Solved multiple malware .exe*32 slowing down computer

peeaitcheye · Dec 29, 2014

Hi. I've noticed a multiple .exe*32 files running in my task manager and its been slowing down my computer. more specifically chrome.exe*32 and vlc.exe*32 please help!

argus · Dec 29, 2014

Helllo,

Before we begin, please note the following:

I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
The logs can take some time to research, so please be patient with me.
Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
Instructions that I give are for your system only!
Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

Download

Malwarebytes Anti-Rootkit to your desktop.

Double-click the icon to start the tool.
It will ask you where to extract it, then it will start.
Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
Click in the introduction screen "next" to continue.
Click in the following screen "Update" to obtain the latest malware definitions.
Once the update is complete select "Next" and click "Scan".
When the scan is finished and no malware has been found select "Exit".
If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
Open the MBAR folder and paste the content of the following files in your next reply:
- "mbar-log-{date} (xx-xx-xx).txt"
- "system-log.txt"

Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

Right-click on

icon and select

Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).
Make sure that Addition option is checked.
Press Scan button and wait.
The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content into your next reply.

peeaitcheye · Dec 30, 2014

Malwarebytes Anti-Rootkit BETA 1.08.2.1001
www.malwarebytes.org

Database version: v2014.12.30.02

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
peeaitcheye :: PEEAITCHEYE-PC [administrator]

12/29/2014 9:56:19 PM
mbar-log-2014-12-29 (21-56-19).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 323315
Time elapsed: 4 minute(s), 9 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.08.2.1001

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7600 Windows 7 x64

Account is Administrative

Internet Explorer version: 8.0.7600.16385

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED, G:\ DRIVE_FIXED
CPU speed: 3.400000 GHz
Memory total: 8541671424, free: 6671433728

Downloaded database version: v2014.12.30.02
Downloaded database version: v2014.12.29.02
Downloaded database version: v2014.12.06.01
=======================================
Initializing...
This version of Malwarebytes Anti-Rootkit requires you to completely exit the Malwarebytes Anti-Malware application to continue.
=======================================

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.08.2.1001

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7600 Windows 7 x64

Account is Administrative

Internet Explorer version: 8.0.7600.16385

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED, G:\ DRIVE_FIXED
CPU speed: 3.400000 GHz
Memory total: 8541671424, free: 6937309184

=======================================
Initializing...
------------ Kernel report ------------
12/29/2014 21:56:13
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\DRIVERS\ACPI.sys
\SystemRoot\system32\DRIVERS\WMILIB.SYS
\SystemRoot\system32\DRIVERS\msisadrv.sys
\SystemRoot\system32\DRIVERS\pci.sys
\SystemRoot\system32\DRIVERS\vdrvroot.sys
\SystemRoot\system32\DRIVERS\iusb3hcs.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\DRIVERS\pciide.sys
\SystemRoot\system32\DRIVERS\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\atapi.sys
\SystemRoot\system32\DRIVERS\ataport.SYS
\SystemRoot\system32\DRIVERS\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\vmstorfl.sys
\SystemRoot\system32\DRIVERS\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\iusb3xhc.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\AtihdW76.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\iusb3hub.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\RTL8192su.sys
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\sechost.dll
\Windows\System32\user32.dll
\Windows\System32\clbcatq.dll
\Windows\System32\iertutil.dll
\Windows\System32\Wldap32.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\msvcrt.dll
\Windows\System32\oleaut32.dll
\Windows\System32\comdlg32.dll
\Windows\System32\imm32.dll
\Windows\System32\lpk.dll
\Windows\System32\normaliz.dll
\Windows\System32\shlwapi.dll
\Windows\System32\urlmon.dll
\Windows\System32\difxapi.dll
\Windows\System32\ws2_32.dll
\Windows\System32\ole32.dll
\Windows\System32\shell32.dll
\Windows\System32\advapi32.dll
\Windows\System32\kernel32.dll
\Windows\System32\msctf.dll
\Windows\System32\usp10.dll
\Windows\System32\imagehlp.dll
\Windows\System32\setupapi.dll
\Windows\System32\nsi.dll
\Windows\System32\wininet.dll
\Windows\System32\psapi.dll
\Windows\System32\gdi32.dll
\Windows\System32\devobj.dll
\Windows\System32\KernelBase.dll
\Windows\System32\crypt32.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\wintrust.dll
\Windows\System32\comctl32.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa80089f3620
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000076\
Lower Device Object: 0xfffffa80087e3b70
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa800780c060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP1T0L0-1\
Lower Device Object: 0xfffffa800752e060
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa800780c060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800780cb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800780c060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800743de40, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa800752e060, DeviceName: \Device\Ide\IdeDeviceP1T0L0-1\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: C99914E6

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 204800
Partition file system is NTFS
Partition is bootable

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 206848 Numsec = 511793152

Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 512000000 Numsec = 1024000000

Partition 3 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 1536000000 Numsec = 2371026944

Disk Size: 2000398934016 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa80089f3620, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8008851b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80089f3620, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80087e3b70, DeviceName: \Device\00000076\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: F86F2

Partition information:

Partition 0 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 2930270208

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 1500299395072 bytes
Sector size: 512 bytes

Done!
Scan finished
=======================================

Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
Removal finished

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-12-2014
Ran by peeaitcheye (administrator) on PEEAITCHEYE-PC on 29-12-2014 22:02:58
Running from C:\Users\peeaitcheye\Desktop
Loaded Profile: peeaitcheye (Available profiles: peeaitcheye)
Platform: Windows 7 Professional (X64) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Realtek) C:\Program Files (x86)\RNX-N150UBE\11n USB Wireless LAN Utility\RtlService.exe
(Realtek Semiconductor Corp.) C:\Program Files (x86)\RNX-N150UBE\11n USB Wireless LAN Utility\RtWLan.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7560296 2011-12-12] (Realtek Semiconductor)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-26] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-09-30] (Advanced Micro Devices, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1733408913-109812225-2979640582-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1733408913-109812225-2979640582-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\peeaitcheye\AppData\Roaming\Mozilla\Firefox\Profiles\183bpjzd.default
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\gcswf32.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll ()
CHR Plugin: (Chrome NaCl) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Google Gears 0.5.33.0) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\gears.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Profile: C:\Users\peeaitcheye\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\peeaitcheye\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-28]
CHR Extension: (Adblock Plus) - C:\Users\peeaitcheye\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-12-27]
CHR Extension: (Facebook Customizer (by Adblock Plus)) - C:\Users\peeaitcheye\AppData\Local\Google\Chrome\User Data\Default\Extensions\deoeenbkoccjaefmmhpmlegngdjohdcm [2014-12-27]
CHR Extension: (Chrome AdBlock Plus) - C:\Users\peeaitcheye\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbpbdggplehjfceendelhkobogklpngg [2014-12-27]
CHR Extension: (Google Wallet) - C:\Users\peeaitcheye\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-27]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 Realtek11nSU; C:\Program Files (x86)\RNX-N150UBE\11n USB Wireless LAN Utility\RtlService.exe [40960 2009-12-07] (Realtek) [File not signed]
R2 Unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [111208 2014-12-28] (RaMMicHaeL)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-29] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-29 21:56 - 2014-12-29 22:00 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-12-29 21:54 - 2014-12-29 22:00 - 00000000 ____D () C:\Users\peeaitcheye\Desktop\mbar
2014-12-29 21:53 - 2014-12-29 21:54 - 16448208 _____ (Malwarebytes Corp.) C:\Users\peeaitcheye\Downloads\mbar-1.08.2.1001.exe
2014-12-28 23:31 - 2014-12-29 22:03 - 00007144 _____ () C:\Users\peeaitcheye\Desktop\FRST.txt
2014-12-28 23:31 - 2014-12-28 23:32 - 00024148 _____ () C:\Users\peeaitcheye\Desktop\Addition.txt
2014-12-28 23:18 - 2014-12-28 23:19 - 04187592 _____ (Kaspersky Lab ZAO) C:\Users\peeaitcheye\Downloads\tdsskiller.exe
2014-12-28 23:11 - 2014-12-29 22:02 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-28 23:11 - 2014-12-29 21:56 - 00096472 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-28 23:11 - 2014-12-28 23:11 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-28 23:11 - 2014-12-28 23:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-28 23:11 - 2014-12-28 23:11 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-28 23:11 - 2014-12-28 23:11 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-28 23:11 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-28 23:11 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-28 23:10 - 2014-12-28 23:11 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\peeaitcheye\Downloads\mbam-setup-2.0.4.1028.exe
2014-12-28 23:05 - 2014-12-28 23:05 - 00008196 _____ () C:\ComboFix.txt
2014-12-28 23:01 - 2014-12-28 23:05 - 00000000 ____D () C:\Qoobox
2014-12-28 23:01 - 2011-06-25 22:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-12-28 23:01 - 2010-11-07 09:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-12-28 23:01 - 2009-04-19 20:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-12-28 23:01 - 2000-08-30 16:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-12-28 23:01 - 2000-08-30 16:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-12-28 23:01 - 2000-08-30 16:00 - 00098816 _____ () C:\Windows\sed.exe
2014-12-28 23:01 - 2000-08-30 16:00 - 00080412 _____ () C:\Windows\grep.exe
2014-12-28 23:01 - 2000-08-30 16:00 - 00068096 _____ () C:\Windows\zip.exe
2014-12-28 22:59 - 2014-12-28 23:05 - 00000000 ____D () C:\Windows\erdnt
2014-12-28 22:59 - 2014-12-28 22:59 - 05603624 ____R (Swearware) C:\Users\peeaitcheye\Downloads\ComboFix.exe
2014-12-28 22:54 - 2014-12-28 22:54 - 00012106 _____ () C:\Users\peeaitcheye\Downloads\Addition.txt
2014-12-28 22:53 - 2014-12-29 22:02 - 00000000 ____D () C:\FRST
2014-12-28 22:53 - 2014-12-28 22:54 - 00030070 _____ () C:\Users\peeaitcheye\Downloads\FRST.txt
2014-12-28 22:53 - 2014-12-28 22:53 - 02123264 _____ (Farbar) C:\Users\peeaitcheye\Desktop\FRST64.exe
2014-12-28 22:52 - 2014-12-28 22:52 - 01114624 _____ (Farbar) C:\Users\peeaitcheye\Downloads\FRST.exe
2014-12-28 22:43 - 2014-12-28 22:43 - 00001019 _____ () C:\Users\Public\Desktop\Unchecky.lnk
2014-12-28 22:43 - 2014-12-28 22:43 - 00000000 ____D () C:\ProgramData\Unchecky
2014-12-28 22:43 - 2014-12-28 22:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unchecky
2014-12-28 22:43 - 2014-12-28 22:43 - 00000000 ____D () C:\Program Files (x86)\Unchecky
2014-12-27 22:48 - 2014-12-27 22:48 - 00000000 ____D () C:\Users\peeaitcheye\AppData\Roaming\WinRAR
2014-12-27 16:16 - 2014-11-24 14:04 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-12-27 16:14 - 2014-12-27 16:14 - 01941064 _____ () C:\Users\peeaitcheye\Downloads\winrar-x64-520.exe
2014-12-27 16:14 - 2014-12-27 16:14 - 00000000 ____D () C:\Users\peeaitcheye\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-12-27 16:14 - 2014-12-27 16:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-12-27 16:14 - 2014-12-27 16:14 - 00000000 ____D () C:\Program Files\WinRAR
2014-12-27 16:13 - 2014-12-27 16:13 - 00001794 _____ () C:\Users\Public\Desktop\Vuze.lnk
2014-12-27 16:13 - 2014-12-27 16:13 - 00001794 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vuze.lnk
2014-12-27 16:13 - 2014-12-27 16:13 - 00000064 _____ () C:\Users\peeaitcheye\AppData\Local\092b24a5009100c0c5fc578f330d5f31
2014-12-27 16:13 - 2014-12-27 16:13 - 00000000 ____D () C:\Users\peeaitcheye\.swt
2014-12-27 16:12 - 2014-12-29 01:12 - 00000000 ____D () C:\Users\peeaitcheye\AppData\Roaming\Azureus
2014-12-27 16:12 - 2014-12-27 16:13 - 00000000 ____D () C:\Program Files\Vuze
2014-12-27 16:08 - 2014-12-27 16:09 - 00000000 ____D () C:\Users\peeaitcheye\AppData\Roaming\Mozilla
2014-12-27 16:08 - 2014-12-27 16:09 - 00000000 ____D () C:\Users\peeaitcheye\AppData\Local\Mozilla
2014-12-27 16:08 - 2014-12-27 16:08 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-12-27 16:08 - 2014-12-27 16:08 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-12-27 16:08 - 2014-12-27 16:08 - 00000000 ____D () C:\ProgramData\Mozilla
2014-12-27 16:08 - 2014-12-27 16:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-27 16:08 - 2014-12-27 16:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-27 16:07 - 2014-12-27 16:07 - 00244104 _____ () C:\Users\peeaitcheye\Downloads\Firefox Setup Stub 34.0.5.exe
2014-12-27 16:01 - 2014-12-29 01:12 - 00000000 ____D () C:\Users\peeaitcheye\AppData\Roaming\vlc
2014-12-27 16:00 - 2014-12-27 16:00 - 00001066 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-12-27 16:00 - 2014-12-27 16:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-12-27 16:00 - 2014-12-27 16:00 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-12-27 15:58 - 2014-12-27 15:58 - 00057560 _____ () C:\Users\peeaitcheye\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-27 15:58 - 2014-12-27 15:58 - 00000000 ____D () C:\Users\peeaitcheye\AppData\Roaming\ATI
2014-12-27 15:58 - 2014-12-27 15:58 - 00000000 ____D () C:\Users\peeaitcheye\AppData\Local\ATI
2014-12-27 15:58 - 2014-12-27 15:58 - 00000000 ____D () C:\ProgramData\ATI
2014-12-27 15:58 - 2014-12-27 15:58 - 00000000 _____ () C:\Windows\ativpsrm.bin
2014-12-27 15:57 - 2014-12-27 15:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ATI Problem Report Wizard
2014-12-27 15:56 - 2014-12-27 15:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
2014-12-27 15:56 - 2014-12-27 15:56 - 00000000 ____D () C:\Program Files\Common Files\ATI Technologies
2014-12-27 15:55 - 2010-09-28 17:55 - 00078848 _____ () C:\Windows\system32\atiapfxx.blb
2014-12-27 15:55 - 2010-09-28 17:51 - 00450560 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\ATIDEMGX.dll
2014-12-27 15:55 - 2010-09-28 17:23 - 00058880 _____ (AMD) C:\Windows\system32\coinst.dll
2014-12-27 15:55 - 2010-08-16 02:42 - 00116240 _____ (ATI Technologies, Inc.) C:\Windows\system32\Drivers\AtihdW76.sys
2014-12-27 15:55 - 2010-08-12 07:12 - 00022190 _____ () C:\Windows\atiogl.xml
2014-12-27 15:55 - 2010-06-15 14:28 - 00002857 _____ () C:\Windows\SysWOW64\atipblag.dat
2014-12-27 15:55 - 2010-06-15 14:28 - 00002857 _____ () C:\Windows\system32\atipblag.dat
2014-12-27 15:54 - 2014-12-27 15:57 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies
2014-12-27 15:54 - 2014-12-27 15:56 - 00000000 ____D () C:\Program Files\ATI Technologies
2014-12-27 15:54 - 2014-12-27 15:54 - 00000000 ____D () C:\Program Files\ATI
2014-12-27 15:50 - 2014-12-27 15:50 - 00002328 _____ () C:\Users\Public\Desktop\RNX-N150UBE 11n USB Wireless LAN Utility.lnk
2014-12-27 15:50 - 2014-12-27 15:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RNX-N150UBE 11n USB Wireless LAN Utility
2014-12-27 15:50 - 2014-12-27 15:50 - 00000000 ____D () C:\Program Files (x86)\Cisco
2014-12-27 15:49 - 2014-12-27 15:49 - 00000000 ____D () C:\Program Files (x86)\RNX-N150UBE
2014-12-27 15:49 - 2009-11-11 20:54 - 00676864 ____R (Realtek Semiconductor Corporation ) C:\Windows\system32\Drivers\rtl8192su.sys
2014-12-27 15:49 - 2009-04-02 14:27 - 00188416 ____R (Realtek Semiconductor Corp. ) C:\Windows\system32\RTLExtUI.dll
2014-12-27 15:49 - 2009-04-02 14:27 - 00188416 ____R (Realtek Semiconductor Corp. ) C:\Windows\RTLExtUI.dll
2014-12-27 15:49 - 2009-03-31 18:31 - 00380928 ____R (Realtek) C:\Windows\system32\RtlUI2.exe
2014-12-27 15:49 - 2009-03-31 18:31 - 00380928 ____R (Realtek) C:\Windows\RtlUI2.exe
2014-12-27 15:49 - 2009-02-05 02:49 - 00451072 _____ () C:\Windows\SysWOW64\ISSRemoveSP.exe
2014-12-27 15:49 - 2008-07-01 16:31 - 00614400 ____R (Realtek Semiconductor Corp. ) C:\Windows\system32\Rtlihvs.dll
2014-12-27 15:49 - 2008-07-01 16:31 - 00614400 ____R (Realtek Semiconductor Corp. ) C:\Windows\Rtlihvs.dll
2014-12-27 15:46 - 2014-12-27 15:46 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_iusb3hcs_01009.Wdf
2014-12-27 15:46 - 2012-01-26 09:39 - 00016152 _____ (Intel Corporation) C:\Windows\system32\Drivers\iusb3hcs.sys
2014-12-27 15:45 - 2012-01-26 09:39 - 00787736 _____ (Intel Corporation) C:\Windows\system32\Drivers\iusb3xhc.sys
2014-12-27 15:45 - 2012-01-26 09:39 - 00356120 _____ (Intel Corporation) C:\Windows\system32\Drivers\iusb3hub.sys
2014-12-27 15:44 - 2014-12-27 15:49 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-12-27 15:44 - 2014-12-27 15:45 - 00000189 _____ () C:\Windows\LAN.log
2014-12-27 15:44 - 2014-12-27 15:44 - 00002169 _____ () C:\RHDSetup.log
2014-12-27 15:44 - 2014-12-27 15:44 - 00000206 _____ () C:\Windows\audio.log
2014-12-27 15:44 - 2014-12-27 15:44 - 00000000 ___HD () C:\Program Files (x86)\Temp
2014-12-27 15:44 - 2014-12-27 15:44 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM
2014-12-27 15:44 - 2014-12-27 15:44 - 00000000 ____D () C:\Program Files\Realtek
2014-12-27 15:44 - 2014-12-27 15:44 - 00000000 ____D () C:\Program Files (x86)\Realtek
2014-12-27 15:44 - 2011-12-13 02:27 - 04718952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2014-12-27 15:44 - 2011-12-13 00:58 - 01560168 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2014-12-27 15:44 - 2011-12-13 00:25 - 00200468 _____ () C:\Windows\system32\Drivers\RTAIODAT.DAT
2014-12-27 15:44 - 2011-12-12 19:01 - 01698408 ____R (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll
2014-12-27 15:44 - 2011-12-12 01:20 - 00100456 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2014-12-27 15:44 - 2011-12-09 00:42 - 02684416 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes64.dat
2014-12-27 15:44 - 2011-12-08 01:28 - 01969768 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2014-12-27 15:44 - 2011-12-08 00:27 - 03744872 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO64.dll
2014-12-27 15:44 - 2011-11-22 00:28 - 00014952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
2014-12-27 15:44 - 2011-11-21 19:36 - 02615400 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2014-12-27 15:44 - 2011-11-18 00:40 - 00219752 _____ (Sony Corporation) C:\Windows\system32\SFSS_APO.dll
2014-12-27 15:44 - 2011-10-17 21:55 - 00331880 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2014-12-27 15:44 - 2011-09-29 01:30 - 00646248 _____ (Realtek ) C:\Windows\system32\Drivers\Rt64win7.sys
2014-12-27 15:44 - 2011-09-29 01:30 - 00107552 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RTNUninst64.dll
2014-12-27 15:44 - 2011-09-29 01:30 - 00074272 _____ () C:\Windows\system32\RtNicProp64.dll
2014-12-27 15:44 - 2011-09-01 22:21 - 00221024 _____ (Synopsys, Inc.) C:\Windows\system32\SFNHK64.dll
2014-12-27 15:44 - 2011-09-01 22:21 - 00081248 _____ (Synopsys, Inc.) C:\Windows\system32\SFCOM64.dll
2014-12-27 15:44 - 2011-09-01 22:21 - 00078688 _____ (Synopsys, Inc.) C:\Windows\system32\SFAPO64.dll
2014-12-27 15:44 - 2011-08-23 01:00 - 00603984 _____ (Knowles Acoustics ) C:\Windows\system32\KAAPORT64.dll
2014-12-27 15:44 - 2011-08-05 09:29 - 00527872 _____ (DTS) C:\Windows\system32\DTSU2PLFX64.dll
2014-12-27 15:44 - 2011-08-05 09:29 - 00515584 _____ (DTS) C:\Windows\system32\DTSU2PGFX64.dll
2014-12-27 15:44 - 2011-08-05 09:29 - 00439808 _____ (DTS) C:\Windows\system32\DTSU2PREC64.dll
2014-12-27 15:44 - 2011-07-27 08:55 - 02604376 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib.dll
2014-12-27 15:44 - 2011-07-27 08:55 - 02132824 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ.dll
2014-12-27 15:44 - 2011-07-22 03:35 - 01247848 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2014-12-27 15:44 - 2011-07-07 22:34 - 00065432 _____ (TOSHIBA CORPORATION.) C:\Windows\system32\tepeqapo64.dll
2014-12-27 15:44 - 2011-06-26 22:45 - 03768152 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek.dll
2014-12-27 15:44 - 2011-06-13 19:13 - 00177088 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo264.dll
2014-12-27 15:44 - 2011-05-30 17:42 - 01756264 _____ (DTS) C:\Windows\system32\DTSS2SpeakerDLL64.dll
2014-12-27 15:44 - 2011-05-30 17:42 - 01568360 _____ (DTS) C:\Windows\system32\DTSS2HeadphoneDLL64.dll
2014-12-27 15:44 - 2011-05-30 17:42 - 01486952 _____ (DTS) C:\Windows\system32\DTSBoostDLL64.dll
2014-12-27 15:44 - 2011-05-30 17:42 - 00728680 _____ (DTS) C:\Windows\system32\DTSBassEnhancementDLL64.dll
2014-12-27 15:44 - 2011-05-30 17:42 - 00712296 _____ (DTS) C:\Windows\system32\DTSSymmetryDLL64.dll
2014-12-27 15:44 - 2011-05-30 17:42 - 00693352 _____ (DTS) C:\Windows\system32\DTSVoiceClarityDLL64.dll
2014-12-27 15:44 - 2011-05-30 17:42 - 00491112 _____ (DTS) C:\Windows\system32\DTSNeoPCDLL64.dll
2014-12-27 15:44 - 2011-05-30 17:42 - 00432744 _____ (DTS) C:\Windows\system32\DTSLimiterDLL64.dll
2014-12-27 15:44 - 2011-05-30 17:42 - 00428648 _____ (DTS) C:\Windows\system32\DTSGainCompensatorDLL64.dll
2014-12-27 15:44 - 2011-05-30 17:42 - 00242792 _____ (DTS) C:\Windows\system32\DTSLFXAPO64.dll
2014-12-27 15:44 - 2011-05-30 17:42 - 00242792 _____ (DTS) C:\Windows\system32\DTSGFXAPO64.dll
2014-12-27 15:44 - 2011-05-30 17:42 - 00241768 _____ (DTS) C:\Windows\system32\DTSGFXAPONS64.dll
2014-12-27 15:44 - 2011-05-04 23:24 - 02085440 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2014-12-27 15:44 - 2011-05-01 22:27 - 03308376 _____ (Dolby Laboratories) C:\Windows\system32\R4EEP64A.dll
2014-12-27 15:44 - 2011-05-01 22:27 - 00426328 _____ (Dolby Laboratories) C:\Windows\system32\R4EED64A.dll
2014-12-27 15:44 - 2011-05-01 22:27 - 00136024 _____ (Dolby Laboratories) C:\Windows\system32\R4EEL64A.dll
2014-12-27 15:44 - 2011-05-01 22:27 - 00118104 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA64A.dll
2014-12-27 15:44 - 2011-05-01 22:27 - 00074072 _____ (Dolby Laboratories) C:\Windows\system32\R4EEG64A.dll
2014-12-27 15:44 - 2011-03-16 20:17 - 01361336 _____ (TOSHIBA Corporation) C:\Windows\system32\tosade.dll
2014-12-27 15:44 - 2011-03-07 01:11 - 00148416 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo.dll
2014-12-27 15:44 - 2010-11-28 22:36 - 00702808 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek2.dll
2014-12-27 15:44 - 2010-11-07 15:31 - 00375128 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
2014-12-27 15:44 - 2010-11-07 15:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2014-12-27 15:44 - 2010-11-07 15:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2014-12-27 15:44 - 2010-11-07 15:31 - 00204120 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
2014-12-27 15:44 - 2010-11-07 15:31 - 00101208 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
2014-12-27 15:44 - 2010-11-07 15:31 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
2014-12-27 15:44 - 2010-11-03 02:30 - 00149608 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2014-12-27 15:44 - 2010-10-02 21:46 - 00341336 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO30.dll
2014-12-27 15:44 - 2010-09-26 17:34 - 00318808 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
2014-12-27 15:44 - 2010-07-22 00:48 - 00074064 _____ (Virage Logic Corporation / Sonic Focus) C:\Windows\SysWOW64\SFCOM.dll
2014-12-27 15:44 - 2010-07-22 00:37 - 00200800 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
2014-12-27 15:44 - 2010-05-06 01:34 - 00334680 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVolumeSDAPO.dll
2014-12-27 15:44 - 2009-11-23 17:55 - 00518896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll
2014-12-27 15:44 - 2009-11-23 17:55 - 00211184 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll
2014-12-27 15:44 - 2009-11-23 17:55 - 00198896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll
2014-12-27 15:44 - 2009-11-23 17:55 - 00155888 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll
2014-12-27 15:44 - 2009-11-17 02:12 - 00108960 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
2014-12-27 15:42 - 2014-12-27 15:45 - 00000000 ____D () C:\Program Files (x86)\Intel
2014-12-27 15:42 - 2014-12-27 15:42 - 00000000 ____D () C:\Intel
2014-12-27 15:42 - 2011-12-05 23:55 - 00053248 ____R (Windows XP Bundled build C-Centric Single User) C:\Windows\SysWOW64\CSVer.dll
2014-12-27 15:41 - 2014-12-29 21:46 - 00001154 _____ () C:\Windows\PFRO.log
2014-12-27 15:41 - 2014-12-27 15:41 - 00000000 ____D () C:\Windows\AsusInstAll
2014-12-27 15:40 - 2014-12-29 22:02 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-27 15:40 - 2014-12-29 21:51 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-27 15:40 - 2014-12-27 16:45 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-12-27 15:40 - 2014-12-27 16:45 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-12-27 15:40 - 2014-12-27 16:16 - 00002255 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-27 15:40 - 2014-12-27 16:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-12-27 15:40 - 2014-12-27 16:03 - 00000000 ____D () C:\Users\peeaitcheye\AppData\Local\Google
2014-12-27 15:40 - 2014-12-27 15:46 - 00047448 _____ () C:\Windows\Ascd_log.ini
2014-12-27 15:40 - 2014-12-27 15:46 - 00000000 ____D () C:\Windows\System32\Tasks\ASUS
2014-12-27 15:40 - 2014-12-27 15:40 - 00000000 ____D () C:\Program Files (x86)\Google
2014-12-27 15:39 - 2014-12-27 15:39 - 00016896 _____ (ASUS) C:\Windows\AsTaskSched.dll
2014-12-27 15:39 - 2014-12-27 15:39 - 00000000 ____D () C:\Windows\Chipset
2014-12-27 15:39 - 2011-02-24 22:36 - 00295296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys
2014-12-27 15:38 - 2014-12-27 15:38 - 00034677 _____ () C:\Windows\Ascd_tmp.ini
2014-12-27 15:38 - 2014-12-27 15:38 - 00001769 _____ () C:\Windows\Language_trs.ini
2014-12-27 15:37 - 2014-12-27 15:37 - 00001443 _____ () C:\Users\peeaitcheye\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-12-27 15:37 - 2014-12-27 15:37 - 00001409 _____ () C:\Users\peeaitcheye\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-12-27 15:37 - 2014-12-27 15:37 - 00000000 ____D () C:\Users\peeaitcheye\AppData\Local\VirtualStore
2014-12-27 15:36 - 2014-12-27 16:13 - 00000000 ____D () C:\Users\peeaitcheye
2014-12-27 15:36 - 2014-12-27 15:36 - 00000020 ___SH () C:\Users\peeaitcheye\ntuser.ini
2014-12-27 15:36 - 2009-07-13 20:54 - 00000000 ___RD () C:\Users\peeaitcheye\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-12-27 15:36 - 2009-07-13 20:49 - 00000000 ___RD () C:\Users\peeaitcheye\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-12-27 15:35 - 2014-12-27 15:35 - 00000000 ____D () C:\Recovery
2014-12-27 15:23 - 2014-12-27 15:23 - 00001345 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2014-12-27 15:22 - 2014-12-27 15:22 - 00001326 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2014-12-27 15:22 - 2014-12-27 15:22 - 00001313 _____ () C:\Windows\TSSysprep.log
2014-12-27 15:20 - 2014-12-29 22:00 - 00056423 _____ () C:\Windows\WindowsUpdate.log
2014-12-27 15:17 - 2014-12-27 15:36 - 00000000 ____D () C:\Windows\Panther

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-29 22:02 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-29 22:02 - 2009-07-13 20:51 - 00018799 _____ () C:\Windows\setupact.log
2014-12-29 21:55 - 2009-07-13 20:45 - 00010032 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-29 21:55 - 2009-07-13 20:45 - 00010032 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-29 21:51 - 2009-07-13 21:13 - 00713888 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-28 23:05 - 2009-07-13 21:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-12-28 23:05 - 2009-07-13 19:20 - 00000000 __RHD () C:\Users\Default
2014-12-28 23:04 - 2009-07-13 18:34 - 00000215 _____ () C:\Windows\system.ini
2014-12-28 15:51 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\rescache
2014-12-27 19:39 - 2009-07-13 23:47 - 00000000 ____D () C:\Program Files\Windows Journal
2014-12-27 19:39 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\SysWOW64\winrm
2014-12-27 19:39 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\SysWOW64\WCN
2014-12-27 19:39 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\SysWOW64\slmgr
2014-12-27 19:39 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\SysWOW64\Printing_Admin_Scripts
2014-12-27 19:39 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\winrm
2014-12-27 19:39 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\WCN
2014-12-27 19:39 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\slmgr
2014-12-27 19:39 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\Printing_Admin_Scripts
2014-12-27 19:39 - 2009-07-13 21:32 - 00000000 ____D () C:\Program Files\Windows Sidebar
2014-12-27 19:39 - 2009-07-13 21:32 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
2014-12-27 19:39 - 2009-07-13 21:32 - 00000000 ____D () C:\Program Files\Windows Defender
2014-12-27 19:39 - 2009-07-13 21:32 - 00000000 ____D () C:\Program Files (x86)\Windows Sidebar
2014-12-27 19:39 - 2009-07-13 21:32 - 00000000 ____D () C:\Program Files (x86)\Windows Photo Viewer
2014-12-27 19:39 - 2009-07-13 21:32 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-12-27 19:39 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SysWOW64\MUI
2014-12-27 19:39 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SysWOW64\migwiz
2014-12-27 19:39 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-12-27 19:39 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SysWOW64\com
2014-12-27 19:39 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\sysprep
2014-12-27 19:39 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\oobe
2014-12-27 19:39 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\MUI
2014-12-27 19:39 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\migwiz
2014-12-27 19:39 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-12-27 19:39 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\com
2014-12-27 19:39 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\servicing
2014-12-27 19:39 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-27 19:39 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\IME
2014-12-27 19:39 - 2009-07-13 19:20 - 00000000 ____D () C:\Program Files\Common Files\System
2014-12-27 19:38 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SysWOW64\ro-RO
2014-12-27 19:38 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\ro-RO
2014-12-27 19:37 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\SysWOW64\sysprep
2014-12-27 19:37 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SysWOW64\Setup
2014-12-27 19:37 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SysWOW64\oobe
2014-12-27 19:37 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\Setup
2014-12-27 15:39 - 2009-07-13 21:32 - 00000000 ____D () C:\Windows\system32\restore
2014-12-27 15:35 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\Recovery
2014-12-27 15:22 - 2009-07-13 20:46 - 00001774 _____ () C:\Windows\DtcInstall.log
2014-12-27 15:22 - 2009-07-13 19:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-12-27 15:18 - 2009-07-13 23:46 - 00000000 ____D () C:\Windows\CSC
2014-12-27 15:18 - 2009-07-13 20:45 - 00274320 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-12-27 15:17 - 2009-07-13 21:38 - 00025600 ___SH () C:\Windows\system32\config\BCD-Template.LOG
2014-12-27 15:17 - 2009-07-13 21:32 - 00028672 _____ () C:\Windows\system32\config\BCD-Template
2014-12-27 15:16 - 2009-07-13 20:45 - 00000000 ____D () C:\Windows\Setup

Some content of TEMP:
====================
C:\Users\peeaitcheye\AppData\Local\Temp\libProcessAccess645246098306582258253.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-12-27 17:47

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-12-2014
Ran by peeaitcheye at 2014-12-29 22:03:30
Running from C:\Users\peeaitcheye\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ATI AVIVO64 Codecs (Version: 11.6.0.50930 - ATI Technologies Inc.) Hidden
ATI Catalyst Install Manager (HKLM\...\{4E594F8A-B042-B61D-DADC-08822B630781}) (Version: 3.0.795.0 - ATI Technologies, Inc.)
ATI Problem Report Wizard (Version: 3.0.795.0 - ATI Technologies) Hidden
ccc-core-static (x32 Version: 2010.0930.2237.38732 - ATI) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
HydraVision (x32 Version: 4.2.180.0 - ATI Technologies Inc.) Hidden
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.3.214 - Intel Corporation)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.49.927.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6526 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver and Utility (HKLM-x32\...\{9C049499-055C-4a0c-A916-1D8CA1FF45EB}) (Version: 1.00.0142 - REALTEK Semiconductor Corp.)
Unchecky v0.3.5 (HKLM-x32\...\Unchecky) (Version: 0.3.5 - RaMMicHaeL)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.5.0.0 - Azureus Software, Inc.)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points =========================

27-12-2014 15:39:09 Windows Update
27-12-2014 15:44:41 Installed Realtek Ethernet Controller Driver
27-12-2014 15:49:00 Installed RNX-N150UBE 11n USB Wireless LAN Driver and Utility
27-12-2014 15:55:31 Device Driver Package Install: ATI Technologies Inc. Display adapters
27-12-2014 16:16:03 Windows Update
27-12-2014 19:36:12 Language Pack Removal

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 18:34 - 2014-12-29 22:02 - 00001993 ____A C:\Windows\system32\Drivers\etc\hosts
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
0.0.0.0 cdn.appround.biz
0.0.0.0 cdn.bigspeedpro.com
0.0.0.0 cdn.bispd.com

There are 4 more lines.

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {20888339-8EE2-4ADA-84A8-FC30AAF71E64} - System32\Tasks\ASUS\i-Setup153904 => C:\Windows\Chipset\AsusSetup.exe [2010-09-07] (ASUSTeK Computer Inc.)
Task: {65E61EB1-BA0F-4E21-A358-DD09569ECDE2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-27] (Google Inc.)
Task: {7F4E1D7E-49A3-41C0-A5D5-CE7743E80A1D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-27] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2010-08-04 15:58 - 2010-08-04 15:58 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-09-30 22:36 - 2010-09-30 22:36 - 00270336 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-12-27 15:49 - 2009-12-09 21:20 - 00126976 _____ () C:\Program Files (x86)\RNX-N150UBE\11n USB Wireless LAN Utility\EnumDevLib.dll
2014-12-27 16:08 - 2014-11-26 08:40 - 03758192 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

========================= Accounts: ==========================

Administrator (S-1-5-21-1733408913-109812225-2979640582-500 - Administrator - Disabled)
Guest (S-1-5-21-1733408913-109812225-2979640582-501 - Limited - Disabled)
peeaitcheye (S-1-5-21-1733408913-109812225-2979640582-1000 - Administrator - Enabled) => C:\Users\peeaitcheye

==================== Faulty Device Manager Devices =============

Name: PCI Simple Communications Controller
Description: PCI Simple Communications Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (12/27/2014 10:14:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: tasks.exe, version: 1.0.0.0, time stamp: 0x54997c8f
Faulting module name: KERNELBASE.dll, version: 6.1.7600.16385, time stamp: 0x4a5bdbdf
Exception code: 0xe0434f4d
Fault offset: 0x0000b727
Faulting process id: 0x%9
Faulting application start time: 0xtasks.exe0
Faulting application path: tasks.exe1
Faulting module path: tasks.exe2
Report Id: tasks.exe3

Error: (12/27/2014 03:18:42 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -546.

Error: (12/27/2014 03:18:42 PM) (Source: ESENT) (EventID: 412) (User: )
Description: Catalog Database (520) Catalog Database: Unable to read the header of logfile C:\Windows\system32\CatRoot2\edb.log. Error -546.

Error: (12/27/2014 03:18:42 PM) (Source: ESENT) (EventID: 412) (User: )
Description: Catalog Database (520) Catalog Database: Unable to read the header of logfile C:\Windows\system32\CatRoot2\edb.log. Error -546.

System errors:
=============
Error: (12/29/2014 09:59:33 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (12/29/2014 09:59:20 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (12/29/2014 09:59:18 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (12/29/2014 09:59:15 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (12/29/2014 09:50:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%1053

Error: (12/29/2014 09:50:28 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.

Error: (12/29/2014 09:49:34 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.

Error: (12/29/2014 09:48:56 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.

Error: (12/29/2014 00:25:57 AM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (12/29/2014 00:25:54 AM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Microsoft Office Sessions:
=========================
Error: (12/27/2014 10:14:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: tasks.exe1.0.0.054997c8fKERNELBASE.dll6.1.7600.163854a5bdbdfe0434f4d0000b727

Error: (12/27/2014 03:18:42 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: -546

Error: (12/27/2014 03:18:42 PM) (Source: ESENT) (EventID: 412) (User: )
Description: Catalog Database520Catalog Database: C:\Windows\system32\CatRoot2\edb.log-546

Error: (12/27/2014 03:18:42 PM) (Source: ESENT) (EventID: 412) (User: )
Description: Catalog Database520Catalog Database: C:\Windows\system32\CatRoot2\edb.log-546

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz
Percentage of memory in use: 20%
Total physical RAM: 8145.97 MB
Available physical RAM: 6515.82 MB
Total Pagefile: 16290.09 MB
Available Pagefile: 14337.58 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:244.04 GB) (Free:217.61 GB) NTFS
Drive d: () (Fixed) (Total:488.28 GB) (Free:488.18 GB) NTFS
Drive e: () (Fixed) (Total:1130.59 GB) (Free:1110.44 GB) NTFS
Drive g: (Elements) (Fixed) (Total:1397.26 GB) (Free:425.25 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: C99914E6)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=244 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=488.3 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1130.6 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 1397.3 GB) (Disk ID: 000F86F2)
Partition 1: (Not Active) - (Size=1397.3 GB) - (Type=07 NTFS)

==================== End Of Log ============================

peeaitcheye · Dec 30, 2014

if easier the 4 files are attached

argus · Dec 30, 2014

Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.

Running it on another one may cause damage and render the system unstable.

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

Right-click on

icon and select

Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).
Press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.

Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

Right-click on

icon and select

Run as Administrator to start the tool.
Wait patiently until the main console will appear, it may take a minute or two.

In the main box please paste in the following script:

Code:

createsrpoint;
autoclean;
emptyalltemp;
ipconfig /flushdns;b
emptyfolderscheck;delete

Make sure that Scan All Users option is checked.
Push Run Script and wait patiently. The scan may take a couple of minutes.
When the scan completes, a zoek-results logfile should open in notepad.
If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Post its content into your next reply.

peeaitcheye · Dec 30, 2014

the two files are pasted below and attached:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-12-2014
Ran by peeaitcheye at 2014-12-30 00:16:34 Run:1
Running from C:\Users\peeaitcheye\Desktop
Loaded Profile: peeaitcheye (Available profiles: peeaitcheye)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CloseProcesses:
emptytemp:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1733408913-109812225-2979640582-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Plugin: (Chrome NaCl) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\gcswf32.dll No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

Zoek.exe v5.0.0.0 Updated 28-12-2014
Tool run by peeaitcheye on Tue 12/30/2014 at 0:19:44.83.
Microsoft Windows 7 Professional 6.1.7600 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\peeaitcheye\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

12/30/2014 12:20:23 AM Zoek.exe System Restore Point Created Succesfully.

==== Empty Folders Check ======================

C:\PROGRA~3\Malwarebytes' Anti-Malware (portable) deleted successfully
C:\Users\peeaitcheye\AppData\Local\VirtualStore deleted successfully

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== Batch Command(s) Run By Tool======================

==== Deleting Files \ Folders ======================

C:\PROGRA~3\Malwarebytes' Anti-Malware (portable) not found
"C:\Users\peeaitcheye\AppData\Local\092b24a5009100c0c5fc578f330d5f31" deleted

==== Firefox Extensions ======================

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

==== Chromium Look ======================

Google Voice Search Hotword (Beta) - peeaitcheye\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
Facebook Customizer (by Adblock Plus) - peeaitcheye\AppData\Local\Google\Chrome\User Data\Default\Extensions\deoeenbkoccjaefmmhpmlegngdjohdcm
Chrome AdBlock Plus - peeaitcheye\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbpbdggplehjfceendelhkobogklpngg

==== Chromium Fix ======================

C:\Users\peeaitcheye\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage deleted successfully
C:\Users\peeaitcheye\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage deleted successfully
C:\Users\peeaitcheye\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.audienceinsights.net_0.localstorage deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\peeaitcheye\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\peeaitcheye\AppData\Local\Mozilla\Firefox\Profiles\183bpjzd.default\cache2 emptied successfully

==== Empty Chrome Cache ======================

C:\Users\peeaitcheye\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=5 folders=0 10204 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\peeaitcheye\AppData\Local\Temp will be emptied at reboot
C:\Users\Public\AppData\Local\temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\PEEAIT~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on Tue 12/30/2014 at 0:30:41.60 ======================

argus · Dec 30, 2014

How is the situation now?

peeaitcheye · Dec 30, 2014

the same

still slow and lots of .exe*32 running

argus · Dec 30, 2014

Re-scan FRST.

peeaitcheye · Dec 30, 2014

attached

argus · Dec 30, 2014

Download

Malwarebytes Anti-Rootkit to your desktop.

Double-click the icon to start the tool.
It will ask you where to extract it, then it will start.
Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
Click in the introduction screen "next" to continue.
Click in the following screen "Update" to obtain the latest malware definitions.
Once the update is complete select "Next" and click "Scan".
When the scan is finished and no malware has been found select "Exit".
If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
Open the MBAR folder and paste the content of the following files in your next reply:
- "mbar-log-{date} (xx-xx-xx).txt"
- "system-log.txt"

peeaitcheye · Dec 30, 2014

Malwarebytes Anti-Rootkit BETA 1.08.2.1001
www.malwarebytes.org

Database version: v2014.12.31.01

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
peeaitcheye :: PEEAITCHEYE-PC [administrator]

12/30/2014 6:50:10 PM
mbar-log-2014-12-30 (18-50-10).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 323493
Time elapsed: 8 minute(s), 49 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.08.2.1001

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7600 Windows 7 x64

Account is Administrative

Internet Explorer version: 8.0.7600.16385

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED, G:\ DRIVE_FIXED
CPU speed: 3.400000 GHz
Memory total: 8541671424, free: 6671433728

Downloaded database version: v2014.12.30.02
Downloaded database version: v2014.12.29.02
Downloaded database version: v2014.12.06.01
=======================================
Initializing...
This version of Malwarebytes Anti-Rootkit requires you to completely exit the Malwarebytes Anti-Malware application to continue.
=======================================

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.08.2.1001

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7600 Windows 7 x64

Account is Administrative

Internet Explorer version: 8.0.7600.16385

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED, G:\ DRIVE_FIXED
CPU speed: 3.400000 GHz
Memory total: 8541671424, free: 6937309184

=======================================
Initializing...
------------ Kernel report ------------
12/29/2014 21:56:13
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\DRIVERS\ACPI.sys
\SystemRoot\system32\DRIVERS\WMILIB.SYS
\SystemRoot\system32\DRIVERS\msisadrv.sys
\SystemRoot\system32\DRIVERS\pci.sys
\SystemRoot\system32\DRIVERS\vdrvroot.sys
\SystemRoot\system32\DRIVERS\iusb3hcs.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\DRIVERS\pciide.sys
\SystemRoot\system32\DRIVERS\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\atapi.sys
\SystemRoot\system32\DRIVERS\ataport.SYS
\SystemRoot\system32\DRIVERS\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\vmstorfl.sys
\SystemRoot\system32\DRIVERS\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\iusb3xhc.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\AtihdW76.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\iusb3hub.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\RTL8192su.sys
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\sechost.dll
\Windows\System32\user32.dll
\Windows\System32\clbcatq.dll
\Windows\System32\iertutil.dll
\Windows\System32\Wldap32.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\msvcrt.dll
\Windows\System32\oleaut32.dll
\Windows\System32\comdlg32.dll
\Windows\System32\imm32.dll
\Windows\System32\lpk.dll
\Windows\System32\normaliz.dll
\Windows\System32\shlwapi.dll
\Windows\System32\urlmon.dll
\Windows\System32\difxapi.dll
\Windows\System32\ws2_32.dll
\Windows\System32\ole32.dll
\Windows\System32\shell32.dll
\Windows\System32\advapi32.dll
\Windows\System32\kernel32.dll
\Windows\System32\msctf.dll
\Windows\System32\usp10.dll
\Windows\System32\imagehlp.dll
\Windows\System32\setupapi.dll
\Windows\System32\nsi.dll
\Windows\System32\wininet.dll
\Windows\System32\psapi.dll
\Windows\System32\gdi32.dll
\Windows\System32\devobj.dll
\Windows\System32\KernelBase.dll
\Windows\System32\crypt32.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\wintrust.dll
\Windows\System32\comctl32.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa80089f3620
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000076\
Lower Device Object: 0xfffffa80087e3b70
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa800780c060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP1T0L0-1\
Lower Device Object: 0xfffffa800752e060
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa800780c060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800780cb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800780c060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800743de40, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa800752e060, DeviceName: \Device\Ide\IdeDeviceP1T0L0-1\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: C99914E6

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 204800
Partition file system is NTFS
Partition is bootable

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 206848 Numsec = 511793152

Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 512000000 Numsec = 1024000000

Partition 3 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 1536000000 Numsec = 2371026944

Disk Size: 2000398934016 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa80089f3620, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8008851b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80089f3620, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80087e3b70, DeviceName: \Device\00000076\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: F86F2

Partition information:

Partition 0 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 2930270208

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 1500299395072 bytes
Sector size: 512 bytes

Done!
Scan finished
=======================================

Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.08.2.1001

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7600 Windows 7 x64

Account is Administrative

Internet Explorer version: 8.0.7600.16385

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED, G:\ DRIVE_FIXED
CPU speed: 3.400000 GHz
Memory total: 8541671424, free: 6844055552

Downloaded database version: v2014.12.30.03
Downloaded database version: v2014.12.30.04
Downloaded database version: v2014.12.30.05
Downloaded database version: v2014.12.30.06
Downloaded database version: v2014.12.30.07
Downloaded database version: v2014.12.30.08
Downloaded database version: v2014.12.31.01
Downloaded database version: v2014.12.30.01
=======================================
Initializing...
------------ Kernel report ------------
12/30/2014 18:49:55
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\DRIVERS\ACPI.sys
\SystemRoot\system32\DRIVERS\WMILIB.SYS
\SystemRoot\system32\DRIVERS\msisadrv.sys
\SystemRoot\system32\DRIVERS\pci.sys
\SystemRoot\system32\DRIVERS\vdrvroot.sys
\SystemRoot\system32\DRIVERS\iusb3hcs.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\DRIVERS\pciide.sys
\SystemRoot\system32\DRIVERS\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\atapi.sys
\SystemRoot\system32\DRIVERS\ataport.SYS
\SystemRoot\system32\DRIVERS\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\vmstorfl.sys
\SystemRoot\system32\DRIVERS\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\iusb3xhc.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\AtihdW76.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\iusb3hub.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\RTL8192su.sys
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\wininet.dll
\Windows\System32\kernel32.dll
\Windows\System32\normaliz.dll
\Windows\System32\oleaut32.dll
\Windows\System32\shell32.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\shlwapi.dll
\Windows\System32\lpk.dll
\Windows\System32\iertutil.dll
\Windows\System32\psapi.dll
\Windows\System32\usp10.dll
\Windows\System32\msvcrt.dll
\Windows\System32\setupapi.dll
\Windows\System32\comdlg32.dll
\Windows\System32\advapi32.dll
\Windows\System32\msctf.dll
\Windows\System32\ws2_32.dll
\Windows\System32\ole32.dll
\Windows\System32\gdi32.dll
\Windows\System32\imm32.dll
\Windows\System32\urlmon.dll
\Windows\System32\Wldap32.dll
\Windows\System32\nsi.dll
\Windows\System32\user32.dll
\Windows\System32\sechost.dll
\Windows\System32\difxapi.dll
\Windows\System32\clbcatq.dll
\Windows\System32\imagehlp.dll
\Windows\System32\KernelBase.dll
\Windows\System32\crypt32.dll
\Windows\System32\devobj.dll
\Windows\System32\wintrust.dll
\Windows\System32\comctl32.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa8008bbf790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000078\
Lower Device Object: 0xfffffa80089bdb70
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa800782d060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP1T0L0-1\
Lower Device Object: 0xfffffa8007570060
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa800782d060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800782db90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800782d060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800756e580, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8007570060, DeviceName: \Device\Ide\IdeDeviceP1T0L0-1\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: C99914E6

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 204800
Partition file system is NTFS
Partition is bootable

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 206848 Numsec = 511793152

Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 512000000 Numsec = 1024000000

Partition 3 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 1536000000 Numsec = 2371026944

Disk Size: 2000398934016 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa8008bbf790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8008672b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8008bbf790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80089bdb70, DeviceName: \Device\00000078\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: F86F2

Partition information:

Partition 0 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 2930270208

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 1500299395072 bytes
Sector size: 512 bytes

Done!
Scan finished
=======================================

Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
Removal finished

argus · Dec 31, 2014

System is clean, try here.

http://malwaretips.com/forums/troubleshooting-hardware-questions-and-help.125/

peeaitcheye · Dec 31, 2014

its still really slow and there's all these exe*32 files running

argus · Dec 31, 2014

This is normal, CPU Usage 0%

Maybe a hard drive problem.

peeaitcheye · Dec 31, 2014

Hmm ok. Well thank you for your help!

Solved multiple malware .exe*32 slowing down computer

New Member

Attachments

Former MalwareTips Staff

New Member

New Member

Attachments

Former MalwareTips Staff

Attachments

New Member

Attachments

Former MalwareTips Staff

New Member

Former MalwareTips Staff

New Member

Attachments

Former MalwareTips Staff

New Member

Attachments

Former MalwareTips Staff

New Member

Former MalwareTips Staff

New Member

Similar threads