----w- C:\3079c76fae4d62291d
    2014-02-17 09:06:17 -------- d-----w- C:\found.002
    2014-02-17 06:01:29 -------- d-----w- C:\Users\Tom\AppData\Roaming\Roxio Log Files
    2014-02-16 20:08:45 -------- d-----w- C:\Users\Tom\AppData\Local\Innovative Solutions
    2014-02-16 19:53:48 -------- d-----w- C:\ProgramData\Oracle
    2014-02-16 19:45:52 -------- d-----w- C:\ProgramData\Uniblue
    2014-02-16 03:20:16 -------- d-----w- C:\12503dd63dc0d9d73b870f
    2014-02-13 15:17:56 -------- d-----w- C:\Program Files\CCleaner
    2014-02-13 03:27:51 600064 ----a-w- C:\Windows\System32\vbscript.dll
    2014-02-13 03:27:51 523776 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2014-02-13 03:25:58 3960320 ----a-w- C:\Windows\System32\jscript9.dll
    2014-02-12 19:13:18 -------- d-----w- C:\Users\Tom\AppData\Local\jZip
    2014-02-12 12:06:19 1882112 ----a-w- C:\Windows\System32\msxml3.dll
    2014-02-12 12:06:19 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll
    2014-02-12 12:06:17 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
    2014-02-12 12:06:17 2048 ----a-w- C:\Windows\System32\msxml3r.dll
    2014-02-06 10:20:29 -------- d-----w- C:\found.001
    .
    ==================== Find3M  ====================
    .
    2014-02-21 03:26:19 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2014-02-21 03:26:19 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2014-02-01 09:19:49 2241536 ----a-w- C:\Windows\System32\wininet.dll
    2014-02-01 09:18:21 67072 ----a-w- C:\Windows\System32\iesetup.dll
    2014-02-01 09:18:21 136704 ----a-w- C:\Windows\System32\iesysprep.dll
    2014-02-01 07:58:31 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
    2014-02-01 07:57:20 2877952 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2014-02-01 07:57:16 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
    2014-02-01 07:57:16 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
    2014-02-01 07:40:43 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
    2014-02-01 07:34:53 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2014-02-01 06:45:40 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
    2014-02-01 06:38:03 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
    2014-01-19 07:33:29 270496 ------w- C:\Windows\System32\MpSigStub.exe
    2013-12-24 23:09:41 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
    2013-12-24 22:48:32 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
    2013-12-04 02:27:33 485888 ----a-w- C:\Windows\System32\secproc_isv.dll
    2013-12-04 02:27:33 123392 ----a-w- C:\Windows\System32\secproc_ssp_isv.dll
    2013-12-04 02:27:33 123392 ----a-w- C:\Windows\System32\secproc_ssp.dll
    2013-12-04 02:27:16 488448 ----a-w- C:\Windows\System32\secproc.dll
    2013-12-04 02:26:32 528384 ----a-w- C:\Windows\System32\msdrm.dll
    2013-12-04 02:16:51 658432 ----a-w- C:\Windows\System32\RMActivate_isv.exe
    2013-12-04 02:16:51 626176 ----a-w- C:\Windows\System32\RMActivate.exe
    2013-12-04 02:16:50 552960 ----a-w- C:\Windows\System32\RMActivate_ssp_isv.exe
    2013-12-04 02:16:48 553984 ----a-w- C:\Windows\System32\RMActivate_ssp.exe
    2013-12-04 02:03:20 87040 ----a-w- C:\Windows\SysWow64\secproc_ssp_isv.dll
    2013-12-04 02:03:20 87040 ----a-w- C:\Windows\SysWow64\secproc_ssp.dll
    2013-12-04 02:03:20 423936 ----a-w- C:\Windows\SysWow64\secproc_isv.dll
    2013-12-04 02:03:08 428032 ----a-w- C:\Windows\SysWow64\secproc.dll
    2013-12-04 02:02:06 390144 ----a-w- C:\Windows\SysWow64\msdrm.dll
    2013-12-04 01:54:14 510976 ----a-w- C:\Windows\SysWow64\RMActivate_ssp.exe
    2013-12-04 01:54:10 594944 ----a-w- C:\Windows\SysWow64\RMActivate_isv.exe
    2013-12-04 01:54:09 572416 ----a-w- C:\Windows\SysWow64\RMActivate.exe
    2013-12-04 01:54:06 508928 ----a-w- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
    .
    ============= FINISH: 15:54:48.59 ===============
     
    attach:
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium 
    Boot Device: \Device\HarddiskVolume2
    Install Date: 26/06/2011 14:34:49
    System Uptime: 26/02/2014 14:18:46 (1 hours ago)
    .
    Motherboard: Dell Inc. |  | 0WXY9J
    Processor: Intel® Core™ i3 CPU       M 380  @ 2.53GHz | CPU 1 | 2527/533mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 451 GiB total, 282.61 GiB free.
    D: is CDROM ()
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP248: 21/02/2014 15:58:55 - Windows Update
    RP251: 21/02/2014 22:14:50 - Removed Java™ 6 Update 24 (64-bit)
    RP252: 21/02/2014 22:30:52 - Revo Uninstaller's restore point - Adobe Reader X MUI
    RP253: 21/02/2014 22:34:33 - Revo Uninstaller's restore point - Java™ 6 Update 31
    RP254: 21/02/2014 22:36:55 - Removed Java™ 6 Update 31
    RP255: 21/02/2014 22:41:02 - Revo Uninstaller's restore point - Java 7 Update 51
    RP256: 21/02/2014 22:41:18 - Removed Java 7 Update 51
    RP257: 21/02/2014 22:44:12 - Revo Uninstaller's restore point - Java 7 Update 51
    RP258: 21/02/2014 23:01:28 - Installed Java 7 Update 51
    RP259: 22/02/2014 03:00:14 - Windows Update
    RP260: 24/02/2014 18:38:44 - Windows Update
    RP261: 24/02/2014 19:07:46 - Windows Update
    RP262: 25/02/2014 03:00:16 - Windows Update
    RP263: 26/02/2014 03:00:31 - Windows Update
    .
    ==== Installed Programs ======================
    .
    Adobe Flash Player 12 ActiveX
    Adobe Flash Player 12 Plugin
    Adobe Reader XI (11.0.06)
    Advanced Audio FX Engine
    Age of Empires Online
    Age of Empires® III: Complete Collection
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ASIO4ALL
    Audacity 2.0
    AVG 2012
    Bonjour
    CamStudio version 2.7
    CCleaner
    D3DX10
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    Dell DataSafe Local Backup
    Dell DataSafe Local Backup - Support Software
    Dell Edoc Viewer
    Dell Getting Started Guide
    Dell MusicStage
    Dell PhotoStage
    Dell Product Registration
    Dell Stage
    Dell Support Center
    Dell VideoStage
    Dell Webcam Central
    eBay
    FL Studio 10
    Football Manager 2012
    Football Manager 2012 Editor
    Football Manager 2013
    Football Manager 2013 Editor
    Football Manager 2014
    Fraps (remove only)
    GhostMouse
    Google Chrome
    Google Earth Plug-in
    Google Update Helper
    IDT Audio
    IL Download Manager
    IL Shared Libraries
    Intel PROSet Wireless
    Intel® Control Center
    Intel® Management Engine Components
    Intel® Processor Graphics
    Intel® PROSet/Wireless WiFi Software
    Intel® Rapid Storage Technology
    iTunes
    Java 7 Update 51
    Java Auto Updater
    Junk Mail filter update
    League of Legends
    Live! Cam Avatar Creator
    LOLReplay
    Malwarebytes Anti-Malware version 1.62.0.1300
    Mesh Runtime
    Messenger Companion
    Microsoft .NET Framework 4.5.1
    Microsoft Application Error Reporting
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office Office 64-bit Components 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Professional 2010
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared 64-bit MUI (English) 2010
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Single Image 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
    Mozilla Firefox 25.0.1 (x86 en-US)
    Mozilla Maintenance Service
    MSVCRT
    MSVCRT Redists
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Norton AntiVirus
    Norton Identity Safe
    Pando Media Booster
    Quickset64
    QuickTime
    Realtek USB 2.0 Card Reader
    Reason 4.0
    Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
    Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition
    Security Update for Microsoft InfoPath 2010 (KB2687422) 32-Bit Edition
    Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2687276) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
    Security Update for Microsoft Outlook 2010 (KB2837597) 32-Bit Edition
    Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition
    Security Update for Microsoft Visio 2010 (KB2810068) 32-Bit Edition
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
    Skype Toolbars
    Skype™ 6.3
    Spotify
    Steam
    Synaptics Pointing Device Driver
    Team Fortress 2
    The Battle for Middle-earth ™ II
    Unity Web Player
    Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
    Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2494150)
    Update for Microsoft Office 2010 (KB2553065)
    Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2566458)
    Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition
    Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition
    Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
    Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
    Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
    Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
    Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition
    Vegas Pro 10.0 (64-bit)
    Ventrilo Client for Windows x64
    WIDCOMM Bluetooth Software
    Windows Driver Package - Broadcom Corporation (BTHUSB) Bluetooth  (03/24/2010 6.3.0.2501)
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Language Selector
    Windows Live Mail
    Windows Live Mesh
    Windows Live Messenger
    Windows Live Messenger Companion Core
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live Remote Client
    Windows Live Remote Client Resources
    Windows Live Remote Service
    Windows Live Remote Service Resources
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    WinRAR 4.01 (64-bit)
    .
    ==== Event Viewer Messages From Past Week ========
    .
    26/02/2014 15:37:24, Error: iaStor [9]  - The device, \Device\Ide\iaStor0, did not respond within the timeout period.
    26/02/2014 15:36:12, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
    26/02/2014 13:44:22, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error:  An instance of the service is already running.
    26/02/2014 13:44:22, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Computer Browser service, but this action failed with the following error:  An instance of the service is already running.
    26/02/2014 13:42:22, Error: Service Control Manager [7034]  - The Windows Update service terminated unexpectedly.  It has done this 2 time(s).
    26/02/2014 13:42:22, Error: Service Control Manager [7031]  - The Windows Management Instrumentation service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.
    26/02/2014 13:42:22, Error: Service Control Manager [7031]  - The User Profile Service service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.
    26/02/2014 13:42:22, Error: Service Control Manager [7031]  - The Themes service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
    26/02/2014 13:42:22, Error: Service Control Manager [7031]  - The Task Scheduler service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
    26/02/2014 13:42:22, Error: Service Control Manager [7031]  - The System Event Notification Service service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.
    26/02/2014 13:42:22, Error: Service Control Manager [7031]  - The Shell Hardware Detection service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
    26/02/2014 13:42:22, Error: Service Control Manager [7031]  - The Server service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
    26/02/2014 13:42:22, Error: Service Control Manager [7031]  - The Secondary Logon service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.
    26/02/2014 13:42:22, Error: Service Control Manager [7031]  - The Remote Access Connection Manager service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.
    26/02/2014 13:42:22, Error: Service Control Manager [7031]  - The IP Helper service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.
    26/02/2014 13:42:22, Error: Service Control Manager [7031]  - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.
    26/02/2014 13:42:22, Error: Service Control Manager [7031]  - The Group Policy Client service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.
    26/02/2014 13:42:22, Error: Service Control Manager [7031]  - The Extensible Authentication Protocol service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
    26/02/2014 13:42:22, Error: Service Control Manager [7031]  - The Computer Browser service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
    26/02/2014 13:42:22, Error: Service Control Manager [7031]  - The Background Intelligent Transfer Service service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
    26/02/2014 13:27:47, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error:  An instance of the service is already running.
    26/02/2014 13:25:47, Error: Service Control Manager [7034]  - The Application Information service terminated unexpectedly.  It has done this 1 time(s).
    26/02/2014 13:25:47, Error: Service Control Manager [7031]  - The Windows Update service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
    26/02/2014 13:25:47, Error: Service Control Manager [7031]  - The Windows Management Instrumentation service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
    26/02/2014 13:25:47, Error: Service Control Manager [7031]  - The User Profile Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
    26/02/2014 13:25:47, Error: Service Control Manager [7031]  - The Themes service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
    26/02/2014 13:25:47, Error: Service Control Manager [7031]  - The Task Scheduler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
    26/02/2014 13:25:47, Error: Service Control Manager [7031]  - The System Event Notification Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
    26/02/2014 13:25:47, Error: Service Control Manager [7031]  - The Shell Hardware Detection service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
    26/02/2014 13:25:47, Error: Service Control Manager [7031]  - The Server service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
    26/02/2014 13:25:47, Error: Service Control Manager [7031]  - The Secondary Logon service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
    26/02/2014 13:25:47, Error: Service Control Manager [7031]  - The Remote Access Connection Manager service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
    26/02/2014 13:25:47, Error: Service Control Manager [7031]  - The Multimedia Class Scheduler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
    26/02/2014 13:25:47, Error: Service Control Manager [7031]  - The IP Helper service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
    26/02/2014 13:25:47, Error: Service Control Manager [7031]  - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
    26/02/2014 13:25:47, Error: Service Control Manager [7031]  - The Group Policy Client service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
    26/02/2014 13:25:47, Error: Service Control Manager [7031]  - The Extensible Authentication Protocol service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
    26/02/2014 13:25:47, Error: Service Control Manager [7031]  - The Background Intelligent Transfer Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
    26/02/2014 10:35:41, Error: Service Control Manager [7000]  - The Software Protection service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
    26/02/2014 10:35:39, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Software Protection service to connect.
    26/02/2014 07:54:36, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
    25/02/2014 14:59:50, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wlidsvc service.
    25/02/2014 06:07:01, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NAV service.
    25/02/2014 06:06:31, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wscsvc service.
    25/02/2014 06:04:20, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the upnphost service.
    25/02/2014 06:01:52, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NCO service.
    25/02/2014 05:30:29, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1053" attempting to start the service TrustedInstaller with arguments "" in order to run the server: {752073A1-23F2-4396-85F0-8FDB879ED0ED}
    25/02/2014 05:30:22, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Windows Modules Installer service to connect.
    25/02/2014 05:30:22, Error: Service Control Manager [7000]  - The Windows Modules Installer service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
    25/02/2014 03:29:03, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the FDResPub service.
    25/02/2014 03:28:31, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the iphlpsvc service.
    25/02/2014 03:15:05, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2898855).
    24/02/2014 20:17:37, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2901110).
    24/02/2014 19:04:53, Error: NetBT [4307]  - Initialization failed because the transport refused to open initial addresses.
    22/02/2014 15:20:50, Error: Service Control Manager [7034]  - The Windows Update service terminated unexpectedly.  It has done this 3 time(s).
    22/02/2014 15:20:50, Error: Service Control Manager [7034]  - The Windows Management Instrumentation service terminated unexpectedly.  It has done this 3 time(s).
    22/02/2014 15:20:50, Error: Service Control Manager [7034]  - The User Profile Service service terminated unexpectedly.  It has done this 3 time(s).
    22/02/2014 15:20:50, Error: Service Control Manager [7034]  - The Themes service terminated unexpectedly.  It has done this 3 time(s).
    22/02/2014 15:20:50, Error: Service Control Manager [7034]  - The Task Scheduler service terminated unexpectedly.  It has done this 3 time(s).
    22/02/2014 15:20:50, Error: Service Control Manager [7034]  - The System Event Notification Service service terminated unexpectedly.  It has done this 3 time(s).
    22/02/2014 15:20:50, Error: Service Control Manager [7034]  - The Server service terminated unexpectedly.  It has done this 3 time(s).
    22/02/2014 15:20:50, Error: Service Control Manager [7034]  - The Secondary Logon service terminated unexpectedly.  It has done this 3 time(s).
    22/02/2014 15:20:50, Error: Service Control Manager [7034]  - The Remote Access Connection Manager service terminated unexpectedly.  It has done this 3 time(s).
    22/02/2014 15:20:50, Error: Service Control Manager [7034]  - The Multimedia Class Scheduler service terminated unexpectedly.  It has done this 3 time(s).
    22/02/2014 15:20:50, Error: Service Control Manager [7034]  - The IP Helper service terminated unexpectedly.  It has done this 3 time(s).
    22/02/2014 15:20:50, Error: Service Control Manager [7034]  - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly.  It has done this 3 time(s).
    22/02/2014 15:20:50, Error: Service Control Manager [7034]  - The Group Policy Client service terminated unexpectedly.  It has done this 3 time(s).
    22/02/2014 15:20:50, Error: Service Control Manager [7034]  - The Extensible Authentication Protocol service terminated unexpectedly.  It has done this 3 time(s).
    22/02/2014 15:20:50, Error: Service Control Manager [7034]  - The Background Intelligent Transfer Service service terminated unexpectedly.  It has done this 3 time(s).
    22/02/2014 15:20:50, Error: Service Control Manager [7034]  - The Application Information service terminated unexpectedly.  It has done this 3 time(s).
    22/02/2014 15:20:50, Error: Service Control Manager [7031]  - The Application Experience service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
    22/02/2014 03:51:08, Error: Service Control Manager [7034]  - The Application Information service terminated unexpectedly.  It has done this 2 time(s).
    22/02/2014 03:51:08, Error: Service Control Manager [7031]  - The Multimedia Class Scheduler service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.
    22/02/2014 03:51:08, Error: Service Control Manager [7031]  - The Computer Browser service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.
    21/02/2014 23:05:39, Error: Service Control Manager [7031]  - The Norton Identity Safe service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
    21/02/2014 21:59:17, Error: Service Control Manager [7030]  - The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
    21/02/2014 21:58:39, Error: Application Popup [1060]  - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
    21/02/2014 16:58:42, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Windows Installer service to connect.
    21/02/2014 16:58:42, Error: Service Control Manager [7000]  - The Windows Installer service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
    21/02/2014 16:58:42, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1053" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
    21/02/2014 16:38:25, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000009f (0x0000000000000004, 0x0000000000000258, 0xfffffa8003b80040, 0xfffff800053d7510). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 022114-89887-01.
    21/02/2014 14:44:06, Error: volsnap [14]  - The shadow copies of volume C: were aborted because of an IO failure on volume C:.
    21/02/2014 09:39:16, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.
    21/02/2014 07:34:23, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Adobe Flash Player Update Service service to connect.
    21/02/2014 07:34:23, Error: Service Control Manager [7000]  - The Adobe Flash Player Update Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
    20/02/2014 22:02:36, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the User Profile Service service, but this action failed with the following error:  An instance of the service is already running.
    20/02/2014 21:58:36, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Application Experience service, but this action failed with the following error:  An instance of the service is already running.
    20/02/2014 21:57:36, Error: Service Control Manager [7031]  - The Application Experience service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
    20/02/2014 18:38:06, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the RpcSs service.
    20/02/2014 18:35:51, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the UNS service.
    20/02/2014 03:15:02, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Internet Explorer 11 for Windows 7 for x64-based Systems.
    20/02/2014 01:41:05, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Multimedia Class Scheduler service, but this action failed with the following error:  An instance of the service is already running.
    20/02/2014 01:40:00, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Base Filtering Engine service, but this action failed with the following error:  An instance of the service is already running.
    20/02/2014 01:38:00, Error: Service Control Manager [7031]  - The Windows Firewall service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
    20/02/2014 01:38:00, Error: Service Control Manager [7031]  - The Diagnostic Policy Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
    20/02/2014 01:38:00, Error: Service Control Manager [7031]  - The Base Filtering Engine service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
    20/02/2014 01:33:25, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Event Log service, but this action failed with the following error:  An instance of the service is already running.
    20/02/2014 01:33:21, Error: Service Control Manager [7031]  - The WLAN AutoConfig service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.
    20/02/2014 01:33:21, Error: Service Control Manager [7031]  - The Windows Audio Endpoint Builder service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
    20/02/2014 01:33:21, Error: Service Control Manager [7031]  - The Program Compatibility Assistant Service service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
    20/02/2014 01:33:21, Error: Service Control Manager [7031]  - The Network Connections service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 100 milliseconds: Restart the service.
    20/02/2014 01:33:21, Error: Service Control Manager [7031]  - The Human Interface Device Access service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.
    20/02/2014 01:33:21, Error: Service Control Manager [7031]  - The HomeGroup Listener service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
    20/02/2014 01:33:21, Error: Service Control Manager [7031]  - The Distributed Link Tracking Client service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.
    20/02/2014 01:33:21, Error: Service Control Manager [7031]  - The Desktop Window Manager Session Manager service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.
    20/02/2014 01:32:48, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Function Discovery Resource Publication service, but this action failed with the following error:  An instance of the service is already running.
    20/02/2014 01:32:25, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the HomeGroup Provider service, but this action failed with the following error:  An instance of the service is already running.
    20/02/2014 01:32:17, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Shell Hardware Detection service, but this action failed with the following error:  An instance of the service is already running.
    20/02/2014 01:31:49, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Network Store Interface Service service, but this action failed with the following error:  An instance of the service is already running.
    20/02/2014 01:31:28, Error: Service Control Manager [7031]  - The Peer Networking Identity Manager service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.
    20/02/2014 01:31:28, Error: Service Control Manager [7031]  - The Peer Networking Grouping service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.
    20/02/2014 01:31:28, Error: Service Control Manager [7031]  - The Peer Name Resolution Protocol service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.
    20/02/2014 01:31:25, Error: Service Control Manager [7031]  - The Windows Event Log service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
    20/02/2014 01:31:25, Error: Service Control Manager [7031]  - The Windows Audio service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
    20/02/2014 01:31:25, Error: Service Control Manager [7031]  - The TCP/IP NetBIOS Helper service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 100 milliseconds: Restart the service.
    20/02/2014 01:31:25, Error: Service Control Manager [7031]  - The HomeGroup Provider service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
    20/02/2014 01:31:17, Error: Service Control Manager [7034]  - The Problem Reports and Solutions Control Panel Support service terminated unexpectedly.  It has done this 1 time(s).
    20/02/2014 01:30:48, Error: Service Control Manager [7031]  - The UPnP Device Host service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 100 milliseconds: Restart the service.
    20/02/2014 01:30:48, Error: Service Control Manager [7031]  - The SSDP Discovery service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 100 milliseconds: Restart the service.
    20/02/2014 01:30:48, Error: Service Control Manager [7031]  - The Function Discovery Resource Publication service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
    20/02/2014 01:29:52, Error: Service Control Manager [7031]  - The Windows Event Log service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
    20/02/2014 01:29:52, Error: Service Control Manager [7031]  - The Windows Audio service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
    20/02/2014 01:29:52, Error: Service Control Manager [7031]  - The TCP/IP NetBIOS Helper service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 100 milliseconds: Restart the service.
    20/02/2014 01:29:52, Error: Service Control Manager [7031]  - The Security Center service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
    20/02/2014 01:29:52, Error: Service Control Manager [7031]  - The HomeGroup Provider service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
    20/02/2014 01:29:52, Error: Service Control Manager [7031]  - The DHCP Client service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
    20/02/2014 00:07:29, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Diagnostic Service Host service to connect.
    20/02/2014 00:07:29, Error: Service Control Manager [7000]  - The Diagnostic Service Host service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
    20/02/2014 00:07:00, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the RPC Endpoint Mapper service, but this action failed with the following error:  An instance of the service is already running.
    20/02/2014 00:06:55, Error: Service Control Manager [7001]  - The Remote Procedure Call (RPC) service depends on the RPC Endpoint Mapper service which failed to start because of the following error:  The service has not been started.
    20/02/2014 00:06:55, Error: Service Control Manager [7001]  - The Function Discovery Resource Publication service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error:  The dependency service or group failed to start.
    20/02/2014 00:06:54, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Server service to connect.
    20/02/2014 00:06:54, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Network Store Interface Service service to connect.
    20/02/2014 00:06:54, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Multimedia Class Scheduler service to connect.
    20/02/2014 00:06:54, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the IKE and AuthIP IPsec Keying Modules service to connect.
    20/02/2014 00:06:54, Error: Service Control Manager [7001]  - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error:  The service did not respond to the start or control request in a timely fashion.
    20/02/2014 00:06:54, Error: Service Control Manager [7001]  - The User Profile Service service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error:  The dependency service or group failed to start.
    20/02/2014 00:06:54, Error: Service Control Manager [7001]  - The System Event Notification Service service depends on the COM+ Event System service which failed to start because of the following error:  The dependency service or group failed to start.
    20/02/2014 00:06:54, Error: Service Control Manager [7001]  - The IP Helper service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error:  The dependency service or group failed to start.
    20/02/2014 00:06:54, Error: Service Control Manager [7001]  - The Group Policy Client service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error:  The dependency service or group failed to start.
    20/02/2014 00:06:54, Error: Service Control Manager [7001]  - The Extensible Authentication Protocol service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error:  The dependency service or group failed to start.
    20/02/2014 00:06:54, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The service did not respond to the start or control request in a timely fashion.
    20/02/2014 00:06:54, Error: Service Control Manager [7001]  - The COM+ Event System service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error:  The dependency service or group failed to start.
    20/02/2014 00:06:54, Error: Service Control Manager [7000]  - The Server service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
    20/02/2014 00:06:54, Error: Service Control Manager [7000]  - The Network Store Interface Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
    20/02/2014 00:06:54, Error: Service Control Manager [7000]  - The Multimedia Class Scheduler service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
    20/02/2014 00:06:54, Error: Service Control Manager [7000]  - The IKE and AuthIP IPsec Keying Modules service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
    20/02/2014 00:06:32, Error: Service Control Manager [7001]  - The WLAN AutoConfig service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error:  The dependency service or group failed to start.
    20/02/2014 00:06:32, Error: Service Control Manager [7001]  - The Distributed Link Tracking Client service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error:  The dependency service or group failed to start.
    20/02/2014 00:06:29, Error: Service Control Manager [7001]  - The DNS Client service depends on the Network Store Interface Service service which failed to start because of the following error:  The service did not respond to the start or control request in a timely fashion.
    20/02/2014 00:05:54, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Themes service to connect.
    20/02/2014 00:05:54, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Application Experience service to connect.
    20/02/2014 00:05:54, Error: Service Control Manager [7001]  - The Windows Update service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error:  The dependency service or group failed to start.
    20/02/2014 00:05:54, Error: Service Control Manager [7001]  - The Task Scheduler service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error:  The dependency service or group failed to start.
    20/02/2014 00:05:54, Error: Service Control Manager [7001]  - The Background Intelligent Transfer Service service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error:  The dependency service or group failed to start.
    20/02/2014 00:05:54, Error: Service Control Manager [7000]  - The Themes service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
    20/02/2014 00:05:54, Error: Service Control Manager [7000]  - The Application Experience service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
    20/02/2014 00:05:32, Error: Service Control Manager [7001]  - The Program Compatibility Assistant Service service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error:  The dependency service or group failed to start.
    20/02/2014 00:05:32, Error: Service Control Manager [7001]  - The HomeGroup Listener service depends on the Server service which failed to start because of the following error:  The service did not respond to the start or control request in a timely fashion.
    20/02/2014 00:05:29, Error: Service Control Manager [7001]  - The Cryptographic Services service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error:  The dependency service or group failed to start.
    20/02/2014 00:05:24, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Windows Font Cache Service service to connect.
    20/02/2014 00:05:24, Error: Service Control Manager [7000]  - The Windows Font Cache Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
    20/02/2014 00:05:07, Error: Service Control Manager [7034]  - The WinHTTP Web Proxy Auto-Discovery Service service terminated unexpectedly.  It has done this 2 time(s).
    20/02/2014 00:05:07, Error: Service Control Manager [7034]  - The Diagnostic Service Host service terminated unexpectedly.  It has done this 2 time(s).
    20/02/2014 00:05:07, Error: Service Control Manager [7031]  - The Network Store Interface Service service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.
    20/02/2014 00:05:07, Error: Service Control Manager [7031]  - The Network List Service service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 100 milliseconds: Restart the service.
    20/02/2014 00:05:07, Error: Service Control Manager [7031]  - The COM+ Event System service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
    20/02/2014 00:05:07, Error: Service Control Manager [7001]  - The Remote Procedure Call (RPC) service depends on the RPC Endpoint Mapper service which failed to start because of the following error:  The service has returned a service-specific error code.
    20/02/2014 00:05:07, Error: Service Control Manager [7001]  - The Network Location Awareness service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error:  The dependency service or group failed to start.
    20/02/2014 00:05:07, Error: Service Control Manager [7001]  - The Network List Service service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error:  The dependency service or group failed to start.
    20/02/2014 00:05:03, Error: Service Control Manager [7034]  - The Network Location Awareness service terminated unexpectedly.  It has done this 3 time(s).
    20/02/2014 00:05:00, Error: Service Control Manager [7031]  - The RPC Endpoint Mapper service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
    20/02/2014 00:05:00, Error: Service Control Manager [7031]  - The Remote Procedure Call (RPC) service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
    20/02/2014 00:04:49, Error: Service Control Manager [7031]  - The Network Location Awareness service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 100 milliseconds: Restart the service.
    20/02/2014 00:04:49, Error: Service Control Manager [7031]  - The DNS Client service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.
    20/02/2014 00:04:32, Error: Service Control Manager [7034]  - The Diagnostic System Host service terminated unexpectedly.  It has done this 1 time(s).
    20/02/2014 00:04:32, Error: Service Control Manager [7031]  - The WLAN AutoConfig service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
    20/02/2014 00:04:32, Error: Service Control Manager [7031]  - The Windows Audio Endpoint Builder service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
    20/02/2014 00:04:32, Error: Service Control Manager [7031]  - The Program Compatibility Assistant Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
    20/02/2014 00:04:32, Error: Service Control Manager [7031]  - The Network Connections service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 100 milliseconds: Restart the service.
    20/02/2014 00:04:32, Error: Service Control Manager [7031]  - The Human Interface Device Access service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
    20/02/2014 00:04:32, Error: Service Control Manager [7031]  - The HomeGroup Listener service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
    20/02/2014 00:04:32, Error: Service Control Manager [7031]  - The Distributed Link Tracking Client service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
    20/02/2014 00:04:32, Error: Service Control Manager [7031]  - The Desktop Window Manager Session Manager service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
    20/02/2014 00:04:29, Error: Service Control Manager [7031]  - The Workstation service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
    20/02/2014 00:04:29, Error: Service Control Manager [7031]  - The Network Location Awareness service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 100 milliseconds: Restart the service.
    20/02/2014 00:04:29, Error: Service Control Manager [7031]  - The DNS Client service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
    20/02/2014 00:04:29, Error: Service Control Manager [7031]  - The Cryptographic Services service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
    20/02/2014 00:04:24, Error: Service Control Manager [7034]  - The Function Discovery Provider Host service terminated unexpectedly.  It has done this 1 time(s).
    20/02/2014 00:04:24, Error: Service Control Manager [7034]  - The Diagnostic Service Host service terminated unexpectedly.  It has done this 1 time(s).
    20/02/2014 00:04:24, Error: Service Control Manager [7031]  - The WinHTTP Web Proxy Auto-Discovery Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
    20/02/2014 00:04:24, Error: Service Control Manager [7031]  - The Windows Font Cache Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
    20/02/2014 00:04:24, Error: Service Control Manager [7031]  - The Network Store Interface Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
    20/02/2014 00:04:24, Error: Service Control Manager [7031]  - The Network List Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 100 milliseconds: Restart the service.
    20/02/2014 00:04:24, Error: Service Control Manager [7031]  - The COM+ Event System service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.
    19/02/2014 20:31:25, Error: Server [2505]  - The server could not bind to the transport \Device\NetBT_Tcpip_{764C15A9-E77B-4623-A9A7-EEB1B16872AC} because another computer on the network has the same name.  The server could not start.
    19/02/2014 20:31:06, Error: BTHUSB [17]  - The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
    19/02/2014 20:31:03, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Appinfo service.
    19/02/2014 05:44:34, Error: Service Control Manager [7034]  - The Hotspot Shield Monitoring Service service terminated unexpectedly.  It has done this 1 time(s).
    19/02/2014 03:56:50, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
    .
    ==== End Of File ===========================
     
    Malwarebytes:
     
    It didn't find anything.
     
    AdwCleaner:
     
    Didn't find anything either, but still attempted to delete files even though it didnt find any.


    #5 Tom95

    Tom95
    • Topic Starter

    • Members
    • 34 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:10:34 AM

    Posted 26 February 2014 - 02:59 PM

    By the way, this is what my task manager looks like when everything is running 'normally' (when svchost hasnt decided to freeze my computer yet)

     

    cQ5S5J1.gif



    #6 jeffce

    jeffce

      Bleepin' Super Saiyan


    • Malware Response Team
    • 3,442 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:USA
    • Local time:04:34 AM

    Posted 26 February 2014 - 03:06 PM

    weVCzW0.jpg Please download TDSSKiller

    • Double click TDSSKiller.exe
    • Press Start Scan but do nothing else as we are just looking for what is there.
    • If Malicious objects are found, select Skip by changing the Cure dropdown in the upper right.
    • Attach the log in your next reply
      • A copy of the log will be saved automatically to the root of the drive (typically C:\)

    ----------


    WFxJwA4.png
     
    mvp_horizontal_fullcolor-(copy2).jpeg
     


    #7 Tom95

    Tom95
    • Topic Starter

    • Members
    • 34 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:10:34 AM

    Posted 26 February 2014 - 03:24 PM

    Well,TDDSKiller scanned 473 objects and found 0 threats. It also disabled my internet when it was scanning.

     

    Does this sound normal?



    #8 jeffce

    jeffce

      Bleepin' Super Saiyan


    • Malware Response Team
    • 3,442 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:USA
    • Local time:04:34 AM

    Posted 26 February 2014 - 03:35 PM

    No that doesnt.....TDSSKiller only scan until told to do otherwise.
     
    ComboFix
     
    Download Combofix from either of the links below, and save it to your desktop.  
    Link 1
    Link 2
     
    **Note:  It is important that it is saved directly to your desktop**
    If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.


     
    --------------------------------------------------------------------
     
    IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
     
    --------------------------------------------------------------------
     
    Right-Click and Run as Administrator on ComboFix.exe & follow the prompts.

    • When finished, it will produce a report for you.
    • Please post the C:\ComboFix.txt for further review.

    WFxJwA4.png
     
    mvp_horizontal_fullcolor-(copy2).jpeg
     


    #9 Tom95

    Tom95
    • Topic Starter

    • Members
    • 34 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:10:34 AM

    Posted 26 February 2014 - 04:12 PM

    Here's the Combofix log:

     

    ComboFix 14-02-20.01 - Tom 26/02/2014  20:56:49.2.4 - x64
    Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.3895.1714 [GMT 0:00]
    Running from: c:\users\Tom\Downloads\ComboFix.exe
    AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
    AV: Norton AntiVirus *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
    SP: Norton AntiVirus *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    (((((((((((((((((((((((((   Files Created from 2014-01-26 to 2014-02-26  )))))))))))))))))))))))))))))))
    .
    .
    2014-02-26 21:05 . 2014-02-26 21:05 -------- d-----w- c:\users\Default\AppData\Local\temp
    2014-02-26 19:26 . 2014-02-26 19:26 -------- d-----w- C:\found.003
    2014-02-26 16:07 . 2014-02-26 19:36 75888 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FC0A53F5-3887-43D4-854D-50BC72D78CB7}\offreg.dll
    2014-02-26 16:06 . 2014-02-26 19:03 -------- d-----w- C:\AdwCleaner
    2014-02-26 16:04 . 2014-02-26 16:07 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
    2014-02-26 15:09 . 2014-02-26 15:08 1031560 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6790DC7B-1975-48C7-9AF1-6F4B9A1E9855}\gapaengine.dll
    2014-02-26 15:09 . 2014-02-06 01:01 10536864 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FC0A53F5-3887-43D4-854D-50BC72D78CB7}\mpengine.dll
    2014-02-26 15:03 . 2014-02-26 15:03 -------- d-----w- c:\program files (x86)\Microsoft Security Client
    2014-02-26 15:03 . 2014-02-26 15:03 -------- d-----w- c:\program files\Microsoft Security Client
    2014-02-26 14:02 . 2014-02-26 14:02 -------- d-----w- C:\5466ea0d54236b026daeb8bfb2
    2014-02-26 14:02 . 2014-02-26 14:02 -------- d-----w- C:\cd5820c1c5853e9263ad04a8222d
    2014-02-25 03:16 . 2014-02-25 03:16 -------- d-----w- c:\windows\Migration
    2014-02-24 18:39 . 2014-02-24 18:39 -------- d-----w- C:\d32a6793dcfe940d08f12665
    2014-02-21 23:02 . 2014-02-21 23:02 -------- d-----w- c:\program files (x86)\Common Files\Java
    2014-02-21 23:02 . 2014-02-21 23:01 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
    2014-02-21 22:46 . 2014-02-23 23:07 -------- d-----w- c:\users\Tom\AppData\Local\Adobe
    2014-02-21 22:29 . 2014-02-22 01:41 -------- d-----w- c:\program files (x86)\VS Revo Group
    2014-02-21 16:16 . 2014-02-21 16:16 -------- d-----w- C:\553c43e0b7d409a2bc66e809487d
    2014-02-21 03:25 . 2014-02-21 03:25 17858952 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
    2014-02-20 22:45 . 2014-02-20 22:45 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
    2014-02-20 22:43 . 2014-02-24 18:15 -------- d-----w- c:\users\Tom\AppData\Local\CrashDumps
    2014-02-20 22:42 . 2014-02-20 22:42 -------- d-----w- c:\programdata\NCOTEMP
    2014-02-20 22:41 . 2014-02-20 22:41 -------- d-----w- c:\windows\system32\drivers\NSTx64
    2014-02-20 22:41 . 2014-02-20 22:41 -------- d-----w- c:\program files (x86)\Norton Identity Safe
    2014-02-20 22:41 . 2014-02-20 22:41 177752 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
    2014-02-20 22:41 . 2014-02-20 22:41 -------- d-----w- c:\program files\Common Files\Symantec Shared
    2014-02-20 22:40 . 2014-02-20 22:40 -------- d-----w- c:\windows\system32\drivers\NAVx64
    2014-02-20 22:40 . 2014-02-20 22:40 -------- d-----w- c:\program files (x86)\Norton AntiVirus
    2014-02-20 22:39 . 2014-02-20 22:41 -------- d-----w- c:\program files (x86)\NortonInstaller
    2014-02-20 22:25 . 2014-02-20 22:25 -------- d-----w- c:\users\Tom\AppData\Roaming\ParetoLogic
    2014-02-20 22:25 . 2014-02-20 22:25 -------- d-----w- c:\users\Tom\AppData\Roaming\DriverCure
    2014-02-20 00:46 . 2014-02-26 16:04 119000 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2014-02-20 00:44 . 2014-02-20 00:45 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2014-02-20 00:21 . 2014-02-20 00:32 -------- d-----w- C:\FRST
    2014-02-19 05:17 . 2014-02-19 05:17 -------- d-----w- c:\programdata\4shared Desktop
    2014-02-19 03:02 . 2014-02-19 03:02 -------- d-----w- C:\3079c76fae4d62291d
    2014-02-17 09:06 . 2014-02-17 09:06 -------- d-----w- C:\found.002
    2014-02-17 06:01 . 2014-02-17 06:01 -------- d-----w- c:\users\Tom\AppData\Roaming\Roxio Log Files
    2014-02-16 20:08 . 2014-02-16 20:08 -------- d-----w- c:\users\Tom\AppData\Local\Innovative Solutions
    2014-02-16 19:53 . 2014-02-21 23:03 -------- d-----w- c:\programdata\Oracle
    2014-02-16 03:20 . 2014-02-16 08:57 -------- d-----w- C:\12503dd63dc0d9d73b870f
    2014-02-13 15:17 . 2014-02-13 15:18 -------- d-----w- c:\program files\CCleaner
    2014-02-13 03:27 . 2013-12-21 09:39 600064 ----a-w- c:\windows\system32\vbscript.dll
    2014-02-13 03:27 . 2013-12-21 07:56 523776 ----a-w- c:\windows\SysWow64\vbscript.dll
    2014-02-13 03:25 . 2014-02-01 09:18 3960320 ----a-w- c:\windows\system32\jscript9.dll
    2014-02-12 19:13 . 2014-02-13 14:44 -------- d-----w- c:\users\Tom\AppData\Local\jZip
    2014-02-12 12:06 . 2013-12-06 02:30 1882112 ----a-w- c:\windows\system32\msxml3.dll
    2014-02-12 12:06 . 2013-12-06 02:02 1237504 ----a-w- c:\windows\SysWow64\msxml3.dll
    2014-02-12 12:06 . 2013-12-06 02:30 2048 ----a-w- c:\windows\system32\msxml3r.dll
    2014-02-12 12:06 . 2013-12-06 02:02 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
    2014-02-06 10:20 . 2014-02-06 10:20 -------- d-----w- C:\found.001
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2014-02-21 03:26 . 2012-04-11 18:35 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2014-02-21 03:26 . 2012-04-11 18:35 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2014-02-17 03:22 . 2012-07-22 23:53 88567024 ----a-w- c:\windows\system32\MRT.exe
    2014-01-19 07:33 . 2011-08-24 20:32 270496 ------w- c:\windows\system32\MpSigStub.exe
    .
    .
    (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown 
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2014-01-21 6087448]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-06-08 284696]
    "Dell Registration"="c:\program files (x86)\System Registration\prodreg.exe" [2010-11-10 4144448]
    "AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-11-19 2598520]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
    "c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-15 559616]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    LOLRecorder.lnk - c:\program files (x86)\LOLReplay\LOLRecorder.exe -minimize [2013-12-11 526848]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ   autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
    R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys;c:\windows\SYSNATIVE\drivers\btusbflt.sys [x]
    R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
    R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]
    R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
    R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
    R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
    R4 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
    S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
    S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
    S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAVx64\1501000.012\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NAVx64\1501000.012\SYMDS64.SYS [x]
    S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAVx64\1501000.012\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NAVx64\1501000.012\SYMEFA64.SYS [x]
    S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
    S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
    S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
    S1 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\BASHDefs\20140214.001\BHDrvx64.sys;c:\program files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\BASHDefs\20140214.001\BHDrvx64.sys [x]
    S1 ccSet_NAV;NAV Settings Manager;c:\windows\system32\drivers\NAVx64\1501000.012\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NAVx64\1501000.012\ccSetx64.sys [x]
    S1 ccSet_NST;Norton Identity Safe Settings Manager;c:\windows\system32\drivers\NSTx64\7DE06000.01B\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NSTx64\7DE06000.01B\ccSetx64.sys [x]
    S1 IDSVia64;IDSVia64;c:\program files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\IPSDefs\20140225.001\IDSvia64.sys;c:\program files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\IPSDefs\20140225.001\IDSvia64.sys [x]
    S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAVx64\1501000.012\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NAVx64\1501000.012\Ironx64.SYS [x]
    S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\NAVx64\1501000.012\SYMNETS.SYS;c:\windows\SYSNATIVE\drivers\NAVx64\1501000.012\SYMNETS.SYS [x]
    S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
    S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [x]
    S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [x]
    S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
    S2 NAV;Norton AntiVirus;c:\program files (x86)\Norton AntiVirus\Engine\21.1.0.18\NAV.exe;c:\program files (x86)\Norton AntiVirus\Engine\21.1.0.18\NAV.exe [x]
    S2 NCO;Norton Identity Safe;c:\program files (x86)\Norton Identity Safe\Engine\2014.6.0.27\NST.exe;c:\program files (x86)\Norton Identity Safe\Engine\2014.6.0.27\NST.exe [x]
    S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
    S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
    S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsfiltera.sys [x]
    S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
    S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
    S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
    S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
    S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5s64.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - 45469502
    *Deregistered* - 45469502
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2014-02-21 21:19 1150280 ----a-w- c:\program files (x86)\Google\Chrome\Application\33.0.1750.117\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2014-02-26 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 03:26]
    .
    2014-02-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-24 23:29]
    .
    2014-02-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-24 23:29]
    .
    2013-01-22 c:\windows\Tasks\ROC_REG_JAN_DELETE.job
    - c:\programdata\AVG January 2013 Campaign\ROC.exe [2013-01-21 21:16]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
    c:\program files (x86)\Hotspot Shield\HssIE\HssIE_64.dll [BU]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-06-18 487424]
    "IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-03-05 1928976]
    "DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-01-25 1802472]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-08-09 167744]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-08-09 392512]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2012-08-09 417088]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 1266912]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    mSearchAssistant = hxxp://www.google.com
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
    IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    TCP: DhcpNameServer = 192.168.1.254 192.168.1.254
    TCP: Interfaces\{E8425C90-E77D-4385-8F97-62B90BDCA9F4}: NameServer = 0.0.0.0
    FF - ProfilePath - c:\users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\bj32ip0k.default\
    .
    - - - - ORPHANS REMOVED - - - -
    .
    BHO-{84FF7BD6-B47F-46F8-9130-01B2696B36CB} - (no file)
    Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    .
    .
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\NAV]
    "ImagePath"="\"c:\program files (x86)\Norton AntiVirus\Engine\21.1.0.18\NAV.exe\" /s \"NAV\" /m \"c:\program files (x86)\Norton AntiVirus\Engine\21.1.0.18\diMaster.dll\" /prefetch:1"
    --
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\NCO]
    "ImagePath"="\"c:\program files (x86)\Norton Identity Safe\Engine\2014.6.0.27\NST.exe\" /s \"NCO\" /m \"c:\program files (x86)\Norton Identity Safe\Engine\2014.6.0.27\diMaster.dll\" /prefetch:1"
    "ImagePath"="\SystemRoot\system32\drivers\NAVx64\1501000.012\SYMNETS.SYS"
    "TrustedImagePaths"="c:\program files (x86)\Norton AntiVirus\Engine\21.1.0.18;c:\program files (x86)\Norton AntiVirus\Engine64\21.1.0.18"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_70_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_70_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.12"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\McAfee]
    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
       00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2014-02-26  21:09:21
    ComboFix-quarantined-files.txt  2014-02-26 21:09
    ComboFix2.txt  2014-02-21 22:01
    .
    Pre-Run: 303,406,186,496 bytes free
    Post-Run: 303,359,717,376 bytes free
    .
    - - End Of File - - 843DE28AFE3468A4EFC289491339BC94


    #10 jeffce

    jeffce

      Bleepin' Super Saiyan


    • Malware Response Team
    • 3,442 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:USA
    • Local time:04:34 AM

    Posted 26 February 2014 - 07:18 PM

    Just to check....is your internet still disabled??  :)


    WFxJwA4.png
     
    mvp_horizontal_fullcolor-(copy2).jpeg
     


    #11 Tom95

    Tom95
    • Topic Starter

    • Members
    • 34 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:10:34 AM

    Posted 27 February 2014 - 10:15 AM

    Just to check....is your internet still disabled??   :)

    I wouldn't have been able to post that log if it was still disabled!!

    :D


    Edited by Tom95, 27 February 2014 - 10:15 AM.


    #12 jeffce

    jeffce

      Bleepin' Super Saiyan


    • Malware Response Team
    • 3,442 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:USA
    • Local time:04:34 AM

    Posted 27 February 2014 - 12:10 PM

    I wouldn't have been able to post that log if it was still disabled!!

     

    LOL!  True, but I needed to verify because some people will transfer the logs from an infected system to one that is not so that they can post.

     

    I will return as quick as I can with the next set of instructions.  :)


    WFxJwA4.png
     
    mvp_horizontal_fullcolor-(copy2).jpeg
     


    #13 Tom95

    Tom95
    • Topic Starter

    • Members
    • 34 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:10:34 AM

    Posted 27 February 2014 - 06:46 PM

    Worth nothing that I just had to do a system restore because my PC literally wouldnt do anything when I turned it on, so I had to restart the PC and then it wanted to do a restore



    #14 jeffce

    jeffce

      Bleepin' Super Saiyan


    • Malware Response Team
    • 3,442 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:USA
    • Local time:04:34 AM

    Posted 28 February 2014 - 07:35 AM

    So you did a system restore?  Sorry...I just want to clarify.


    WFxJwA4.png
     
    mvp_horizontal_fullcolor-(copy2).jpeg
     


    #15 Tom95

    Tom95
    • Topic Starter

    • Members
    • 34 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:10:34 AM

    Posted 28 February 2014 - 10:02 AM

    So you did a system restore?  Sorry...I just want to clarify.

    Yes I did. 






    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users