Jump to content

bitcoin mining virus


Recommended Posts

Hi

 

I seem to have acquired the same bitcoin mining virus as gABBY had here http://forums.malwarebytes.org/index.php?s=7afd5f290d8156feccf5c6306d3bb7c1&showtopic=129110#entry701209 as I have the same Program Data\Windows\Time folder with those files. TimeServer appears to be what sends the data out as my Comodo firewall detected that and Time-svc appears to be what's been fully loading my GPU.

 

I ran MBAM and that didn't detect it. The OTL instructions by D-FRED-BROWN may well be what I need to do but I didn't want to try them without being instructed to first in case they're not quite appropriate, so I'd be grateful if someone could help me make sure I remove the virus properly.

 

Thanks.

Link to post
Share on other sites

Welcome to the forum, please start HERE

Post back the 2 logs here.....DDS.txt and Attach.txt

(please don't put logs in code or quotes)

P2P/Piracy Warning:

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

2. If you have illegal/cracked software, cracks, keygens, Adobe host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

<====><====><====><====><====><====><====><====>

Next................

Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes)

MrC

Note:

Please read all of my instructions completely including these.

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites

Hi MrCharlie

 

Thanks for offering to assist me. Here's the DDS and Attach logs as requested (don't worry about all the "service has terminated" messages at the end of Attach, that was just me killing off stuff trying to find what was loading my GPU). I'll shutdown IE now and run RogueKiller.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16660  BrowserJavaVersion: 10.25.2
Run by Main at 17:21:52 on 2013-08-27
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.44.1033.18.16348.13774 [GMT 1:00]
.
AV: Outpost Security Suite *Disabled/Updated* {ECEA6BCD-A007-0BC7-D5A5-0254DCBD816E}
SP: Outpost Security Suite *Disabled/Updated* {578B8A29-863D-0449-EF15-3926A73ACBD3}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Outpost Security Suite *Enabled* {D4D1EAE8-EA68-0A9F-FEFA-AB61226EC615}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
E:\Portable Apps\HwInfo64\HWiNFO64.exe
C:\Windows\explorer.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\ProgramData\Microsoft\Windows\Time\WindowsTime.exe
C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
C:\Program Files\COMODO\COMODO Internet Security\cis.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.

mWinlogon: Userinit = userinit.exe,
BHO: ExplorerBHO Class: {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: ClassicIE9BHO Class: {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll
TB: Classic Explorer Bar: {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [Xpadder] "C:\Program Files (x86)\Xpadder\Xpadder.exe" /m
uRun: [RadeonPro] "C:\Program Files (x86)\RadeonPro\RadeonPro.exe"
uRun: [sandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
uRun: [Actual Multiple Monitors] "C:\Program Files (x86)\Actual Multiple Monitors\ActualMultipleMonitorsCenter.exe"
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Razer Synapse] "c:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
dRunOnce: [AOD] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe AutoTune
StartupFolder: C:\Users\Main\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ARMA&D~1.LNK - E:\Data\Main\My Documents\AutoHotKey\Arma & DCS - Vol 10 on Joy7 and MB5 (for VAC).ahk
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INSTAL~1.LNK - C:\Program Files (x86)\Common Files\lpuninstall.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: LastPass - C:\Users\Main\AppData\LocalLow\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - C:\Users\Main\AppData\LocalLow\LastPass\context.html?cmd=fillforms
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll
IE: {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE9_32.exe
IE: {64964764-1101-4bbd-8891-B56B1A53B9B3} - {553891B7-A0D5-4526-BE18-D3CE461D6310}




TCP: Interfaces\{817618A9-4A37-4E16-891A-D240E0B77342} : NameServer = 178.21.23.150,8.8.8.8
SSODL: WebCheck - <orphaned>
x64-BHO: ExplorerBHO Class: {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll
x64-BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: ClassicIE9BHO Class: {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_64.dll
x64-TB: Classic Explorer Bar: {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll
x64-TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
x64-Run: [Classic Start Menu] C:\Program Files\Classic Shell\ClassicStartMenu.exe
x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
x64-Run: [RAMDiskForWorkstations] "C:\Program Files\SoftPerfect RAM Disk\RAMDiskWS.exe" /hide
x64-Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll
x64-IE: {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE9_32.exe
x64-IE: {64964764-1101-4bbd-8891-B56B1A53B9B3} - {553891B7-A0D5-4526-BE18-D3CE461D6310}
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2012-10-11 82600]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2012-10-11 42664]
R0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-8-27 189936]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2013-8-27 378944]
R1 cmderd;COMODO Internet Security Eradication Driver;C:\Windows\System32\drivers\cmderd.sys [2013-6-18 23168]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\System32\drivers\cmdguard.sys [2013-6-18 708632]
R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\System32\drivers\cmdhlp.sys [2013-6-18 48360]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-8-19 283064]
R1 SoftPerfectVirtualVolume;SoftPerfect RAM Disk;C:\Program Files\SoftPerfect RAM Disk\spvve.sys [2013-7-13 419320]
R1 spvdbus;SoftPerfect Virtual Disk;C:\Windows\System32\drivers\spvdbus.sys [2013-7-13 136184]
R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-4-9 57472]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2013-8-27 33400]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-8-27 80816]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-8-27 46808]
R3 MBfilt;MBfilt;C:\Windows\System32\drivers\MBfilt64.sys [2013-7-10 32344]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2012-8-27 107912]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2012-8-27 226696]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-7-10 805088]
R3 RZMAELSTROMVADService;Razer Surround Audio Enhancer Service;C:\Windows\System32\drivers\RzMaelstromVAD.sys [2013-5-17 40696]
R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2013-7-25 200432]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2013-7-10 58536]
S0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-8-27 65336]
S1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-8-27 1030952]
S2 AODDriver4.2;AODDriver4.2;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-4-9 57472]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 123856]
S2 NFSserver;NFS Server;C:\Program Files\nfsd\nfsd.exe [2013-7-22 224256]
S2 NoIPDUCService4;NO-IP DUC v4;C:\Program Files (x86)\No-IP\ducservice.exe [2013-1-24 11264]
S2 PMAPDaemon;SunRPC Portmap Daemon;C:\Program Files\nfsd\pmapd.exe [2013-7-22 124416]
S2 RadeonPro Support Service;RadeonPro Support Service;C:\Program Files (x86)\RadeonPro\RadeonProSupport.exe [2013-7-13 20608]
S2 RzMaelstromVADStreamingService;Razer Surround Audio Service;C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzMaelstromVADStreamingService.exe [2013-5-17 4241920]
S2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-8-10 4308320]
S3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2011-12-30 46136]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-2-14 96768]
S3 BEService;BattlEye Service;C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [2013-7-11 49152]
S3 cmdvirth;COMODO Virtual Service Manager;C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2013-6-18 158936]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
S3 HCW99BDA;Hauppauge Nova-DT Dual DVB-T Tuner;C:\Windows\System32\drivers\hcw99bda.sys [2011-12-30 147968]
S3 hcw99rc;Hauppauge Nova-DT IR Driver;C:\Windows\System32\drivers\hcw99rc.sys [2011-12-30 12800]
S3 NTIOLib_1_0_1;NTIOLib_1_0_1;C:\Program Files (x86)\MSI\ControlCenter\NTIOLib_X64.sys [2012-1-7 14136]
S3 RAMDiskVE;RAMDiskVE;C:\Windows\System32\drivers\RAMDiskVE.sys [2010-11-21 63696]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-7-10 19456]
S3 rspLLL;rspLLL;C:\Windows\System32\drivers\rspLLL64.sys [2012-1-4 23968]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2011-4-12 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2013-7-10 29696]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-7-10 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-7-10 30208]
S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2011-4-12 117248]
S4 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-3-29 241152]
S4 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2013-3-28 361984]
S4 Time;Time;C:\ProgramData\Microsoft\Windows\Time\Time-svc.exe [2013-8-17 10752]
S4 TVService;TVService;"C:\Program Files (x86)\Team MediaPortal\MediaPortal TV Server\TVService.exe" --> C:\Program Files (x86)\Team MediaPortal\MediaPortal TV Server\TVService.exe [?]
.
=============== Created Last 30 ================
.
2013-08-27 15:40:09 -------- d-----w- C:\ProgramData\AVAST Software
2013-08-21 09:17:54 -------- d-----w- C:\Users\Main\AppData\Local\Team_360h
2013-08-19 14:49:07 283064 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2013-08-19 14:49:04 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Lite
2013-08-18 20:51:16 -------- d-----w- C:\Users\Main\AppData\Local\Deployment
2013-08-18 15:40:25 -------- d-----w- C:\Program Files (x86)\ESET
2013-08-18 15:35:18 -------- d-----w- C:\Users\Main\AppData\Roaming\Malwarebytes
2013-08-18 15:35:07 -------- d-----w- C:\ProgramData\Malwarebytes
2013-08-18 15:35:06 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-08-18 15:35:06 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-17 23:16:03 -------- d-----w- C:\ProgramData\RELOADED
2013-08-17 23:12:13 -------- d-----w- C:\Users\Main\AppData\Local\WarThunder
2013-08-17 23:12:13 -------- d-----w- C:\ProgramData\WarThunder
2013-08-17 12:33:42 569680 ----a-w- C:\ProgramData\Microsoft\Windows\Time\msvcp90.dll
2013-08-17 12:33:42 49664 ----a-w- C:\ProgramData\Microsoft\Windows\Time\w9xpopen.exe
2013-08-17 12:33:42 24064 ----a-w- C:\ProgramData\Microsoft\Windows\Time\TimeServer.exe
2013-08-17 12:33:42 2303488 ----a-w- C:\ProgramData\Microsoft\Windows\Time\python27.dll
2013-08-17 12:33:42 219648 ----a-w- C:\ProgramData\Microsoft\Windows\Time\boost_python-vc90-mt-1_48.dll
2013-08-17 12:33:42 10752 ----a-w- C:\ProgramData\Microsoft\Windows\Time\WindowsTime.exe
2013-08-17 12:33:42 10752 ----a-w- C:\ProgramData\Microsoft\Windows\Time\Time-svc.exe
2013-08-17 11:40:23 -------- d-----w- C:\Users\Main\AppData\Roaming\SIX Networks
2013-08-17 11:40:22 -------- d-----w- C:\Users\Main\AppData\Local\SIX Networks
2013-08-17 10:01:40 -------- d-----w- C:\Program Files\Jitsi
2013-08-16 23:50:11 -------- d-----w- C:\Users\Main\AppData\Local\Take On Helicopters
2013-08-16 14:18:45 -------- d-----w- C:\ProgramData\Actual Tools
2013-08-15 02:25:48 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-08-15 02:24:50 39936 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys
2013-08-15 02:24:30 1910208 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-08-13 00:17:02 -------- d-----w- C:\ProgramData\get_iplayer
2013-08-13 00:17:02 -------- d-----w- C:\Program Files (x86)\get_iplayer
2013-08-13 00:01:04 -------- d-----w- C:\Users\Main\.get_iplayer
2013-08-12 22:07:45 -------- d-----w- C:\Users\Main\AppData\Roaming\CUERipper
2013-08-12 13:53:18 -------- d-----w- C:\Users\Main\AppData\Roaming\EAC
2013-08-12 13:53:16 -------- d-----w- C:\Users\Main\AppData\Roaming\AccurateRip
2013-08-12 13:53:13 -------- d-----w- C:\Program Files (x86)\Exact Audio Copy
2013-08-12 13:46:30 -------- d-----w- C:\Users\Main\AppData\Local\CUE Tools
2013-08-12 13:39:06 -------- d-----w- C:\Users\Main\AppData\Roaming\CUE Tools
2013-08-12 12:43:25 -------- d-----w- C:\Users\Main\AppData\Local\realtech_VR
2013-08-12 12:40:58 -------- d-----w- C:\ProgramData\realtech VR
2013-08-12 12:40:53 -------- d-----w- C:\Program Files (x86)\realtech VR
2013-08-12 00:26:30 -------- d-----w- C:\Users\Main\AppData\Local\Adobe
2013-08-10 13:04:33 -------- d-----w- C:\Users\Main\AppData\Roaming\HD Tune Pro
2013-08-10 13:03:18 -------- d-----w- C:\Users\Main\AppData\Roaming\Jitsi
2013-08-10 00:52:51 -------- d-----w- C:\Program Files (x86)\TeamViewer
2013-08-09 03:02:44 -------- d-----w- C:\Users\Main\AppData\Local\QuickPar
2013-08-09 03:02:09 -------- d-----w- C:\Program Files (x86)\QuickPar
2013-08-09 01:15:12 -------- d-----w- C:\Users\Main\AppData\Local\MediaMonkey
2013-08-09 01:15:07 -------- d-----w- C:\Users\Main\AppData\Roaming\MediaMonkey
2013-08-09 01:15:05 -------- d-----w- C:\ProgramData\MediaMonkey
2013-08-09 01:15:04 -------- d-----w- C:\Program Files (x86)\MediaMonkey
2013-08-08 15:43:25 -------- d-----w- C:\Users\Main\AppData\Local\HWiNFOMonitor
2013-08-08 13:56:41 -------- d-----w- C:\Users\Main\AppData\Local\NeoSmart_Technologies
2013-08-04 22:53:52 216064 ----a-w- C:\Windows\SysWow64\gcapi_dll.dll
2013-08-04 22:53:49 -------- d-----w- C:\Program Files (x86)\Foxit Software
2013-08-02 21:04:22 -------- d-----w- C:\ProgramData\Seeing Machines
2013-08-02 21:04:21 -------- d-----w- C:\Users\Main\AppData\Roaming\Seeing Machines
2013-08-02 18:21:58 -------- d-----w- C:\Users\Main\AppData\Roaming\HandBrake
2013-08-02 18:19:42 -------- d-----w- C:\Users\Main\AppData\Roaming\Broad Intelligence
2013-08-02 18:19:41 -------- d-----w- C:\Program Files (x86)\MediaCoder
2013-08-02 18:16:58 -------- d-----w- C:\Program Files (x86)\Handbrake
2013-08-02 15:19:52 -------- d--h--w- C:\VTRoot
2013-08-02 15:18:28 -------- d-----w- C:\ProgramData\Vitalwerks
2013-08-02 13:07:56 -------- d-----w- C:\Program Files (x86)\FreeTrack
2013-08-02 12:14:48 -------- d-s---w- C:\ProgramData\Shared Space
2013-08-02 12:14:27 -------- d-----w- C:\Program Files\COMODO
2013-08-02 12:14:08 -------- d-----w- C:\ProgramData\Comodo
2013-08-02 11:31:17 -------- d-----w- C:\ProgramData\Comodo Downloader
2013-08-02 00:47:06 -------- d-----w- C:\Users\Main\AppData\Roaming\.mono
2013-08-02 00:47:02 -------- d-----w- C:\Users\Main\AppData\Local\UWebKit
2013-08-01 14:53:20 -------- d-----w- C:\Users\Main\AppData\Local\ElevatedDiagnostics
2013-08-01 00:40:50 -------- d-----w- C:\Users\Main\AppData\Roaming\BANDISOFT
2013-08-01 00:40:40 -------- d-----w- C:\Program Files (x86)\Bandicam
2013-08-01 00:40:39 -------- d-----w- C:\Program Files (x86)\BandiMPEG1
2013-07-31 22:58:39 -------- d-----w- C:\Program Files\VolMouse
2013-07-31 22:42:50 -------- d-----w- C:\Program Files (x86)\AutoIt3
2013-07-29 15:17:59 -------- d-----w- C:\Program Files (x86)\Code Laboratories
2013-07-29 15:10:47 15104 ----a-w- C:\Windows\System32\drivers\vjoy.sys
2013-07-29 13:02:22 -------- d-----w- C:\Program Files (x86)\Abbequerque Inc
2013-07-28 19:00:01 -------- d-----w- C:\ProgramData\RzMaelstromVAD_1.1.41.1089
2013-07-28 18:56:18 -------- d-----w- C:\Users\Main\AppData\Local\Razer
2013-07-28 18:02:34 -------- d-----w- C:\Users\Main\AppData\Local\Vitalwerks
2013-07-28 18:02:32 -------- d-----w- C:\Program Files (x86)\No-IP
.
==================== Find3M  ====================
.
2013-08-27 15:41:36 189936 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2013-08-27 15:41:36 1030952 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2013-08-12 00:27:22 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-08-12 00:27:22 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-08-06 21:58:50 15251968 ----a-w- C:\Program Files (x86)\Common Files\lpuninstall.exe
2013-07-26 05:13:37 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-07-26 05:12:08 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-07-26 05:12:04 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-07-26 05:12:03 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-07-26 03:35:08 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-07-26 03:13:24 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-07-26 03:12:04 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-07-26 03:12:00 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-07-26 03:12:00 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-07-26 02:49:14 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-07-26 02:39:38 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-07-26 01:59:38 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-07-25 09:25:54 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-07-25 08:57:27 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-19 01:58:42 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-07-13 12:10:28 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-07-13 12:10:28 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-07-13 12:10:28 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-07-10 00:37:17 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-07-09 06:03:30 5550528 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-07-09 05:54:22 1732032 ----a-w- C:\Windows\System32\ntdll.dll
2013-07-09 05:53:12 243712 ----a-w- C:\Windows\System32\wow64.dll
2013-07-09 05:52:52 224256 ----a-w- C:\Windows\System32\wintrust.dll
2013-07-09 05:51:16 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll
2013-07-09 05:46:20 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-07-09 05:46:20 1472512 ----a-w- C:\Windows\System32\crypt32.dll
2013-07-09 05:46:20 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-07-09 05:03:34 3968960 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-07-09 05:03:34 3913664 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-07-09 04:53:47 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-07-09 04:52:33 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2013-07-09 04:52:33 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-07-09 04:52:10 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll
2013-07-09 04:46:31 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-07-09 04:46:31 1166848 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-07-09 04:46:31 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-07-09 04:45:07 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2013-07-09 02:49:42 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-07-09 02:49:41 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-07-09 02:49:39 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-07-09 02:49:38 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-07-08 20:59:52 708632 ----a-w- C:\Windows\System32\drivers\cmdguard.sys
2013-06-18 15:16:10 48360 ----a-w- C:\Windows\System32\drivers\cmdhlp.sys
2013-06-18 15:16:08 23168 ----a-w- C:\Windows\System32\drivers\cmderd.sys
2013-06-18 15:15:50 43216 ----a-w- C:\Windows\System32\cmdcsr.dll
2013-06-18 15:15:48 437688 ----a-w- C:\Windows\System32\guard64.dll
2013-06-18 15:15:48 348584 ----a-w- C:\Windows\SysWow64\guard32.dll
2013-06-18 15:15:40 45784 ----a-w- C:\Windows\System32\cmdkbd64.dll
2013-06-18 15:15:40 344792 ----a-w- C:\Windows\System32\cmdvrt64.dll
2013-06-18 15:15:36 40664 ----a-w- C:\Windows\SysWow64\cmdkbd32.dll
2013-06-18 15:15:36 278232 ----a-w- C:\Windows\SysWow64\cmdvrt32.dll
2013-06-05 03:34:27 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-06-04 06:00:13 624128 ----a-w- C:\Windows\System32\qedit.dll
2013-06-04 04:53:07 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2013-05-31 19:19:04 136184 ----a-w- C:\Windows\System32\drivers\spvdbus.sys
.
============= FINISH: 17:22:39.77 ===============
 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume3
Install Date: 30/12/2011 19:58:06
System Uptime: 27/08/2013 03:45:01 (14 hours ago)
.
Motherboard: MSI |  | 990FXA-GD80 (MS-7640)
Processor: AMD Phenom II X4 955 Processor | CPU 1 | 3500/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 30 GiB total, 5.062 GiB free.
D: is FIXED (NTFS) - 293 GiB total, 10.066 GiB free.
E: is FIXED (NTFS) - 1338 GiB total, 32.19 GiB free.
F: is FIXED (NTFS) - 466 GiB total, 62.059 GiB free.
G: is FIXED (NTFS) - 40 GiB total, 1.344 GiB free.
H: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Loopback Adapter
Device ID: ROOT\NET\0000
Manufacturer: Microsoft
Name: Microsoft Loopback Adapter
PNP Device ID: ROOT\NET\0000
Service: msloop
.
Class GUID: {4d36e96c-e325-11ce-bfc1-08002be10318}
Description: AMD High Definition Audio Device
Device ID: HDAUDIO\FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1002\5&A9629A8&0&0001
Manufacturer: Advanced Micro Devices
Name: AMD High Definition Audio Device
PNP Device ID: HDAUDIO\FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1002\5&A9629A8&0&0001
Service: AtiHDAudioService
.
Class GUID: {d617fec5-776c-4856-aa34-65d4603f2b2c}
Description: RAMDiskVE
Device ID: ROOT\DATARAM_RAMDISK_DEVICES\0000
Manufacturer: Dataram, Inc.
Name: RAMDiskVE
PNP Device ID: ROOT\DATARAM_RAMDISK_DEVICES\0000
Service: RAMDiskVE
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
7-Zip 9.20
7-Zip 9.20 (x64 edition)
Actual Multiple Monitors 5.1.1
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
AMD APP SDK Runtime
AMD AVIVO64 Codecs
AMD Catalyst Install Manager
AMD Drag and Drop Transcoding
AMD Fuel
AMD Media Foundation Decoders
AMD VISION Engine Control Center
Ant Movie Catalog
Assassin's Creed Revelations
AutoIt v3.3.8.1
avast! Free Antivirus
Bandicam
Bandisoft MPEG-1 Decoder
BattlEye for OA Uninstall
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
CL-Eye Driver
Classic Shell
COMODO Firewall
Compatibility Pack for the 2007 Office system
ControlCenter
Core Temp 1.0 RC2
CPUID CPU-Z 1.59
DAEMON Tools Lite
Debugging Tools for Windows (x64)
Deus Ex - Human Revolution version 1.0
ESET Online Scanner v3
Exact Audio Copy 1.0beta3
FaceTrackNoIR version 1.7.2
FileZilla Server
Foxit Reader
FSF Launcher Arma 3 Edition
get_iplayer 4.6
Google Toolbar for Internet Explorer
Google Update Helper
HandBrake 0.9.9.1
haneWIN NFS Server 1.2.9
HydraVision
Intel® IPP Run-Time Installer 5.3 Update 4 for Windows* on IA-32
Java 7 Update 25
Java Auto Updater
Jitsi
LastPass(uninstall only)
LatencyMon 5.00
Link Shell Extension
Malwarebytes Anti-Malware version 1.75.0.1300
MediaMonkey 4.0
MediaPortal
MediaPortal TV Server / Client
Microsoft .NET Framework 4 Client Profile JPN Language Pack
Microsoft .NET Framework 4 Client Profile Language Pack - ???
Microsoft .NET Framework 4 Extended JPN Language Pack
Microsoft .NET Framework 4 Extended Language Pack - ???
Microsoft .NET Framework 4.5
Microsoft Application Error Reporting
Microsoft IntelliType Pro 8.2
Microsoft Office Excel Viewer
Microsoft Office Word Viewer 2003
Microsoft Sync Framework 2.0 Core Components (x86) ENU
Microsoft Sync Framework 2.0 Provider Services (x86) ENU
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610
Microsoft Windows Performance Toolkit
Microsoft Windows SDK for Windows 7 (7.1)
Microsoft Windows SDK for Windows 7 Redistributable Components for Common Tools (30514)
Microsoft Xbox 360 Accessories 1.2
Mp3tag v2.57
MPTagThat
MSIHQ USB Bootable Tool and BIOS Helper 1.19R9 2011
MusicBrainz Picard
MySQL Server 5.1
No-IP DUC
Notepad++
OSCAR Editor
Play withSIX
PunkBuster Services
RadeonPro 1.0 (Build 1.1.1.0)
Razer Surround
Razer Synapse 2.0
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Renesas Electronics USB 3.0 Host Controller Driver
Sandboxie 4.05.02 (64-bit)
Security Update for Microsoft .NET Framework 4.5 (KB2737083)
Security Update for Microsoft .NET Framework 4.5 (KB2742613)
Security Update for Microsoft .NET Framework 4.5 (KB2789648)
Security Update for Microsoft .NET Framework 4.5 (KB2804582)
Security Update for Microsoft .NET Framework 4.5 (KB2833957)
Security Update for Microsoft .NET Framework 4.5 (KB2840642v2)
SoftPerfect RAM Disk 3.4
SyncToy 2.1 (x86)
TeamSpeak 3 Client
TeamViewer 8
The Raven - Legacy of a Master Thief
Ubisoft Game Launcher
Update for Microsoft .NET Framework 4.5 (KB2750147)
Update for Microsoft .NET Framework 4.5 (KB2805221)
Update for Microsoft .NET Framework 4.5 (KB2805226)
Voice Activated Commands
X7 Oscar Editor
.
==== Event Viewer Messages From Past Week ========
.
27/08/2013 16:49:23, Error: Service Control Manager [7034]  - The Google Update Service (gupdate) service terminated unexpectedly.  It has done this 1 time(s).
27/08/2013 16:23:20, Error: Service Control Manager [7034]  - The Time service terminated unexpectedly.  It has done this 2 time(s).
27/08/2013 16:11:26, Error: Service Control Manager [7034]  - The Time service terminated unexpectedly.  It has done this 1 time(s).
27/08/2013 16:10:10, Error: Service Control Manager [7034]  - The COMODO Internet Security Helper Service service terminated unexpectedly.  It has done this 1 time(s).
27/08/2013 16:09:41, Error: Service Control Manager [7034]  - The SunRPC Portmap Daemon service terminated unexpectedly.  It has done this 1 time(s).
27/08/2013 16:09:37, Error: Service Control Manager [7034]  - The NFS Server service terminated unexpectedly.  It has done this 1 time(s).
27/08/2013 16:07:28, Error: Service Control Manager [7034]  - The Razer Surround Audio Service service terminated unexpectedly.  It has done this 1 time(s).
27/08/2013 16:07:23, Error: Service Control Manager [7034]  - The PnkBstrA service terminated unexpectedly.  It has done this 1 time(s).
27/08/2013 16:06:56, Error: Service Control Manager [7034]  - The NO-IP DUC v4 service terminated unexpectedly.  It has done this 1 time(s).
27/08/2013 16:05:55, Error: Service Control Manager [7031]  - The TeamViewer 8 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 2000 milliseconds: Restart the service.
27/08/2013 16:05:48, Error: Service Control Manager [7031]  - The RadeonPro Support Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
26/08/2013 19:26:25, Error: Microsoft-Windows-HAL [12]  - The platform firmware has corrupted memory across the previous system power transition.  Please check for updated firmware for your system.
26/08/2013 15:13:26, Error: Service Control Manager [7024]  - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
26/08/2013 15:13:03, Error: Service Control Manager [7000]  - The AODDriver4.2 service failed to start due to the following error:  The system cannot find the file specified.
26/08/2013 15:12:45, Error: RAMDiskVE [11]  -
.
==== End Of File ===========================
 

Link to post
Share on other sites

And here's the RogueKiller report:

 

RogueKiller V8.6.6 _x64_ [Aug 19 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Main [Admin rights]
Mode : Scan -- Date : 08/27/2013 17:33:21
| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[sUSP PATH] WindowsTime.exe -- C:\ProgramData\Microsoft\Windows\Time\WindowsTime.exe [-] -> KILLED [TermProc]

¤¤¤ Registry Entries : 10 ¤¤¤
[RUN][sUSP PATH] HKLM\[...]\Wow6432Node\[...]\RunOnce : Malwarebytes Anti-Malware (cleanup) (rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [x][7][x]) -> FOUND
[DNS] HKLM\[...]\CCSet\[...]\{817618A9-4A37-4E16-891A-D240E0B77342} : NameServer (178.21.23.150,8.8.8.8) -> FOUND
[DNS] HKLM\[...]\CS001\[...]\{817618A9-4A37-4E16-891A-D240E0B77342} : NameServer (178.21.23.150,8.8.8.8) -> FOUND
[DNS] HKLM\[...]\CS002\[...]\{817618A9-4A37-4E16-891A-D240E0B77342} : NameServer (178.21.23.150,8.8.8.8) -> FOUND
[HJ POL] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ POL] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤
-> G:\windows\system32\config\SYSTEM | DRVINFO [Drv - G:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - FOUND]
-> G:\windows\system32\config\SOFTWARE | DRVINFO [Drv - G:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - FOUND]
-> G:\windows\system32\config\SECURITY | DRVINFO [Drv - G:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - FOUND]
-> G:\windows\system32\config\SAM | DRVINFO [Drv - G:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - FOUND]
-> G:\windows\system32\config\DEFAULT | DRVINFO [Drv - G:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - FOUND]
-> G:\Users\BvSsh_VirtualUsers\NTUSER.DAT | DRVINFO [Drv - G:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND]
-> G:\Users\Default\NTUSER.DAT | DRVINFO [Drv - G:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND]
-> G:\Users\Default User\NTUSER.DAT | DRVINFO [Drv - G:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND]
-> G:\Users\Del\NTUSER.DAT | DRVINFO [Drv - G:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - FOUND]
-> G:\Users\Gaming\NTUSER.DAT | DRVINFO [Drv - G:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - FOUND]
-> G:\Users\Jim\NTUSER.DAT | DRVINFO [Drv - G:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - FOUND]
-> G:\Documents and Settings\Default\NTUSER.DAT | DRVINFO [Drv - G:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND]
-> G:\Documents and Settings\Default User\NTUSER.DAT | DRVINFO [Drv - G:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND]
-> G:\Documents and Settings\Main\NTUSER.DAT | DRVINFO [Drv - G:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND]
-> G:\Documents and Settings\Remote\NTUSER.DAT | DRVINFO [Drv - G:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - FOUND]

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

 

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HM500JI SATA Disk Device +++++
--- User ---
[MBR] bf5b86d681523dfba4309c47ae60a1e7
[bSP] 7ae9ef5224e1c03df388325fa5a6d638 : MBR Code unknown
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476937 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] 8fa39b2e56d5697e63b17845e920b34e
[bSP] 7cab7c12e8bb3fe590c043a8cb899252 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 24999 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 51199155 | Size: 451937 Mo

+++++ PhysicalDrive1: SAMSUNG HM500JI SATA Disk Device +++++
--- User ---
[MBR] 9b5049a99484f3c7917a621b83909f74
[bSP] 6d7a3856173c11792a7c2356c319507a : MBR Code unknown
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 31038 Mo
1 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 63569205 | Size: 7992 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 79937550 | Size: 40963 Mo
3 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 163844095 | Size: 1827726 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] 01f8769862e8ea7d32d538e4fbc2a557
[bSP] b245a38598e993c5d9a6c1d701e11340 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 31038 Mo
1 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 63569205 | Size: 7992 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 79937550 | Size: 40963 Mo
3 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 163844095 | Size: 1827726 Mo

Finished : << RKreport[0]_S_08272013_173321.txt >>

 

 

Link to post
Share on other sites

Run RogueKiller again and click Scan

When the scan completes > click on the Processes tab

Put a check next to all of these and uncheck the rest: (if found)

 

[sUSP PATH] WindowsTime.exe -- C:\ProgramData\Microsoft\Windows\Time\WindowsTime.exe [-] -> KILLED [TermProc]

Now click Delete on the right hand column under Options

-------------

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.

    Vista/Windows 7/8 users right-click and select Run As Administrator

  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
If you agree with everything listed to be removed in the folders section...........

Double click on AdwCleaner.exe to run the tool again.

  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
  • This time click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
Then..................

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

Link to post
Share on other sites

OK. RogueKiller didn't show anything under Processes this time but maybe that's because I'd already killed the Time service. I tried again after rebooting for the AdwCleaner removal and it shows Time-svc.exe under Processes now but there's no checkboxes to tick.

 

Anyway, AdwCleaner's reports are below. As you can see, it didn't detect the folder or files relating to the bitcoin virus I've been infected with. I don't recognise anything it's flagged up so I guess it was OK to remove them. MBAM still doesn't detect anything although Avast caught it and blocked it now.

 

# AdwCleaner v3.001 - Report created 27/08/2013 at 19:13:08
# Updated 24/08/2013 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Main - X4
# Running from : C:\Users\Main\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Found C:\Users\Main\AppData\LocalLow\boost_interprocess

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\APN PIP
Key Found : [x64] HKCU\Software\APN PIP
Key Found : HKLM\Software\Freeze.com
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Found : HKLM\Software\PIP

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16660

*************************

AdwCleaner[R0].txt - [815 octets] - [27/08/2013 19:13:08]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [874 octets] ##########

 

# AdwCleaner v3.001 - Report created 27/08/2013 at 19:21:36
# Updated 24/08/2013 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Main - X4
# Running from : C:\Users\Main\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Main\AppData\LocalLow\boost_interprocess

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\Software\PIP

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16660

*************************

AdwCleaner[R0].txt - [957 octets] - [27/08/2013 19:13:08]
AdwCleaner[s0].txt - [852 octets] - [27/08/2013 19:21:36]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [911 octets] ##########

Link to post
Share on other sites

Please download Farbar Recovery Scan Tool and save it to a folder. (use correct version for your system)

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
MrC
Link to post
Share on other sites

Sorry, forget this:

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.08.27.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16660
Main :: X4 [administrator]

27/08/2013 19:16:56
mbam-log-2013-08-27 (19-16-56).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 251567
Time elapsed: 3 minute(s), 8 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Link to post
Share on other sites

Here's the Farbar logs:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-08-2013 03
Ran by Main (administrator) on 27-08-2013 19:55:11
Running from C:\AdwCleaner
Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Program Files (x86)\No-IP\ducservice.exe
(Dr. Hanewinkel -- www.haneWIN.de) C:\Program Files\nfsd\pmapd.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Mr. John aka japamd) C:\Program Files (x86)\RadeonPro\RadeonProSupport.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Dr. Hanewinkel -- www.haneWIN.de) C:\Program Files\nfsd\nfsd.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
() C:\Program Files (x86)\Xpadder\Xpadder.exe
(John Mautari) C:\Program Files (x86)\RadeonPro\RadeonPro.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(Actual Tools) C:\Program Files (x86)\Actual Multiple Monitors\ActualMultipleMonitorsCenter.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Actual Tools) C:\Program Files (x86)\Actual Multiple Monitors\ActualMultipleMonitorsCenter64.exe
(Actual Tools) C:\Program Files (x86)\Actual Multiple Monitors\ActualMultipleMonitorsShellCenter64.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
() C:\Program Files (x86)\AutoHotkey\AutoHotkey.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(John Mautari) C:\Program Files (x86)\RadeonPro\RadeonPro64.exe
(REALiX) E:\Portable Apps\HwInfo64\HWiNFO64.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(A-Volute) C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzMaelstromVADStreamingService.exe
(Microsoft Corporation) C:\Windows\system32\msiexec.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [itype] - C:\Program Files\Microsoft IntelliType Pro\itype.exe [1873256 2011-08-10] (Microsoft Corporation)
HKLM\...\Run: [Classic Start Menu] - C:\Program Files\Classic Shell\ClassicStartMenu.exe [98304 2011-08-19] (IvoSoft)
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7188552 2013-05-27] (Realtek Semiconductor)
HKLM\...\Run: [RAMDiskForWorkstations] - C:\Program Files\SoftPerfect RAM Disk\RAMDiskWS.exe [3452536 2013-05-31] (SoftPerfect Research)
HKLM\...\Run: [COMODO Internet Security] - C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1502424 2013-07-08] (COMODO)
HKCU\...\Run: [Xpadder] - C:\Program Files (x86)\Xpadder\Xpadder.exe [1165824 2012-05-10] ()
HKCU\...\Run: [RadeonPro] - C:\Program Files (x86)\RadeonPro\RadeonPro.exe [2195072 2013-04-13] (John Mautari)
HKCU\...\Run: [sandboxieControl] - C:\Program Files\Sandboxie\SbieCtrl.exe [759384 2013-07-25] (Sandboxie Holdings, LLC)
HKCU\...\Run: [Actual Multiple Monitors] - C:\Program Files (x86)\Actual Multiple Monitors\ActualMultipleMonitorsCenter.exe [1735472 2013-04-13] (Actual Tools)
HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673696 2013-08-01] (Disc Soft Ltd)
MountPoints2: {812bea0d-082d-11e3-940b-8c89a563ffda} - H:\Installer_Windows.exe
MountPoints2: {c0ceaad4-f159-11e2-b3a8-8c89a563ffda} - H:\iStudio.exe
HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [Razer Synapse] - c:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [610152 2013-06-21] (Razer Inc.)
HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-05-09] (AVAST Software)
AppInit_DLLs:    [0 ] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\Users\Main\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Arma & DCS - Vol 10 on Joy7 and MB5 (for VAC).ahk.lnk
ShortcutTarget: Arma & DCS - Vol 10 on Joy7 and MB5 (for VAC).ahk.lnk -> E:\Data\Main\My Documents\AutoHotKey\Arma & DCS - Vol 10 on Joy7 and MB5 (for VAC).ahk ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forum.team-mediaportal.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = https://dub103.mail.live.com/default.aspx?id=64855
https://www.google.com/a/stoptheviolence.co.uk/ServiceLogin?service=mail&passive=true&rm=false&continue=https://mail.google.com/a/stoptheviolence.co.uk/&ss=1&ltmpl=default&ltmplcache=2
SearchScopes: HKCU - {DC89DA88-7A59-4CCE-B073-3A8DB82437BA} URL = https://startpage.com/do/search?query={searchTerms}&cat=web&pl=ie&language=english_uk
BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: LastPass Vault - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
BHO: ClassicIE9BHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_64.dll (IvoSoft)
BHO-x32: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: LastPass Vault - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: ClassicIE9BHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
DPF: HKLM-x32 {4E62C4DE-627D-4604-B157-4B7D6B09F02E} https://moneymanager.egg.com/Pinsafe/accounttracking.cab
DPF: HKLM-x32 {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1375619199581
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=722
Tcpip\..\Interfaces\{817618A9-4A37-4E16-891A-D240E0B77342}: [NameServer]178.21.23.150,8.8.8.8

==================== Services (Whitelisted) =================

S4 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-03-28] (Advanced Micro Devices, Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2013-07-11] ()
R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [6199520 2013-07-08] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [158936 2013-06-18] (COMODO)
S4 FileZilla Server; C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe [630784 2011-10-23] (FileZilla Project)
S4 MySQL; C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe [7599616 2009-08-18] ()
R2 NFSserver; C:\Program Files\nfsd\nfsd.exe [224256 2012-12-18] (Dr. Hanewinkel -- www.haneWIN.de)
R2 NoIPDUCService4; C:\Program Files (x86)\No-IP\ducservice.exe [11264 2013-01-24] ()
R2 PMAPDaemon; C:\Program Files\nfsd\pmapd.exe [124416 2012-04-23] (Dr. Hanewinkel -- www.haneWIN.de)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2011-12-31] ()
R2 RadeonPro Support Service; C:\Program Files (x86)\RadeonPro\RadeonProSupport.exe [20608 2013-04-13] (Mr. John aka japamd)
R2 RzMaelstromVADStreamingService; C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzMaelstromVADStreamingService.exe [4241920 2013-05-17] (A-Volute)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [184920 2013-07-25] (Sandboxie Holdings, LLC)
S3 Time; C:\ProgramData\Microsoft\Windows\Time\Time-svc.exe [10752 2013-08-17] (Microsoft)
S4 TVService; "C:\Program Files (x86)\Team MediaPortal\MediaPortal TV Server\TVService.exe" [x]

==================== Drivers (Whitelisted) ====================

R2 AODDriver4.01; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [57472 2012-04-09] (Advanced Micro Devices)
S2 AODDriver4.2; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [57472 2012-04-09] (Advanced Micro Devices)
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-08-27] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-08-27] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-08-27] ()
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [23168 2013-06-18] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [708632 2013-07-08] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [48360 2013-06-18] (COMODO)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-08-19] (Disc Soft Ltd)
S3 HCW99BDA; C:\Windows\System32\Drivers\hcw99bda.sys [147968 2009-09-02] (Hauppauge Computer Works, Inc.)
S3 hcw99rc; C:\Windows\System32\Drivers\hcw99rc.sys [12800 2009-09-02] (Hauppauge Computer Works, Inc.)
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [96800 2013-06-18] (COMODO)
S3 NTIOLib_1_0_1; C:\Program Files (x86)\MSI\ControlCenter\NTIOLib_X64.sys [14136 2009-10-06] (MSI)
S3 NTIOLib_1_0_1; C:\Program Files (x86)\MSI\ControlCenter\NTIOLib_X64.sys [14136 2009-10-06] (MSI)
S3 RAMDiskVE; C:\Windows\System32\Drivers\RAMDiskVE.sys [63696 2010-11-21] ()
S3 rspLLL; C:\Windows\System32\DRIVERS\rspLLL64.sys [23968 2013-02-07] (Resplendence Software Projects Sp.)
R3 RZMAELSTROMVADService; C:\Windows\System32\drivers\RzMaelstromVAD.sys [40696 2013-05-17] (Windows ® Win 7 DDK provider)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [200432 2013-07-25] (Sandboxie Holdings, LLC)
R1 SoftPerfectVirtualVolume; C:\Program Files\SoftPerfect RAM Disk\spvve.sys [419320 2013-05-31] ()
R1 spvdbus; C:\Windows\System32\DRIVERS\spvdbus.sys [136184 2013-05-31] ()
S3 vhidmini; C:\Windows\System32\DRIVERS\vjoy.sys [15104 2012-10-15] (Headsoft)
S3 ALSysIO; \??\c:\temp\Main\ALSysIO64.sys [x]
S3 CrystalSysInfo; \??\C:\Program Files (x86)\MediaCoder\SysInfoX64.sys [x]
R3 HWiNFO32; \??\c:\temp\Main\HWiNFO64A.SYS [x]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
S0 vmci; system32\DRIVERS\vmci.sys [x]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-08-27 19:32 - 2013-08-27 19:32 - 00005894 _____ C:\Users\Main\Desktop\RKreport[0]_S_08272013_193237.txt
2013-08-27 19:20 - 2013-08-27 19:20 - 00000919 _____ C:\Users\Main\Desktop\mbam.txt
2013-08-27 19:13 - 2013-08-27 19:54 - 00000000 ____D C:\AdwCleaner
2013-08-27 19:10 - 2013-08-27 19:10 - 00994642 _____ C:\Users\Main\Desktop\AdwCleaner.exe
2013-08-27 19:10 - 2013-08-27 19:10 - 00005567 _____ C:\Users\Main\Desktop\RKreport[0]_S_08272013_191054.txt
2013-08-27 17:33 - 2013-08-27 17:33 - 00005645 _____ C:\Users\Main\Desktop\RKreport[0]_S_08272013_173321.txt
2013-08-27 17:29 - 2013-08-27 17:39 - 00000000 ____D C:\Users\Main\Desktop\RK_Quarantine
2013-08-27 17:22 - 2013-08-27 17:22 - 03814400 _____ C:\Users\Main\Desktop\RogueKillerX64.exe
2013-08-27 17:22 - 2013-08-27 17:22 - 00024002 _____ C:\Users\Main\Desktop\dds.txt
2013-08-27 17:22 - 2013-08-27 17:22 - 00008657 _____ C:\Users\Main\Desktop\attach.txt
2013-08-27 17:21 - 2013-08-27 17:21 - 00688992 ____R (Swearware) C:\Users\Main\Desktop\dds.scr
2013-08-27 16:43 - 2013-08-27 19:22 - 00000000 ____D C:\Program Files\Google
2013-08-27 16:41 - 2013-08-27 19:54 - 00000000 ____D C:\Program Files (x86)\Google
2013-08-27 16:41 - 2013-08-27 16:41 - 01030952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-08-27 16:41 - 2013-08-27 16:41 - 00378944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-08-27 16:41 - 2013-08-27 16:41 - 00189936 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-08-27 16:41 - 2013-08-27 16:41 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-08-27 16:41 - 2013-08-27 16:41 - 00000175 _____ C:\Windows\system32\Drivers\aswVmm.sys.sum
2013-08-27 16:41 - 2013-08-27 16:41 - 00000175 _____ C:\Windows\system32\Drivers\aswSP.sys.sum
2013-08-27 16:41 - 2013-08-27 16:41 - 00000175 _____ C:\Windows\system32\Drivers\aswSnx.sys.sum
2013-08-27 16:41 - 2013-08-27 16:41 - 00000000 ____D C:\Program Files\AVAST Software
2013-08-27 16:41 - 2013-08-27 16:41 - 00000000 _____ C:\Windows\SysWOW64\config.nt
2013-08-27 16:41 - 2013-05-09 09:59 - 00080816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-08-27 16:41 - 2013-05-09 09:59 - 00072016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2013-08-27 16:41 - 2013-05-09 09:59 - 00065336 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-08-27 16:41 - 2013-05-09 09:59 - 00064288 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2013-08-27 16:41 - 2013-05-09 09:59 - 00033400 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys
2013-08-27 16:41 - 2013-05-09 09:58 - 00287840 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2013-08-27 16:41 - 2013-05-09 09:58 - 00041664 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-08-27 16:40 - 2013-08-27 16:41 - 00000000 ____D C:\ProgramData\AVAST Software
2013-08-20 12:11 - 2013-08-20 12:11 - 00000000 ____D C:\Users\Main\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Voice Activated Commands
2013-08-19 15:49 - 2013-08-19 15:49 - 00283064 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtsoftbus01.sys
2013-08-19 15:49 - 2013-08-19 15:49 - 00000000 ____D C:\Program Files (x86)\DAEMON Tools Lite
2013-08-18 21:57 - 2013-08-18 21:57 - 00000000 ____D C:\Users\Main\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Clan F.S.F
2013-08-18 16:40 - 2013-08-18 16:40 - 00000000 ____D C:\Program Files (x86)\ESET
2013-08-18 16:35 - 2013-08-18 16:35 - 00000000 ____D C:\Users\Main\AppData\Roaming\Malwarebytes
2013-08-18 16:35 - 2013-08-18 16:35 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-18 16:35 - 2013-08-18 16:35 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-18 16:35 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-08-18 00:16 - 2013-08-18 00:16 - 00000000 ____D C:\ProgramData\RELOADED
2013-08-18 00:12 - 2013-08-18 01:01 - 00000000 ____D C:\ProgramData\WarThunder
2013-08-17 12:40 - 2013-08-17 12:40 - 00000000 ____D C:\Users\Main\AppData\Roaming\SIX Networks
2013-08-17 11:01 - 2013-08-17 11:01 - 00000000 ____D C:\Program Files\Jitsi
2013-08-16 15:18 - 2013-08-16 15:18 - 00000000 ____D C:\ProgramData\Actual Tools
2013-08-15 03:28 - 2013-07-26 06:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-15 03:28 - 2013-07-26 06:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-15 03:28 - 2013-07-26 06:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-15 03:28 - 2013-07-26 06:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-15 03:28 - 2013-07-26 06:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-15 03:28 - 2013-07-26 06:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-15 03:28 - 2013-07-26 06:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-15 03:28 - 2013-07-26 06:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-15 03:28 - 2013-07-26 06:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-15 03:28 - 2013-07-26 06:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-15 03:28 - 2013-07-26 06:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-15 03:28 - 2013-07-26 06:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-15 03:28 - 2013-07-26 06:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-15 03:28 - 2013-07-26 06:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-15 03:28 - 2013-07-26 04:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-15 03:28 - 2013-07-26 04:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-15 03:28 - 2013-07-26 04:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-15 03:28 - 2013-07-26 04:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-15 03:28 - 2013-07-26 04:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-15 03:28 - 2013-07-26 04:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-15 03:28 - 2013-07-26 04:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-15 03:28 - 2013-07-26 04:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-15 03:28 - 2013-07-26 04:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-15 03:28 - 2013-07-26 04:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-15 03:28 - 2013-07-26 04:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-15 03:28 - 2013-07-26 04:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-15 03:28 - 2013-07-26 04:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-15 03:28 - 2013-07-26 04:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-15 03:28 - 2013-07-26 03:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-15 03:28 - 2013-07-26 03:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-15 03:28 - 2013-07-26 02:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-15 03:25 - 2013-07-25 10:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-15 03:25 - 2013-07-25 09:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-15 03:25 - 2013-07-19 02:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-15 03:25 - 2013-07-19 02:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-15 03:25 - 2013-07-09 07:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-15 03:25 - 2013-07-09 06:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-15 03:25 - 2013-07-09 06:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-08-15 03:25 - 2013-07-09 06:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-15 03:25 - 2013-07-09 06:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-15 03:25 - 2013-07-09 06:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-15 03:25 - 2013-07-09 06:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-15 03:25 - 2013-07-09 06:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-15 03:25 - 2013-07-09 06:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-15 03:25 - 2013-07-09 06:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-15 03:25 - 2013-07-09 05:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-15 03:25 - 2013-07-09 05:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-15 03:25 - 2013-07-09 05:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-15 03:25 - 2013-07-09 05:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-15 03:25 - 2013-07-09 05:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-15 03:25 - 2013-07-09 05:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-15 03:25 - 2013-07-09 05:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-15 03:25 - 2013-07-09 03:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-15 03:25 - 2013-07-09 03:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-15 03:25 - 2013-07-09 03:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-15 03:25 - 2013-07-09 03:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-15 03:24 - 2013-07-06 07:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-15 03:24 - 2013-06-15 05:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-13 13:39 - 2013-08-13 21:49 - 00000000 ____D C:\Users\Main\AppData\Roaming\Microsoft\Windows\Start Menu\Audio-Video
2013-08-13 01:18 - 2013-08-13 01:18 - 00002135 _____ C:\Users\Main\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VLC Media Player.lnk
2013-08-13 01:17 - 2013-08-13 01:18 - 00000000 ____D C:\Program Files (x86)\get_iplayer
2013-08-13 01:17 - 2013-08-13 01:17 - 00000000 ____D C:\ProgramData\get_iplayer
2013-08-13 01:01 - 2013-08-13 22:05 - 00000000 ____D C:\Users\Main\.get_iplayer
2013-08-12 23:07 - 2013-08-12 23:08 - 00000000 ____D C:\Users\Main\AppData\Roaming\CUERipper
2013-08-12 14:53 - 2013-08-12 14:53 - 00000000 ____D C:\Users\Main\AppData\Roaming\EAC
2013-08-12 14:53 - 2013-08-12 14:53 - 00000000 ____D C:\Users\Main\AppData\Roaming\AccurateRip
2013-08-12 14:53 - 2013-08-12 14:53 - 00000000 ____D C:\Program Files (x86)\Exact Audio Copy
2013-08-12 14:39 - 2013-08-12 21:19 - 00000000 ____D C:\Users\Main\AppData\Roaming\CUE Tools
2013-08-12 13:40 - 2013-08-12 14:29 - 00000000 ____D C:\Program Files (x86)\realtech VR
2013-08-10 14:04 - 2013-08-10 14:04 - 00000000 ____D C:\Users\Main\AppData\Roaming\HD Tune Pro
2013-08-10 14:03 - 2013-08-25 20:29 - 00000000 ____D C:\Users\Main\AppData\Roaming\Jitsi
2013-08-10 13:58 - 2013-08-10 13:58 - 00001789 _____ C:\Users\Main\AppData\Roaming\Microsoft\Windows\Start Menu\Jitsi.lnk
2013-08-10 01:52 - 2013-08-10 01:52 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2013-08-09 04:02 - 2013-08-09 04:02 - 00000000 ____D C:\Program Files (x86)\QuickPar
2013-08-09 02:15 - 2013-08-13 02:41 - 00000000 ____D C:\Users\Main\AppData\Roaming\MediaMonkey
2013-08-09 02:15 - 2013-08-09 02:15 - 00000000 ____D C:\ProgramData\MediaMonkey
2013-08-09 02:15 - 2013-08-09 02:15 - 00000000 ____D C:\Program Files (x86)\MediaMonkey
2013-08-08 14:19 - 2013-08-27 16:26 - 00003898 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{18447DF4-198D-464B-A4E1-09F5B1104971}
2013-08-04 23:53 - 2013-08-04 23:53 - 00000000 ____D C:\Program Files (x86)\Foxit Software
2013-08-04 23:53 - 2013-06-09 21:59 - 00216064 _____ C:\Windows\SysWOW64\gcapi_dll.dll
2013-08-02 22:04 - 2013-08-02 22:04 - 00000000 ____D C:\Users\Main\AppData\Roaming\Seeing Machines
2013-08-02 22:04 - 2013-08-02 22:04 - 00000000 ____D C:\ProgramData\Seeing Machines
2013-08-02 19:21 - 2013-08-12 15:02 - 00000000 ____D C:\Users\Main\AppData\Roaming\HandBrake
2013-08-02 19:19 - 2013-08-13 03:45 - 00000000 ____D C:\Users\Main\AppData\Roaming\Broad Intelligence
2013-08-02 19:19 - 2013-08-13 03:45 - 00000000 ____D C:\Program Files (x86)\MediaCoder
2013-08-02 19:16 - 2013-08-02 19:17 - 00000000 ____D C:\Program Files (x86)\Handbrake
2013-08-02 19:16 - 2013-08-02 19:16 - 00001023 _____ C:\Users\Remote\Desktop\Handbrake.lnk
2013-08-02 16:19 - 2013-08-02 18:10 - 00012322 _____ C:\Windows\system32\Drivers\fvstore.dat
2013-08-02 16:19 - 2013-08-02 16:19 - 00000000 ___HD C:\VTRoot
2013-08-02 16:18 - 2013-08-02 16:18 - 00000000 ____D C:\ProgramData\Vitalwerks
2013-08-02 14:07 - 2013-08-02 14:08 - 00000000 ____D C:\Program Files (x86)\FreeTrack
2013-08-02 13:15 - 2013-08-02 13:15 - 00000000 ____D C:\Windows\System32\Tasks\COMODO
2013-08-02 13:14 - 2013-08-02 13:15 - 00000000 ___SD C:\ProgramData\Shared Space
2013-08-02 13:14 - 2013-08-02 13:15 - 00000000 ____D C:\ProgramData\Comodo
2013-08-02 13:14 - 2013-08-02 13:14 - 00000000 ____D C:\Program Files\COMODO
2013-08-02 12:31 - 2013-08-02 12:31 - 00000542 _____ C:\Windows\SysWOW64\{7995330B-E01F-4645-B702-53481E7CB778}.cmdfile
2013-08-02 12:31 - 2013-08-02 12:31 - 00000000 ____D C:\ProgramData\Comodo Downloader
2013-08-02 01:47 - 2013-08-02 01:47 - 00000000 ____D C:\Users\Main\AppData\Roaming\.mono
2013-08-01 12:46 - 2013-08-18 19:18 - 00000000 ____D C:\Users\Main\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Actual Multiple Monitors
2013-08-01 01:40 - 2013-08-01 01:40 - 00000000 ____D C:\Users\Main\AppData\Roaming\BANDISOFT
2013-08-01 01:40 - 2013-08-01 01:40 - 00000000 ____D C:\Program Files (x86)\BandiMPEG1
2013-08-01 01:40 - 2013-08-01 01:40 - 00000000 ____D C:\Program Files (x86)\Bandicam
2013-07-31 23:58 - 2013-07-31 23:59 - 00000000 ____D C:\Program Files\VolMouse
2013-07-31 23:46 - 2013-08-01 00:06 - 00000471 _____ C:\Users\Main\SciTE.session
2013-07-31 23:42 - 2013-07-31 23:42 - 00000000 ____D C:\Program Files (x86)\AutoIt3
2013-07-31 23:15 - 2013-08-21 01:31 - 00016613 _____ C:\FreeTrackClient.log
2013-07-30 11:41 - 2013-07-30 11:41 - 00000000 ____D C:\Users\Main\AppData\Roaming\Mozilla
2013-07-30 10:37 - 2013-08-01 17:42 - 00007187 _____ C:\Users\Main\Desktop\RPi-Hub measurements.txt
2013-07-29 16:47 - 2013-08-03 02:42 - 00008814 _____ C:\NPClient.log
2013-07-29 16:18 - 2013-07-29 16:18 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_WinUSB_01009.Wdf
2013-07-29 16:17 - 2013-07-29 16:17 - 00000000 ____D C:\Program Files (x86)\Code Laboratories
2013-07-29 16:10 - 2012-10-15 09:08 - 00015104 _____ (Headsoft) C:\Windows\system32\Drivers\vjoy.sys
2013-07-29 14:02 - 2013-07-29 14:02 - 00000000 ____D C:\Program Files (x86)\Abbequerque Inc
2013-07-28 20:00 - 2013-07-28 20:00 - 00000000 ____D C:\ProgramData\RzMaelstromVAD_1.1.41.1089
2013-07-28 19:56 - 2013-07-28 19:56 - 00000000 ____D C:\ProgramData\Razer
2013-07-28 19:56 - 2013-07-28 19:56 - 00000000 ____D C:\Program Files (x86)\Razer
2013-07-28 19:02 - 2013-07-28 19:02 - 00000000 ____D C:\Users\Main\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\No-IP DUC
2013-07-28 19:02 - 2013-07-28 19:02 - 00000000 ____D C:\Program Files (x86)\No-IP

==================== One Month Modified Files and Folders =======

2013-08-27 19:55 - 2011-12-30 21:11 - 00000000 ____D c:\temp\Main
2013-08-27 19:54 - 2013-08-27 19:13 - 00000000 ____D C:\AdwCleaner
2013-08-27 19:54 - 2013-08-27 16:41 - 00000000 ____D C:\Program Files (x86)\Google
2013-08-27 19:54 - 2011-12-30 21:11 - 00000000 ____D c:\temp\System
2013-08-27 19:32 - 2013-08-27 19:32 - 00005894 _____ C:\Users\Main\Desktop\RKreport[0]_S_08272013_193237.txt
2013-08-27 19:30 - 2009-07-14 05:45 - 00026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-27 19:30 - 2009-07-14 05:45 - 00026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-27 19:28 - 2009-07-14 06:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-27 19:26 - 2011-12-30 20:52 - 02041670 _____ C:\Windows\WindowsUpdate.log
2013-08-27 19:22 - 2013-08-27 16:43 - 00000000 ____D C:\Program Files\Google
2013-08-27 19:22 - 2010-11-21 04:47 - 00323496 _____ C:\Windows\PFRO.log
2013-08-27 19:22 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-27 19:22 - 2009-07-14 05:51 - 00043288 _____ C:\Windows\setupact.log
2013-08-27 19:20 - 2013-08-27 19:20 - 00000919 _____ C:\Users\Main\Desktop\mbam.txt
2013-08-27 19:12 - 2013-07-25 11:58 - 00004186 _____ C:\Windows\Sandboxie.ini
2013-08-27 19:10 - 2013-08-27 19:10 - 00994642 _____ C:\Users\Main\Desktop\AdwCleaner.exe
2013-08-27 19:10 - 2013-08-27 19:10 - 00005567 _____ C:\Users\Main\Desktop\RKreport[0]_S_08272013_191054.txt
2013-08-27 17:39 - 2013-08-27 17:29 - 00000000 ____D C:\Users\Main\Desktop\RK_Quarantine
2013-08-27 17:33 - 2013-08-27 17:33 - 00005645 _____ C:\Users\Main\Desktop\RKreport[0]_S_08272013_173321.txt
2013-08-27 17:22 - 2013-08-27 17:22 - 03814400 _____ C:\Users\Main\Desktop\RogueKillerX64.exe
2013-08-27 17:22 - 2013-08-27 17:22 - 00024002 _____ C:\Users\Main\Desktop\dds.txt
2013-08-27 17:22 - 2013-08-27 17:22 - 00008657 _____ C:\Users\Main\Desktop\attach.txt
2013-08-27 17:21 - 2013-08-27 17:21 - 00688992 ____R (Swearware) C:\Users\Main\Desktop\dds.scr
2013-08-27 16:41 - 2013-08-27 16:41 - 01030952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-08-27 16:41 - 2013-08-27 16:41 - 00378944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-08-27 16:41 - 2013-08-27 16:41 - 00189936 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-08-27 16:41 - 2013-08-27 16:41 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-08-27 16:41 - 2013-08-27 16:41 - 00000175 _____ C:\Windows\system32\Drivers\aswVmm.sys.sum
2013-08-27 16:41 - 2013-08-27 16:41 - 00000175 _____ C:\Windows\system32\Drivers\aswSP.sys.sum
2013-08-27 16:41 - 2013-08-27 16:41 - 00000175 _____ C:\Windows\system32\Drivers\aswSnx.sys.sum
2013-08-27 16:41 - 2013-08-27 16:41 - 00000000 ____D C:\Program Files\AVAST Software
2013-08-27 16:41 - 2013-08-27 16:41 - 00000000 _____ C:\Windows\SysWOW64\config.nt
2013-08-27 16:41 - 2013-08-27 16:40 - 00000000 ____D C:\ProgramData\AVAST Software
2013-08-27 16:26 - 2013-08-08 14:19 - 00003898 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{18447DF4-198D-464B-A4E1-09F5B1104971}
2013-08-26 15:16 - 2011-12-30 22:54 - 00034515 _____ C:\Windows\Irremote.ini
2013-08-26 15:16 - 2011-12-30 22:42 - 00000000 ____D C:\Program Files (x86)\WinTV
2013-08-25 20:29 - 2013-08-10 14:03 - 00000000 ____D C:\Users\Main\AppData\Roaming\Jitsi
2013-08-21 23:56 - 2013-07-17 13:07 - 00000600 _____ C:\Users\Main\AppData\Roaming\winscp.rnd
2013-08-21 07:31 - 2012-03-17 05:00 - 00000000 ____D E:\Data\Main\My Documents\TS3Client
2013-08-21 01:31 - 2013-07-31 23:15 - 00016613 _____ C:\FreeTrackClient.log
2013-08-21 00:00 - 2013-07-10 01:58 - 00000000 ____D C:\Program Files (x86)\SIX Networks
2013-08-20 21:00 - 2013-07-23 18:18 - 00000000 ____D C:\Users\Main\AppData\Roaming\TeamViewer
2013-08-20 12:13 - 2012-06-24 17:23 - 00000000 ____D E:\Data\Main\My Documents\VAC
2013-08-20 12:11 - 2013-08-20 12:11 - 00000000 ____D C:\Users\Main\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Voice Activated Commands
2013-08-20 12:11 - 2013-07-16 21:54 - 00000000 ____D C:\Program Files (x86)\VAC System
2013-08-19 15:50 - 2012-01-08 04:15 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite
2013-08-19 15:49 - 2013-08-19 15:49 - 00283064 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtsoftbus01.sys
2013-08-19 15:49 - 2013-08-19 15:49 - 00000000 ____D C:\Program Files (x86)\DAEMON Tools Lite
2013-08-18 21:57 - 2013-08-18 21:57 - 00000000 ____D C:\Users\Main\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Clan F.S.F
2013-08-18 21:51 - 2012-01-06 23:38 - 00766336 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-08-18 21:51 - 2011-12-30 21:53 - 00000000 ____D C:\Users\Main\AppData\Local\Apps\2.0
2013-08-18 21:42 - 2013-07-13 21:22 - 00000000 ____D C:\SweetFX
2013-08-18 21:40 - 2013-07-13 21:18 - 00000000 ____D C:\Users\Main\AppData\Roaming\RadeonPro
2013-08-18 20:20 - 2012-01-06 21:29 - 00000000 ____D C:\Users\Main\AppData\Roaming\Mp3tag
2013-08-18 19:18 - 2013-08-01 12:46 - 00000000 ____D C:\Users\Main\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Actual Multiple Monitors
2013-08-18 19:18 - 2012-01-04 11:59 - 00000000 ____D C:\Program Files (x86)\Actual Multiple Monitors
2013-08-18 18:49 - 2013-07-15 21:57 - 00000000 ____D C:\Users\Main\AppData\Roaming\Microsoft\Windows\Start Menu\Utils
2013-08-18 16:40 - 2013-08-18 16:40 - 00000000 ____D C:\Program Files (x86)\ESET
2013-08-18 16:35 - 2013-08-18 16:35 - 00000000 ____D C:\Users\Main\AppData\Roaming\Malwarebytes
2013-08-18 16:35 - 2013-08-18 16:35 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-18 16:35 - 2013-08-18 16:35 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-18 12:47 - 2012-08-27 14:36 - 00001729 _____ E:\Data\Main\My Documents\Backup Arma2OA to Hitachi_Installed.ffs_gui
2013-08-18 11:59 - 2013-01-16 20:29 - 00002423 _____ E:\Data\Main\My Documents\Copy new files to Hitachi.ffs_gui
2013-08-18 01:01 - 2013-08-18 00:12 - 00000000 ____D C:\ProgramData\WarThunder
2013-08-18 01:00 - 2011-12-31 19:07 - 00000000 ____D C:\Windows\SysWOW64\directx
2013-08-18 00:16 - 2013-08-18 00:16 - 00000000 ____D C:\ProgramData\RELOADED
2013-08-17 12:40 - 2013-08-17 12:40 - 00000000 ____D C:\Users\Main\AppData\Roaming\SIX Networks
2013-08-17 12:40 - 2012-02-20 22:08 - 00000000 ____D E:\Data\Main\My Documents\ArmA 2
2013-08-17 11:01 - 2013-08-17 11:01 - 00000000 ____D C:\Program Files\Jitsi
2013-08-17 01:01 - 2009-07-14 03:34 - 00000424 _____ C:\Windows\win.ini
2013-08-16 15:18 - 2013-08-16 15:18 - 00000000 ____D C:\ProgramData\Actual Tools
2013-08-15 16:06 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-08-13 22:05 - 2013-08-13 01:01 - 00000000 ____D C:\Users\Main\.get_iplayer
2013-08-13 21:49 - 2013-08-13 13:39 - 00000000 ____D C:\Users\Main\AppData\Roaming\Microsoft\Windows\Start Menu\Audio-Video
2013-08-13 03:45 - 2013-08-02 19:19 - 00000000 ____D C:\Users\Main\AppData\Roaming\Broad Intelligence
2013-08-13 03:45 - 2013-08-02 19:19 - 00000000 ____D C:\Program Files (x86)\MediaCoder
2013-08-13 02:41 - 2013-08-09 02:15 - 00000000 ____D C:\Users\Main\AppData\Roaming\MediaMonkey
2013-08-13 01:19 - 2012-01-08 15:44 - 00000466 _____ C:\Users\Main\.swfinfo
2013-08-13 01:18 - 2013-08-13 01:18 - 00002135 _____ C:\Users\Main\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VLC Media Player.lnk
2013-08-13 01:18 - 2013-08-13 01:17 - 00000000 ____D C:\Program Files (x86)\get_iplayer
2013-08-13 01:17 - 2013-08-13 01:17 - 00000000 ____D C:\ProgramData\get_iplayer
2013-08-13 01:01 - 2011-12-30 20:58 - 00000000 ____D C:\Users\Main
2013-08-12 23:08 - 2013-08-12 23:07 - 00000000 ____D C:\Users\Main\AppData\Roaming\CUERipper
2013-08-12 21:19 - 2013-08-12 14:39 - 00000000 ____D C:\Users\Main\AppData\Roaming\CUE Tools
2013-08-12 15:35 - 2012-01-06 21:29 - 00000000 ____D C:\Program Files (x86)\Mp3tag
2013-08-12 15:02 - 2013-08-02 19:21 - 00000000 ____D C:\Users\Main\AppData\Roaming\HandBrake
2013-08-12 14:53 - 2013-08-12 14:53 - 00000000 ____D C:\Users\Main\AppData\Roaming\EAC
2013-08-12 14:53 - 2013-08-12 14:53 - 00000000 ____D C:\Users\Main\AppData\Roaming\AccurateRip
2013-08-12 14:53 - 2013-08-12 14:53 - 00000000 ____D C:\Program Files (x86)\Exact Audio Copy
2013-08-12 14:29 - 2013-08-12 13:40 - 00000000 ____D C:\Program Files (x86)\realtech VR
2013-08-12 13:31 - 2013-06-21 20:22 - 00002379 _____ E:\Data\Main\My Documents\Sync DCS from D to S.ffs_gui
2013-08-12 01:27 - 2013-07-10 02:11 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-08-12 01:27 - 2012-01-10 02:41 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-10 17:25 - 2009-07-14 05:45 - 00296856 _____ C:\Windows\system32\FNTCACHE.DAT
2013-08-10 14:04 - 2013-08-10 14:04 - 00000000 ____D C:\Users\Main\AppData\Roaming\HD Tune Pro
2013-08-10 13:58 - 2013-08-10 13:58 - 00001789 _____ C:\Users\Main\AppData\Roaming\Microsoft\Windows\Start Menu\Jitsi.lnk
2013-08-10 01:52 - 2013-08-10 01:52 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2013-08-09 04:02 - 2013-08-09 04:02 - 00000000 ____D C:\Program Files (x86)\QuickPar
2013-08-09 02:15 - 2013-08-09 02:15 - 00000000 ____D C:\ProgramData\MediaMonkey
2013-08-09 02:15 - 2013-08-09 02:15 - 00000000 ____D C:\Program Files (x86)\MediaMonkey
2013-08-08 16:43 - 2012-01-04 18:36 - 00003148 _____ C:\Windows\System32\Tasks\SidebarExecute
2013-08-07 22:03 - 2013-07-10 01:58 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client
2013-08-06 22:58 - 2012-01-02 11:06 - 00000000 ____D C:\Users\Main\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LastPass
2013-08-06 22:58 - 2012-01-02 11:06 - 00000000 ____D C:\Program Files (x86)\LastPass
2013-08-04 23:53 - 2013-08-04 23:53 - 00000000 ____D C:\Program Files (x86)\Foxit Software
2013-08-04 14:09 - 2012-01-20 13:43 - 00000730 _____ C:\Windows\QUICKEN.INI
2013-08-03 02:42 - 2013-07-29 16:47 - 00008814 _____ C:\NPClient.log
2013-08-02 22:04 - 2013-08-02 22:04 - 00000000 ____D C:\Users\Main\AppData\Roaming\Seeing Machines
2013-08-02 22:04 - 2013-08-02 22:04 - 00000000 ____D C:\ProgramData\Seeing Machines
2013-08-02 19:17 - 2013-08-02 19:16 - 00000000 ____D C:\Program Files (x86)\Handbrake
2013-08-02 19:16 - 2013-08-02 19:16 - 00001023 _____ C:\Users\Remote\Desktop\Handbrake.lnk
2013-08-02 18:10 - 2013-08-02 16:19 - 00012322 _____ C:\Windows\system32\Drivers\fvstore.dat
2013-08-02 16:20 - 2012-01-08 03:04 - 00000000 ____D C:\Program Files (x86)\Comodo
2013-08-02 16:19 - 2013-08-02 16:19 - 00000000 ___HD C:\VTRoot
2013-08-02 16:18 - 2013-08-02 16:18 - 00000000 ____D C:\ProgramData\Vitalwerks
2013-08-02 14:08 - 2013-08-02 14:07 - 00000000 ____D C:\Program Files (x86)\FreeTrack
2013-08-02 13:15 - 2013-08-02 13:15 - 00000000 ____D C:\Windows\System32\Tasks\COMODO
2013-08-02 13:15 - 2013-08-02 13:14 - 00000000 ___SD C:\ProgramData\Shared Space
2013-08-02 13:15 - 2013-08-02 13:14 - 00000000 ____D C:\ProgramData\Comodo
2013-08-02 13:14 - 2013-08-02 13:14 - 00000000 ____D C:\Program Files\COMODO
2013-08-02 12:31 - 2013-08-02 12:31 - 00000542 _____ C:\Windows\SysWOW64\{7995330B-E01F-4645-B702-53481E7CB778}.cmdfile
2013-08-02 12:31 - 2013-08-02 12:31 - 00000000 ____D C:\ProgramData\Comodo Downloader
2013-08-02 01:47 - 2013-08-02 01:47 - 00000000 ____D C:\Users\Main\AppData\Roaming\.mono
2013-08-02 01:46 - 2011-12-30 21:50 - 00090392 _____ C:\Windows\DirectX.log
2013-08-01 17:42 - 2013-07-30 10:37 - 00007187 _____ C:\Users\Main\Desktop\RPi-Hub measurements.txt
2013-08-01 11:54 - 2013-07-22 12:51 - 00000000 ____D C:\Program Files\nfsd
2013-08-01 02:17 - 2013-01-16 03:47 - 00000000 ____D E:\Data\Main\My Documents\Bandicam
2013-08-01 01:40 - 2013-08-01 01:40 - 00000000 ____D C:\Users\Main\AppData\Roaming\BANDISOFT
2013-08-01 01:40 - 2013-08-01 01:40 - 00000000 ____D C:\Program Files (x86)\BandiMPEG1
2013-08-01 01:40 - 2013-08-01 01:40 - 00000000 ____D C:\Program Files (x86)\Bandicam
2013-08-01 00:06 - 2013-07-31 23:46 - 00000471 _____ C:\Users\Main\SciTE.session
2013-07-31 23:59 - 2013-07-31 23:58 - 00000000 ____D C:\Program Files\VolMouse
2013-07-31 23:45 - 2012-09-11 15:35 - 00000000 ____D E:\Data\Main\My Documents\AutoHotKey
2013-07-31 23:42 - 2013-07-31 23:42 - 00000000 ____D C:\Program Files (x86)\AutoIt3
2013-07-31 23:42 - 2011-04-12 09:28 - 00000000 ____D C:\Windows\ShellNew
2013-07-30 11:41 - 2013-07-30 11:41 - 00000000 ____D C:\Users\Main\AppData\Roaming\Mozilla
2013-07-29 16:18 - 2013-07-29 16:18 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_WinUSB_01009.Wdf
2013-07-29 16:17 - 2013-07-29 16:17 - 00000000 ____D C:\Program Files (x86)\Code Laboratories
2013-07-29 14:02 - 2013-07-29 14:02 - 00000000 ____D C:\Program Files (x86)\Abbequerque Inc
2013-07-28 20:00 - 2013-07-28 20:00 - 00000000 ____D C:\ProgramData\RzMaelstromVAD_1.1.41.1089
2013-07-28 19:56 - 2013-07-28 19:56 - 00000000 ____D C:\ProgramData\Razer
2013-07-28 19:56 - 2013-07-28 19:56 - 00000000 ____D C:\Program Files (x86)\Razer
2013-07-28 19:02 - 2013-07-28 19:02 - 00000000 ____D C:\Users\Main\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\No-IP DUC
2013-07-28 19:02 - 2013-07-28 19:02 - 00000000 ____D C:\Program Files (x86)\No-IP

Files to move or delete:
====================
c:\temp\Main\ammemb.dll
c:\temp\Main\ammemb64.dll
c:\temp\Main\bitool.dll
c:\temp\Main\Checkupdate.exe
c:\temp\Main\cws0rqdo.dll
c:\temp\Main\Foxit Reader Updater.exe
c:\temp\Main\Foxit Updater.exe
c:\temp\Main\gcapi_dll.dll
c:\temp\Main\gtapi_signed.dll
c:\temp\Main\jna5965306605531838924.dll
c:\temp\Main\LPPlugin.dll
c:\temp\Main\Quarantine.exe
c:\temp\Main\TrackIR.exe
c:\temp\Main\x41ecz3s.dll
c:\temp\Main\VSD8A38.tmp\setup.exe
c:\temp\Main\VSD8A38.tmp\DotNetFX40KB2468871\dotNetFx40LP_Full_x86_x64fr.exe
c:\temp\Main\SUPERSetup\setup.dll
c:\temp\Main\Play withSIX 2\System.Reactive.Core.dll
c:\temp\Main\Play withSIX 2\System.Reactive.Interfaces.dll
c:\temp\Main\Play withSIX 2\System.Reactive.Linq.dll
c:\temp\Main\Play withSIX 2\System.Reactive.PlatformServices.dll
c:\temp\Main\Play withSIX 2\System.Reactive.Windows.Threading.dll
c:\temp\Main\Play withSIX 2\withSIX-SelfUpdater.exe
c:\temp\Main\lptmp117956332\nplastpass.dll
c:\temp\Main\lptmp117956332\nplastpass64.dll
c:\temp\Main\is-MPRR4.tmp\CountInstallation.exe
c:\temp\Main\ip5895\InstMSIA.exe
c:\temp\Main\ip5895\InstMSIW.exe
c:\temp\Main\ip5895\setup.exe
c:\temp\Main\ip23202\InstMSIA.exe
c:\temp\Main\ip23202\InstMSIW.exe
c:\temp\Main\ip23202\setup.exe
c:\temp\Main\ip13723\InstMSIA.exe
c:\temp\Main\ip13723\InstMSIW.exe
c:\temp\Main\ip13723\setup.exe
c:\temp\Main\DCS\update\DCS_updater.exe
c:\temp\Main\DCS\update\DCS_update_apply.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-08-22 00:59

==================== End Of Log ============================

Addition.txt

Link to post
Share on other sites

Thanks, that's removed the Program Data\Windows\Time folder and removed the Time service, so hopefully it's all good now.

 

I couldn't post the whole log as it said the message was too long, so I've just cut out most of the "Moved successfully" messages but I've emptied out my temp folders now. Can I delete the FRST folder where it moved all the files to now?

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-08-2013 03
Ran by Main at 2013-08-27 20:50:16 Run:1
Running from C:\AdwCleaner
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
S3 Time; C:\ProgramData\Microsoft\Windows\Time\Time-svc.exe
C:\ProgramData\Microsoft\Windows\Time
c:\temp\Main

*****************

Time => Service deleted successfully.
C:\ProgramData\Microsoft\Windows\Time => Moved successfully.

"c:\temp\Main" directory move:

c:\temp\Main\%%%38B2.tmp => Moved successfully.
c:\temp\Main\%%%6A21.tmp => Moved successfully.
c:\temp\Main\%%%8145.tmp => Moved successfully.
c:\temp\Main\%%%D1DB.tmp => Moved successfully.
c:\temp\Main\acr19C6.tmp => Moved successfully.
c:\temp\Main\acr19C7.tmp => Moved successfully.
c:\temp\Main\acr4BA5.tmp => Moved successfully.
c:\temp\Main\acr4BA6.tmp => Moved successfully.
.....
Could not move "c:\temp\Main" directory. => Scheduled to move on reboot.

Link to post
Share on other sites

We'll clean it all up when we're done.

A couple of more scans to run.....

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

OK, I think ComboFix finished without any problems. Here's the log

 

ComboFix 13-08-27.02 - Main 28/08/2013   0:34.1.4 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.44.1033.18.16348.13556 [GMT 1:00]
Running from: c:\users\Main\Desktop\ComboFix.exe
AV: Outpost Security Suite *Disabled/Updated* {ECEA6BCD-A007-0BC7-D5A5-0254DCBD816E}
FW: Outpost Security Suite *Enabled* {D4D1EAE8-EA68-0A9F-FEFA-AB61226EC615}
SP: Outpost Security Suite *Disabled/Updated* {578B8A29-863D-0449-EF15-3926A73ACBD3}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Main\AppData\Local\assembly\tmp
.
.
(((((((((((((((((((((((((   Files Created from 2013-07-27 to 2013-08-27  )))))))))))))))))))))))))))))))
.
.
2013-08-27 23:44 . 2013-08-27 23:44 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D82EA183-3CC2-4106-A68D-1CA66464F2DF}\offreg.dll
2013-08-27 23:42 . 2013-08-27 23:42 -------- d-----w- c:\users\Remote\AppData\Local\temp
2013-08-27 23:42 . 2013-08-27 23:42 -------- d-----w- c:\users\Main\AppData\Local\temp
2013-08-27 23:42 . 2013-08-27 23:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-08-27 18:55 . 2013-08-27 19:50 -------- d-----w- C:\FRST
2013-08-27 18:13 . 2013-08-27 19:50 -------- d-----w- C:\AdwCleaner
2013-08-27 15:43 . 2013-08-27 18:22 -------- d-----w- c:\program files\Google
2013-08-21 09:17 . 2013-08-21 09:17 -------- d-----w- c:\users\Main\AppData\Local\Team_360h
2013-08-19 14:49 . 2013-08-19 14:49 283064 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2013-08-19 14:49 . 2013-08-19 14:49 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite
2013-08-18 20:51 . 2013-08-18 20:57 -------- d-----w- c:\users\Main\AppData\Local\Deployment
2013-08-18 15:40 . 2013-08-18 15:40 -------- d-----w- c:\program files (x86)\ESET
2013-08-18 15:35 . 2013-08-18 15:35 -------- d-----w- c:\users\Main\AppData\Roaming\Malwarebytes
2013-08-18 15:35 . 2013-08-18 15:35 -------- d-----w- c:\programdata\Malwarebytes
2013-08-18 15:35 . 2013-08-18 15:35 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-08-18 15:35 . 2013-04-04 13:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-08-17 23:12 . 2013-08-18 00:01 -------- d-----w- c:\programdata\WarThunder
2013-08-17 23:12 . 2013-08-17 23:12 -------- d-----w- c:\users\Main\AppData\Local\WarThunder
2013-08-17 11:40 . 2013-08-17 11:40 -------- d-----w- c:\users\Main\AppData\Roaming\SIX Networks
2013-08-17 11:40 . 2013-08-19 20:17 -------- d-----w- c:\users\Main\AppData\Local\SIX Networks
2013-08-17 10:01 . 2013-08-17 10:01 -------- d-----w- c:\program files\Jitsi
2013-08-16 23:50 . 2013-08-16 23:50 -------- d-----w- c:\users\Main\AppData\Local\Take On Helicopters
2013-08-16 14:18 . 2013-08-16 14:18 -------- d-----w- c:\programdata\Actual Tools
2013-08-15 02:25 . 2013-07-19 01:58 2048 ----a-w- c:\windows\system32\tzres.dll
2013-08-15 02:24 . 2013-06-15 04:32 39936 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2013-08-15 02:24 . 2013-07-06 06:03 1910208 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-08-13 00:17 . 2013-08-13 00:18 -------- d-----w- c:\program files (x86)\get_iplayer
2013-08-13 00:17 . 2013-08-13 00:17 -------- d-----w- c:\programdata\get_iplayer
2013-08-13 00:01 . 2013-08-13 21:05 -------- d-----w- c:\users\Main\.get_iplayer
2013-08-12 22:07 . 2013-08-12 22:08 -------- d-----w- c:\users\Main\AppData\Roaming\CUERipper
2013-08-12 13:53 . 2013-08-12 13:53 -------- d-----w- c:\users\Main\AppData\Roaming\EAC
2013-08-12 13:53 . 2013-08-12 13:53 -------- d-----w- c:\users\Main\AppData\Roaming\AccurateRip
2013-08-12 13:53 . 2013-08-12 13:53 -------- d-----w- c:\program files (x86)\Exact Audio Copy
2013-08-12 13:46 . 2013-08-12 13:46 -------- d-----w- c:\users\Main\AppData\Local\CUE Tools
2013-08-12 13:39 . 2013-08-12 20:19 -------- d-----w- c:\users\Main\AppData\Roaming\CUE Tools
2013-08-12 12:43 . 2013-08-12 12:43 -------- d-----w- c:\users\Main\AppData\Local\realtech_VR
2013-08-12 12:40 . 2013-08-12 13:29 -------- d-----w- c:\program files (x86)\realtech VR
2013-08-12 00:26 . 2013-08-12 00:27 -------- d-----w- c:\users\Main\AppData\Local\Adobe
2013-08-10 13:04 . 2013-08-10 13:04 -------- d-----w- c:\users\Main\AppData\Roaming\HD Tune Pro
2013-08-10 13:03 . 2013-08-25 19:29 -------- d-----w- c:\users\Main\AppData\Roaming\Jitsi
2013-08-10 00:52 . 2013-08-10 00:52 -------- d-----w- c:\program files (x86)\TeamViewer
2013-08-09 03:02 . 2013-08-09 11:00 -------- d-----w- c:\users\Main\AppData\Local\QuickPar
2013-08-09 03:02 . 2013-08-09 03:02 -------- d-----w- c:\program files (x86)\QuickPar
2013-08-09 01:15 . 2013-08-09 01:15 -------- d-----w- c:\users\Main\AppData\Local\MediaMonkey
2013-08-09 01:15 . 2013-08-13 01:41 -------- d-----w- c:\users\Main\AppData\Roaming\MediaMonkey
2013-08-09 01:15 . 2013-08-09 01:15 -------- d-----w- c:\programdata\MediaMonkey
2013-08-09 01:15 . 2013-08-09 01:15 -------- d-----w- c:\program files (x86)\MediaMonkey
2013-08-08 15:43 . 2013-08-20 18:42 -------- d-----w- c:\users\Main\AppData\Local\HWiNFOMonitor
2013-08-08 13:56 . 2013-08-08 13:56 -------- d-----w- c:\users\Main\AppData\Local\NeoSmart_Technologies
2013-08-04 22:53 . 2013-06-09 20:59 216064 ----a-w- c:\windows\SysWow64\gcapi_dll.dll
2013-08-04 22:53 . 2013-08-04 22:53 -------- d-----w- c:\program files (x86)\Foxit Software
2013-08-02 21:04 . 2013-08-02 21:04 -------- d-----w- c:\programdata\Seeing Machines
2013-08-02 21:04 . 2013-08-02 21:04 -------- d-----w- c:\users\Main\AppData\Roaming\Seeing Machines
2013-08-02 18:21 . 2013-08-12 14:02 -------- d-----w- c:\users\Main\AppData\Roaming\HandBrake
2013-08-02 18:19 . 2013-08-13 02:45 -------- d-----w- c:\users\Main\AppData\Roaming\Broad Intelligence
2013-08-02 18:19 . 2013-08-13 02:45 -------- d-----w- c:\program files (x86)\MediaCoder
2013-08-02 18:16 . 2013-08-02 18:17 -------- d-----w- c:\program files (x86)\Handbrake
2013-08-02 15:19 . 2013-08-02 15:19 -------- d-----w- C:\VTRoot
2013-08-02 15:18 . 2013-08-02 15:18 -------- d-----w- c:\programdata\Vitalwerks
2013-08-02 13:07 . 2013-08-02 13:08 -------- d-----w- c:\program files (x86)\FreeTrack
2013-08-02 12:14 . 2013-08-02 12:15 -------- d-s---w- c:\programdata\Shared Space
2013-08-02 12:14 . 2013-08-02 12:14 -------- d-----w- c:\program files\COMODO
2013-08-02 12:14 . 2013-08-02 12:15 -------- d-----w- c:\programdata\Comodo
2013-08-02 11:31 . 2013-08-02 11:31 -------- d-----w- c:\programdata\Comodo Downloader
2013-08-02 00:47 . 2013-08-02 00:47 -------- d-----w- c:\users\Main\AppData\Roaming\.mono
2013-08-02 00:47 . 2013-08-02 00:47 -------- d-----w- c:\users\Main\AppData\Local\UWebKit
2013-08-01 14:53 . 2013-08-16 16:59 -------- d-----w- c:\users\Main\AppData\Local\ElevatedDiagnostics
2013-08-01 00:40 . 2013-08-01 00:40 -------- d-----w- c:\users\Main\AppData\Roaming\BANDISOFT
2013-08-01 00:40 . 2013-08-01 00:40 -------- d-----w- c:\program files (x86)\Bandicam
2013-08-01 00:40 . 2013-08-01 00:40 -------- d-----w- c:\program files (x86)\BandiMPEG1
2013-07-31 22:58 . 2013-07-31 22:59 -------- d-----w- c:\program files\VolMouse
2013-07-31 22:42 . 2013-07-31 22:42 -------- d-----w- c:\program files (x86)\AutoIt3
2013-07-29 15:17 . 2013-07-29 15:17 -------- d-----w- c:\program files (x86)\Code Laboratories
2013-07-29 15:10 . 2012-10-15 08:08 15104 ----a-w- c:\windows\system32\drivers\vjoy.sys
2013-07-29 13:02 . 2013-07-29 13:02 -------- d-----w- c:\program files (x86)\Abbequerque Inc
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-12 00:27 . 2013-07-10 01:11 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-08-12 00:27 . 2012-01-10 01:41 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-08-06 21:58 . 2013-07-11 13:13 15251968 ----a-w- c:\program files (x86)\Common Files\lpuninstall.exe
2013-07-13 12:10 . 2013-07-13 12:10 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-07-13 12:10 . 2013-07-13 12:10 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-07-13 12:10 . 2013-07-13 12:10 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-07-10 00:40 . 2013-07-10 00:40 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-07-10 00:40 . 2013-07-10 00:40 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-07-10 00:40 . 2013-07-10 00:40 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-07-10 00:40 . 2013-07-10 00:40 81408 ----a-w- c:\windows\system32\icardie.dll
2013-07-10 00:40 . 2013-07-10 00:40 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-07-10 00:40 . 2013-07-10 00:40 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-07-10 00:40 . 2013-07-10 00:40 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-07-10 00:40 . 2013-07-10 00:40 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-07-10 00:40 . 2013-07-10 00:40 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-07-10 00:40 . 2013-07-10 00:40 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-07-10 00:40 . 2013-07-10 00:40 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-07-10 00:40 . 2013-07-10 00:40 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-07-10 00:40 . 2013-07-10 00:40 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-07-10 00:40 . 2013-07-10 00:40 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-07-10 00:40 . 2013-07-10 00:40 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-07-10 00:40 . 2013-07-10 00:40 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-07-10 00:40 . 2013-07-10 00:40 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-07-10 00:40 . 2013-07-10 00:40 441856 ----a-w- c:\windows\system32\html.iec
2013-07-10 00:40 . 2013-07-10 00:40 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-07-10 00:40 . 2013-07-10 00:40 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-07-10 00:40 . 2013-07-10 00:40 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-07-10 00:40 . 2013-07-10 00:40 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-07-10 00:40 . 2013-07-10 00:40 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-07-10 00:40 . 2013-07-10 00:40 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-07-10 00:40 . 2013-07-10 00:40 235008 ----a-w- c:\windows\system32\url.dll
2013-07-10 00:40 . 2013-07-10 00:40 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-07-10 00:40 . 2013-07-10 00:40 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-07-10 00:40 . 2013-07-10 00:40 216064 ----a-w- c:\windows\system32\msls31.dll
2013-07-10 00:40 . 2013-07-10 00:40 197120 ----a-w- c:\windows\system32\msrating.dll
2013-07-10 00:40 . 2013-07-10 00:40 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-07-10 00:40 . 2013-07-10 00:40 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-07-10 00:40 . 2013-07-10 00:40 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-07-10 00:40 . 2013-07-10 00:40 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-07-10 00:40 . 2013-07-10 00:40 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-07-10 00:40 . 2013-07-10 00:40 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-07-10 00:40 . 2013-07-10 00:40 149504 ----a-w- c:\windows\system32\occache.dll
2013-07-10 00:40 . 2013-07-10 00:40 144896 ----a-w- c:\windows\system32\wextract.exe
2013-07-10 00:40 . 2013-07-10 00:40 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-07-10 00:40 . 2013-07-10 00:40 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-07-10 00:40 . 2013-07-10 00:40 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-07-10 00:40 . 2013-07-10 00:40 13824 ----a-w- c:\windows\system32\mshta.exe
2013-07-10 00:40 . 2013-07-10 00:40 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-07-10 00:40 . 2013-07-10 00:40 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-07-10 00:40 . 2013-07-10 00:40 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-07-10 00:40 . 2013-07-10 00:40 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-07-10 00:40 . 2013-07-10 00:40 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-07-10 00:40 . 2013-07-10 00:40 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-07-10 00:40 . 2013-07-10 00:40 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-07-10 00:40 . 2013-07-10 00:40 102912 ----a-w- c:\windows\system32\inseng.dll
2013-07-10 00:37 . 2013-07-10 00:37 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-07-10 00:37 . 2013-07-10 00:37 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-07-10 00:37 . 2013-07-10 00:37 648192 ----a-w- c:\windows\system32\d3d10level9.dll
2013-07-10 00:37 . 2013-07-10 00:37 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2013-07-10 00:37 . 2013-07-10 00:37 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-07-10 00:37 . 2013-07-10 00:37 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-07-10 00:37 . 2013-07-10 00:37 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-07-10 00:37 . 2013-07-10 00:37 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-07-10 00:37 . 2013-07-10 00:37 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-07-10 00:37 . 2013-07-10 00:37 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-07-10 00:37 . 2013-07-10 00:37 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-07-10 00:37 . 2013-07-10 00:37 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-07-10 00:37 . 2013-07-10 00:37 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-07-10 00:37 . 2013-07-10 00:37 3928064 ----a-w- c:\windows\system32\d2d1.dll
2013-07-10 00:37 . 2013-07-10 00:37 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2013-07-10 00:37 . 2013-07-10 00:37 363008 ----a-w- c:\windows\system32\dxgi.dll
2013-07-10 00:37 . 2013-07-10 00:37 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-07-10 00:37 . 2013-07-10 00:37 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-07-10 00:37 . 2013-07-10 00:37 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2013-07-10 00:37 . 2013-07-10 00:37 333312 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-07-10 00:37 . 2013-07-10 00:37 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-07-10 00:37 . 2013-07-10 00:37 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-07-10 00:37 . 2013-07-10 00:37 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-07-10 00:37 . 2013-07-10 00:37 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-07-10 00:37 . 2013-07-10 00:37 296960 ----a-w- c:\windows\system32\d3d10core.dll
2013-07-10 00:37 . 2013-07-10 00:37 293376 ----a-w- c:\windows\SysWow64\dxgi.dll
2013-07-10 00:37 . 2013-07-10 00:37 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2013-07-10 00:37 . 2013-07-10 00:37 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2013-07-10 00:37 . 2013-07-10 00:37 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-07-10 00:37 . 2013-07-10 00:37 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-07-10 00:37 . 2013-07-10 00:37 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2013-07-10 00:37 . 2013-07-10 00:37 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2013-07-10 00:37 . 2013-07-10 00:37 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2013-07-10 00:37 . 2013-07-10 00:37 221184 ----a-w- c:\windows\system32\UIAnimation.dll
2013-07-10 00:37 . 2013-07-10 00:37 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll
2013-07-10 00:37 . 2013-07-10 00:37 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll
2013-07-10 00:37 . 2013-07-10 00:37 1988096 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2013-07-10 00:37 . 2013-07-10 00:37 194560 ----a-w- c:\windows\system32\d3d10_1.dll
2013-07-10 00:37 . 2013-07-10 00:37 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll
2013-07-10 00:37 . 2013-07-10 00:37 1682432 ----a-w- c:\windows\system32\XpsPrint.dll
2013-07-10 00:37 . 2013-07-10 00:37 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2013-07-10 00:37 . 2013-07-10 00:37 1238528 ----a-w- c:\windows\system32\d3d10.dll
2013-07-10 00:37 . 2013-07-10 00:37 1175552 ----a-w- c:\windows\system32\FntCache.dll
2013-07-10 00:37 . 2013-07-10 00:37 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2013-07-10 00:37 . 2013-07-10 00:37 1080832 ----a-w- c:\windows\SysWow64\d3d10.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2011-02-25 . E589BCD6041786C5E38E2D223C24C193 . 680960 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.17514_none_ecc547376ae3a1a3\termsrv.dll
[-] 2011-02-25 . E589BCD6041786C5E38E2D223C24C193 . 680960 . . [6.1.7601.17514] .. c:\windows\system32\termsrv.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShareOverlay]
@="{594D4122-1F87-41E2-96C7-825FB4796516}"
[HKEY_CLASSES_ROOT\CLSID\{594D4122-1F87-41E2-96C7-825FB4796516}]
2011-08-19 22:13 505344 ----a-w- c:\program files\Classic Shell\ClassicExplorer32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Xpadder"="c:\program files (x86)\Xpadder\Xpadder.exe" [2012-05-10 1165824]
"RadeonPro"="c:\program files (x86)\RadeonPro\RadeonPro.exe" [2013-04-13 2195072]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2013-07-25 759384]
"Actual Multiple Monitors"="c:\program files (x86)\Actual Multiple Monitors\ActualMultipleMonitorsCenter.exe" [2013-04-13 1735472]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-08-01 3673696]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"Razer Synapse"="c:\program files (x86)\Razer\Synapse\RzSynapse.exe" [2013-06-21 610152]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"AOD"="c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe" [2013-03-28 361984]
.
c:\users\Main\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Arma & DCS - Vol 10 on Joy7 and MB5 (for VAC).ahk.lnk - e:\data\Main\My Documents\AutoHotKey\Arma & DCS - Vol 10 on Joy7 and MB5 (for VAC).ahk [2013-1-14 2414]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Install LastPass IE RunOnce.lnk - c:\program files (x86)\Common Files\lpuninstall.exe -p -name=LastPass -ffuuid support@lastpass.com [2013-7-11 15251968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys;c:\windows\SYSNATIVE\DRIVERS\vmci.sys [x]
R2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 ALSysIO;ALSysIO;c:\temp\Main\ALSysIO64.sys;c:\temp\Main\ALSysIO64.sys [x]
R3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x]
R3 cmdvirth;COMODO Virtual Service Manager;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 HCW99BDA;Hauppauge Nova-DT Dual DVB-T Tuner;c:\windows\system32\Drivers\hcw99bda.sys;c:\windows\SYSNATIVE\Drivers\hcw99bda.sys [x]
R3 hcw99rc;Hauppauge Nova-DT IR Driver;c:\windows\system32\Drivers\hcw99rc.sys;c:\windows\SYSNATIVE\Drivers\hcw99rc.sys [x]
R3 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\temp\Main\HWiNFO64A.SYS;c:\temp\Main\HWiNFO64A.SYS [x]
R3 NTIOLib_1_0_1;NTIOLib_1_0_1;c:\program files (x86)\MSI\ControlCenter\NTIOLib_X64.sys;c:\program files (x86)\MSI\ControlCenter\NTIOLib_X64.sys [x]
R3 RAMDiskVE;RAMDiskVE;c:\windows\system32\Drivers\RAMDiskVE.sys;c:\windows\SYSNATIVE\Drivers\RAMDiskVE.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 rspLLL;rspLLL;c:\windows\system32\DRIVERS\rspLLL64.sys;c:\windows\SYSNATIVE\DRIVERS\rspLLL64.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
R4 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
R4 TVService;TVService;c:\program files (x86)\Team MediaPortal\MediaPortal TV Server\TVService.exe;c:\program files (x86)\Team MediaPortal\MediaPortal TV Server\TVService.exe [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys;c:\windows\SYSNATIVE\DRIVERS\cmderd.sys [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys;c:\windows\SYSNATIVE\DRIVERS\cmdguard.sys [x]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys;c:\windows\SYSNATIVE\DRIVERS\cmdhlp.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 SoftPerfectVirtualVolume;SoftPerfect RAM Disk;c:\program files\SoftPerfect RAM Disk\spvve.sys;c:\program files\SoftPerfect RAM Disk\spvve.sys [x]
S1 spvdbus;SoftPerfect Virtual Disk;c:\windows\system32\DRIVERS\spvdbus.sys;c:\windows\SYSNATIVE\DRIVERS\spvdbus.sys [x]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 NFSserver;NFS Server;c:\program files\nfsd\nfsd.exe;c:\program files\nfsd\nfsd.exe [x]
S2 NoIPDUCService4;NO-IP DUC v4;c:\program files (x86)\No-IP\ducservice.exe;c:\program files (x86)\No-IP\ducservice.exe [x]
S2 PMAPDaemon;SunRPC Portmap Daemon;c:\program files\nfsd\pmapd.exe;c:\program files\nfsd\pmapd.exe [x]
S2 RadeonPro Support Service;RadeonPro Support Service;c:\program files (x86)\RadeonPro\RadeonProSupport.exe;c:\program files (x86)\RadeonPro\RadeonProSupport.exe [x]
S2 RzMaelstromVADStreamingService;Razer Surround Audio Service;c:\programdata\Razer\Synapse\Devices\Razer Surround\Driver\RzMaelstromVADStreamingService.exe;c:\programdata\Razer\Synapse\Devices\Razer Surround\Driver\RzMaelstromVADStreamingService.exe [x]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 RZMAELSTROMVADService;Razer Surround Audio Enhancer Service;c:\windows\system32\drivers\RzMaelstromVAD.sys;c:\windows\SYSNATIVE\drivers\RzMaelstromVAD.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ATAPI
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
start [bU]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\HardLinkMenu]
@="{0A479751-02BC-11d3-A855-0004AC2568AA}"
[HKEY_CLASSES_ROOT\CLSID\{0A479751-02BC-11d3-A855-0004AC2568AA}]
2011-06-24 06:03 456704 ----a-w- c:\program files\LinkShellExtension\HardlinkShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOverlayHardLink]
@="{0A479751-02BC-11d3-A855-0004AC2568DD}"
[HKEY_CLASSES_ROOT\CLSID\{0A479751-02BC-11d3-A855-0004AC2568DD}]
2011-06-24 06:03 456704 ----a-w- c:\program files\LinkShellExtension\HardlinkShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOverlaySymbolicLink]
@="{0A479751-02BC-11d3-A855-0004AC2568EE}"
[HKEY_CLASSES_ROOT\CLSID\{0A479751-02BC-11d3-A855-0004AC2568EE}]
2011-06-24 06:03 456704 ----a-w- c:\program files\LinkShellExtension\HardlinkShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShareOverlay]
@="{594D4122-1F87-41E2-96C7-825FB4796516}"
[HKEY_CLASSES_ROOT\CLSID\{594D4122-1F87-41E2-96C7-825FB4796516}]
2011-08-19 22:14 629248 ----a-w- c:\program files\Classic Shell\ClassicExplorer64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1873256]
"Classic Start Menu"="c:\program files\Classic Shell\ClassicStartMenu.exe" [2011-08-19 98304]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2013-05-27 7188552]
"RAMDiskForWorkstations"="c:\program files\SoftPerfect RAM Disk\RAMDiskWS.exe" [2013-05-31 3452536]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cistray.exe" [2013-07-08 1502424]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm
IE: LastPass - file://c:\users\Main\AppData\LocalLow\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://c:\users\Main\AppData\LocalLow\LastPass\context.html?cmd=fillforms
TCP: Interfaces\{817618A9-4A37-4E16-891A-D240E0B77342}: NameServer = 178.21.23.150,8.8.8.8
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-MediaPortal TV Server - c:\program files (x86)\Team MediaPortal\MediaPortal TV Server\uninstall-tve3.exe
AddRemove-MPTagThat - c:\program files (x86)\Team MediaPortal\MPTagThat\uninstall.exe
AddRemove-{1146E8F3-4057-4F46-B39C-D18AB4BB1523}_is1 - d:\games\Deus Ex - Human Revolution\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\AutoHotkey\AutoHotkey.exe
c:\users\Main\AppData\Local\Microsoft\Windows Sidebar\Gadgets\HWiNFOMonitor.gadget\HWiNFOMonitor.exe
.
**************************************************************************
.
Completion time: 2013-08-28  00:51:14 - machine was rebooted
ComboFix-quarantined-files.txt  2013-08-27 23:51
.
Pre-Run: 6,275,166,208 bytes free
Post-Run: 6,570,192,896 bytes free
.
- - End Of File - - 3BE8585821EF7BCCC8C02D4A7591C14A
51083A7868D0AA3AC3719C3B0A90D973
 

Link to post
Share on other sites

Looks Good.....

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • If you get Unsupported operating system. Aborting now, just reboot and try again.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!
MrC
Link to post
Share on other sites

Thanks, that's good to hear. Here's the Security Check log.

 

 Results of screen317's Security Check version 0.99.73 
 Windows 7 Service Pack 1 x64 (UAC is disabled!) 
 Internet Explorer 10 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Disabled! 
avast! Antivirus  
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300 
 Java 7 Update 25 
 Adobe Flash Player 11.8.800.94 
````````Process Check: objlist.exe by Laurent```````` 
 Comodo Firewall cmdagent.exe
 AVAST Software Avast AvastSvc.exe 
 AVAST Software Avast AvastUI.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 10%
````````````````````End of Log``````````````````````
 

Link to post
Share on other sites

Perfect!

-------------------

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall or download and run the uninstaller)

---------------------------------

If you used FRST:

Download the fixlist.txt to the same folder as FRST.

Run FRST and click Fix only once and wait

That will delete the quarantine folder created by FRST.

-----------------------------

If you used DeFogger to disable your CD Emulation drivers, please re-enable them.

-------------------------------

Please download OTC to your desktop.

http://oldtimer.geekstogo.com/OTC.exe

Double-click OTC to run it. (Vista and up users, please right click on OTC and select "Run as an Administrator")

Click on the CleanUp! button and follow the prompts.

(If you get a warning from your firewall or other security programs regarding OTC attempting to contact the Internet, please allow the connection.)

You will be asked to reboot the machine to finish the Cleanup process, choose Yes.

After the reboot all the tools we used should be gone.

Note: Some more recently created tools may not yet be removed by OTC. Feel free to manually delete any tools it leaves behind.

Any other programs or logs you can manually delete.

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST, MBAR, etc....AdwCleaner > just run the program and click uninstall.

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.