doveman

Yep, that fixed it. Thanks.

Hi Maurice It's not quite like those, it looks like this: http://s27.postimg.org/h8w9sjyhv/mbam.png I'll try the Net Conf fix anyway.

When I launch MBAM and click Update, it throws up an error about msvcr100.dll and closes when I close the error box. It does seem to have updated next time I launch, as it shows a tick and v2014.03.04.09. If I click Scan Now, it again checks for updates and throws up the same error but if I leave the error box up and click Skip Update, I can proceed with the scan. I noticed I had an older version of msvcr100.dll in system32/ than in the MBAM folder, so I installed vcredist SP1 and the security update and now they're the same version but it hasn't helped. I guess MBAM will use the file in it's folder and not the one in system32/ anyway. I've tried using the clean tool to uninstall MBAM and then reinstall it but that didn't help either. Anyone know how to fix this?

OK, thanks.

Yeah, I'm always the first one to run into problems Having read them a bit more, I have to say I'm a bit concerned by repair items 1 & 2 as it seems to say it will grant every user/group (except Guest) full rights to every registry key and system file. This doesn't sound like how Windows is normally configured as I don't think normal Users have such rights and if they did, surely there wouldn't be much security advantage in running as a User rather than an Administrator would there?

OK, thanks. I decided to test it on my own system first (I unchecked the Reset File Permissions step though, as it says that can take a 'very significant amount of time' and I couldn't have my system unavailable for too long), partly because I wanted to check that so many fixes wouldn't cause unforeseen problems on my brother's system as I don't live near him, so can't just pop over to fix any problems that are hard to fix remotely but also because I've had some problems on my system with Volume Shadow Service and MySQL not installing/working properly (plus ocassional issues with IE but they could be related to plugins or some other third-party software). After restarting, it locked up soon after WIndows finished loading. The mouse cursor wouldn't move and the keyboard couldn't even toggle Capslock and after 10-15mins I realised I had to hard reset. The next time it worked better and the mouse cursor and keyboard were functioning, although it still took 5-10mins before it would actually receive any input, so hopefully it's OK now and if the same thing happens on my brother's system, a second reboot will sort it out but I'm still a bit nervous. I do have the VHD installed on there which I can use for remote access if it goes wrong though and have just made a EaseUS system backup to restore to if necessary, so I guess I don't need to be overly concerned. I just thought you might like to know that it seems it can cause some problems, even if they're only temporary.

Yes, uTorrent has been disabled from running whilst you've been assisting, as per the Forum protocol. I'll certainly look for alternatives without adware like OpenCandy for FreeFileSync, FreeAudioDub (if my brother needs that) and Free Videos to DVD. I'll test if EaseUS ToDo Backup still works if I delete the PxeServer.dll file, as my brother doesn't need to use any network functions in that software. Regarding Portable Windows Repair, I just wanted to confirm that you mean I should uncheck the bottom two Repair Options?

OK, sorry for the delay. Here's the MBAM log: Malwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.orgDatabase version: v2014.03.19.10Windows 7 Service Pack 1 x64 NTFSInternet Explorer 10.0.9200.16844Steve :: STE-PC [administrator]19/03/2014 21:44:57MBAM-log-2014-03-20 (00-04-22).txtScan type: Full scan (C:\|D:\|E:\|F:\|R:\|V:\|)Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 734326Time elapsed: 2 hour(s), 10 minute(s), 53 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 5HKCR\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -> No action taken.HKCU\SOFTWARE\DataMngr_Toolbar (PUP.Optional.DataMngr.A) -> No action taken.HKCU\Software\DataMngr (PUP.Optional.DataMngr.A) -> No action taken.HKCU\Software\BabSolution\Updater (PUP.Optional.Babylon.A) -> No action taken.HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> No action taken.Registry Values Detected: 1HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Data: 0O1O1FtGtCtH1T1M1R1XtGtB -> No action taken.Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 2D:\Download\FreeAudioDub.exe (PUP.Optional.OpenCandy) -> No action taken.D:\Portable Apps\FreeFileSync\$PLUGINSDIR\OCSetupHlp.dll (PUP.Optional.OpenCandy) -> No action taken.(end)He's removed all the registry keys/registry values but we've left the 2 files for now. He needs to use FreeFileSync and I believe OpenCandy is just an adware thing anyway. I'm not sure if he currently has installed or is using FreeAudioDub but probably not or else I guess we'd be seeing other references to OpenCandy in the registry or system partition. ESET has identified these: C:\Program Files (x86)\EaseUS\Todo Backup\bin\PxeServer.dll a variant of Win32/TFTPD32.A potentially unsafe application C:\Program Files (x86)\Free Videos To DVD\Helper.dll a variant of Win32/Toolbar.SearchSuite.P potentially unwanted application C:\Program Files (x86)\uTorrent\uTorrent.exe a variant of Win32/Bunndle potentially unsafe application D:\Download\FreeAudioDub.exe Win32/OpenCandy potentially unsafe application D:\Portable Apps\FreeFileSync\$PLUGINSDIR\OCSetupHlp.dll Win32/OpenCandy potentially unsafe application D:\Portable Apps\RipBot264\Tools\Process\Process.exe Win32/PrcView potentially unsafe application D:\Portable Apps\Utils\MaxxMEM2_preview\MaxxMEM2_preview.exe a variant of Win32/Packed.MultiPacked.N trojan EaseUS looks like it's probably a false positive and has just identified that component allows for TFTP connections. I'll delete MaxxMEM2_preview as he doesn't really need that anyway. I know he uses Free Videos to DVD (I tried about 10 different free programs to do the same thing for him without any adware but all of them had one or more issues, so he's back on that for now), uTorrent, FreeFileSync and RipBot264 occasionally. Besides his Windows Explorer Pinned List/Recents not working correctly, I'm not sure if Windows Updates is either as it's set to Automatically Update but it's showing the notification icon prompting him to update manually, which I imagine shouldn't appear if it's on Automatic. I'll try changing it to manual and back though to see if that fixes it.

Yep, sorry. I told my brother to do the ESET online scan overnight (last night) as it might take a few hours, so hopefully I'll get the logs from him today or else I'll chase him up.

Thanks, resetting the hosts file and the IP/DNS settings to Automatic got it working again Everything seems to be working OK now, with the exception of the taskbar Jump List for Windows Explorer, which apparently has some pre-existing pinned entries missing now and also won't let us pin any new folders to it. I even removed a pinned folder and then tried to re-pin it back but that didn't work. It also doesn't show any Recent items at the moment. I know the Recent list has a default limit of 10, so I'm not sure if there's also a limit for pinned items that he might have reached but from what he's telling me, it's not behaving as it used to. Was there any clue exactly what the virus was and whether it might have done anything else he should be concerned about, such as stealing his passwords? I've re-installed Avast now and enabled the HIPS and Sandbox in Comodo. I also setup a SRP as per this guide http://blog.windowsnt.lv/2011/06/01/preventing-malware-with-srp-english/ but set it to not apply to Administrators and created a new Admin account and changed his normal account to a LUA but then he started getting some errors and some programs couldn't run, even though they were in Program Files which is allowed by the SRP, so I've had to set it back to an Admin account for now and just hope that the security software protects him.

Thanks, this is what we've got now. Still no Internet access (tested with IE in Sandboxie and Iron Portable unsandboxed). I note that FSS.txt shows that Windows Firewall, Action Center, System Restore and Defender were all disabled but that's intentional as he uses Comodo Firewall and EaseUS ToDo Backup instead, although it's probably a good idea to run Defender as well (I do that) but we can reset those once everything is working normally.

Hi Kevin and thanks for offering to help Here's the frst.log: I can see a few dodgy things in there. Group Policy restrictions preventing antivirus software from running. HKU\Steve\...\Run: [arqyjv] - regsvr32.exe /s "C:\ProgramData\arqyjv.dat" S5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] () <===== ATTENTION Necurs Rootkit? I think this might be a false positive as I recall that's a util I installed on his system for unlocking files that Windows or some program doesn't release properly, although it may of course now be infected. Although you haven't asked for it, I already have the RKReport so I might as well post that too:

MBAM from the VHD scanning the infected Windows didn't find anything: --- From VHD: Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2014.03.18.06 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 8.0.7601.17514 Lynne :: RDP-PC [administrator] 18/03/2014 16:23:25 mbam-log-2014-03-18 (16-23-25).txt Scan type: Full scan (Y:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 491787 Time elapsed: 1 hour(s), 40 minute(s), 45 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) --- Whilst the outdated MBAM running from the infected Windows did identify some problems: Database version: v2013.09.02.05 Windows 7 Service Pack 1 x64 NTFS (Safe Mode) Internet Explorer 10.0.9200.16844 Steve :: STE-PC [administrator] 18/03/2014 15:55:30 MBAM-log-2014-03-18 (15-58-41).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 226056 Time elapsed: 2 minute(s), 52 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 5 HKCR\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -> No action taken. HKCU\SOFTWARE\DataMngr_Toolbar (PUP.Optional.DataMngr) -> No action taken. HKCU\Software\DataMngr (PUP.Optional.DataMngr) -> No action taken. HKCU\Software\BabSolution\Updater (PUP.Optional.Babylon.A) -> No action taken. HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> No action taken. Registry Values Detected: 1 HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Data: 0O1O1FtGtCtH1T1M1R1XtGtB -> No action taken. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 1 C:\Users\Steve\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> No action taken. Files Detected: 1 C:\Users\Steve\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> No action taken. --- Even in Safe Mode with Networking there's still no Internet Access, so I can't TeamViewer in and fix anything and my brother will have to reboot to the VHD to upload any diagnostic logs we create. We did manage to uninstall Avast in this mode though, which we couldn't before. I also got him to check there weren't any active Software Restriction Policies in gpedit.msc but that showed none are defined.

I'm running MBAM from the VHD, doing a full scan of the infected Windows partition (mounted as Y:) but I guess I need to be booted into the infected Windows for it to scan the registry but as I can't update MBAM from there, can I copy the database files from the VHD install to the Y: partition? I had a look in the usual folders and couldn't identify anything that looked like a database.

So my brother appears to have picked up a virus that is preventing him doing anything, accessing the Internet, uninstalling software, etc as every time he tries it says the Group Policy does not allow him to and he should contact his System Administrator. It seems it was intermittent for a while and he managed to use Iron Portable to access the Net but now even that doesn't work. He said he updated Avast the other night, although he had an error from that sometime about being unable to access the DNS server so maybe it didn't actually update. Luckily I put a VHD on his system, so I'm booted to that now so that I could download and install/update MBAM and I'm running that scan. I've also downloaded Combofix.exe, dds.scr, OTL.exe, SecurityCheck.exe and tweaking.com_windows_repair_aio.zip, as I can't download anything from the infected Windows but I understand I need to boot into that to run them and I'm not sure I'll be able to. So if someone could advise and assist, that would be much appreciated.

No thanks, the PC's been packed up now.

Yes, as I said uTorrent and emule aren't running, so they are disabled as per your policy. Without any indication from you as to what illegal software you believe is installed, I can't really investigate. I need to pack this PC up and send it off anyway, so I'll have to leave it for now anyway.

uTorrent and eMule are installed but not running. What illegal/cracked software do you believe I have?

Hi Borislav Thanks for offering to help me. Here's the DDS logs as requested. DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16660 BrowserJavaVersion: 10.25.2Run by Steve at 21:33:02 on 2013-09-03Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.7676.4218 [GMT 1:00].SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Program Files\COMODO\COMODO Internet Security\cmdagent.exeC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k GPSvcGroupC:\Program Files\Sandboxie\SbieSvc.exeC:\Program Files\AVAST Software\Avast\AvastSvc.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\Dwm.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Windows\Explorer.EXEC:\Windows\system32\taskhost.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exeC:\Program Files\PhenomMsrTweaker\PhenomMsrTweakerService.exeC:\Program Files\nfsd\pmapd.exeC:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exeC:\Windows\system32\vssvc.exeC:\Program Files\nfsd\nfsd.exeC:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeC:\Program Files\COMODO\COMODO Internet Security\cistray.exeC:\Program Files\Classic Shell\ClassicStartMenu.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Program Files (x86)\DVDFab Passkey\DVDFabPasskey.exeC:\Program Files\PeerBlock\peerblock.exeC:\Program Files\Jitsi\Jitsi.exeC:\Program Files\HWiNFO64\HWiNFO64.EXEC:\Program Files\AVAST Software\Avast\AvastUI.exeC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Users\Steve\AppData\Local\Microsoft\Windows Sidebar\Gadgets\HWiNFOMonitor.gadget\HWiNFOMonitor.exeC:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exeC:\Program Files (x86)\TeamViewer\Version8\tv_w32.exeC:\Program Files (x86)\TeamViewer\Version8\tv_x64.exeC:\Program Files\COMODO\COMODO Internet Security\cavwp.exeC:\Program Files\COMODO\COMODO Internet Security\cis.exeC:\Windows\system32\taskeng.exeC:\Program Files (x86)\Bonjour\mDNSResponder.exeC:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exeC:\Windows\System32\vds.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exeC:\Program Files (x86)\Google\Update\GoogleUpdate.exeC:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exeC:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler64.exeC:\Program Files\MCEBuddy2x\MCEBuddy.Service.exeC:\Program Files (x86)\MPExtended\Service\MPExtended.ServiceHosts.CoreService.exeC:\Program Files (x86)\MPExtended\WebMediaPortal\MPExtended.ServiceHosts.WebMediaPortal.exeC:\Program Files (x86)\IIS Express\iisexpress.exeC:\Program Files (x86)\No-IP\ducservice.exeC:\Windows\system32\sppsvc.exeC:\Program Files\Sandboxie\SbieSvc.exeC:\Program Files\Sandboxie\SandboxieRpcSs.exeC:\Program Files\Sandboxie\SandboxieDcomLaunch.exeC:\Program Files\Sandboxie\SbieCtrl.exeD:\Portable Apps\IronPortable\Iron\iron.exeD:\Portable Apps\IronPortable\Iron\iron.exeD:\Portable Apps\IronPortable\Iron\iron.exeD:\Portable Apps\IronPortable\Iron\iron.exeD:\Portable Apps\IronPortable\Iron\iron.exeD:\Portable Apps\IronPortable\Iron\iron.exeD:\Portable Apps\IronPortable\Iron\iron.exeD:\Portable Apps\IronPortable\Iron\iron.exeC:\Program Files\Sandboxie\SandboxieCrypto.exeC:\Program Files\Sandboxie\32\SbieSvc.exeD:\Portable Apps\IronPortable\Iron\iron.exeD:\Portable Apps\IronPortable\Iron\iron.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.mWinlogon: Userinit = userinit.exe,BHO: ExplorerBHO Class: {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dllBHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dllBHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dllBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dllTB: Classic Explorer Bar: {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dllTB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dlluRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRunuRun: [DVDFab Passkey] "C:\Program Files (x86)\DVDFab Passkey\DVDFabPasskey.exe"uRun: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exeuRun: [Jitsi] C:\Program Files\Jitsi\Jitsi.exeuRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorunmRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /noguiStartupFolder: C:\Users\Steve\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\HWiNFO64.lnk - C:\Program Files\HWiNFO64\HWiNFO64.EXEmPolicies-Explorer: NoActiveDesktop = dword:1mPolicies-Explorer: NoActiveDesktopChanges = dword:1mPolicies-System: ConsentPromptBehaviorAdmin = dword:0mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableLUA = dword:0mPolicies-System: EnableUIADesktopToggle = dword:0mPolicies-System: PromptOnSecureDesktop = dword:0mPolicies-Explorer: NoDriveTypeAutoRun = dword:149IE: LastPass - C:\Users\Steve\AppData\LocalLow\LastPass\context.html?cmd=lastpassIE: LastPass Fill Forms - C:\Users\Steve\AppData\LocalLow\LastPass\context.html?cmd=fillformsIE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dllIE: {64964764-1101-4bbd-8891-B56B1A53B9B3} - {553891B7-A0D5-4526-BE18-D3CE461D6310}TCP: Interfaces\{0FCE7B46-F992-46B3-8A95-131C19CB514C} : NameServer = 178.21.23.150,205.204.88.60SSODL: WebCheck - <orphaned>SEH: DVDIdleShell Class - {93994DE8-8239-4655-B1D1-5F4E91300429} - D:\Portable Apps\DVDFree\DVDShell.dllx64-BHO: ExplorerBHO Class: {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dllx64-BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dllx64-TB: Classic Explorer Bar: {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dllx64-TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dllx64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -sx64-Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cistray.exex64-Run: [Classic Start Menu] C:\Program Files\Classic Shell\ClassicStartMenu.exex64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dllx64-IE: {64964764-1101-4bbd-8891-B56B1A53B9B3} - {553891B7-A0D5-4526-BE18-D3CE461D6310}x64-SSODL: WebCheck - <orphaned>Hosts: 46.246.119.139 status.block.aid============= SERVICES / DRIVERS ===============.R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2012-10-11 82600]R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2012-10-11 42664]R0 asahci64;asahci64;C:\Windows\System32\drivers\asahci64.sys [2012-12-26 52440]R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-8-7 65336]R0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-8-7 189936]R0 EUBAKUP;EUBAKUP;C:\Windows\System32\drivers\eubakup.sys [2013-5-31 59976]R0 EUBKMON;EUBKMON;C:\Windows\System32\drivers\EUBKMON.sys [2013-5-31 48200]R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-8-7 1030952]R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2013-8-7 378944]R1 cmderd;COMODO Internet Security Eradication Driver;C:\Windows\System32\drivers\cmderd.sys [2013-6-18 23168]R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\System32\drivers\cmdguard.sys [2013-6-18 708632]R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\System32\drivers\cmdhlp.sys [2013-6-18 48360]R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-8-31 283064]R1 EUDSKACS;EUDSKACS;C:\Windows\System32\drivers\eudskacs.sys [2013-5-31 18504]R1 EUFDDISK;EUFDDISK;C:\Windows\System32\drivers\EuFdDisk.sys [2013-5-31 189000]R1 HWiNFO32;HWiNFO32/64 Kernel Driver;C:\Windows\System32\drivers\HWiNFO64A.SYS [2013-9-2 31136]R1 RAMDiskVE;RAMDiskVE;C:\Windows\System32\drivers\RAMDiskVE.sys [2013-8-8 86768]R2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2013-8-7 33400]R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-8-7 80816]R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-8-7 46808]R2 EaseUS Agent;EaseUS Agent Service;C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [2013-5-31 68168]R2 Fabs;FABS - Helping agent for MAGIX media database;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2012-1-23 1858048]R2 MCEBuddy2x;MCEBuddy2x;C:\Program Files\MCEBuddy2x\MCEBuddy.Service.exe [2013-4-7 30208]R2 MPExtended Service;MPExtended Service;C:\Program Files (x86)\MPExtended\Service\MPExtended.ServiceHosts.CoreService.exe [2013-7-14 6144]R2 MPExtended WebMediaPortal;MPExtended WebMediaPortal;C:\Program Files (x86)\MPExtended\WebMediaPortal\MPExtended.ServiceHosts.WebMediaPortal.exe [2013-7-14 16384]R2 NFSserver;NFS Server;C:\Program Files\nfsd\nfsd.exe [2013-6-12 224256]R2 NoIPDUCService4;NO-IP DUC v4;C:\Program Files (x86)\No-IP\ducservice.exe [2013-1-24 11264]R2 PhenomMsrTweaker;PhenomMsrTweaker service;C:\Program Files\PhenomMsrTweaker\PhenomMsrTweakerService.exe [2010-6-3 188416]R2 PMAPDaemon;SunRPC Portmap Daemon;C:\Program Files\nfsd\pmapd.exe [2013-6-12 124416]R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-8-22 4308320]R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2013-5-31 46136]R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2012-11-8 139592]R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2012-11-8 418632]R3 dvdfab;dvdfab;C:\Windows\System32\drivers\dvdfab.sys [2013-6-29 79232]R3 HCW99BDA;Hauppauge Nova-DT Dual DVB-T Tuner;C:\Windows\System32\drivers\hcw99bda.sys [2009-9-2 147968]R3 hcw99rc;Hauppauge Nova-DT IR Driver;C:\Windows\System32\drivers\hcw99rc.sys [2009-9-2 12800]R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2013-4-26 128200]R3 pbfilter;pbfilter;C:\Program Files\PeerBlock\pbfilter.sys [2013-6-12 24176]R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2013-8-19 200432]R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2013-7-11 58536]R3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Program Files\PhenomMsrTweaker\WinRing0x64.sys [2010-6-3 14544]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 123856]S3 cmdvirth;COMODO Virtual Service Manager;C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2013-6-18 158936]S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2011-4-26 2702848]S3 Guard Agent;Guard Agent Service;C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe [2013-5-31 23624]S3 MonitorFunction;Driver for Monitor;C:\Windows\System32\drivers\TVMonitor.sys [2013-6-28 16376]S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-5-31 19456]S3 rspLLL;rspLLL;C:\Windows\System32\drivers\rspLLL64.sys [2013-6-26 23968]S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2011-4-12 88960]S3 teamviewervpn;TeamViewer VPN Adapter;C:\Windows\System32\drivers\teamviewervpn.sys [2013-6-10 35112]S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2013-5-31 29696]S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-5-31 57856]S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-5-31 30208]S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2011-4-12 117248]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-5-31 1255736]S4 AcrylicController;Acrylic DNS Proxy Service;C:\Program Files (x86)\Acrylic DNS Proxy\AcrylicService.exe [2013-8-20 508928]S4 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-11-16 238080]S4 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-11-16 361984]S4 dnscrypt-proxy;dnscrypt-proxy;C:\DNSCrypt\dnscrypt-proxy.exe [2013-6-26 401920]S4 MPstandbyHandlerService;MPstandbyHandlerService;C:\Tools\MPStandbyHandler\MPstandbyHandlerService.exe [2013-8-8 29696]S4 Power Triggers;Power Triggers Service;C:\Program Files (x86)\Derek Smith\Power Triggers\PowerTriggersService.exe [2013-2-5 10240]S4 TVService;TVService;C:\Program Files (x86)\Team MediaPortal\MediaPortal TV Server\TvService.exe [2013-8-6 241664].=============== File Associations ===============.FileExt: .txt: Notepad++_file="C:\Program Files (x86)\Notepad++\notepad++.exe" "%1"FileExt: .ini: Notepad++_file="C:\Program Files (x86)\Notepad++\notepad++.exe" "%1".=============== Created Last 30 ================.2013-09-02 17:29:46 31136 ----a-w- C:\Windows\System32\drivers\HWiNFO64A.SYS2013-09-02 17:29:01 -------- d-----w- C:\Program Files\HWiNFO642013-09-01 11:15:45 -------- d-----w- C:\Users\Steve\AppData\Local\OCCT_-_Ocbase_-_Adrien_Me2013-08-31 20:03:12 283064 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys2013-08-31 20:03:09 -------- d-----w- C:\Users\Steve\AppData\Roaming\DAEMON Tools Lite2013-08-31 20:03:07 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Lite2013-08-31 20:02:33 -------- d-----w- C:\ProgramData\DAEMON Tools Lite2013-08-30 18:39:49 2128 ----a-w- C:\880GMH_U3S3_Default 1.bin2013-08-30 18:39:44 2128 ----a-w- C:\880GMH_U3S3_Overclock 3_36G.bin2013-08-30 14:24:27 -------- d-----w- C:\Users\Steve\Heaven2013-08-29 22:37:46 -------- d-----w- C:\Program Files\PhenomMsrTweaker2013-08-29 14:38:11 -------- d-----w- C:\Program Files (x86)\7-Zipa2013-08-27 19:09:14 -------- d-----w- C:\ProgramData\Genie92013-08-27 17:59:31 -------- d-----w- C:\Program Files (x86)\Derek Smith2013-08-26 15:30:45 -------- d-----w- C:\Program Files (x86)\dumps2013-08-26 15:30:22 -------- d-----w- C:\Program Files (x86)\Common Files\Steam2013-08-26 15:30:21 -------- d-----w- C:\Program Files (x86)\Steam2013-08-26 15:27:14 -------- d-----w- C:\Windows\SysWow64\directx2013-08-25 18:04:41 -------- d-----w- C:\Users\Steve\AppData\Local\ElevatedDiagnostics2013-08-25 16:39:36 -------- d-----w- C:\Program Files (x86)\Acrylic DNS Proxy2013-08-21 12:48:35 -------- d-----w- C:\ProgramData\backup2013-08-21 12:39:49 -------- d-----w- C:\ProgramData\explauncher2013-08-21 12:39:47 -------- d-----w- C:\ProgramData\launcher2013-08-21 12:24:32 -------- d-----w- C:\Program Files (x86)\Paragon Software2013-08-21 11:11:05 -------- d-----w- C:\Users\Steve\AppData\Roaming\PDAppFlex2013-08-21 11:01:16 -------- d-----w- C:\ProgramData\regid.1986-12.com.adobe2013-08-21 04:57:14 -------- d-----w- C:\Users\Steve\AppData\Roaming\Dropbox2013-08-21 03:21:10 -------- d-----w- C:\Users\Steve\AppData\Roaming\HandBrake2013-08-21 03:19:03 -------- d-----w- C:\Program Files\Handbrake2013-08-21 03:03:06 -------- d-----w- C:\Program Files (x86)\AviSynth 2.52013-08-21 03:02:38 -------- d-----w- C:\Program Files (x86)\Haali2013-08-21 02:54:48 92672 ----a-w- C:\Windows\SysWow64\MagUIInter.dll2013-08-21 02:54:48 55808 ----a-w- C:\Windows\SysWow64\MagPCMac.dll2013-08-21 02:54:48 536652 ----a-w- C:\Windows\SysWow64\ASAudioHD.ax2013-08-21 02:54:48 35328 ----a-w- C:\Windows\SysWow64\MagCore.dll2013-08-21 02:54:48 285184 ----a-w- C:\Windows\SysWow64\MagUIEngine.dll2013-08-21 02:54:47 490496 ----a-w- C:\Windows\SysWow64\madFlac.ax2013-08-21 02:54:47 258048 ----a-w- C:\Windows\SysWow64\libFLAC.dll2013-08-21 02:54:47 106496 ----a-w- C:\Windows\SysWow64\checkactivate.dll2013-08-21 02:54:46 70656 ----a-w- C:\Windows\SysWow64\yv12vfw.dll2013-08-21 02:54:46 417792 ----a-w- C:\Windows\SysWow64\FLVSplitter.ax2013-08-21 02:45:06 498176 ----a-w- C:\Windows\System32\drivers\afd.sys2013-08-21 02:45:00 81920 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadcs.dll2013-08-21 01:12:31 -------- d-----w- C:\Users\Steve\AppData\Local\EMU2013-08-21 00:59:13 -------- d--h--w- C:\Windows\PIF2013-08-20 19:32:28 1700352 ----a-w- C:\Windows\SysWow64\gdiplus.dll2013-08-20 19:32:28 1060864 ----a-w- C:\Windows\SysWow64\mfc71.dll2013-08-20 19:14:29 -------- d-----w- C:\Program Files (x86)\SpeedFan2013-08-20 00:33:33 -------- d-----w- C:\Program Files (x86)\Geeks3D2013-08-18 14:58:33 -------- d-----w- C:\Users\Steve\AppData\Local\Adobe2013-08-15 15:08:08 -------- d-----w- C:\Program Files (x86)\MPC-HC2013-08-15 12:09:23 -------- d-----w- C:\Users\Steve\AppData\Roaming\Mp3tag2013-08-15 12:09:15 -------- d-----w- C:\Program Files (x86)\Mp3tag2013-08-15 01:56:10 -------- d-----w- C:\Users\Steve\AppData\Roaming\WinBatch2013-08-15 01:12:41 -------- d-----w- C:\Windows\64467D47FFE44FBCABBAA0DB829A17EB.TMP2013-08-15 00:53:16 -------- d-----w- C:\Windows\SysWow64\AGEIA2013-08-14 23:49:28 -------- d-----w- C:\Windows\45235788142C44BE8A4DDDE9A84492E5.TMP2013-08-14 23:49:24 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard2013-08-14 23:49:21 310728 ----a-w- C:\Windows\System32\drivers\atksgt.sys2013-08-14 23:48:11 81920 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe2013-08-14 23:48:11 73728 ----a-w- C:\Windows\SysWow64\ISUSPM.cpl2013-08-14 23:48:11 512000 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\UpdateService\agent.exe2013-08-14 23:48:11 385024 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\UpdateService\_ispmres.dll2013-08-14 23:48:11 368640 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\UpdateService\_isusres.dll2013-08-14 23:48:11 221184 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe2013-08-14 23:48:11 217088 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISDM.exe2013-08-14 23:47:39 749568 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll2013-08-14 23:47:39 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll2013-08-14 23:47:39 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe2013-08-14 23:47:39 274432 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll2013-08-14 23:47:39 192644 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll2013-08-14 23:47:39 180224 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll2013-08-14 23:47:38 323716 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll2013-08-14 23:35:38 -------- d-----w- C:\Windows\SysWow64\Extensions2013-08-14 23:35:37 -------- d-----w- C:\Windows\SysWow64\searchplugins2013-08-14 19:24:39 -------- d-----w- C:\ProgramData\PreSonus2013-08-14 19:24:38 -------- d-----w- C:\Users\Steve\AppData\Roaming\PreSonus2013-08-14 19:24:13 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys2013-08-14 19:23:59 -------- d-----w- C:\Program Files\PreSonus2013-08-14 17:18:05 -------- d-----w- C:\Program Files\CryptSync2013-08-14 15:35:00 -------- d-----w- C:\Program Files\Jitsi2013-08-14 14:50:07 -------- d-----w- C:\Symbols2013-08-14 12:59:44 -------- d-----w- C:\Program Files\MediaInfo2013-08-13 18:09:03 2048 ----a-w- C:\Windows\SysWow64\tzres.dll2013-08-13 18:09:03 2048 ----a-w- C:\Windows\System32\tzres.dll2013-08-13 17:26:33 -------- d-----w- C:\Users\Steve\AppData\Local\Chromium2013-08-13 16:30:17 -------- d-----w- C:\Program Files (x86)\SRWare Iron2013-08-12 13:00:57 -------- d-----w- C:\Users\Steve\AppData\Roaming\Genie92013-08-12 12:50:37 -------- d-----w- C:\tc2013-08-12 12:48:14 -------- d-----w- C:\Users\Steve\AppData\Local\realtech_VR2013-08-12 12:43:59 -------- d-----w- C:\Program Files (x86)\realtech VR2013-08-10 16:04:50 -------- d-----w- C:\Users\Steve\AppData\Roaming\Ableton2013-08-10 15:58:02 -------- d-----w- C:\Program Files\Common Files\Propellerhead Software2013-08-10 15:57:14 -------- d-----w- C:\ProgramData\Ableton2013-08-10 15:41:21 -------- d-----w- C:\Users\Steve\AppData\Roaming\MAGIX2013-08-10 15:36:04 -------- d-----w- C:\Users\Steve\AppData\Local\Magix2013-08-10 15:36:02 -------- d-----w- C:\Users\Steve\AppData\Local\Xara2013-08-10 15:35:25 -------- d-----w- C:\Program Files (x86)\Common Files\MAGIX Shared2013-08-10 15:33:58 -------- d-----w- C:\ProgramData\MAGIX2013-08-10 15:33:56 -------- d-----w- C:\Program Files (x86)\Common Files\MAGIX Services2013-08-10 15:33:48 -------- d-----w- C:\Program Files (x86)\MSXML 4.02013-08-10 15:24:11 -------- d-----w- C:\Users\Steve\AppData\Local\WM Recorder2013-08-10 15:22:59 -------- d-----w- C:\Users\Steve\AppData\Roaming\WM Recorder2013-08-10 15:22:58 -------- d-----w- C:\Program Files (x86)\WMR142013-08-10 15:11:08 -------- d-----w- C:\Users\Steve\AppData\Roaming\Digiarty2013-08-10 15:11:08 -------- d-----w- C:\Program Files (x86)\Digiarty2013-08-09 10:30:21 -------- d-----w- C:\Users\Steve\AppData\Roaming\DigitalDJ172013-08-09 10:30:12 -------- d-----w- C:\Users\Steve\AppData\Roaming\SongManager2013-08-09 10:30:07 -------- d-----w- C:\Program Files (x86)\ASIO4ALL v22013-08-09 10:28:29 -------- d-----w- C:\Program Files (x86)\MAGIX2013-08-09 10:19:57 773968 ----a-w- C:\Windows\SysWow64\msvcr100.dll2013-08-09 10:19:53 421200 ----a-w- C:\Windows\SysWow64\msvcp100.dll2013-08-09 10:19:52 -------- d-----w- C:\Program Files (x86)\XYLIO2013-08-09 10:14:32 -------- d-----w- C:\Users\Steve\AppData\Local\SKIDROW2013-08-09 10:09:03 -------- d-----w- C:\Program Files (x86)\VirtualDJ2013-08-08 22:09:28 -------- d-----w- C:\Users\Steve\AppData\Local\GOOGLE2013-08-08 21:56:43 -------- d-----w- C:\Program Files (x86)\ASRock Utility2013-08-08 21:52:58 216064 ----a-w- C:\Windows\SysWow64\gcapi_dll.dll2013-08-08 21:15:14 -------- d-----w- C:\ProgramData\Acon Digital2013-08-08 21:15:12 -------- d-----w- C:\Program Files (x86)\Acon Digital2013-08-08 21:13:37 -------- d-----w- C:\Program Files\VstPlugIns2013-08-08 20:19:06 -------- d-----w- C:\Program Files (x86)\ALCATech2013-08-08 14:31:47 -------- d-----w- C:\Users\Steve\AppData\Local\MPstandbyHandlerGui2013-08-08 14:30:16 -------- d-----w- C:\ProgramData\MPstandbyHandler2013-08-08 12:03:12 86768 ----a-w- C:\Windows\System32\drivers\RAMDiskVE.sys2013-08-08 12:03:05 -------- d-----w- C:\Users\Steve\AppData\Local\Dataram_Corporation2013-08-08 12:03:00 -------- d-----w- C:\Program Files (x86)\Radeon RAMDisk2013-08-07 14:20:44 72016 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys2013-08-07 14:20:43 1030952 ----a-w- C:\Windows\System32\drivers\aswSnx.sys2013-08-07 14:20:42 189936 ----a-w- C:\Windows\System32\drivers\aswVmm.sys2013-08-07 14:20:41 80816 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys2013-08-07 14:20:41 65336 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys2013-08-07 14:20:30 41664 ----a-w- C:\Windows\avastSS.scr2013-08-07 12:15:54 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation2013-08-06 16:09:54 -------- d-----w- C:\Users\Steve\AppData\Roaming\FileBot2013-08-05 15:24:17 -------- d-----w- C:\Users\Steve\AppData\Local\MPUrlSourceSplitter2013-08-05 14:54:33 -------- d-----w- C:\Users\Steve\AppData\Roaming\WinFF2013-08-05 14:54:31 -------- d-----w- C:\Program Files\WinFF2013-08-05 14:33:08 -------- d-----w- C:\Users\Steve\AppData\Roaming\mkvtoolnix2013-08-05 14:13:38 -------- d-----w- C:\Users\Steve\AppData\Local\Mozilla.==================== Find3M ====================.2013-09-02 21:20:27 409600 --sha-w- C:\EUMONBMP.SYS2013-08-18 15:01:08 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2013-08-18 15:01:08 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2013-08-12 12:49:48 15251968 ----a-w- C:\Program Files (x86)\Common Files\lpuninstall.exe2013-08-10 15:50:55 120200 ----a-w- C:\Windows\SysWow64\DLLDEV32i.dll2013-07-26 05:13:37 2241024 ----a-w- C:\Windows\System32\wininet.dll2013-07-26 05:12:08 3958784 ----a-w- C:\Windows\System32\jscript9.dll2013-07-26 05:12:04 136704 ----a-w- C:\Windows\System32\iesysprep.dll2013-07-26 05:12:03 67072 ----a-w- C:\Windows\System32\iesetup.dll2013-07-26 03:35:08 2706432 ----a-w- C:\Windows\System32\mshtml.tlb2013-07-26 03:13:24 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll2013-07-26 03:12:04 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll2013-07-26 03:12:00 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll2013-07-26 03:12:00 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll2013-07-26 02:49:14 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb2013-07-26 02:39:38 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe2013-07-26 01:59:38 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe2013-07-25 09:25:54 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL2013-07-25 08:57:27 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL2013-07-16 18:54:02 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll2013-07-16 18:54:02 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll2013-07-16 18:54:02 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll2013-07-09 05:54:22 1732032 ----a-w- C:\Windows\System32\ntdll.dll2013-07-09 05:53:12 243712 ----a-w- C:\Windows\System32\wow64.dll2013-07-09 05:52:52 224256 ----a-w- C:\Windows\System32\wintrust.dll2013-07-09 05:51:16 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll2013-07-09 05:46:20 184320 ----a-w- C:\Windows\System32\cryptsvc.dll2013-07-09 05:46:20 1472512 ----a-w- C:\Windows\System32\crypt32.dll2013-07-09 05:46:20 139776 ----a-w- C:\Windows\System32\cryptnet.dll2013-07-09 04:53:47 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll2013-07-09 04:52:33 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll2013-07-09 04:52:33 5120 ----a-w- C:\Windows\SysWow64\wow32.dll2013-07-09 04:52:10 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll2013-07-09 04:46:31 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll2013-07-09 04:46:31 1166848 ----a-w- C:\Windows\SysWow64\crypt32.dll2013-07-09 04:46:31 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll2013-07-09 04:45:07 44032 ----a-w- C:\Windows\apppatch\acwow64.dll2013-07-09 02:49:42 25600 ----a-w- C:\Windows\SysWow64\setup16.exe2013-07-09 02:49:41 7680 ----a-w- C:\Windows\SysWow64\instnm.exe2013-07-09 02:49:39 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll2013-07-09 02:49:38 2048 ----a-w- C:\Windows\SysWow64\user.exe2013-07-08 20:59:52 708632 ----a-w- C:\Windows\System32\drivers\cmdguard.sys2013-07-08 05:22:06 5554624 ----a-w- C:\Windows\System32\ntoskrnl.exe2013-07-08 05:12:34 43520 ----a-w- C:\Windows\System32\csrsrv.dll2013-07-08 05:11:21 34304 ----a-w- C:\Windows\System32\appidsvc.dll2013-07-08 05:11:20 6656 ----a-w- C:\Windows\System32\apisetschema.dll2013-07-08 05:11:20 58368 ----a-w- C:\Windows\System32\appidapi.dll2013-07-08 05:08:20 3973056 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe2013-07-08 05:08:20 3918272 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe2013-07-08 04:59:25 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll2013-07-08 04:59:25 50688 ----a-w- C:\Windows\SysWow64\appidapi.dll2013-07-08 03:31:13 148480 ----a-w- C:\Windows\System32\appidpolicyconverter.exe2013-07-08 03:31:10 61440 ----a-w- C:\Windows\System32\drivers\appid.sys2013-07-08 03:31:06 17920 ----a-w- C:\Windows\System32\appidcertstorecheck.exe2013-07-08 02:50:41 112640 ----a-w- C:\Windows\System32\smss.exe2013-07-06 05:20:38 1900992 ----a-w- C:\Windows\System32\drivers\tcpip.sys2013-07-06 05:20:34 376768 ----a-w- C:\Windows\System32\drivers\netio.sys2013-07-06 05:20:30 288192 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS2013-07-03 16:04:23 1002728 ----a-w- C:\Windows\System32\WinUSBCoInstaller2.dll2013-06-18 15:16:10 48360 ----a-w- C:\Windows\System32\drivers\cmdhlp.sys2013-06-18 15:16:08 23168 ----a-w- C:\Windows\System32\drivers\cmderd.sys2013-06-18 15:15:50 43216 ----a-w- C:\Windows\System32\cmdcsr.dll2013-06-18 15:15:48 437688 ----a-w- C:\Windows\System32\guard64.dll2013-06-18 15:15:48 348584 ----a-w- C:\Windows\SysWow64\guard32.dll2013-06-18 15:15:40 45784 ----a-w- C:\Windows\System32\cmdkbd64.dll2013-06-18 15:15:40 344792 ----a-w- C:\Windows\System32\cmdvrt64.dll2013-06-18 15:15:36 40664 ----a-w- C:\Windows\SysWow64\cmdkbd32.dll2013-06-18 15:15:36 278232 ----a-w- C:\Windows\SysWow64\cmdvrt32.dll2013-06-15 04:32:16 39936 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys2013-06-10 19:29:46 147968 ----a-w- C:\Windows\System32\drivers\hcw99bda.sys2013-06-10 19:29:46 12800 ----a-w- C:\Windows\System32\drivers\hcw99rc.sys2013-06-10 19:12:43 28192 ----a-w- C:\Windows\System32\drivers\nebvideo-amd64.sys2013-06-10 19:12:43 18592 ----a-w- C:\Windows\System32\drivers\nebaudio-amd64.sys2013-06-06 06:24:07 16376 ----a-w- C:\Windows\System32\drivers\TVMonitor.sys2013-06-06 06:24:06 35112 ----a-w- C:\Windows\System32\drivers\teamviewervpn.sys.============= FINISH: 21:34:22.72 =============== .UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 7 Ultimate Boot Device: \Device\HarddiskVolume1Install Date: 31/05/2013 16:18:49System Uptime: 03/09/2013 21:26:28 (0 hours ago).Motherboard: ASRock | | 880GMH/U3S3Processor: AMD Athlon II X4 630 Processor | CPUSocket | 2800/200mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 50 GiB total, 20.75 GiB free.D: is FIXED (NTFS) - 882 GiB total, 384.445 GiB free.E: is CDROM ()F: is FIXED (NTFS) - 75 GiB total, 74.31 GiB free.R: is FIXED (FAT32) - 1 GiB total, 0.941 GiB free.V: is CDROM ().==== Disabled Device Manager Items =============.Class GUID: {4d36e96c-e325-11ce-bfc1-08002be10318}Description: ATI HDMI AudioDevice ID: HDAUDIO\FUNC_01&VEN_1002&DEV_791A&SUBSYS_00791A00&REV_1000\5&1E531151&0&0001Manufacturer: RealtekName: ATI HDMI AudioPNP Device ID: HDAUDIO\FUNC_01&VEN_1002&DEV_791A&SUBSYS_00791A00&REV_1000\5&1E531151&0&0001Service: RTHDMIAzAudService.==== System Restore Points ===================.No restore point in system..==== Installed Programs ======================.7-Zip 9.20 (x64 edition)Ableton Live 9 SuiteAcon Digital Restoration Suite (64 bit) version 1.0.1Acoustica Premium Edition 6.0Adobe Flash Player 11 ActiveXAdobe Flash Player 11 PluginAdobe Photoshop CCAgent Ransack 2010 (64-bit)Alcatech BPM Studio Professional v4.9.1AMD Catalyst Install ManagerAMD FuelAMD Media Foundation DecodersAMD VISION Engine Control CenterAmnesia - The Dark Descent Ant Movie CatalogAshampoo Burning Studio 2013 v.11.0.6ASIO4ALLAsmedia ASM104x USB 3.0 Host Controller DriverAsmedia ASM106x SATA Host Controller DriverASRock eXtreme Tuner v0.1.351µTorrentavast! Free AntivirusAviSynth 2.5Black Mirror 3Blade RunnerBonjourBurnAware Free 6.4Catalyst Control Center - BrandingCatalyst Control Center Graphics Previews CommonCatalyst Control Center Localization Allccc-utility64CCC Help Chinese StandardCCC Help Chinese TraditionalCCC Help CzechCCC Help DanishCCC Help DutchCCC Help EnglishCCC Help FinnishCCC Help FrenchCCC Help GermanCCC Help GreekCCC Help HungarianCCC Help ItalianCCC Help JapaneseCCC Help KoreanCCC Help NorwegianCCC Help PolishCCC Help PortugueseCCC Help RussianCCC Help SpanishCCC Help SwedishCCC Help ThaiCCC Help TurkishCCleanerCDBurnerXPClassic ShellCOMODO FirewallCompatibility Pack for the 2007 Office systemCPUID CPU-Z 1.65.0CryptSyncCutePDF Writer 3.0DAEMON Tools LiteDracula OriginDropboxDVD Flick 1.3.0.7DVD Shrink 3.2DVDFab Passkey 8.1.0.3 (03/09/2013)DVDStyler v2.3EaseUS Todo Backup Free 6.0eMuleEraser 6.0.9.2343Exact Audio Copy 1.0beta3FileBotFirebird SQL Server - MAGIX Editionfoobar2000 v1.2.6Foxit ReaderFree Videos To DVD V 4.0.0FutureDecks DJ pro 3.6.0.0Geeks3D FurMark 1.11.0Genie Timelineget_iplayer 4.6Ghost PiratesGIMP 2.8.6Google EarthGoogle Update HelperHaali Media SplitterHandBrake 0.9.9.1haneWIN NFS Server 1.2.9HWiNFO64 Version 4.22IIS 7.5 ExpressImgBurnInfraRecorder 0.53 (x64 edition)Java 7 Update 25Java Auto UpdaterJitsiKits Configuration InstallerLastPass(uninstall only)LatencyMon 5.00Link Shell ExtensionMAGIX Content and SoundpoolsMAGIX Music Maker 2013 PremiumMAGIX Music Maker 2013 Trial SoundpoolsMAGIX Speed burnR (MSI)MAGIX Video Pro X5Malwarebytes Anti-Malware version 1.75.0.1300MCEBuddy 2.3MediaInfo 0.7.64MediaMonkey 4.0MediaPortalMediaPortal TV Server / ClientMicrosoft .NET Framework 4.5Microsoft Office Excel ViewerMicrosoft Office Word Viewer 2003Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2005 Redistributable (x64)Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219Mp3tag v2.57MPC-HC 1.6.8MPExtended ServiceMPExtended WebMediaPortalMSXML 4.0 SP3 ParserMSXML 4.0 SP3 Parser (KB2758694)MySQL Server 5.1No-IP DUCNotepad++NVIDIA GAME System Software 2.8.1NVIDIA PhysXPDF Settings CCPeerBlock 1.1 (r518)PhenomMsrTweakerPinball FX2Plex Media ServerPower TriggersPreSonus Studio One 2 x64Qualcomm Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet DriverRadeon RAMDiskRealtek HDMI Audio Driver for ATIRealtek High Definition Audio DriverRobin Hood - The Legend of SherwoodSandboxie 4.05.06 (64-bit)Security Update for Microsoft .NET Framework 4.5 (KB2737083)Security Update for Microsoft .NET Framework 4.5 (KB2742613)Security Update for Microsoft .NET Framework 4.5 (KB2789648)Security Update for Microsoft .NET Framework 4.5 (KB2804582)Security Update for Microsoft .NET Framework 4.5 (KB2833957)Security Update for Microsoft .NET Framework 4.5 (KB2840642v2)Sherlock Holmes versus Jack the RipperSketchUp 8SteamTales of Monkey IslandTeamViewer 8Text-To-Speech-RuntimeThe 11th HourThe 7th GuestThe Testament of Sherlock HolmesTreeSize Professional 3.21Unlocker 1.9.2Update for Microsoft .NET Framework 4.5 (KB2750147)Update for Microsoft .NET Framework 4.5 (KB2805221)Update for Microsoft .NET Framework 4.5 (KB2805226)VideoReDo TVSuite Version 4.20.7.629VirtualDJ Home FREEVLC media player 2.0.8Wallace and Gromit Grand AdventuresWindows Driver Package - EventGhost Emprex MCE USB (01/25/2010 1.0.2.0)Windows Software Development KitWindows Software Development Kit EULAWinFF 1.5 (Codename EMMA)WinX DVD Ripper Platinum 7.2.0WM RecorderWorms Crazy GolfWPT RedistributablesWPTx64X64 Debuggers And ToolsXBMCxrecode II 1.0.0.202.==== End Of File ===========================

OK, it's booted OK into normal mode this time. HwInfo did get stuck and I had to kill it, which it doesn't normally do (it takes a long while to finish loading though and seems to wait for everything else to load before continuing) but I did have a scheduled backup that ran on boot, so maybe that was interfering with it.

OK, the full scan only found the following additional items: Files Detected: 4C:\Program Files (x86)\XYLIO\FutureDecksDJpro\futuredecks.exe (Trojan.Banker) -> No action taken.D:\$RECYCLE.BIN\S-1-5-21-4142153632-2294863933-3660688552-1000\$RZ22QZG.exe (PUP.Optional.OpenCandy) -> No action taken.D:\Portable Apps\FreeFileSync\$PLUGINSDIR\OCSetupHlp.dll (PUP.Optional.OpenCandy) -> No action taken.C:\Users\Steve\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> No action taken. I'll go and see if I can reboot in normal mode with HwInfo disabled from Autostarting, as that's what was loading at the time it locked up but that could of course just have been a result of something else and not the cause.

Hi I've just fixed a problem on my other PC with the help of MrCharlie and now I appear to have picked up something on this PC! It hung after it had booted into Windows whilst it was still loading apps and I couldn't even Ctrl-Alt-Del so had to reset and boot into Safe Mode. From the Eventlog I can see DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server:{D3DCB472-7261-43CE-924B-0704BD730D5F}and DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server:{1BE1F766-5536-11D1-B726-00C04FB926AF}but that's in Safe Mode and I don't see that error from the "normal" boot that locked up. Googling those errors led me to various posts about malware though, which is why I'm here. I'm not certain it's infected but it was working fine when it was last on a couple of days ago. I did a quick scan with MBAM and it showed a few things (I didn't remove them yet and will wait for instructions): Malwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.orgDatabase version: v2013.09.02.05Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)Internet Explorer 10.0.9200.16660Steve :: STE-PC [administrator]02/09/2013 17:14:11MBAM-log-2013-09-02 (17-17-14).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 221418Time elapsed: 2 minute(s), 36 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 5HKCR\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -> No action taken.HKCU\SOFTWARE\DataMngr_Toolbar (PUP.Optional.DataMngr) -> No action taken.HKCU\Software\DataMngr (PUP.Optional.DataMngr) -> No action taken.HKCU\Software\BabSolution\Updater (PUP.Optional.Babylon.A) -> No action taken.HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> No action taken.Registry Values Detected: 1HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Data: 0O1O1FtGtCtH1T1M1R1XtGtB -> No action taken.Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 1C:\Users\Steve\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> No action taken.Files Detected: 1C:\Users\Steve\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> No action taken.(end)I'm doing a full scan now to see if that shows anything that might have caused any infection. It seems I can't download anything in Safe Mode, so if I can't boot into Normal Mode I'll have to download any programs on my other PC and copy them over.

Thanks, that's good to hear. Here's the Security Check log. Results of screen317's Security Check version 0.99.73 Windows 7 Service Pack 1 x64 (UAC is disabled!) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Disabled! avast! Antivirus Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 Java 7 Update 25 Adobe Flash Player 11.8.800.94 ````````Process Check: objlist.exe by Laurent```````` Comodo Firewall cmdagent.exe AVAST Software Avast AvastSvc.exe AVAST Software Avast AvastUI.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 10% ````````````````````End of Log``````````````````````

OK, I think ComboFix finished without any problems. Here's the log ComboFix 13-08-27.02 - Main 28/08/2013 0:34.1.4 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.16348.13556 [GMT 1:00] Running from: c:\users\Main\Desktop\ComboFix.exe AV: Outpost Security Suite *Disabled/Updated* {ECEA6BCD-A007-0BC7-D5A5-0254DCBD816E} FW: Outpost Security Suite *Enabled* {D4D1EAE8-EA68-0A9F-FEFA-AB61226EC615} SP: Outpost Security Suite *Disabled/Updated* {578B8A29-863D-0449-EF15-3926A73ACBD3} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Main\AppData\Local\assembly\tmp . . ((((((((((((((((((((((((( Files Created from 2013-07-27 to 2013-08-27 ))))))))))))))))))))))))))))))) . . 2013-08-27 23:44 . 2013-08-27 23:44 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D82EA183-3CC2-4106-A68D-1CA66464F2DF}\offreg.dll 2013-08-27 23:42 . 2013-08-27 23:42 -------- d-----w- c:\users\Remote\AppData\Local\temp 2013-08-27 23:42 . 2013-08-27 23:42 -------- d-----w- c:\users\Main\AppData\Local\temp 2013-08-27 23:42 . 2013-08-27 23:42 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-08-27 18:55 . 2013-08-27 19:50 -------- d-----w- C:\FRST 2013-08-27 18:13 . 2013-08-27 19:50 -------- d-----w- C:\AdwCleaner 2013-08-27 15:43 . 2013-08-27 18:22 -------- d-----w- c:\program files\Google 2013-08-21 09:17 . 2013-08-21 09:17 -------- d-----w- c:\users\Main\AppData\Local\Team_360h 2013-08-19 14:49 . 2013-08-19 14:49 283064 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys 2013-08-19 14:49 . 2013-08-19 14:49 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite 2013-08-18 20:51 . 2013-08-18 20:57 -------- d-----w- c:\users\Main\AppData\Local\Deployment 2013-08-18 15:40 . 2013-08-18 15:40 -------- d-----w- c:\program files (x86)\ESET 2013-08-18 15:35 . 2013-08-18 15:35 -------- d-----w- c:\users\Main\AppData\Roaming\Malwarebytes 2013-08-18 15:35 . 2013-08-18 15:35 -------- d-----w- c:\programdata\Malwarebytes 2013-08-18 15:35 . 2013-08-18 15:35 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2013-08-18 15:35 . 2013-04-04 13:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-08-17 23:12 . 2013-08-18 00:01 -------- d-----w- c:\programdata\WarThunder 2013-08-17 23:12 . 2013-08-17 23:12 -------- d-----w- c:\users\Main\AppData\Local\WarThunder 2013-08-17 11:40 . 2013-08-17 11:40 -------- d-----w- c:\users\Main\AppData\Roaming\SIX Networks 2013-08-17 11:40 . 2013-08-19 20:17 -------- d-----w- c:\users\Main\AppData\Local\SIX Networks 2013-08-17 10:01 . 2013-08-17 10:01 -------- d-----w- c:\program files\Jitsi 2013-08-16 23:50 . 2013-08-16 23:50 -------- d-----w- c:\users\Main\AppData\Local\Take On Helicopters 2013-08-16 14:18 . 2013-08-16 14:18 -------- d-----w- c:\programdata\Actual Tools 2013-08-15 02:25 . 2013-07-19 01:58 2048 ----a-w- c:\windows\system32\tzres.dll 2013-08-15 02:24 . 2013-06-15 04:32 39936 ----a-w- c:\windows\system32\drivers\tssecsrv.sys 2013-08-15 02:24 . 2013-07-06 06:03 1910208 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-08-13 00:17 . 2013-08-13 00:18 -------- d-----w- c:\program files (x86)\get_iplayer 2013-08-13 00:17 . 2013-08-13 00:17 -------- d-----w- c:\programdata\get_iplayer 2013-08-13 00:01 . 2013-08-13 21:05 -------- d-----w- c:\users\Main\.get_iplayer 2013-08-12 22:07 . 2013-08-12 22:08 -------- d-----w- c:\users\Main\AppData\Roaming\CUERipper 2013-08-12 13:53 . 2013-08-12 13:53 -------- d-----w- c:\users\Main\AppData\Roaming\EAC 2013-08-12 13:53 . 2013-08-12 13:53 -------- d-----w- c:\users\Main\AppData\Roaming\AccurateRip 2013-08-12 13:53 . 2013-08-12 13:53 -------- d-----w- c:\program files (x86)\Exact Audio Copy 2013-08-12 13:46 . 2013-08-12 13:46 -------- d-----w- c:\users\Main\AppData\Local\CUE Tools 2013-08-12 13:39 . 2013-08-12 20:19 -------- d-----w- c:\users\Main\AppData\Roaming\CUE Tools 2013-08-12 12:43 . 2013-08-12 12:43 -------- d-----w- c:\users\Main\AppData\Local\realtech_VR 2013-08-12 12:40 . 2013-08-12 13:29 -------- d-----w- c:\program files (x86)\realtech VR 2013-08-12 00:26 . 2013-08-12 00:27 -------- d-----w- c:\users\Main\AppData\Local\Adobe 2013-08-10 13:04 . 2013-08-10 13:04 -------- d-----w- c:\users\Main\AppData\Roaming\HD Tune Pro 2013-08-10 13:03 . 2013-08-25 19:29 -------- d-----w- c:\users\Main\AppData\Roaming\Jitsi 2013-08-10 00:52 . 2013-08-10 00:52 -------- d-----w- c:\program files (x86)\TeamViewer 2013-08-09 03:02 . 2013-08-09 11:00 -------- d-----w- c:\users\Main\AppData\Local\QuickPar 2013-08-09 03:02 . 2013-08-09 03:02 -------- d-----w- c:\program files (x86)\QuickPar 2013-08-09 01:15 . 2013-08-09 01:15 -------- d-----w- c:\users\Main\AppData\Local\MediaMonkey 2013-08-09 01:15 . 2013-08-13 01:41 -------- d-----w- c:\users\Main\AppData\Roaming\MediaMonkey 2013-08-09 01:15 . 2013-08-09 01:15 -------- d-----w- c:\programdata\MediaMonkey 2013-08-09 01:15 . 2013-08-09 01:15 -------- d-----w- c:\program files (x86)\MediaMonkey 2013-08-08 15:43 . 2013-08-20 18:42 -------- d-----w- c:\users\Main\AppData\Local\HWiNFOMonitor 2013-08-08 13:56 . 2013-08-08 13:56 -------- d-----w- c:\users\Main\AppData\Local\NeoSmart_Technologies 2013-08-04 22:53 . 2013-06-09 20:59 216064 ----a-w- c:\windows\SysWow64\gcapi_dll.dll 2013-08-04 22:53 . 2013-08-04 22:53 -------- d-----w- c:\program files (x86)\Foxit Software 2013-08-02 21:04 . 2013-08-02 21:04 -------- d-----w- c:\programdata\Seeing Machines 2013-08-02 21:04 . 2013-08-02 21:04 -------- d-----w- c:\users\Main\AppData\Roaming\Seeing Machines 2013-08-02 18:21 . 2013-08-12 14:02 -------- d-----w- c:\users\Main\AppData\Roaming\HandBrake 2013-08-02 18:19 . 2013-08-13 02:45 -------- d-----w- c:\users\Main\AppData\Roaming\Broad Intelligence 2013-08-02 18:19 . 2013-08-13 02:45 -------- d-----w- c:\program files (x86)\MediaCoder 2013-08-02 18:16 . 2013-08-02 18:17 -------- d-----w- c:\program files (x86)\Handbrake 2013-08-02 15:19 . 2013-08-02 15:19 -------- d-----w- C:\VTRoot 2013-08-02 15:18 . 2013-08-02 15:18 -------- d-----w- c:\programdata\Vitalwerks 2013-08-02 13:07 . 2013-08-02 13:08 -------- d-----w- c:\program files (x86)\FreeTrack 2013-08-02 12:14 . 2013-08-02 12:15 -------- d-s---w- c:\programdata\Shared Space 2013-08-02 12:14 . 2013-08-02 12:14 -------- d-----w- c:\program files\COMODO 2013-08-02 12:14 . 2013-08-02 12:15 -------- d-----w- c:\programdata\Comodo 2013-08-02 11:31 . 2013-08-02 11:31 -------- d-----w- c:\programdata\Comodo Downloader 2013-08-02 00:47 . 2013-08-02 00:47 -------- d-----w- c:\users\Main\AppData\Roaming\.mono 2013-08-02 00:47 . 2013-08-02 00:47 -------- d-----w- c:\users\Main\AppData\Local\UWebKit 2013-08-01 14:53 . 2013-08-16 16:59 -------- d-----w- c:\users\Main\AppData\Local\ElevatedDiagnostics 2013-08-01 00:40 . 2013-08-01 00:40 -------- d-----w- c:\users\Main\AppData\Roaming\BANDISOFT 2013-08-01 00:40 . 2013-08-01 00:40 -------- d-----w- c:\program files (x86)\Bandicam 2013-08-01 00:40 . 2013-08-01 00:40 -------- d-----w- c:\program files (x86)\BandiMPEG1 2013-07-31 22:58 . 2013-07-31 22:59 -------- d-----w- c:\program files\VolMouse 2013-07-31 22:42 . 2013-07-31 22:42 -------- d-----w- c:\program files (x86)\AutoIt3 2013-07-29 15:17 . 2013-07-29 15:17 -------- d-----w- c:\program files (x86)\Code Laboratories 2013-07-29 15:10 . 2012-10-15 08:08 15104 ----a-w- c:\windows\system32\drivers\vjoy.sys 2013-07-29 13:02 . 2013-07-29 13:02 -------- d-----w- c:\program files (x86)\Abbequerque Inc . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-08-12 00:27 . 2013-07-10 01:11 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-08-12 00:27 . 2012-01-10 01:41 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-08-06 21:58 . 2013-07-11 13:13 15251968 ----a-w- c:\program files (x86)\Common Files\lpuninstall.exe 2013-07-13 12:10 . 2013-07-13 12:10 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2013-07-13 12:10 . 2013-07-13 12:10 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll 2013-07-13 12:10 . 2013-07-13 12:10 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-07-10 00:40 . 2013-07-10 00:40 97280 ----a-w- c:\windows\system32\mshtmled.dll 2013-07-10 00:40 . 2013-07-10 00:40 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2013-07-10 00:40 . 2013-07-10 00:40 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll 2013-07-10 00:40 . 2013-07-10 00:40 81408 ----a-w- c:\windows\system32\icardie.dll 2013-07-10 00:40 . 2013-07-10 00:40 77312 ----a-w- c:\windows\system32\tdc.ocx 2013-07-10 00:40 . 2013-07-10 00:40 762368 ----a-w- c:\windows\system32\ieapfltr.dll 2013-07-10 00:40 . 2013-07-10 00:40 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2013-07-10 00:40 . 2013-07-10 00:40 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll 2013-07-10 00:40 . 2013-07-10 00:40 62976 ----a-w- c:\windows\system32\pngfilt.dll 2013-07-10 00:40 . 2013-07-10 00:40 61952 ----a-w- c:\windows\SysWow64\tdc.ocx 2013-07-10 00:40 . 2013-07-10 00:40 599552 ----a-w- c:\windows\system32\vbscript.dll 2013-07-10 00:40 . 2013-07-10 00:40 523264 ----a-w- c:\windows\SysWow64\vbscript.dll 2013-07-10 00:40 . 2013-07-10 00:40 52224 ----a-w- c:\windows\system32\msfeedsbs.dll 2013-07-10 00:40 . 2013-07-10 00:40 51200 ----a-w- c:\windows\system32\imgutil.dll 2013-07-10 00:40 . 2013-07-10 00:40 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2013-07-10 00:40 . 2013-07-10 00:40 48640 ----a-w- c:\windows\system32\mshtmler.dll 2013-07-10 00:40 . 2013-07-10 00:40 452096 ----a-w- c:\windows\system32\dxtmsft.dll 2013-07-10 00:40 . 2013-07-10 00:40 441856 ----a-w- c:\windows\system32\html.iec 2013-07-10 00:40 . 2013-07-10 00:40 38400 ----a-w- c:\windows\SysWow64\imgutil.dll 2013-07-10 00:40 . 2013-07-10 00:40 361984 ----a-w- c:\windows\SysWow64\html.iec 2013-07-10 00:40 . 2013-07-10 00:40 281600 ----a-w- c:\windows\system32\dxtrans.dll 2013-07-10 00:40 . 2013-07-10 00:40 27648 ----a-w- c:\windows\system32\licmgr10.dll 2013-07-10 00:40 . 2013-07-10 00:40 270848 ----a-w- c:\windows\system32\iedkcs32.dll 2013-07-10 00:40 . 2013-07-10 00:40 247296 ----a-w- c:\windows\system32\webcheck.dll 2013-07-10 00:40 . 2013-07-10 00:40 235008 ----a-w- c:\windows\system32\url.dll 2013-07-10 00:40 . 2013-07-10 00:40 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll 2013-07-10 00:40 . 2013-07-10 00:40 226304 ----a-w- c:\windows\system32\elshyph.dll 2013-07-10 00:40 . 2013-07-10 00:40 216064 ----a-w- c:\windows\system32\msls31.dll 2013-07-10 00:40 . 2013-07-10 00:40 197120 ----a-w- c:\windows\system32\msrating.dll 2013-07-10 00:40 . 2013-07-10 00:40 185344 ----a-w- c:\windows\SysWow64\elshyph.dll 2013-07-10 00:40 . 2013-07-10 00:40 173568 ----a-w- c:\windows\system32\ieUnatt.exe 2013-07-10 00:40 . 2013-07-10 00:40 167424 ----a-w- c:\windows\system32\iexpress.exe 2013-07-10 00:40 . 2013-07-10 00:40 158720 ----a-w- c:\windows\SysWow64\msls31.dll 2013-07-10 00:40 . 2013-07-10 00:40 1509376 ----a-w- c:\windows\system32\inetcpl.cpl 2013-07-10 00:40 . 2013-07-10 00:40 150528 ----a-w- c:\windows\SysWow64\iexpress.exe 2013-07-10 00:40 . 2013-07-10 00:40 149504 ----a-w- c:\windows\system32\occache.dll 2013-07-10 00:40 . 2013-07-10 00:40 144896 ----a-w- c:\windows\system32\wextract.exe 2013-07-10 00:40 . 2013-07-10 00:40 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2013-07-10 00:40 . 2013-07-10 00:40 1400416 ----a-w- c:\windows\system32\ieapfltr.dat 2013-07-10 00:40 . 2013-07-10 00:40 138752 ----a-w- c:\windows\SysWow64\wextract.exe 2013-07-10 00:40 . 2013-07-10 00:40 13824 ----a-w- c:\windows\system32\mshta.exe 2013-07-10 00:40 . 2013-07-10 00:40 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2013-07-10 00:40 . 2013-07-10 00:40 136192 ----a-w- c:\windows\system32\iepeers.dll 2013-07-10 00:40 . 2013-07-10 00:40 135680 ----a-w- c:\windows\system32\IEAdvpack.dll 2013-07-10 00:40 . 2013-07-10 00:40 12800 ----a-w- c:\windows\SysWow64\mshta.exe 2013-07-10 00:40 . 2013-07-10 00:40 12800 ----a-w- c:\windows\system32\msfeedssync.exe 2013-07-10 00:40 . 2013-07-10 00:40 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll 2013-07-10 00:40 . 2013-07-10 00:40 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe 2013-07-10 00:40 . 2013-07-10 00:40 102912 ----a-w- c:\windows\system32\inseng.dll 2013-07-10 00:37 . 2013-07-10 00:37 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-07-10 00:37 . 2013-07-10 00:37 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-07-10 00:37 . 2013-07-10 00:37 648192 ----a-w- c:\windows\system32\d3d10level9.dll 2013-07-10 00:37 . 2013-07-10 00:37 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll 2013-07-10 00:37 . 2013-07-10 00:37 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2013-07-10 00:37 . 2013-07-10 00:37 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll 2013-07-10 00:37 . 2013-07-10 00:37 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2013-07-10 00:37 . 2013-07-10 00:37 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll 2013-07-10 00:37 . 2013-07-10 00:37 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll 2013-07-10 00:37 . 2013-07-10 00:37 465920 ----a-w- c:\windows\system32\WMPhoto.dll 2013-07-10 00:37 . 2013-07-10 00:37 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll 2013-07-10 00:37 . 2013-07-10 00:37 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll 2013-07-10 00:37 . 2013-07-10 00:37 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll 2013-07-10 00:37 . 2013-07-10 00:37 3928064 ----a-w- c:\windows\system32\d2d1.dll 2013-07-10 00:37 . 2013-07-10 00:37 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll 2013-07-10 00:37 . 2013-07-10 00:37 363008 ----a-w- c:\windows\system32\dxgi.dll 2013-07-10 00:37 . 2013-07-10 00:37 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll 2013-07-10 00:37 . 2013-07-10 00:37 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll 2013-07-10 00:37 . 2013-07-10 00:37 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll 2013-07-10 00:37 . 2013-07-10 00:37 333312 ----a-w- c:\windows\system32\d3d10_1core.dll 2013-07-10 00:37 . 2013-07-10 00:37 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll 2013-07-10 00:37 . 2013-07-10 00:37 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll 2013-07-10 00:37 . 2013-07-10 00:37 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll 2013-07-10 00:37 . 2013-07-10 00:37 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll 2013-07-10 00:37 . 2013-07-10 00:37 296960 ----a-w- c:\windows\system32\d3d10core.dll 2013-07-10 00:37 . 2013-07-10 00:37 293376 ----a-w- c:\windows\SysWow64\dxgi.dll 2013-07-10 00:37 . 2013-07-10 00:37 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll 2013-07-10 00:37 . 2013-07-10 00:37 2565120 ----a-w- c:\windows\system32\d3d10warp.dll 2013-07-10 00:37 . 2013-07-10 00:37 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll 2013-07-10 00:37 . 2013-07-10 00:37 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll 2013-07-10 00:37 . 2013-07-10 00:37 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll 2013-07-10 00:37 . 2013-07-10 00:37 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll 2013-07-10 00:37 . 2013-07-10 00:37 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll 2013-07-10 00:37 . 2013-07-10 00:37 221184 ----a-w- c:\windows\system32\UIAnimation.dll 2013-07-10 00:37 . 2013-07-10 00:37 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll 2013-07-10 00:37 . 2013-07-10 00:37 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll 2013-07-10 00:37 . 2013-07-10 00:37 1988096 ----a-w- c:\windows\SysWow64\d3d10warp.dll 2013-07-10 00:37 . 2013-07-10 00:37 194560 ----a-w- c:\windows\system32\d3d10_1.dll 2013-07-10 00:37 . 2013-07-10 00:37 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll 2013-07-10 00:37 . 2013-07-10 00:37 1682432 ----a-w- c:\windows\system32\XpsPrint.dll 2013-07-10 00:37 . 2013-07-10 00:37 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll 2013-07-10 00:37 . 2013-07-10 00:37 1238528 ----a-w- c:\windows\system32\d3d10.dll 2013-07-10 00:37 . 2013-07-10 00:37 1175552 ----a-w- c:\windows\system32\FntCache.dll 2013-07-10 00:37 . 2013-07-10 00:37 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll 2013-07-10 00:37 . 2013-07-10 00:37 1080832 ----a-w- c:\windows\SysWow64\d3d10.dll . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [-] 2011-02-25 . E589BCD6041786C5E38E2D223C24C193 . 680960 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.17514_none_ecc547376ae3a1a3\termsrv.dll [-] 2011-02-25 . E589BCD6041786C5E38E2D223C24C193 . 680960 . . [6.1.7601.17514] .. c:\windows\system32\termsrv.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShareOverlay] @="{594D4122-1F87-41E2-96C7-825FB4796516}" [HKEY_CLASSES_ROOT\CLSID\{594D4122-1F87-41E2-96C7-825FB4796516}] 2011-08-19 22:13 505344 ----a-w- c:\program files\Classic Shell\ClassicExplorer32.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Xpadder"="c:\program files (x86)\Xpadder\Xpadder.exe" [2012-05-10 1165824] "RadeonPro"="c:\program files (x86)\RadeonPro\RadeonPro.exe" [2013-04-13 2195072] "SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2013-07-25 759384] "Actual Multiple Monitors"="c:\program files (x86)\Actual Multiple Monitors\ActualMultipleMonitorsCenter.exe" [2013-04-13 1735472] "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-08-01 3673696] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816] "Razer Synapse"="c:\program files (x86)\Razer\Synapse\RzSynapse.exe" [2013-06-21 610152] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "AOD"="c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe" [2013-03-28 361984] . c:\users\Main\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Arma & DCS - Vol 10 on Joy7 and MB5 (for VAC).ahk.lnk - e:\data\Main\My Documents\AutoHotKey\Arma & DCS - Vol 10 on Joy7 and MB5 (for VAC).ahk [2013-1-14 2414] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Install LastPass IE RunOnce.lnk - c:\program files (x86)\Common Files\lpuninstall.exe -p -name=LastPass -ffuuid support@lastpass.com [2013-7-11 15251968] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . R0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys;c:\windows\SYSNATIVE\DRIVERS\vmci.sys [x] R2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R3 ALSysIO;ALSysIO;c:\temp\Main\ALSysIO64.sys;c:\temp\Main\ALSysIO64.sys [x] R3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x] R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x] R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x] R3 cmdvirth;COMODO Virtual Service Manager;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe [x] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x] R3 HCW99BDA;Hauppauge Nova-DT Dual DVB-T Tuner;c:\windows\system32\Drivers\hcw99bda.sys;c:\windows\SYSNATIVE\Drivers\hcw99bda.sys [x] R3 hcw99rc;Hauppauge Nova-DT IR Driver;c:\windows\system32\Drivers\hcw99rc.sys;c:\windows\SYSNATIVE\Drivers\hcw99rc.sys [x] R3 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\temp\Main\HWiNFO64A.SYS;c:\temp\Main\HWiNFO64A.SYS [x] R3 NTIOLib_1_0_1;NTIOLib_1_0_1;c:\program files (x86)\MSI\ControlCenter\NTIOLib_X64.sys;c:\program files (x86)\MSI\ControlCenter\NTIOLib_X64.sys [x] R3 RAMDiskVE;RAMDiskVE;c:\windows\system32\Drivers\RAMDiskVE.sys;c:\windows\SYSNATIVE\Drivers\RAMDiskVE.sys [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 rspLLL;rspLLL;c:\windows\system32\DRIVERS\rspLLL64.sys;c:\windows\SYSNATIVE\DRIVERS\rspLLL64.sys [x] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x] R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x] R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x] R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x] R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x] R4 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x] R4 TVService;TVService;c:\program files (x86)\Team MediaPortal\MediaPortal TV Server\TVService.exe;c:\program files (x86)\Team MediaPortal\MediaPortal TV Server\TVService.exe [x] S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x] S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x] S0 aswRvrt;aswRvrt; [x] S0 aswVmm;aswVmm; [x] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys;c:\windows\SYSNATIVE\DRIVERS\cmderd.sys [x] S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys;c:\windows\SYSNATIVE\DRIVERS\cmdguard.sys [x] S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys;c:\windows\SYSNATIVE\DRIVERS\cmdhlp.sys [x] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x] S1 SoftPerfectVirtualVolume;SoftPerfect RAM Disk;c:\program files\SoftPerfect RAM Disk\spvve.sys;c:\program files\SoftPerfect RAM Disk\spvve.sys [x] S1 spvdbus;SoftPerfect Virtual Disk;c:\windows\system32\DRIVERS\spvdbus.sys;c:\windows\SYSNATIVE\DRIVERS\spvdbus.sys [x] S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x] S2 NFSserver;NFS Server;c:\program files\nfsd\nfsd.exe;c:\program files\nfsd\nfsd.exe [x] S2 NoIPDUCService4;NO-IP DUC v4;c:\program files (x86)\No-IP\ducservice.exe;c:\program files (x86)\No-IP\ducservice.exe [x] S2 PMAPDaemon;SunRPC Portmap Daemon;c:\program files\nfsd\pmapd.exe;c:\program files\nfsd\pmapd.exe [x] S2 RadeonPro Support Service;RadeonPro Support Service;c:\program files (x86)\RadeonPro\RadeonProSupport.exe;c:\program files (x86)\RadeonPro\RadeonProSupport.exe [x] S2 RzMaelstromVADStreamingService;Razer Surround Audio Service;c:\programdata\Razer\Synapse\Devices\Razer Surround\Driver\RzMaelstromVADStreamingService.exe;c:\programdata\Razer\Synapse\Devices\Razer Surround\Driver\RzMaelstromVADStreamingService.exe [x] S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x] S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x] S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x] S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] S3 RZMAELSTROMVADService;Razer Surround Audio Enhancer Service;c:\windows\system32\drivers\RzMaelstromVAD.sys;c:\windows\SYSNATIVE\drivers\RzMaelstromVAD.sys [x] S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - ATAPI [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}] start [bU] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2013-05-09 08:58 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\HardLinkMenu] @="{0A479751-02BC-11d3-A855-0004AC2568AA}" [HKEY_CLASSES_ROOT\CLSID\{0A479751-02BC-11d3-A855-0004AC2568AA}] 2011-06-24 06:03 456704 ----a-w- c:\program files\LinkShellExtension\HardlinkShellExt.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOverlayHardLink] @="{0A479751-02BC-11d3-A855-0004AC2568DD}" [HKEY_CLASSES_ROOT\CLSID\{0A479751-02BC-11d3-A855-0004AC2568DD}] 2011-06-24 06:03 456704 ----a-w- c:\program files\LinkShellExtension\HardlinkShellExt.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOverlaySymbolicLink] @="{0A479751-02BC-11d3-A855-0004AC2568EE}" [HKEY_CLASSES_ROOT\CLSID\{0A479751-02BC-11d3-A855-0004AC2568EE}] 2011-06-24 06:03 456704 ----a-w- c:\program files\LinkShellExtension\HardlinkShellExt.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShareOverlay] @="{594D4122-1F87-41E2-96C7-825FB4796516}" [HKEY_CLASSES_ROOT\CLSID\{594D4122-1F87-41E2-96C7-825FB4796516}] 2011-08-19 22:14 629248 ----a-w- c:\program files\Classic Shell\ClassicExplorer64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1873256] "Classic Start Menu"="c:\program files\Classic Shell\ClassicStartMenu.exe" [2011-08-19 98304] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2013-05-27 7188552] "RAMDiskForWorkstations"="c:\program files\SoftPerfect RAM Disk\RAMDiskWS.exe" [2013-05-31 3452536] "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cistray.exe" [2013-07-08 1502424] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: LastPass - file://c:\users\Main\AppData\LocalLow\LastPass\context.html?cmd=lastpass IE: LastPass Fill Forms - file://c:\users\Main\AppData\LocalLow\LastPass\context.html?cmd=fillforms TCP: Interfaces\{817618A9-4A37-4E16-891A-D240E0B77342}: NameServer = 178.21.23.150,8.8.8.8 . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKLM-Run-<NO NAME> - (no file) AddRemove-MediaPortal TV Server - c:\program files (x86)\Team MediaPortal\MediaPortal TV Server\uninstall-tve3.exe AddRemove-MPTagThat - c:\program files (x86)\Team MediaPortal\MPTagThat\uninstall.exe AddRemove-{1146E8F3-4057-4F46-B39C-D18AB4BB1523}_is1 - d:\games\Deus Ex - Human Revolution\unins000.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files\AVAST Software\Avast\AvastSvc.exe c:\windows\SysWOW64\PnkBstrA.exe c:\program files (x86)\AutoHotkey\AutoHotkey.exe c:\users\Main\AppData\Local\Microsoft\Windows Sidebar\Gadgets\HWiNFOMonitor.gadget\HWiNFOMonitor.exe . ************************************************************************** . Completion time: 2013-08-28 00:51:14 - machine was rebooted ComboFix-quarantined-files.txt 2013-08-27 23:51 . Pre-Run: 6,275,166,208 bytes free Post-Run: 6,570,192,896 bytes free . - - End Of File - - 3BE8585821EF7BCCC8C02D4A7591C14A 51083A7868D0AA3AC3719C3B0A90D973