Jump to content

Bitcoin Trojan?


Recommended Posts

Hi,

 

I downloaded some Bitcoin mining software and noticed my GPU was running at 100% after I'd uninstalled it. I've tried various anti malware solutions but it always comes back when I restart. I'd really appreciate your help.

 

DDS.txt

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16720  BrowserJavaVersion: 10.15.2
Run by howells at 9:15:28 on 2013-11-02
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.8175.6019 [GMT 0:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\schtasks.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k secsvcs
c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
C:\Program Files (x86)\ASRock Utility\AXTU\Bin\AsrXTU.exe
c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Users\howells\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Users\howells\AppData\Roaming\Spotify\spotify.exe
C:\Users\howells\AppData\Roaming\Search Protection\SearchProtection.exe
C:\Program Files (x86)\XFastUsb\XFastUsb.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Users\howells\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\howells\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\howells\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\howells\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
"C:\Windows\temp\svchost.exe" -o http://p.0839f88ae61efaa3e91fdf5b732b242f.com:3000 --scrypt -O ltc:ltc -l 1 -I 12 -w 64
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Users\howells\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\howells\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\howells\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\howells\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\howells\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\howells\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\howells\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\howells\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [spotify Web Helper] "C:\Users\howells\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [spotify] "C:\Users\howells\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [searchProtection] "C:\Users\howells\AppData\Roaming\Search Protection\SearchProtection.EXE" /autostart
mRun: [XFastUsb] C:\Program Files (x86)\XFastUsb\XFastUsb.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
TCP: NameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{E5936667-BE02-420D-9C67-E6B5CDFE9D10} : DHCPNameServer = 194.168.4.100 194.168.8.100
SSODL: WebCheck - <orphaned>
x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
x64-Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R1 AsrAppCharger;AsrAppCharger;C:\Windows\System32\drivers\AsrAppCharger.sys [2012-8-30 15368]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-8-24 283064]
R1 FNETURPX;FNETURPX;C:\Windows\System32\drivers\FNETURPX.SYS [2012-8-30 15936]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-10-29 239616]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-8-30 2656280]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-9-24 94208]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2012-8-30 76912]
R3 RTCore64;RTCore64;C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [2013-10-25 13480]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 123856]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-8-30 1255736]
.
=============== Created Last 30 ================
.
2013-11-02 05:16:47 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7418DD6A-0FC2-4D40-AF81-40D1F563D160}\offreg.dll
2013-11-01 18:31:43 10280728 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7418DD6A-0FC2-4D40-AF81-40D1F563D160}\mpengine.dll
2013-11-01 18:29:37 669944 ----a-w- C:\Windows\SysWow64\scrypt130511Bartsglg2tc4032w64l4.bin
2013-10-31 22:33:32 -------- d-sh--w- C:\$RECYCLE.BIN
2013-10-31 22:23:47 98816 ----a-w- C:\Windows\sed.exe
2013-10-31 22:23:47 256000 ----a-w- C:\Windows\PEV.exe
2013-10-31 22:23:47 208896 ----a-w- C:\Windows\MBR.exe
2013-10-31 22:09:48 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2013-10-31 21:13:09 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-10-31 21:13:09 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-31 21:03:36 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2013-10-31 21:03:36 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
2013-10-31 21:03:36 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2013-10-31 21:03:36 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2013-10-31 21:03:36 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2013-10-31 21:03:36 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2013-10-31 21:03:36 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2013-10-31 20:55:35 -------- d-----w- C:\Users\howells\AppData\Roaming\AVAST Software
2013-10-30 20:37:10 -------- d-----w- C:\Users\howells\AppData\Roaming\library_dir
2013-10-30 20:14:10 -------- d-----w- C:\Users\howells\AppData\Roaming\Raptr
2013-10-30 20:14:10 -------- d-----w- C:\Program Files (x86)\Raptr
2013-10-30 20:14:07 -------- d-----w- C:\Program Files (x86)\AMD AVT
2013-10-30 09:20:58 556404 ----a-w- C:\Windows\SysWow64\phatk121016Bartsv2w128l4.bin
2013-10-29 22:33:04 78432 ----a-w- C:\Windows\System32\atimpc64.dll
2013-10-29 22:33:04 78432 ----a-w- C:\Windows\System32\amdpcom64.dll
2013-10-29 22:33:04 71704 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2013-10-29 22:33:04 71704 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2013-10-29 22:32:58 126336 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2013-10-29 22:32:56 115512 ----a-w- C:\Windows\System32\atiu9p64.dll
2013-10-29 22:32:44 8412168 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2013-10-29 22:32:26 8927704 ----a-w- C:\Windows\System32\atiumd6a.dll
2013-10-29 22:32:24 7751408 ----a-w- C:\Windows\System32\atiumd64.dll
2013-10-29 22:30:26 13198848 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2013-10-29 22:16:54 230912 ----a-w- C:\Windows\System32\clinfo.exe
2013-10-29 22:16:36 100352 ----a-w- C:\Windows\System32\OpenVideo64.dll
2013-10-29 22:16:30 83968 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2013-10-29 22:16:24 86528 ----a-w- C:\Windows\System32\OVDecode64.dll
2013-10-29 22:16:18 73728 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2013-10-29 22:16:00 29363712 ----a-w- C:\Windows\System32\amdocl64.dll
2013-10-29 22:11:26 63488 ----a-w- C:\Windows\System32\OpenCL.dll
2013-10-29 22:11:02 129536 ----a-w- C:\Windows\System32\coinst_13.25.18.dll
2013-10-29 21:53:44 26350592 ----a-w- C:\Windows\System32\atio6axx.dll
2013-10-29 21:50:38 368640 ----a-w- C:\Windows\System32\atiapfxx.exe
2013-10-29 21:50:28 62464 ----a-w- C:\Windows\System32\aticalrt64.dll
2013-10-29 21:50:26 52224 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2013-10-29 21:50:20 55808 ----a-w- C:\Windows\System32\aticalcl64.dll
2013-10-29 21:50:18 49152 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2013-10-29 21:50:02 15716352 ----a-w- C:\Windows\System32\aticaldd64.dll
2013-10-29 21:46:54 14302208 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2013-10-29 21:35:38 22156288 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2013-10-29 21:31:08 442368 ----a-w- C:\Windows\System32\atidemgy.dll
2013-10-29 21:30:58 31232 ----a-w- C:\Windows\System32\atimuixx.dll
2013-10-29 21:30:50 585216 ----a-w- C:\Windows\System32\atieclxx.exe
2013-10-29 21:30:00 239616 ----a-w- C:\Windows\System32\atiesrxx.exe
2013-10-29 21:28:32 190976 ----a-w- C:\Windows\System32\atitmm64.dll
2013-10-29 21:00:36 1145344 ----a-w- C:\Windows\System32\atiadlxx.dll
2013-10-29 21:00:08 74752 ----a-w- C:\Windows\System32\atig6pxx.dll
2013-10-29 21:00:04 69632 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2013-10-29 21:00:04 69632 ----a-w- C:\Windows\System32\atiglpxx.dll
2013-10-29 21:00:00 100352 ----a-w- C:\Windows\System32\atig6txx.dll
2013-10-29 20:59:42 624128 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2013-10-29 20:56:14 43520 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2013-10-29 18:27:14 51200 ----a-w- C:\Windows\System32\kdbsdk64.dll
2013-10-29 18:22:24 38912 ----a-w- C:\Windows\SysWow64\kdbsdk32.dll
2013-10-12 18:19:49 -------- d-----w- C:\Program Files (x86)\The Wolf Among Us
2013-10-12 18:18:29 -------- d-s---w- C:\Windows\SysWow64\Microsoft
2013-10-12 17:37:18 108968 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2013-10-12 17:30:16 -------- d-----w- C:\Users\howells\AppData\Roaming\Malwarebytes
2013-10-12 17:30:01 -------- d-----w- C:\ProgramData\Malwarebytes
2013-10-12 17:29:24 -------- d-----w- C:\ProgramData\AVAST Software
2013-10-10 02:13:09 633856 ----a-w- C:\Windows\System32\comctl32.dll
2013-10-09 10:49:30 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-10-09 10:49:30 -------- d-----w- C:\Program Files\iTunes
2013-10-09 10:49:30 -------- d-----w- C:\Program Files\iPod
2013-10-09 10:49:30 -------- d-----w- C:\Program Files (x86)\iTunes
2013-10-09 10:47:43 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin5.dll
2013-10-09 10:47:43 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin4.dll
2013-10-09 10:47:43 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin3.dll
2013-10-09 10:47:43 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin2.dll
2013-10-09 10:47:43 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin.dll
2013-10-09 06:43:03 17750408 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2013-10-06 18:46:03 -------- d-----w- C:\saves
2013-10-06 06:40:37 -------- d-----w- C:\Program Files\Dolphin 4.0
.
==================== Find3M  ====================
.
2013-10-29 22:32:58 143304 ----a-w- C:\Windows\System32\atiuxp64.dll
2013-10-29 22:32:56 98496 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2013-10-29 22:32:54 1318040 ----a-w- C:\Windows\System32\aticfx64.dll
2013-10-29 22:32:52 1099704 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2013-10-29 22:32:48 9763576 ----a-w- C:\Windows\System32\atidxx64.dll
2013-10-29 22:32:38 8287008 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2013-10-29 22:32:32 6630232 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2013-10-29 22:13:36 24846848 ----a-w- C:\Windows\SysWow64\amdocl.dll
2013-10-29 22:11:22 57344 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2013-10-29 21:00:24 825856 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2013-10-29 20:59:52 96768 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2013-10-12 17:45:20 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-12 17:45:20 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-10-12 17:37:03 973736 ----a-w- C:\Windows\System32\deployJava1.dll
2013-10-12 17:37:03 1095080 ----a-w- C:\Windows\System32\npDeployJava1.dll
2013-09-24 14:53:50 94208 ----a-w- C:\Windows\System32\drivers\AtihdW76.sys
2013-09-24 14:51:26 110080 ----a-w- C:\Windows\System32\DelayAPO.dll
2013-09-22 23:28:06 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-09-22 23:27:49 2876928 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-09-22 23:27:48 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-09-22 23:27:48 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-09-22 22:55:10 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-09-22 22:54:51 3959296 ----a-w- C:\Windows\System32\jscript9.dll
2013-09-22 22:54:50 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-09-22 22:54:50 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-09-21 03:38:39 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-09-21 03:30:24 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-09-21 02:48:36 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-09-21 02:39:47 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-09-14 01:10:19 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2013-09-08 02:30:37 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-09-08 02:27:14 327168 ----a-w- C:\Windows\System32\mswsock.dll
2013-09-08 02:03:58 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll
2013-09-03 13:35:10 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-08-30 23:47:50 995342 ----a-w- C:\Windows\SysWow64\amdocl_as32.exe
2013-08-30 23:47:50 798734 ----a-w- C:\Windows\SysWow64\amdocl_ld32.exe
2013-08-30 23:47:50 1187342 ----a-w- C:\Windows\System32\amdocl_as64.exe
2013-08-30 23:47:50 1061902 ----a-w- C:\Windows\System32\amdocl_ld64.exe
2013-08-29 02:17:48 5549504 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-08-29 02:16:35 1732032 ----a-w- C:\Windows\System32\ntdll.dll
2013-08-29 02:16:28 243712 ----a-w- C:\Windows\System32\wow64.dll
2013-08-29 02:16:14 859648 ----a-w- C:\Windows\System32\tdh.dll
2013-08-29 02:13:28 878080 ----a-w- C:\Windows\System32\advapi32.dll
2013-08-29 01:51:45 3969472 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-08-29 01:51:45 3914176 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-08-29 01:50:31 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-08-29 01:50:30 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-08-29 01:50:16 619520 ----a-w- C:\Windows\SysWow64\tdh.dll
2013-08-29 01:48:17 640512 ----a-w- C:\Windows\SysWow64\advapi32.dll
2013-08-29 01:48:15 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2013-08-29 00:49:53 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-08-29 00:49:52 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-08-29 00:49:52 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-08-29 00:49:49 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-08-28 01:21:06 3155968 ----a-w- C:\Windows\System32\win32k.sys
2013-08-28 01:12:33 461312 ----a-w- C:\Windows\System32\scavengeui.dll
2013-08-24 13:10:27 283064 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2013-08-05 02:25:45 155584 ----a-w- C:\Windows\System32\drivers\ataport.sys
.
============= FINISH:  9:15:42.49 ===============
 
 
Attach.txt
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume1
Install Date: 30/08/2012 04:16:03
System Uptime: 01/11/2013 18:27:10 (15 hours ago)
.
Motherboard: ASRock |  | H61M-S
Processor: Intel® Pentium® CPU G840 @ 2.80GHz | CPUSocket | 2800/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 931 GiB total, 501.204 GiB free.
D: is CDROM ()
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP216: 30/10/2013 09:01:42 - Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
RP217: 30/10/2013 09:04:45 - Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
RP218: 30/10/2013 20:07:29 - Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
RP219: 30/10/2013 20:10:33 - Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
RP220: 31/10/2013 20:54:50 - avast! antivirus system restore point
RP221: 31/10/2013 21:03:37 - Windows Update
RP222: 31/10/2013 21:55:35 - avast! antivirus system restore point
RP223: 31/10/2013 22:19:27 - Malwarebytes Anti-Rootkit Restore Point
.
==== Installed Programs ======================
.
7-Zip 9.20 (x64 edition)
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.8)
AMD Accelerated Video Transcoding
AMD APP SDK Runtime
AMD Catalyst Control Center
AMD Catalyst Install Manager
AMD Drag and Drop Transcoding
AMD Media Foundation Decoders
AMD Wireless Display v3.0
Anodyne
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASRock App Charger v1.0.4
ASRock eXtreme Tuner v0.1.169
ASRock InstantBoot v1.26
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
µTorrent
Awesomenauts
Bastion
Bonjour
Borderlands 2
Capsized
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
Cave Story+
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
DAEMON Tools Lite
Deepak Fights Robots
Deus Ex: Human Revolution
Divekick
Dolphin 4.0
English Country Tune
eReg
Euro Truck Simulator 2
Fraps
FTL: Faster Than Light
GameMaker: Studio
Gemini Rue
GOG.com Downloader version 3.2.14
Gone Home
Google Chrome
Hidden in Plain Sight
Home
Hotline Miami
Intel® Management Engine Components
iTunes
Java 7 Update 15
Java 7 Update 40 (64-bit)
Java Auto Updater
Just Cause 2
Kairo
Kentucky Route Zero
Little Inferno
Logitech SetPoint 6.32
Lone Survivor
Malwarebytes Anti-Malware version 1.75.0.1300
Mark of the Ninja
Metro 2033
Microsoft .NET Framework 4.5
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106
Microsoft Xbox 360 Accessories 1.2
Microsoft XNA Framework Redistributable 3.1
Microsoft XNA Framework Redistributable 4.0 Refresh
Mirror's Edge
Monaco
MSI Afterburner 3.0.0 Beta 16
NVIDIA PhysX
Offspring Fling!
Portal 2 Publishing Tool
Proteus
QuickTime
Raptr
Realtek High Definition Audio Driver
SABnzbd 0.7.14
Search Protection
Security Update for Microsoft .NET Framework 4.5 (KB2737083)
Security Update for Microsoft .NET Framework 4.5 (KB2742613)
Security Update for Microsoft .NET Framework 4.5 (KB2789648)
Security Update for Microsoft .NET Framework 4.5 (KB2804582)
Security Update for Microsoft .NET Framework 4.5 (KB2833957)
Security Update for Microsoft .NET Framework 4.5 (KB2840642v2)
Security Update for Microsoft .NET Framework 4.5 (KB2861208)
Sonos Controller
Source SDK Base 2007
Spelunky
Spotify
Steam
Super Hexagon
Teleglitch: Die More Edition
The Dig
The Stanley Parable
The Stanley Parable Demo
The Wolf Among Us
Thomas Was Alone
Tiny and Big: Grandpa's Leftovers
Update for Microsoft .NET Framework 4.5 (KB2750147)
Update for Microsoft .NET Framework 4.5 (KB2805221)
Update for Microsoft .NET Framework 4.5 (KB2805226)
VLC media player 2.1.0
VVVVVV
Windows Live ID Sign-in Assistant
XBMC
XFastUsb
.
==== Event Viewer Messages From Past Week ========
.
31/10/2013 22:32:02, Error: Service Control Manager [7030]  - The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
31/10/2013 22:31:40, Error: Application Popup [1060]  - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
31/10/2013 22:10:21, Error: mbamchameleon [61440]  - 
31/10/2013 21:59:14, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
31/10/2013 21:59:13, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
31/10/2013 21:59:13, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
31/10/2013 21:59:13, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
31/10/2013 21:59:13, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
31/10/2013 21:59:11, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
31/10/2013 21:59:05, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
31/10/2013 21:58:58, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD AsrAppCharger DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Wanarpv6 WfpLwf
31/10/2013 21:58:58, Error: Service Control Manager [7001]  - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
31/10/2013 21:58:58, Error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
31/10/2013 21:58:58, Error: Service Control Manager [7001]  - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error:  A device attached to the system is not functioning.
31/10/2013 21:58:58, Error: Service Control Manager [7001]  - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
31/10/2013 21:58:58, Error: Service Control Manager [7001]  - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
31/10/2013 21:58:58, Error: Service Control Manager [7001]  - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error:  A device attached to the system is not functioning.
31/10/2013 21:58:58, Error: Service Control Manager [7001]  - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
31/10/2013 21:58:58, Error: Service Control Manager [7001]  - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
31/10/2013 21:58:58, Error: Service Control Manager [7001]  - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
31/10/2013 21:58:58, Error: Service Control Manager [7001]  - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
31/10/2013 21:31:56, Error: Service Control Manager [7022]  - The Windows Update service hung on starting.
31/10/2013 20:55:12, Error: Service Control Manager [7030]  - The avast! Antivirus service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
30/10/2013 19:55:54, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
30/10/2013 19:55:54, Error: Service Control Manager [7000]  - The Steam Client Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================
 

 

Link to post
Share on other sites

Hello and post-32477-1261866970.gif

 

P2P/Piracy Warning:

 

   

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Next,

 

You appear to have run Combofix, do you have that log? will be here C:\Combofix.txt

 

Next,

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Kevin

Link to post
Share on other sites

Ah, yeah, know I shouldn't have run combofix without posting first but was trying everything. Silly of me. Will follow your instructions to the letter from here on, don't worry.

 

ComboFix 13-10-31.01 - howells 31/10/2013  22:25:36.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.8175.6487 [GMT 0:00]
Running from: c:\users\howells\Downloads\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\users\howells\AppData\Roaming\poclbm
c:\users\howells\AppData\Roaming\poclbm\poclbm.ini
c:\windows\SwSys1.bmp
c:\windows\SwSys2.bmp
c:\windows\SysWow64\frapsvid.dll
.
.
(((((((((((((((((((((((((   Files Created from 2013-09-28 to 2013-10-31  )))))))))))))))))))))))))))))))
.
.
2013-10-31 22:31 . 2013-10-31 22:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-10-31 22:10 . 2013-10-31 22:10 116440 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2013-10-31 22:09 . 2013-10-31 22:09 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2013-10-31 21:13 . 2013-10-31 21:13 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-10-31 21:13 . 2013-04-04 14:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-10-31 21:03 . 2013-09-04 12:12 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-10-31 21:03 . 2013-09-04 12:11 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-10-31 21:03 . 2013-09-04 12:11 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-10-31 21:03 . 2013-09-04 12:11 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys
2013-10-31 21:03 . 2013-09-04 12:11 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2013-10-31 21:03 . 2013-09-04 12:11 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2013-10-31 21:03 . 2013-09-04 12:11 7808 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-10-31 20:55 . 2013-10-31 20:55 -------- d-----w- c:\users\howells\AppData\Roaming\AVAST Software
2013-10-30 20:37 . 2013-10-30 20:37 -------- d-----w- c:\users\howells\AppData\Roaming\library_dir
2013-10-30 20:17 . 2013-10-30 20:17 -------- d-----w- c:\programdata\ATI
2013-10-30 20:14 . 2013-10-31 19:44 -------- d-----w- c:\users\howells\AppData\Roaming\Raptr
2013-10-30 20:14 . 2013-10-30 20:37 -------- d-----w- c:\program files (x86)\Raptr
2013-10-30 20:14 . 2013-10-30 20:14 -------- d-----w- c:\program files (x86)\AMD AVT
2013-10-30 09:20 . 2013-10-30 09:20 556404 ----a-w- c:\windows\SysWow64\phatk121016Bartsv2w128l4.bin
2013-10-29 22:33 . 2013-10-29 22:33 78432 ----a-w- c:\windows\system32\atimpc64.dll
2013-10-29 22:33 . 2013-10-29 22:33 78432 ----a-w- c:\windows\system32\amdpcom64.dll
2013-10-29 22:33 . 2013-10-29 22:33 71704 ----a-w- c:\windows\SysWow64\atimpc32.dll
2013-10-29 22:33 . 2013-10-29 22:33 71704 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2013-10-29 22:32 . 2013-10-29 22:32 126336 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2013-10-29 22:32 . 2013-10-29 22:32 115512 ----a-w- c:\windows\system32\atiu9p64.dll
2013-10-29 22:32 . 2013-10-29 22:32 8412168 ----a-w- c:\windows\SysWow64\atidxx32.dll
2013-10-29 22:32 . 2013-10-29 22:32 8927704 ----a-w- c:\windows\system32\atiumd6a.dll
2013-10-29 22:32 . 2013-10-29 22:32 7751408 ----a-w- c:\windows\system32\atiumd64.dll
2013-10-29 22:30 . 2013-10-29 22:30 13198848 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2013-10-29 22:16 . 2013-10-29 22:16 230912 ----a-w- c:\windows\system32\clinfo.exe
2013-10-29 22:16 . 2013-10-29 22:16 100352 ----a-w- c:\windows\system32\OpenVideo64.dll
2013-10-29 22:16 . 2013-10-29 22:16 83968 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2013-10-29 22:16 . 2013-10-29 22:16 86528 ----a-w- c:\windows\system32\OVDecode64.dll
2013-10-29 22:16 . 2013-10-29 22:16 73728 ----a-w- c:\windows\SysWow64\OVDecode.dll
2013-10-29 22:16 . 2013-10-29 22:16 29363712 ----a-w- c:\windows\system32\amdocl64.dll
2013-10-29 22:11 . 2013-10-29 22:11 63488 ----a-w- c:\windows\system32\OpenCL.dll
2013-10-29 22:11 . 2013-10-29 22:11 129536 ----a-w- c:\windows\system32\coinst_13.25.18.dll
2013-10-29 21:53 . 2013-10-29 21:53 26350592 ----a-w- c:\windows\system32\atio6axx.dll
2013-10-29 21:50 . 2013-10-29 21:50 368640 ----a-w- c:\windows\system32\atiapfxx.exe
2013-10-29 21:50 . 2013-10-29 21:50 62464 ----a-w- c:\windows\system32\aticalrt64.dll
2013-10-29 21:50 . 2013-10-29 21:50 52224 ----a-w- c:\windows\SysWow64\aticalrt.dll
2013-10-29 21:50 . 2013-10-29 21:50 55808 ----a-w- c:\windows\system32\aticalcl64.dll
2013-10-29 21:50 . 2013-10-29 21:50 49152 ----a-w- c:\windows\SysWow64\aticalcl.dll
2013-10-29 21:50 . 2013-10-29 21:50 15716352 ----a-w- c:\windows\system32\aticaldd64.dll
2013-10-29 21:46 . 2013-10-29 21:46 14302208 ----a-w- c:\windows\SysWow64\aticaldd.dll
2013-10-29 21:35 . 2013-10-29 21:35 22156288 ----a-w- c:\windows\SysWow64\atioglxx.dll
2013-10-29 21:31 . 2013-10-29 21:31 442368 ----a-w- c:\windows\system32\atidemgy.dll
2013-10-29 21:30 . 2013-10-29 21:30 31232 ----a-w- c:\windows\system32\atimuixx.dll
2013-10-29 21:30 . 2013-10-29 21:30 585216 ----a-w- c:\windows\system32\atieclxx.exe
2013-10-29 21:30 . 2013-10-29 21:30 239616 ----a-w- c:\windows\system32\atiesrxx.exe
2013-10-29 21:28 . 2013-10-29 21:28 190976 ----a-w- c:\windows\system32\atitmm64.dll
2013-10-29 21:00 . 2013-10-29 21:00 1145344 ----a-w- c:\windows\system32\atiadlxx.dll
2013-10-29 21:00 . 2013-10-29 21:00 74752 ----a-w- c:\windows\system32\atig6pxx.dll
2013-10-29 21:00 . 2013-10-29 21:00 69632 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2013-10-29 21:00 . 2013-10-29 21:00 69632 ----a-w- c:\windows\system32\atiglpxx.dll
2013-10-29 21:00 . 2013-10-29 21:00 100352 ----a-w- c:\windows\system32\atig6txx.dll
2013-10-29 20:59 . 2013-10-29 20:59 624128 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2013-10-29 20:56 . 2013-10-29 20:56 43520 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2013-10-29 18:27 . 2013-10-29 18:27 51200 ----a-w- c:\windows\system32\kdbsdk64.dll
2013-10-29 18:22 . 2013-10-29 18:22 38912 ----a-w- c:\windows\SysWow64\kdbsdk32.dll
2013-10-29 15:14 . 2013-10-14 07:12 10280728 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D9FEBF7E-A9BC-4F98-95B1-C6FECE2448B1}\mpengine.dll
2013-10-12 18:19 . 2013-10-30 19:53 -------- d-----w- c:\program files (x86)\The Wolf Among Us
2013-10-12 18:18 . 2013-10-12 18:18 -------- d-s---w- c:\windows\SysWow64\Microsoft
2013-10-12 17:37 . 2013-10-12 17:37 312744 ----a-w- c:\windows\system32\javaws.exe
2013-10-12 17:37 . 2013-10-12 17:37 108968 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2013-10-12 17:37 . 2013-10-12 17:37 189352 ----a-w- c:\windows\system32\javaw.exe
2013-10-12 17:37 . 2013-10-12 17:37 189352 ----a-w- c:\windows\system32\java.exe
2013-10-12 17:36 . 2013-10-12 17:36 -------- d-----w- c:\program files\Java
2013-10-12 17:30 . 2013-10-31 20:55 334648 ----a-w- c:\windows\system32\aswBoot.exe
2013-10-12 17:30 . 2013-10-12 17:30 -------- d-----w- c:\users\howells\AppData\Roaming\Malwarebytes
2013-10-12 17:30 . 2013-10-12 17:30 -------- d-----w- c:\programdata\Malwarebytes
2013-10-12 17:29 . 2013-10-31 21:58 -------- d-----w- c:\programdata\AVAST Software
2013-10-10 02:13 . 2013-07-12 10:41 100864 ----a-w- c:\windows\system32\drivers\usbcir.sys
2013-10-09 10:49 . 2013-10-09 10:49 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-10-09 10:49 . 2013-10-09 10:49 -------- d-----w- c:\program files\iTunes
2013-10-09 10:49 . 2013-10-09 10:49 -------- d-----w- c:\program files (x86)\iTunes
2013-10-09 10:49 . 2013-10-09 10:49 -------- d-----w- c:\program files\iPod
2013-10-09 10:47 . 2013-10-09 10:47 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2013-10-09 10:47 . 2013-10-09 10:47 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2013-10-09 10:47 . 2013-10-09 10:47 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2013-10-09 10:47 . 2013-10-09 10:47 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2013-10-09 10:47 . 2013-10-09 10:47 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2013-10-09 10:47 . 2013-10-09 10:47 -------- d-----w- c:\program files (x86)\QuickTime
2013-10-09 06:43 . 2013-10-09 12:43 17750408 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-10-06 18:46 . 2013-10-06 18:58 -------- d-----w- C:\saves
2013-10-06 06:40 . 2013-10-06 06:41 -------- d-----w- c:\program files\Dolphin 4.0
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-29 22:32 . 2012-07-28 01:13 143304 ----a-w- c:\windows\system32\atiuxp64.dll
2013-10-29 22:32 . 2012-09-28 01:10 98496 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2013-10-29 22:32 . 2012-07-28 02:13 1318040 ----a-w- c:\windows\system32\aticfx64.dll
2013-10-29 22:32 . 2013-08-31 00:13 1099704 ----a-w- c:\windows\SysWow64\aticfx32.dll
2013-10-29 22:32 . 2012-07-28 01:51 9763576 ----a-w- c:\windows\system32\atidxx64.dll
2013-10-29 22:32 . 2013-08-31 00:13 8287008 ----a-w- c:\windows\SysWow64\atiumdva.dll
2013-10-29 22:32 . 2013-08-31 00:13 6630232 ----a-w- c:\windows\SysWow64\atiumdag.dll
2013-10-29 22:13 . 2013-08-30 23:45 24846848 ----a-w- c:\windows\SysWow64\amdocl.dll
2013-10-29 22:11 . 2013-08-30 23:43 57344 ----a-w- c:\windows\SysWow64\OpenCL.dll
2013-10-29 21:00 . 2012-07-28 01:15 825856 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2013-10-29 20:59 . 2013-08-30 22:32 96768 ----a-w- c:\windows\SysWow64\atigktxx.dll
2013-10-12 17:45 . 2012-08-29 21:31 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-12 17:45 . 2012-08-29 21:31 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-10-12 17:37 . 2012-09-10 20:37 973736 ----a-w- c:\windows\system32\deployJava1.dll
2013-10-12 17:37 . 2012-09-10 20:37 1095080 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-10-11 02:00 . 2012-08-29 22:10 80541720 ----a-w- c:\windows\system32\MRT.exe
2013-09-24 14:53 . 2013-09-24 14:53 94208 ----a-w- c:\windows\system32\drivers\AtihdW76.sys
2013-09-24 14:51 . 2013-09-24 14:51 110080 ----a-w- c:\windows\system32\DelayAPO.dll
2013-09-03 13:35 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-08-30 23:47 . 2013-08-30 23:47 995342 ----a-w- c:\windows\SysWow64\amdocl_as32.exe
2013-08-30 23:47 . 2013-08-30 23:47 798734 ----a-w- c:\windows\SysWow64\amdocl_ld32.exe
2013-08-30 23:47 . 2013-08-30 23:47 1187342 ----a-w- c:\windows\system32\amdocl_as64.exe
2013-08-30 23:47 . 2013-08-30 23:47 1061902 ----a-w- c:\windows\system32\amdocl_ld64.exe
2013-08-29 01:48 . 2013-10-10 02:13 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-08-24 13:10 . 2013-08-24 13:10 283064 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2013-08-05 02:25 . 2013-09-12 02:22 155584 ----a-w- c:\windows\system32\drivers\ataport.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2013-10-30 1820584]
"Spotify Web Helper"="c:\users\howells\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-10-14 1140736]
"Spotify"="c:\users\howells\AppData\Roaming\Spotify\Spotify.exe" [2013-10-14 4752384]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-08-01 3673696]
"SearchProtection"="c:\users\howells\AppData\Roaming\Search Protection\SearchProtection.EXE" [2013-09-03 832360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"XFastUsb"="c:\program files (x86)\XFastUsb\XFastUsb.exe" [2012-08-30 4942336]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-09-03 958576]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-13 59720]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-10-01 152392]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2013-10-29 766208]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S1 AsrAppCharger;AsrAppCharger;c:\windows\system32\DRIVERS\AsrAppCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AsrAppCharger.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS;c:\windows\SYSNATIVE\drivers\FNETURPX.SYS [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 AxtuDrv;AxtuDrv;c:\windows\SysWOW64\Drivers\AxtuDrv.sys;c:\windows\SysWOW64\Drivers\AxtuDrv.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys;c:\program files (x86)\MSI Afterburner\RTCore64.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-10-31 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-29 17:45]
.
2013-10-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1979318551-951890573-3255577319-1000Core.job
- c:\users\howells\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-29 20:58]
.
2013-10-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1979318551-951890573-3255577319-1000UA.job
- c:\users\howells\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-29 20:58]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-30 11660904]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-10-01 825184]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-ASRockXTU - (no file)
Wow6432Node-HKCU-Run-zASRockInstantBoot - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
AddRemove-UnityWebPlayer - c:\users\howells\AppData\Local\Unity\WebPlayer\Uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1979318551-951890573-3255577319-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\c:\Games\Battlefield 3\B*a*t*t*l*e*f*i*e*l*d* *3*"!\Core\imageformats]
"qgif4.dll"=multi:"2011-10-10T16:42\00gif\00\00"
"qico4.dll"=multi:"2011-10-10T16:42\00ico\00\00"
"qjpeg4.dll"=multi:"2011-10-10T16:42\00jpeg\00jpg\00\00"
.
[HKEY_USERS\S-1-5-21-1979318551-951890573-3255577319-1000\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.7.false\c:\games\Battlefield 3\B*a*t*t*l*e*f*i*e*l*d* *3*"!\Core\imageformats]
"Microsoft.VC80.CRT.manifest"=multi:"0\001\00unknown\002011-10-10T16:42\00\00"
"msvcr80.dll"=multi:"0\001\00unknown\002011-10-10T16:42\00\00"
"qgif4.dll"=multi:"40703\000\00Windows msvc release full-config QT_NO_DRAGANDDROP\002011-10-10T16:42\00\00"
"qico4.dll"=multi:"40703\000\00Windows msvc release full-config QT_NO_DRAGANDDROP\002011-10-10T16:42\00\00"
"qjpeg4.dll"=multi:"40703\000\00Windows msvc release full-config QT_NO_DRAGANDDROP\002011-10-10T16:42\00\00"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-10-31  22:33:28
ComboFix-quarantined-files.txt  2013-10-31 22:33
.
Pre-Run: 537,002,463,232 bytes free
Post-Run: 538,592,006,144 bytes free
.
- - End Of File - - 241A2208EA3FB57C067EBF9D14D381C8
A36C5E4F47E84449FF07ED3517B43A31
 
FRST.txt
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-10-2013
Ran by howells (administrator) on HOWELLS-PC on 02-11-2013 09:59:10
Running from C:\Users\howells\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
() C:\Program Files (x86)\ASRock Utility\AXTU\Bin\AsrXTU.exe
(Microsoft Corporation) c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Spotify Ltd) C:\Users\howells\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Spotify Ltd) C:\Users\howells\AppData\Roaming\Spotify\spotify.exe
(Spigot, Inc.) C:\Users\howells\AppData\Roaming\Search Protection\SearchProtection.exe
(FNet Co., Ltd.) C:\Program Files (x86)\XFastUsb\XFastUsb.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
() C:\Users\howells\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\howells\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\howells\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\howells\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Windows\temp\svchost.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
() C:\Users\howells\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Google Inc.) C:\Users\howells\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\howells\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\howells\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\howells\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\howells\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\howells\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\howells\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\howells\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11660904 2010-11-30] (Realtek Semiconductor)
HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-10-07] (Logitech, Inc.)
HKLM\...\Run: [XboxStat] - C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe [825184 2009-10-01] (Microsoft Corporation)
Winlogon\Notify\LBTWlgn: C:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
HKCU\...\Run: [steam] - C:\Program Files (x86)\Steam\Steam.exe [1820584 2013-10-30] (Valve Corporation)
HKCU\...\Run: [spotify Web Helper] - C:\Users\howells\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1140736 2013-10-14] (Spotify Ltd)
HKCU\...\Run: [spotify] - C:\Users\howells\AppData\Roaming\Spotify\spotify.exe [4752384 2013-10-14] (Spotify Ltd)
HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673696 2013-08-01] (Disc Soft Ltd)
HKCU\...\Run: [searchProtection] - C:\Users\howells\AppData\Roaming\Search Protection\SearchProtection.exe [832360 2013-09-03] (Spigot, Inc.)
HKLM-x32\...\Run: [XFastUsb] - C:\Program Files (x86)\XFastUsb\XFastUsb.exe [4942336 2012-08-30] (FNet Co., Ltd.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-10-01] (Apple Inc.)
HKLM-x32\...\Run: [startCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-10-29] (Advanced Micro Devices, Inc.)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.search.yahoo.com?type=714647&fr=spigot-yhp-ie
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xE3428FBF6286CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {33BD918E-355C-4262-9FAA-1E61574F0310} URL = http://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=714647&p={searchTerms}
SearchScopes: HKCU - {33BD918E-355C-4262-9FAA-1E61574F0310} URL = http://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=714647&p={searchTerms}
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
 
Chrome: 
=======
CHR Plugin: (Shockwave Flash) - C:\Users\howells\AppData\Local\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\howells\AppData\Local\Google\Chrome\Application\30.0.1599.101\gcswf32.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\howells\AppData\Local\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\howells\AppData\Local\Google\Chrome\Application\30.0.1599.101\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Google Update) - C:\Users\howells\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Extension: (HootSuite Hootlet) - C:\Users\howells\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjgfdlplhmndoonmofmflcbiohgbkifn\4.0.10_0
CHR Extension: (YouTube) - C:\Users\howells\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (FTP Editor) - C:\Users\howells\AppData\Local\Google\Chrome\User Data\Default\Extensions\caljonifjecojdgoejokjfdffgpgliic\0.8_0
CHR Extension: (Adblock Plus) - C:\Users\howells\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.6.1_0
CHR Extension: (Google Search) - C:\Users\howells\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Box - 10GB of FREE storage) - C:\Users\howells\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejnkaeblpdcamcioiiabclakabcbjmbl\1.1.7_0
CHR Extension: (Hola Better Internet) - C:\Users\howells\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.1.878_0
CHR Extension: (TweetDeck by Twitter) - C:\Users\howells\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl\3.3.8_0
CHR Extension: (Don't Starve) - C:\Users\howells\AppData\Local\Google\Chrome\User Data\Default\Extensions\hiledapehlkhdehbhppgmekfalnlfajc\1.0.0.37_0
CHR Extension: (Feedly - News, Blogs and Youtube) - C:\Users\howells\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipbfijinpcgfogaopmgehiegacbhmob\18.1_0
CHR Extension: (Server Switcher for Google Chrome\u2122) - C:\Users\howells\AppData\Local\Google\Chrome\User Data\Default\Extensions\klbfleninpbmppkdafkdclidomgphcde\0.3_0
CHR Extension: (HootSuite) - C:\Users\howells\AppData\Local\Google\Chrome\User Data\Default\Extensions\kneloppijbcidgidihgdjnooihjcdbij\5.244_0
CHR Extension: (Redux Switch) - C:\Users\howells\AppData\Local\Google\Chrome\User Data\Default\Extensions\lojlepalmhbknppcdjggjgmopjambfen\0.4_0
CHR Extension: (Google Wallet) - C:\Users\howells\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Audio Converter) - C:\Users\howells\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojfphighcpfimfhblaigjckljcoeipga\1.1.0_0
CHR Extension: (Evernote Web Clipper) - C:\Users\howells\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc\6.0.3_0
CHR Extension: (Gmail) - C:\Users\howells\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR Extension: (Audio Cutter) - C:\Users\howells\AppData\Local\Google\Chrome\User Data\Default\Extensions\plimnkafgoiilijmlbnfoafihjjijbfp\1.2.3_0
 
==================== Services (Whitelisted) =================
 
 
==================== Drivers (Whitelisted) ====================
 
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-08-24] (Disc Soft Ltd)
R1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [15936 2012-08-30] (FNet Co., Ltd.)
R3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13480 2013-10-25] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R3 AxtuDrv; \??\C:\Windows\SysWOW64\Drivers\AxtuDrv.sys [x]
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-11-02 09:59 - 2013-11-02 09:59 - 00000000 ____D C:\FRST
2013-11-02 09:58 - 2013-11-02 09:58 - 01957098 _____ (Farbar) C:\Users\howells\Desktop\FRST64.exe
2013-11-02 09:15 - 2013-11-02 09:15 - 00018666 _____ C:\Users\howells\Desktop\dds.txt
2013-11-02 09:15 - 2013-11-02 09:15 - 00011590 _____ C:\Users\howells\Desktop\attach.txt
2013-11-02 09:14 - 2013-11-02 09:14 - 00688992 ____R (Swearware) C:\Users\howells\Desktop\dds.scr
2013-11-01 18:29 - 2013-11-01 18:29 - 00669944 _____ C:\Windows\SysWOW64\scrypt130511Bartsglg2tc4032w64l4.bin
2013-10-31 22:33 - 2013-10-31 22:33 - 00022392 _____ C:\ComboFix.txt
2013-10-31 22:24 - 2013-10-31 22:25 - 04012032 _____ C:\Users\howells\Downloads\RogueKillerX64.exe
2013-10-31 22:24 - 2013-10-31 22:24 - 00767448 _____ (Reimage®) C:\Users\howells\Downloads\ReimageRepair.exe
2013-10-31 22:23 - 2013-10-31 22:33 - 00000000 ____D C:\Qoobox
2013-10-31 22:23 - 2013-10-31 22:32 - 00000000 ____D C:\Windows\erdnt
2013-10-31 22:23 - 2013-10-31 22:23 - 05138108 _____ (Swearware) C:\Users\howells\Downloads\ComboFix (1).exe
2013-10-31 22:23 - 2011-06-26 06:45 - 00256000 _____ C:\Windows\PEV.exe
2013-10-31 22:23 - 2010-11-07 17:20 - 00208896 _____ C:\Windows\MBR.exe
2013-10-31 22:23 - 2009-04-20 04:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-10-31 22:23 - 2000-08-31 00:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-10-31 22:23 - 2000-08-31 00:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-10-31 22:23 - 2000-08-31 00:00 - 00098816 _____ C:\Windows\sed.exe
2013-10-31 22:23 - 2000-08-31 00:00 - 00080412 _____ C:\Windows\grep.exe
2013-10-31 22:23 - 2000-08-31 00:00 - 00068096 _____ C:\Windows\zip.exe
2013-10-31 22:22 - 2013-10-31 22:23 - 05138108 ____R (Swearware) C:\Users\howells\Downloads\ComboFix.exe
2013-10-31 22:09 - 2013-10-31 22:46 - 00000000 ____D C:\Users\howells\Desktop\mbar
2013-10-31 22:09 - 2013-10-31 22:35 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-10-31 22:09 - 2013-10-31 22:09 - 12576792 _____ (Malwarebytes Corp.) C:\Users\howells\Downloads\mbar-1.07.0.1007.exe
2013-10-31 21:13 - 2013-10-31 21:13 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-31 21:13 - 2013-10-31 21:13 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-31 21:13 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-10-31 21:12 - 2013-10-31 21:12 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\howells\Downloads\mbam-setup-1.75.0.1300 (1).exe
2013-10-31 21:03 - 2013-09-04 12:12 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-10-31 21:03 - 2013-09-04 12:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-10-31 21:03 - 2013-09-04 12:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-10-31 21:03 - 2013-09-04 12:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-10-31 21:03 - 2013-09-04 12:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-10-31 21:03 - 2013-09-04 12:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2013-10-31 21:03 - 2013-09-04 12:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-10-31 20:55 - 2013-10-31 20:55 - 00000000 ____D C:\Users\howells\AppData\Roaming\AVAST Software
2013-10-31 20:53 - 2013-10-31 20:53 - 85269544 _____ (AVAST Software) C:\Users\howells\Downloads\avast_free_antivirus_setup (1).exe
2013-10-30 20:37 - 2013-10-30 20:37 - 00000000 ____D C:\Users\howells\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Raptr
2013-10-30 20:37 - 2013-10-30 20:37 - 00000000 ____D C:\Users\howells\AppData\Roaming\library_dir
2013-10-30 20:17 - 2013-10-30 20:17 - 00000000 ____D C:\ProgramData\ATI
2013-10-30 20:14 - 2013-10-31 19:44 - 00000000 ____D C:\Users\howells\AppData\Roaming\Raptr
2013-10-30 20:14 - 2013-10-30 20:37 - 00000000 ____D C:\Program Files (x86)\Raptr
2013-10-30 20:14 - 2013-10-30 20:14 - 00000000 ____D C:\Program Files (x86)\AMD AVT
2013-10-30 20:13 - 2013-10-30 20:13 - 00055391 _____ C:\Windows\SysWOW64\CCCInstall_201310302013539233.log
2013-10-30 20:10 - 2013-10-30 20:10 - 00001086 _____ C:\Users\howells\Desktop\MSI Afterburner.lnk
2013-10-30 20:08 - 2013-10-30 20:09 - 19204647 _____ C:\Users\howells\Downloads\MSIAfterburnerSetup300Beta16-[Guru3D.com].zip
2013-10-30 20:00 - 2013-10-31 21:11 - 00007621 _____ C:\Users\howells\AppData\Local\Resmon.ResmonCfg
2013-10-30 09:20 - 2013-10-30 09:20 - 00556404 _____ C:\Windows\SysWOW64\phatk121016Bartsv2w128l4.bin
2013-10-30 09:08 - 2013-10-30 09:08 - 00055445 _____ C:\Windows\SysWOW64\CCCInstall_201310300908129501.log
2013-10-30 08:58 - 2013-10-30 09:00 - 207468968 _____ (Advanced Micro Devices, Inc.) C:\Users\howells\Downloads\13-9_win7_win8_64_dd_ccc_whql.exe
2013-10-29 22:33 - 2013-10-29 22:33 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atimpc64.dll
2013-10-29 22:33 - 2013-10-29 22:33 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdpcom64.dll
2013-10-29 22:33 - 2013-10-29 22:33 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
2013-10-29 22:33 - 2013-10-29 22:33 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
2013-10-29 22:32 - 2013-10-29 22:32 - 08927704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd6a.dll
2013-10-29 22:32 - 2013-10-29 22:32 - 08412168 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll
2013-10-29 22:32 - 2013-10-29 22:32 - 07751408 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd64.dll
2013-10-29 22:32 - 2013-10-29 22:32 - 00126336 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll
2013-10-29 22:32 - 2013-10-29 22:32 - 00115512 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiu9p64.dll
2013-10-29 22:30 - 2013-10-29 22:30 - 13198848 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmdag.sys
2013-10-29 22:16 - 2013-10-29 22:16 - 29363712 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl64.dll
2013-10-29 22:16 - 2013-10-29 22:16 - 00230912 _____ C:\Windows\system32\clinfo.exe
2013-10-29 22:16 - 2013-10-29 22:16 - 00100352 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\OpenVideo64.dll
2013-10-29 22:16 - 2013-10-29 22:16 - 00086528 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\OVDecode64.dll
2013-10-29 22:16 - 2013-10-29 22:16 - 00083968 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OpenVideo.dll
2013-10-29 22:16 - 2013-10-29 22:16 - 00073728 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OVDecode.dll
2013-10-29 22:11 - 2013-10-29 22:11 - 00129536 _____ (AMD) C:\Windows\system32\coinst_13.25.18.dll
2013-10-29 22:11 - 2013-10-29 22:11 - 00063488 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2013-10-29 21:53 - 2013-10-29 21:53 - 26350592 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atio6axx.dll
2013-10-29 21:50 - 2013-10-29 21:50 - 15716352 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticaldd64.dll
2013-10-29 21:50 - 2013-10-29 21:50 - 00547152 _____ C:\Windows\SysWOW64\atiapfxx.blb
2013-10-29 21:50 - 2013-10-29 21:50 - 00547152 _____ C:\Windows\system32\atiapfxx.blb
2013-10-29 21:50 - 2013-10-29 21:50 - 00368640 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiapfxx.exe
2013-10-29 21:50 - 2013-10-29 21:50 - 00062464 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalrt64.dll
2013-10-29 21:50 - 2013-10-29 21:50 - 00055808 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalcl64.dll
2013-10-29 21:50 - 2013-10-29 21:50 - 00052224 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll
2013-10-29 21:50 - 2013-10-29 21:50 - 00049152 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll
2013-10-29 21:46 - 2013-10-29 21:46 - 14302208 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll
2013-10-29 21:35 - 2013-10-29 21:35 - 22156288 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll
2013-10-29 21:31 - 2013-10-29 21:31 - 00442368 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atidemgy.dll
2013-10-29 21:30 - 2013-10-29 21:30 - 00585216 _____ (AMD) C:\Windows\system32\atieclxx.exe
2013-10-29 21:30 - 2013-10-29 21:30 - 00239616 _____ (AMD) C:\Windows\system32\atiesrxx.exe
2013-10-29 21:30 - 2013-10-29 21:30 - 00031232 _____ (AMD) C:\Windows\system32\atimuixx.dll
2013-10-29 21:28 - 2013-10-29 21:28 - 00190976 _____ (AMD) C:\Windows\system32\atitmm64.dll
2013-10-29 21:17 - 2013-10-29 21:17 - 03399312 _____ C:\Windows\system32\atiumd6a.cap
2013-10-29 21:06 - 2013-10-29 21:06 - 03433360 _____ C:\Windows\SysWOW64\atiumdva.cap
2013-10-29 21:00 - 2013-10-29 21:00 - 01145344 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiadlxx.dll
2013-10-29 21:00 - 2013-10-29 21:00 - 00100352 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6txx.dll
2013-10-29 21:00 - 2013-10-29 21:00 - 00074752 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6pxx.dll
2013-10-29 21:00 - 2013-10-29 21:00 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll
2013-10-29 21:00 - 2013-10-29 21:00 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiglpxx.dll
2013-10-29 20:59 - 2013-10-29 20:59 - 00624128 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmpag.sys
2013-10-29 20:56 - 2013-10-29 20:56 - 00043520 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\ati2erec.dll
2013-10-29 18:27 - 2013-10-29 18:27 - 00051200 _____ C:\Windows\system32\kdbsdk64.dll
2013-10-29 18:22 - 2013-10-29 18:22 - 00038912 _____ C:\Windows\SysWOW64\kdbsdk32.dll
2013-10-24 16:45 - 2013-10-24 16:45 - 164005295 _____ C:\Users\howells\Downloads\normalppl.zip
2013-10-23 17:12 - 2013-10-23 17:13 - 00415052 _____ C:\Users\howells\Downloads\UFC.166.PPV.720p.HDTV.x264-KYR.torrent
2013-10-23 17:12 - 2013-10-23 17:12 - 00129530 _____ C:\Users\howells\Downloads\UFC.166.PROPER.720p.HDTV.x264-KNOCKOUT.torrent
2013-10-12 18:19 - 2013-10-30 19:53 - 00000000 ____D C:\Program Files (x86)\The Wolf Among Us
2013-10-12 17:43 - 2013-10-12 17:43 - 18080872 _____ (Adobe Systems Inc.) C:\Users\howells\Downloads\AdobeAIRInstaller.exe
2013-10-12 17:37 - 2013-10-12 17:37 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-10-12 17:37 - 2013-10-12 17:37 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-10-12 17:37 - 2013-10-12 17:37 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-10-12 17:37 - 2013-10-12 17:37 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-10-12 17:37 - 2013-10-12 17:37 - 00001066 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-10-12 17:36 - 2013-10-12 17:36 - 00000000 ____D C:\Program Files\Java
2013-10-12 17:33 - 2013-10-12 17:33 - 30669224 _____ (Oracle Corporation) C:\Users\howells\Downloads\jre-7u40-windows-x64.exe
2013-10-12 17:33 - 2013-10-12 17:33 - 24278649 _____ C:\Users\howells\Downloads\vlc-2.1.0-win32.exe
2013-10-12 17:30 - 2013-10-31 20:55 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2013-10-12 17:30 - 2013-10-12 17:30 - 00000000 ____D C:\Users\howells\AppData\Roaming\Malwarebytes
2013-10-12 17:30 - 2013-10-12 17:30 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-12 17:30 - 2013-10-12 17:30 - 00000000 _____ C:\Windows\SysWOW64\config.nt
2013-10-12 17:29 - 2013-10-31 21:58 - 00000000 ____D C:\ProgramData\AVAST Software
2013-10-12 17:28 - 2013-10-12 17:29 - 131918888 _____ C:\Users\howells\Downloads\avast_free_antivirus_setup.exe
2013-10-12 17:28 - 2013-10-12 17:29 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\howells\Downloads\mbam-setup-1.75.0.1300.exe
2013-10-11 02:23 - 2013-11-01 18:27 - 00002968 _____ C:\Windows\System32\Tasks\AsrXTU
2013-10-11 02:02 - 2013-09-22 23:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-10-11 02:02 - 2013-09-22 23:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-10-11 02:02 - 2013-09-22 23:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-10-11 02:02 - 2013-09-22 23:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-10-11 02:02 - 2013-09-22 23:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-10-11 02:02 - 2013-09-22 23:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-10-11 02:02 - 2013-09-22 23:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-10-11 02:02 - 2013-09-22 23:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-10-11 02:02 - 2013-09-22 23:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-10-11 02:02 - 2013-09-22 23:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-10-11 02:02 - 2013-09-22 23:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-10-11 02:02 - 2013-09-22 23:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-10-11 02:02 - 2013-09-22 23:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-10-11 02:02 - 2013-09-22 22:55 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-11 02:02 - 2013-09-22 22:55 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-11 02:02 - 2013-09-22 22:55 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-10-11 02:02 - 2013-09-22 22:54 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-11 02:02 - 2013-09-22 22:54 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-11 02:02 - 2013-09-22 22:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-11 02:02 - 2013-09-22 22:54 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-11 02:02 - 2013-09-22 22:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-11 02:02 - 2013-09-22 22:54 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-11 02:02 - 2013-09-22 22:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-11 02:02 - 2013-09-22 22:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-10-11 02:02 - 2013-09-22 22:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-10-11 02:02 - 2013-09-22 22:54 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-11 02:02 - 2013-09-22 22:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-10-11 02:02 - 2013-09-21 03:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-11 02:02 - 2013-09-21 03:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-10-11 02:02 - 2013-09-21 02:48 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-10-11 02:02 - 2013-09-21 02:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-10-10 02:13 - 2013-09-14 01:10 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-10-10 02:13 - 2013-09-08 02:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-10-10 02:13 - 2013-09-08 02:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-10-10 02:13 - 2013-09-08 02:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2013-10-10 02:13 - 2013-08-29 02:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-10-10 02:13 - 2013-08-29 02:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-10-10 02:13 - 2013-08-29 02:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2013-10-10 02:13 - 2013-08-29 02:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-10-10 02:13 - 2013-08-29 02:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2013-10-10 02:13 - 2013-08-29 01:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-10-10 02:13 - 2013-08-29 01:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-10-10 02:13 - 2013-08-29 01:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-10-10 02:13 - 2013-08-29 01:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2013-10-10 02:13 - 2013-08-29 01:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-10-10 02:13 - 2013-08-29 01:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2013-10-10 02:13 - 2013-08-29 00:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-10-10 02:13 - 2013-08-29 00:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-10-10 02:13 - 2013-08-29 00:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-10-10 02:13 - 2013-08-29 00:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-10-10 02:13 - 2013-08-28 01:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-10 02:13 - 2013-08-28 01:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2013-10-10 02:13 - 2013-08-01 12:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-10 02:13 - 2013-07-20 10:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 02:13 - 2013-07-20 10:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 02:13 - 2013-07-12 10:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-10-10 02:13 - 2013-07-12 10:40 - 00109824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys
2013-10-10 02:13 - 2013-07-04 12:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-10-10 02:13 - 2013-07-04 12:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-10 02:13 - 2013-07-04 12:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-10-10 02:13 - 2013-07-04 11:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2013-10-10 02:13 - 2013-07-04 11:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2013-10-10 02:13 - 2013-07-04 11:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-10-10 02:13 - 2013-07-04 10:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2013-10-10 02:13 - 2013-07-03 04:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-10-10 02:13 - 2013-07-03 04:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-10 02:13 - 2013-06-25 22:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-10 02:13 - 2013-06-06 05:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-10-10 02:13 - 2013-06-06 05:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-10-10 02:13 - 2013-06-06 05:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-10-10 02:13 - 2013-06-06 05:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-10 02:13 - 2013-06-06 04:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2013-10-10 02:13 - 2013-06-06 04:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2013-10-10 02:13 - 2013-06-06 04:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2013-10-10 02:13 - 2013-06-06 03:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-10 02:13 - 2013-06-06 03:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-10-10 02:13 - 2013-06-06 03:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-10-09 10:49 - 2013-10-09 10:49 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-10-09 10:49 - 2013-10-09 10:49 - 00000000 ____D C:\Program Files\iTunes
2013-10-09 10:49 - 2013-10-09 10:49 - 00000000 ____D C:\Program Files\iPod
2013-10-09 10:49 - 2013-10-09 10:49 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-10-09 10:47 - 2013-10-09 10:47 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-10-09 06:43 - 2013-10-09 12:43 - 17750408 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-10-06 18:46 - 2013-10-06 18:58 - 00000000 ____D C:\saves
2013-10-06 06:41 - 2013-10-06 06:48 - 00000000 ____D C:\Users\howells\Documents\Dolphin Emulator
2013-10-06 06:40 - 2013-10-06 06:41 - 00000000 ____D C:\Program Files\Dolphin 4.0
2013-10-06 06:40 - 2013-10-06 06:40 - 00000828 _____ C:\Users\Public\Desktop\Dolphin.lnk
2013-10-05 18:28 - 2013-10-05 18:28 - 00003128 _____ C:\Windows\System32\Tasks\Origin
 
==================== One Month Modified Files and Folders =======
 
2013-11-02 09:59 - 2013-11-02 09:59 - 00000000 ____D C:\FRST
2013-11-02 09:58 - 2013-11-02 09:58 - 01957098 _____ (Farbar) C:\Users\howells\Desktop\FRST64.exe
2013-11-02 09:43 - 2012-08-29 21:31 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-02 09:33 - 2012-08-29 20:58 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1979318551-951890573-3255577319-1000UA.job
2013-11-02 09:15 - 2013-11-02 09:15 - 00018666 _____ C:\Users\howells\Desktop\dds.txt
2013-11-02 09:15 - 2013-11-02 09:15 - 00011590 _____ C:\Users\howells\Desktop\attach.txt
2013-11-02 09:14 - 2013-11-02 09:14 - 00688992 ____R (Swearware) C:\Users\howells\Desktop\dds.scr
2013-11-02 09:12 - 2012-08-29 21:59 - 00000000 ____D C:\Users\howells\AppData\Roaming\Spotify
2013-11-02 03:00 - 2012-08-30 03:15 - 02067899 _____ C:\Windows\WindowsUpdate.log
2013-11-01 22:33 - 2012-08-29 20:58 - 00000864 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1979318551-951890573-3255577319-1000Core.job
2013-11-01 18:34 - 2009-07-14 04:45 - 00020496 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-01 18:34 - 2009-07-14 04:45 - 00020496 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-01 18:33 - 2009-07-14 05:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-01 18:29 - 2013-11-01 18:29 - 00669944 _____ C:\Windows\SysWOW64\scrypt130511Bartsglg2tc4032w64l4.bin
2013-11-01 18:28 - 2012-08-29 21:23 - 00000000 ____D C:\Program Files (x86)\Steam
2013-11-01 18:27 - 2013-10-11 02:23 - 00002968 _____ C:\Windows\System32\Tasks\AsrXTU
2013-11-01 18:27 - 2009-07-14 05:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-01 18:27 - 2009-07-14 04:51 - 00036750 _____ C:\Windows\setupact.log
2013-11-01 06:47 - 2012-09-09 12:30 - 00003030 _____ C:\Windows\System32\Tasks\MSIAfterburner
2013-11-01 06:46 - 2012-09-09 12:26 - 00000000 ____D C:\Program Files (x86)\MSI Afterburner
2013-10-31 22:48 - 2010-11-21 03:47 - 00303726 _____ C:\Windows\PFRO.log
2013-10-31 22:46 - 2013-10-31 22:09 - 00000000 ____D C:\Users\howells\Desktop\mbar
2013-10-31 22:35 - 2013-10-31 22:09 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-10-31 22:33 - 2013-10-31 22:33 - 00022392 _____ C:\ComboFix.txt
2013-10-31 22:33 - 2013-10-31 22:23 - 00000000 ____D C:\Qoobox
2013-10-31 22:33 - 2009-07-14 03:20 - 00000000 __RHD C:\Users\Default
2013-10-31 22:32 - 2013-10-31 22:23 - 00000000 ____D C:\Windows\erdnt
2013-10-31 22:32 - 2009-07-14 02:34 - 00000215 _____ C:\Windows\system.ini
2013-10-31 22:25 - 2013-10-31 22:24 - 04012032 _____ C:\Users\howells\Downloads\RogueKillerX64.exe
2013-10-31 22:24 - 2013-10-31 22:24 - 00767448 _____ (Reimage®) C:\Users\howells\Downloads\ReimageRepair.exe
2013-10-31 22:23 - 2013-10-31 22:23 - 05138108 _____ (Swearware) C:\Users\howells\Downloads\ComboFix (1).exe
2013-10-31 22:23 - 2013-10-31 22:22 - 05138108 ____R (Swearware) C:\Users\howells\Downloads\ComboFix.exe
2013-10-31 22:22 - 2012-08-29 21:59 - 00000000 ____D C:\Users\howells\AppData\Local\Spotify
2013-10-31 22:09 - 2013-10-31 22:09 - 12576792 _____ (Malwarebytes Corp.) C:\Users\howells\Downloads\mbar-1.07.0.1007.exe
2013-10-31 21:58 - 2013-10-12 17:29 - 00000000 ____D C:\ProgramData\AVAST Software
2013-10-31 21:56 - 2013-08-24 13:11 - 00000000 ____D C:\Program Files (x86)\Saints Row IV
2013-10-31 21:13 - 2013-10-31 21:13 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-31 21:13 - 2013-10-31 21:13 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-31 21:12 - 2013-10-31 21:12 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\howells\Downloads\mbam-setup-1.75.0.1300 (1).exe
2013-10-31 21:11 - 2013-10-30 20:00 - 00007621 _____ C:\Users\howells\AppData\Local\Resmon.ResmonCfg
2013-10-31 20:55 - 2013-10-31 20:55 - 00000000 ____D C:\Users\howells\AppData\Roaming\AVAST Software
2013-10-31 20:55 - 2013-10-12 17:30 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2013-10-31 20:53 - 2013-10-31 20:53 - 85269544 _____ (AVAST Software) C:\Users\howells\Downloads\avast_free_antivirus_setup (1).exe
2013-10-31 19:44 - 2013-10-30 20:14 - 00000000 ____D C:\Users\howells\AppData\Roaming\Raptr
2013-10-30 20:37 - 2013-10-30 20:37 - 00000000 ____D C:\Users\howells\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Raptr
2013-10-30 20:37 - 2013-10-30 20:37 - 00000000 ____D C:\Users\howells\AppData\Roaming\library_dir
2013-10-30 20:37 - 2013-10-30 20:14 - 00000000 ____D C:\Program Files (x86)\Raptr
2013-10-30 20:17 - 2013-10-30 20:17 - 00000000 ____D C:\ProgramData\ATI
2013-10-30 20:14 - 2013-10-30 20:14 - 00000000 ____D C:\Program Files (x86)\AMD AVT
2013-10-30 20:14 - 2012-10-26 16:20 - 00000000 ____D C:\ProgramData\AMD
2013-10-30 20:13 - 2013-10-30 20:13 - 00055391 _____ C:\Windows\SysWOW64\CCCInstall_201310302013539233.log
2013-10-30 20:13 - 2012-08-29 20:58 - 00000000 ____D C:\Program Files\ATI Technologies
2013-10-30 20:11 - 2012-08-29 20:57 - 00000000 ____D C:\AMD
2013-10-30 20:10 - 2013-10-30 20:10 - 00001086 _____ C:\Users\howells\Desktop\MSI Afterburner.lnk
2013-10-30 20:09 - 2013-10-30 20:08 - 19204647 _____ C:\Users\howells\Downloads\MSIAfterburnerSetup300Beta16-[Guru3D.com].zip
2013-10-30 20:09 - 2012-11-11 17:21 - 00766336 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-10-30 19:53 - 2013-10-12 18:19 - 00000000 ____D C:\Program Files (x86)\The Wolf Among Us
2013-10-30 09:20 - 2013-10-30 09:20 - 00556404 _____ C:\Windows\SysWOW64\phatk121016Bartsv2w128l4.bin
2013-10-30 09:19 - 2012-09-02 16:51 - 00000000 ____D C:\Users\howells\AppData\Roaming\uTorrent
2013-10-30 09:08 - 2013-10-30 09:08 - 00055445 _____ C:\Windows\SysWOW64\CCCInstall_201310300908129501.log
2013-10-30 09:04 - 2013-09-22 12:08 - 00000000 ____D C:\ProgramData\Package Cache
2013-10-30 09:00 - 2013-10-30 08:58 - 207468968 _____ (Advanced Micro Devices, Inc.) C:\Users\howells\Downloads\13-9_win7_win8_64_dd_ccc_whql.exe
2013-10-29 22:33 - 2013-10-29 22:33 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atimpc64.dll
2013-10-29 22:33 - 2013-10-29 22:33 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdpcom64.dll
2013-10-29 22:33 - 2013-10-29 22:33 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
2013-10-29 22:33 - 2013-10-29 22:33 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
2013-10-29 22:32 - 2013-10-29 22:32 - 08927704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd6a.dll
2013-10-29 22:32 - 2013-10-29 22:32 - 08412168 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll
2013-10-29 22:32 - 2013-10-29 22:32 - 07751408 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd64.dll
2013-10-29 22:32 - 2013-10-29 22:32 - 00126336 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll
2013-10-29 22:32 - 2013-10-29 22:32 - 00115512 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiu9p64.dll
2013-10-29 22:32 - 2013-08-31 00:13 - 08287008 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll
2013-10-29 22:32 - 2013-08-31 00:13 - 06630232 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll
2013-10-29 22:32 - 2013-08-31 00:13 - 01099704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll
2013-10-29 22:32 - 2012-09-28 01:10 - 00098496 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll
2013-10-29 22:32 - 2012-07-28 02:13 - 01318040 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\aticfx64.dll
2013-10-29 22:32 - 2012-07-28 01:51 - 09763576 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atidxx64.dll
2013-10-29 22:32 - 2012-07-28 01:13 - 00143304 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiuxp64.dll
2013-10-29 22:30 - 2013-10-29 22:30 - 13198848 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmdag.sys
2013-10-29 22:16 - 2013-10-29 22:16 - 29363712 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl64.dll
2013-10-29 22:16 - 2013-10-29 22:16 - 00230912 _____ C:\Windows\system32\clinfo.exe
2013-10-29 22:16 - 2013-10-29 22:16 - 00100352 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\OpenVideo64.dll
2013-10-29 22:16 - 2013-10-29 22:16 - 00086528 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\OVDecode64.dll
2013-10-29 22:16 - 2013-10-29 22:16 - 00083968 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OpenVideo.dll
2013-10-29 22:16 - 2013-10-29 22:16 - 00073728 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OVDecode.dll
2013-10-29 22:13 - 2013-08-30 23:45 - 24846848 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll
2013-10-29 22:11 - 2013-10-29 22:11 - 00129536 _____ (AMD) C:\Windows\system32\coinst_13.25.18.dll
2013-10-29 22:11 - 2013-10-29 22:11 - 00063488 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2013-10-29 22:11 - 2013-08-30 23:43 - 00057344 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2013-10-29 21:53 - 2013-10-29 21:53 - 26350592 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atio6axx.dll
2013-10-29 21:50 - 2013-10-29 21:50 - 15716352 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticaldd64.dll
2013-10-29 21:50 - 2013-10-29 21:50 - 00547152 _____ C:\Windows\SysWOW64\atiapfxx.blb
2013-10-29 21:50 - 2013-10-29 21:50 - 00547152 _____ C:\Windows\system32\atiapfxx.blb
2013-10-29 21:50 - 2013-10-29 21:50 - 00368640 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiapfxx.exe
2013-10-29 21:50 - 2013-10-29 21:50 - 00062464 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalrt64.dll
2013-10-29 21:50 - 2013-10-29 21:50 - 00055808 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalcl64.dll
2013-10-29 21:50 - 2013-10-29 21:50 - 00052224 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll
2013-10-29 21:50 - 2013-10-29 21:50 - 00049152 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll
2013-10-29 21:46 - 2013-10-29 21:46 - 14302208 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll
2013-10-29 21:35 - 2013-10-29 21:35 - 22156288 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll
2013-10-29 21:31 - 2013-10-29 21:31 - 00442368 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atidemgy.dll
2013-10-29 21:30 - 2013-10-29 21:30 - 00585216 _____ (AMD) C:\Windows\system32\atieclxx.exe
2013-10-29 21:30 - 2013-10-29 21:30 - 00239616 _____ (AMD) C:\Windows\system32\atiesrxx.exe
2013-10-29 21:30 - 2013-10-29 21:30 - 00031232 _____ (AMD) C:\Windows\system32\atimuixx.dll
2013-10-29 21:28 - 2013-10-29 21:28 - 00190976 _____ (AMD) C:\Windows\system32\atitmm64.dll
2013-10-29 21:17 - 2013-10-29 21:17 - 03399312 _____ C:\Windows\system32\atiumd6a.cap
2013-10-29 21:06 - 2013-10-29 21:06 - 03433360 _____ C:\Windows\SysWOW64\atiumdva.cap
2013-10-29 21:00 - 2013-10-29 21:00 - 01145344 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiadlxx.dll
2013-10-29 21:00 - 2013-10-29 21:00 - 00100352 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6txx.dll
2013-10-29 21:00 - 2013-10-29 21:00 - 00074752 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6pxx.dll
2013-10-29 21:00 - 2013-10-29 21:00 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll
2013-10-29 21:00 - 2013-10-29 21:00 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiglpxx.dll
2013-10-29 21:00 - 2012-07-28 01:15 - 00825856 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
2013-10-29 20:59 - 2013-10-29 20:59 - 00624128 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmpag.sys
2013-10-29 20:59 - 2013-08-30 22:32 - 00096768 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
2013-10-29 20:56 - 2013-10-29 20:56 - 00043520 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\ati2erec.dll
2013-10-29 18:27 - 2013-10-29 18:27 - 00051200 _____ C:\Windows\system32\kdbsdk64.dll
2013-10-29 18:22 - 2013-10-29 18:22 - 00038912 _____ C:\Windows\SysWOW64\kdbsdk32.dll
2013-10-27 19:33 - 2012-09-02 17:07 - 00000000 ____D C:\Users\howells\AppData\Roaming\vlc
2013-10-24 16:45 - 2013-10-24 16:45 - 164005295 _____ C:\Users\howells\Downloads\normalppl.zip
2013-10-23 17:13 - 2013-10-23 17:12 - 00415052 _____ C:\Users\howells\Downloads\UFC.166.PPV.720p.HDTV.x264-KYR.torrent
2013-10-23 17:12 - 2013-10-23 17:12 - 00129530 _____ C:\Users\howells\Downloads\UFC.166.PROPER.720p.HDTV.x264-KNOCKOUT.torrent
2013-10-16 19:04 - 2012-09-01 14:34 - 00000000 ____D C:\Users\howells\Documents\Telltale Games
2013-10-12 17:45 - 2012-09-02 17:10 - 00000000 ____D C:\Users\howells\AppData\Local\Adobe
2013-10-12 17:45 - 2012-08-29 21:31 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-12 17:45 - 2012-08-29 21:31 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-12 17:45 - 2012-08-29 21:31 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-10-12 17:43 - 2013-10-12 17:43 - 18080872 _____ (Adobe Systems Inc.) C:\Users\howells\Downloads\AdobeAIRInstaller.exe
2013-10-12 17:37 - 2013-10-12 17:37 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-10-12 17:37 - 2013-10-12 17:37 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-10-12 17:37 - 2013-10-12 17:37 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-10-12 17:37 - 2013-10-12 17:37 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-10-12 17:37 - 2013-10-12 17:37 - 00001066 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-10-12 17:37 - 2012-09-10 20:37 - 01095080 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll
2013-10-12 17:37 - 2012-09-10 20:37 - 00973736 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2013-10-12 17:36 - 2013-10-12 17:36 - 00000000 ____D C:\Program Files\Java
2013-10-12 17:33 - 2013-10-12 17:33 - 30669224 _____ (Oracle Corporation) C:\Users\howells\Downloads\jre-7u40-windows-x64.exe
2013-10-12 17:33 - 2013-10-12 17:33 - 24278649 _____ C:\Users\howells\Downloads\vlc-2.1.0-win32.exe
2013-10-12 17:30 - 2013-10-12 17:30 - 00000000 ____D C:\Users\howells\AppData\Roaming\Malwarebytes
2013-10-12 17:30 - 2013-10-12 17:30 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-12 17:30 - 2013-10-12 17:30 - 00000000 _____ C:\Windows\SysWOW64\config.nt
2013-10-12 17:29 - 2013-10-12 17:28 - 131918888 _____ C:\Users\howells\Downloads\avast_free_antivirus_setup.exe
2013-10-12 17:29 - 2013-10-12 17:28 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\howells\Downloads\mbam-setup-1.75.0.1300.exe
2013-10-11 21:28 - 2012-08-29 20:58 - 00003890 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1979318551-951890573-3255577319-1000UA
2013-10-11 21:28 - 2012-08-29 20:58 - 00003494 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1979318551-951890573-3255577319-1000Core
2013-10-11 02:59 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\rescache
2013-10-11 02:22 - 2009-07-14 04:45 - 00270920 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-11 02:21 - 2013-03-14 03:00 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-11 02:21 - 2013-03-14 03:00 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-10-11 02:01 - 2013-08-01 02:03 - 00000000 ____D C:\Windows\system32\MRT
2013-10-11 02:00 - 2012-08-29 22:10 - 80541720 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-10-09 12:43 - 2013-10-09 06:43 - 17750408 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-10-09 10:49 - 2013-10-09 10:49 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-10-09 10:49 - 2013-10-09 10:49 - 00000000 ____D C:\Program Files\iTunes
2013-10-09 10:49 - 2013-10-09 10:49 - 00000000 ____D C:\Program Files\iPod
2013-10-09 10:49 - 2013-10-09 10:49 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-10-09 10:47 - 2013-10-09 10:47 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-10-06 18:58 - 2013-10-06 18:46 - 00000000 ____D C:\saves
2013-10-06 18:45 - 2012-09-25 19:23 - 00000000 ____D C:\Users\howells\Documents\My Games
2013-10-06 06:48 - 2013-10-06 06:41 - 00000000 ____D C:\Users\howells\Documents\Dolphin Emulator
2013-10-06 06:41 - 2013-10-06 06:40 - 00000000 ____D C:\Program Files\Dolphin 4.0
2013-10-06 06:41 - 2012-09-01 10:39 - 00567884 _____ C:\Windows\DirectX.log
2013-10-06 06:40 - 2013-10-06 06:40 - 00000828 _____ C:\Users\Public\Desktop\Dolphin.lnk
2013-10-05 18:28 - 2013-10-05 18:28 - 00003128 _____ C:\Windows\System32\Tasks\Origin
2013-10-05 18:28 - 2012-09-01 11:53 - 00000000 ___HD C:\Users\howells\AppData\Roaming\Origin
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-10-31 00:44
 
==================== End Of Log ============================
 
 
 

Addition.txt

Link to post
Share on other sites

I do not see an active AV program on your system, there are remnants to Avast, is this correct, do you have an Anti-Virus program installed?

 

Next,

 

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Next,

 

Download AdwCleaner by Xplode from here: http://www.bleepingcomputer.com/download/adwcleaner/ and save to your Desktop.

 

  • Double click on AdwCleaner.exe to run the tool.
  • Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Uncheck any elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review.
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted (if necessary):
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

 

Next,

 

Open Malwarebytes, check for updates then run Quick scan. Full instructions follow if  Malwarebytes is not installed:

 

Download Malwarebytes from the following link and save it to your desktop.:

 

 

http://www.malwarebytes.org/mbam.php 

 

Double Click mbam-setup.exe to install the application.


Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
Please save the log to a location you will remember.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

 

Next,

 

Download Security Check by screen317 from either of the following:

http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe

Save it to your Desktop.

Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

Post those logs...

 

fixlist.txt

Link to post
Share on other sites

We need to run an online AV scan to ensure there are no remnants of any infection left on your system, this scan can take several hours to complete, it is very thorough and well worth running, please be patient and let it complete:

 

Run Eset Online Scanner

 

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

 

Go to Eset web page http://www.eset.com/us/online-scanner/ to run an online scan from ESET.

 

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    Click Start
  • When asked, allow the add/on to be installed
    Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
  • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
    Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

 

When the scan is complete

 

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

 

If threats were found

 

  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish

 

close program

 

copy and paste the report here

 

Next,

 

Download Farbar Service Scanner from here: http://www.bleepingcomputer.com/download/farbar-service-scanner/dl/62/ and run it on the computer with the issue.

Make sure the following options are checked:

 


Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update
Windows Defender

 


Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

 

Let me see those two logs.

 

My own security set up is :-

 

Windows own Firewall, Microsoft Security Essentials and Malwarebytes Pro. Windows FW and MSE are free, MB does also have a free version, however I prefer the pro version as it provides auto updates and realtime protection. Cost is about £20 for a lifetime license.

 

As an extra layer I also use WinPatrol, the free version is adeqaute for general home use. Available here: http://www.winpatrol.com/download.html

 

For my browser I use Firefox with these addons: Web of Trust, Adblock Plus, Flash Block, NoScipt, Ghostery. When Firefox is open select these keys together :- Ctrl - Shift - A that will access Addons manger, this gives access to find addons, use, start, stop or disable those features etc....

Before using NoScript read from this link http://noscript.net/ makes it easy to understand....

 

Understanding Windows 7 Firewall - http://windows.microsoft.com/en-GB/windows7/Understanding-Windows-Firewall-settings

 

Understanding Microsoft Security Essentials - http://www.microsoft.com/en-gb/security/pc-security/mse.aspx

 

Understanding Malwarebytes, how to create an exclusion in MSE - http://forums.malwarebytes.org/index.php?showtopic=10138&st=0&p=162100entry162100

 

Understanding WinPatrol - http://www.winpatrol.com/features.html

 

I also use the Professional version of Sandboxie, I believe there is also free version available. Visit this link http://www.sandboxie.com/ for access to d/l, also make sure to use the "Help and FAQ" option to understand its uses, specifically how to run your browser sandboxed!.

Link to post
Share on other sites

What is the status of your system now, any remaining issues or concerns?

 

Couple of updates required:-

 

Adobe Reader is outdated...

Visit http://get.adobe.com/uk/reader/otherversions/ and download the latest version of Acrobat Reader

 

Step 1 - Select your Operating System.

Step 2 - Select your Langauge.

Step 3 - Select latest version.

 

Untick the option for any security scanner or toolbar if offered.

 

Download and install.

 

Having the latest updates ensures there are no security vulnerabilities in your system.

 

Next,

 

Your Java javaicon.gif is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please follow these steps to remove older version of Java components and upgrade the application.

 

Upgrading Java:

 

Go to http://java.com/en/ and click on "Do I have Java"

It will check your current version and then offer to update to the latest version

Watch for and make sure you untick the box next to whatever free program they prompt you to install during the installation, unless you want it.

 

***Note: Check in Programs and Features (or Add/Remove Programs if you are an XP user) to make certain there are no old versions of Java still installed, if so - remove them.

 

Let me know if updates complete...

Link to post
Share on other sites

We need to remove FRST, first it is very important to deal with its Quarantine folder using FRST itself..

OK, we continue:

Delete any fixlist.txt file previously used, continue:

 

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt). That will confirm the removal action, delete if successful. 

Next,

 

Delete FRST.exe from your Desktop or the folder it was saved to, navigate to and delete its folder C:\FRST

 

Next,

 

Uninstall adwcleaner.exe

 


  •  

     


  •   Please close all open programs and internet browsers.

     

     


  •   Double click on adwcleaner.exe to run the tool.

     

     


  •   Click on Uninstall

     

     


  • Click Yes at Would you like to Uninstall Adwcleaner

     

     



 

 

Next,

 

Remove ESET online scanner  (Only If installed):

 

 


  •  

     


  • Click Start, type Uninstall a Program into the Search programs and files box, and then press ENTER.

     

     


  • Click to select ESET Online Scanner from the listing of installed products, and then click Uninstall/Change from the bar that displays the available tasks. Uninstall ESETonline Scanner, only re-boot if prompted.

     

     



 

 

Next,

 

 


  •  

     


  • Download OTC by OldTimer from here http://oldtimer.geekstogo.com/OTC.exe or here http://www.itxassociates.com/OT-Tools/OTC.exe and save to your Desktop.

     

     


  • Double click OTC_Icon.jpg icon to start the program.

     

    If you are using Vista or Windows 7 accept UAC

     


  • Then Click the big CleanUp.jpg button.

     

     


  • You will get a prompt saying "Begining Cleanup Process". Please select Yes.

     

     


  • Restart your computer when prompted.

     

     


  • This will remove tools we have used and itself.

     

     



 

 

Any tools/logs remaining on the Desktop or downloads folder can be deleted.

 

Next,

 

Create a new restore point:

 

   1. Right-click on Computer and go to Properties.

   2. Next click on the System Protection link.

   3. The System Properties dialog screen opens up and you will want to click on Create.

   4. Type in a description for the restore point which will help you remember the point at which it was created. Click on create.

   5. You should see the message "The restore point was created successfully

 

To remove all but the most recent restore point do the following:

 

   1.      Open Disk Cleanup by clicking the Start button 4f6cbd09-148c-4dd8-b1f2-48f232a2fd33.jpg. In the search box, type Disk Cleanup, and then, in the list of results, click Disk Cleanup.

   2.      If prompted, select the drive that you want to clean up, and then click OK.

   3.      In the Disk Cleanup for (usually C:\) dialog box, click Clean up system files. Administrator permission required If you're prompted for an administrator password or confirmation, type the password or provide confirmation.

   4.      If prompted, select the drive that you want to clean up, and then click OK.

   5.      Click the More Options tab, under System Restore and Shadow Copies, click Clean up.

   6.      In the Disk Cleanup dialog box, click Delete.

   7.      Click Delete Files, and then click OK. Re-Boot your PC.

 

Let me know if those steps complete OK,

 

Kevin...

fixlist.txt

Link to post
Share on other sites

Good to hear that all is well with this system. I tell you what my own security set up is, maybe useful :-

 

Windows own Firewall, Microsoft Security Essentials and Malwarebytes Pro. Windows FW and MSE are free, MB does also have a free version, however I prefer the pro version as it provides auto updates and realtime protection. Cost is about £20 for a lifetime license.

 

As an extra layer I also use WinPatrol, the free version is adeqaute for general home use. Available here: http://www.winpatrol.com/download.html

 

For my browser I use Firefox with these addons: Web of Trust, Adblock Plus, Flash Block, NoScipt, Ghostery. When Firefox is open select these keys together :- Ctrl - Shift - A that will access Addons manger, this gives access to find addons, use, start, stop or disable those features etc....

Before using NoScript read from this link http://noscript.net/ makes it easy to understand....

 

Understanding Windows 7 Firewall - http://windows.microsoft.com/en-GB/windows7/Understanding-Windows-Firewall-settings

 

Understanding Microsoft Security Essentials - http://www.microsoft.com/en-gb/security/pc-security/mse.aspx

 

Understanding Malwarebytes, how to create an exclusion in MSE - http://forums.malwarebytes.org/index.php?showtopic=10138&st=0&p=162100entry162100

 

Understanding WinPatrol - http://www.winpatrol.com/features.html

 

I also use the Professional version of Sandboxie, I believe there is also free version available. Visit this link http://www.sandboxie.com/ for access to d/l, also make sure to use the "Help and FAQ" option to understand its uses, specifically how to run your browser sandboxed!.

 

Kevin

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.