C:\ProgramData\Microsoft\Windows\Time\Time-svc.exe rootkit?

[devolve]

Hello all.

 

Avast! detects C:\ProgramData\Microsoft\Windows\Time\Time-svc.exe as "Threat: MSIL:Dropper-AAJ [Drp]" and claims to 

successfully "fix" the problem, but it is still there upon rebooting.  Malwarebytes doesn't detect the file as a problem (i.e., right-click on the file, choose "Scan with Malwarebytes".)  I don't know if this is a false positive on the part of Avast!, or if this is due to shenanigans. I was hoping I could get some help.

 

Here are DDS.txt and Attach.txt:

 

DDS.txt

 

aDDS (Ver_2012-11-20.01) - NTFS_AMD64 

Internet Explorer: 9.0.8112.16476

Run by cory at 11:41:44 on 2013-11-17

Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.7991.5138 [GMT -6:00]

.

AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

.

============== Running Processes ===============

.

C:\windows\system32\lsm.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k LocalService

C:\windows\system32\svchost.exe -k NetworkService

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\windows\system32\WLANExt.exe

C:\windows\system32\Dwm.exe

C:\windows\Explorer.EXE

C:\windows\System32\spoolsv.exe

C:\windows\system32\taskhost.exe

C:\windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler64.exe

C:\Program Files\OO Software\Defrag\oodag.exe

C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe

C:\windows\system32\svchost.exe -k imgsvc

C:\windows\System32\svchost.exe -k secsvcs

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Elantech\ETDCtrl.exe

C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\windows\System32\WUDFHost.exe

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Conexant\SAII\SmartAudio.exe

C:\Program Files\OO Software\Defrag\oodtray.exe

C:\Program Files (x86)\Unified Remote\RemoteServer.exe

C:\Users\cory\AppData\Local\FluxSoftware\Flux\flux.exe

C:\Program Files (x86)\AltDrag\AltDrag.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Elantech\ETDCtrlHelper.exe

C:\Program Files (x86)\USB Camera\VM331_STI.EXE

C:\Program Files (x86)\Lenovo\Energy Management\utility.exe

C:\windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe

C:\Program Files (x86)\Everything\Everything.exe

C:\Users\cory\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files\AVAST Software\Avast\avastui.exe

C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\cory\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\windows\System32\svchost.exe -k swprv

C:\windows\system32\msiexec.exe

C:\windows\system32\SearchIndexer.exe

C:\windows\servicing\TrustedInstaller.exe

C:\windows\system32\taskeng.exe

C:\windows\explorer.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

mWinlogon: Userinit = userinit.exe

BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

uRun: [Google Update] "C:\Users\cory\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [smartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /c

uRun: [unified Remote v2] C:\Program Files (x86)\Unified Remote\RemoteServer.exe

uRun: [F.lux] "C:\Users\cory\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow

uRun: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

uRun: [AltDrag] "C:\Program Files (x86)\AltDrag\AltDrag.exe"

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

mRun: [331BigDog] C:\Program Files (x86)\USB Camera\VM331_STI.EXE

mRun: [uCam_Menu] "C:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0"

mRun: [YouCam Mirror Tray icon] "C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe" /s

mRun: [updateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe

mRun: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe

mRun: [KeePass 2 PreLoad] "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload

mRun: [Everything] "C:\Program Files (x86)\Everything\Everything.exe" -startup

mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

mRun: [QuickTime Plugin Install] C:\Program Files (x86)\QuickTime\Plugins\DeleteMe1.exe

mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui

dRunOnce: [WLStart] "C:\Program Files (x86)\Windows Live\Installer\wlstart.exe" /nosearch /nohomepage

StartupFolder: C:\Users\cory\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\cory\AppData\Roaming\Dropbox\bin\Dropbox.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\O&ODEF~1.LNK - C:\windows\Installer\{CC733BA2-5191-4378-A9E0-18C5827F6B2B}\DefragIcon.exe

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

TCP: NameServer = 192.168.10.254

TCP: Interfaces\{2EBDA2E1-BA08-4F44-8168-CCA103D1E016} : DHCPNameServer = 192.168.10.254

TCP: Interfaces\{73140496-E392-4F32-B95A-09604279C576} : DHCPNameServer = 192.168.10.254

TCP: Interfaces\{73140496-E392-4F32-B95A-09604279C576}\0484F6D65654438314 : DHCPNameServer = 192.168.1.254 0.0.0.0 0.0.0.0

TCP: Interfaces\{73140496-E392-4F32-B95A-09604279C576}\35B697E65647029494 : DHCPNameServer = 192.168.43.1

TCP: Interfaces\{73140496-E392-4F32-B95A-09604279C576}\374756078656E6D27657563747 : DHCPNameServer = 192.168.7.254

TCP: Interfaces\{73140496-E392-4F32-B95A-09604279C576}\37B697E65647 : DHCPNameServer = 192.168.10.254

TCP: Interfaces\{73140496-E392-4F32-B95A-09604279C576}\57E696D6164727968703 : DHCPNameServer = 10.0.0.254

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-BHO: ExplorerWnd Helper: {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll

x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - 

x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

x64-Run: [igfxTray] C:\windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\windows\System32\igfxpers.exe

x64-Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe

x64-Run: [ETDWare] C:\Program Files (x86)\Elantech\ETDCtrl.exe

x64-Run: [smartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t

x64-Run: [OODefragTray] C:\Program Files\OO Software\Defrag\oodtray.exe

x64-Run: [iAStorIcon] "C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-Notify: igfxcui - igfxdev.dll

x64-SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\cory\AppData\Roaming\Mozilla\Firefox\Profiles\upxm0s05.default\

FF - prefs.js: network.proxy.type - 0

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\cory\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll

FF - plugin: C:\Users\cory\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

FF - plugin: C:\Users\cory\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: C:\Users\cory\AppData\Roaming\Mozilla\plugins\npo1d.dll

FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll

FF - plugin: C:\windows\SysWOW64\npDeployJava1.dll

FF - plugin: C:\windows\SysWOW64\npmproxy.dll

.

============= SERVICES / DRIVERS ===============

.

R0 aswRvrt;avast! Revert;C:\windows\System32\drivers\aswRvrt.sys [2013-3-5 65776]

R0 aswVmm;avast! VM Monitor;C:\windows\System32\drivers\aswVmm.sys [2013-3-5 205320]

R0 iaStorA;iaStorA;C:\windows\System32\drivers\iaStorA.sys [2013-3-22 678384]

R0 iaStorF;iaStorF;C:\windows\System32\drivers\iaStorF.sys [2013-3-22 28656]

R1 aswSnx;aswSnx;C:\windows\System32\drivers\aswSnx.sys [2011-7-31 1032416]

R1 aswSP;aswSP;C:\windows\System32\drivers\aswsp.sys [2011-7-31 409832]

R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]

R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]

R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-8-11 140672]

R2 aswFsBlk;aswFsBlk;C:\windows\System32\drivers\aswFsBlk.sys [2011-7-31 38984]

R2 aswMonFlt;aswMonFlt;C:\windows\System32\drivers\aswMonFlt.sys [2011-7-31 84328]

R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-10-23 50344]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-3-22 15344]

R2 LiveUpdateSvc;LiveUpdate;C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2013-11-16 2151744]

R2 OODefragAgent;O&O Defrag;C:\Program Files\OO Software\Defrag\oodag.exe [2013-3-26 2570544]

R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-9-26 2320920]

R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\windows\System32\drivers\AcpiVpc.sys [2010-9-26 28176]

R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\windows\System32\drivers\ssudbus.sys [2013-6-4 103448]

R3 ETD;ELAN PS/2 Port Input Device;C:\windows\System32\drivers\ETD.sys [2010-9-26 167816]

R3 HECIx64;Intel® Management Engine Interface;C:\windows\System32\drivers\HECIx64.sys [2010-9-26 56344]

R3 Impcd;Impcd;C:\windows\System32\drivers\Impcd.sys [2010-9-26 158976]

R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2010-9-26 271872]

R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]

R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\windows\System32\drivers\ssudmdm.sys [2013-6-4 203672]

R3 vm331avs;Digital Camera 1;C:\windows\System32\drivers\vm331avs.sys [2011-11-20 207232]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 FsUsbExDisk;FsUsbExDisk;C:\Windows\SysWOW64\FsUsbExDisk.Sys [2013-2-15 37344]

S3 HTCAND64;HTC Device Driver;C:\windows\System32\drivers\ANDROIDUSB.sys [2009-11-1 33736]

S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\windows\System32\drivers\k57nd60a.sys [2009-6-10 270848]

S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2011-11-17 232992]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2011-7-31 1255736]

S3 wsvd;wsvd;C:\windows\System32\drivers\wsvd.sys [2009-7-21 121840]

S4 Time;Time;C:\ProgramData\Microsoft\Windows\Time\Time-svc.exe [2013-6-30 10752]

.

=============== Created Last 30 ================

.

2013-11-17 17:08:05 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B3D12781-385E-4258-A4AB-433150D05D05}\offreg.dll

2013-11-16 15:32:18 -------- d-----w- C:\Users\cory\AppData\Roaming\IObit

2013-11-16 15:32:11 -------- d-----w- C:\ProgramData\IObit

2013-11-16 15:32:07 -------- d-----w- C:\ProgramData\ProductData

2013-11-16 15:32:03 -------- d-----w- C:\Program Files (x86)\IObit

2013-11-15 11:34:02 10280728 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B3D12781-385E-4258-A4AB-433150D05D05}\mpengine.dll

2013-11-15 03:53:23 -------- d-----w- C:\Program Files (x86)\Unified Remote

2013-10-26 15:02:08 -------- d-----w- C:\Users\cory\AppData\Roaming\AVAST Software

.

==================== Find3M  ====================

.

2013-10-24 03:21:55 84328 ----a-w- C:\windows\System32\drivers\aswMonFlt.sys

2013-10-24 03:21:55 65776 ----a-w- C:\windows\System32\drivers\aswRvrt.sys

2013-10-24 03:21:55 205320 ----a-w- C:\windows\System32\drivers\aswVmm.sys

2013-10-24 03:21:55 1032416 ----a-w- C:\windows\System32\drivers\aswSnx.sys

2013-10-24 03:21:54 92544 ----a-w- C:\windows\System32\drivers\aswRdr2.sys

2013-10-24 03:21:54 43152 ----a-w- C:\windows\avastSS.scr

2013-10-09 05:37:14 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-10-09 05:37:14 692616 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe

2013-10-09 05:37:06 17813896 ----a-w- C:\windows\SysWow64\FlashPlayerInstaller.exe

2013-09-03 19:35:10 278800 ------w- C:\windows\System32\MpSigStub.exe

.

============= FINISH: 11:42:08.62 ===============

 

 

Attach.txt

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium 

Boot Device: \Device\HarddiskVolume1

Install Date: 7/31/2011 5:19:51 AM

System Uptime: 11/17/2013 10:40:02 AM (1 hours ago)

.

Motherboard: LENOVO |  | Base Board Product Name

Processor: Intel® Pentium® CPU        P6100  @ 2.00GHz | CPU | 1999/1066mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 254 GiB total, 91.566 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP383: 11/7/2013 12:00:01 AM - Scheduled Checkpoint

RP384: 11/12/2013 5:34:02 AM - Windows Update

RP385: 11/14/2013 9:52:06 PM - Installed Unified Remote

RP386: 11/16/2013 9:33:05 AM - Removed Bonjour

RP387: 11/16/2013 9:33:06 AM - Windows Update

RP388: 11/17/2013 11:35:25 AM - Windows Update

.

==== Installed Programs ======================

.

 Update for Microsoft Office 2007 (KB2508958)

µTorrent

7-Zip 9.20 (x64 edition)

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.8)

AltDrag

Amazon Kindle

Audacity 1.3.13 (Unicode)

avast! Free Antivirus

Be Richest!

Big Fish Games: Game Manager

Broadcom 802.11 Wireless Driver

Broadcom 802.11 Wireless LAN Adapter

calibre

Chanalyzer 4

Cheat Engine 6.2

Cheat Engine 6.3

Cisco EAP-FAST Module

Cisco LEAP Module

Cisco PEAP Module

Comical 0.8

Conexant HD Audio

CyberLink YouCam

D3DX10

Dropbox

Energy Management

ETDWare PS/2-x64 7.0.4.18_WHQL

Everything 1.2.1.371

f.lux

FastStone Image Viewer 4.6

FFmpeg v0.6.2 for Audacity

foobar2000 v1.1.10

Game Dev Tycoon v1.3.2 © Greenheart Games version 1

Geany 0.21

GnuWin32: Wget-1.11.4-1

Google Chrome

Google Earth

Google Talk Plugin

Google Update Helper

Gridlines 1.11.3

HandBrake 0.9.8

Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)

Hoyle Card Games 2012

InfraRecorder 0.52 (x64 edition)

inSSIDer

Intel® Control Center

Intel® Graphics Media Accelerator Driver

Intel® Management Engine Components

Intel® Rapid Storage Technology

IObit Uninstaller

K-Lite Codec Pack 8.4.0 (Basic)

KeePass Password Safe 2.22

LADSPA_plugins-win-0.4.15

LAME v3.98.3 for Audacity

Leisure Suit Larry Reloaded

Lenovo DirectShare

Lenovo EasyCamera

Lenovo OneKey Recovery

Malwarebytes Anti-Malware version 1.75.0.1300

Media Player Classic - Home Cinema v1.5.2.3456 x64

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Application Error Reporting

Microsoft DirectX SDK (June 2010)

Microsoft Image Composite Editor

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office Office 64-bit Components 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared 64-bit MUI (English) 2007

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

Movie Maker

Mozilla Firefox 25.0 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

MSVCRT110

MSVCRT110_amd64

MSXML 4.0 SP3 Parser

MSXML 4.0 SP3 Parser (KB2721691)

MSXML 4.0 SP3 Parser (KB2758694)

MSXML 4.0 SP3 Parser (KB973685)

My Life Story - Adventures

Newsbin Pro

Notepad++

O&O Defrag Professional

Photo Common

Photo Gallery

Power2Go

PuTTY version 0.61

Python 2.7.2 (64-bit)

Python 3.2 (64-bit)

QuickPar 0.9

Realtek Ethernet Controller Driver For Windows Vista and Later

Realtek USB 2.0 Card Reader

SAMSUNG USB Driver for Mobile Phones

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft .NET Framework 4 Extended (KB2736428)

Security Update for Microsoft .NET Framework 4 Extended (KB2742595)

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2827329) 32-Bit Edition 

Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition 

Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition 

Security Update for Microsoft Office Outlook 2007 (KB2825644) 32-Bit Edition 

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition 

Security Update for Microsoft Office Word 2007 (KB2827330) 32-Bit Edition 

SolSuite 2012 v12.5

Speccy

Spelling Dictionaries Support For Adobe Reader 9

Steam

SUPERAntiSpyware

TeraCopy 2.27

The Game of Life

Unified Remote

Unlocker 1.9.1-x64

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Infopath 2007 Help (KB963662)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2825642) 32-Bit Edition

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

VLC media player 2.1.0

Winamp

Winamp Detector Plug-in

WinDirStat 1.1.2

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Photo Common

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

WinRAR 5.00 beta 8 (64-bit)

World Mosaics 6

World Mosaics 7 version 1.0

World Riddles: Secrets Of The Ages 1.0

Zafehouse: Diaries version 1.1.2

.

==== Event Viewer Messages From Past Week ========

.

11/17/2013 4:25:31 AM, Error: Service Control Manager [7022]  - The Time service hung on starting.

11/16/2013 9:34:13 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070652: Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2825642).

.

==== End Of File ===========================

 

 

 

[MrCharlie]

Welcome to the forum.

Please download and run RogueKiller 32 Bit to your desktop.

RogueKiller 64 Bit <---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes and use the default font)

General P2P/Piracy Warning:

1. If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

2. If you have illegal/cracked software, cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

MrC

Note:

Please read all of my instructions completely including these.

Make sure system restore is turned on and running

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

[devolve]

RogueKiller V8.7.8 _x64_ [Nov 14 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.adlice.com/forum/

Website : http://www.adlice.com/softwares/roguekiller/

Blog : http://tigzyrk.blogspot.com/

 

Operating System : Windows 7 (6.1.7600 ) 64 bits version

Started in : Normal mode

User : cory [Admin rights]

Mode : Scan -- Date : 11/17/2013 11:22:24

| ARK || FAK || MBR |

 

¤¤¤ Bad processes : 0 ¤¤¤

 

¤¤¤ Registry Entries : 4 ¤¤¤

[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND

[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND

[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

 

¤¤¤ Scheduled tasks : 0 ¤¤¤

 

¤¤¤ Startup Entries : 0 ¤¤¤

 

¤¤¤ Web browsers : 0 ¤¤¤

 

¤¤¤ Particular Files / Folders: ¤¤¤

 

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

 

¤¤¤ External Hives: ¤¤¤

 

¤¤¤ Infection :  ¤¤¤

 

¤¤¤ HOSTS File: ¤¤¤

--> %SystemRoot%\System32\drivers\etc\hosts

 

 

 

 

¤¤¤ MBR Check: ¤¤¤

 

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ATA ST9320325AS SCSI Disk Device +++++

--- User ---

[MBR] 9eb6ea6d47faf29784ce77bf3a1f50b9

[bSP] 2c859de12c1530e7217b45e822ce0d8b : Linux MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 200 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 411648 | Size: 260243 Mo

2 - [XXXXXX] LINUX (0x83) [VISIBLE] Offset (sectors): 533389312 | Size: 40052 Mo

3 - [XXXXXX] EXTEN (0x05) [VISIBLE] Offset (sectors): 615417202 | Size: 4748 Mo

User = LL1 ... OK!

User = LL2 ... OK!

 

Finished : << RKreport[0]_S_11172013_112224.txt >>

[MrCharlie]

TimeServer.exe = Bitcoin Miner infection!

--------------------------

Please download Farbar Recovery Scan Tool and save it to a folder. (use correct version for your system.....Which system am I using?)

Please make sure you click download buttons that look like this, not "sponsored ad links":

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

MrC

[MrCharlie]

How are we doing??

Do you still need help or can I close this post??

MrC

[Maurice Naggar]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!