TR/BitCoinMiner.Gen can't remove it. please help.

Serag · August 29, 2013

Hello, i have been trying to remove this : TR/BitCoinMiner.Gen it keep multiplying in C:/temp/cm5.exe

I tried mostly all of the topics related to this virus, but until now still is coming back.

Thanks in advance.

Maniac · August 29, 2013

Hello Serag and :welcome: ! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
Make sure you read all of the instructions and fixes thoroughly before continuing with them.
Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.

Please follow the instructions here and then post the log files in your next reply.

http://forums.malwarebytes.org/index.php?showtopic=9573

Serag · August 29, 2013

Hello, thank you, here it is:

attach.txt

dds.txt

Maniac · August 30, 2013

Take a minute and read my notes.

Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Please follow the instructions here and then post the log files in your next reply.

Serag · August 30, 2013

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 14/02/2012 01:47:20 p.m.

System Uptime: 29/08/2013 10:36:21 a.m. (1 hours ago)

.

Motherboard: CLEVO | | P150HMx

Processor: Intel® Core i7-2860QM CPU @ 2.50GHz | SOCKET 0 | 2501/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 112 GiB total, 27.998 GiB free.

E: is FIXED (NTFS) - 466 GiB total, 10.746 GiB free.

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP296: 26/08/2013 06:04:28 a.m. - Scheduled Checkpoint

RP297: 27/08/2013 01:56:04 a.m. - Windows Update

RP298: 29/08/2013 06:50:42 a.m. - ComboFix created restore point

.

==== Installed Programs ======================

.

"Nero SoundTrax Help

Aalto VST version 1.3.2

Ableton Live v6.0.3

Adobe AIR

Adobe Download Assistant

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Help Manager

Adobe Illustrator CS6

Adobe Photoshop CS6

Adobe Premiere Pro CS6

Adobe Reader XI (11.0.03)

Adobe SVG Viewer

Advertising Center

Apple Application Support

Apple Mobile Device Support

Apple Software Update

ASIO4ALL

Audacity 1.2.6

Avira Free Antivirus

Bigfoot Networks Killer Network Manager

bl

CameraHelperMsi

Compatibility Pack for the 2007 Office system

Control ActiveX de Windows Live Mesh para conexiones remotas

db audioware mastering plugins 1.05c

DolbyFiles

Dropbox

Edirol HQ Orchestral v1.01

eLicenser Control

erLT

ESET Online Scanner v3

FabFilter TotalBundle VST RTAS v1.2

Facebook Video Calling 1.2.0.287

FileZilla Client 3.6.0.2

FreeFileSharingBox

G-sonique Alien303 VSTi

Google Chrome

Google Earth Plug-in

Google Update Helper

GoPro CineForm Studio 1.3.2

GRM Tools Classic VST v1.6.52

ImagXpress

Intel® Management Engine Components

iTunes

Java 7 Update 25

Java Auto Updater

JMicron Flash Media Controller Driver

Lennar Digital Sylenth VSTi v1.2.1

Lexicon PSP42 1.4

LinPlug CronoX VSTi v2.04

Logitech Gaming Software

Logitech Gaming Software 8.20

Logitech Webcam Software

LWS Facebook

LWS Gallery

LWS Help_main

LWS Launcher

LWS Motion Detection

LWS Pictures And Video

LWS Twitter

LWS Webcam Software

LWS WLM Plugin

LWS YouTube Plugin

MagniPic

Menu Templates - Starter Kit

Microsoft .NET Framework 4 Client Profile

Microsoft Office XP Professional with FrontPage

Microsoft Silverlight

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft_VC80_CRT_x86

Microsoft_VC90_CRT_x86

MOTU Hardware

Movie Templates - Starter Kit

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Mutual Public

Native Instruments Electronic Instruments 2 XT

Native Instruments Guitar Rig v1.1.1

Nero 9

Nero Burning ROM Help

Nero BurnRights

Nero ControlCenter

Nero CoverDesigner

Nero CoverDesigner Help

Nero Disc Copy Gadget

Nero Disc Copy Gadget Help

Nero DiscSpeed

Nero DriveSpeed

Nero Express Help

Nero InfoTool

Nero Installer

Nero Live

Nero Live Help

Nero PhotoSnap

Nero PhotoSnap Help

Nero Recode

Nero Recode Help

Nero Rescue Agent

Nero RescueAgent Help

Nero ShowTime

Nero StartSmart

Nero StartSmart Help

Nero Vision

Nero WaveEditor

Nero WaveEditor Help

NeroBurningROM

NeroExpress

NeroLiveGadget

NeroLiveGadget Help

neroxml

NomadFactory Bluetubes VST v2.02

Nord Sound Manager V1.02

NVIDIA 3D Vision Driver 268.49

NVIDIA Control Panel 268.49

NVIDIA Graphics Driver 268.49

NVIDIA HD Audio Driver 1.2.22.1

NVIDIA Install Application

NVIDIA PhysX

NVIDIA PhysX System Software 9.10.0514

NVIDIA Stereoscopic 3D Driver

PCM Native Reverb VST Plug-in

PDF Password Cracker Pro v3.2

PDF Password Remover v3.1

PDF Settings CS6

ph

Protector Suite 2009

QuickTime

r8brain 1.9

Realtek High Definition Audio Driver

REAPER

Renesas Electronics USB 3.0 Host Controller Driver

rgcAudio z3ta+ v1.0

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)

SendSpace Wizard

SFX Machine RT VST v1.0.3

Skype Click to Call

Skype™ 6.6

Sonalksis Plug-Ins for Windows 2.02

Sonnox Oxford Inflator Native VST v1.5.1

Sonnox Oxford Limiter Native VST v1.1.1

Sonnox Oxford R3 Dynamics Native VST v1.3.1

Sonnox Oxford R3 EQ Native VST v1.6.1

Sonnox Oxford TransMod Native VST v1.3.1

SoundTrax

SPL Analog Code Transient Designer VST RTAS v1.1

SSL LMC-1 v1.0

Steinberg Cubase 5

Steinberg UR28M Applications

Steinberg VST Classics 1 64bit

SUPERAntiSpyware

Synaptics Pointing Device Driver

SyncerSoft Analog Voice VSTi

Synth1

TouchFreeze

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939)

VideoLAN VLC media player 0.8.6i

Waldorf Largo

WaveLab 6

Waves Complete VST RTAS TDM v7.1.16

Windows Driver Package - GoPro (WinUSB) Universal Serial Bus devices (03/07/2012 )

Windows Live Mesh ActiveX Control for Remote Connections

WinRAR 4.01 (64-bit)

Workspace Desktop

Yamaha Steinberg USB Driver

.

==== Event Viewer Messages From Past Week ========

.

29/08/2013 10:36:42 a.m., Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom SABKUTIL

29/08/2013 10:35:12 a.m., Error: Service Control Manager [7034] - The computation-engine service terminated unexpectedly. It has done this 1 time(s).

29/08/2013 08:41:16 a.m., Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

29/08/2013 07:10:17 a.m., Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service NVSvc with arguments "" in order to run the server: {DCAB0989-1301-4319-BE5F-ADE89F88581C}

.

==== End Of File ===========================

Serag · August 30, 2013

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 10.0.9200.16660 BrowserJavaVersion: 10.25.2

Run by Kamino at 11:31:00 on 2013-08-29

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.12266.9090 [GMT -6:00]

.

AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k WbioSvcGroup

C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

C:\Windows\System32\WUDFHost.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bigfoot Networks\Killer Network Manager\BFNService.exe

C:\Program Files (x86)\Workspace\offSyncService.exe

C:\Program Files (x86)\MOTU\motuDNSResponder.exe

C:\Program Files\mutualpublic\Monitor.exe

C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe

C:\Windows\system32\nvvsvc.exe

C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files\Protector Suite\upeksvr.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Users\Kamino\AppData\Local\Facebook\Update\FacebookUpdate.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Program Files (x86)\Workspace\workspacestatus.exe

C:\Program Files (x86)\Workspace\wben.exe

C:\Users\Kamino\AppData\Local\Workspace\workspaceupdate.exe

C:\Program Files\Bigfoot Networks\Killer Network Manager\KillerNetManager.exe

C:\Program Files (x86)\CineForm\Tools\GoProCineFormStatusViewer.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\MOTU\Audio\MFWAKeys.exe

C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe

C:\Users\Kamino\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

mWinlogon: Userinit = userinit.exe

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

uRun: [Facebook Update] "C:\Users\Kamino\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

uRun: [Workspace Status] "C:\Program Files (x86)\Workspace\workspacestatus.exe"

uRun: [wben] "C:\Program Files (x86)\Workspace\wben.exe"

uRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

uRun: [starfield Updater] "C:\Users\Kamino\AppData\Local\Workspace\WorkspaceUpdate.exe"

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide

mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin

mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

StartupFolder: C:\Users\Kamino\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Kamino\AppData\Roaming\Dropbox\bin\Dropbox.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADMINI~1.LNK - C:\Program Files\Bigfoot Networks\Killer Network Manager\KillerNetManager.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CINEFO~1.LNK - C:\Program Files (x86)\CineForm\Tools\GoProCineFormStatusViewer.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MOTUPE~1.LNK - C:\Program Files (x86)\MOTU\Audio\MFWAKeys.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDrives = dword:0

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: PromptOnSecureDesktop = dword:0

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office10\EXCEL.EXE/3000

LSP: %SYSTEMROOT%\system32\BfLLR.dll

TCP: NameServer = 10.0.0.138

TCP: Interfaces\{6EF861FE-7944-484C-9431-95DCC0D1DB5F} : DHCPNameServer = 10.0.0.138

TCP: Interfaces\{6EF861FE-7944-484C-9431-95DCC0D1DB5F}\2426F687D21473147393335414D253 : DHCPNameServer = 192.168.1.254

TCP: Interfaces\{6EF861FE-7944-484C-9431-95DCC0D1DB5F}\2454C4C4831373 : DHCPNameServer = 192.168.2.1

TCP: Interfaces\{E6CBBDBA-2DC9-4FC1-A808-7A941F1583C7} : DHCPNameServer = 10.0.0.138

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

SSODL: WebCheck - <orphaned>

LSA: Notification Packages = scecli C:\Program Files\Protector Suite\psqlpwd.dll

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe

x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - <orphaned>

x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Notify: psfus - C:\Program Files\Protector Suite\psqlpwd.dll

x64-SSODL: WebCheck - <orphaned>

.

============= SERVICES / DRIVERS ===============

.

R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2013-7-21 56208]

R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2013-3-28 28600]

R1 BfLwf;Bigfoot Networks Bandwidth Control;C:\Windows\System32\drivers\bflwfx64.sys [2012-2-1 75368]

R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]

R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]

R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-7-18 146816]

R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2013-3-1 84024]

R2 AntiVirService;Avira Real-Time Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2013-3-1 108088]

R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2013-3-28 105344]

R2 Bigfoot Networks Killer Service;Bigfoot Networks Killer Service;C:\Program Files\Bigfoot Networks\Killer Network Manager\BFNService.exe [2012-2-1 490496]

R2 File Backup;File Backup Service;C:\Program Files (x86)\Workspace\offSyncService.exe [2012-1-5 1187040]

R2 MOTU_ZeroConf;MOTU_ZeroConf;C:\Program Files (x86)\MOTU\motuDNSResponder.exe [2013-4-30 390984]

R2 Mutual Monitor;Mutual Monitor;C:\Program Files\mutualpublic\Monitor.exe run --> C:\Program Files\mutualpublic\Monitor.exe run [?]

R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-8-14 3291008]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-5-5 378472]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-1-31 2656280]

R3 Ak27x64;Killer Wireless-N 1102 device driver;C:\Windows\System32\drivers\Ak27x64.sys [2012-2-1 2740328]

R3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2012-1-31 174680]

R3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);C:\Windows\System32\drivers\JME.sys [2012-1-31 115312]

R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2009-11-23 22408]

R3 motubus;MOTU Audio MIDI Extension;C:\Windows\System32\drivers\motubus64.sys [2013-4-30 30288]

R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-11-19 80384]

R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-11-19 181248]

R3 ysusb64;Yamaha Steinberg USB Audio;C:\Windows\System32\drivers\ysusb64.sys [2013-1-29 113960]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 computation-engine;computation-engine;C:\temp\cm5.exe [2013-8-29 1066496]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-21 162408]

S3 HP8207_8307;HP-HP8207_8307;C:\Windows\System32\drivers\HP8207_8307.sys [2010-2-4 15360]

S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2009-11-23 16008]

S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-9-21 351520]

S3 LVUVC64;Logitech Webcam C160(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-9-21 4763680]

S3 MFWAMIDI64;MOTU Audio MIDI for 64 bit;C:\Windows\System32\drivers\mfwamidi64.sys [2011-11-9 32368]

S3 MFWAWAVE64;MOTU Audio Wave for 64 bit;C:\Windows\System32\drivers\mfwawave64.sys [2011-11-9 82544]

S3 MotuFWA64;MotuFWA64;C:\Windows\System32\drivers\MotuFWA64.sys [2011-11-9 607856]

S3 MOTUMicroBook;MOTU MicroBook;C:\Windows\System32\drivers\MOTUMicroBook.sys [2013-4-30 73296]

S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-2-18 1255736]

S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]

.

=============== Created Last 30 ================

.

2013-08-29 17:17:44 -------- d-----w- C:\Users\Kamino\AppData\Local\Apple

2013-08-29 17:17:37 -------- d-----w- C:\Users\Kamino\AppData\Local\Apple Computer

2013-08-29 17:09:20 -------- d-----w- C:\FRST

2013-08-29 14:36:24 -------- d-----w- C:\Program Files (x86)\ESET

2013-08-29 13:08:40 -------- d-----w- C:\Windows\ERUNT

2013-08-29 12:58:51 -------- d-----w- C:\AdwCleaner

2013-08-29 12:55:23 -------- d-sh--w- C:\$RECYCLE.BIN

2013-08-29 12:50:41 98816 ----a-w- C:\Windows\sed.exe

2013-08-29 12:50:41 256000 ----a-w- C:\Windows\PEV.exe

2013-08-29 12:50:41 208896 ----a-w- C:\Windows\MBR.exe

2013-08-29 11:15:01 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2013-08-29 10:56:13 -------- d-----w- C:\Users\Kamino\AppData\Local\Adobe

2013-08-29 08:24:37 -------- d-----w- C:\Users\Kamino\AppData\Roaming\SUPERAntiSpyware.com

2013-08-29 08:24:37 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com

2013-08-29 08:24:34 -------- d-----w- C:\ProgramData\!SASCORE

2013-08-29 08:24:34 -------- d-----w- C:\Program Files\SUPERAntiSpyware

2013-08-27 07:56:18 9515512 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{76C0A331-F3E2-4542-AF87-7DCC2C5F670F}\mpengine.dll

2013-08-21 02:28:09 -------- d-----w- C:\Users\Kamino\AppData\Roaming\PDAppFlex

2013-08-20 01:37:10 -------- d-----w- C:\Users\Kamino\AppData\Roaming\Malwarebytes

2013-08-20 01:37:07 -------- d-----w- C:\ProgramData\Malwarebytes

2013-08-15 12:46:01 -------- d-----w- C:\Users\Kamino\AppData\Local\DTClient

2013-08-15 10:58:33 -------- d-----w- C:\Users\Kamino\AppData\Roaming\DAEMON Tools Ultra

2013-08-15 10:57:58 -------- d-----w- C:\ProgramData\DAEMON Tools Ultra

2013-08-15 10:55:46 180088 ----a-w- C:\Windows\pfolder.exe

2013-08-15 10:55:45 127864 ----a-w- C:\Windows\System32\ptdllrun1.exe

2013-08-15 10:55:45 101752 ----a-w- C:\Windows\SysWow64\ptdllrun1.exe

2013-08-15 10:55:45 -------- d-----w- C:\Program Files\Pismo File Mount Audit Package

2013-08-13 22:44:30 224256 ----a-w- C:\Windows\System32\wintrust.dll

.

==================== Find3M ====================

.

2013-08-29 14:43:12 81112 ----a-w- C:\Windows\System32\drivers\avnetflt.sys

2013-08-29 14:43:12 105344 ----a-w- C:\Windows\System32\drivers\avgntflt.sys

2013-08-21 02:53:13 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-08-21 02:53:13 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-08-21 02:53:09 17737608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe

2013-07-26 05:13:37 2241024 ----a-w- C:\Windows\System32\wininet.dll

2013-07-26 05:12:08 3958784 ----a-w- C:\Windows\System32\jscript9.dll

2013-07-26 05:12:04 136704 ----a-w- C:\Windows\System32\iesysprep.dll

2013-07-26 05:12:03 67072 ----a-w- C:\Windows\System32\iesetup.dll

2013-07-26 03:35:08 2706432 ----a-w- C:\Windows\System32\mshtml.tlb

2013-07-26 03:13:24 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-07-26 03:12:04 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-07-26 03:12:00 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll

2013-07-26 03:12:00 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll

2013-07-26 02:49:14 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-07-26 02:39:38 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe

2013-07-26 01:59:38 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe

2013-07-25 09:25:54 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL

2013-07-25 08:57:27 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL

2013-07-19 01:58:42 2048 ----a-w- C:\Windows\System32\tzres.dll

2013-07-19 01:41:01 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2013-07-09 06:03:30 5550528 ----a-w- C:\Windows\System32\ntoskrnl.exe

2013-07-09 05:54:22 1732032 ----a-w- C:\Windows\System32\ntdll.dll

2013-07-09 05:53:12 243712 ----a-w- C:\Windows\System32\wow64.dll

2013-07-09 05:51:16 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll

2013-07-09 05:46:20 184320 ----a-w- C:\Windows\System32\cryptsvc.dll

2013-07-09 05:46:20 1472512 ----a-w- C:\Windows\System32\crypt32.dll

2013-07-09 05:46:20 139776 ----a-w- C:\Windows\System32\cryptnet.dll

2013-07-09 05:03:34 3968960 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2013-07-09 05:03:34 3913664 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2013-07-09 04:53:47 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll

2013-07-09 04:52:33 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll

2013-07-09 04:52:33 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2013-07-09 04:52:10 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll

2013-07-09 04:46:31 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2013-07-09 04:46:31 1166848 ----a-w- C:\Windows\SysWow64\crypt32.dll

2013-07-09 04:46:31 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll

2013-07-09 04:45:07 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

2013-07-09 02:49:42 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2013-07-09 02:49:41 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2013-07-09 02:49:39 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2013-07-09 02:49:38 2048 ----a-w- C:\Windows\SysWow64\user.exe

2013-07-06 06:03:53 1910208 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2013-07-03 14:28:49 2892 ----a-w- C:\Windows\SysWow64\audcon.sys

2013-06-15 04:32:16 39936 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys

2013-06-13 03:48:23 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2013-06-13 03:48:17 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2013-06-13 03:47:57 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2013-06-05 03:34:27 3153920 ----a-w- C:\Windows\System32\win32k.sys

2013-06-04 06:00:13 624128 ----a-w- C:\Windows\System32\qedit.dll

2013-06-04 04:53:07 509440 ----a-w- C:\Windows\SysWow64\qedit.dll

2012-10-19 13:10:36 4096000 ----a-w- C:\Program Files (x86)\GUT4598.tmp

.

============= FINISH: 11:31:06.91 ===============

Maniac · August 30, 2013

Step 1

Please uninstall this application: MagniPic

Step 2

Launch Malwarebytes' Anti-Malware
Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
Go to Scanner tab and select Perform Quick Scan, then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 3

Download on the desktop RogueKiller
Quit all programs
Start RogueKiller.exe
Wait until Prescan has finished ...
Click on Scan. Click on Report and copy/paste the content of the notepad in your next reply.

In your next reply, post the following log files:

Malwarebytes' Anti-Malware log
RogueKiller log

Serag · August 30, 2013

Malwarebytes Anti-Malware (Trial) 1.75.0.1300

www.malwarebytes.org

Database version: v2013.08.30.06

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 10.0.9200.16660

Kamino :: KAMINO-PC [administrator]

Protection: Enabled

30/08/2013 01:09:18 p.m.

mbam-log-2013-08-30 (13-09-18).txt

Scan type: Quick scan

Scan options disabled: P2P

Objects scanned: 222459

Time elapsed: 1 minute(s), 36 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

-------------------------------------------

RogueKiller V8.6.7 _x64_ [Aug 28 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.adlice.com/forum/

Website : http://www.adlice.com/softwares/roguekiller/

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Kamino [Admin rights]

Mode : Scan -- Date : 08/30/2013 13:14:08

| ARK || FAK || MBR |

¤¤¤ Bad processes : 2 ¤¤¤

[sUSP PATH] cm5.exe -- c:\temp\cm5.exe [-] -> KILLED [TermProc]

[sUSP PATH] workspaceupdate.exe -- C:\Users\Kamino\AppData\Local\Workspace\workspaceupdate.exe [7] -> KILLED [TermProc]

¤¤¤ Registry Entries : 4 ¤¤¤

[RUN][sUSP PATH] HKCU\[...]\Run : Starfield Updater ("C:\Users\Kamino\AppData\Local\Workspace\WorkspaceUpdate.exe" [7]) -> FOUND

[RUN][sUSP PATH] HKUS\S-1-5-21-624151497-22980530-843776449-1000\[...]\Run : Starfield Updater ("C:\Users\Kamino\AppData\Local\Workspace\WorkspaceUpdate.exe" [7]) -> FOUND

[HJ POL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND

[HJ POL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: INTEL SSDSC2CW120A ATA Device +++++

--- User ---

[MBR] 444122ba4a1f8a28b92bea90798219ed

[bSP] d94e1794f5f47faeddcdd6b93f928396 : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 114371 Mo

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive1: INTEL SSDSC2CW120A ATA Device +++++

--- User ---

[MBR] 8466bd4ad337a599c2ffde51501170e7

[bSP] 87acf557337d0c5242348f47d743a061 : Windows 7/8 MBR Code

Partition table:

0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476838 Mo

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive2: INTEL SSDSC2CW120A ATA Device +++++

--- User ---

[MBR] 76096c62a8b7700a7420d4086433fec3

[bSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code

Partition table:

0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 32768 | Size: 60890 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

Finished : << RKreport[0]_S_08302013_131408.txt >>

RKreport[0]_D_08292013_044758.txt;RKreport[0]_D_08292013_070520.txt;RKreport[0]_D_08292013_070605.txt

RKreport[0]_S_08292013_044745.txt;RKreport[0]_S_08292013_044832.txt;RKreport[0]_S_08292013_045527.txt

RKreport[0]_S_08292013_070457.txt;RKreport[0]_S_08292013_070518.txt;RKreport[0]_S_08292013_070548.txt

Maniac · August 30, 2013

Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage and read the ComboFix User's Guide:

Once you've read the article and are ready to use the program you can download it directly from the link below.
Important! - Please make sure you save combofix to your desktop and do not run it from your browser
Direct download link for: ComboFix.exe
Please make sure you disable your security applications before running ComboFix.
Once Combofix has completed it will produce and open a log file. Please be patient as it can take some time to load.
Please copy/paste the contents or attach that log file to your next reply.
If needed the file can be located here: C:\combofix.txt
NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.

Serag · August 30, 2013

ComboFix 13-08-30.02 - Kamino 30/08/2013 17:24:35.2.8 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.12266.8172 [GMT -6:00]

Running from: c:\users\Kamino\Desktop\ComboFix.exe

AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\isRS-000.tmp

.

((((((((((((((((((((((((( Files Created from 2013-07-28 to 2013-08-30 )))))))))))))))))))))))))))))))

.

2013-08-30 23:26 . 2013-08-30 23:26 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-08-30 19:05 . 2010-04-29 21:39 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys

2013-08-30 19:05 . 2013-08-30 19:08 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2013-08-30 19:05 . 2013-04-04 20:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-08-30 18:30 . 2013-08-06 08:58 9515512 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EE4F1E38-B8B7-46D6-82B4-529571FE6AFD}\mpengine.dll

2013-08-29 17:17 . 2013-08-29 17:17 -------- d-----w- c:\users\Kamino\AppData\Local\Apple

2013-08-29 17:17 . 2013-08-29 17:17 -------- d-----w- c:\users\Kamino\AppData\Local\Apple Computer

2013-08-29 17:09 . 2013-08-29 17:09 -------- d-----w- C:\FRST

2013-08-29 14:36 . 2013-08-29 14:36 -------- d-----w- c:\program files (x86)\ESET

2013-08-29 13:08 . 2013-08-29 13:08 -------- d-----w- c:\windows\ERUNT

2013-08-29 12:58 . 2013-08-29 13:07 -------- d-----w- C:\AdwCleaner

2013-08-29 11:15 . 2013-08-30 19:03 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)

2013-08-29 10:56 . 2013-08-30 21:03 -------- d-----w- c:\users\Kamino\AppData\Local\Adobe

2013-08-29 08:24 . 2013-08-29 08:24 -------- d-----w- c:\users\Kamino\AppData\Roaming\SUPERAntiSpyware.com

2013-08-29 08:24 . 2013-08-29 08:24 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2013-08-29 08:24 . 2013-08-29 13:01 -------- d-----w- c:\program files\SUPERAntiSpyware

2013-08-29 08:24 . 2013-08-29 08:24 -------- d-----w- c:\programdata\!SASCORE

2013-08-21 02:28 . 2013-08-21 02:28 -------- d-----w- c:\users\Kamino\AppData\Roaming\PDAppFlex

2013-08-20 01:37 . 2013-08-20 01:37 -------- d-----w- c:\users\Kamino\AppData\Roaming\Malwarebytes

2013-08-20 01:37 . 2013-08-20 01:37 -------- d-----w- c:\programdata\Malwarebytes

2013-08-15 12:46 . 2013-08-15 12:46 -------- d-----w- c:\users\Kamino\AppData\Local\DTClient

2013-08-15 10:58 . 2013-08-15 11:00 -------- d-----w- c:\users\Kamino\AppData\Roaming\DAEMON Tools Ultra

2013-08-15 10:57 . 2013-08-15 10:58 -------- d-----w- c:\programdata\DAEMON Tools Ultra

2013-08-15 10:55 . 2013-04-10 20:22 180088 ----a-w- c:\windows\pfolder.exe

2013-08-15 10:55 . 2013-08-15 16:01 -------- d-----w- c:\program files\Pismo File Mount Audit Package

2013-08-15 10:55 . 2013-04-10 20:17 101752 ----a-w- c:\windows\SysWow64\ptdllrun1.exe

2013-08-15 10:55 . 2013-04-10 20:17 127864 ----a-w- c:\windows\system32\ptdllrun1.exe

2013-08-13 22:44 . 2013-07-09 05:52 224256 ----a-w- c:\windows\system32\wintrust.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-08-29 14:43 . 2013-05-09 23:29 81112 ----a-w- c:\windows\system32\drivers\avnetflt.sys

2013-08-29 14:43 . 2013-03-28 07:48 132088 ----a-w- c:\windows\system32\drivers\avipbb.sys

2013-08-29 14:43 . 2013-03-28 07:48 105344 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2013-08-21 02:53 . 2013-02-06 10:13 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-08-21 02:53 . 2012-02-15 02:21 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-08-21 02:53 . 2013-02-10 00:52 17737608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe

2013-08-14 08:41 . 2012-02-15 09:22 78161360 ----a-w- c:\windows\system32\MRT.exe

2013-07-09 04:45 . 2013-08-13 22:44 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2013-07-03 14:28 . 2013-07-03 14:28 2892 ----a-w- c:\windows\SysWow64\audcon.sys

2013-07-01 23:20 . 2013-07-01 23:20 97280 ----a-w- c:\windows\system32\mshtmled.dll

2013-07-01 23:20 . 2013-07-01 23:20 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll

2013-07-01 23:20 . 2013-07-01 23:20 81408 ----a-w- c:\windows\system32\icardie.dll

2013-07-01 23:20 . 2013-07-01 23:20 762368 ----a-w- c:\windows\system32\ieapfltr.dll

2013-07-01 23:20 . 2013-07-01 23:20 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

2013-07-01 23:20 . 2013-07-01 23:20 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll

2013-07-01 23:20 . 2013-07-01 23:20 61952 ----a-w- c:\windows\SysWow64\tdc.ocx

2013-07-01 23:20 . 2013-07-01 23:20 599552 ----a-w- c:\windows\system32\vbscript.dll

2013-07-01 23:20 . 2013-07-01 23:20 523264 ----a-w- c:\windows\SysWow64\vbscript.dll

2013-07-01 23:20 . 2013-07-01 23:20 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

2013-07-01 23:20 . 2013-07-01 23:20 452096 ----a-w- c:\windows\system32\dxtmsft.dll

2013-07-01 23:20 . 2013-07-01 23:20 441856 ----a-w- c:\windows\system32\html.iec

2013-07-01 23:20 . 2013-07-01 23:20 38400 ----a-w- c:\windows\SysWow64\imgutil.dll

2013-07-01 23:20 . 2013-07-01 23:20 361984 ----a-w- c:\windows\SysWow64\html.iec

2013-07-01 23:20 . 2013-07-01 23:20 281600 ----a-w- c:\windows\system32\dxtrans.dll

2013-07-01 23:20 . 2013-07-01 23:20 27648 ----a-w- c:\windows\system32\licmgr10.dll

2013-07-01 23:20 . 2013-07-01 23:20 270848 ----a-w- c:\windows\system32\iedkcs32.dll

2013-07-01 23:20 . 2013-07-01 23:20 247296 ----a-w- c:\windows\system32\webcheck.dll

2013-07-01 23:20 . 2013-07-01 23:20 235008 ----a-w- c:\windows\system32\url.dll

2013-07-01 23:20 . 2013-07-01 23:20 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll

2013-07-01 23:20 . 2013-07-01 23:20 226304 ----a-w- c:\windows\system32\elshyph.dll

2013-07-01 23:20 . 2013-07-01 23:20 216064 ----a-w- c:\windows\system32\msls31.dll

2013-07-01 23:20 . 2013-07-01 23:20 197120 ----a-w- c:\windows\system32\msrating.dll

2013-07-01 23:20 . 2013-07-01 23:20 185344 ----a-w- c:\windows\SysWow64\elshyph.dll

2013-07-01 23:20 . 2013-07-01 23:20 167424 ----a-w- c:\windows\system32\iexpress.exe

2013-07-01 23:20 . 2013-07-01 23:20 158720 ----a-w- c:\windows\SysWow64\msls31.dll

2013-07-01 23:20 . 2013-07-01 23:20 1509376 ----a-w- c:\windows\system32\inetcpl.cpl

2013-07-01 23:20 . 2013-07-01 23:20 150528 ----a-w- c:\windows\SysWow64\iexpress.exe

2013-07-01 23:20 . 2013-07-01 23:20 144896 ----a-w- c:\windows\system32\wextract.exe

2013-07-01 23:20 . 2013-07-01 23:20 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2013-07-01 23:20 . 2013-07-01 23:20 1400416 ----a-w- c:\windows\system32\ieapfltr.dat

2013-07-01 23:20 . 2013-07-01 23:20 138752 ----a-w- c:\windows\SysWow64\wextract.exe

2013-07-01 23:20 . 2013-07-01 23:20 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2013-07-01 23:20 . 2013-07-01 23:20 12800 ----a-w- c:\windows\SysWow64\mshta.exe

2013-07-01 23:20 . 2013-07-01 23:20 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

2013-07-01 23:20 . 2013-07-01 23:20 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe

2013-07-01 23:20 . 2013-07-01 23:20 102912 ----a-w- c:\windows\system32\inseng.dll

2013-07-01 23:20 . 2013-07-01 23:20 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2013-07-01 23:20 . 2013-07-01 23:20 77312 ----a-w- c:\windows\system32\tdc.ocx

2013-07-01 23:20 . 2013-07-01 23:20 62976 ----a-w- c:\windows\system32\pngfilt.dll

2013-07-01 23:20 . 2013-07-01 23:20 52224 ----a-w- c:\windows\system32\msfeedsbs.dll

2013-07-01 23:20 . 2013-07-01 23:20 51200 ----a-w- c:\windows\system32\imgutil.dll

2013-07-01 23:20 . 2013-07-01 23:20 48640 ----a-w- c:\windows\system32\mshtmler.dll

2013-07-01 23:20 . 2013-07-01 23:20 173568 ----a-w- c:\windows\system32\ieUnatt.exe

2013-07-01 23:20 . 2013-07-01 23:20 149504 ----a-w- c:\windows\system32\occache.dll

2013-07-01 23:20 . 2013-07-01 23:20 13824 ----a-w- c:\windows\system32\mshta.exe

2013-07-01 23:20 . 2013-07-01 23:20 136192 ----a-w- c:\windows\system32\iepeers.dll

2013-07-01 23:20 . 2013-07-01 23:20 135680 ----a-w- c:\windows\system32\IEAdvpack.dll

2013-07-01 23:20 . 2013-07-01 23:20 12800 ----a-w- c:\windows\system32\msfeedssync.exe

2013-06-13 03:48 . 2013-06-18 07:26 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2013-06-13 03:48 . 2013-06-18 07:26 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll

2013-06-13 03:47 . 2013-06-18 07:26 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2013-06-05 03:34 . 2013-07-11 00:16 3153920 ----a-w- c:\windows\system32\win32k.sys

2013-06-04 06:00 . 2013-07-11 00:16 624128 ----a-w- c:\windows\system32\qedit.dll

2013-06-04 04:53 . 2013-07-11 00:16 509440 ----a-w- c:\windows\SysWow64\qedit.dll

2012-10-19 13:10 . 2012-10-19 13:10 4096000 ----a-w- c:\program files (x86)\GUT4598.tmp

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2013-05-25 00:36 130736 ----a-w- c:\users\Kamino\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2013-05-25 00:36 130736 ----a-w- c:\users\Kamino\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2013-05-25 00:36 130736 ----a-w- c:\users\Kamino\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2013-05-25 00:36 130736 ----a-w- c:\users\Kamino\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Facebook Update"="c:\users\Kamino\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-10-19 138096]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-06-21 19875432]

"Workspace Status"="c:\program files (x86)\Workspace\workspacestatus.exe" [2013-07-30 694760]

"wben"="c:\program files (x86)\Workspace\wben.exe" [2013-07-26 1569488]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-08-29 6581488]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]

"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2012-09-13 204136]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-08-29 347192]

"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]

"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]

.

c:\users\Kamino\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Kamino\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-24 27776968]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Administrador de Red Killer de Bigfoot Networks.lnk - c:\program files\Bigfoot Networks\Killer Network Manager\KillerNetManager.exe -minimized [2012-2-1 550912]

CineForm Status.lnk - c:\program files (x86)\CineForm\Tools\GoProCineFormStatusViewer.exe [2012-10-28 152064]

MOTU Pedal Service.lnk - c:\program files (x86)\MOTU\Audio\MFWAKeys.exe [2013-4-30 1457480]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"Userinit"="userinit.exe"

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ scecli c:\program files\Protector Suite\psqlpwd.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

R1 SABKUTIL;SABKUTIL;c:\program files\SUPERAntiSpyware\SABKUTIL.sys;c:\program files\SUPERAntiSpyware\SABKUTIL.sys [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 Mutual Monitor;Mutual Monitor;c:\program files\mutualpublic\Monitor.exe run;c:\program files\mutualpublic\Monitor.exe run [x]

R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

R3 HP8207_8307;HP-HP8207_8307;c:\windows\system32\DRIVERS\HP8207_8307.sys;c:\windows\SYSNATIVE\DRIVERS\HP8207_8307.sys [x]

R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]

R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]

R3 LVUVC64;Logitech Webcam C160(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]

R3 MFWAMIDI64;MOTU Audio MIDI for 64 bit;c:\windows\system32\drivers\MFWAMIDI64.sys;c:\windows\SYSNATIVE\drivers\MFWAMIDI64.sys [x]

R3 MFWAWAVE64;MOTU Audio Wave for 64 bit;c:\windows\system32\drivers\MFWAWAVE64.sys;c:\windows\SYSNATIVE\drivers\MFWAWAVE64.sys [x]

R3 MotuFWA64;MotuFWA64;c:\windows\system32\drivers\Motufwa64.sys;c:\windows\SYSNATIVE\drivers\Motufwa64.sys [x]

R3 MOTUMicroBook;MOTU MicroBook;c:\windows\system32\Drivers\MOTUMicroBook.sys;c:\windows\SYSNATIVE\Drivers\MOTUMicroBook.sys [x]

R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]

S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]

S1 BfLwf;Bigfoot Networks Bandwidth Control;c:\windows\system32\DRIVERS\bflwfx64.sys;c:\windows\SYSNATIVE\DRIVERS\bflwfx64.sys [x]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]

S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]

S2 Bigfoot Networks Killer Service;Bigfoot Networks Killer Service;c:\program files\Bigfoot Networks\Killer Network Manager\BFNService.exe;c:\program files\Bigfoot Networks\Killer Network Manager\BFNService.exe [x]

S2 File Backup;File Backup Service;c:\program files (x86)\Workspace\offSyncService.exe;c:\program files (x86)\Workspace\offSyncService.exe [x]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]

S2 MOTU_ZeroConf;MOTU_ZeroConf;c:\program files (x86)\MOTU\motuDNSResponder.exe;c:\program files (x86)\MOTU\motuDNSResponder.exe [x]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]

S3 Ak27x64;Killer Wireless-N 1102 device driver;c:\windows\system32\DRIVERS\Ak27x64.sys;c:\windows\SYSNATIVE\DRIVERS\Ak27x64.sys [x]

S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]

S3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);c:\windows\system32\DRIVERS\JME.sys;c:\windows\SYSNATIVE\DRIVERS\JME.sys [x]

S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]

S3 motubus;MOTU Audio MIDI Extension;c:\windows\system32\drivers\MotuBus64.sys;c:\windows\SYSNATIVE\drivers\MotuBus64.sys [x]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]

S3 ysusb64;Yamaha Steinberg USB Audio;c:\windows\system32\drivers\ysusb64.sys;c:\windows\SYSNATIVE\drivers\ysusb64.sys [x]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - MBAMPROTECTOR

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-08-22 04:56 1177552 ----a-w- c:\program files (x86)\Google\Chrome\Application\29.0.1547.57\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2013-08-29 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-06 02:53]

.

2013-08-29 c:\windows\Tasks\AdobeAAMUpdater-1.0-Kamino-PC-Kamino.job

- c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2013-08-21 12:09]

.

2013-08-28 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-624151497-22980530-843776449-1000Core.job

- c:\users\Kamino\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-02-24 17:45]

.

2013-08-29 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-624151497-22980530-843776449-1000UA.job

- c:\users\Kamino\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-02-24 17:45]

.

2013-08-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-14 23:34]

.

2013-08-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-14 23:34]

.

--------- X64 Entries -----------

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2013-05-25 00:36 164016 ----a-w- c:\users\Kamino\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2013-05-25 00:36 164016 ----a-w- c:\users\Kamino\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2013-05-25 00:36 164016 ----a-w- c:\users\Kamino\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2013-05-25 00:36 164016 ----a-w- c:\users\Kamino\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\off0]

@="{8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5}"

[HKEY_CLASSES_ROOT\CLSID\{8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5}]

2012-10-19 18:04 1308432 ----a-w- c:\program files (x86)\Workspace\offsyncext64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\off1]

@="{8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5}"

[HKEY_CLASSES_ROOT\CLSID\{8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5}]

2012-10-19 18:04 1308432 ----a-w- c:\program files (x86)\Workspace\offsyncext64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]

@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"

[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]

2010-04-27 21:48 5947656 ----a-w- c:\program files\Protector Suite\farchns.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]

@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"

[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]

2010-04-27 21:48 5947656 ----a-w- c:\program files\Protector Suite\farchns.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-06-11 12503184]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page =

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office10\EXCEL.EXE/3000

LSP: %SYSTEMROOT%\system32\BfLLR.dll

TCP: DhcpNameServer = 10.0.0.138

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Toolbar-10 - (no file)

AddRemove-Adobe SVG Viewer - c:\windows\System32\Adobe\SVG Viewer\Uninst.isu

AddRemove-SendSpaceWizard - c:\program files (x86)\SendSpace\Wizard\Uninstall.exe

AddRemove-SFX Machine RT VST v1.0.3 - c:\archiv~1\VSTPLU~1\SFXMAC~1\UNINST~1\UNWISE.EXE

AddRemove-SyncerSoft Analog Voice VSTi - c:\vstplugins\SyncerSoft Analog Voice VSTi\uninstall.exe

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]

"Version"=hex:76,b5,3f,27,9d,38,48,22,da,50,f9,92,39,8f,96,81,65,2a,10,eb,f8,

c1,20,cb,d8,a8,f0,71,d9,0b,95,95,5e,26,2e,87,9c,76,46,ff,8b,f5,48,39,66,40,\

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]

"Version"=hex:76,b5,3f,27,9d,38,48,22,da,50,f9,92,39,8f,96,81,65,2a,10,eb,f8,

c1,20,cb,d8,a8,f0,71,d9,0b,95,95,5e,26,2e,87,9c,76,46,ff,8b,f5,48,39,66,40,\

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2013-08-30 17:28:04

ComboFix-quarantined-files.txt 2013-08-30 23:28

ComboFix2.txt 2013-08-29 12:55

.

Pre-Run: 29,166,473,216 bytes free

Post-Run: 29,277,253,632 bytes free

.

- - End Of File - - DD29DBA41612A0BE9289E4DFC5B36913

A36C5E4F47E84449FF07ED3517B43A31

Maniac · August 31, 2013

Please scan your machine with ESET OnlineScan

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
Click the button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.
  Save it to your Desktop.
- Double click on the to download the ESET Smart Installer. icon on your Desktop.
Check "YES, I accept the Terms of Use."
Click the Start button.
Accept any security warnings from your browser.
Under Scan Settings, check "Scan Archives" and "Remove found threats"
Click Advanced settings and select the following:
- Scan potentially unwanted applications
- Scan for potentially unsafe applications
- Enable Anti-Stealth technology
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, click List Threats
Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
Click the Back button.
Click the Finish button.

Serag · August 31, 2013

C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\ApnIC[1].0 a variant of Win32/Bundled.Toolbar.Ask application

C:\AdwCleaner\Quarantine\C\Program Files (x86)\MagniPic\sprotector.dll.vir a variant of Win32/SProtector.A application cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\Program Files (x86)\MagniPic\uninstall.exe.vir Win32/SProtector.B application cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\Users\Kamino\AppData\Local\Babylon\Setup\BExternal.dll.vir a variant of Win32/Toolbar.Babylon.F application cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\Users\Kamino\AppData\Local\Babylon\Setup\IECookieLow.dll.vir a variant of Win32/Toolbar.Babylon.E application cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\Users\Kamino\AppData\Local\Babylon\Setup\Setup.exe.vir a variant of Win32/Toolbar.Babylon.H application cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\Users\Kamino\AppData\Local\Bundled software uninstaller\bi_client.exe.vir Win32/Somoto.A application cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\Windows\SysWOW64\ARFC\wrtc.exe.vir Win32/Toolbar.Perion.G application cleaned by deleting - quarantined

C:\Program Files (x86)\Avira\AntiVir Desktop\apnic.dll a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined

C:\Program Files (x86)\Avira\AntiVir Desktop\apntoolbarinstaller.exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined

C:\Program Files (x86)\Avira\AntiVir Desktop\Offercast_AVIRAV7_.exe a variant of Win32/Bundled.Toolbar.Ask.D application cleaned by deleting - quarantined

C:\System Volume Information\_restore{3352E4A5-F7F1-4D91-95CB-3C20CF37A5FE}\RP392\A0326128.exe Win32/Adware.1ClickDownload application cleaned by deleting - quarantined

C:\temp\cm5.exe probably a variant of Win32/BitCoinMiner.H application cleaned by deleting - quarantined

C:\temp\cm7.exe probably a variant of Win32/BitCoinMiner.H application cleaned by deleting - quarantined

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\ApnIC[1].0 a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined

E:\downloads 2\Adobe Premiere Pro CS3 [RH]\APPCS3_[RH].rar a variant of Win32/Keygen.AH application deleted - quarantined

E:\tooools\SetupImgBurn_2.5.7.0.exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined

E:\tooools\wares\plugins\Audio.Damage.Phase.Two.VST.v1.0.Incl.Keygen-AiR\a-adpt10.zip a variant of Win32/Keygen.AD application deleted - quarantined

E:\tooools\wares\plugins\Camel.Audio.Camel.Space.VST.v1.41.Incl.Keygen-AiR\a-ccs141.zip a variant of Win32/Keygen.AD application deleted - quarantined

E:\tooools\wares\plugins\Camel.Audio.Camel.Space.VST.v1.41.Incl.Keygen-AiR\a-ccs141\a-ccs141.rar a variant of Win32/Keygen.AD application deleted - quarantined

E:\tooools\wares\plugins\Camel.Audio.Camel.Space.VST.v1.41.Incl.Keygen-AiR\a-ccs141\a-ccs141\keygen.exe a variant of Win32/Keygen.AD application cleaned by deleting - quarantined

E:\tooools\wares\plugins\Devine.Machine.Lucifer.VST.v2.1.incl.Keygen-AiR\a-dmlv21.zip a variant of Win32/Keygen.AD application deleted - quarantined

E:\tooools\wares\plugins\Devine.Machine.V-Minion.VST.v1.0.incl.Keygen-AiR\a-dmvm10.zip a variant of Win32/Keygen.AD application deleted - quarantined

E:\tooools\wares\plugins\IK.Multimedia.AmpliTube.VST.RTAS.v2.1.incl.KeyGen-BEAT\b-amp21a.zip Win32/Keygen.FV application deleted - quarantined

E:\tooools\wares\plugins\LinPlug.SaxLab.VSTi.v1.4.incl.Keygen-AiR\a-lsl14a.zip a variant of Win32/Keygen.AD application deleted - quarantined

E:\tooools\wares\plugins\LinPlug.SaxLab.VSTi.v1.4.incl.Keygen-AiR\a-lsl14a\a-lsl14.rar a variant of Win32/Keygen.AD application deleted - quarantined

E:\tooools\wares\plugins\OhmForce.Hematohm.PRO.VST.v1.25.incl.Keygen-AiR\a-ohv125.zip a variant of Win32/Keygen.AD application deleted - quarantined

E:\tooools\wares\plugins\OhmForce.Ohmicide.VST.v1.02.Incl.Keygen-AiR\a-oov102.zip a variant of Win32/Keygen.AD application deleted - quarantined

E:\tooools\wares\plugins\OhmForce.Predatohm.PRO.VST.v1.35.incl.Keygen-AiR\a-opp135.zip a variant of Win32/Keygen.AD application deleted - quarantined

E:\tooools\wares\plugins\PSP.Audioware.MasterComp.VST.DX.RTAS.v1.0.Incl.Keygen.WORKING-AiR\a-pmc1wa.zip a variant of Win32/Keygen.AD application deleted - quarantined

E:\tooools\wares\plugins\PSP.Audioware.StereoPack.VST.DX.RTAS.v1.8.Incl.Keygen.WORKING-AiR\a-pstp18.zip a variant of Win32/Keygen.AD application deleted - quarantined

E:\tooools\wares\plugins\Synths\INTAKT~1\NATIVE~1.01-\SETUP.EXE a variant of Win32/Keygen.AA application cleaned by deleting - quarantined

E:\tooools\wares\plugins\Synths\Native Instruments Kontak#36C9A\Native Instruments Kontak#36C9C\Setup.exe a variant of Win32/Keygen.AA application cleaned by deleting - quarantined

E:\tooools\wares\plugins\Tone2.Filterbank2.VST.v2.5.Incl.Keygen-AiR\a-t2fb25.zip a variant of Win32/Keygen.AD application deleted - quarantined

E:\tooools\wares\programs\avira_free_antivirus_es.exe a variant of Win32/Bundled.Toolbar.Ask application deleted - quarantined

E:\tooools\wares\programs\SoftonicDownloader_para_windows-live-messenger-8-5.exe Win32/SoftonicDownloader.D application cleaned by deleting - quarantined

E:\tooools\wares\programs\Adobe Premiere Pro CS3 [RH]\APPCS3_[RH].rar a variant of Win32/Keygen.AH application deleted - quarantined

E:\tooools\wares\programs\SONY\Sony.Vegas.v6.0c.Incl.Keygen-SSG\Vegas Plugins\Vegas Plugin - Spicemaster.v2.0\SM2crack.exe a variant of Win32/HackTool.Patcher.AK application cleaned by deleting - quarantined

E:\tooools\wares\programs\Sound Forge 7\Sonic Foundry Sound Forge 7.0 incl keygen.exe a variant of Win32/Keygen.AQ application deleted - quarantined

E:\tooools\wares\synths\ABSYNTH 2\Native.Instruments.Absynth.v2.0.Incl.Keygen-OxYGeN (by hirnfikk)\keygen.exe a variant of Win32/Keygen.AA application cleaned by deleting - quarantined

E:\tooools\wares\synths\Absynth 2.4\Setup.exe a variant of Win32/Keygen.AA application cleaned by deleting - quarantined

E:\tooools\wares\synths\Copia de ABSYNTH 2\Native.Instruments.Absynth.v2.0.Incl.Keygen-OxYGeN (by hirnfikk)\keygen.exe a variant of Win32/Keygen.AA application cleaned by deleting - quarantined

E:\tooools\wares\synths\INTAKT~1\NATIVE~1.01-\SETUP.EXE a variant of Win32/Keygen.AA application cleaned by deleting - quarantined

E:\tooools\wares\synths\Native Instruments Kontak#36C9A\Native Instruments Kontak#36C9C\Setup.exe a variant of Win32/Keygen.AA application cleaned by deleting - quarantined

Maniac · August 31, 2013

Step 1

Download TFC to your desktop

Open the file and close any other windows.
It will close all programs itself when run, make sure to let it run uninterrupted.
Click the Start button to begin the process. The program should not take long to finish its job
Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

Step 2

Please download the Kaspersky Virus Removal Tool from here to your Desktop.

Double-click the Removal Tool.

Click the cog in the upper right corner:

Select down to and including your main drive.

Once done please select the Automatic Scan tab and press Start Scan.

Allow AVP to delete all infections found.

Once it has finished select the Report tab.

Select the Detected threats report from the left and press the Save button.

Save it to your Desktop and post the contents in your next reply.

Serag · September 1, 2013

Status: Deleted (events: 2)

31/08/2013 05:18:32 p.m. Deleted Trojan program Trojan.Win32.Yakes.asmv C:\Program Files (x86)\Steinberg\Cubase 5\VSTPlugins\A - tools\KickMaker.dll High

31/08/2013 05:18:32 p.m. Deleted Trojan program Trojan.Win32.Yakes.asmv C:\Program Files (x86)\Steinberg\VstPlugins\A - tools\KickMaker.dll High

Serag · September 2, 2013

The Avira Antivirus is still sending the virus alert.

Maniac · September 3, 2013

Please post me more information about your Avira detections.

Serag · September 4, 2013

Avira Free Antivirus

Report file date: 03 September 2013 23:56

The program is running as an unrestricted full version.

Online services are available.

Licensee : Avira Free Antivirus

Serial number : 0000149996-ADJIE-0000001

Platform : Windows 7 Home Premium

Windows version : (Service Pack 1) [6.1.7601]

Boot mode : Normally booted

Username : SYSTEM

Computer name : KAMINO-PC

Version information:

BUILD.DAT : 13.0.0.4045 54855 Bytes 12/08/2013 12:45:00

AVSCAN.EXE : 13.6.20.2100 639032 Bytes 29/08/2013 14:42:42

AVSCANRC.DLL : 13.6.20.2174 52280 Bytes 29/08/2013 14:42:42

LUKE.DLL : 13.6.20.2174 65080 Bytes 29/08/2013 14:43:00

AVSCPLR.DLL : 13.6.20.2174 92216 Bytes 29/08/2013 14:42:43

AVREG.DLL : 13.6.20.2174 250424 Bytes 29/08/2013 14:42:42

avlode.dll : 13.6.20.2174 497720 Bytes 29/08/2013 14:42:41

avlode.rdf : 13.0.1.42 26846 Bytes 28/08/2013 14:31:09

VBASE000.VDF : 7.11.70.0 66736640 Bytes 04/04/2013 17:21:52

VBASE001.VDF : 7.11.74.226 2201600 Bytes 30/04/2013 13:58:56

VBASE002.VDF : 7.11.80.60 2751488 Bytes 28/05/2013 10:01:59

VBASE003.VDF : 7.11.85.214 2162688 Bytes 21/06/2013 12:56:56

VBASE004.VDF : 7.11.91.176 3903488 Bytes 23/07/2013 15:37:02

VBASE005.VDF : 7.11.98.186 6822912 Bytes 29/08/2013 14:42:36

VBASE006.VDF : 7.11.98.187 2048 Bytes 29/08/2013 14:42:36

VBASE007.VDF : 7.11.98.188 2048 Bytes 29/08/2013 14:42:36

VBASE008.VDF : 7.11.98.189 2048 Bytes 29/08/2013 14:42:36

VBASE009.VDF : 7.11.98.190 2048 Bytes 29/08/2013 14:42:36

VBASE010.VDF : 7.11.98.191 2048 Bytes 29/08/2013 14:42:36

VBASE011.VDF : 7.11.98.192 2048 Bytes 29/08/2013 14:42:36

VBASE012.VDF : 7.11.98.193 2048 Bytes 29/08/2013 14:42:36

VBASE013.VDF : 7.11.99.52 270848 Bytes 30/08/2013 21:52:52

VBASE014.VDF : 7.11.99.167 210944 Bytes 02/09/2013 10:13:45

VBASE015.VDF : 7.11.100.3 265216 Bytes 03/09/2013 11:40:45

VBASE016.VDF : 7.11.100.4 2048 Bytes 03/09/2013 11:40:45

VBASE017.VDF : 7.11.100.5 2048 Bytes 03/09/2013 11:40:45

VBASE018.VDF : 7.11.100.6 2048 Bytes 03/09/2013 11:40:45

VBASE019.VDF : 7.11.100.7 2048 Bytes 03/09/2013 11:40:45

VBASE020.VDF : 7.11.100.8 2048 Bytes 03/09/2013 11:40:46

VBASE021.VDF : 7.11.100.9 2048 Bytes 03/09/2013 11:40:46

VBASE022.VDF : 7.11.100.10 2048 Bytes 03/09/2013 11:40:46

VBASE023.VDF : 7.11.100.11 2048 Bytes 03/09/2013 11:40:46

VBASE024.VDF : 7.11.100.12 2048 Bytes 03/09/2013 11:40:46

VBASE025.VDF : 7.11.100.13 2048 Bytes 03/09/2013 11:40:46

VBASE026.VDF : 7.11.100.14 2048 Bytes 03/09/2013 11:40:46

VBASE027.VDF : 7.11.100.15 2048 Bytes 03/09/2013 11:40:46

VBASE028.VDF : 7.11.100.16 2048 Bytes 03/09/2013 11:40:46

VBASE029.VDF : 7.11.100.17 2048 Bytes 03/09/2013 11:40:46

VBASE030.VDF : 7.11.100.18 2048 Bytes 03/09/2013 11:40:47

VBASE031.VDF : 7.11.100.92 257024 Bytes 04/09/2013 05:42:43

Engine version : 8.2.12.114

AEVDF.DLL : 8.1.3.4 102774 Bytes 13/06/2013 18:00:50

AESCRIPT.DLL : 8.1.4.146 512382 Bytes 30/08/2013 09:52:59

AESCN.DLL : 8.1.10.4 131446 Bytes 26/03/2013 13:36:31

AESBX.DLL : 8.2.16.26 1245560 Bytes 23/08/2013 15:33:08

AERDL.DLL : 8.2.0.128 688504 Bytes 13/06/2013 18:00:47

AEPACK.DLL : 8.3.2.24 749945 Bytes 20/06/2013 12:19:33

AEOFFICE.DLL : 8.1.2.76 205181 Bytes 10/08/2013 10:57:55

AEHEUR.DLL : 8.1.4.588 6091130 Bytes 30/08/2013 09:52:55

AEHELP.DLL : 8.1.27.6 266617 Bytes 27/08/2013 18:14:07

AEGEN.DLL : 8.1.7.12 442743 Bytes 10/08/2013 10:57:34

AEEXP.DLL : 8.4.1.54 311671 Bytes 30/08/2013 09:52:59

AEEMU.DLL : 8.1.3.2 393587 Bytes 19/10/2012 19:03:44

AECORE.DLL : 8.1.32.0 201081 Bytes 23/08/2013 15:32:37

AEBB.DLL : 8.1.1.4 53619 Bytes 06/11/2012 23:48:50

AVWINLL.DLL : 13.6.20.2174 23608 Bytes 29/08/2013 14:42:25

AVPREF.DLL : 13.6.20.2174 48184 Bytes 29/08/2013 14:42:42

AVREP.DLL : 13.6.20.2174 175672 Bytes 29/08/2013 14:42:42

AVARKT.DLL : 13.6.20.2174 258104 Bytes 29/08/2013 14:42:38

AVEVTLOG.DLL : 13.6.20.2174 165432 Bytes 29/08/2013 14:42:40

SQLITE3.DLL : 3.7.0.1 397704 Bytes 01/03/2013 20:01:00

AVSMTP.DLL : 13.6.20.2174 60472 Bytes 29/08/2013 14:42:43

NETNT.DLL : 13.6.20.2174 13368 Bytes 29/08/2013 14:43:00

RCIMAGE.DLL : 13.6.20.2174 4788792 Bytes 29/08/2013 14:42:25

RCTEXT.DLL : 13.6.20.2174 66616 Bytes 29/08/2013 14:42:25

Configuration settings for the scan:

Jobname.............................: AVGuardAsyncScan

Configuration file..................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_5226c858\guard_slideup.avp

Reporting...........................: default

Primary action......................: Repair

Secondary action....................: Quarantine

Scan master boot sector.............: on

Scan boot sector....................: off

Process scan........................: on

Scan registry.......................: off

Search for rootkits.................: off

Integrity checking of system files..: off

Scan all files......................: All files

Scan archives.......................: on

Limit recursion depth...............: 20

Smart extensions....................: on

Macrovirus heuristic................: on

File heuristic......................: Complete

Start of the scan: 03 September 2013 23:56

The scan of running processes will be started:

Scan process 'svchost.exe' - '52' Module(s) have been scanned

Scan process 'nvvsvc.exe' - '35' Module(s) have been scanned

Scan process 'svchost.exe' - '39' Module(s) have been scanned

Scan process 'svchost.exe' - '78' Module(s) have been scanned

Scan process 'svchost.exe' - '100' Module(s) have been scanned

Scan process 'svchost.exe' - '63' Module(s) have been scanned

Scan process 'svchost.exe' - '164' Module(s) have been scanned

Scan process 'svchost.exe' - '84' Module(s) have been scanned

Scan process 'spoolsv.exe' - '85' Module(s) have been scanned

Scan process 'svchost.exe' - '40' Module(s) have been scanned

Scan process 'sched.exe' - '47' Module(s) have been scanned

Scan process 'svchost.exe' - '64' Module(s) have been scanned

Scan process 'WUDFHost.exe' - '30' Module(s) have been scanned

Scan process 'SASCORE64.EXE' - '23' Module(s) have been scanned

Scan process 'armsvc.exe' - '28' Module(s) have been scanned

Scan process 'avguard.exe' - '108' Module(s) have been scanned

Scan process 'AppleMobileDeviceService.exe' - '74' Module(s) have been scanned

Scan process 'BFNService.exe' - '56' Module(s) have been scanned

Scan process 'offSyncService.exe' - '29' Module(s) have been scanned

Scan process 'mbamscheduler.exe' - '37' Module(s) have been scanned

Scan process 'mbamservice.exe' - '45' Module(s) have been scanned

Scan process 'motuDNSResponder.exe' - '41' Module(s) have been scanned

Scan process 'Monitor.exe' - '44' Module(s) have been scanned

Scan process 'NBService.exe' - '50' Module(s) have been scanned

Scan process 'c2c_service.exe' - '44' Module(s) have been scanned

Scan process 'nvSCPAPISvr.exe' - '34' Module(s) have been scanned

Scan process 'svchost.exe' - '32' Module(s) have been scanned

Scan process 'svchost.exe' - '63' Module(s) have been scanned

Scan process 'upeksvr.exe' - '54' Module(s) have been scanned

Scan process 'Dwm.exe' - '31' Module(s) have been scanned

Scan process 'Explorer.EXE' - '170' Module(s) have been scanned

Scan process 'mbamgui.exe' - '39' Module(s) have been scanned

Scan process 'SynTPEnh.exe' - '63' Module(s) have been scanned

Scan process 'RAVCpl64.exe' - '42' Module(s) have been scanned

Scan process 'FacebookUpdate.exe' - '37' Module(s) have been scanned

Scan process 'Skype.exe' - '130' Module(s) have been scanned

Scan process 'workspacestatus.exe' - '42' Module(s) have been scanned

Scan process 'wben.exe' - '48' Module(s) have been scanned

Scan process 'SUPERANTISPYWARE.EXE' - '85' Module(s) have been scanned

Scan process 'sidebar.exe' - '83' Module(s) have been scanned

Scan process 'workspaceupdate.exe' - '39' Module(s) have been scanned

Scan process 'KillerNetManager.exe' - '73' Module(s) have been scanned

Scan process 'GoProCineFormStatusViewer.exe' - '38' Module(s) have been scanned

Scan process 'iTunesHelper.exe' - '79' Module(s) have been scanned

Scan process 'MFWAKeys.exe' - '34' Module(s) have been scanned

Scan process 'LWS.exe' - '43' Module(s) have been scanned

Scan process 'Dropbox.exe' - '93' Module(s) have been scanned

Scan process 'avgnt.exe' - '94' Module(s) have been scanned

Scan process 'DllHost.exe' - '39' Module(s) have been scanned

Scan process 'jusched.exe' - '34' Module(s) have been scanned

Scan process 'NvXDSync.exe' - '40' Module(s) have been scanned

Scan process 'nvvsvc.exe' - '47' Module(s) have been scanned

Scan process 'chrome.exe' - '108' Module(s) have been scanned

Scan process 'chrome.exe' - '63' Module(s) have been scanned

Scan process 'avshadow.exe' - '20' Module(s) have been scanned

Scan process 'SearchIndexer.exe' - '55' Module(s) have been scanned

Scan process 'iPodService.exe' - '33' Module(s) have been scanned

Scan process 'svchost.exe' - '34' Module(s) have been scanned

Scan process 'SynTPHelper.exe' - '17' Module(s) have been scanned

Scan process 'chrome.exe' - '44' Module(s) have been scanned

Scan process 'chrome.exe' - '45' Module(s) have been scanned

Scan process 'chrome.exe' - '44' Module(s) have been scanned

Scan process 'GoogleUpdate.exe' - '52' Module(s) have been scanned

Scan process 'LMS.exe' - '33' Module(s) have been scanned

Scan process 'UNS.exe' - '45' Module(s) have been scanned

Scan process 'TrustedInstaller.exe' - '49' Module(s) have been scanned

Scan process 'sppsvc.exe' - '35' Module(s) have been scanned

Scan process 'avscan.exe' - '111' Module(s) have been scanned

Scan process 'DllHost.exe' - '48' Module(s) have been scanned

Scan process 'avcenter.exe' - '90' Module(s) have been scanned

Scan process 'smss.exe' - '2' Module(s) have been scanned

Scan process 'csrss.exe' - '18' Module(s) have been scanned

Scan process 'wininit.exe' - '26' Module(s) have been scanned

Scan process 'csrss.exe' - '16' Module(s) have been scanned

Scan process 'services.exe' - '38' Module(s) have been scanned

Scan process 'lsass.exe' - '85' Module(s) have been scanned

Scan process 'lsm.exe' - '16' Module(s) have been scanned

Scan process 'winlogon.exe' - '30' Module(s) have been scanned

Starting the file scan:

Begin scan in 'C:\temp\cm5.exe'

C:\temp\cm5.exe

[DETECTION] Is the TR/BitCoinMiner.Gen Trojan

[NOTE] The file was moved to the quarantine directory under the name '54f55eeb.qua'!

End of the scan: 03 September 2013 23:56

Used time: 00:07 Minute(s)

The scan has been done completely.

0 Scanned directories

1748 Files were scanned

1 Viruses and/or unwanted programs were found

0 Files were classified as suspicious

0 Files were deleted

0 Viruses and unwanted programs were repaired

1 Files were moved to quarantine

0 Files were renamed

0 Files cannot be scanned

1747 Files not concerned

5 Archives were scanned

0 Warnings

1 Notes

Maniac · September 5, 2013

Please manually delete your ComboFix copy and download a new fresh one.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KillAll::
File::
C:\temp\cm5.exe

Save this as CFScript.txt, in the same location as ComboFix.exe

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Serag · September 5, 2013

ComboFix 13-09-04.04 - Kamino 05/09/2013 7:14.4.8 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.12266.9218 [GMT -6:00]

Running from: c:\users\Kamino\Desktop\ComboFix.exe

Command switches used :: c:\users\Kamino\Desktop\CFScript.txt

AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

FILE ::

"c:\temp\cm5.exe"

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\temp\cm5.exe

.

((((((((((((((((((((((((( Files Created from 2013-08-05 to 2013-09-05 )))))))))))))))))))))))))))))))

.

2013-09-05 13:17 . 2013-09-05 13:17 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-09-04 00:16 . 2013-09-04 00:16 -------- d-----w- c:\program files\REAPER

2013-09-03 11:44 . 2013-08-06 08:58 9515512 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5B3170E5-B8CE-43E5-A4FB-A5092CA07359}\mpengine.dll

2013-08-31 22:34 . 2013-08-31 22:34 -------- d-----w- c:\programdata\Kaspersky Lab