Jump to content

Dumplet

Members
 View Profile  See their activity

  • Posts

    7

  • Joined

  • Last visited

 Content Type 

Posts posted by Dumplet

    GPU on 99 Load, suspect discreet gpu miner

    in Resolved Malware Removal Logs

    Posted

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-01-2015

    Ran by Rubie at 2015-01-05 00:59:08

    Running from C:\Users\Rubie\Downloads

    Boot Mode: Normal

    ==========================================================

     

     

    ==================== Security Center ========================

     

    (If an entry is included in the fixlist, it will be removed.)

     

    AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}

    AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

     

    ==================== Installed Programs ======================

     

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

     

    4500_G510nz_Help (x32 Version: 000.0.439.000 - Hewlett-Packard) Hidden

    4500G510nz (x32 Version: 000.0.439.000 - Hewlett-Packard) Hidden

    4500G510nz_Software_Min (x32 Version: 000.0.423.000 - Hewlett-Packard) Hidden

    64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden

    7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)

    Addon Sync 2009 (HKLM-x32\...\{4E3AA543-09D7-401E-9DF2-2591D24C7C49}) (Version: 1.0.67 - YomaTools)

    Adobe Flash Player 10 ActiveX (HKLM-x32\...\{922E8525-AC7E-4294-ACAA-43712D4423C0}) (Version: 10.0.22.87 - Adobe Systems, Inc.)

    Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)

    Age of Empires II: HD Edition (HKLM-x32\...\{1194343F-ACFE-4AB4-B1C0-C1E913B729BF}_is1) (Version: 3.8.2662 - Microsoft Studios, Tolyak26)

    Archeage (HKLM-x32\...\Glyph Archeage) (Version:  - Trion Worlds, Inc.)

    Arma 2 (HKLM-x32\...\Steam App 33910) (Version:  - Bohemia Interactive)

    ARMA 2: British Armed Forces - Data cache removal (HKLM-x32\...\A2BAF Data cache removal) (Version:  - )

    Arma 2: British Armed Forces (HKLM-x32\...\Steam App 65700) (Version:  - Bohemia Interactive)

    Arma 2: Operation Arrowhead (HKLM-x32\...\Steam App 33930) (Version:  - Bohemia Interactive)

    ARMA 2: Private Military Company - Data cache removal (HKLM-x32\...\A2PMC Data cache removal) (Version:  - )

    Arma 2: Private Military Company (HKLM-x32\...\Steam App 65720) (Version:  - Bohemia Interactive)

    Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)

    avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software)

    AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version:  - )

    Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)

    Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)

    Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.5.1 - EA Digital Illusions CE AB)

    BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version:  - )

    BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden

    Bully Scholarship Edition (HKLM-x32\...\InstallShield_{A724605D-B399-4304-B8C7-33B3EF7D4677}) (Version: 1.00.0154 - Rockstar Games)

    Bully Scholarship Edition (x32 Version: 1.00.0154 - Rockstar Games) Hidden

    CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)

    Chromium (HKU\S-1-5-21-1243950774-1183063232-2593923303-1000\...\Chromium) (Version: 40.0.2172.0 - Chromium) <==== ATTENTION!

    Counter-Strike (HKLM-x32\...\Steam App 10) (Version:  - Valve)

    Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)

    Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)

    CPUID CPU-Z 1.71.1 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )

    DARK SOULS™ II (HKLM-x32\...\Steam App 236430) (Version:  - FromSoftware, Inc)

    DayZLauncher version 0.0.0.7 (HKLM-x32\...\{E31045B4-9DB5-44DF-9EBD-BD4CFDE640FD}_is1) (Version: 0.0.0.7 - Maca134)

    Deus Ex: Human Revolution (HKLM-x32\...\Steam App 28050) (Version:  - Eidos Montreal)

    Equalify v2.5.3 (Stable) (HKLM-x32\...\{33EC4F70-9F4B-406F-BB2A-F75A285E927D}) (Version: 2.5.3.0 - Equalify)

    Everything 1.3.4.686 (x86) (HKLM-x32\...\Everything) (Version:  - )

    ffdshow v1.3.4530 [2014-02-09] (HKLM-x32\...\ffdshow_is1) (Version: 1.3.4530.0 - )

    foobar2000 v1.3.6 (HKLM-x32\...\foobar2000) (Version: 1.3.6 - Peter Pawlowski)

    Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)

    Geeks3D FurMark 1.15.0.0 (HKLM-x32\...\{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1) (Version:  - Geeks3D)

    ggRO 1.0 (HKLM-x32\...\ggRO) (Version: 1.0 - )

    Glyph (HKLM-x32\...\Glyph) (Version:  - Trion Worlds, Inc.)

    GoldenEye: Source (HKLM-x32\...\GoldenEye Source) (Version: 4.2.4 - Team GoldenEye: Source)

    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)

    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

    Grand Theft Auto San Andreas + MultiPlayer [0.3e] (HKLM-x32\...\{E1D22FE1-AB5F-42CA-9480-6F70B96DDD88}_is1) (Version: 0.3(e) - RePack by -=M@N=-)

    Gyazo 2.2 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version:  - Nota Inc.)

    HD Tune 2.55 (HKLM-x32\...\HD Tune_is1) (Version:  - EFD Software)

    Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)

    Hotline Miami (HKLM-x32\...\GOGPACKHOTLINEMIAMI_is1) (Version: 2.0.0.4 - GOG.com)

    HP Officejet 4500 G510n-z (HKLM\...\{7E0E61CC-1C99-429D-BEA7-C4DD5B898D2A}) (Version: 13.0 - HP)

    Insurgency (HKLM-x32\...\Steam App 222880) (Version:  - New World Interactive)

    Java 7 Update 67 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417067FF}) (Version: 7.0.670 - Oracle)

    join.me (HKU\S-1-5-21-1243950774-1183063232-2593923303-1000\...\JoinMe) (Version: 1.18.0.189 - LogMeIn, Inc.)

    Kerbal Space Program (HKLM-x32\...\Steam App 220200) (Version:  - Squad)

    League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)

    League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden

    LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.291 - LogMeIn, Inc.)

    LogMeIn Hamachi (x32 Version: 2.2.0.291 - LogMeIn, Inc.) Hidden

    Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)

    MapleStory (HKLM-x32\...\Steam App 216150) (Version:  - Nexon)

    Metro 2033 (HKLM-x32\...\Steam App 43110) (Version:  - 4A Games)

    Microsoft .NET Framework 4.5.1 RC (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50861 - Microsoft Corporation)

    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)

    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

    Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)

    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)

    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)

    Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)

    Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)

    MorphVOX Pro (HKLM-x32\...\{DE289787-7ECA-4BED-9D8C-99FAC407E3D6}) (Version: 4.3.13 - Screaming Bee)

    Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)

    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.1.1 - Mozilla)

    MPC-HC 1.7.7 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.7 - MPC-HC Team)

    MTA:SA v1.4.0 (HKLM-x32\...\MTA:SA 1.4) (Version: v1.4.0 - Multi Theft Auto)

    Mumble 1.2.8 (HKLM-x32\...\{A9DBD31A-A09F-4C7E-86D1-3B21C59000D1}) (Version: 1.2.8 - Thorvald Natvig)

    Need For Speed™ World (HKLM-x32\...\{3AF1B16A-7DC9-4C80-BAEC-70B088A7C5B8}) (Version: 1.0.0.0 - Electronic Arts)

    Network64 (Version: 130.0.550.000 - Hewlett-Packard) Hidden

    Next Car Game Free Technology Demo (HKLM-x32\...\Next Car Game Free Technology Demo) (Version:  - Bugbear Entertainment)

    NVIDIA 3D Vision Controller Driver 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 344.11 - NVIDIA Corporation)

    NVIDIA 3D Vision Driver 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 344.11 - NVIDIA Corporation)

    NVIDIA Graphics Driver 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.11 - NVIDIA Corporation)

    NVIDIA HD Audio Driver 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation)

    NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)

    Origin (HKLM-x32\...\Origin) (Version: 9.5.2.2829 - Electronic Arts, Inc.)

    osu! (HKLM-x32\...\{3b800871-2351-4244-9768-bb65d4cfb6bb}) (Version: latest - ppy Pty Ltd)

    PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version:  - OVERKILL - a Starbreeze Studio.)

    PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC)

    PowerISO (HKLM-x32\...\PowerISO) (Version: 6.1 - Power Software Ltd)

    PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.992 - Even Balance, Inc.)

    Python 3.4.2 (HKLM-x32\...\{2583CDBA-8A53-4622-BB67-1D163714C1B4}) (Version: 3.4.16349 - Python Software Foundation)

    qBittorrent 3.1.9.2 (HKLM-x32\...\qbittorrent) (Version: 3.1.9.2 - The qBittorrent project)

    Ragnarok Online (HKLM-x32\...\{181579B5-0028-4E01-AC27-97ED80352279}) (Version: 14.2.4 - Gravity Interactive, Inc.)

    Realm of the Mad God (HKLM-x32\...\Steam App 200210) (Version:  - Wild Shadow Studios)

    ReClock (HKLM-x32\...\ReClock) (Version:  - SlySoft, Inc.)

    Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)

    Risk of Rain (HKLM-x32\...\Steam App 248820) (Version:  - )

    Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden

    Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - 2K Games, Inc.)

    SimCity 2000 Special Edition (HKLM-x32\...\{59D2C751-F7BE-4E9F-9C8C-1F16013802C7}) (Version: 2.0.0.1 - Electronic Arts)

    SimCity 4 Deluxe (HKLM-x32\...\{A7A34FC9-DF24-4A36-00AD-D4EFE94CC116}) (Version:  - )

    Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)

    SmoothVideo Project version 3.1.6 (HKLM-x32\...\SmoothVideo Project_is1) (Version: 3.1.6 - SVP)

    Source SDK Base 2007 (HKLM-x32\...\Steam App 218) (Version:  - Valve)

    Speccy (HKLM\...\Speccy) (Version: 1.26 - Piriform)

    Spiral Knights (HKLM-x32\...\Steam App 99900) (Version:  - Three Rings)

    Spotify (HKU\S-1-5-21-1243950774-1183063232-2593923303-1000\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)

    Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)

    Sumotori Dreams (HKLM-x32\...\Sumotori Dreams) (Version:  - )

    Sumotori Full Version (HKLM-x32\...\Sumotori Full Version) (Version:  - )

    Super Crate Box (HKLM-x32\...\Steam App 212800) (Version:  - Vlambeer)

    Synthesia (HKLM-x32\...\Synthesia) (Version: 9 - Synthesia LLC)

    TalonRO Client 1.0.0 (HKLM-x32\...\TalonRO_is1) (Version: 1.0.0 - TalonRO)

    TeamSpeak 3 Client (HKU\S-1-5-21-1243950774-1183063232-2593923303-1000\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)

    Terraria (HKLM-x32\...\Steam App 105600) (Version:  - Re-Logic)

    TL-WN751ND Driver (HKLM-x32\...\{14770694-6C1C-4137-95F9-6F934D8491B4}) (Version: 1.00.0000 - TP-LINK)

    Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden

    TP-LINK Wireless Configuration Utility (HKLM-x32\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 2.01.0012 - TP-LINK)

    Unity Web Player (x64) (All users) (HKLM\...\UnityWebPlayer) (Version: 4.5.5f1 - Unity Technologies ApS)

    Unturned (HKLM-x32\...\Steam App 304930) (Version:  - Nelson Sexton)

    Virtual Audio Cable 4.10 (HKLM\...\Virtual Audio Cable 4.10) (Version:  - )

    VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)

    WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden

    Ys Origin (HKLM-x32\...\Steam App 207350) (Version:  - Nihon Falcom)

     

    ==================== Custom CLSID (selected items): ==========================

     

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

     

    CustomCLSID: HKU\S-1-5-21-1243950774-1183063232-2593923303-1000_Classes\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}\localserver32 -> C:\Users\Rubie\AppData\Local\Chromium\Application\40.0.2172.0\delegate_execute.exe (The Chromium Authors) <==== ATTENTION

     

    ==================== Restore Points  =========================

     

    29-12-2014 06:05:45 Scheduled Checkpoint

    30-12-2014 02:56:05 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610

    30-12-2014 02:56:30 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610

    04-01-2015 23:45:28 ComboFix created restore point

     

    ==================== Hosts content: ==========================

     

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

     

    2009-07-13 21:34 - 2015-01-04 23:55 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

    127.0.0.1       localhost

     

    ==================== Scheduled Tasks (whitelisted) =============

     

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

     

    Task: {36E91BC1-796A-45B4-A89A-DF900530DF6D} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-09-27] (AVAST Software)

    Task: {4C985EFA-24DA-45B9-885E-81D63E8FD408} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-09-26] (Piriform Ltd)

    Task: {7BCF567C-2954-463C-8830-C9F7046354CA} - System32\Tasks\Steam_x64-S-2-106-91 => C:\Users\Rubie\AppData\Roaming\Audacity\CODEXi\Steam [2014-12-30] ()

    Task: {8939887B-3AA0-4325-AE3D-AB614E51088B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-13] (Google Inc.)

    Task: {9940AF4D-441A-4FC6-BC0B-23EB49202D19} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2014-07-03] ()

    Task: {ED3D25C5-1B76-484F-97E8-8D18264A1DF0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-09] (Adobe Systems Incorporated)

    Task: {F7080B12-A56A-447C-8649-D873EE399A2C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-13] (Google Inc.)

    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

     

    ==================== Loaded Modules (whitelisted) =============

     

    2014-09-27 22:45 - 2014-09-13 16:53 - 00116880 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll

    2014-11-23 13:56 - 2014-08-05 20:01 - 01048576 _____ () C:\Program Files (x86)\Everything\Everything.exe

    2014-09-28 01:48 - 2014-11-07 15:53 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe

    2015-01-05 00:28 - 2015-01-05 00:29 - 15298136 _____ () C:\Users\Rubie\Downloads\RogueKiller.exe

    2014-09-27 11:08 - 2014-09-27 11:08 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll

    2015-01-04 18:01 - 2015-01-04 18:01 - 02909696 _____ () C:\Program Files\AVAST Software\Avast\defs\15010401\algo.dll

    2014-09-27 11:08 - 2014-09-27 11:08 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

    2014-12-13 21:32 - 2014-12-05 20:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll

    2014-12-13 21:32 - 2014-12-05 20:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll

    2014-12-13 21:32 - 2014-12-05 20:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll

    2014-12-13 21:32 - 2014-12-05 20:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll

    2014-12-13 21:32 - 2014-12-05 20:50 - 14913352 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll

     

    ==================== Alternate Data Streams (whitelisted) =========

     

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

     

    AlternateDataStreams: C:\ProgramData:NT

    AlternateDataStreams: C:\ProgramData:NT2

    AlternateDataStreams: C:\Users\All Users:NT

    AlternateDataStreams: C:\Users\All Users:NT2

    AlternateDataStreams: C:\ProgramData\Application Data:NT

    AlternateDataStreams: C:\ProgramData\Application Data:NT2

    AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT

    AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT2

    AlternateDataStreams: C:\ProgramData\TEMP:C76EDAC3

    AlternateDataStreams: C:\Users\Rubie\Application Data:NT

    AlternateDataStreams: C:\Users\Rubie\Application Data:NT2

    AlternateDataStreams: C:\Users\Rubie\AppData\Roaming:NT

    AlternateDataStreams: C:\Users\Rubie\AppData\Roaming:NT2

     

    ==================== Safe Mode (whitelisted) ===================

     

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

     

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

     

    ==================== EXE Association (whitelisted) =============

     

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

     

     

    ==================== MSCONFIG/TASK MANAGER disabled items =========

     

    (Currently there is no automatic fix for this section.)

     

    MSCONFIG\startupreg: Spotify => "C:\Users\Rubie\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart

     

    ========================= Accounts: ==========================

     

    Administrator (S-1-5-21-1243950774-1183063232-2593923303-500 - Administrator - Disabled)

    Guest (S-1-5-21-1243950774-1183063232-2593923303-501 - Limited - Disabled)

    HomeGroupUser$ (S-1-5-21-1243950774-1183063232-2593923303-1002 - Limited - Enabled)

    Rubie (S-1-5-21-1243950774-1183063232-2593923303-1000 - Administrator - Enabled) => C:\Users\Rubie

     

    ==================== Faulty Device Manager Devices =============

     

    Name: 

    Description: 

    Class Guid: 

    Manufacturer: 

    Service: 

    Problem: : The drivers for this device are not installed. (Code 28)

    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

     

    Name: Ethernet Controller

    Description: Ethernet Controller

    Class Guid: 

    Manufacturer: 

    Service: 

    Problem: : The drivers for this device are not installed. (Code 28)

    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

     

    Name: Officejet 4500 G510n-z

    Description: Officejet 4500 G510n-z

    Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}

    Manufacturer: HP

    Service: 

    Problem: : This device is disabled. (Code 22)

    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

     

     

    ==================== Event log errors: =========================

     

    Application errors:

    ==================

    Error: (12/31/2014 08:14:24 PM) (Source: Application Error) (EventID: 1000) (User: )

    Description: Faulting application name: DayZLauncher.exe, version: 0.0.0.7, time stamp: 0x53f87bec

    Faulting module name: KERNELBASE.dll, version: 6.1.7600.16385, time stamp: 0x4a5bdbdf

    Exception code: 0xe0434352

    Fault offset: 0x0000b727

    Faulting process id: 0x17ec

    Faulting application start time: 0xDayZLauncher.exe0

    Faulting application path: DayZLauncher.exe1

    Faulting module path: DayZLauncher.exe2

    Report Id: DayZLauncher.exe3

     

    Error: (12/31/2014 08:14:22 PM) (Source: .NET Runtime) (EventID: 1026) (User: )

    Description: Application: DayZLauncher.exe

    Framework Version: v4.0.30319

    Description: The process was terminated due to an unhandled exception.

    Exception Info: System.ComponentModel.Win32Exception

    Stack:

       at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)

       at System.Windows.Threading.DispatcherOperation.InvokeImpl()

       at System.Windows.Threading.DispatcherOperation.InvokeInSecurityContext(System.Object)

       at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)

       at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)

       at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)

       at System.Windows.Threading.DispatcherOperation.Invoke()

       at System.Windows.Threading.Dispatcher.ProcessQueue()

       at System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)

       at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)

       at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)

       at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)

       at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)

       at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)

       at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)

       at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)

       at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)

       at System.Windows.Threading.Dispatcher.PushFrame(System.Windows.Threading.DispatcherFrame)

       at System.Windows.Threading.Dispatcher.Run()

       at System.Windows.Application.RunDispatcher(System.Object)

       at System.Windows.Application.RunInternal(System.Windows.Window)

       at System.Windows.Application.Run(System.Windows.Window)

       at DayZLauncher.App.Main(System.String[])

     

    Error: (12/28/2014 05:55:43 AM) (Source: System Restore) (EventID: 8211) (User: )

    Description: The scheduled restore point could not be created.  Additional information: (0x8004230f).

     

    Error: (12/28/2014 05:55:43 AM) (Source: System Restore) (EventID: 8193) (User: )

    Description: Failed to create restore point (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x8004230f).

     

    Error: (12/28/2014 05:55:42 AM) (Source: VSS) (EventID: 12293) (User: )

    Description: Volume Shadow Copy Service error: Error calling a routine on a Shadow Copy Provider {b5946137-7b9f-4925-af80-51abd60b20d5}. Routine details EndPrepareSnapshots({b0e5ba6e-e1aa-4fc3-84d8-eb9b84d0dbea}) [hr = 0x80070008, Not enough storage is available to process this command.

    ].

     

     

    Operation:

       Executing Asynchronous Operation

     

    Context:

       Current State: DoSnapshotSet

     

    Error: (12/27/2014 03:50:48 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )

    Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>with error: The data is invalid.

    .

     

    Error: (12/27/2014 03:50:02 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )

    Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>with error: The data is invalid.

    .

     

    Error: (12/27/2014 03:26:11 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )

    Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>with error: The data is invalid.

    .

     

    Error: (12/27/2014 02:59:59 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )

    Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>with error: The data is invalid.

    .

     

    Error: (12/27/2014 02:29:34 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )

    Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>with error: The data is invalid.

    .

     

     

    System errors:

    =============

    Error: (01/05/2015 00:30:24 AM) (Source: Application Popup) (EventID: 1060) (User: )

    Description: \??\C:\Windows\System32\drivers\TrueSight.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

     

    Error: (01/05/2015 00:02:32 AM) (Source: Service Control Manager) (EventID: 7026) (User: )

    Description: The following boot-start or system-start driver(s) failed to load: 

    cdrom

     

    Error: (01/04/2015 11:55:16 PM) (Source: Service Control Manager) (EventID: 7030) (User: )

    Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

     

    Error: (01/04/2015 11:54:45 PM) (Source: Application Popup) (EventID: 1060) (User: )

    Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

     

    Error: (01/04/2015 11:51:58 PM) (Source: Service Control Manager) (EventID: 7030) (User: )

    Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

     

    Error: (01/04/2015 10:07:46 PM) (Source: Service Control Manager) (EventID: 7026) (User: )

    Description: The following boot-start or system-start driver(s) failed to load: 

    cdrom

     

    Error: (01/04/2015 10:07:26 PM) (Source: EventLog) (EventID: 6008) (User: )

    Description: The previous system shutdown at 9:11:21 PM on ‎1/‎4/‎2015 was unexpected.

     

    Error: (01/04/2015 07:37:41 PM) (Source: Service Control Manager) (EventID: 7026) (User: )

    Description: The following boot-start or system-start driver(s) failed to load: 

    cdrom

     

    Error: (01/04/2015 07:37:21 PM) (Source: EventLog) (EventID: 6008) (User: )

    Description: The previous system shutdown at 7:32:08 PM on ‎1/‎4/‎2015 was unexpected.

     

    Error: (01/04/2015 06:01:08 PM) (Source: Service Control Manager) (EventID: 7026) (User: )

    Description: The following boot-start or system-start driver(s) failed to load: 

    cdrom

     

     

    Microsoft Office Sessions:

    =========================

    Error: (12/31/2014 08:14:24 PM) (Source: Application Error) (EventID: 1000) (User: )

    Description: DayZLauncher.exe0.0.0.753f87becKERNELBASE.dll6.1.7600.163854a5bdbdfe04343520000b72717ec01d0255a936f743aC:\Program Files (x86)\DayZLauncher\DayZLauncher.exeC:\Windows\syswow64\KERNELBASE.dll8584fa58-9153-11e4-8bae-e1772b6d143c

     

    Error: (12/31/2014 08:14:22 PM) (Source: .NET Runtime) (EventID: 1026) (User: )

    Description: Application: DayZLauncher.exe

    Framework Version: v4.0.30319

    Description: The process was terminated due to an unhandled exception.

    Exception Info: System.ComponentModel.Win32Exception

    Stack:

       at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)

       at System.Windows.Threading.DispatcherOperation.InvokeImpl()

       at System.Windows.Threading.DispatcherOperation.InvokeInSecurityContext(System.Object)

       at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)

       at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)

       at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)

       at System.Windows.Threading.DispatcherOperation.Invoke()

       at System.Windows.Threading.Dispatcher.ProcessQueue()

       at System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)

       at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)

       at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)

       at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)

       at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)

       at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)

       at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)

       at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)

       at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)

       at System.Windows.Threading.Dispatcher.PushFrame(System.Windows.Threading.DispatcherFrame)

       at System.Windows.Threading.Dispatcher.Run()

       at System.Windows.Application.RunDispatcher(System.Object)

       at System.Windows.Application.RunInternal(System.Windows.Window)

       at System.Windows.Application.Run(System.Windows.Window)

       at DayZLauncher.App.Main(System.String[])

     

    Error: (12/28/2014 05:55:43 AM) (Source: System Restore) (EventID: 8211) (User: )

    Description: 0x8004230f

     

    Error: (12/28/2014 05:55:43 AM) (Source: System Restore) (EventID: 8193) (User: )

    Description: C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreationScheduled Checkpoint0x8004230f

     

    Error: (12/28/2014 05:55:42 AM) (Source: VSS) (EventID: 12293) (User: )

    Description: {b5946137-7b9f-4925-af80-51abd60b20d5}EndPrepareSnapshots({b0e5ba6e-e1aa-4fc3-84d8-eb9b84d0dbea})0x80070008, Not enough storage is available to process this command.

     

     

    Operation:

       Executing Asynchronous Operation

     

    Context:

       Current State: DoSnapshotSet

     

    Error: (12/27/2014 03:50:48 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )


     

    Error: (12/27/2014 03:50:02 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )


     

    Error: (12/27/2014 03:26:11 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )


     

    Error: (12/27/2014 02:59:59 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )


     

    Error: (12/27/2014 02:29:34 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )


     

     

    CodeIntegrity Errors:

    ===================================

      Date: 2015-01-04 23:54:45.768

      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

     

      Date: 2015-01-04 23:54:45.753

      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

     

     

    ==================== Memory info =========================== 

     

    Processor: AMD FX-4130 Quad-Core Processor 

    Percentage of memory in use: 64%

    Total physical RAM: 4078.12 MB

    Available physical RAM: 1464.41 MB

    Total Pagefile: 8154.38 MB

    Available Pagefile: 5616.16 MB

    Total Virtual: 8192 MB

    Available Virtual: 8191.81 MB

     

    ==================== Drives ================================

     

    Drive c: () (Fixed) (Total:931.41 GB) (Free:652.32 GB) NTFS

     

    ==================== MBR & Partition Table ==================

     

    ========================================================

    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 9BBC9CC0)

    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

    Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

     

    ==================== End Of Log ============================

    GPU on 99 Load, suspect discreet gpu miner

    in Resolved Malware Removal Logs

    Posted

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-01-2015

    Ran by Rubie (administrator) on RUBIE-PC on 06-01-2015 16:22:37

    Running from C:\Users\Rubie\Downloads

    Loaded Profile: Rubie (Available profiles: Rubie)

    Platform: Windows 7 Enterprise (X64) OS Language: English (United States)

    Internet Explorer Version 8 (Default browser: Chrome)

    Boot Mode: Normal


     

    ==================== Processes (Whitelisted) =================

     

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

     

    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

    () C:\Program Files (x86)\Everything\Everything.exe

    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe

    (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe

    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

    () C:\Windows\SysWOW64\PnkBstrA.exe

    (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe

    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe

    (Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe

    (Nota Inc.) C:\Program Files (x86)\Gyazo\GyStation.exe

    (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe

    (Spotify Ltd) C:\Users\Rubie\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

    (SVP-Team.com) C:\Program Files (x86)\SVP\svptube\svptube.exe

    (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe

    (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe

    (Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE

    () C:\Program Files (x86)\Everything\Everything.exe

    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    () C:\Users\Rubie\AppData\Roaming\Audacity\CODEXi\Steam

    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe

    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    (Farbar) C:\Users\Rubie\Downloads\FRST64 (1).exe

     

     

    ==================== Registry (Whitelisted) ==================

     

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

     

    HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2461504 2014-09-16] (NVIDIA Corporation)

    HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)

    HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-09-27] (AVAST Software)

    HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [408888 2014-10-08] (Power Software Ltd)

    HKLM-x32\...\Run: [Everything] => C:\Program Files (x86)\Everything\Everything.exe [1048576 2014-08-05] ()

    HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3838800 2014-12-13] (LogMeIn Inc.)

    HKU\S-1-5-21-1243950774-1183063232-2593923303-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6482200 2014-09-26] (Piriform Ltd)

    HKU\S-1-5-21-1243950774-1183063232-2593923303-1000\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [3095328 2014-09-16] (Nota Inc.)

    HKU\S-1-5-21-1243950774-1183063232-2593923303-1000\...\Run: [spotify Web Helper] => C:\Users\Rubie\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-16] (Spotify Ltd)

    HKU\S-1-5-21-1243950774-1183063232-2593923303-1000\...\Run: [sVPtube] => C:\Program Files (x86)\SVP\svptube\svptube.exe [15120896 2014-03-24] (SVP-Team.com)

    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk

    ShortcutTarget: TP-LINK Wireless Configuration Utility.lnk -> C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe ()

    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

     

    ==================== Internet (Whitelisted) ====================

     

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

     

    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

    HKU\S-1-5-21-1243950774-1183063232-2593923303-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

    HKU\S-1-5-21-1243950774-1183063232-2593923303-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

    StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

    SearchScopes: HKU\S-1-5-21-1243950774-1183063232-2593923303-1000 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = 

    BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

    BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

    BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File

    BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

    Toolbar: HKU\S-1-5-21-1243950774-1183063232-2593923303-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File

    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 68.237.161.12

     

    FireFox:

    ========

    FF ProfilePath: C:\Users\Rubie\AppData\Roaming\Mozilla\Firefox\Profiles\71say5dp.default

    FF DefaultSearchEngine: Google

    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()

    FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll (EA Digital Illusions CE AB)

    FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

    FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

    FF Plugin: @unity3d.com/UnityPlayer64,version=1.0 -> C:\Program Files\Unity\WebPlayer64\loader-x64\npUnity3D64.dll (Unity Technologies ApS)

    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()

    FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll (EA Digital Illusions CE AB)

    FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

    FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

    FF Extension: MEGA - C:\Users\Rubie\AppData\Roaming\Mozilla\Firefox\Profiles\71say5dp.default\Extensions\firefox@mega.co.nz.xpi [2014-11-30]

    FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF

    FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-09-27]

     

    Chrome: 

    =======

    CHR Profile: C:\Users\Rubie\AppData\Local\Google\Chrome\User Data\Default

    CHR Extension: (Google Slides) - C:\Users\Rubie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-13]

    CHR Extension: (Google Docs) - C:\Users\Rubie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-13]

    CHR Extension: (Google Drive) - C:\Users\Rubie\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-13]

    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Rubie\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-13]

    CHR Extension: (YouTube) - C:\Users\Rubie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-13]

    CHR Extension: (Google Search) - C:\Users\Rubie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-13]

    CHR Extension: (Google Sheets) - C:\Users\Rubie\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-13]

    CHR Extension: (Avast Online Security) - C:\Users\Rubie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-12-13]

    CHR Extension: (Google Wallet) - C:\Users\Rubie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-13]

    CHR Extension: (Gmail) - C:\Users\Rubie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-13]

    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-09-27]

     

    ==================== Services (Whitelisted) =================

     

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

     

    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-09-27] (AVAST Software)

    S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [701824 2014-12-24] ()

    R2 Everything; C:\Program Files (x86)\Everything\Everything.exe [1048576 2014-08-05] () [File not signed] <==== ATTENTION

    R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1149760 2014-09-16] (NVIDIA Corporation)

    R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1037824 2009-09-08] (Hewlett-Packard Co.) [File not signed]

    R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2014-12-02] (LogMeIn, Inc.)

    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)

    R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)

    R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]

    R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1796928 2014-09-16] (NVIDIA Corporation)

    S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1903472 2014-12-17] (Electronic Arts)

    R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]

    R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-11-07] ()

    S2 WLMS; C:\Windows\system32\wlms\wlms.exe [19456 2009-07-14] (Microsoft Corporation)

     

    ==================== Drivers (Whitelisted) ====================

     

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

     

    R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-09-27] ()

    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-09-27] (AVAST Software)

    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-09-27] (AVAST Software)

    R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-09-27] ()

    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-11-21] (AVAST Software)

    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-09-27] (AVAST Software)

    R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-09-27] (AVAST Software)

    R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-09-27] ()

    R1 ElRawDisk; C:\Windows\system32\drivers\rsdrvx64.sys [26024 2009-02-12] (EldoS Corporation)

    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)

    R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-06] (Malwarebytes Corporation)

    R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)

    R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation)

    U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-01-05] ()

    S3 catchme; \??\C:\ComboFix\catchme.sys [X]

    S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]

    S3 FairplayKD; \??\C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys [X]

    S3 GPU-Z; \??\C:\Users\Rubie\AppData\Local\Temp\GPU-Z.sys [X]

    S3 X6va017; \??\C:\Windows\SysWOW64\Drivers\X6va017 [X]

    S3 X6va027; \??\C:\Windows\SysWOW64\Drivers\X6va027 [X]

     

    ==================== NetSvcs (Whitelisted) ===================

     

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

     

     

    ==================== One Month Created Files and Folders ========

     

    (If an entry is included in the fixlist, the file\folder will be moved.)

     

    2015-01-06 16:22 - 2015-01-06 16:22 - 02123776 _____ (Farbar) C:\Users\Rubie\Downloads\FRST64 (1).exe

    2015-01-05 03:38 - 2015-01-05 03:38 - 00000000 ____D () C:\Users\Rubie\Documents\Square Enix

    2015-01-05 01:25 - 2015-01-05 01:25 - 00020992 _____ (Microsoft Corporation) C:\Users\Rubie\Downloads\svchost.exe

    2015-01-05 01:24 - 2015-01-05 01:24 - 00000000 ____D () C:\Users\Rubie\Downloads\ProcessExplorer

    2015-01-05 01:17 - 2015-01-05 01:18 - 177998224 _____ (NVIDIA Corporation) C:\Users\Rubie\Downloads\314.22-desktop-win8-win7-winvista-64bit-english-whql.exe

    2015-01-05 01:07 - 2015-01-05 01:07 - 00000000 ____D () C:\Users\Rubie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TechPowerUp GPU-Z

    2015-01-05 01:07 - 2015-01-05 01:07 - 00000000 ____D () C:\Program Files (x86)\GPU-Z

    2015-01-05 01:06 - 2015-01-05 01:06 - 01689384 _____ (techPowerUp (www.techpowerup.com)) C:\Users\Rubie\Downloads\GPU-Z.0.8.0.exe

    2015-01-05 00:59 - 2015-01-05 00:59 - 00035058 _____ () C:\Users\Rubie\Downloads\Addition.txt

    2015-01-05 00:58 - 2015-01-06 16:22 - 00014812 _____ () C:\Users\Rubie\Downloads\FRST.txt

    2015-01-05 00:58 - 2015-01-06 16:22 - 00000000 ____D () C:\FRST

    2015-01-05 00:57 - 2015-01-05 00:57 - 02123776 _____ (Farbar) C:\Users\Rubie\Downloads\FRST64.exe

    2015-01-05 00:42 - 2015-01-05 00:42 - 00000000 ____D () C:\Users\Rubie\Downloads\2015-01-03d-win

    2015-01-05 00:30 - 2015-01-05 00:30 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys

    2015-01-05 00:30 - 2015-01-05 00:30 - 00000000 ____D () C:\ProgramData\RogueKiller

    2015-01-05 00:28 - 2015-01-05 00:29 - 15298136 _____ () C:\Users\Rubie\Downloads\RogueKiller.exe

    2015-01-04 23:57 - 2015-01-04 23:57 - 00018024 _____ () C:\ComboFix.txt

    2015-01-04 23:45 - 2015-01-04 23:57 - 00000000 ____D () C:\Qoobox

    2015-01-04 23:45 - 2015-01-04 23:55 - 00000000 ____D () C:\Windows\erdnt

    2015-01-04 23:45 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe

    2015-01-04 23:45 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe

    2015-01-04 23:45 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

    2015-01-04 23:45 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

    2015-01-04 23:45 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

    2015-01-04 23:45 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe

    2015-01-04 23:45 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe

    2015-01-04 23:45 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe

    2015-01-04 23:44 - 2015-01-04 23:44 - 05609498 ____R (Swearware) C:\Users\Rubie\Desktop\ComboFix.exe

    2015-01-04 23:34 - 2015-01-04 23:42 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)

    2015-01-04 23:32 - 2015-01-04 23:42 - 00000000 ____D () C:\Users\Rubie\Desktop\mbar

    2015-01-04 23:32 - 2015-01-04 23:32 - 16448208 _____ (Malwarebytes Corp.) C:\Users\Rubie\Downloads\mbar-1.08.2.1001.exe

    2015-01-04 23:29 - 2015-01-04 23:29 - 04187592 _____ (Kaspersky Lab ZAO) C:\Users\Rubie\Downloads\tdsskiller.exe

    2015-01-04 23:00 - 2015-01-04 23:23 - 312815616 _____ () C:\Users\Rubie\Downloads\kav_rescue_10.iso

    2015-01-04 22:58 - 2015-01-04 23:00 - 90720296 _____ () C:\Users\Rubie\Downloads\2015-01-03d-win.zip

    2015-01-04 22:48 - 2015-01-04 22:48 - 01188194 _____ () C:\Users\Rubie\Downloads\ProcessExplorer.zip

    2015-01-04 19:44 - 2015-01-04 19:44 - 00000000 ____D () C:\Users\Rubie\Downloads\openhardwaremonitor-v0.7.1-beta

    2015-01-04 19:43 - 2015-01-04 19:43 - 00511764 _____ () C:\Users\Rubie\Downloads\openhardwaremonitor-v0.7.1-beta.zip

    2014-12-31 00:08 - 2014-12-31 00:13 - 00723475 _____ () C:\Users\Rubie\Documents\Mumble-2014-12-31-00-08-22-voice-us-east-1.balefulgaming.com-Mixdown.ogg

    2014-12-30 19:37 - 2015-01-06 15:39 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

    2014-12-30 19:37 - 2015-01-04 23:34 - 00096472 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

    2014-12-30 19:37 - 2014-12-30 19:37 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

    2014-12-30 19:37 - 2014-12-30 19:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

    2014-12-30 19:37 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

    2014-12-30 19:37 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

    2014-12-30 19:36 - 2014-12-30 19:37 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

    2014-12-30 19:36 - 2014-12-30 19:36 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Rubie\Downloads\mbam-setup-2.0.4.1028.exe

    2014-12-30 19:36 - 2014-12-30 19:36 - 00000000 ____D () C:\ProgramData\Malwarebytes

    2014-12-30 18:35 - 2014-12-30 18:35 - 00000000 ____D () C:\ProgramData\Steam

    2014-12-30 02:39 - 2014-12-30 02:39 - 00003240 _____ () C:\Windows\System32\Tasks\Steam_x64-S-2-106-91

    2014-12-29 21:11 - 2014-12-29 21:19 - 00000494 _____ () C:\Users\Rubie\Desktop\config.ini

    2014-12-29 21:10 - 2014-08-26 02:10 - 00973312 _____ (GameplayCrush) C:\Users\Rubie\Desktop\WindowedBorderlessGaming.exe

    2014-12-29 21:09 - 2014-12-29 21:09 - 00554614 _____ () C:\Users\Rubie\Downloads\WindowedBorderlessGaming_2.1.0.0.zip

    2014-12-29 21:02 - 2014-12-29 21:02 - 00000000 ____D () C:\Users\Rubie\AppData\Roaming\DarkSoulsII

    2014-12-29 04:47 - 2014-12-29 04:47 - 00000000 ____D () C:\Users\Rubie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\qBittorrent

    2014-12-29 04:43 - 2014-12-29 05:09 - 00000000 ____D () C:\Users\Rubie\AppData\Roaming\qBittorrent

    2014-12-29 04:43 - 2014-12-29 04:43 - 00000000 ____D () C:\Users\Rubie\AppData\Local\qBittorrent

    2014-12-29 04:42 - 2014-12-29 04:43 - 10509452 _____ (The qBittorrent project) C:\Users\Rubie\Downloads\qbittorrent_3.1.9.2_setup.exe

    2014-12-29 04:33 - 2014-12-29 04:33 - 00003077 _____ () C:\Users\Rubie\Downloads\hgnb.py

    2014-12-29 04:31 - 2014-12-29 04:32 - 00007129 _____ () C:\Users\Rubie\Downloads\waller.py

    2014-12-29 04:21 - 2014-12-29 04:21 - 00005637 _____ () C:\Users\Rubie\Downloads\oldpbay.txt

    2014-12-29 04:21 - 2014-12-29 04:21 - 00005637 _____ () C:\Users\Rubie\Downloads\oldpbay.py

    2014-12-29 04:19 - 2014-12-29 04:19 - 00005693 _____ () C:\Users\Rubie\Downloads\original21.txt

    2014-12-29 04:12 - 2014-12-29 04:14 - 00005693 _____ () C:\Users\Rubie\Downloads\search.py

    2014-12-28 22:56 - 2014-12-28 22:56 - 09249728 _____ () C:\Users\Rubie\Downloads\Portal_Turrets_Sound_Pack.ts3_soundpack

    2014-12-28 20:23 - 2014-12-28 20:23 - 00000000 ____D () C:\Users\Rubie\AppData\Local\next car game free technology demo

    2014-12-28 20:21 - 2014-12-28 20:21 - 00000000 ____D () C:\Users\Rubie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Next Car Game Free Technology Demo

    2014-12-28 20:21 - 2014-12-28 20:21 - 00000000 ____D () C:\Program Files (x86)\Next Car Game Free Technology Demo

    2014-12-28 19:42 - 2014-12-28 19:50 - 122688622 _____ (Bugbear Entertainment) C:\Users\Rubie\Downloads\Next_Car_Game_Free_Technology_Demo.exe

    2014-12-28 19:07 - 2014-12-28 19:07 - 00000020 _____ () C:\Users\Rubie\Downloads\games for multiplayer.txt

    2014-12-28 03:16 - 2014-12-28 03:16 - 00000000 ____D () C:\Users\Rubie\AppData\Local\My Games

    2014-12-24 23:30 - 2014-12-24 23:30 - 00000536 _____ () C:\Windows\eReg.dat

    2014-12-24 23:30 - 2014-12-24 23:30 - 00000000 ____D () C:\Program Files (x86)\Maxis

    2014-12-24 22:33 - 2014-12-24 22:37 - 00000000 ____D () C:\Users\Rubie\AppData\Roaming\Equalify

    2014-12-24 22:31 - 2014-12-24 22:31 - 00000000 ____D () C:\Users\Rubie\Downloads\rack cityy

    2014-12-24 16:06 - 2014-12-24 16:11 - 00000188 _____ () C:\Users\Rubie\Desktop\Good Looks Test.txt

    2014-12-19 18:35 - 2014-12-19 18:46 - 00000000 ____D () C:\Users\Rubie\AppData\Local\join.me

    2014-12-19 18:35 - 2014-12-19 18:35 - 00001098 _____ () C:\Users\Rubie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\join.me.lnk

    2014-12-19 18:35 - 2014-12-19 18:35 - 00001092 _____ () C:\Users\Rubie\Desktop\join.me.lnk

    2014-12-19 18:35 - 2014-12-19 18:35 - 00000000 ____D () C:\Users\Rubie\AppData\Roaming\join.me

    2014-12-19 18:34 - 2014-12-19 18:34 - 16899072 _____ () C:\Users\Rubie\Downloads\join.me.msi

    2014-12-18 23:49 - 2015-01-04 23:21 - 00000000 ____D () C:\Users\Rubie\Downloads\real trap stuff

    2014-12-18 22:19 - 2014-12-18 22:19 - 00050127 _____ () C:\Users\Rubie\Downloads\JSTOR  The Journal of Human Resources, Vol. 36, No. 2 (Spring, 2001), pp. 253-273.htm

    2014-12-18 22:19 - 2014-12-18 22:19 - 00000000 ____D () C:\Users\Rubie\Downloads\JSTOR  The Journal of Human Resources, Vol. 36, No. 2 (Spring, 2001), pp. 253-273_files

    2014-12-17 21:27 - 2014-12-19 18:44 - 00000000 ____D () C:\Users\Rubie\AppData\Local\osu!

    2014-12-17 21:27 - 2014-12-17 21:27 - 00000950 _____ () C:\Users\Rubie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\osu!.lnk

    2014-12-17 21:27 - 2014-12-17 21:27 - 00000942 _____ () C:\Users\Rubie\Desktop\osu!.lnk

    2014-12-17 21:26 - 2014-12-17 21:26 - 03160648 _____ (ppy) C:\Users\Rubie\Downloads\osu!install.exe

    2014-12-17 17:28 - 2014-12-17 17:28 - 00000990 _____ () C:\Users\Public\Desktop\Configure ReClock.lnk

    2014-12-17 17:28 - 2014-12-17 17:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SVP 3.1

    2014-12-17 17:28 - 2014-12-17 17:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ReClock

    2014-12-17 17:28 - 2014-12-17 17:28 - 00000000 ____D () C:\Program Files (x86)\ReClock

    2014-12-17 17:27 - 2014-12-17 17:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ffdshow

    2014-12-17 17:27 - 2014-12-17 17:27 - 00000000 ____D () C:\Program Files (x86)\ffdshow

    2014-12-17 17:27 - 2014-02-09 20:36 - 00112640 _____ () C:\Windows\SysWOW64\ff_vfw.dll

    2014-12-17 17:26 - 2014-12-17 17:26 - 00000000 ____D () C:\Users\Rubie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AviSynth 2.5

    2014-12-17 17:26 - 2014-12-17 17:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AviSynth 2.5

    2014-12-17 17:26 - 2014-12-17 17:26 - 00000000 ____D () C:\Program Files (x86)\AviSynth 2.5

    2014-12-17 17:25 - 2014-12-17 17:29 - 00000000 ____D () C:\ProgramData\SVP 3.1

    2014-12-17 17:25 - 2014-12-17 17:28 - 00000000 ____D () C:\Program Files (x86)\SVP

    2014-12-17 17:25 - 2014-12-17 17:25 - 00000000 ____D () C:\Users\Rubie\AppData\Roaming\MPC-HC

    2014-12-17 17:24 - 2014-12-17 17:24 - 00001702 _____ () C:\Users\Rubie\Desktop\MPC-HC x64.lnk

    2014-12-17 17:24 - 2014-12-17 17:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC x64

    2014-12-17 17:24 - 2014-12-17 17:24 - 00000000 ____D () C:\Program Files\MPC-HC

    2014-12-17 17:21 - 2014-12-17 17:22 - 34398836 _____ (SmoothVideo Project ) C:\Users\Rubie\Downloads\SVP_3.1.6.exe

    2014-12-16 18:53 - 2014-12-16 18:53 - 03456095 _____ () C:\Users\Rubie\Downloads\a91f9670_DSC_1354.jpeg

    2014-12-16 16:49 - 2014-12-16 16:49 - 00137888 _____ (Spotify Ltd) C:\Users\Rubie\Downloads\SpotifySetup.exe

    2014-12-15 15:09 - 2014-12-15 15:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi

    2014-12-13 22:10 - 2014-12-13 22:10 - 00000000 ____D () C:\Users\Rubie\AppData\Roaming\Need for Speed World

    2014-12-13 21:32 - 2014-12-13 21:32 - 00002259 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

    2014-12-13 21:32 - 2014-12-13 21:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

    2014-12-13 21:31 - 2015-01-06 15:39 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

    2014-12-13 21:31 - 2015-01-06 01:36 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

    2014-12-13 21:31 - 2014-12-13 21:31 - 00003892 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

    2014-12-13 21:31 - 2014-12-13 21:31 - 00003640 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

    2014-12-13 21:30 - 2014-12-13 21:30 - 00880784 _____ (Google Inc.) C:\Users\Rubie\Downloads\ChromeSetup.exe

    2014-12-13 20:51 - 2014-12-13 20:51 - 00000000 ____D () C:\Users\Rubie\AppData\Local\Electronic_Arts_Inc

    2014-12-13 20:36 - 2014-12-13 20:36 - 00000000 ____D () C:\Users\Rubie\Downloads\PokeMMO-Client

    2014-12-13 20:35 - 2014-12-13 20:48 - 00001274 _____ () C:\Users\Public\Desktop\Need for Speed World.lnk

    2014-12-13 20:35 - 2014-12-13 20:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Need for Speed World

    2014-12-13 20:34 - 2014-12-13 20:34 - 00001520 _____ () C:\Users\Public\Desktop\SimCity 2000 Special Edition.lnk

    2014-12-13 20:34 - 2014-12-13 20:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SimCity 2000 Special Edition

    2014-12-13 20:28 - 2014-12-13 20:28 - 12457183 _____ () C:\Users\Rubie\Downloads\PokeMMO-Client.zip

    2014-12-13 20:07 - 2014-12-13 20:07 - 17103000 _____ (Electronic Arts, Inc.) C:\Users\Rubie\Downloads\OriginThinSetup.exe

    2014-12-13 17:58 - 2014-12-13 17:59 - 00000000 ____D () C:\Program Files\Virtual Audio Cable

    2014-12-13 17:58 - 2014-12-13 17:58 - 00066728 _____ (Eugene V. Muzychenko) C:\Windows\system32\Drivers\vrtaucbl.sys

    2014-12-13 17:58 - 2014-12-13 17:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virtual Audio Cable

    2014-12-13 17:55 - 2014-12-13 17:55 - 00000000 ____D () C:\Users\Rubie\Downloads\Virtual Audio Cable 4.10 - vac410full

    2014-12-13 17:54 - 2014-12-13 17:54 - 00387040 _____ () C:\Users\Rubie\Downloads\Virtual Audio Cable 4.10 - vac410full.zip

    2014-12-13 17:53 - 2014-12-13 17:54 - 03827720 _____ (foobar2000.org) C:\Users\Rubie\Downloads\foobar2000_v1.3.6.exe

    2014-12-13 17:22 - 2014-12-13 17:22 - 00304351 _____ () C:\Users\Rubie\Downloads\aim_prac_headshots-b1.zip

    2014-12-10 18:50 - 2014-12-10 18:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

    2014-12-09 18:50 - 2014-12-09 18:50 - 00000000 ____D () C:\Users\Rubie\AppData\Local\Blizzard

    2014-12-09 18:18 - 2014-12-09 18:50 - 00000000 ____D () C:\Program Files (x86)\Hearthstone

    2014-12-09 18:18 - 2014-12-09 18:18 - 00001185 _____ () C:\Users\Public\Desktop\Hearthstone.lnk

    2014-12-09 18:18 - 2014-12-09 18:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone

    2014-12-09 18:09 - 2014-12-09 20:00 - 00000000 ____D () C:\Users\Rubie\AppData\Local\Battle.net

    2014-12-09 18:09 - 2014-12-09 18:15 - 00000000 ____D () C:\Users\Rubie\AppData\Roaming\Battle.net

    2014-12-09 18:09 - 2014-12-09 18:09 - 00000000 ____D () C:\Users\Rubie\AppData\Local\Blizzard Entertainment

    2014-12-09 18:09 - 2014-12-09 18:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net

    2014-12-09 18:09 - 2014-12-09 18:09 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment

    2014-12-09 18:09 - 2014-12-09 18:09 - 00000000 ____D () C:\Program Files (x86)\Battle.net

    2014-12-09 18:06 - 2014-12-09 18:06 - 00000000 ____D () C:\ProgramData\Battle.net

    2014-12-09 17:07 - 2014-12-09 17:07 - 00011630 _____ () C:\Users\Rubie\Downloads\install_old_windows.txt

     

    ==================== One Month Modified Files and Folders =======

     

    (If an entry is included in the fixlist, the file\folder will be moved.)

     

    2015-01-06 16:19 - 2014-11-02 15:38 - 00000000 ____D () C:\Users\Rubie\AppData\Local\LogMeIn Hamachi

    2015-01-06 16:19 - 2014-10-31 20:01 - 00000000 ____D () C:\Users\Rubie\AppData\Roaming\TeamViewer

    2015-01-06 16:19 - 2014-09-29 20:33 - 00000000 ____D () C:\Program Files (x86)\Steam

    2015-01-06 16:19 - 2009-07-14 00:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games

    2015-01-06 16:18 - 2014-10-08 16:51 - 00000000 ____D () C:\Windows\Minidump

    2015-01-06 15:44 - 2009-07-13 23:45 - 00011760 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

    2015-01-06 15:44 - 2009-07-13 23:45 - 00011760 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

    2015-01-06 15:42 - 2014-10-29 16:39 - 00183783 ____N () C:\Windows\WindowsUpdate.log

    2015-01-06 15:42 - 2014-09-27 11:30 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

    2015-01-06 15:39 - 2014-09-27 22:46 - 00000000 ____D () C:\ProgramData\NVIDIA

    2015-01-06 15:39 - 2014-09-27 11:10 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update

    2015-01-06 15:39 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

    2015-01-06 01:42 - 2014-11-23 13:56 - 00000000 ____D () C:\Users\Rubie\AppData\Roaming\Everything

    2015-01-06 00:31 - 2014-10-05 19:14 - 00000000 ____D () C:\Users\Rubie\AppData\Roaming\Spotify

    2015-01-05 15:52 - 2014-10-05 19:15 - 00000000 ____D () C:\Users\Rubie\AppData\Local\Spotify

    2015-01-05 01:49 - 2014-11-04 16:44 - 00000000 ____D () C:\Users\Rubie\AppData\Roaming\Mumble

    2015-01-04 23:57 - 2009-07-13 22:20 - 00000000 __RHD () C:\Users\Default

    2015-01-04 23:55 - 2009-07-13 21:34 - 00000215 _____ () C:\Windows\system.ini

    2015-01-04 23:52 - 2014-09-27 21:28 - 00000000 ____D () C:\ProgramData\TEMP

    2014-12-31 22:35 - 2014-10-24 19:09 - 00000000 ____D () C:\Users\Rubie\AppData\Roaming\TS3Client

    2014-12-31 20:39 - 2014-10-31 19:33 - 00000000 ____D () C:\Users\Rubie\AppData\Local\ArmA 2 OA

    2014-12-30 19:47 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Help

    2014-12-30 19:37 - 2014-09-27 20:42 - 00000000 ____D () C:\Users\Rubie\AppData\Roaming\foobar2000

    2014-12-30 18:31 - 2014-10-04 14:20 - 00000000 ____D () C:\Program Files\PeerBlock

    2014-12-30 02:55 - 2014-10-28 17:30 - 00000000 ____D () C:\Windows\SysWOW64\directx

    2014-12-30 02:39 - 2014-10-18 12:53 - 00000000 ____D () C:\Users\Rubie\AppData\Roaming\Audacity

    2014-12-30 02:38 - 2014-11-28 19:44 - 00000000 ____D () C:\Games

    2014-12-29 04:47 - 2014-10-04 13:33 - 00000000 ____D () C:\Program Files (x86)\qBittorrent

    2014-12-28 03:24 - 2014-09-29 21:32 - 00000000 ____D () C:\Users\Rubie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam

    2014-12-28 03:16 - 2014-10-16 20:09 - 00000000 ____D () C:\Users\Rubie\Documents\My Games

    2014-12-25 22:24 - 2014-11-30 16:50 - 00000000 ____D () C:\Program Files (x86)\ggRO

    2014-12-25 00:13 - 2014-09-27 20:56 - 00000000 ____D () C:\ProgramData\Origin

    2014-12-25 00:13 - 2014-09-27 20:56 - 00000000 ____D () C:\Program Files (x86)\Origin

    2014-12-24 23:31 - 2014-10-28 17:30 - 00000000 ____D () C:\Users\Rubie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games

    2014-12-23 23:18 - 2009-07-14 00:13 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI

    2014-12-19 17:54 - 2014-11-28 16:23 - 00000000 ____D () C:\Users\Rubie\AppData\Roaming\EurekaLog

    2014-12-17 17:29 - 2014-09-29 21:32 - 00000000 ____D () C:\Users\Rubie\AppData\Roaming\NVIDIA

    2014-12-16 16:50 - 2014-10-05 19:15 - 00001805 _____ () C:\Users\Rubie\Desktop\Spotify.lnk

    2014-12-16 16:50 - 2014-10-05 19:15 - 00001791 _____ () C:\Users\Rubie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk

    2014-12-16 15:48 - 2014-12-02 15:31 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi

    2014-12-13 21:32 - 2014-09-27 11:08 - 00000000 ____D () C:\Users\Rubie\AppData\Local\Google

    2014-12-13 21:32 - 2014-09-27 11:08 - 00000000 ____D () C:\Program Files (x86)\Google

    2014-12-13 20:50 - 2014-09-27 20:56 - 00000000 ____D () C:\ProgramData\Electronic Arts

    2014-12-13 20:34 - 2014-09-27 21:07 - 00000000 ____D () C:\Program Files (x86)\Origin Games

    2014-12-13 17:54 - 2014-09-27 20:42 - 00001117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\foobar2000.lnk

    2014-12-13 17:54 - 2014-09-27 20:42 - 00001035 _____ () C:\Users\Public\Desktop\foobar2000.lnk

    2014-12-13 17:54 - 2014-09-27 20:42 - 00000000 ____D () C:\Program Files (x86)\foobar2000

    2014-12-12 18:17 - 2014-11-24 20:06 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

    2014-12-09 15:42 - 2014-09-27 11:30 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

    2014-12-09 15:42 - 2014-09-27 11:30 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

    2014-12-09 15:42 - 2014-09-27 11:30 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

     

    Files to move or delete:

    ====================

    C:\ProgramData\hash.dat

    C:\Users\Rubie\jagex_cl_oldschool_LIVE.dat

    C:\Users\Rubie\random.dat

     

     

    Some content of TEMP:

    ====================

    C:\Users\Rubie\AppData\Local\Temp\eauninstall.exe

    C:\Users\Rubie\AppData\Local\Temp\SC4_uninst.exe

    C:\Users\Rubie\AppData\Local\Temp\SimCity 4 Deluxe_uninst.exe

     

     

    ==================== Bamital & volsnap Check =================

     

    (There is no automatic fix for files that do not pass verification.)

     

    C:\Windows\System32\winlogon.exe => File is digitally signed

    C:\Windows\System32\wininit.exe => File is digitally signed

    C:\Windows\SysWOW64\wininit.exe => File is digitally signed

    C:\Windows\explorer.exe => File is digitally signed

    C:\Windows\SysWOW64\explorer.exe => File is digitally signed

    C:\Windows\System32\svchost.exe => File is digitally signed

    C:\Windows\SysWOW64\svchost.exe => File is digitally signed

    C:\Windows\System32\services.exe => File is digitally signed

    C:\Windows\System32\User32.dll => File is digitally signed

    C:\Windows\SysWOW64\User32.dll => File is digitally signed

    C:\Windows\System32\userinit.exe => File is digitally signed

    C:\Windows\SysWOW64\userinit.exe => File is digitally signed

    C:\Windows\System32\rpcss.dll => File is digitally signed

    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

     

     

    LastRegBack: 2015-01-04 18:19

     

    ==================== End Of Log ============================

    GPU on 99 Load, suspect discreet gpu miner

    in Resolved Malware Removal Logs

    Posted

    Hello,

     

    After clicking a link from my friend over skype, my chrome browser downloaded a picture. When I opened the pic it had a cross over it with a directory on my HDD. I ignored it for a while until I noticed that my computer's fan was extremely loud and it was coming from my gpu. I checked hardware monitor and after booting up, within an hour my gpu load shot up to around 98-99. I was idle listening to music on Spotify.

     

    My first inquiry is, do I have a gpu miner virus? Second would be are any of my passwords compromised?post-181268-0-57676800-1420577950_thumb.

     

    post-181268-0-62855600-1420577972_thumb.

     

    Both pics show the load and gpu activity, oddly though, the lod is maxed but the activity is almost idle.

     

    Thanks for reading.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.