Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Slow & Unresponsive Computer


  • This topic is locked This topic is locked
19 replies to this topic

#1 peter-d-w

peter-d-w

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:06 AM

Posted 22 September 2014 - 02:39 AM

My Desktop PC has suddenly become very slow and unresponsive. It often ignores mouse clicks several times before responding. I would be grateful for any help in curing this problem. Thank You

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17280  BrowserJavaVersion: 10.51.2
Run by Peter at 8:18:24 on 2014-09-22
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.8136.3502 [GMT 1:00]
.
AV: Ad-Aware Antivirus *Disabled/Outdated* {D87B6541-12A1-DAEA-0033-9B8057AAB996}
AV: Norton AntiVirus *Enabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
SP: Norton AntiVirus *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Ad-Aware Antivirus *Disabled/Outdated* {631A84A5-349B-D564-3A83-A0F22C2DF32B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Ad-Aware Firewall *Disabled* {E040E464-58CE-DBB2-2B6C-32B5A979FEED}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
C:\Windows\SysWOW64\ASGT.exe
C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
C:\Program Files (x86)\ASUS\APRP\AsusProductRegisterService.exe
C:\Program Files (x86)\ASUS\AsusFanControlService\1.00.25\AsusFanControlService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
D:\Program Files (x86)\CyberLink\PowerDVD13\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe
D:\Program Files (x86)\CyberLink\PowerDVD13\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe
C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareService.exe
C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
C:\Program Files (x86)\Norton AntiVirus\Engine\21.5.0.19\NAV.exe
C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\NST.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
C:\Program Files\Common Files\Motive\pcCMService.exe
D:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
C:\Program Files\Windows Server\Bin\ProviderRegistryService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Windows Server\Bin\WhsMcClient.exe
C:\Program Files\Windows Server\Bin\WSConnectorUpdate.exe
C:\Program Files\Windows Server\Bin\LANConfigSvc.exe
C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\Explorer.EXE
D:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe
C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareTray.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
D:\Program Files (x86)\CyberLink\PowerDVD13\PowerDVD13\PowerDVD13Agent.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\BlueStacks\HD-Agent.exe
C:\Program Files (x86)\Norton AntiVirus\Engine\21.5.0.19\NAV.exe
C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\NST.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\PowerControlHelp.exe
C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr64.exe
C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\NetSvcHelp.exe
C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\NetiCtrlTray.exe
C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
C:\Windows\ehome\ehRecvr.exe
C:\Program Files\Windows Server\Bin\Microsoft.HomeServer.Archive.TransferService.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\ehome\mcGlidHost.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\Macromed\Flash\FlashUtil64_15_0_0_152_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
D:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Users\Peter\Downloads\HijackThis.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.co.uk/?gfe_rd=cr&ei=_3oeVMvkBeGq8wf5poKYCQ
uProxyOverride = <local>;*.local;192.168.*.*
mWinlogon: Userinit = userinit.exe,
BHO: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\21.5.0.19\ips\ipsbho.dll
BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Norton Identity Protection: {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\coieplg.dll
BHO: Adobe Acrobat Create PDF Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: Adobe Acrobat Create PDF from Selection: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
TB: &RoboForm Toolbar: {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
TB: Norton Identity Safe Toolbar: {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\coieplg.dll
TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
uRun: [AdobeBridge] <no file>
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [PowerDVD13Agent] "D:\Program Files (x86)\CyberLink\PowerDVD13\PowerDVD13\PowerDVD13Agent.exe"
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [BlueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Customize Menu - C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Fill Forms - C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComFillForms.html
IE: Save Forms - C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComSavePass.html
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Show RoboForm Toolbar - C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComShowToolbar.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.4.0/GarminAxControl_32.CAB
DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxps://www.asus.com/support/asusTek_sys_ctrl3.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com/bin/srldetect_intel_4.5.15.0.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{0581532D-FD48-4AAD-B424-3BF623EAE915} : DHCPNameServer = 192.168.1.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Norton Identity Protection: {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.6.15\coieplg.dll
x64-BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-TB: Norton Identity Safe Toolbar: {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.6.15\coieplg.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [Launchpad] C:\Program Files (x86)\Windows Server\Bin\Launchpad.exe -autostart
x64-Run: [AdAwareTray] "C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareTray.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} -
x64-IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} -
x64-IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} -
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 asahci64;asahci64;C:\Windows\System32\drivers\asahci64.sys [2012-1-6 49760]
R0 gfibto;gfibto;C:\Windows\System32\drivers\gfibto.sys [2013-4-26 14456]
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2013-4-24 19264]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2013-5-1 56336]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NAVx64\1505000.013\symds64.sys [2014-8-15 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NAVx64\1505000.013\symefa64.sys [2014-8-15 1148120]
R1 BHDrvx64;BHDrvx64;C:\Program Files (x86)\Norton AntiVirus\NortonData\21.2.0.38\Definitions\BASHDefs\20140912.003\BHDrvx64.sys [2014-9-12 1586904]
R1 ccSet_NAV;NAV Settings Manager;C:\Windows\System32\drivers\NAVx64\1505000.013\ccsetx64.sys [2014-8-15 162392]
R1 ccSet_NST;Norton Identity Safe Settings Manager;C:\Windows\System32\drivers\NSTx64\7DE07060.00F\ccsetx64.sys [2014-8-7 162392]
R1 IDSVia64;IDSVia64;C:\Program Files (x86)\Norton AntiVirus\NortonData\21.2.0.38\Definitions\IPSDefs\20140919.001\IDSviA64.sys [2014-9-20 633560]
R1 ndisrd;WinpkFilter LightWeight Filter;C:\Windows\System32\drivers\ndisrd.sys [2013-4-24 32400]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NAVx64\1505000.013\ironx64.sys [2014-8-15 264280]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NAVx64\1505000.013\symnets.sys [2014-8-15 593112]
R2 {09F57980-3432-4AFC-957D-27AC45FAE1F5};Power Control [2014/05/27 23:01:27];D:\Program Files (x86)\CyberLink\PowerDVD13\PowerDVD13\Common\NavFilter\000.fcl [2013-11-29 32456]
R2 AdobeActiveFileMonitor11.0;Adobe Active File Monitor V11;C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [2012-9-17 171600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-9-28 239616]
R2 arXfrSvc;Windows Server Media Center TV Archive Transfer Service;C:\Program Files\Windows Server\Bin\Microsoft.HomeServer.Archive.TransferService.exe [2012-11-2 80504]
R2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [2012-6-1 920736]
R2 ASGT;ASGT;C:\Windows\SysWOW64\ASGT.exe [2012-1-17 55296]
R2 asHmComSvc;ASUS HM Com Service;C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [2012-6-1 951936]
R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [2013-4-24 149120]
R2 Asus Product Register Service;Asus Product Register Service;C:\Program Files (x86)\ASUS\APRP\AsusProductRegisterService.exe [2012-9-11 62128]
R2 AsusFanControlService;AsusFanControlService;C:\Program Files (x86)\ASUS\AsusFanControlService\1.00.25\AsusFanControlService.exe [2013-4-24 1493120]
R2 BstHdDrv;BlueStacks Hypervisor;C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [2014-6-23 123152]
R2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [2014-6-23 385808]
R2 BstHdUpdaterSvc;BlueStacks Updater Service;C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [2014-6-23 774928]
R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-7-14 1390176]
R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-7-14 1767520]
R2 CyberLink PowerDVD 13 Media Server Monitor Service;CyberLink PowerDVD 13 Media Server Monitor Service;D:\Program Files (x86)\CyberLink\PowerDVD13\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe [2014-5-27 77576]
R2 CyberLink PowerDVD 13 Media Server Service;CyberLink PowerDVD 13 Media Server Service;D:\Program Files (x86)\CyberLink\PowerDVD13\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe [2014-5-27 327432]
R2 HealthAlertsSvc;Windows Server Health Service;C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [2011-3-2 30592]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-4-24 13592]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2013-4-24 166720]
R2 LANConfig;Windows Server LAN Configuration;C:\Program Files\Windows Server\Bin\LANConfigSvc.exe [2011-3-2 27520]
R2 LavasoftAdAwareService11;Ad-Aware Service 11;C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareService.exe [2014-8-27 706864]
R2 Motorola Device Manager;Motorola Device Manager Service;C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [2013-11-15 137528]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2012-7-13 769432]
R2 NAV;Norton AntiVirus;C:\Program Files (x86)\Norton AntiVirus\Engine\21.5.0.19\nav.exe [2014-8-15 262968]
R2 NCO;Norton Identity Safe;C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\nst.exe [2014-8-7 130104]
R2 NotificationsProviderSvc;Windows Server Notifications Provider Service;C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [2011-3-2 30592]
R2 pcCMService;pcCMService;C:\Program Files (x86)\Common Files\Motive\pcCMService.exe [2013-9-4 376144]
R2 pcCMService64;pcCMService64;C:\Program Files\Common Files\Motive\pcCMService.exe [2013-9-4 467280]
R2 PDFSFilter;PDFSFilter;C:\Windows\System32\drivers\PDFsFilter.sys [2012-8-23 83224]
R2 providers_system;Windows Server Download Service;C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [2011-3-2 30592]
R2 PST Service;PST Service;C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [2014-4-3 65657]
R2 ServiceProviderRegistry;Windows Server Service Provider Registry;C:\Program Files\Windows Server\Bin\ProviderRegistryService.exe [2012-11-2 41568]
R2 SqmProviderSvc;Windows Server SQM Service;C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [2011-3-2 30592]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-4-24 365376]
R2 WhsMcClient;Windows Server Media Center Client Service;C:\Program Files\Windows Server\Bin\WhsMcClient.exe [2012-11-2 112224]
R2 WSConnectorUpdate;Windows Server Connector Update;C:\Program Files\Windows Server\Bin\WSConnectorUpdate.exe [2011-3-2 228736]
R2 WSS_ComputerBackupProviderSvc;Windows Server Client Computer Backup Provider Service;C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [2011-3-2 30592]
R3 anvsnddrv;AnvSoft Virtual Sound Device;C:\Windows\System32\drivers\anvsnddrv.sys [2014-5-27 33872]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-11-3 130536]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-11-3 395752]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-5-14 96896]
R3 BackupReader;BackupReader;C:\Windows\System32\drivers\BackupReader.sys [2011-3-2 63872]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2014-9-10 142640]
R3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [2013-4-24 169752]
R3 ICCWDT;Intel® Watchdog Timer Driver (Intel® WDT);C:\Windows\System32\drivers\ICCWDT.sys [2012-5-17 26136]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2013-4-24 357184]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2013-4-24 789824]
R3 pneteth;PdaNet Broadband;C:\Windows\System32\drivers\pneteth.sys [2013-6-6 15360]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-4-24 726160]
R3 smsbda;DVB-T TV Stick;C:\Windows\System32\drivers\smsbda.sys [2011-3-6 56960]
R4 IOMap;IOMap;C:\Windows\System32\drivers\IOMap64.sys [2013-4-24 23680]
S2 BstHdAndroidSvc;BlueStacks Android Service;C:\Program Files (x86)\BlueStacks\HD-Service.exe [2014-6-23 406288]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 initMonitor;Windows Server Initialization Service;C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [2011-3-2 30592]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 androidusb;ADB Interface Driver;C:\Windows\System32\drivers\androidusb.sys [2010-10-18 38424]
S3 ASUSstpt;ASUS USB 3.0 Boost Storage Driver (Storage Driver);C:\Windows\System32\drivers\ASUSstpt.sys [2013-4-24 24648]
S3 ASUSumsc;ASUS USB 3.0 Boost Storage Driver (WDM);C:\Windows\System32\drivers\ASUSumsc.sys [2013-4-24 141896]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-9-11 111616]
S3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2013-3-19 442368]
S3 libusb0;libusb-win32 - Kernel Driver 04/08/2011 1.2.4.0;C:\Windows\System32\drivers\libusb0.sys [2011-5-17 44480]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\System32\drivers\nx6000.sys [2010-12-13 36720]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-4-24 19456]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-5-30 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-4-24 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-4-24 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
.
=============== File Associations ===============
.
ShellExec: Opera.exe: open="C:\Program Files (x86)\Opera\Launcher.exe" "%1"
.
=============== Created Last 30 ================
.
2014-09-22 06:53:03 388096 ----a-r- C:\Users\Peter\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2014-09-22 01:06:44 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{693B6E44-5419-4EA0-B4D7-6D5484C11E71}\offreg.dll
2014-09-21 01:53:08 11578928 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{693B6E44-5419-4EA0-B4D7-6D5484C11E71}\mpengine.dll
2014-09-11 10:49:40 2777088 ----a-w- C:\Windows\System32\msmpeg2vdec.dll
2014-09-11 10:49:40 2285056 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll
2014-09-11 07:27:26 793600 ----a-w- C:\Windows\SysWow64\TSWorkspace.dll
2014-09-11 07:27:26 1031168 ----a-w- C:\Windows\System32\TSWorkspace.dll
2014-09-11 07:23:53 578048 ----a-w- C:\Windows\System32\aepdu.dll
2014-09-11 07:23:53 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-09-11 07:23:21 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2014-09-11 07:23:21 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2014-09-11 07:23:19 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-09-11 07:23:19 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-09-11 07:23:19 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-09-11 07:23:19 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-09-11 07:23:19 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-09-02 01:00:00 -------- d-----w- C:\Users\Peter\AppData\Local\Adobe
2014-09-01 11:33:27 -------- d-----w- C:\Program Files\Common Files\Lavasoft
2014-09-01 11:33:24 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-09-01 11:33:09 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-09-01 11:33:09 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-09-01 11:33:09 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-08-29 15:01:42 404480 ----a-w- C:\Windows\System32\gdi32.dll
2014-08-29 15:01:42 3163648 ----a-w- C:\Windows\System32\win32k.sys
2014-08-29 15:01:42 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
.
==================== Find3M  ====================
.
2014-09-21 07:02:10 1048576 ----a-w- C:\Windows\PE_Rom.dll
2014-09-10 11:12:15 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-10 11:12:15 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-08-25 05:53:42 270496 ------w- C:\Windows\System32\MpSigStub.exe
2014-08-18 22:29:49 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-08-18 22:29:35 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-08-18 22:19:53 5833728 ----a-w- C:\Windows\System32\jscript9.dll
2014-08-18 22:15:34 547328 ----a-w- C:\Windows\System32\vbscript.dll
2014-08-18 22:15:09 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-08-18 22:14:38 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-08-18 22:14:10 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-08-18 22:08:55 4232704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-08-18 22:03:47 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-08-18 22:03:37 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-08-18 22:03:01 758272 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-08-18 21:57:44 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-08-18 21:56:17 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-08-18 21:46:26 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-08-18 21:45:23 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-08-18 21:45:12 72704 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-08-18 21:44:44 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-08-18 21:44:09 61952 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-08-18 21:36:07 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-08-18 21:35:24 597504 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-08-18 21:23:17 2104832 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-08-18 21:23:16 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-08-18 21:22:48 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-08-18 21:15:13 2310656 ----a-w- C:\Windows\System32\wininet.dll
2014-08-18 21:08:54 2014208 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-08-18 21:07:44 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-08-18 20:46:48 1812992 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-07-25 01:35:46 875688 ----a-w- C:\Windows\SysWow64\msvcr120_clr0400.dll
2014-07-24 22:47:06 869544 ----a-w- C:\Windows\System32\msvcr120_clr0400.dll
2014-07-16 03:23:41 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-07-16 02:46:02 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-07-14 02:02:45 1216000 ----a-w- C:\Windows\System32\rpcrt4.dll
2014-07-14 01:40:58 664064 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2014-07-09 02:03:23 7168 ----a-w- C:\Windows\System32\KBDYAK.DLL
2014-07-09 02:03:22 7168 ----a-w- C:\Windows\System32\KBDBASH.DLL
2014-07-09 01:31:42 7168 ----a-w- C:\Windows\SysWow64\KBDYAK.DLL
2014-07-09 01:31:41 6656 ----a-w- C:\Windows\SysWow64\KBDBASH.DLL
2014-06-30 22:24:50 8856 ----a-w- C:\Windows\System32\icardres.dll
2014-06-30 22:14:53 8856 ----a-w- C:\Windows\SysWow64\icardres.dll
.
============= FINISH:  8:18:39.39 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:06 AM

Posted 22 September 2014 - 06:26 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

  • Important: To help me reviewing your logs, please post them in code boxes. You can create them by clicking on the <>-symbol on top of the reply window.

 

 

Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.

  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )
  • Leave everything else as it is.
  • Close all other running programs as well as your Browser.
  • Click the Scan button & wait for it to finish.
  • Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop.
  • Please post the content of the ark.txt here.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

 

 

 

 

Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.zip and extract to your desktop

  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt


Please attach this file to your next reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 peter-d-w

peter-d-w
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:06 AM

Posted 22 September 2014 - 07:47 AM

Hi Marius,

Thank you for your help, it is much appreciated.

I am sorry, in my enthusiasm to get things working normally again I uninstalled several programs and also ran ccleaner before I got your message not to. I hope has not confused things too much. I can start again if that would be better.

GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-09-22 13:33:37
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-2 Samsung_ rev.DXT0 111.79GB
Running: twqf7td1.exe; Driver: C:\Users\Peter\AppData\Local\Temp\kgdyrpog.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528                                                                                         fffff80003808000 8 bytes [00, 00, 0B, 02, 57, 66, 70, ...]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 537                                                                                         fffff80003808009 35 bytes [69, 8F, 0F, 80, FA, FF, FF, ...]

---- User code sections - GMER 2.1 ----

.text     D:\Program Files (x86)\CyberLink\PowerDVD13\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe[1136] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter  0000000076398791 5 bytes JMP 0000000170da1170
.text     D:\Program Files (x86)\CyberLink\PowerDVD13\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe[1136] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69       0000000076851465 2 bytes [85, 76]
.text     D:\Program Files (x86)\CyberLink\PowerDVD13\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe[1136] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155      00000000768514bb 2 bytes [85, 76]
.text     ...                                                                                                                                                        * 2
.text     C:\Program Files (x86)\uTorrent\uTorrent.exe[4684] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                 0000000076851465 2 bytes [85, 76]
.text     C:\Program Files (x86)\uTorrent\uTorrent.exe[4684] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                00000000768514bb 2 bytes [85, 76]
.text     ...                                                                                                                                                        * 2
.text     D:\Program Files (x86)\CyberLink\PowerDVD13\PowerDVD13\PowerDVD13Agent.exe[5160] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                   0000000076851465 2 bytes [85, 76]
.text     D:\Program Files (x86)\CyberLink\PowerDVD13\PowerDVD13\PowerDVD13Agent.exe[5160] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                  00000000768514bb 2 bytes [85, 76]
.text     ...                                                                                                                                                        * 2
?         C:\Windows\system32\mssprxy.dll [5160] entry point in ".rdata" section                                                                                     000000006ab771e6
.text     C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\NetSvcHelp.exe[6640] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69           0000000076851465 2 bytes [85, 76]
.text     C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\NetSvcHelp.exe[6640] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155          00000000768514bb 2 bytes [85, 76]
.text     ...                                                                                                                                                        * 2
.text     C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\NetiCtrlTray.exe[6664] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69         0000000076851465 2 bytes [85, 76]
.text     C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\NetiCtrlTray.exe[6664] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155        00000000768514bb 2 bytes [85, 76]
.text     ...                                                                                                                                                        * 2
.text     C:\Users\Peter\Downloads\twqf7td1.exe[4124] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection                                                             000000007706fc80 5 bytes JMP 00000001002a012a
.text     C:\Users\Peter\Downloads\twqf7td1.exe[4124] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                               000000007706fcb0 5 bytes JMP 00000001002a0bc2
.text     C:\Users\Peter\Downloads\twqf7td1.exe[4124] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                                             000000007706fe14 5 bytes JMP 00000001002a0048
.text     C:\Users\Peter\Downloads\twqf7td1.exe[4124] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent                                                                      000000007706fea8 5 bytes JMP 00000001002a0594
.text     C:\Users\Peter\Downloads\twqf7td1.exe[4124] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread                                                                 000000007706ff24 5 bytes JMP 00000001002a0e68
.text     C:\Users\Peter\Downloads\twqf7td1.exe[4124] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                                                   0000000077070004 5 bytes JMP 00000001002a0758
.text     C:\Users\Peter\Downloads\twqf7td1.exe[4124] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                           0000000077070038 5 bytes JMP 00000001002a0ca4
.text     C:\Users\Peter\Downloads\twqf7td1.exe[4124] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread                                                                   0000000077070068 5 bytes JMP 00000001002a0d86
.text     C:\Users\Peter\Downloads\twqf7td1.exe[4124] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                                                0000000077070084 5 bytes JMP 0000000100020050
.text     C:\Users\Peter\Downloads\twqf7td1.exe[4124] C:\Windows\SysWOW64\ntdll.dll!NtAlertResumeThread                                                              00000000770702e8 5 bytes JMP 00000001002a020c
.text     C:\Users\Peter\Downloads\twqf7td1.exe[4124] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                                                                   000000007707079c 5 bytes JMP 00000001002a03d0
.text     C:\Users\Peter\Downloads\twqf7td1.exe[4124] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                                       000000007707088c 5 bytes JMP 00000001002a09fe
.text     C:\Users\Peter\Downloads\twqf7td1.exe[4124] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                                                 00000000770708a4 2 bytes JMP 00000001002a091c
.text     C:\Users\Peter\Downloads\twqf7td1.exe[4124] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 3                                                             00000000770708a7 2 bytes [23, 89]
.text     C:\Users\Peter\Downloads\twqf7td1.exe[4124] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                                     0000000077070df4 5 bytes JMP 00000001002a0676
.text     C:\Users\Peter\Downloads\twqf7td1.exe[4124] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThreadEx                                                               00000000770715d4 5 bytes JMP 00000001002a02ee
.text     C:\Users\Peter\Downloads\twqf7td1.exe[4124] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                                               0000000077071920 5 bytes JMP 00000001002a083a
.text     C:\Users\Peter\Downloads\twqf7td1.exe[4124] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                                           0000000077071be4 5 bytes JMP 00000001002a0ae0
.text     C:\Users\Peter\Downloads\twqf7td1.exe[4124] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                                                                  0000000077071d70 5 bytes JMP 00000001002a04b2
.text     C:\Users\Peter\Downloads\twqf7td1.exe[4124] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206                                                 00000000762f524f 7 bytes JMP 00000001002b02f4
.text     C:\Users\Peter\Downloads\twqf7td1.exe[4124] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380                                                     00000000762f53d0 7 bytes JMP 00000001002b05a0
.text     C:\Users\Peter\Downloads\twqf7td1.exe[4124] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149                                                    00000000762f5677 7 bytes JMP 00000001002b03d8
.text     C:\Users\Peter\Downloads\twqf7td1.exe[4124] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542                                                           00000000762f589a 7 bytes JMP 00000001002b0048
.text     C:\Users\Peter\Downloads\twqf7td1.exe[4124] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382                                                           00000000762f5a1d 7 bytes JMP 00000001002b0768
.text     C:\Users\Peter\Downloads\twqf7td1.exe[4124] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370                                                      00000000762f5c9b 7 bytes JMP 00000001002b04bc
.text     C:\Users\Peter\Downloads\twqf7td1.exe[4124] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231                                                        00000000762f5d87 7 bytes JMP 00000001002b0684
.text     C:\Users\Peter\Downloads\twqf7td1.exe[4124] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123                                       00000000762f7240 7 bytes JMP 00000001002b0210
.text     C:\Users\Peter\Downloads\twqf7td1.exe[4124] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882                                                      0000000075ba1492 7 bytes JMP 00000001002b084c

---- Threads - GMER 2.1 ----

Thread    C:\Program Files\Windows Media Player\wmpnetwk.exe [4836:6336]                                                                                             000007fefb072bf8

---- EOF - GMER 2.1 ----

Attached Files



#4 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:06 AM

Posted 22 September 2014 - 07:53 AM

Going over your logs I noticed that you have uTorrent installed.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall uTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.
If you wish to keep it, please do not use it until your computer is cleaned.

 

 

 

 

Multiple Antivirus Programs installed!

I do not recommend that you have more than one anti-virus product installed and running on your computer at a time.

The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti-virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:

1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.

Therefore please go to add/remove in the control panel and remove either AdAware or Norton.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#5 peter-d-w

peter-d-w
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:06 AM

Posted 22 September 2014 - 10:39 AM

Thanks, I have closed down utorrent and uninstalled adaware. It was very difficult to uninstall ad-aware as the installer was broken. Revouninstaller couldn't find it and 10bituninstaller removed some of it but left a lot behind. I had to stop some of the services manually before I could remove the last of it. My PC appears to be running a little better now, but is still a lot slower and less responsive than it used to be.  


Edited by peter-d-w, 22 September 2014 - 03:25 PM.


#6 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:06 AM

Posted 23 September 2014 - 07:32 AM

Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)

  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#7 peter-d-w

peter-d-w
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:06 AM

Posted 23 September 2014 - 08:57 AM

Thanks Marius.


Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-09-2014 01
Ran by Peter (administrator) on PETER-NEWMESH on 23-09-2014 14:45:34
Running from C:\Users\Peter\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
() C:\Windows\SysWOW64\ASGT.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
() C:\Program Files (x86)\ASUS\APRP\AsusProductRegisterService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.00.25\AsusFanControlService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CyberLink) D:\Program Files (x86)\CyberLink\PowerDVD13\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe
(CyberLink) D:\Program Files (x86)\CyberLink\PowerDVD13\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe
(Microsoft Corporation) C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcCMService.exe
(Microsoft Corporation) C:\Program Files\Windows Server\Bin\WhsMcClient.exe
(Microsoft Corporation) C:\Program Files\Windows Server\Bin\WSConnectorUpdate.exe
(Microsoft Corporation) C:\Program Files\Windows Server\Bin\LANConfigSvc.exe
(Microsoft Corporation) C:\Program Files\Windows Server\Bin\ProviderRegistryService.exe
(Microsoft Corporation) C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
(Microsoft Corporation) C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
(Microsoft Corporation) C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
(Microsoft Corporation) C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
(Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\nav.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\nst.exe
(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\nst.exe
(Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\nav.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\PowerControlHelp.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(CyberLink Corp.) D:\Program Files (x86)\CyberLink\PowerDVD13\PowerDVD13\PowerDVD13Agent.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\NetSvcHelp.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\NetiCtrlTray.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
(Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe
(Microsoft Corporation) C:\Program Files\Windows Server\Bin\Microsoft.HomeServer.Archive.TransferService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_15_0_0_152_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Launchpad] => C:\Program Files\Windows Server\Bin\Launchpad.exe [1099360 2012-11-02] (Microsoft Corporation)
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-20] (Intel Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [PowerDVD13Agent] => D:\Program Files (x86)\CyberLink\PowerDVD13\PowerDVD13\PowerDVD13Agent.exe [517144 2013-11-29] (CyberLink Corp.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-451478189-2312592095-1013781437-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-451478189-2312592095-1013781437-1000\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [109784 2014-08-01] (Siber Systems)
HKU\S-1-5-21-451478189-2312592095-1013781437-1000\...\Run: [uTorrent] => C:\Program Files (x86)\uTorrent\uTorrent.exe [399736 2013-09-08] (BitTorrent, Inc.)
HKU\S-1-5-21-451478189-2312592095-1013781437-1000\...\MountPoints2: {51860493-ac54-11e2-8655-806e6f6e6963} - E:\.\Bin\ASSETUP.exe
HKU\S-1-5-21-451478189-2312592095-1013781437-1000\...\MountPoints2: {f841f2c0-ace9-11e2-9ade-08606e71edae} - M:\unlock.exe autoplay=true

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.uk/?gfe_rd=cr&ei=_3oeVMvkBeGq8wf5poKYCQ
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&r=208
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&r=208
SearchScopes: HKCU - {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL =
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.6.15\coIEPlg.dll (Symantec Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\coIEPlg.dll (Symantec Corporation)
BHO-x32: Adobe Acrobat Create PDF Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.6.15\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
Toolbar: HKCU - No Name - {724D43A0-0D85-11D4-9908-00400523E39A} -  No File
DPF: HKLM-x32 {0D41B8C5-2599-4893-8183-00195EC8D5F9} https://www.asus.com/support/asusTek_sys_ctrl3.cab
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com/bin/srldetect_intel_4.5.15.0.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\5j0nctvh.default
FF Homepage: hxxp://start.roboform.com
FF Keyword.URL: hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF Plugin-x32: @Motive.com/npMotiveRequest,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotiveRequest.dll (Alcatel-Lucent)
FF Plugin-x32: @siber.com/RoboForm -> C:\Program Files (x86)\Siber Systems\AI RoboForm\chrome\plugin\np-rf-plugin.dll (Siber Systems Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> D:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF Extension: Firefox Old Version Update Hotfix - C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\5j0nctvh.default\Extensions\firefox-hotfix@mozilla.org.xpi [2014-08-21]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - D:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - D:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2013-06-05]
FF HKLM-x32\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.7.0.43\coFFPlgn
FF Extension: Norton Identity Safe Toolbar - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.7.0.43\coFFPlgn [2014-09-23]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_21.2.0.38\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_21.2.0.38\IPSFF [2014-04-05]

Chrome:
=======
CHR HomePage: Default -> 9BB9565D7BC07C6ECF813D91404E74AFC18648904C3D14DB81F78B5566900849
CHR DefaultSearchKeyword: Default -> trovi.search
CHR DefaultSearchProvider: Default -> Trovi search
CHR DefaultSearchURL: Default -> http://www.trovi.com/Results.aspx?gd=&ctid=CT3318522&octid=EB_ORIGINAL_CTID&ISID=M86927EBE-9A01-4842-9098-99EAF9A178C6&SearchSource=58&CUI=&UM=5&UP=SP15780DCD-C9F6-429C-AC53-1A7360C399EC&q={searchTerms}&SSPV=
CHR DefaultSuggestURL: Default -> http://suggest.seccint.com/CSuggestJson.ashx?prefix={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\pdf.dll ()
CHR Plugin: (RoboForm Plugin for Google Chrome/Opera/etc.) - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\plugin/np-rf-plugin.dll (Siber Systems Inc.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\nppdf32.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (AdobeExManDetect) - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
CHR Plugin: (AdobeAAMDetect) - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Intel Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (iTunes Application Detector) - D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Profile: C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-04-24]
CHR Extension: (Google Drive) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-04-24]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-06]
CHR Extension: (YouTube) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-04-24]
CHR Extension: (Google Search) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-04-24]
CHR Extension: (Adobe Acrobat - Create PDF) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2013-05-24]
CHR Extension: (Norton Identity Safe) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-09-06]
CHR Extension: (SecureSearch) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfffjahnfbocnaooecgijfnbpcfekoik [2013-05-07]
CHR Extension: (Skype Click to Call) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-04-09]
CHR Extension: (Google Wallet) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-06]
CHR Extension: (Norton Security Toolbar) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeob [2014-04-09]
CHR Extension: (Lavasoft NewTab) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\oejkcgajlodefenbbjdnaiahmbnnoole [2013-08-28]
CHR Extension: (Gmail) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-04-24]
CHR Extension: (RoboForm) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2014-08-01]
CHR HKLM-x32\...\Chrome\Extension: [edmgmpmklgfbohogafcfobonnkogchec] - C:\Program Files (x86)\Common Files\Motive\extensions\MotiveRequest.crx []
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - D:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2013-05-11]
CHR HKLM-x32\...\Chrome\Extension: [lfffjahnfbocnaooecgijfnbpcfekoik] - C:\ProgramData\adawaretb\shortcuts\chrome\adawaretb.crx [2013-05-11]
CHR HKLM-x32\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\Exts\Chrome.crx [2014-08-07]
CHR HKLM-x32\...\Chrome\Extension: [oejkcgajlodefenbbjdnaiahmbnnoole] - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\chrome-newtab-search.crx [2014-08-07]
CHR HKLM-x32\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2014-08-01]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [171600 2012-09-17] (Adobe Systems Incorporated)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2012-06-01] ()
R2 ASGT; C:\Windows\SysWOW64\ASGT.exe [55296 2012-01-17] () [File not signed]
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2012-06-01] (ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2012-02-17] (ASUSTeK Computer Inc.)
R2 Asus Product Register Service; C:\Program Files (x86)\ASUS\APRP\AsusProductRegisterService.exe [62128 2012-09-11] ()
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.00.25\AsusFanControlService.exe [1493120 2012-02-22] (ASUSTeK Computer Inc.)
R2 CyberLink PowerDVD 13 Media Server Monitor Service; D:\Program Files (x86)\CyberLink\PowerDVD13\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe [77576 2013-11-29] (CyberLink)
R2 CyberLink PowerDVD 13 Media Server Service; D:\Program Files (x86)\CyberLink\PowerDVD13\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe [327432 2013-11-29] (CyberLink)
R2 HealthAlertsSvc; C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [30592 2011-03-02] (Microsoft Corporation)
S2 initMonitor; C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [30592 2011-03-02] (Microsoft Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2175264 2014-09-22] (IObit)
R2 NAV; C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\NAV.exe [262968 2014-09-21] (Symantec Corporation)
R2 NCO; C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\NST.exe [130104 2014-07-31] (Symantec Corporation)
R2 NotificationsProviderSvc; C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [30592 2011-03-02] (Microsoft Corporation)
R2 pcCMService64; C:\Program Files\Common Files\Motive\pcCMService.exe [467280 2012-11-27] (Alcatel-Lucent)
R2 providers_system; C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [30592 2011-03-02] (Microsoft Corporation)
R2 ServiceProviderRegistry; C:\Program Files\Windows Server\Bin\ProviderRegistryService.exe [41568 2012-11-02] (Microsoft Corporation)
R2 SqmProviderSvc; C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [30592 2011-03-02] (Microsoft Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 WSS_ComputerBackupProviderSvc; C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [30592 2011-03-02] (Microsoft Corporation)
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]
S4 LavasoftAdAwareService11; "C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareService.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AiChargerPlus; C:\Windows\SysWow64\drivers\AiChargerPlus.sys [14848 2012-04-19] (ASUSTek Computer Inc.)
S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [38424 2010-10-18] (Google Inc)
R3 anvsnddrv; C:\Windows\System32\drivers\anvsnddrv.sys [33872 2011-11-28] (AnvSoft Inc.)
R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [142424 2013-04-25] (SlySoft, Inc.)
R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [142424 2013-04-25] (SlySoft, Inc.)
R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49760 2012-01-06] (Asmedia Technology)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
R3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2011-09-20] (MCCI Corporation)
S3 ASUSstpt; C:\Windows\System32\DRIVERS\ASUSstpt.sys [24648 2011-09-15] (MCCI Corporation)
S3 ASUSumsc; C:\Windows\System32\DRIVERS\ASUSumsc.sys [141896 2011-09-15] (MCCI Corporation)
R1 BHDrvx64; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.2.0.38\Definitions\BASHDefs\20140912.003\BHDrvx64.sys [1586904 2014-09-12] (Symantec Corporation)
R1 ccSet_NAV; C:\Windows\system32\drivers\NAVx64\1506000.020\ccSetx64.sys [162392 2014-02-25] (Symantec Corporation)
R1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DE07060.00F\ccSetx64.sys [162392 2013-09-27] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-09-09] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-09-09] (Symantec Corporation)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-08-06] (GFI Software)
R1 IDSVia64; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.2.0.38\Definitions\IPSDefs\20140922.001\IDSvia64.sys [633560 2014-08-29] (Symantec Corporation)
R4 IOMap; C:\Windows\system32\drivers\IOMap64.sys [23680 2010-02-23] (ASUSTeK Computer Inc.)
S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [44480 2011-05-17] (http://libusb-win32.sourceforge.net)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2013-06-12] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MREMP50a64; C:\Program Files\Common Files\Motive\MREMP50a64.SYS [43008 2013-06-12] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2013-06-12] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50a64; C:\Program Files\Common Files\Motive\MRESP50a64.SYS [40960 2013-06-12] (Printing Communications Assoc., Inc. (PCAUSA))
R3 NAVENG; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.2.0.38\Definitions\VirusDefs\20140922.033\ENG64.SYS [129752 2014-09-19] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.2.0.38\Definitions\VirusDefs\20140922.033\EX64.SYS [2137304 2014-09-19] (Symantec Corporation)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-10] (Corel Corporation)
R3 smsbda; C:\Windows\System32\drivers\smsbda.sys [56960 2011-03-06] (Siano)
R1 SRTSP; C:\Windows\System32\Drivers\NAVx64\1506000.020\SRTSP64.SYS [876248 2014-08-26] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NAVx64\1506000.020\SRTSPX64.SYS [37592 2014-08-26] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NAVx64\1506000.020\SYMDS64.SYS [493656 2013-10-30] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NAVx64\1506000.020\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-04-05] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NAVx64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NAVx64\1506000.020\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation)
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [389240 2014-04-22] (BitDefender S.R.L.)
R2 {09F57980-3432-4AFC-957D-27AC45FAE1F5}; D:\Program Files (x86)\CyberLink\PowerDVD13\PowerDVD13\Common\NavFilter\000.fcl [32456 2013-11-29] (CyberLink Corp.)
S3 MREMPR5; \??\C:\PROGRA~2\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~2\COMMON~1\Motive\MRENDIS5.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-23 14:33 - 2014-09-23 14:33 - 00075846 _____ () C:\Users\Peter\Downloads\Addition.txt
2014-09-23 14:32 - 2014-09-23 14:45 - 00030020 _____ () C:\Users\Peter\Downloads\FRST.txt
2014-09-23 14:32 - 2014-09-23 14:45 - 00000000 ____D () C:\FRST
2014-09-23 14:29 - 2014-09-23 14:29 - 02105856 _____ (Farbar) C:\Users\Peter\Downloads\FRST64.exe
2014-09-23 14:24 - 2014-09-23 14:24 - 00000000 ____D () C:\Windows\System32\Tasks\Norton AntiVirus
2014-09-22 21:04 - 2014-09-22 21:24 - 12754049 _____ (Media Center Master, Inc. ) C:\Users\Peter\Downloads\MCM_2.12.23514.782__setup.exe
2014-09-22 16:07 - 2014-09-22 16:07 - 02806920 _____ () C:\Users\Peter\Downloads\Adaware_Installer (4).exe
2014-09-22 15:29 - 2014-09-22 15:29 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\ProductData
2014-09-22 15:28 - 2014-09-22 15:29 - 00000000 ____D () C:\ProgramData\IObit
2014-09-22 15:28 - 2014-09-22 15:28 - 00002886 _____ () C:\Windows\System32\Tasks\Uninstaller_SkipUac_Administrator
2014-09-22 15:28 - 2014-09-22 15:28 - 00001252 _____ () C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk
2014-09-22 15:28 - 2014-09-22 15:28 - 00001228 _____ () C:\Users\Public\Desktop\IObit Uninstaller.lnk
2014-09-22 15:28 - 2014-09-22 15:28 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\IObit
2014-09-22 15:28 - 2014-09-22 15:28 - 00000000 ____D () C:\ProgramData\ProductData
2014-09-22 15:28 - 2014-09-22 15:28 - 00000000 ____D () C:\Program Files (x86)\IObit
2014-09-22 15:27 - 2014-09-22 15:27 - 12906784 _____ (IObit) C:\Users\Peter\Downloads\iobituninstaller.exe
2014-09-22 15:18 - 2014-09-22 15:18 - 00003160 _____ () C:\Windows\System32\Tasks\{9A34128A-0BA1-47B6-B24E-55AF738FDF82}
2014-09-22 15:17 - 2014-09-22 15:17 - 02806920 _____ () C:\Users\Peter\Downloads\Adaware_Installer (3).exe
2014-09-22 14:51 - 2014-09-22 14:51 - 00001264 _____ () C:\Users\Peter\Desktop\Revo Uninstaller.lnk
2014-09-22 14:51 - 2014-09-22 14:51 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-09-22 14:50 - 2014-09-22 14:50 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Peter\Downloads\revosetup.exe
2014-09-22 13:35 - 2014-09-22 13:35 - 04161313 _____ () C:\Users\Peter\Downloads\tdsskiller.zip
2014-09-22 13:35 - 2014-07-10 12:38 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Peter\Desktop\TDSSKiller.exe
2014-09-22 13:33 - 2014-09-22 13:33 - 00010230 _____ () C:\Users\Peter\Documents\ark.txt
2014-09-22 13:07 - 2014-09-22 13:08 - 00380416 _____ () C:\Users\Peter\Downloads\twqf7td1.exe
2014-09-22 11:45 - 2014-09-23 14:19 - 00000728 _____ () C:\Windows\setupact.log
2014-09-22 11:45 - 2014-09-22 15:35 - 00001376 _____ () C:\Windows\PFRO.log
2014-09-22 11:45 - 2014-09-22 11:45 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-22 08:22 - 2014-09-22 08:22 - 00004425 _____ () C:\Users\Peter\Desktop\Attach.rar
2014-09-22 08:19 - 2014-09-22 08:19 - 00031738 _____ () C:\Users\Peter\Downloads\DDS.txt
2014-09-22 08:19 - 2014-09-22 08:19 - 00012240 _____ () C:\Users\Peter\Downloads\Attach.txt
2014-09-22 08:18 - 2014-09-22 08:18 - 00031738 _____ () C:\Users\Peter\Desktop\dds.txt
2014-09-22 08:18 - 2014-09-22 08:18 - 00012240 _____ () C:\Users\Peter\Desktop\attach.txt
2014-09-22 08:17 - 2014-09-22 08:17 - 00688992 ____R (Swearware) C:\Users\Peter\Downloads\dds.com
2014-09-22 07:57 - 2014-09-22 07:57 - 00016784 _____ () C:\Users\Peter\Downloads\hijackthis.log
2014-09-22 07:56 - 2014-09-22 07:56 - 00388608 _____ (Trend Micro Inc.) C:\Users\Peter\Downloads\HijackThis.exe
2014-09-22 07:53 - 2014-09-22 07:53 - 00002975 _____ () C:\Users\Peter\Desktop\HiJackThis.lnk
2014-09-22 07:53 - 2014-09-22 07:53 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2014-09-22 07:52 - 2014-09-22 07:52 - 01402880 _____ () C:\Users\Peter\Downloads\HiJackThis.msi
2014-09-21 08:32 - 2014-09-21 08:32 - 00003095 _____ () C:\Users\Peter\Downloads\parkrun.kmz
2014-09-21 08:07 - 2014-09-21 08:08 - 00000756 _____ () C:\Users\Peter\Downloads\GoogleEarth_Placemark (1).kmz
2014-09-19 23:32 - 2014-09-19 23:32 - 02027744 _____ (Nathan Moinvaziri) C:\Users\Peter\Downloads\extractnow (2).exe
2014-09-19 21:42 - 2014-09-19 21:42 - 00322560 _____ (Geek-Republic.com) C:\Users\Peter\Downloads\suction.exe
2014-09-19 21:17 - 2014-09-19 21:17 - 00012746 _____ () C:\Users\Peter\Downloads\mimosa.kml
2014-09-19 20:50 - 2014-09-19 20:50 - 00000000 _____ () C:\Users\Peter\Downloads\GoogleEarth_Placemark.kmz.x8zmzdj.partial
2014-09-19 09:58 - 2014-09-19 09:59 - 00093790 _____ () C:\Users\Peter\Downloads\Parys Parkrun.zip
2014-09-18 10:20 - 2014-09-18 10:20 - 04047300 _____ (theRenamer ) C:\Users\Peter\Downloads\theRenamer_Setup (3).exe
2014-09-18 10:00 - 2014-09-18 10:00 - 00223865 _____ () C:\Users\Peter\Downloads\Focus stacking.zip
2014-09-11 11:53 - 2014-08-19 19:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-11 11:53 - 2014-08-19 18:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-11 11:53 - 2014-08-19 00:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-11 11:53 - 2014-08-18 23:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-11 11:53 - 2014-08-18 23:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-11 11:53 - 2014-08-18 23:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-11 11:53 - 2014-08-18 23:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-11 11:53 - 2014-08-18 23:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-11 11:53 - 2014-08-18 23:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-11 11:53 - 2014-08-18 23:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-11 11:53 - 2014-08-18 23:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-11 11:53 - 2014-08-18 23:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-11 11:53 - 2014-08-18 23:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-11 11:53 - 2014-08-18 23:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-11 11:53 - 2014-08-18 23:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-11 11:53 - 2014-08-18 23:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-11 11:53 - 2014-08-18 23:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-11 11:53 - 2014-08-18 23:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-11 11:53 - 2014-08-18 23:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-11 11:53 - 2014-08-18 22:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-11 11:53 - 2014-08-18 22:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-11 11:53 - 2014-08-18 22:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-11 11:53 - 2014-08-18 22:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-11 11:53 - 2014-08-18 22:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-11 11:53 - 2014-08-18 22:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-11 11:53 - 2014-08-18 22:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-11 11:53 - 2014-08-18 22:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-11 11:53 - 2014-08-18 22:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-11 11:53 - 2014-08-18 22:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-11 11:53 - 2014-08-18 22:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-11 11:53 - 2014-08-18 22:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-11 11:53 - 2014-08-18 22:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-11 11:53 - 2014-08-18 22:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-11 11:53 - 2014-08-18 22:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-11 11:53 - 2014-08-18 22:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-11 11:53 - 2014-08-18 22:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-11 11:53 - 2014-08-18 22:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-11 11:53 - 2014-08-18 22:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-11 11:53 - 2014-08-18 22:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-11 11:53 - 2014-08-18 22:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-11 11:53 - 2014-08-18 22:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-11 11:53 - 2014-08-18 22:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-11 11:53 - 2014-08-18 22:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-11 11:53 - 2014-08-18 22:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-11 11:53 - 2014-08-18 22:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-11 11:53 - 2014-08-18 22:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-11 11:53 - 2014-08-18 22:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-11 11:53 - 2014-08-18 22:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-11 11:53 - 2014-08-18 22:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-11 11:53 - 2014-08-18 22:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-11 11:53 - 2014-08-18 22:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-11 11:53 - 2014-08-18 21:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-11 11:53 - 2014-08-18 21:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-11 11:53 - 2014-08-18 21:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-11 11:53 - 2014-08-18 21:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-11 11:53 - 2014-08-18 21:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-11 11:49 - 2014-06-27 03:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-11 11:49 - 2014-06-27 02:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-11 08:27 - 2014-08-01 12:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-11 08:27 - 2014-08-01 12:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-11 08:23 - 2014-09-05 03:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-11 08:23 - 2014-09-05 03:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-11 08:23 - 2014-07-07 03:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-11 08:23 - 2014-07-07 03:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-11 08:23 - 2014-07-07 02:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-11 08:23 - 2014-07-07 02:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-11 08:23 - 2014-07-07 02:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-11 08:23 - 2014-06-24 04:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-11 08:23 - 2014-06-24 03:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-07 10:40 - 2014-09-07 10:40 - 00316959 _____ () C:\Users\Peter\Downloads\BUSINESS MEETING 100914.zip
2014-09-02 02:00 - 2014-09-23 07:16 - 00000000 ____D () C:\Users\Peter\AppData\Local\Adobe
2014-09-01 12:34 - 2014-09-01 12:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2014-09-01 12:33 - 2014-09-21 07:12 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-01 12:33 - 2014-09-01 12:33 - 00000830 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-01 12:33 - 2014-09-01 12:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-01 12:33 - 2014-09-01 12:33 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2014-09-01 12:33 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-01 12:33 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-01 12:33 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-01 12:31 - 2014-09-01 12:32 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Peter\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-01 12:30 - 2014-09-01 12:31 - 02806920 _____ () C:\Users\Peter\Downloads\Adaware_Installer (2).exe
2014-08-29 16:01 - 2014-08-23 03:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-29 16:01 - 2014-08-23 02:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-29 16:01 - 2014-08-23 01:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-23 14:45 - 2014-09-23 14:32 - 00030020 _____ () C:\Users\Peter\Downloads\FRST.txt
2014-09-23 14:45 - 2014-09-23 14:32 - 00000000 ____D () C:\FRST
2014-09-23 14:40 - 2013-04-23 21:32 - 01068698 _____ () C:\Windows\WindowsUpdate.log
2014-09-23 14:33 - 2014-09-23 14:33 - 00075846 _____ () C:\Users\Peter\Downloads\Addition.txt
2014-09-23 14:29 - 2014-09-23 14:29 - 02105856 _____ (Farbar) C:\Users\Peter\Downloads\FRST64.exe
2014-09-23 14:28 - 2009-07-14 06:13 - 00796934 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-23 14:26 - 2009-07-14 05:45 - 00029616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-23 14:26 - 2009-07-14 05:45 - 00029616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-23 14:25 - 2013-04-24 05:26 - 00000000 _____ () C:\Windows\Path.idx
2014-09-23 14:24 - 2014-09-23 14:24 - 00000000 ____D () C:\Windows\System32\Tasks\Norton AntiVirus
2014-09-23 14:20 - 2013-04-24 16:56 - 00000000 ____D () C:\Users\Peter\AppData\Local\CrashDumps
2014-09-23 14:20 - 2013-04-24 05:22 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-23 14:20 - 2013-04-24 05:21 - 01048576 _____ () C:\Windows\PE_Rom.dll
2014-09-23 14:19 - 2014-09-22 11:45 - 00000728 _____ () C:\Windows\setupact.log
2014-09-23 14:19 - 2014-04-05 12:37 - 00003218 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2014-09-23 14:19 - 2014-04-05 12:37 - 00002397 _____ () C:\Users\Public\Desktop\Norton AntiVirus.lnk
2014-09-23 14:19 - 2014-04-05 12:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton AntiVirus
2014-09-23 14:19 - 2014-04-05 12:36 - 00000000 ____D () C:\Windows\system32\Drivers\NAVx64
2014-09-23 14:19 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-23 14:11 - 2014-05-14 10:54 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-23 14:05 - 2013-04-24 05:22 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-23 12:27 - 2013-04-24 22:38 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\uTorrent
2014-09-23 12:09 - 2013-05-14 18:46 - 00000000 ____D () C:\Users\Peter\Documents\theRenamer
2014-09-23 07:16 - 2014-09-02 02:00 - 00000000 ____D () C:\Users\Peter\AppData\Local\Adobe
2014-09-22 21:25 - 2013-07-14 10:11 - 00000837 _____ () C:\Users\Public\Desktop\Media Center Master.lnk
2014-09-22 21:25 - 2013-07-14 10:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center Master
2014-09-22 21:24 - 2014-09-22 21:04 - 12754049 _____ (Media Center Master, Inc. ) C:\Users\Peter\Downloads\MCM_2.12.23514.782__setup.exe
2014-09-22 16:21 - 2014-04-07 13:36 - 00002305 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2014-09-22 16:07 - 2014-09-22 16:07 - 02806920 _____ () C:\Users\Peter\Downloads\Adaware_Installer (4).exe
2014-09-22 15:35 - 2014-09-22 11:45 - 00001376 _____ () C:\Windows\PFRO.log
2014-09-22 15:29 - 2014-09-22 15:29 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\ProductData
2014-09-22 15:29 - 2014-09-22 15:28 - 00000000 ____D () C:\ProgramData\IObit
2014-09-22 15:28 - 2014-09-22 15:28 - 00002886 _____ () C:\Windows\System32\Tasks\Uninstaller_SkipUac_Administrator
2014-09-22 15:28 - 2014-09-22 15:28 - 00001252 _____ () C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk
2014-09-22 15:28 - 2014-09-22 15:28 - 00001228 _____ () C:\Users\Public\Desktop\IObit Uninstaller.lnk
2014-09-22 15:28 - 2014-09-22 15:28 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\IObit
2014-09-22 15:28 - 2014-09-22 15:28 - 00000000 ____D () C:\ProgramData\ProductData
2014-09-22 15:28 - 2014-09-22 15:28 - 00000000 ____D () C:\Program Files (x86)\IObit
2014-09-22 15:27 - 2014-09-22 15:27 - 12906784 _____ (IObit) C:\Users\Peter\Downloads\iobituninstaller.exe
2014-09-22 15:18 - 2014-09-22 15:18 - 00003160 _____ () C:\Windows\System32\Tasks\{9A34128A-0BA1-47B6-B24E-55AF738FDF82}
2014-09-22 15:17 - 2014-09-22 15:17 - 02806920 _____ () C:\Users\Peter\Downloads\Adaware_Installer (3).exe
2014-09-22 14:51 - 2014-09-22 14:51 - 00001264 _____ () C:\Users\Peter\Desktop\Revo Uninstaller.lnk
2014-09-22 14:51 - 2014-09-22 14:51 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-09-22 14:50 - 2014-09-22 14:50 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Peter\Downloads\revosetup.exe
2014-09-22 13:35 - 2014-09-22 13:35 - 04161313 _____ () C:\Users\Peter\Downloads\tdsskiller.zip
2014-09-22 13:33 - 2014-09-22 13:33 - 00010230 _____ () C:\Users\Peter\Documents\ark.txt
2014-09-22 13:33 - 2013-09-30 14:00 - 00012800 ___SH () C:\Users\Peter\Thumbs.db
2014-09-22 13:08 - 2014-09-22 13:07 - 00380416 _____ () C:\Users\Peter\Downloads\twqf7td1.exe
2014-09-22 11:45 - 2014-09-22 11:45 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-22 11:42 - 2013-10-01 06:31 - 00000000 ____D () C:\Windows\Minidump
2014-09-22 11:42 - 2013-04-24 06:21 - 00000000 ____D () C:\Windows\Panther
2014-09-22 11:40 - 2013-05-27 20:21 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-09-22 11:40 - 2013-05-17 05:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes
2014-09-22 11:38 - 2013-04-24 17:12 - 00000000 ____D () C:\Program Files (x86)\HD Tune Pro
2014-09-22 10:42 - 2014-04-03 08:09 - 00000000 ____D () C:\Temp
2014-09-22 10:36 - 2013-04-30 20:42 - 00000000 _____ () C:\Windows\MB.idx
2014-09-22 10:26 - 2013-08-05 16:45 - 00000000 ____D () C:\Program Files\Google
2014-09-22 10:26 - 2013-04-24 05:22 - 00000000 ____D () C:\Program Files (x86)\Google
2014-09-22 10:22 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-09-22 08:22 - 2014-09-22 08:22 - 00004425 _____ () C:\Users\Peter\Desktop\Attach.rar
2014-09-22 08:19 - 2014-09-22 08:19 - 00031738 _____ () C:\Users\Peter\Downloads\DDS.txt
2014-09-22 08:19 - 2014-09-22 08:19 - 00012240 _____ () C:\Users\Peter\Downloads\Attach.txt
2014-09-22 08:18 - 2014-09-22 08:18 - 00031738 _____ () C:\Users\Peter\Desktop\dds.txt
2014-09-22 08:18 - 2014-09-22 08:18 - 00012240 _____ () C:\Users\Peter\Desktop\attach.txt
2014-09-22 08:17 - 2014-09-22 08:17 - 00688992 ____R (Swearware) C:\Users\Peter\Downloads\dds.com
2014-09-22 07:57 - 2014-09-22 07:57 - 00016784 _____ () C:\Users\Peter\Downloads\hijackthis.log
2014-09-22 07:56 - 2014-09-22 07:56 - 00388608 _____ (Trend Micro Inc.) C:\Users\Peter\Downloads\HijackThis.exe
2014-09-22 07:53 - 2014-09-22 07:53 - 00002975 _____ () C:\Users\Peter\Desktop\HiJackThis.lnk
2014-09-22 07:53 - 2014-09-22 07:53 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2014-09-22 07:52 - 2014-09-22 07:52 - 01402880 _____ () C:\Users\Peter\Downloads\HiJackThis.msi
2014-09-21 11:23 - 2014-05-16 06:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupon Printer
2014-09-21 11:23 - 2013-04-24 05:22 - 00000000 ____D () C:\Users\Peter\AppData\Local\Google
2014-09-21 08:32 - 2014-09-21 08:32 - 00003095 _____ () C:\Users\Peter\Downloads\parkrun.kmz
2014-09-21 08:08 - 2014-09-21 08:07 - 00000756 _____ () C:\Users\Peter\Downloads\GoogleEarth_Placemark (1).kmz
2014-09-21 07:51 - 2013-05-18 06:18 - 00007601 _____ () C:\Users\Peter\AppData\Local\Resmon.ResmonCfg
2014-09-21 07:12 - 2014-09-01 12:33 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-20 19:27 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\IME
2014-09-20 06:53 - 2013-09-06 06:35 - 00000000 ____D () C:\Program Files (x86)\ExtractNow
2014-09-19 23:34 - 2013-07-15 07:18 - 00001031 _____ () C:\Users\Peter\Desktop\ExtractNow.lnk
2014-09-19 23:32 - 2014-09-19 23:32 - 02027744 _____ (Nathan Moinvaziri) C:\Users\Peter\Downloads\extractnow (2).exe
2014-09-19 21:42 - 2014-09-19 21:42 - 00322560 _____ (Geek-Republic.com) C:\Users\Peter\Downloads\suction.exe
2014-09-19 21:17 - 2014-09-19 21:17 - 00012746 _____ () C:\Users\Peter\Downloads\mimosa.kml
2014-09-19 20:50 - 2014-09-19 20:50 - 00000000 _____ () C:\Users\Peter\Downloads\GoogleEarth_Placemark.kmz.x8zmzdj.partial
2014-09-19 09:59 - 2014-09-19 09:58 - 00093790 _____ () C:\Users\Peter\Downloads\Parys Parkrun.zip
2014-09-18 10:20 - 2014-09-18 10:20 - 04047300 _____ (theRenamer ) C:\Users\Peter\Downloads\theRenamer_Setup (3).exe
2014-09-18 10:20 - 2013-09-01 04:16 - 00001031 _____ () C:\Users\Peter\Desktop\theRenamer.lnk
2014-09-18 10:20 - 2013-09-01 04:16 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\theRenamer
2014-09-18 10:20 - 2013-09-01 04:16 - 00000000 ____D () C:\Program Files (x86)\theRenamer
2014-09-18 10:00 - 2014-09-18 10:00 - 00223865 _____ () C:\Users\Peter\Downloads\Focus stacking.zip
2014-09-17 22:17 - 2014-06-03 10:09 - 00003840 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1396162227
2014-09-17 22:17 - 2014-03-30 07:50 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-09-12 22:12 - 2013-06-21 10:36 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\vlc
2014-09-11 18:07 - 2013-04-24 05:40 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-11 13:16 - 2014-08-17 09:33 - 00000000 ____D () C:\Windows\rescache
2014-09-11 11:53 - 2013-04-24 08:31 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-11 11:52 - 2013-07-12 20:08 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-11 11:52 - 2013-04-24 15:25 - 00780800 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-11 11:49 - 2014-05-08 08:40 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-11 11:49 - 2013-04-24 05:13 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-10 12:12 - 2014-05-14 10:54 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-10 12:12 - 2013-04-27 11:34 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-10 12:12 - 2013-04-27 11:34 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-07 10:40 - 2014-09-07 10:40 - 00316959 _____ () C:\Users\Peter\Downloads\BUSINESS MEETING 100914.zip
2014-09-05 03:10 - 2014-09-11 08:23 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-05 03:05 - 2014-09-11 08:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-03 16:39 - 2009-07-14 05:45 - 05033352 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-02 22:09 - 2013-05-27 20:21 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\Skype
2014-09-02 17:34 - 2013-05-27 20:21 - 00000000 ____D () C:\ProgramData\Skype
2014-09-01 19:58 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\L2Schemas
2014-09-01 12:34 - 2014-09-01 12:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2014-09-01 12:33 - 2014-09-01 12:33 - 00000830 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-01 12:33 - 2014-09-01 12:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-01 12:33 - 2014-09-01 12:33 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2014-09-01 12:33 - 2013-05-25 01:56 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-01 12:32 - 2014-09-01 12:31 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Peter\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-01 12:31 - 2014-09-01 12:30 - 02806920 _____ () C:\Users\Peter\Downloads\Adaware_Installer (2).exe
2014-08-29 15:57 - 2009-07-14 06:08 - 00032620 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-25 06:53 - 2010-11-21 04:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-09-16 00:04

==================== End Of Log ============================

 

Attached Files



#8 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:06 AM

Posted 23 September 2014 - 09:14 AM

Fix with FRST (normal mode)

WARNING: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
 

  • Download the attached fixlist.txt and save it to the location where FRST is saved to.
  • Run FRST.exe (on 64bit, run FRST64.exe) and press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply.

 

 

 

 

 

Full System Scan with Malwarebytes Antimalware
 

  • If not existing, please download Malwarebytes Anti-Malware to your desktop.
  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

Attached Files


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#9 peter-d-w

peter-d-w
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:06 AM

Posted 23 September 2014 - 01:59 PM

Thank you Marius.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 23-09-2014
Ran by Peter at 2014-09-23 19:12:32 Run:1
Running from C:\Users\Peter\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Task: {1E0BB3F8-E887-4156-B2D5-1A8101376693} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
Task: {3AC707DE-BDE8-49B2-8884-0F73000344B9} - System32\Tasks\4693 => Wscript.exe C:\Users\Peter\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
AlternateDataStreams: C:\Users\Peter\Cookies:kdRdekK7Eo3VFaLz89VFRMK
CHR DefaultSearchKeyword: Default -> trovi.search
CHR DefaultSearchProvider: Default -> Trovi search
CHR DefaultSearchURL: Default -> http://www.trovi.com/Results.aspx?gd=&ctid=CT3318522&octid=EB_ORIGINAL_CTID&ISID=M86927EBE-9A01-4842-9098-99EAF9A178C6&SearchSource=58&CUI=&UM=5&UP=SP15780DCD-C9F6-429C-AC53-1A7360C399EC&q={searchTerms}&SSPV=
CHR DefaultSuggestURL: Default -> http://suggest.seccint.com/CSuggestJson.ashx?prefix={searchTerms}
C:\Users\Peter\AppData\Local\Temp\launchie.vbs

EmptyTemp:
*****************

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1E0BB3F8-E887-4156-B2D5-1A8101376693}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1E0BB3F8-E887-4156-B2D5-1A8101376693}" => Key deleted successfully.
C:\Windows\System32\Tasks\0 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3AC707DE-BDE8-49B2-8884-0F73000344B9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3AC707DE-BDE8-49B2-8884-0F73000344B9}" => Key deleted successfully.
C:\Windows\System32\Tasks\4693 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4693" => Key deleted successfully.
"C:\Users\Peter\Cookies" => ":kdRdekK7Eo3VFaLz89VFRMK" ADS not found.
Chrome DefaultSearchKeyword deleted successfully.
CHR DefaultSearchProvider: Default -> Trovi search ==> The Chrome "Settings" can be used to fix the entry.
Chrome DefaultSearchURL deleted successfully.
Chrome DefaultSuggestURL deleted successfully.
"C:\Users\Peter\AppData\Local\Temp\launchie.vbs" => File/Directory not found.
EmptyTemp: => Removed 1 GB temporary data.


The system needed a reboot. 

==== End of Fixlog ====
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 23/09/2014
Scan Time: 19:20:27
Logfile: 
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.09.23.08
Rootkit Database: v2014.09.19.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Peter

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 332672
Time Elapsed: 4 min, 1 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 1
PUP.Optional.TornTV.A, C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com, Quarantined, [d440d21fd1aa84b22afa0501659ed62a], 

Files: 2
PUP.Optional.TornTV.A, C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com\TornTV.lnk, Quarantined, [d440d21fd1aa84b22afa0501659ed62a], 
PUP.Optional.TornTV.A, C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com\Uninstall.lnk, Quarantined, [d440d21fd1aa84b22afa0501659ed62a], 

Physical Sectors: 0
(No malicious items detected)


(end)


#10 peter-d-w

peter-d-w
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:06 AM

Posted 23 September 2014 - 02:04 PM

Fix result of
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 23/09/2014
Scan Time: 19:20:27
Logfile: 
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.09.23.08
Rootkit Database: v2014.09.19.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Peter

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 332672
Time Elapsed: 4 min, 1 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 1
PUP.Optional.TornTV.A, C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com, Quarantined, [d440d21fd1aa84b22afa0501659ed62a], 

Files: 2
PUP.Optional.TornTV.A, C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com\TornTV.lnk, Quarantined, [d440d21fd1aa84b22afa0501659ed62a], 
PUP.Optional.TornTV.A, C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com\Uninstall.lnk, Quarantined, [d440d21fd1aa84b22afa0501659ed62a], 

Physical Sectors: 0
(No malicious items detected)


(end)

Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 23-09-2014 Ran by Peter at 2014-09-23 19:12:32 Run:1 Running from C:\Users\Peter\Downloads Boot Mode: Normal ============================================== Content of fixlist: ***************** Task: {1E0BB3F8-E887-4156-B2D5-1A8101376693} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION Task: {3AC707DE-BDE8-49B2-8884-0F73000344B9} - System32\Tasks\4693 => Wscript.exe C:\Users\Peter\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION AlternateDataStreams: C:\Users\Peter\Cookies:kdRdekK7Eo3VFaLz89VFRMK CHR DefaultSearchKeyword: Default -> trovi.search CHR DefaultSearchProvider: Default -> Trovi search CHR DefaultSearchURL: Default -> http://www.trovi.com/Results.aspx?gd=&ctid=CT3318522&octid=EB_ORIGINAL_CTID&ISID=M86927EBE-9A01-4842-9098-99EAF9A178C6&SearchSource=58&CUI=&UM=5&UP=SP15780DCD-C9F6-429C-AC53-1A7360C399EC&q={searchTerms}&SSPV= CHR DefaultSuggestURL: Default -> http://suggest.seccint.com/CSuggestJson.ashx?prefix={searchTerms} C:\Users\Peter\AppData\Local\Temp\launchie.vbs EmptyTemp: ***************** "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1E0BB3F8-E887-4156-B2D5-1A8101376693}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1E0BB3F8-E887-4156-B2D5-1A8101376693}" => Key deleted successfully. C:\Windows\System32\Tasks\0 => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3AC707DE-BDE8-49B2-8884-0F73000344B9}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3AC707DE-BDE8-49B2-8884-0F73000344B9}" => Key deleted successfully. C:\Windows\System32\Tasks\4693 => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4693" => Key deleted successfully. "C:\Users\Peter\Cookies" => ":kdRdekK7Eo3VFaLz89VFRMK" ADS not found. Chrome DefaultSearchKeyword deleted successfully. CHR DefaultSearchProvider: Default -> Trovi search ==> The Chrome "Settings" can be used to fix the entry. Chrome DefaultSearchURL deleted successfully. Chrome DefaultSuggestURL deleted successfully. "C:\Users\Peter\AppData\Local\Temp\launchie.vbs" => File/Directory not found. EmptyTemp: => Removed 1 GB temporary data. The system needed a reboot. ==== End of Fixlog ====

Thanks Marius.



#11 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:06 AM

Posted 24 September 2014 - 07:08 AM

Scan with ESET Online Scan

Go here to run an online scannner from ESET. Windows Vista/Windows 7/Windows 8 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

  • Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Here's how.
  • Click the blue Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the program to install the "OnlineScanner.cab" activex control by clicking the Install button
  • Once the activex control is installed, on the next screen click on Enable detection of potentially unwanted applications
  • Click on Advanced Settings
  • Make sure that the option Remove found threats is unticked.
  • Ensure these options are ticked
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start
  • Wait for the scan to finish
  • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
  • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
  • Close the ESET online scan, and let me know how things are now.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#12 peter-d-w

peter-d-w
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:06 AM

Posted 24 September 2014 - 10:29 AM

Hi Marius,

 

The PC has been no better up to now but seems to be behaving itself enough for me to type this message. In fact it seems to be back to normal. Did Eset online scanner remove something just now?

Thanks for your continuing to help.

C:\Users\Peter\AppData\Roaming\Opera Software\Opera Stable\File System\001\t\00\00000000	Win32/AdWare.1ClickDownload.AT application
C:\Users\Peter\AppData\Roaming\Opera Software\Opera Stable\File System\001\t\00\00000001	Win32/AdWare.1ClickDownload.AT application
C:\Users\Peter\AppData\Roaming\Opera Software\Opera Stable\File System\002\t\00\00000001	Win32/AdWare.1ClickDownload.AT application
C:\Users\Peter\AppData\Roaming\Opera Software\Opera Stable\File System\002\t\00\00000003	Win32/AdWare.1ClickDownload.AT application
C:\Users\Peter\Documents\South Africa\AVS.Video.Editor.v6.1.2.211.Multilingual.mundomanuales.com.rar	a variant of Win32/HackTool.Patcher.T potentially unsafe application
C:\Users\Peter\Downloads\extractnow (2).exe	Win32/DownWare.L potentially unwanted application
D:\utorrent-complete\ubcd522.iso	Win32/PSWTool.KonBoot.A potentially unsafe application
D:\utorrent-complete\CCleaner.Professional.and.Business.Edition.v4.02.4115\Business Edition.rar	Win32/Bundled.Toolbar.Google.D potentially unsafe application
D:\utorrent-complete\CCleaner.Professional.and.Business.Edition.v4.02.4115\Professional.rar	Win32/Bundled.Toolbar.Google.D potentially unsafe application
D:\utorrent-complete\CCleaner.Professional.and.Business.Edition.v4.02.4115\Professional\Professional\ccsetup402.exe	Win32/Bundled.Toolbar.Google.D potentially unsafe application
D:\utorrent-complete\torrent-BS\SlySoft.AnyDVD.HD.v7.4.4.0.Multilingual-P2P.rar	a variant of Win32/Packed.VMProtect.ABD trojan
D:\utorrent-complete\TuneUp.Utilities.2014.v14.0.1000.88\Tuu141k88.rar	BAT/HostsChanger.A potentially unsafe application
D:\utorrent-complete\TuneUp.Utilities.2014.v14.0.1000.88\Tuu141k88\Fix\Fix.rar	BAT/HostsChanger.A potentially unsafe application
D:\utorrent-complete\TuneUp.Utilities.2014.v14.0.1000.88\Tuu141k88\Fix\Fix\disable_activation.cmd	BAT/HostsChanger.A potentially unsafe application
G:\Downloads\SoftonicDownloader_for_potplayer.exe	Win32/SoftonicDownloader.E potentially unwanted application
G:\downloads2\avs.msi	a variant of Win32/Adware.Softomate.AA application
G:\downloads2\Nero-7.10.1.0_eng_update.exe	Win32/Toolbar.AskSBar potentially unwanted application

help.


Edited by peter-d-w, 24 September 2014 - 10:36 AM.


#13 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:06 AM

Posted 24 September 2014 - 10:37 AM

Use the Windows Error Checking utility (Check Disk), with the options to fix file system errors and scan the disk surface for errors, attempt recovery of data and repair the disk:

  • Click the "Windows Orb" Start button, then click Computer.
  • Right-click on the drive that you wish to check > Properties > Tools tab
  • In the "Error checking" section, click on Check now.
  • Place a checkmark in both boxes > Start.
  • If the disk you have chosen is the Windows system disk:
  • A message will notify you that a restart is necessary ask "Do you want to check for hard disk errors the next time you start your computer?".
  • Click Schedule disk check > OK and close all windows.
  • Re-start the computer. The disk will be checked when the system boots.
  • This will take some time to run and at times may appear stalled but just let it run.
  • When the disk check is complete, the system will re-start automatically and load Windows.


A log of the disk check is recorded only if the scheduled re-start is used, and only for drives on the same HDD as the Operating System.
To open Event Viewer and view the log:

  • Click the "Windows Orb" Start button -> type "eventvwr" without the quotes -> press the key.
  • The Event Viewer window will open.
  • In the left pane, expand "Windows Logs" and then click on Application.
  • In the right pane, at the top, click on the column heading Source to sort the list alphabetically.
  • Look in the Source column for "Wininit", with an entry corresponding to the date and time of the disk check.
  • Click on that Wininit entry to select it.
  • On the top main menu, click Action > Copy > Copy Details as Text.
  • Paste the contents into your next reply.

 

 

System File Check

For Windows XP:

  • Press the Windows- and the R-key simultanously.
  • Within the text box that jus opened, write cmd and hit Enter.


For Windows Vista/7:

  • Press the Windows key to open the start menu.
  • Don´t highlight anything, just write cmd.
  • The start menu will offer you an entry named cmd.
  • Right click it and select "run as administrator"



Within the opening window, write the following:

sfc /scannow
(See the blank within).


  • Hit enter. Your system will be checked for damaged system files.
  • Tell me the result of that scan in here (as the tool produces no log).

Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#14 peter-d-w

peter-d-w
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:06 AM

Posted 24 September 2014 - 02:44 PM

Log Name:      Application
Source:        Microsoft-Windows-Wininit
Date:          24/09/2014 17:44:02
Event ID:      1001
Task Category: None
Level:         Information
Keywords:      Classic
User:          N/A
Computer:      Peter-NewMesh
Description:


Checking file system on C:
The type of the file system is NTFS.

A disk check has been scheduled.
Windows will now check the disk.                         

CHKDSK is verifying files (stage 1 of 5)...
Cleaning up instance tags for file 0x364f0.
Cleaning up instance tags for file 0x3658c.
  475136 file records processed.                                         

File verification completed.
  4470 large file records processed.                                   

  0 bad file records processed.                                     

  0 EA records processed.                                           

  46 reparse records processed.                                      

CHKDSK is verifying indexes (stage 2 of 5)...
  849148 index entries processed.                                        

Index verification completed.
  0 unindexed files scanned.                                        

  0 unindexed files recovered.                                      

CHKDSK is verifying security descriptors (stage 3 of 5)...
  475136 file SDs/SIDs processed.                                        

Cleaning up 556 unused index entries from index $SII of file 0x9.
Cleaning up 556 unused index entries from index $SDH of file 0x9.
Cleaning up 556 unused security descriptors.
Security descriptor verification completed.
  187007 data files processed.                                           

CHKDSK is verifying Usn Journal...
  36594736 USN bytes processed.                                            

Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
  475120 files processed.                                                

File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
  2775843 free clusters processed.                                        

Free space verification is complete.
Windows has made corrections to the file system.

 117115903 KB total disk space.
 105233208 KB in 237293 files.
    196728 KB in 187008 indexes.
         0 KB in bad sectors.
    582595 KB in use by the system.
     65536 KB occupied by the log file.
  11103372 KB available on disk.

      4096 bytes in each allocation unit.
  29278975 total allocation units on disk.
   2775843 allocation units available on disk.

Internal Info:
00 40 07 00 77 79 06 00 74 58 0b 00 00 00 00 00  .@..wy..tX......
ca 02 00 00 2e 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................

Windows has finished checking your disk.
Please wait while your computer restarts.

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-Wininit" Guid="{206f6dea-d3c5-4d10-bc72-989f03c8b84b}" EventSourceName="Wininit" />
    <EventID Qualifiers="16384">1001</EventID>
    <Version>0</Version>
    <Level>4</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2014-09-24T16:44:02.000000000Z" />
    <EventRecordID>41384</EventRecordID>
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>Application</Channel>
    <Computer>Peter-NewMesh</Computer>
    <Security />
  </System>
  <EventData>
    <Data>

Checking file system on C:
The type of the file system is NTFS.

A disk check has been scheduled.
Windows will now check the disk.                         

CHKDSK is verifying files (stage 1 of 5)...
Cleaning up instance tags for file 0x364f0.
Cleaning up instance tags for file 0x3658c.
  475136 file records processed.                                         

File verification completed.
  4470 large file records processed.                                   

  0 bad file records processed.                                     

  0 EA records processed.                                           

  46 reparse records processed.                                      

CHKDSK is verifying indexes (stage 2 of 5)...
  849148 index entries processed.                                        

Index verification completed.
  0 unindexed files scanned.                                        

  0 unindexed files recovered.                                      

CHKDSK is verifying security descriptors (stage 3 of 5)...
  475136 file SDs/SIDs processed.                                        

Cleaning up 556 unused index entries from index $SII of file 0x9.
Cleaning up 556 unused index entries from index $SDH of file 0x9.
Cleaning up 556 unused security descriptors.
Security descriptor verification completed.
  187007 data files processed.                                           

CHKDSK is verifying Usn Journal...
  36594736 USN bytes processed.                                            

Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
  475120 files processed.                                                

File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
  2775843 free clusters processed.                                        

Free space verification is complete.
Windows has made corrections to the file system.

 117115903 KB total disk space.
 105233208 KB in 237293 files.
    196728 KB in 187008 indexes.
         0 KB in bad sectors.
    582595 KB in use by the system.
     65536 KB occupied by the log file.
  11103372 KB available on disk.

      4096 bytes in each allocation unit.
  29278975 total allocation units on disk.
   2775843 allocation units available on disk.

Internal Info:
00 40 07 00 77 79 06 00 74 58 0b 00 00 00 00 00  .@..wy..tX......
ca 02 00 00 2e 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................

Windows has finished checking your disk.
Please wait while your computer restarts.
</Data>
  </EventData>
</Event>

sfc /scannow

Verification 100% complete

Windows Resource Protection did not find any integrity violations.

 

The mouse is still lagging or freezing though.

Thank You

 

Peter


Edited by peter-d-w, 25 September 2014 - 02:05 AM.


#15 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:06 AM

Posted 25 September 2014 - 06:19 AM

Windows Repair (all-in-one)

Download Windows Repair (All in One) from this site

Install the program then run it.

NOTE 1. In Windows Vista, 7 and 8 right click on the program, click "Run As Administrator".
NOTE 2. Disable your antivirus program before running Windows Repair.


Go to Step 2 and click on Check button next to 1. See If Check Disk Is Needed.
If the tool indicates that the Check Disk is needed click on Do It button next to 2. Check Disk.
In that case make sure you restart computer.

p22004342.gif


Once the above is done go to Step 3 and allow it to run System File Check by clicking on Do It button:

p22004343.gif


Go to Step 4 and under "System Restore" click on Create button:

p22004346.gif


Go to Start Repairs tab and click Start button.

Leave all checkmarks as they're.
NOTE for Windows 8 users. Reset Registry Permissions is NOT checked by design.

Click on Start button.

p22004347.gif

Post Windows Repair log which is located in the following folder:
64-bit systems - C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Logs
32-bit systems - C:\Program Files\Tweaking.com\Windows Repair (All in One)\Logs


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users