Jump to content

TR/BitCoinMiner.Gen can't remove it. please help.


Serag
 Share

Recommended Posts

  • Replies 51
  • Created
  • Last Reply

Top Posters In This Topic

Top Posters In This Topic

Posted Images

Hello Serag and :welcome:! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
Please follow the instructions here and then post the log files in your next reply.

http://forums.malwarebytes.org/index.php?showtopic=9573

Link to post
Share on other sites

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium 

Boot Device: \Device\HarddiskVolume1

Install Date: 14/02/2012 01:47:20 p.m.

System Uptime: 29/08/2013 10:36:21 a.m. (1 hours ago)

.

Motherboard: CLEVO                             |  | P150HMx

Processor: Intel® Core i7-2860QM CPU @ 2.50GHz | SOCKET 0 | 2501/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 112 GiB total, 27.998 GiB free.

E: is FIXED (NTFS) - 466 GiB total, 10.746 GiB free.

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP296: 26/08/2013 06:04:28 a.m. - Scheduled Checkpoint

RP297: 27/08/2013 01:56:04 a.m. - Windows Update

RP298: 29/08/2013 06:50:42 a.m. - ComboFix created restore point

.

==== Installed Programs ======================

.

"Nero SoundTrax Help

Aalto VST version 1.3.2

Ableton Live v6.0.3

Adobe AIR

Adobe Download Assistant

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Help Manager

Adobe Illustrator CS6

Adobe Photoshop CS6

Adobe Premiere Pro CS6

Adobe Reader XI (11.0.03)

Adobe SVG Viewer

Advertising Center

Apple Application Support

Apple Mobile Device Support

Apple Software Update

ASIO4ALL

Audacity 1.2.6

Avira Free Antivirus

Bigfoot Networks Killer Network Manager

bl

CameraHelperMsi

Compatibility Pack for the 2007 Office system

Control ActiveX de Windows Live Mesh para conexiones remotas

db audioware mastering plugins 1.05c

DolbyFiles

Dropbox

Edirol HQ Orchestral v1.01

eLicenser Control

erLT

ESET Online Scanner v3

FabFilter TotalBundle VST RTAS v1.2

Facebook Video Calling 1.2.0.287

FileZilla Client 3.6.0.2

FreeFileSharingBox

G-sonique Alien303 VSTi

Google Chrome

Google Earth Plug-in

Google Update Helper

GoPro CineForm Studio 1.3.2

GRM Tools Classic VST v1.6.52

ImagXpress

Intel® Management Engine Components

iTunes

Java 7 Update 25

Java Auto Updater

JMicron Flash Media Controller Driver

Lennar Digital Sylenth VSTi v1.2.1

Lexicon PSP42 1.4

LinPlug CronoX VSTi v2.04

Logitech Gaming Software

Logitech Gaming Software 8.20

Logitech Webcam Software

LWS Facebook

LWS Gallery

LWS Help_main

LWS Launcher

LWS Motion Detection

LWS Pictures And Video

LWS Twitter

LWS Webcam Software

LWS WLM Plugin

LWS YouTube Plugin

MagniPic

Menu Templates - Starter Kit

Microsoft .NET Framework 4 Client Profile

Microsoft Office XP Professional with FrontPage

Microsoft Silverlight

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

Microsoft_VC80_CRT_x86

Microsoft_VC90_CRT_x86

MOTU Hardware

Movie Templates - Starter Kit

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Mutual Public

Native Instruments Electronic Instruments 2 XT

Native Instruments Guitar Rig v1.1.1

Nero 9

Nero Burning ROM Help

Nero BurnRights

Nero ControlCenter

Nero CoverDesigner

Nero CoverDesigner Help

Nero Disc Copy Gadget

Nero Disc Copy Gadget Help

Nero DiscSpeed

Nero DriveSpeed

Nero Express Help

Nero InfoTool

Nero Installer

Nero Live

Nero Live Help

Nero PhotoSnap

Nero PhotoSnap Help

Nero Recode

Nero Recode Help

Nero Rescue Agent

Nero RescueAgent Help

Nero ShowTime

Nero StartSmart

Nero StartSmart Help

Nero Vision

Nero WaveEditor

Nero WaveEditor Help

NeroBurningROM

NeroExpress

NeroLiveGadget

NeroLiveGadget Help

neroxml

NomadFactory Bluetubes VST v2.02

Nord Sound Manager V1.02

NVIDIA 3D Vision Driver 268.49

NVIDIA Control Panel 268.49

NVIDIA Graphics Driver 268.49

NVIDIA HD Audio Driver 1.2.22.1

NVIDIA Install Application

NVIDIA PhysX

NVIDIA PhysX System Software 9.10.0514

NVIDIA Stereoscopic 3D Driver

PCM Native Reverb VST Plug-in

PDF Password Cracker Pro v3.2

PDF Password Remover v3.1

PDF Settings CS6

ph

Protector Suite 2009

QuickTime

r8brain 1.9

Realtek High Definition Audio Driver

REAPER

Renesas Electronics USB 3.0 Host Controller Driver

rgcAudio z3ta+ v1.0

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)

SendSpace Wizard

SFX Machine RT VST v1.0.3

Skype Click to Call

Skype™ 6.6

Sonalksis Plug-Ins for Windows 2.02

Sonnox Oxford Inflator Native VST v1.5.1

Sonnox Oxford Limiter Native VST v1.1.1

Sonnox Oxford R3 Dynamics Native VST v1.3.1

Sonnox Oxford R3 EQ Native VST v1.6.1

Sonnox Oxford TransMod Native VST v1.3.1

SoundTrax

SPL Analog Code Transient Designer VST RTAS v1.1

SSL LMC-1 v1.0

Steinberg Cubase 5

Steinberg UR28M Applications

Steinberg VST Classics 1 64bit

SUPERAntiSpyware

Synaptics Pointing Device Driver

SyncerSoft Analog Voice VSTi

Synth1

TouchFreeze

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939)

VideoLAN VLC media player 0.8.6i

Waldorf Largo

WaveLab 6

Waves Complete VST RTAS TDM v7.1.16

Windows Driver Package - GoPro (WinUSB) Universal Serial Bus devices  (03/07/2012 )

Windows Live Mesh ActiveX Control for Remote Connections

WinRAR 4.01 (64-bit)

Workspace Desktop

Yamaha Steinberg USB Driver

.

==== Event Viewer Messages From Past Week ========

.

29/08/2013 10:36:42 a.m., Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  cdrom SABKUTIL

29/08/2013 10:35:12 a.m., Error: Service Control Manager [7034]  - The computation-engine service terminated unexpectedly.  It has done this 1 time(s).

29/08/2013 08:41:16 a.m., Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.

29/08/2013 07:10:17 a.m., Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service NVSvc with arguments "" in order to run the server: {DCAB0989-1301-4319-BE5F-ADE89F88581C}

.

==== End Of File ===========================
Link to post
Share on other sites

DDS (Ver_2012-11-20.01) - NTFS_AMD64 

Internet Explorer: 10.0.9200.16660  BrowserJavaVersion: 10.25.2

Run by Kamino at 11:31:00 on 2013-08-29

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.12266.9090 [GMT -6:00]

.

AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k WbioSvcGroup

C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

C:\Windows\System32\WUDFHost.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bigfoot Networks\Killer Network Manager\BFNService.exe

C:\Program Files (x86)\Workspace\offSyncService.exe

C:\Program Files (x86)\MOTU\motuDNSResponder.exe

C:\Program Files\mutualpublic\Monitor.exe

C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe

C:\Windows\system32\nvvsvc.exe

C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files\Protector Suite\upeksvr.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Users\Kamino\AppData\Local\Facebook\Update\FacebookUpdate.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Program Files (x86)\Workspace\workspacestatus.exe

C:\Program Files (x86)\Workspace\wben.exe

C:\Users\Kamino\AppData\Local\Workspace\workspaceupdate.exe

C:\Program Files\Bigfoot Networks\Killer Network Manager\KillerNetManager.exe

C:\Program Files (x86)\CineForm\Tools\GoProCineFormStatusViewer.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\MOTU\Audio\MFWAKeys.exe

C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe

C:\Users\Kamino\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

mWinlogon: Userinit = userinit.exe

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

uRun: [Facebook Update] "C:\Users\Kamino\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

uRun: [Workspace Status] "C:\Program Files (x86)\Workspace\workspacestatus.exe"

uRun: [wben] "C:\Program Files (x86)\Workspace\wben.exe"

uRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

uRun: [starfield Updater] "C:\Users\Kamino\AppData\Local\Workspace\WorkspaceUpdate.exe"

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide

mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin

mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

StartupFolder: C:\Users\Kamino\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Kamino\AppData\Roaming\Dropbox\bin\Dropbox.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADMINI~1.LNK - C:\Program Files\Bigfoot Networks\Killer Network Manager\KillerNetManager.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CINEFO~1.LNK - C:\Program Files (x86)\CineForm\Tools\GoProCineFormStatusViewer.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MOTUPE~1.LNK - C:\Program Files (x86)\MOTU\Audio\MFWAKeys.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDrives = dword:0

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: PromptOnSecureDesktop = dword:0

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office10\EXCEL.EXE/3000

LSP: %SYSTEMROOT%\system32\BfLLR.dll

TCP: NameServer = 10.0.0.138

TCP: Interfaces\{6EF861FE-7944-484C-9431-95DCC0D1DB5F} : DHCPNameServer = 10.0.0.138

TCP: Interfaces\{6EF861FE-7944-484C-9431-95DCC0D1DB5F}\2426F687D21473147393335414D253 : DHCPNameServer = 192.168.1.254

TCP: Interfaces\{6EF861FE-7944-484C-9431-95DCC0D1DB5F}\2454C4C4831373 : DHCPNameServer = 192.168.2.1

TCP: Interfaces\{E6CBBDBA-2DC9-4FC1-A808-7A941F1583C7} : DHCPNameServer = 10.0.0.138

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

SSODL: WebCheck - <orphaned>

LSA: Notification Packages =  scecli C:\Program Files\Protector Suite\psqlpwd.dll

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe

x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - <orphaned>

x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Notify: psfus - C:\Program Files\Protector Suite\psqlpwd.dll

x64-SSODL: WebCheck - <orphaned>

.

============= SERVICES / DRIVERS ===============

.

R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2013-7-21 56208]

R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2013-3-28 28600]

R1 BfLwf;Bigfoot Networks Bandwidth Control;C:\Windows\System32\drivers\bflwfx64.sys [2012-2-1 75368]

R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]

R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]

R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-7-18 146816]

R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2013-3-1 84024]

R2 AntiVirService;Avira Real-Time Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2013-3-1 108088]

R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2013-3-28 105344]

R2 Bigfoot Networks Killer Service;Bigfoot Networks Killer Service;C:\Program Files\Bigfoot Networks\Killer Network Manager\BFNService.exe [2012-2-1 490496]

R2 File Backup;File Backup Service;C:\Program Files (x86)\Workspace\offSyncService.exe [2012-1-5 1187040]

R2 MOTU_ZeroConf;MOTU_ZeroConf;C:\Program Files (x86)\MOTU\motuDNSResponder.exe [2013-4-30 390984]

R2 Mutual Monitor;Mutual Monitor;C:\Program Files\mutualpublic\Monitor.exe run --> C:\Program Files\mutualpublic\Monitor.exe run [?]

R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-8-14 3291008]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-5-5 378472]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-1-31 2656280]

R3 Ak27x64;Killer Wireless-N 1102 device driver;C:\Windows\System32\drivers\Ak27x64.sys [2012-2-1 2740328]

R3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2012-1-31 174680]

R3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);C:\Windows\System32\drivers\JME.sys [2012-1-31 115312]

R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2009-11-23 22408]

R3 motubus;MOTU Audio MIDI Extension;C:\Windows\System32\drivers\motubus64.sys [2013-4-30 30288]

R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-11-19 80384]

R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-11-19 181248]

R3 ysusb64;Yamaha Steinberg USB Audio;C:\Windows\System32\drivers\ysusb64.sys [2013-1-29 113960]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 computation-engine;computation-engine;C:\temp\cm5.exe [2013-8-29 1066496]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-21 162408]

S3 HP8207_8307;HP-HP8207_8307;C:\Windows\System32\drivers\HP8207_8307.sys [2010-2-4 15360]

S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2009-11-23 16008]

S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-9-21 351520]

S3 LVUVC64;Logitech Webcam C160(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-9-21 4763680]

S3 MFWAMIDI64;MOTU Audio MIDI for 64 bit;C:\Windows\System32\drivers\mfwamidi64.sys [2011-11-9 32368]

S3 MFWAWAVE64;MOTU Audio Wave for 64 bit;C:\Windows\System32\drivers\mfwawave64.sys [2011-11-9 82544]

S3 MotuFWA64;MotuFWA64;C:\Windows\System32\drivers\MotuFWA64.sys [2011-11-9 607856]

S3 MOTUMicroBook;MOTU MicroBook;C:\Windows\System32\drivers\MOTUMicroBook.sys [2013-4-30 73296]

S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-2-18 1255736]

S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]

.

=============== Created Last 30 ================

.

2013-08-29 17:17:44 -------- d-----w- C:\Users\Kamino\AppData\Local\Apple

2013-08-29 17:17:37 -------- d-----w- C:\Users\Kamino\AppData\Local\Apple Computer

2013-08-29 17:09:20 -------- d-----w- C:\FRST

2013-08-29 14:36:24 -------- d-----w- C:\Program Files (x86)\ESET

2013-08-29 13:08:40 -------- d-----w- C:\Windows\ERUNT

2013-08-29 12:58:51 -------- d-----w- C:\AdwCleaner

2013-08-29 12:55:23 -------- d-sh--w- C:\$RECYCLE.BIN

2013-08-29 12:50:41 98816 ----a-w- C:\Windows\sed.exe

2013-08-29 12:50:41 256000 ----a-w- C:\Windows\PEV.exe

2013-08-29 12:50:41 208896 ----a-w- C:\Windows\MBR.exe

2013-08-29 11:15:01 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2013-08-29 10:56:13 -------- d-----w- C:\Users\Kamino\AppData\Local\Adobe

2013-08-29 08:24:37 -------- d-----w- C:\Users\Kamino\AppData\Roaming\SUPERAntiSpyware.com

2013-08-29 08:24:37 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com

2013-08-29 08:24:34 -------- d-----w- C:\ProgramData\!SASCORE

2013-08-29 08:24:34 -------- d-----w- C:\Program Files\SUPERAntiSpyware

2013-08-27 07:56:18 9515512 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{76C0A331-F3E2-4542-AF87-7DCC2C5F670F}\mpengine.dll

2013-08-21 02:28:09 -------- d-----w- C:\Users\Kamino\AppData\Roaming\PDAppFlex

2013-08-20 01:37:10 -------- d-----w- C:\Users\Kamino\AppData\Roaming\Malwarebytes

2013-08-20 01:37:07 -------- d-----w- C:\ProgramData\Malwarebytes

2013-08-15 12:46:01 -------- d-----w- C:\Users\Kamino\AppData\Local\DTClient

2013-08-15 10:58:33 -------- d-----w- C:\Users\Kamino\AppData\Roaming\DAEMON Tools Ultra

2013-08-15 10:57:58 -------- d-----w- C:\ProgramData\DAEMON Tools Ultra

2013-08-15 10:55:46 180088 ----a-w- C:\Windows\pfolder.exe

2013-08-15 10:55:45 127864 ----a-w- C:\Windows\System32\ptdllrun1.exe

2013-08-15 10:55:45 101752 ----a-w- C:\Windows\SysWow64\ptdllrun1.exe

2013-08-15 10:55:45 -------- d-----w- C:\Program Files\Pismo File Mount Audit Package

2013-08-13 22:44:30 224256 ----a-w- C:\Windows\System32\wintrust.dll

.

==================== Find3M  ====================

.

2013-08-29 14:43:12 81112 ----a-w- C:\Windows\System32\drivers\avnetflt.sys

2013-08-29 14:43:12 105344 ----a-w- C:\Windows\System32\drivers\avgntflt.sys

2013-08-21 02:53:13 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-08-21 02:53:13 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-08-21 02:53:09 17737608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe

2013-07-26 05:13:37 2241024 ----a-w- C:\Windows\System32\wininet.dll

2013-07-26 05:12:08 3958784 ----a-w- C:\Windows\System32\jscript9.dll

2013-07-26 05:12:04 136704 ----a-w- C:\Windows\System32\iesysprep.dll

2013-07-26 05:12:03 67072 ----a-w- C:\Windows\System32\iesetup.dll

2013-07-26 03:35:08 2706432 ----a-w- C:\Windows\System32\mshtml.tlb

2013-07-26 03:13:24 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-07-26 03:12:04 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-07-26 03:12:00 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll

2013-07-26 03:12:00 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll

2013-07-26 02:49:14 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-07-26 02:39:38 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe

2013-07-26 01:59:38 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe

2013-07-25 09:25:54 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL

2013-07-25 08:57:27 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL

2013-07-19 01:58:42 2048 ----a-w- C:\Windows\System32\tzres.dll

2013-07-19 01:41:01 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2013-07-09 06:03:30 5550528 ----a-w- C:\Windows\System32\ntoskrnl.exe

2013-07-09 05:54:22 1732032 ----a-w- C:\Windows\System32\ntdll.dll

2013-07-09 05:53:12 243712 ----a-w- C:\Windows\System32\wow64.dll

2013-07-09 05:51:16 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll

2013-07-09 05:46:20 184320 ----a-w- C:\Windows\System32\cryptsvc.dll

2013-07-09 05:46:20 1472512 ----a-w- C:\Windows\System32\crypt32.dll

2013-07-09 05:46:20 139776 ----a-w- C:\Windows\System32\cryptnet.dll

2013-07-09 05:03:34 3968960 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2013-07-09 05:03:34 3913664 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2013-07-09 04:53:47 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll

2013-07-09 04:52:33 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll

2013-07-09 04:52:33 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2013-07-09 04:52:10 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll

2013-07-09 04:46:31 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2013-07-09 04:46:31 1166848 ----a-w- C:\Windows\SysWow64\crypt32.dll

2013-07-09 04:46:31 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll

2013-07-09 04:45:07 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

2013-07-09 02:49:42 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2013-07-09 02:49:41 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2013-07-09 02:49:39 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2013-07-09 02:49:38 2048 ----a-w- C:\Windows\SysWow64\user.exe

2013-07-06 06:03:53 1910208 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2013-07-03 14:28:49 2892 ----a-w- C:\Windows\SysWow64\audcon.sys

2013-06-15 04:32:16 39936 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys

2013-06-13 03:48:23 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2013-06-13 03:48:17 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2013-06-13 03:47:57 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2013-06-05 03:34:27 3153920 ----a-w- C:\Windows\System32\win32k.sys

2013-06-04 06:00:13 624128 ----a-w- C:\Windows\System32\qedit.dll

2013-06-04 04:53:07 509440 ----a-w- C:\Windows\SysWow64\qedit.dll

2012-10-19 13:10:36 4096000 ----a-w- C:\Program Files (x86)\GUT4598.tmp

.

============= FINISH: 11:31:06.91 ===============
Link to post
Share on other sites

Step 1

Please uninstall this application: MagniPic

Step 2

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 3

  • Download on the desktop RogueKiller
  • Quit all programs
  • Start RogueKiller.exe
  • Wait until Prescan has finished ...
  • Click on Scan. Click on Report and copy/paste the content of the notepad in your next reply.
In your next reply, post the following log files:
  • Malwarebytes' Anti-Malware log
  • RogueKiller log
Link to post
Share on other sites

Malwarebytes Anti-Malware (Trial) 1.75.0.1300

www.malwarebytes.org

 

Database version: v2013.08.30.06

 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 10.0.9200.16660

Kamino :: KAMINO-PC [administrator]

 

Protection: Enabled

 

30/08/2013 01:09:18 p.m.

mbam-log-2013-08-30 (13-09-18).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 222459

Time elapsed: 1 minute(s), 36 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end)

 

-------------------------------------------

 


RogueKiller V8.6.7 _x64_ [Aug 28 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com




 

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Kamino [Admin rights]

Mode : Scan -- Date : 08/30/2013 13:14:08

| ARK || FAK || MBR |

 

¤¤¤ Bad processes : 2 ¤¤¤

[sUSP PATH] cm5.exe -- c:\temp\cm5.exe [-] -> KILLED [TermProc]

[sUSP PATH] workspaceupdate.exe -- C:\Users\Kamino\AppData\Local\Workspace\workspaceupdate.exe [7] -> KILLED [TermProc]

 

¤¤¤ Registry Entries : 4 ¤¤¤

[RUN][sUSP PATH] HKCU\[...]\Run : Starfield Updater ("C:\Users\Kamino\AppData\Local\Workspace\WorkspaceUpdate.exe" [7]) -> FOUND

[RUN][sUSP PATH] HKUS\S-1-5-21-624151497-22980530-843776449-1000\[...]\Run : Starfield Updater ("C:\Users\Kamino\AppData\Local\Workspace\WorkspaceUpdate.exe" [7]) -> FOUND

[HJ POL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND

[HJ POL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND

 

¤¤¤ Scheduled tasks : 0 ¤¤¤

 

¤¤¤ Startup Entries : 0 ¤¤¤

 

¤¤¤ Web browsers : 0 ¤¤¤

 

¤¤¤ Particular Files / Folders: ¤¤¤

 

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

 

¤¤¤ External Hives: ¤¤¤

 

¤¤¤ Infection :  ¤¤¤

 

¤¤¤ HOSTS File: ¤¤¤

--> %SystemRoot%\System32\drivers\etc\hosts

 

 

127.0.0.1       localhost

 

 

¤¤¤ MBR Check: ¤¤¤

 

+++++ PhysicalDrive0: INTEL SSDSC2CW120A ATA Device +++++

--- User ---

[MBR] 444122ba4a1f8a28b92bea90798219ed

[bSP] d94e1794f5f47faeddcdd6b93f928396 : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 114371 Mo

User = LL1 ... OK!

User = LL2 ... OK!

 

+++++ PhysicalDrive1: INTEL SSDSC2CW120A ATA Device +++++

--- User ---

[MBR] 8466bd4ad337a599c2ffde51501170e7

[bSP] 87acf557337d0c5242348f47d743a061 : Windows 7/8 MBR Code

Partition table:

0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476838 Mo

User = LL1 ... OK!

User = LL2 ... OK!

 

+++++ PhysicalDrive2: INTEL SSDSC2CW120A ATA Device +++++

--- User ---

[MBR] 76096c62a8b7700a7420d4086433fec3

[bSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code

Partition table:

0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 32768 | Size: 60890 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

 

Finished : << RKreport[0]_S_08302013_131408.txt >>

RKreport[0]_D_08292013_044758.txt;RKreport[0]_D_08292013_070520.txt;RKreport[0]_D_08292013_070605.txt

RKreport[0]_S_08292013_044745.txt;RKreport[0]_S_08292013_044832.txt;RKreport[0]_S_08292013_045527.txt

RKreport[0]_S_08292013_070457.txt;RKreport[0]_S_08292013_070518.txt;RKreport[0]_S_08292013_070548.txt

 

 

 

 

Link to post
Share on other sites

Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file. Please be patient as it can take some time to load.
  • Please copy/paste the contents or attach that log file to your next reply.
  • If needed the file can be located here: C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.
Link to post
Share on other sites

ComboFix 13-08-30.02 - Kamino 30/08/2013  17:24:35.2.8 - x64

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.12266.8172 [GMT -6:00]

Running from: c:\users\Kamino\Desktop\ComboFix.exe

AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\isRS-000.tmp

.

.

(((((((((((((((((((((((((   Files Created from 2013-07-28 to 2013-08-30  )))))))))))))))))))))))))))))))

.

.

2013-08-30 23:26 . 2013-08-30 23:26 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-08-30 19:05 . 2010-04-29 21:39 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys

2013-08-30 19:05 . 2013-08-30 19:08 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2013-08-30 19:05 . 2013-04-04 20:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-08-30 18:30 . 2013-08-06 08:58 9515512 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EE4F1E38-B8B7-46D6-82B4-529571FE6AFD}\mpengine.dll

2013-08-29 17:17 . 2013-08-29 17:17 -------- d-----w- c:\users\Kamino\AppData\Local\Apple

2013-08-29 17:17 . 2013-08-29 17:17 -------- d-----w- c:\users\Kamino\AppData\Local\Apple Computer

2013-08-29 17:09 . 2013-08-29 17:09 -------- d-----w- C:\FRST

2013-08-29 14:36 . 2013-08-29 14:36 -------- d-----w- c:\program files (x86)\ESET

2013-08-29 13:08 . 2013-08-29 13:08 -------- d-----w- c:\windows\ERUNT

2013-08-29 12:58 . 2013-08-29 13:07 -------- d-----w- C:\AdwCleaner

2013-08-29 11:15 . 2013-08-30 19:03 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)

2013-08-29 10:56 . 2013-08-30 21:03 -------- d-----w- c:\users\Kamino\AppData\Local\Adobe

2013-08-29 08:24 . 2013-08-29 08:24 -------- d-----w- c:\users\Kamino\AppData\Roaming\SUPERAntiSpyware.com

2013-08-29 08:24 . 2013-08-29 08:24 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2013-08-29 08:24 . 2013-08-29 13:01 -------- d-----w- c:\program files\SUPERAntiSpyware

2013-08-29 08:24 . 2013-08-29 08:24 -------- d-----w- c:\programdata\!SASCORE

2013-08-21 02:28 . 2013-08-21 02:28 -------- d-----w- c:\users\Kamino\AppData\Roaming\PDAppFlex

2013-08-20 01:37 . 2013-08-20 01:37 -------- d-----w- c:\users\Kamino\AppData\Roaming\Malwarebytes

2013-08-20 01:37 . 2013-08-20 01:37 -------- d-----w- c:\programdata\Malwarebytes

2013-08-15 12:46 . 2013-08-15 12:46 -------- d-----w- c:\users\Kamino\AppData\Local\DTClient

2013-08-15 10:58 . 2013-08-15 11:00 -------- d-----w- c:\users\Kamino\AppData\Roaming\DAEMON Tools Ultra

2013-08-15 10:57 . 2013-08-15 10:58 -------- d-----w- c:\programdata\DAEMON Tools Ultra

2013-08-15 10:55 . 2013-04-10 20:22 180088 ----a-w- c:\windows\pfolder.exe

2013-08-15 10:55 . 2013-08-15 16:01 -------- d-----w- c:\program files\Pismo File Mount Audit Package

2013-08-15 10:55 . 2013-04-10 20:17 101752 ----a-w- c:\windows\SysWow64\ptdllrun1.exe

2013-08-15 10:55 . 2013-04-10 20:17 127864 ----a-w- c:\windows\system32\ptdllrun1.exe

2013-08-13 22:44 . 2013-07-09 05:52 224256 ----a-w- c:\windows\system32\wintrust.dll

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-08-29 14:43 . 2013-05-09 23:29 81112 ----a-w- c:\windows\system32\drivers\avnetflt.sys

2013-08-29 14:43 . 2013-03-28 07:48 132088 ----a-w- c:\windows\system32\drivers\avipbb.sys

2013-08-29 14:43 . 2013-03-28 07:48 105344 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2013-08-21 02:53 . 2013-02-06 10:13 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-08-21 02:53 . 2012-02-15 02:21 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-08-21 02:53 . 2013-02-10 00:52 17737608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe

2013-08-14 08:41 . 2012-02-15 09:22 78161360 ----a-w- c:\windows\system32\MRT.exe

2013-07-09 04:45 . 2013-08-13 22:44 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2013-07-03 14:28 . 2013-07-03 14:28 2892 ----a-w- c:\windows\SysWow64\audcon.sys

2013-07-01 23:20 . 2013-07-01 23:20 97280 ----a-w- c:\windows\system32\mshtmled.dll

2013-07-01 23:20 . 2013-07-01 23:20 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll

2013-07-01 23:20 . 2013-07-01 23:20 81408 ----a-w- c:\windows\system32\icardie.dll

2013-07-01 23:20 . 2013-07-01 23:20 762368 ----a-w- c:\windows\system32\ieapfltr.dll

2013-07-01 23:20 . 2013-07-01 23:20 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

2013-07-01 23:20 . 2013-07-01 23:20 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll

2013-07-01 23:20 . 2013-07-01 23:20 61952 ----a-w- c:\windows\SysWow64\tdc.ocx

2013-07-01 23:20 . 2013-07-01 23:20 599552 ----a-w- c:\windows\system32\vbscript.dll

2013-07-01 23:20 . 2013-07-01 23:20 523264 ----a-w- c:\windows\SysWow64\vbscript.dll

2013-07-01 23:20 . 2013-07-01 23:20 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

2013-07-01 23:20 . 2013-07-01 23:20 452096 ----a-w- c:\windows\system32\dxtmsft.dll

2013-07-01 23:20 . 2013-07-01 23:20 441856 ----a-w- c:\windows\system32\html.iec

2013-07-01 23:20 . 2013-07-01 23:20 38400 ----a-w- c:\windows\SysWow64\imgutil.dll

2013-07-01 23:20 . 2013-07-01 23:20 361984 ----a-w- c:\windows\SysWow64\html.iec

2013-07-01 23:20 . 2013-07-01 23:20 281600 ----a-w- c:\windows\system32\dxtrans.dll

2013-07-01 23:20 . 2013-07-01 23:20 27648 ----a-w- c:\windows\system32\licmgr10.dll

2013-07-01 23:20 . 2013-07-01 23:20 270848 ----a-w- c:\windows\system32\iedkcs32.dll

2013-07-01 23:20 . 2013-07-01 23:20 247296 ----a-w- c:\windows\system32\webcheck.dll

2013-07-01 23:20 . 2013-07-01 23:20 235008 ----a-w- c:\windows\system32\url.dll

2013-07-01 23:20 . 2013-07-01 23:20 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll

2013-07-01 23:20 . 2013-07-01 23:20 226304 ----a-w- c:\windows\system32\elshyph.dll

2013-07-01 23:20 . 2013-07-01 23:20 216064 ----a-w- c:\windows\system32\msls31.dll

2013-07-01 23:20 . 2013-07-01 23:20 197120 ----a-w- c:\windows\system32\msrating.dll

2013-07-01 23:20 . 2013-07-01 23:20 185344 ----a-w- c:\windows\SysWow64\elshyph.dll

2013-07-01 23:20 . 2013-07-01 23:20 167424 ----a-w- c:\windows\system32\iexpress.exe

2013-07-01 23:20 . 2013-07-01 23:20 158720 ----a-w- c:\windows\SysWow64\msls31.dll

2013-07-01 23:20 . 2013-07-01 23:20 1509376 ----a-w- c:\windows\system32\inetcpl.cpl

2013-07-01 23:20 . 2013-07-01 23:20 150528 ----a-w- c:\windows\SysWow64\iexpress.exe

2013-07-01 23:20 . 2013-07-01 23:20 144896 ----a-w- c:\windows\system32\wextract.exe

2013-07-01 23:20 . 2013-07-01 23:20 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2013-07-01 23:20 . 2013-07-01 23:20 1400416 ----a-w- c:\windows\system32\ieapfltr.dat

2013-07-01 23:20 . 2013-07-01 23:20 138752 ----a-w- c:\windows\SysWow64\wextract.exe

2013-07-01 23:20 . 2013-07-01 23:20 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2013-07-01 23:20 . 2013-07-01 23:20 12800 ----a-w- c:\windows\SysWow64\mshta.exe

2013-07-01 23:20 . 2013-07-01 23:20 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

2013-07-01 23:20 . 2013-07-01 23:20 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe

2013-07-01 23:20 . 2013-07-01 23:20 102912 ----a-w- c:\windows\system32\inseng.dll

2013-07-01 23:20 . 2013-07-01 23:20 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2013-07-01 23:20 . 2013-07-01 23:20 77312 ----a-w- c:\windows\system32\tdc.ocx

2013-07-01 23:20 . 2013-07-01 23:20 62976 ----a-w- c:\windows\system32\pngfilt.dll

2013-07-01 23:20 . 2013-07-01 23:20 52224 ----a-w- c:\windows\system32\msfeedsbs.dll

2013-07-01 23:20 . 2013-07-01 23:20 51200 ----a-w- c:\windows\system32\imgutil.dll

2013-07-01 23:20 . 2013-07-01 23:20 48640 ----a-w- c:\windows\system32\mshtmler.dll

2013-07-01 23:20 . 2013-07-01 23:20 173568 ----a-w- c:\windows\system32\ieUnatt.exe

2013-07-01 23:20 . 2013-07-01 23:20 149504 ----a-w- c:\windows\system32\occache.dll

2013-07-01 23:20 . 2013-07-01 23:20 13824 ----a-w- c:\windows\system32\mshta.exe

2013-07-01 23:20 . 2013-07-01 23:20 136192 ----a-w- c:\windows\system32\iepeers.dll

2013-07-01 23:20 . 2013-07-01 23:20 135680 ----a-w- c:\windows\system32\IEAdvpack.dll

2013-07-01 23:20 . 2013-07-01 23:20 12800 ----a-w- c:\windows\system32\msfeedssync.exe

2013-06-13 03:48 . 2013-06-18 07:26 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2013-06-13 03:48 . 2013-06-18 07:26 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll

2013-06-13 03:47 . 2013-06-18 07:26 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2013-06-05 03:34 . 2013-07-11 00:16 3153920 ----a-w- c:\windows\system32\win32k.sys

2013-06-04 06:00 . 2013-07-11 00:16 624128 ----a-w- c:\windows\system32\qedit.dll

2013-06-04 04:53 . 2013-07-11 00:16 509440 ----a-w- c:\windows\SysWow64\qedit.dll

2012-10-19 13:10 . 2012-10-19 13:10 4096000 ----a-w- c:\program files (x86)\GUT4598.tmp

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2013-05-25 00:36 130736 ----a-w- c:\users\Kamino\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2013-05-25 00:36 130736 ----a-w- c:\users\Kamino\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2013-05-25 00:36 130736 ----a-w- c:\users\Kamino\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2013-05-25 00:36 130736 ----a-w- c:\users\Kamino\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Facebook Update"="c:\users\Kamino\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-10-19 138096]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-06-21 19875432]

"Workspace Status"="c:\program files (x86)\Workspace\workspacestatus.exe" [2013-07-30 694760]

"wben"="c:\program files (x86)\Workspace\wben.exe" [2013-07-26 1569488]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-08-29 6581488]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]

"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2012-09-13 204136]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-08-29 347192]

"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]

"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]

.

c:\users\Kamino\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Kamino\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-24 27776968]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Administrador de Red Killer de Bigfoot Networks.lnk - c:\program files\Bigfoot Networks\Killer Network Manager\KillerNetManager.exe -minimized [2012-2-1 550912]

CineForm Status.lnk - c:\program files (x86)\CineForm\Tools\GoProCineFormStatusViewer.exe [2012-10-28 152064]

MOTU Pedal Service.lnk - c:\program files (x86)\MOTU\Audio\MFWAKeys.exe [2013-4-30 1457480]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"Userinit"="userinit.exe"

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ   scecli c:\program files\Protector Suite\psqlpwd.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

R1 SABKUTIL;SABKUTIL;c:\program files\SUPERAntiSpyware\SABKUTIL.sys;c:\program files\SUPERAntiSpyware\SABKUTIL.sys [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 Mutual Monitor;Mutual Monitor;c:\program files\mutualpublic\Monitor.exe run;c:\program files\mutualpublic\Monitor.exe run [x]

R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

R3 HP8207_8307;HP-HP8207_8307;c:\windows\system32\DRIVERS\HP8207_8307.sys;c:\windows\SYSNATIVE\DRIVERS\HP8207_8307.sys [x]

R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]

R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]

R3 LVUVC64;Logitech Webcam C160(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]

R3 MFWAMIDI64;MOTU Audio MIDI for 64 bit;c:\windows\system32\drivers\MFWAMIDI64.sys;c:\windows\SYSNATIVE\drivers\MFWAMIDI64.sys [x]

R3 MFWAWAVE64;MOTU Audio Wave for 64 bit;c:\windows\system32\drivers\MFWAWAVE64.sys;c:\windows\SYSNATIVE\drivers\MFWAWAVE64.sys [x]

R3 MotuFWA64;MotuFWA64;c:\windows\system32\drivers\Motufwa64.sys;c:\windows\SYSNATIVE\drivers\Motufwa64.sys [x]

R3 MOTUMicroBook;MOTU MicroBook;c:\windows\system32\Drivers\MOTUMicroBook.sys;c:\windows\SYSNATIVE\Drivers\MOTUMicroBook.sys [x]

R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]

S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]

S1 BfLwf;Bigfoot Networks Bandwidth Control;c:\windows\system32\DRIVERS\bflwfx64.sys;c:\windows\SYSNATIVE\DRIVERS\bflwfx64.sys [x]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]

S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]

S2 Bigfoot Networks Killer Service;Bigfoot Networks Killer Service;c:\program files\Bigfoot Networks\Killer Network Manager\BFNService.exe;c:\program files\Bigfoot Networks\Killer Network Manager\BFNService.exe [x]

S2 File Backup;File Backup Service;c:\program files (x86)\Workspace\offSyncService.exe;c:\program files (x86)\Workspace\offSyncService.exe [x]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]

S2 MOTU_ZeroConf;MOTU_ZeroConf;c:\program files (x86)\MOTU\motuDNSResponder.exe;c:\program files (x86)\MOTU\motuDNSResponder.exe [x]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]

S3 Ak27x64;Killer Wireless-N 1102 device driver;c:\windows\system32\DRIVERS\Ak27x64.sys;c:\windows\SYSNATIVE\DRIVERS\Ak27x64.sys [x]

S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]

S3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);c:\windows\system32\DRIVERS\JME.sys;c:\windows\SYSNATIVE\DRIVERS\JME.sys [x]

S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]

S3 motubus;MOTU Audio MIDI Extension;c:\windows\system32\drivers\MotuBus64.sys;c:\windows\SYSNATIVE\drivers\MotuBus64.sys [x]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]

S3 ysusb64;Yamaha Steinberg USB Audio;c:\windows\system32\drivers\ysusb64.sys;c:\windows\SYSNATIVE\drivers\ysusb64.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - MBAMPROTECTOR

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-08-22 04:56 1177552 ----a-w- c:\program files (x86)\Google\Chrome\Application\29.0.1547.57\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2013-08-29 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-06 02:53]

.

2013-08-29 c:\windows\Tasks\AdobeAAMUpdater-1.0-Kamino-PC-Kamino.job

- c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2013-08-21 12:09]

.

2013-08-28 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-624151497-22980530-843776449-1000Core.job

- c:\users\Kamino\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-02-24 17:45]

.

2013-08-29 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-624151497-22980530-843776449-1000UA.job

- c:\users\Kamino\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-02-24 17:45]

.

2013-08-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-14 23:34]

.

2013-08-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-14 23:34]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2013-05-25 00:36 164016 ----a-w- c:\users\Kamino\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2013-05-25 00:36 164016 ----a-w- c:\users\Kamino\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2013-05-25 00:36 164016 ----a-w- c:\users\Kamino\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2013-05-25 00:36 164016 ----a-w- c:\users\Kamino\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\off0]

@="{8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5}"

[HKEY_CLASSES_ROOT\CLSID\{8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5}]

2012-10-19 18:04 1308432 ----a-w- c:\program files (x86)\Workspace\offsyncext64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\off1]

@="{8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5}"

[HKEY_CLASSES_ROOT\CLSID\{8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5}]

2012-10-19 18:04 1308432 ----a-w- c:\program files (x86)\Workspace\offsyncext64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]

@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"

[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]

2010-04-27 21:48 5947656 ----a-w- c:\program files\Protector Suite\farchns.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]

@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"

[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]

2010-04-27 21:48 5947656 ----a-w- c:\program files\Protector Suite\farchns.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-06-11 12503184]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = 

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office10\EXCEL.EXE/3000

LSP: %SYSTEMROOT%\system32\BfLLR.dll

TCP: DhcpNameServer = 10.0.0.138

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Toolbar-10 - (no file)

AddRemove-Adobe SVG Viewer - c:\windows\System32\Adobe\SVG Viewer\Uninst.isu

AddRemove-SendSpaceWizard - c:\program files (x86)\SendSpace\Wizard\Uninstall.exe

AddRemove-SFX Machine RT VST v1.0.3 - c:\archiv~1\VSTPLU~1\SFXMAC~1\UNINST~1\UNWISE.EXE

AddRemove-SyncerSoft Analog Voice VSTi - c:\vstplugins\SyncerSoft Analog Voice VSTi\uninstall.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]

"Version"=hex:76,b5,3f,27,9d,38,48,22,da,50,f9,92,39,8f,96,81,65,2a,10,eb,f8,

   c1,20,cb,d8,a8,f0,71,d9,0b,95,95,5e,26,2e,87,9c,76,46,ff,8b,f5,48,39,66,40,\

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]

"Version"=hex:76,b5,3f,27,9d,38,48,22,da,50,f9,92,39,8f,96,81,65,2a,10,eb,f8,

   c1,20,cb,d8,a8,f0,71,d9,0b,95,95,5e,26,2e,87,9c,76,46,ff,8b,f5,48,39,66,40,\

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2013-08-30  17:28:04

ComboFix-quarantined-files.txt  2013-08-30 23:28

ComboFix2.txt  2013-08-29 12:55

.

Pre-Run: 29,166,473,216 bytes free

Post-Run: 29,277,253,632 bytes free

.

- - End Of File - - DD29DBA41612A0BE9289E4DFC5B36913

A36C5E4F47E84449FF07ED3517B43A31
Link to post
Share on other sites

Please scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.

    ESET OnlineScan

  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.

      Save it to your Desktop.

    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under Scan Settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
Link to post
Share on other sites

C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\ApnIC[1].0 a variant of Win32/Bundled.Toolbar.Ask application

C:\AdwCleaner\Quarantine\C\Program Files (x86)\MagniPic\sprotector.dll.vir a variant of Win32/SProtector.A application cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\Program Files (x86)\MagniPic\uninstall.exe.vir Win32/SProtector.B application cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\Users\Kamino\AppData\Local\Babylon\Setup\BExternal.dll.vir a variant of Win32/Toolbar.Babylon.F application cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\Users\Kamino\AppData\Local\Babylon\Setup\IECookieLow.dll.vir a variant of Win32/Toolbar.Babylon.E application cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\Users\Kamino\AppData\Local\Babylon\Setup\Setup.exe.vir a variant of Win32/Toolbar.Babylon.H application cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\Users\Kamino\AppData\Local\Bundled software uninstaller\bi_client.exe.vir Win32/Somoto.A application cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\Windows\SysWOW64\ARFC\wrtc.exe.vir Win32/Toolbar.Perion.G application cleaned by deleting - quarantined

C:\Program Files (x86)\Avira\AntiVir Desktop\apnic.dll a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined

C:\Program Files (x86)\Avira\AntiVir Desktop\apntoolbarinstaller.exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined

C:\Program Files (x86)\Avira\AntiVir Desktop\Offercast_AVIRAV7_.exe a variant of Win32/Bundled.Toolbar.Ask.D application cleaned by deleting - quarantined

C:\System Volume Information\_restore{3352E4A5-F7F1-4D91-95CB-3C20CF37A5FE}\RP392\A0326128.exe Win32/Adware.1ClickDownload application cleaned by deleting - quarantined

C:\temp\cm5.exe probably a variant of Win32/BitCoinMiner.H application cleaned by deleting - quarantined

C:\temp\cm7.exe probably a variant of Win32/BitCoinMiner.H application cleaned by deleting - quarantined

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\ApnIC[1].0 a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined

E:\downloads 2\Adobe Premiere Pro CS3 [RH]\APPCS3_[RH].rar a variant of Win32/Keygen.AH application deleted - quarantined

E:\tooools\SetupImgBurn_2.5.7.0.exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined

E:\tooools\wares\plugins\Audio.Damage.Phase.Two.VST.v1.0.Incl.Keygen-AiR\a-adpt10.zip a variant of Win32/Keygen.AD application deleted - quarantined

E:\tooools\wares\plugins\Camel.Audio.Camel.Space.VST.v1.41.Incl.Keygen-AiR\a-ccs141.zip a variant of Win32/Keygen.AD application deleted - quarantined

E:\tooools\wares\plugins\Camel.Audio.Camel.Space.VST.v1.41.Incl.Keygen-AiR\a-ccs141\a-ccs141.rar a variant of Win32/Keygen.AD application deleted - quarantined

E:\tooools\wares\plugins\Camel.Audio.Camel.Space.VST.v1.41.Incl.Keygen-AiR\a-ccs141\a-ccs141\keygen.exe a variant of Win32/Keygen.AD application cleaned by deleting - quarantined

E:\tooools\wares\plugins\Devine.Machine.Lucifer.VST.v2.1.incl.Keygen-AiR\a-dmlv21.zip a variant of Win32/Keygen.AD application deleted - quarantined

E:\tooools\wares\plugins\Devine.Machine.V-Minion.VST.v1.0.incl.Keygen-AiR\a-dmvm10.zip a variant of Win32/Keygen.AD application deleted - quarantined

E:\tooools\wares\plugins\IK.Multimedia.AmpliTube.VST.RTAS.v2.1.incl.KeyGen-BEAT\b-amp21a.zip Win32/Keygen.FV application deleted - quarantined

E:\tooools\wares\plugins\LinPlug.SaxLab.VSTi.v1.4.incl.Keygen-AiR\a-lsl14a.zip a variant of Win32/Keygen.AD application deleted - quarantined

E:\tooools\wares\plugins\LinPlug.SaxLab.VSTi.v1.4.incl.Keygen-AiR\a-lsl14a\a-lsl14.rar a variant of Win32/Keygen.AD application deleted - quarantined

E:\tooools\wares\plugins\OhmForce.Hematohm.PRO.VST.v1.25.incl.Keygen-AiR\a-ohv125.zip a variant of Win32/Keygen.AD application deleted - quarantined

E:\tooools\wares\plugins\OhmForce.Ohmicide.VST.v1.02.Incl.Keygen-AiR\a-oov102.zip a variant of Win32/Keygen.AD application deleted - quarantined

E:\tooools\wares\plugins\OhmForce.Predatohm.PRO.VST.v1.35.incl.Keygen-AiR\a-opp135.zip a variant of Win32/Keygen.AD application deleted - quarantined

E:\tooools\wares\plugins\PSP.Audioware.MasterComp.VST.DX.RTAS.v1.0.Incl.Keygen.WORKING-AiR\a-pmc1wa.zip a variant of Win32/Keygen.AD application deleted - quarantined

E:\tooools\wares\plugins\PSP.Audioware.StereoPack.VST.DX.RTAS.v1.8.Incl.Keygen.WORKING-AiR\a-pstp18.zip a variant of Win32/Keygen.AD application deleted - quarantined

E:\tooools\wares\plugins\Synths\INTAKT~1\NATIVE~1.01-\SETUP.EXE a variant of Win32/Keygen.AA application cleaned by deleting - quarantined

E:\tooools\wares\plugins\Synths\Native Instruments Kontak#36C9A\Native Instruments Kontak#36C9C\Setup.exe a variant of Win32/Keygen.AA application cleaned by deleting - quarantined

E:\tooools\wares\plugins\Tone2.Filterbank2.VST.v2.5.Incl.Keygen-AiR\a-t2fb25.zip a variant of Win32/Keygen.AD application deleted - quarantined

E:\tooools\wares\programs\avira_free_antivirus_es.exe a variant of Win32/Bundled.Toolbar.Ask application deleted - quarantined

E:\tooools\wares\programs\SoftonicDownloader_para_windows-live-messenger-8-5.exe Win32/SoftonicDownloader.D application cleaned by deleting - quarantined

E:\tooools\wares\programs\Adobe Premiere Pro CS3 [RH]\APPCS3_[RH].rar a variant of Win32/Keygen.AH application deleted - quarantined

E:\tooools\wares\programs\SONY\Sony.Vegas.v6.0c.Incl.Keygen-SSG\Vegas Plugins\Vegas Plugin - Spicemaster.v2.0\SM2crack.exe a variant of Win32/HackTool.Patcher.AK application cleaned by deleting - quarantined

E:\tooools\wares\programs\Sound Forge 7\Sonic Foundry Sound Forge 7.0 incl keygen.exe a variant of Win32/Keygen.AQ application deleted - quarantined

E:\tooools\wares\synths\ABSYNTH 2\Native.Instruments.Absynth.v2.0.Incl.Keygen-OxYGeN (by hirnfikk)\keygen.exe a variant of Win32/Keygen.AA application cleaned by deleting - quarantined

E:\tooools\wares\synths\Absynth 2.4\Setup.exe a variant of Win32/Keygen.AA application cleaned by deleting - quarantined

E:\tooools\wares\synths\Copia de ABSYNTH 2\Native.Instruments.Absynth.v2.0.Incl.Keygen-OxYGeN (by hirnfikk)\keygen.exe a variant of Win32/Keygen.AA application cleaned by deleting - quarantined

E:\tooools\wares\synths\INTAKT~1\NATIVE~1.01-\SETUP.EXE a variant of Win32/Keygen.AA application cleaned by deleting - quarantined

E:\tooools\wares\synths\Native Instruments Kontak#36C9A\Native Instruments Kontak#36C9C\Setup.exe a variant of Win32/Keygen.AA application cleaned by deleting - quarantined

Link to post
Share on other sites

Step 1

Download TFC to your desktop

  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean
Step 2

Please download the Kaspersky Virus Removal Tool from here to your Desktop.

Double-click the Removal Tool.

Click the cog in the upper right corner:

AVPfront.gif

Select down to and including your main drive.

Once done please select the Automatic Scan tab and press Start Scan.

avpsettings.gif

Allow AVP to delete all infections found.

Once it has finished select the Report tab.

Select the Detected threats report from the left and press the Save button.

Save it to your Desktop and post the contents in your next reply.

Link to post
Share on other sites

Status: Deleted   (events: 2)

31/08/2013 05:18:32 p.m. Deleted Trojan program Trojan.Win32.Yakes.asmv C:\Program Files (x86)\Steinberg\Cubase 5\VSTPlugins\A - tools\KickMaker.dll High

31/08/2013 05:18:32 p.m. Deleted Trojan program Trojan.Win32.Yakes.asmv C:\Program Files (x86)\Steinberg\VstPlugins\A - tools\KickMaker.dll High

Link to post
Share on other sites

 

 

Avira Free Antivirus

Report file date: 03 September 2013  23:56

 

 

The program is running as an unrestricted full version.

Online services are available.

 

Licensee        : Avira Free Antivirus

Serial number   : 0000149996-ADJIE-0000001

Platform        : Windows 7 Home Premium

Windows version : (Service Pack 1)  [6.1.7601]

Boot mode       : Normally booted

Username        : SYSTEM

Computer name   : KAMINO-PC

 

Version information:

BUILD.DAT       : 13.0.0.4045    54855 Bytes  12/08/2013 12:45:00

AVSCAN.EXE      : 13.6.20.2100   639032 Bytes  29/08/2013 14:42:42

AVSCANRC.DLL    : 13.6.20.2174    52280 Bytes  29/08/2013 14:42:42

LUKE.DLL        : 13.6.20.2174    65080 Bytes  29/08/2013 14:43:00

AVSCPLR.DLL     : 13.6.20.2174    92216 Bytes  29/08/2013 14:42:43

AVREG.DLL       : 13.6.20.2174   250424 Bytes  29/08/2013 14:42:42

avlode.dll      : 13.6.20.2174   497720 Bytes  29/08/2013 14:42:41

avlode.rdf      : 13.0.1.42      26846 Bytes  28/08/2013 14:31:09

VBASE000.VDF    : 7.11.70.0   66736640 Bytes  04/04/2013 17:21:52

VBASE001.VDF    : 7.11.74.226  2201600 Bytes  30/04/2013 13:58:56

VBASE002.VDF    : 7.11.80.60   2751488 Bytes  28/05/2013 10:01:59

VBASE003.VDF    : 7.11.85.214  2162688 Bytes  21/06/2013 12:56:56

VBASE004.VDF    : 7.11.91.176  3903488 Bytes  23/07/2013 15:37:02

VBASE005.VDF    : 7.11.98.186  6822912 Bytes  29/08/2013 14:42:36

VBASE006.VDF    : 7.11.98.187     2048 Bytes  29/08/2013 14:42:36

VBASE007.VDF    : 7.11.98.188     2048 Bytes  29/08/2013 14:42:36

VBASE008.VDF    : 7.11.98.189     2048 Bytes  29/08/2013 14:42:36

VBASE009.VDF    : 7.11.98.190     2048 Bytes  29/08/2013 14:42:36

VBASE010.VDF    : 7.11.98.191     2048 Bytes  29/08/2013 14:42:36

VBASE011.VDF    : 7.11.98.192     2048 Bytes  29/08/2013 14:42:36

VBASE012.VDF    : 7.11.98.193     2048 Bytes  29/08/2013 14:42:36

VBASE013.VDF    : 7.11.99.52    270848 Bytes  30/08/2013 21:52:52

VBASE014.VDF    : 7.11.99.167   210944 Bytes  02/09/2013 10:13:45

VBASE015.VDF    : 7.11.100.3    265216 Bytes  03/09/2013 11:40:45

VBASE016.VDF    : 7.11.100.4      2048 Bytes  03/09/2013 11:40:45

VBASE017.VDF    : 7.11.100.5      2048 Bytes  03/09/2013 11:40:45

VBASE018.VDF    : 7.11.100.6      2048 Bytes  03/09/2013 11:40:45

VBASE019.VDF    : 7.11.100.7      2048 Bytes  03/09/2013 11:40:45

VBASE020.VDF    : 7.11.100.8      2048 Bytes  03/09/2013 11:40:46

VBASE021.VDF    : 7.11.100.9      2048 Bytes  03/09/2013 11:40:46

VBASE022.VDF    : 7.11.100.10     2048 Bytes  03/09/2013 11:40:46

VBASE023.VDF    : 7.11.100.11     2048 Bytes  03/09/2013 11:40:46

VBASE024.VDF    : 7.11.100.12     2048 Bytes  03/09/2013 11:40:46

VBASE025.VDF    : 7.11.100.13     2048 Bytes  03/09/2013 11:40:46

VBASE026.VDF    : 7.11.100.14     2048 Bytes  03/09/2013 11:40:46

VBASE027.VDF    : 7.11.100.15     2048 Bytes  03/09/2013 11:40:46

VBASE028.VDF    : 7.11.100.16     2048 Bytes  03/09/2013 11:40:46

VBASE029.VDF    : 7.11.100.17     2048 Bytes  03/09/2013 11:40:46

VBASE030.VDF    : 7.11.100.18     2048 Bytes  03/09/2013 11:40:47

VBASE031.VDF    : 7.11.100.92   257024 Bytes  04/09/2013 05:42:43

Engine version  : 8.2.12.114

AEVDF.DLL       : 8.1.3.4       102774 Bytes  13/06/2013 18:00:50

AESCRIPT.DLL    : 8.1.4.146     512382 Bytes  30/08/2013 09:52:59

AESCN.DLL       : 8.1.10.4      131446 Bytes  26/03/2013 13:36:31

AESBX.DLL       : 8.2.16.26    1245560 Bytes  23/08/2013 15:33:08

AERDL.DLL       : 8.2.0.128     688504 Bytes  13/06/2013 18:00:47

AEPACK.DLL      : 8.3.2.24      749945 Bytes  20/06/2013 12:19:33

AEOFFICE.DLL    : 8.1.2.76      205181 Bytes  10/08/2013 10:57:55

AEHEUR.DLL      : 8.1.4.588    6091130 Bytes  30/08/2013 09:52:55

AEHELP.DLL      : 8.1.27.6      266617 Bytes  27/08/2013 18:14:07

AEGEN.DLL       : 8.1.7.12      442743 Bytes  10/08/2013 10:57:34

AEEXP.DLL       : 8.4.1.54      311671 Bytes  30/08/2013 09:52:59

AEEMU.DLL       : 8.1.3.2       393587 Bytes  19/10/2012 19:03:44

AECORE.DLL      : 8.1.32.0      201081 Bytes  23/08/2013 15:32:37

AEBB.DLL        : 8.1.1.4        53619 Bytes  06/11/2012 23:48:50

AVWINLL.DLL     : 13.6.20.2174    23608 Bytes  29/08/2013 14:42:25

AVPREF.DLL      : 13.6.20.2174    48184 Bytes  29/08/2013 14:42:42

AVREP.DLL       : 13.6.20.2174   175672 Bytes  29/08/2013 14:42:42

AVARKT.DLL      : 13.6.20.2174   258104 Bytes  29/08/2013 14:42:38

AVEVTLOG.DLL    : 13.6.20.2174   165432 Bytes  29/08/2013 14:42:40

SQLITE3.DLL     : 3.7.0.1       397704 Bytes  01/03/2013 20:01:00

AVSMTP.DLL      : 13.6.20.2174    60472 Bytes  29/08/2013 14:42:43

NETNT.DLL       : 13.6.20.2174    13368 Bytes  29/08/2013 14:43:00

RCIMAGE.DLL     : 13.6.20.2174  4788792 Bytes  29/08/2013 14:42:25

RCTEXT.DLL      : 13.6.20.2174    66616 Bytes  29/08/2013 14:42:25

 

Configuration settings for the scan:

Jobname.............................: AVGuardAsyncScan

Configuration file..................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_5226c858\guard_slideup.avp

Reporting...........................: default

Primary action......................: Repair

Secondary action....................: Quarantine

Scan master boot sector.............: on

Scan boot sector....................: off

Process scan........................: on

Scan registry.......................: off

Search for rootkits.................: off

Integrity checking of system files..: off

Scan all files......................: All files

Scan archives.......................: on

Limit recursion depth...............: 20

Smart extensions....................: on

Macrovirus heuristic................: on

File heuristic......................: Complete

 

Start of the scan: 03 September 2013  23:56

 

The scan of running processes will be started:

Scan process 'svchost.exe' - '52' Module(s) have been scanned

Scan process 'nvvsvc.exe' - '35' Module(s) have been scanned

Scan process 'svchost.exe' - '39' Module(s) have been scanned

Scan process 'svchost.exe' - '78' Module(s) have been scanned

Scan process 'svchost.exe' - '100' Module(s) have been scanned

Scan process 'svchost.exe' - '63' Module(s) have been scanned

Scan process 'svchost.exe' - '164' Module(s) have been scanned

Scan process 'svchost.exe' - '84' Module(s) have been scanned

Scan process 'spoolsv.exe' - '85' Module(s) have been scanned

Scan process 'svchost.exe' - '40' Module(s) have been scanned

Scan process 'sched.exe' - '47' Module(s) have been scanned

Scan process 'svchost.exe' - '64' Module(s) have been scanned

Scan process 'WUDFHost.exe' - '30' Module(s) have been scanned

Scan process 'SASCORE64.EXE' - '23' Module(s) have been scanned

Scan process 'armsvc.exe' - '28' Module(s) have been scanned

Scan process 'avguard.exe' - '108' Module(s) have been scanned

Scan process 'AppleMobileDeviceService.exe' - '74' Module(s) have been scanned

Scan process 'BFNService.exe' - '56' Module(s) have been scanned

Scan process 'offSyncService.exe' - '29' Module(s) have been scanned

Scan process 'mbamscheduler.exe' - '37' Module(s) have been scanned

Scan process 'mbamservice.exe' - '45' Module(s) have been scanned

Scan process 'motuDNSResponder.exe' - '41' Module(s) have been scanned

Scan process 'Monitor.exe' - '44' Module(s) have been scanned

Scan process 'NBService.exe' - '50' Module(s) have been scanned

Scan process 'c2c_service.exe' - '44' Module(s) have been scanned

Scan process 'nvSCPAPISvr.exe' - '34' Module(s) have been scanned

Scan process 'svchost.exe' - '32' Module(s) have been scanned

Scan process 'svchost.exe' - '63' Module(s) have been scanned

Scan process 'upeksvr.exe' - '54' Module(s) have been scanned

Scan process 'Dwm.exe' - '31' Module(s) have been scanned

Scan process 'Explorer.EXE' - '170' Module(s) have been scanned

Scan process 'mbamgui.exe' - '39' Module(s) have been scanned

Scan process 'SynTPEnh.exe' - '63' Module(s) have been scanned

Scan process 'RAVCpl64.exe' - '42' Module(s) have been scanned

Scan process 'FacebookUpdate.exe' - '37' Module(s) have been scanned

Scan process 'Skype.exe' - '130' Module(s) have been scanned

Scan process 'workspacestatus.exe' - '42' Module(s) have been scanned

Scan process 'wben.exe' - '48' Module(s) have been scanned

Scan process 'SUPERANTISPYWARE.EXE' - '85' Module(s) have been scanned

Scan process 'sidebar.exe' - '83' Module(s) have been scanned

Scan process 'workspaceupdate.exe' - '39' Module(s) have been scanned

Scan process 'KillerNetManager.exe' - '73' Module(s) have been scanned

Scan process 'GoProCineFormStatusViewer.exe' - '38' Module(s) have been scanned

Scan process 'iTunesHelper.exe' - '79' Module(s) have been scanned

Scan process 'MFWAKeys.exe' - '34' Module(s) have been scanned

Scan process 'LWS.exe' - '43' Module(s) have been scanned

Scan process 'Dropbox.exe' - '93' Module(s) have been scanned

Scan process 'avgnt.exe' - '94' Module(s) have been scanned

Scan process 'DllHost.exe' - '39' Module(s) have been scanned

Scan process 'jusched.exe' - '34' Module(s) have been scanned

Scan process 'NvXDSync.exe' - '40' Module(s) have been scanned

Scan process 'nvvsvc.exe' - '47' Module(s) have been scanned

Scan process 'chrome.exe' - '108' Module(s) have been scanned

Scan process 'chrome.exe' - '63' Module(s) have been scanned

Scan process 'avshadow.exe' - '20' Module(s) have been scanned

Scan process 'SearchIndexer.exe' - '55' Module(s) have been scanned

Scan process 'iPodService.exe' - '33' Module(s) have been scanned

Scan process 'svchost.exe' - '34' Module(s) have been scanned

Scan process 'SynTPHelper.exe' - '17' Module(s) have been scanned

Scan process 'chrome.exe' - '44' Module(s) have been scanned

Scan process 'chrome.exe' - '45' Module(s) have been scanned

Scan process 'chrome.exe' - '44' Module(s) have been scanned

Scan process 'GoogleUpdate.exe' - '52' Module(s) have been scanned

Scan process 'LMS.exe' - '33' Module(s) have been scanned

Scan process 'UNS.exe' - '45' Module(s) have been scanned

Scan process 'TrustedInstaller.exe' - '49' Module(s) have been scanned

Scan process 'sppsvc.exe' - '35' Module(s) have been scanned

Scan process 'avscan.exe' - '111' Module(s) have been scanned

Scan process 'DllHost.exe' - '48' Module(s) have been scanned

Scan process 'avcenter.exe' - '90' Module(s) have been scanned

Scan process 'smss.exe' - '2' Module(s) have been scanned

Scan process 'csrss.exe' - '18' Module(s) have been scanned

Scan process 'wininit.exe' - '26' Module(s) have been scanned

Scan process 'csrss.exe' - '16' Module(s) have been scanned

Scan process 'services.exe' - '38' Module(s) have been scanned

Scan process 'lsass.exe' - '85' Module(s) have been scanned

Scan process 'lsm.exe' - '16' Module(s) have been scanned

Scan process 'winlogon.exe' - '30' Module(s) have been scanned

 

Starting the file scan:

 

Begin scan in 'C:\temp\cm5.exe'

C:\temp\cm5.exe

  [DETECTION] Is the TR/BitCoinMiner.Gen Trojan

  [NOTE]      The file was moved to the quarantine directory under the name '54f55eeb.qua'!

 

 

End of the scan: 03 September 2013  23:56

Used time: 00:07 Minute(s)

 

The scan has been done completely.

 

      0 Scanned directories

   1748 Files were scanned

      1 Viruses and/or unwanted programs were found

      0 Files were classified as suspicious

      0 Files were deleted

      0 Viruses and unwanted programs were repaired

      1 Files were moved to quarantine

      0 Files were renamed

      0 Files cannot be scanned

   1747 Files not concerned

      5 Archives were scanned

      0 Warnings

      1 Notes
Link to post
Share on other sites

Please manually delete your ComboFix copy and download a new fresh one.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KillAll::

File::

C:\temp\cm5.exe

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Link to post
Share on other sites

ComboFix 13-09-04.04 - Kamino 05/09/2013   7:14.4.8 - x64

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.12266.9218 [GMT -6:00]

Running from: c:\users\Kamino\Desktop\ComboFix.exe

Command switches used :: c:\users\Kamino\Desktop\CFScript.txt

AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 * Created a new restore point

.

FILE ::

"c:\temp\cm5.exe"

.

.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\temp\cm5.exe

.

.

(((((((((((((((((((((((((   Files Created from 2013-08-05 to 2013-09-05  )))))))))))))))))))))))))))))))

.

.

2013-09-05 13:17 . 2013-09-05 13:17 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-09-04 00:16 . 2013-09-04 00:16 -------- d-----w- c:\program files\REAPER

2013-09-03 11:44 . 2013-08-06 08:58 9515512 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5B3170E5-B8CE-43E5-A4FB-A5092CA07359}\mpengine.dll

2013-08-31 22:34 . 2013-08-31 22:34 -------- d-----w- c:\programdata\Kaspersky Lab

2013-08-30 19:05 . 2010-04-29 21:39 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys

2013-08-30 19:05 . 2013-08-30 19:08 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2013-08-30 19:05 . 2013-04-04 20:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-08-29 17:17 . 2013-08-29 17:17 -------- d-----w- c:\users\Kamino\AppData\Local\Apple

2013-08-29 17:17 . 2013-08-29 17:17 -------- d-----w- c:\users\Kamino\AppData\Local\Apple Computer

2013-08-29 17:09 . 2013-08-29 17:09 -------- d-----w- C:\FRST

2013-08-29 14:36 . 2013-08-29 14:36 -------- d-----w- c:\program files (x86)\ESET

2013-08-29 13:08 . 2013-08-29 13:08 -------- d-----w- c:\windows\ERUNT

2013-08-29 12:58 . 2013-09-04 06:19 -------- d-----w- C:\AdwCleaner

2013-08-29 12:44 . 2013-08-30 23:23 5117322 ----a-r- C:\$RA34LUA.exe

2013-08-29 11:15 . 2013-08-30 19:03 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)

2013-08-29 10:56 . 2013-08-30 21:03 -------- d-----w- c:\users\Kamino\AppData\Local\Adobe

2013-08-29 08:24 . 2013-08-29 08:24 -------- d-----w- c:\users\Kamino\AppData\Roaming\SUPERAntiSpyware.com

2013-08-29 08:24 . 2013-08-29 08:24 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2013-08-29 08:24 . 2013-08-29 13:01 -------- d-----w- c:\program files\SUPERAntiSpyware

2013-08-29 08:24 . 2013-08-29 08:24 -------- d-----w- c:\programdata\!SASCORE

2013-08-21 02:28 . 2013-08-21 02:28 -------- d-----w- c:\users\Kamino\AppData\Roaming\PDAppFlex

2013-08-20 01:37 . 2013-08-20 01:37 -------- d-----w- c:\users\Kamino\AppData\Roaming\Malwarebytes

2013-08-20 01:37 . 2013-08-20 01:37 -------- d-----w- c:\programdata\Malwarebytes

2013-08-15 12:46 . 2013-08-15 12:46 -------- d-----w- c:\users\Kamino\AppData\Local\DTClient

2013-08-15 10:58 . 2013-08-15 11:00 -------- d-----w- c:\users\Kamino\AppData\Roaming\DAEMON Tools Ultra

2013-08-15 10:57 . 2013-08-15 10:58 -------- d-----w- c:\programdata\DAEMON Tools Ultra

2013-08-15 10:55 . 2013-04-10 20:22 180088 ----a-w- c:\windows\pfolder.exe

2013-08-15 10:55 . 2013-08-15 16:01 -------- d-----w- c:\program files\Pismo File Mount Audit Package

2013-08-15 10:55 . 2013-04-10 20:17 101752 ----a-w- c:\windows\SysWow64\ptdllrun1.exe

2013-08-15 10:55 . 2013-04-10 20:17 127864 ----a-w- c:\windows\system32\ptdllrun1.exe

2013-08-13 22:44 . 2013-07-09 05:52 224256 ----a-w- c:\windows\system32\wintrust.dll

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-09-04 11:43 . 2013-03-28 07:48 105344 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2013-08-29 14:43 . 2013-05-09 23:29 81112 ----a-w- c:\windows\system32\drivers\avnetflt.sys

2013-08-29 14:43 . 2013-03-28 07:48 132088 ----a-w- c:\windows\system32\drivers\avipbb.sys

2013-08-21 02:53 . 2013-02-06 10:13 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-08-21 02:53 . 2012-02-15 02:21 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-08-21 02:53 . 2013-02-10 00:52 17737608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe

2013-08-14 08:41 . 2012-02-15 09:22 78161360 ----a-w- c:\windows\system32\MRT.exe

2013-07-09 04:45 . 2013-08-13 22:44 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2013-07-03 14:28 . 2013-07-03 14:28 2892 ----a-w- c:\windows\SysWow64\audcon.sys

2013-07-01 23:20 . 2013-07-01 23:20 97280 ----a-w- c:\windows\system32\mshtmled.dll

2013-07-01 23:20 . 2013-07-01 23:20 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll

2013-07-01 23:20 . 2013-07-01 23:20 81408 ----a-w- c:\windows\system32\icardie.dll

2013-07-01 23:20 . 2013-07-01 23:20 762368 ----a-w- c:\windows\system32\ieapfltr.dll

2013-07-01 23:20 . 2013-07-01 23:20 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

2013-07-01 23:20 . 2013-07-01 23:20 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll

2013-07-01 23:20 . 2013-07-01 23:20 61952 ----a-w- c:\windows\SysWow64\tdc.ocx

2013-07-01 23:20 . 2013-07-01 23:20 599552 ----a-w- c:\windows\system32\vbscript.dll

2013-07-01 23:20 . 2013-07-01 23:20 523264 ----a-w- c:\windows\SysWow64\vbscript.dll

2013-07-01 23:20 . 2013-07-01 23:20 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

2013-07-01 23:20 . 2013-07-01 23:20 452096 ----a-w- c:\windows\system32\dxtmsft.dll

2013-07-01 23:20 . 2013-07-01 23:20 441856 ----a-w- c:\windows\system32\html.iec

2013-07-01 23:20 . 2013-07-01 23:20 38400 ----a-w- c:\windows\SysWow64\imgutil.dll

2013-07-01 23:20 . 2013-07-01 23:20 361984 ----a-w- c:\windows\SysWow64\html.iec

2013-07-01 23:20 . 2013-07-01 23:20 281600 ----a-w- c:\windows\system32\dxtrans.dll

2013-07-01 23:20 . 2013-07-01 23:20 27648 ----a-w- c:\windows\system32\licmgr10.dll

2013-07-01 23:20 . 2013-07-01 23:20 270848 ----a-w- c:\windows\system32\iedkcs32.dll

2013-07-01 23:20 . 2013-07-01 23:20 247296 ----a-w- c:\windows\system32\webcheck.dll

2013-07-01 23:20 . 2013-07-01 23:20 235008 ----a-w- c:\windows\system32\url.dll

2013-07-01 23:20 . 2013-07-01 23:20 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll

2013-07-01 23:20 . 2013-07-01 23:20 226304 ----a-w- c:\windows\system32\elshyph.dll

2013-07-01 23:20 . 2013-07-01 23:20 216064 ----a-w- c:\windows\system32\msls31.dll

2013-07-01 23:20 . 2013-07-01 23:20 197120 ----a-w- c:\windows\system32\msrating.dll

2013-07-01 23:20 . 2013-07-01 23:20 185344 ----a-w- c:\windows\SysWow64\elshyph.dll

2013-07-01 23:20 . 2013-07-01 23:20 167424 ----a-w- c:\windows\system32\iexpress.exe

2013-07-01 23:20 . 2013-07-01 23:20 158720 ----a-w- c:\windows\SysWow64\msls31.dll

2013-07-01 23:20 . 2013-07-01 23:20 1509376 ----a-w- c:\windows\system32\inetcpl.cpl

2013-07-01 23:20 . 2013-07-01 23:20 150528 ----a-w- c:\windows\SysWow64\iexpress.exe

2013-07-01 23:20 . 2013-07-01 23:20 144896 ----a-w- c:\windows\system32\wextract.exe

2013-07-01 23:20 . 2013-07-01 23:20 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2013-07-01 23:20 . 2013-07-01 23:20 1400416 ----a-w- c:\windows\system32\ieapfltr.dat

2013-07-01 23:20 . 2013-07-01 23:20 138752 ----a-w- c:\windows\SysWow64\wextract.exe

2013-07-01 23:20 . 2013-07-01 23:20 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2013-07-01 23:20 . 2013-07-01 23:20 12800 ----a-w- c:\windows\SysWow64\mshta.exe

2013-07-01 23:20 . 2013-07-01 23:20 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

2013-07-01 23:20 . 2013-07-01 23:20 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe

2013-07-01 23:20 . 2013-07-01 23:20 102912 ----a-w- c:\windows\system32\inseng.dll

2013-07-01 23:20 . 2013-07-01 23:20 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2013-07-01 23:20 . 2013-07-01 23:20 77312 ----a-w- c:\windows\system32\tdc.ocx

2013-07-01 23:20 . 2013-07-01 23:20 62976 ----a-w- c:\windows\system32\pngfilt.dll

2013-07-01 23:20 . 2013-07-01 23:20 52224 ----a-w- c:\windows\system32\msfeedsbs.dll

2013-07-01 23:20 . 2013-07-01 23:20 51200 ----a-w- c:\windows\system32\imgutil.dll

2013-07-01 23:20 . 2013-07-01 23:20 48640 ----a-w- c:\windows\system32\mshtmler.dll

2013-07-01 23:20 . 2013-07-01 23:20 173568 ----a-w- c:\windows\system32\ieUnatt.exe

2013-07-01 23:20 . 2013-07-01 23:20 149504 ----a-w- c:\windows\system32\occache.dll

2013-07-01 23:20 . 2013-07-01 23:20 13824 ----a-w- c:\windows\system32\mshta.exe

2013-07-01 23:20 . 2013-07-01 23:20 136192 ----a-w- c:\windows\system32\iepeers.dll

2013-07-01 23:20 . 2013-07-01 23:20 135680 ----a-w- c:\windows\system32\IEAdvpack.dll

2013-07-01 23:20 . 2013-07-01 23:20 12800 ----a-w- c:\windows\system32\msfeedssync.exe

2013-06-13 03:48 . 2013-06-18 07:26 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2013-06-13 03:48 . 2013-06-18 07:26 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll

2013-06-13 03:47 . 2013-06-18 07:26 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2012-10-19 13:10 . 2012-10-19 13:10 4096000 ----a-w- c:\program files (x86)\GUT4598.tmp

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2013-05-25 00:36 130736 ----a-w- c:\users\Kamino\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2013-05-25 00:36 130736 ----a-w- c:\users\Kamino\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2013-05-25 00:36 130736 ----a-w- c:\users\Kamino\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2013-05-25 00:36 130736 ----a-w- c:\users\Kamino\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Facebook Update"="c:\users\Kamino\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-10-19 138096]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-06-21 19875432]

"Workspace Status"="c:\program files (x86)\Workspace\workspacestatus.exe" [2013-07-30 694760]

"wben"="c:\program files (x86)\Workspace\wben.exe" [2013-07-26 1569488]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-08-29 6581488]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]

"Starfield Updater"="c:\users\Kamino\AppData\Local\Workspace\WorkspaceUpdate.exe" [2013-08-31 35008]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]

"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2012-09-13 204136]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-08-29 347192]

"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]

"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]

.

c:\users\Kamino\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Kamino\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-24 27776968]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Administrador de Red Killer de Bigfoot Networks.lnk - c:\program files\Bigfoot Networks\Killer Network Manager\KillerNetManager.exe -minimized [2012-2-1 550912]

CineForm Status.lnk - c:\program files (x86)\CineForm\Tools\GoProCineFormStatusViewer.exe [2012-10-28 152064]

MOTU Pedal Service.lnk - c:\program files (x86)\MOTU\Audio\MFWAKeys.exe [2013-4-30 1457480]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"Userinit"="userinit.exe"

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ   scecli c:\program files\Protector Suite\psqlpwd.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

R1 SABKUTIL;SABKUTIL;c:\program files\SUPERAntiSpyware\SABKUTIL.sys;c:\program files\SUPERAntiSpyware\SABKUTIL.sys [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]

R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]

R3 HP8207_8307;HP-HP8207_8307;c:\windows\system32\DRIVERS\HP8207_8307.sys;c:\windows\SYSNATIVE\DRIVERS\HP8207_8307.sys [x]

R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]

R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]

R3 LVUVC64;Logitech Webcam C160(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]

R3 MFWAMIDI64;MOTU Audio MIDI for 64 bit;c:\windows\system32\drivers\MFWAMIDI64.sys;c:\windows\SYSNATIVE\drivers\MFWAMIDI64.sys [x]

R3 MFWAWAVE64;MOTU Audio Wave for 64 bit;c:\windows\system32\drivers\MFWAWAVE64.sys;c:\windows\SYSNATIVE\drivers\MFWAWAVE64.sys [x]

R3 MotuFWA64;MotuFWA64;c:\windows\system32\drivers\Motufwa64.sys;c:\windows\SYSNATIVE\drivers\Motufwa64.sys [x]

R3 MOTUMicroBook;MOTU MicroBook;c:\windows\system32\Drivers\MOTUMicroBook.sys;c:\windows\SYSNATIVE\Drivers\MOTUMicroBook.sys [x]

R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]

S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]

S1 BfLwf;Bigfoot Networks Bandwidth Control;c:\windows\system32\DRIVERS\bflwfx64.sys;c:\windows\SYSNATIVE\DRIVERS\bflwfx64.sys [x]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]

S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]

S2 Bigfoot Networks Killer Service;Bigfoot Networks Killer Service;c:\program files\Bigfoot Networks\Killer Network Manager\BFNService.exe;c:\program files\Bigfoot Networks\Killer Network Manager\BFNService.exe [x]

S2 File Backup;File Backup Service;c:\program files (x86)\Workspace\offSyncService.exe;c:\program files (x86)\Workspace\offSyncService.exe [x]

S2 MOTU_ZeroConf;MOTU_ZeroConf;c:\program files (x86)\MOTU\motuDNSResponder.exe;c:\program files (x86)\MOTU\motuDNSResponder.exe [x]

S2 Mutual Monitor;Mutual Monitor;c:\program files\mutualpublic\Monitor.exe run;c:\program files\mutualpublic\Monitor.exe run [x]

S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]

S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]

S3 Ak27x64;Killer Wireless-N 1102 device driver;c:\windows\system32\DRIVERS\Ak27x64.sys;c:\windows\SYSNATIVE\DRIVERS\Ak27x64.sys [x]

S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]

S3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);c:\windows\system32\DRIVERS\JME.sys;c:\windows\SYSNATIVE\DRIVERS\JME.sys [x]

S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]

S3 motubus;MOTU Audio MIDI Extension;c:\windows\system32\drivers\MotuBus64.sys;c:\windows\SYSNATIVE\drivers\MotuBus64.sys [x]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]

S3 ysusb64;Yamaha Steinberg USB Audio;c:\windows\system32\drivers\ysusb64.sys;c:\windows\SYSNATIVE\drivers\ysusb64.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-09-04 05:45 1177552 ----a-w- c:\program files (x86)\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2013-08-29 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-06 02:53]

.

2013-08-29 c:\windows\Tasks\AdobeAAMUpdater-1.0-Kamino-PC-Kamino.job

- c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2013-08-21 12:09]

.

2013-08-28 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-624151497-22980530-843776449-1000Core.job

- c:\users\Kamino\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-02-24 17:45]

.

2013-08-29 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-624151497-22980530-843776449-1000UA.job

- c:\users\Kamino\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-02-24 17:45]

.

2013-08-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-14 23:34]

.

2013-08-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-14 23:34]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2013-05-25 00:36 164016 ----a-w- c:\users\Kamino\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2013-05-25 00:36 164016 ----a-w- c:\users\Kamino\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2013-05-25 00:36 164016 ----a-w- c:\users\Kamino\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2013-05-25 00:36 164016 ----a-w- c:\users\Kamino\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\off0]

@="{8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5}"

[HKEY_CLASSES_ROOT\CLSID\{8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5}]

2012-10-19 18:04 1308432 ----a-w- c:\program files (x86)\Workspace\offsyncext64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\off1]

@="{8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5}"

[HKEY_CLASSES_ROOT\CLSID\{8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5}]

2012-10-19 18:04 1308432 ----a-w- c:\program files (x86)\Workspace\offsyncext64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]

@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"

[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]

2010-04-27 21:48 5947656 ----a-w- c:\program files\Protector Suite\farchns.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]

@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"

[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]

2010-04-27 21:48 5947656 ----a-w- c:\program files\Protector Suite\farchns.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-06-11 12503184]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = 

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office10\EXCEL.EXE/3000

LSP: %SYSTEMROOT%\system32\BfLLR.dll

TCP: DhcpNameServer = 10.0.0.138

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Toolbar-10 - (no file)

AddRemove-Adobe SVG Viewer - c:\windows\System32\Adobe\SVG Viewer\Uninst.isu

AddRemove-SendSpaceWizard - c:\program files (x86)\SendSpace\Wizard\Uninstall.exe

AddRemove-SFX Machine RT VST v1.0.3 - c:\archiv~1\VSTPLU~1\SFXMAC~1\UNINST~1\UNWISE.EXE

AddRemove-SyncerSoft Analog Voice VSTi - c:\vstplugins\SyncerSoft Analog Voice VSTi\uninstall.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]

"Version"=hex:76,b5,3f,27,9d,38,48,22,da,50,f9,92,39,8f,96,81,65,2a,10,eb,f8,

   c1,20,cb,d8,a8,f0,71,d9,0b,95,95,5e,26,2e,87,9c,76,46,ff,8b,f5,48,39,66,40,\

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]

"Version"=hex:76,b5,3f,27,9d,38,48,22,da,50,f9,92,39,8f,96,81,65,2a,10,eb,f8,

   c1,20,cb,d8,a8,f0,71,d9,0b,95,95,5e,26,2e,87,9c,76,46,ff,8b,f5,48,39,66,40,\

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\mutualpublic\Monitor.exe

c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

.

**************************************************************************

.

Completion time: 2013-09-05  07:19:26 - machine was rebooted

ComboFix-quarantined-files.txt  2013-09-05 13:19

ComboFix2.txt  2013-09-04 06:15

ComboFix3.txt  2013-08-30 23:28

ComboFix4.txt  2013-08-29 12:55

.

Pre-Run: 24,674,598,912 bytes free

Post-Run: 24,305,692,672 bytes free

.

- - End Of File - - DCD72C33CD013409AF5014485148082C

A36C5E4F47E84449FF07ED3517B43A31
Link to post
Share on other sites

Please download Malwarebytes Anti-Rootkit from here

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt
Link to post
Share on other sites

Malwarebytes Anti-Rootkit BETA 1.07.0.1005

www.malwarebytes.org

 

Database version: v2013.09.08.07

 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 10.0.9200.16660

Kamino :: KAMINO-PC [administrator]

 

08/09/2013 05:47:45 p.m.

mbar-log-2013-09-08 (17-47-45).txt

 

Scan type: Quick scan

Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken

Scan options disabled: 

Objects scanned: 252722

Time elapsed: 4 minute(s), 47 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

Physical Sectors Detected: 0

(No malicious items detected)

 

(end)
Link to post
Share on other sites

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system.  You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.