jasonf Posted January 15, 2014 ID:778182 Share Posted January 15, 2014 Hi guys, I have a Bitcoin miner/trojan running in the background, burning my GPU activity (99% on idle). Could you please help me clear it up? I am attaching some scans (although some of the trojan have already been deleted using mbar), I restarted today and it began to mine again. I'm posting logs now. Btw, running Win 7 Ultimate with ATI Radeon 6800 series. Link to post Share on other sites More sharing options...
jasonf Posted January 15, 2014 Author ID:778185 Share Posted January 15, 2014 Now posting dds logs. Link to post Share on other sites More sharing options...
jasonf Posted January 15, 2014 Author ID:778188 Share Posted January 15, 2014 DDS logsattach.txtdds.txt Link to post Share on other sites More sharing options...
jasonf Posted January 15, 2014 Author ID:778192 Share Posted January 15, 2014 Roguekiller screen and report RKreport0_S_01152014_152557.txt Link to post Share on other sites More sharing options...
jasonf Posted January 15, 2014 Author ID:778194 Share Posted January 15, 2014 GMER no results (empty ark.txt file). Mbar logs attached.mbar-logs.zip Link to post Share on other sites More sharing options...
jasonf Posted January 15, 2014 Author ID:778199 Share Posted January 15, 2014 After RogueKiller delete operation: RogueKiller V8.8.1 _x64_ [Jan 14 2014] by Tigzymail : tigzyRK<at>gmail<dot>comFeedback : http://www.adlice.com/forum/Website : http://www.adlice.com/softwares/roguekiller/Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Normal modeUser : Jason [Admin rights]Mode : Remove -- Date : 01/15/2014 15:42:47| ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 3 ¤¤¤[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> [0x2] The system cannot find the file specified. ¤¤¤ Scheduled tasks : 1 ¤¤¤[V2][sUSP PATH] Origin : C:\Users\Jason\AppData\Roaming\Origin\update.vbe [-] -> DELETED ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Browser Addons : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤--> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD10EZRX-00A8LB0 ATA Device +++++--- User ---[MBR] c72e3fe6d7ed38fbee74fc6055665c4b[bSP] 409d3ea5946981017331cb4200bfb027 : Windows 7/8 MBR CodePartition table:0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 500867 Mo1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1025777664 | Size: 452999 MoUser = LL1 ... OK!User = LL2 ... OK! +++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ IDE) WDC WD10EZRX-00A8LB0 ATA Device +++++--- User ---[MBR] d18b38a8f19b5b8e63376a52bf85d5af[bSP] 1d04af7b26867c61956f9b09c87e4140 : Windows 7/8 MBR CodePartition table:0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 453867 Mo1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 929521664 | Size: 499999 MoUser = LL1 ... OK!User = LL2 ... OK! +++++ PhysicalDrive2: (\\.\PHYSICALDRIVE2 @ IDE) Maxtor 7V250F0 ATA Device +++++--- User ---[MBR] 5f1abdea5e8c6c4e6dff4ef3ed9c10ff[bSP] eb14e1d12f55cca6ea03d50dd1ed6e80 : Legit.A MBR CodePartition table:0 - [ACTIVE] LINUX (0x83) [VISIBLE] Offset (sectors): 2048 | Size: 229645 Mo1 - [XXXXXX] EXTEN (0x05) [VISIBLE] Offset (sectors): 470317054 | Size: 9724 MoUser = LL1 ... OK!User = LL2 ... OK! +++++ PhysicalDrive3: (\\.\PHYSICALDRIVE3 @ IDE) OCZ-VERTEX3 ATA Device +++++--- User ---[MBR] 136cf68e3b0c40102dea72e228213546[bSP] a2f99b195d3ff87b98eb015e7a6f7419 : Windows 7/8 MBR CodePartition table:0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 114371 MoUser = LL1 ... OK!User = LL2 ... OK! Finished : << RKreport[0]_D_01152014_154247.txt >>RKreport[0]_S_01152014_152557.txt;RKreport[0]_S_01152014_154229.txt Link to post Share on other sites More sharing options...
jasonf Posted January 15, 2014 Author ID:778203 Share Posted January 15, 2014 Combofix log: ComboFix 14-01-14.02 - Jason 15/01/2014 15:46:31.2.8 - x64Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.16295.14049 [GMT 0:00]Running from: c:\users\Jason\Desktop\ComboFix.exeSP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\users\Jason\AppData\Local\Temp\{711427C7-89B1-4438-A729-702C8F3ACCC1}\{143D6785-C36F-4D01-AF9E-86F5E5FDF7F3}.tmpc:\users\Jason\AppData\Local\Temp\{711427C7-89B1-4438-A729-702C8F3ACCC1}\{2075D2E5-45CC-4EB7-A03D-82AF5F520894}.tmpc:\users\Jason\AppData\Local\Temp\{711427C7-89B1-4438-A729-702C8F3ACCC1}\{30437BD9-4E91-4827-B2C3-130B74EE0EE3}.tmpc:\users\Jason\AppData\Local\Temp\{711427C7-89B1-4438-A729-702C8F3ACCC1}\{3E27F9CE-006B-4029-B564-BE846A41CFCB}.tmpc:\users\Jason\AppData\Local\Temp\{711427C7-89B1-4438-A729-702C8F3ACCC1}\{5B6BD186-6D48-4847-990C-52203850B615}.tmpc:\users\Jason\AppData\Local\Temp\{711427C7-89B1-4438-A729-702C8F3ACCC1}\{6288F284-4639-4759-9BA0-B1BD33DCC843}.tmpc:\users\Jason\AppData\Local\Temp\{711427C7-89B1-4438-A729-702C8F3ACCC1}\{731E8F86-353C-4B99-BF7D-E049A951F75A}.tmpc:\users\Jason\AppData\Local\Temp\{711427C7-89B1-4438-A729-702C8F3ACCC1}\{77EEEFC2-881E-4C1F-9954-6CACFD5901FC}.tmpc:\users\Jason\AppData\Local\Temp\{711427C7-89B1-4438-A729-702C8F3ACCC1}\{84A892E6-3D41-4644-A536-0045D46A9935}.tmpc:\users\Jason\AppData\Local\Temp\{711427C7-89B1-4438-A729-702C8F3ACCC1}\{9EEF2869-78F6-41A9-8350-C572219CA71B}.tmpc:\users\Jason\AppData\Local\Temp\{711427C7-89B1-4438-A729-702C8F3ACCC1}\{BFE5D544-6BB0-4083-936E-B22CE467C3A3}.tmpc:\users\Jason\AppData\Local\Temp\{711427C7-89B1-4438-A729-702C8F3ACCC1}\{DD34D43D-BAFE-454F-BE0F-09E94BD3135A}.tmpc:\users\Jason\AppData\Local\Temp\{711427C7-89B1-4438-A729-702C8F3ACCC1}\{EA063470-70C4-4982-9C07-EB209EC08BA7}.tmpc:\users\Jason\AppData\Local\Temp\~nsu.tmp\Au_.exec:\users\Jason\AppData\Local\Temp\1400_10399\crl-setc:\users\Jason\AppData\Local\Temp\1400_10399\manifest.fingerprintc:\users\Jason\AppData\Local\Temp\1400_10399\manifest.jsonc:\users\Jason\AppData\Local\Temp\4696_23491\crl-setc:\users\Jason\AppData\Local\Temp\4696_23491\manifest.fingerprintc:\users\Jason\AppData\Local\Temp\4696_23491\manifest.jsonc:\users\Jason\AppData\Local\Temp\AdobeDownload\DLM.logc:\users\Jason\AppData\Local\Temp\AdobeDownload\DLM_Native.logc:\users\Jason\AppData\Local\Temp\scoped_dir2336_24346\Cookies-journalc:\users\Jason\AppData\Local\Temp\scoped_dir2336_24346\Cookiesc:\users\Jason\AppData\Local\Temp\scoped_dir2336_24346\data_0c:\users\Jason\AppData\Local\Temp\scoped_dir2336_24346\data_1c:\users\Jason\AppData\Local\Temp\scoped_dir2336_24346\data_2c:\users\Jason\AppData\Local\Temp\scoped_dir2336_24346\data_3c:\users\Jason\AppData\Local\Temp\scoped_dir2336_24346\indexc:\users\Jason\AppData\Local\Temp\scoped_dir2668_1535\Cookies-journalc:\users\Jason\AppData\Local\Temp\scoped_dir2668_1535\Cookiesc:\users\Jason\AppData\Local\Temp\scoped_dir2668_1535\data_0c:\users\Jason\AppData\Local\Temp\scoped_dir2668_1535\data_1c:\users\Jason\AppData\Local\Temp\scoped_dir2668_1535\data_2c:\users\Jason\AppData\Local\Temp\scoped_dir2668_1535\data_3c:\users\Jason\AppData\Local\Temp\scoped_dir2668_1535\index..((((((((((((((((((((((((( Files Created from 2013-12-15 to 2014-01-15 )))))))))))))))))))))))))))))))..2014-01-15 15:48 . 2014-01-15 15:48 -------- d-----w- c:\users\Default\AppData\Local\temp2014-01-15 14:48 . 2014-01-15 14:48 -------- d-----w- c:\program files (x86)\ESET2014-01-15 00:04 . 2014-01-15 00:04 -------- d-----w- c:\programdata\KONAMI2014-01-15 00:01 . 2014-01-15 00:01 -------- d-----w- c:\program files (x86)\KONAMI2014-01-14 20:05 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BF67F1E1-D273-4B79-8DA3-3B357619CDB3}\mpengine.dll2014-01-14 20:05 . 2013-11-27 01:41 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys2014-01-14 20:05 . 2013-11-27 01:41 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys2014-01-14 20:05 . 2013-11-27 01:41 53248 ----a-w- c:\windows\system32\drivers\usbehci.sys2014-01-14 20:05 . 2013-11-27 01:41 325120 ----a-w- c:\windows\system32\drivers\usbport.sys2014-01-14 20:05 . 2013-11-27 01:41 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys2014-01-14 20:05 . 2013-11-27 01:41 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys2014-01-14 20:05 . 2013-11-27 01:41 7808 ----a-w- c:\windows\system32\drivers\usbd.sys2014-01-14 20:05 . 2013-11-26 11:40 376768 ----a-w- c:\windows\system32\drivers\netio.sys2014-01-14 20:05 . 2013-11-26 10:32 3156480 ----a-w- c:\windows\system32\win32k.sys2014-01-14 14:48 . 2014-01-14 14:48 -------- d-----w- c:\program files (x86)\AMD AVT2014-01-14 14:48 . 2014-01-14 14:48 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies2014-01-14 14:48 . 2014-01-14 14:48 -------- d-----w- c:\program files\AMD2014-01-14 14:48 . 2014-01-14 14:48 -------- d-----w- c:\program files\Common Files\ATI Technologies2014-01-14 14:47 . 2014-01-14 14:48 -------- d-----w- c:\program files\ATI Technologies2014-01-14 14:47 . 2014-01-14 14:47 -------- d-----w- c:\program files\ATI2014-01-14 14:44 . 2014-01-14 14:44 -------- d-----w- c:\programdata\ATI2014-01-14 14:00 . 2014-01-14 14:00 -------- d-----w- c:\programdata\Malwarebytes2014-01-14 14:00 . 2014-01-15 15:11 117464 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys2014-01-14 14:00 . 2014-01-14 14:21 89304 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys2014-01-14 13:44 . 2014-01-14 13:44 -------- d-----w- c:\windows\048298C9A4D3490B9FF9AB023A9238F3.TMP2014-01-13 22:06 . 2014-01-13 22:06 1577620 ----a-w- c:\windows\SysWow64\scrypt130511Bartsglg2tc4032w64l4.bin...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2014-01-15 03:00 . 2012-04-28 12:16 86054176 ----a-w- c:\windows\system32\MRT.exe2014-01-14 15:06 . 2013-06-14 00:25 291088 ----a-w- c:\windows\SysWow64\PnkBstrB.exe2014-01-14 15:06 . 2013-06-14 00:25 291088 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr2013-12-11 19:47 . 2013-03-06 23:07 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2013-12-11 19:47 . 2013-03-06 23:07 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2013-12-06 22:07 . 2013-12-06 22:07 78432 ----a-w- c:\windows\system32\atimpc64.dll2013-12-06 22:07 . 2013-12-06 22:07 78432 ----a-w- c:\windows\system32\amdpcom64.dll2013-12-06 22:07 . 2013-12-06 22:07 71704 ----a-w- c:\windows\SysWow64\atimpc32.dll2013-12-06 22:07 . 2013-12-06 22:07 71704 ----a-w- c:\windows\SysWow64\amdpcom32.dll2013-12-06 22:04 . 2013-12-06 22:04 143304 ----a-w- c:\windows\system32\atiuxp64.dll2013-12-06 22:03 . 2013-12-06 22:03 126336 ----a-w- c:\windows\SysWow64\atiuxpag.dll2013-12-06 22:03 . 2013-12-06 22:03 115512 ----a-w- c:\windows\system32\atiu9p64.dll2013-12-06 22:02 . 2012-12-19 19:30 98496 ----a-w- c:\windows\SysWow64\atiu9pag.dll2013-12-06 22:01 . 2012-03-09 05:14 1318552 ----a-w- c:\windows\system32\aticfx64.dll2013-12-06 22:01 . 2012-12-19 20:09 1100216 ----a-w- c:\windows\SysWow64\aticfx32.dll2013-12-06 22:00 . 2012-03-09 04:45 9753752 ----a-w- c:\windows\system32\atidxx64.dll2013-12-06 21:59 . 2013-12-06 21:59 8406024 ----a-w- c:\windows\SysWow64\atidxx32.dll2013-12-06 21:59 . 2012-12-19 19:44 8287008 ----a-w- c:\windows\SysWow64\atiumdva.dll2013-12-06 21:58 . 2012-12-19 20:50 6630232 ----a-w- c:\windows\SysWow64\atiumdag.dll2013-12-06 21:57 . 2013-12-06 21:57 8927704 ----a-w- c:\windows\system32\atiumd6a.dll2013-12-06 21:56 . 2013-12-06 21:56 7751920 ----a-w- c:\windows\system32\atiumd64.dll2013-12-06 21:52 . 2013-12-06 21:52 13207552 ----a-w- c:\windows\system32\drivers\atikmdag.sys2013-12-06 21:38 . 2013-12-06 21:38 230912 ----a-w- c:\windows\system32\clinfo.exe2013-12-06 21:38 . 2013-12-06 21:38 1187342 ----a-w- c:\windows\system32\amdocl_as64.exe2013-12-06 21:38 . 2013-12-06 21:38 1061902 ----a-w- c:\windows\system32\amdocl_ld64.exe2013-12-06 21:38 . 2013-12-06 21:38 995342 ----a-w- c:\windows\SysWow64\amdocl_as32.exe2013-12-06 21:38 . 2013-12-06 21:38 798734 ----a-w- c:\windows\SysWow64\amdocl_ld32.exe2013-12-06 21:38 . 2013-12-06 21:38 99840 ----a-w- c:\windows\system32\OpenVideo64.dll2013-12-06 21:38 . 2013-12-06 21:38 83968 ----a-w- c:\windows\SysWow64\OpenVideo.dll2013-12-06 21:38 . 2013-12-06 21:38 86528 ----a-w- c:\windows\system32\OVDecode64.dll2013-12-06 21:38 . 2013-12-06 21:38 73728 ----a-w- c:\windows\SysWow64\OVDecode.dll2013-12-06 21:37 . 2013-12-06 21:37 29382144 ----a-w- c:\windows\system32\amdocl64.dll2013-12-06 21:35 . 2013-12-06 21:35 24860160 ----a-w- c:\windows\SysWow64\amdocl.dll2013-12-06 21:33 . 2013-12-06 21:33 63488 ----a-w- c:\windows\system32\OpenCL.dll2013-12-06 21:33 . 2013-12-06 21:33 57344 ----a-w- c:\windows\SysWow64\OpenCL.dll2013-12-06 21:26 . 2013-12-06 21:26 129536 ----a-w- c:\windows\system32\coinst_13.251.dll2013-12-06 21:16 . 2013-12-06 21:16 26352128 ----a-w- c:\windows\system32\atio6axx.dll2013-12-06 21:13 . 2013-12-06 21:13 368640 ----a-w- c:\windows\system32\atiapfxx.exe2013-12-06 21:12 . 2013-12-06 21:12 62464 ----a-w- c:\windows\system32\aticalrt64.dll2013-12-06 21:12 . 2013-12-06 21:12 52224 ----a-w- c:\windows\SysWow64\aticalrt.dll2013-12-06 21:12 . 2013-12-06 21:12 55808 ----a-w- c:\windows\system32\aticalcl64.dll2013-12-06 21:12 . 2013-12-06 21:12 49152 ----a-w- c:\windows\SysWow64\aticalcl.dll2013-12-06 21:12 . 2013-12-06 21:12 15716352 ----a-w- c:\windows\system32\aticaldd64.dll2013-12-06 21:09 . 2013-12-06 21:09 14302208 ----a-w- c:\windows\SysWow64\aticaldd.dll2013-12-06 20:58 . 2013-12-06 20:58 22157824 ----a-w- c:\windows\SysWow64\atioglxx.dll2013-12-06 20:53 . 2012-12-19 19:57 442368 ----a-w- c:\windows\system32\atidemgy.dll2013-12-06 20:53 . 2013-12-06 20:53 31232 ----a-w- c:\windows\system32\atimuixx.dll2013-12-06 20:53 . 2013-12-06 20:53 588288 ----a-w- c:\windows\system32\atieclxx.exe2013-12-06 20:52 . 2013-12-06 20:52 239616 ----a-w- c:\windows\system32\atiesrxx.exe2013-12-06 20:50 . 2013-12-06 20:50 190976 ----a-w- c:\windows\system32\atitmm64.dll2013-12-06 20:22 . 2013-12-06 20:22 1144320 ----a-w- c:\windows\system32\atiadlxx.dll2013-12-06 20:22 . 2013-12-06 20:22 825344 ----a-w- c:\windows\SysWow64\atiadlxy.dll2013-12-06 20:22 . 2013-12-06 20:22 74752 ----a-w- c:\windows\system32\atig6pxx.dll2013-12-06 20:22 . 2013-12-06 20:22 69632 ----a-w- c:\windows\SysWow64\atiglpxx.dll2013-12-06 20:22 . 2013-12-06 20:22 69632 ----a-w- c:\windows\system32\atiglpxx.dll2013-12-06 20:22 . 2013-12-06 20:22 100352 ----a-w- c:\windows\system32\atig6txx.dll2013-12-06 20:21 . 2013-12-06 20:21 96768 ----a-w- c:\windows\SysWow64\atigktxx.dll2013-12-06 20:21 . 2013-12-06 20:21 626176 ----a-w- c:\windows\system32\drivers\atikmpag.sys2013-12-06 20:18 . 2013-12-06 20:18 43520 ----a-w- c:\windows\system32\drivers\ati2erec.dll2013-12-06 16:49 . 2013-12-06 16:49 51200 ----a-w- c:\windows\system32\kdbsdk64.dll2013-12-06 16:44 . 2013-12-06 16:44 38912 ----a-w- c:\windows\SysWow64\kdbsdk32.dll2013-11-26 12:25 . 2010-11-21 03:27 267936 ------w- c:\windows\system32\MpSigStub.exe2013-11-26 11:54 . 2013-12-12 03:00 23183360 ----a-w- c:\windows\system32\mshtml.dll2013-11-26 10:19 . 2013-12-12 03:00 2724864 ----a-w- c:\windows\system32\mshtml.tlb2013-11-26 10:18 . 2013-12-12 03:00 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll2013-11-26 09:48 . 2013-12-12 03:00 66048 ----a-w- c:\windows\system32\iesetup.dll2013-11-26 09:46 . 2013-12-12 03:00 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll2013-11-26 09:41 . 2013-12-12 03:00 2764288 ----a-w- c:\windows\system32\iertutil.dll2013-11-26 09:29 . 2013-12-12 03:00 53760 ----a-w- c:\windows\system32\jsproxy.dll2013-11-26 09:27 . 2013-12-12 03:00 33792 ----a-w- c:\windows\system32\iernonce.dll2013-11-26 09:23 . 2013-12-12 03:00 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb2013-11-26 09:21 . 2013-12-12 03:00 574976 ----a-w- c:\windows\system32\ieui.dll2013-11-26 09:18 . 2013-12-12 03:00 139264 ----a-w- c:\windows\system32\ieUnatt.exe2013-11-26 09:18 . 2013-12-12 03:00 111616 ----a-w- c:\windows\system32\ieetwcollector.exe2013-11-26 09:16 . 2013-12-12 03:00 708608 ----a-w- c:\windows\system32\jscript9diag.dll2013-11-26 08:57 . 2013-12-12 03:00 218624 ----a-w- c:\windows\system32\ie4uinit.exe2013-11-26 08:35 . 2013-12-12 03:00 5769216 ----a-w- c:\windows\system32\jscript9.dll2013-11-26 08:28 . 2013-12-12 03:00 553472 ----a-w- c:\windows\SysWow64\jscript9diag.dll2013-11-26 08:16 . 2013-12-12 03:00 4243968 ----a-w- c:\windows\SysWow64\jscript9.dll2013-11-26 08:02 . 2013-12-12 03:00 1995264 ----a-w- c:\windows\system32\inetcpl.cpl2013-11-26 07:48 . 2013-12-12 03:00 12996608 ----a-w- c:\windows\system32\ieframe.dll2013-11-26 07:32 . 2013-12-12 03:00 1928192 ----a-w- c:\windows\SysWow64\inetcpl.cpl2013-11-26 07:07 . 2013-12-12 03:00 2334208 ----a-w- c:\windows\system32\wininet.dll2013-11-26 06:40 . 2013-12-12 03:00 1395200 ----a-w- c:\windows\system32\urlmon.dll2013-11-26 06:34 . 2013-12-12 03:00 817664 ----a-w- c:\windows\system32\ieapfltr.dll2013-11-26 06:33 . 2013-12-12 03:00 1820160 ----a-w- c:\windows\SysWow64\wininet.dll2013-11-26 03:00 . 2013-11-26 03:00 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe2013-11-26 03:00 . 2013-11-26 03:00 194048 ----a-w- c:\windows\SysWow64\elshyph.dll2013-11-26 03:00 . 2013-11-26 03:00 942592 ----a-w- c:\windows\system32\jsIntl.dll2013-11-26 03:00 . 2013-11-26 03:00 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe2013-11-26 03:00 . 2013-11-26 03:00 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll2013-11-26 03:00 . 2013-11-26 03:00 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe2013-11-26 03:00 . 2013-11-26 03:00 84992 ----a-w- c:\windows\system32\mshtmled.dll2013-11-26 03:00 . 2013-11-26 03:00 83968 ----a-w- c:\windows\system32\MshtmlDac.dll2013-11-26 03:00 . 2013-11-26 03:00 81408 ----a-w- c:\windows\system32\icardie.dll2013-11-26 03:00 . 2013-11-26 03:00 774144 ----a-w- c:\windows\system32\jscript.dll2013-11-26 03:00 . 2013-11-26 03:00 77312 ----a-w- c:\windows\system32\tdc.ocx2013-11-26 03:00 . 2013-11-26 03:00 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe2013-11-26 03:00 . 2013-11-26 03:00 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe2013-11-26 03:00 . 2013-11-26 03:00 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]2013-04-04 22:12 130736 ----a-w- c:\users\Jason\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]2013-04-04 22:12 130736 ----a-w- c:\users\Jason\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]2013-04-04 22:12 130736 ----a-w- c:\users\Jason\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]2013-04-04 22:12 130736 ----a-w- c:\users\Jason\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"dualmonitor"="c:\program files (x86)\Dual Monitor\DualMonitor.exe" [2013-02-18 478720].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"ASUS AiChargerPlus Execute"="c:\program files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe" [2010-11-08 465536]"KORG USB-MIDI Driver"="c:\program files (x86)\KORG\KORG USB-MIDI Driver\EsHelper2.exe" [2011-03-30 393616]"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]"Adobe Creative Cloud"="c:\program files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" [2013-11-05 2237328]"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2013-12-06 766208].c:\users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk - c:\users\Jason\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968]MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2012-4-19 576000].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0)"PromptOnSecureDesktop"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]"LoadAppInit_DLLs"=1 (0x1).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]"midi4"=KORGUM64.DRV"midi3"=KORGUM64.DRV"midi6"=KORGUM64.DRV"midi7"=KORGUM64.DRV"midi9"=KORGUM64.DRV.R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]R3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Win7 Driver;c:\windows\system32\DRIVERS\wg111v3.sys;c:\windows\SYSNATIVE\DRIVERS\wg111v3.sys [x]R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]S0 AiChargerPlus;ASUS Charger Plus Driver;c:\windows\system32\DRIVERS\AiChargerPlus.sys;c:\windows\SYSNATIVE\DRIVERS\AiChargerPlus.sys [x]S0 asahci64;asahci64;c:\windows\system32\DRIVERS\asahci64.sys;c:\windows\SYSNATIVE\DRIVERS\asahci64.sys [x]S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys;SysWow64\drivers\AsUpIO.sys [x]S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe;c:\program files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe [x]S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe;c:\program files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe [x]S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [x]S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [x]S2 PaceLicenseDServices;PACE License Services;c:\program files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe;c:\program files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe [x]S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]S3 firefaceu64;RME Fireface USB Audio Device;c:\windows\system32\drivers\fireface_usb_64.sys;c:\windows\SYSNATIVE\drivers\fireface_usb_64.sys [x]S3 iLokDrvr;Usb Driver;c:\windows\system32\DRIVERS\iLokDrvr.sys;c:\windows\SYSNATIVE\DRIVERS\iLokDrvr.sys [x]S3 KORGUMDS;KORG USB-MIDI Driver for Windows;c:\windows\system32\Drivers\KORGUM64.SYS;c:\windows\SYSNATIVE\Drivers\KORGUM64.SYS [x]S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]S3 synusb64;eLicenser;c:\windows\system32\DRIVERS\synusb64.sys;c:\windows\SYSNATIVE\DRIVERS\synusb64.sys [x]S3 teVirtualMIDI64;teVirtualMIDI - Virtual MIDI Driver x64;c:\windows\system32\DRIVERS\teVirtualMIDI64.sys;c:\windows\SYSNATIVE\DRIVERS\teVirtualMIDI64.sys [x]..--- Other Services/Drivers In Memory ---.*NewlyCreated* - PGRDYPOW*Deregistered* - pgrdypow.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2013-12-11 19:27 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe.Contents of the 'Scheduled Tasks' folder.2014-01-15 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-06 19:47].2014-01-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-06 23:24].2014-01-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-06 23:24]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco1]@="{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}"[HKEY_CLASSES_ROOT\CLSID\{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}]2013-10-16 18:02 3358064 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco2]@="{853B7E05-C47D-4985-909A-D0DC5C6D7303}"[HKEY_CLASSES_ROOT\CLSID\{853B7E05-C47D-4985-909A-D0DC5C6D7303}]2013-10-16 18:02 3358064 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco3]@="{42D38F2E-98E9-4382-B546-E24E4D6D04BB}"[HKEY_CLASSES_ROOT\CLSID\{42D38F2E-98E9-4382-B546-E24E4D6D04BB}]2013-10-16 18:02 3358064 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]2013-04-04 22:12 164016 ----a-w- c:\users\Jason\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]2013-04-04 22:12 164016 ----a-w- c:\users\Jason\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]2013-04-04 22:12 164016 ----a-w- c:\users\Jason\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]2013-04-04 22:12 164016 ----a-w- c:\users\Jason\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-04-02 170264]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-04-02 398104]"Persistence"="c:\windows\system32\igfxpers.exe" [2012-04-02 440600]"FirefaceUsbTray1"="firefaceusb.exe" [2012-05-17 91648]"FirefaceMixTray2"="TotalMixFX.exe" [2012-05-17 3796992]"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2013-09-25 472984].[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Drivers32]"midi4"=KORGUM64.DRV"midi3"=KORGUM64.DRV"midi6"=KORGUM64.DRV"midi7"=KORGUM64.DRV"midi9"=KORGUM64.DRV.------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmuStart Page = about:blankmLocal Page = c:\windows\SysWOW64\blank.htmTCP: DhcpNameServer = 192.168.1.254TCP: Interfaces\{230210AB-0460-4546-A0C7-D451BD2647CC}: NameServer = 155.198.142.7 155.198.142.8.- - - - ORPHANS REMOVED - - - -.SafeBoot-18482592.sysAddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe...[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PaceLicenseDServices]"ImagePath"="\"c:\program files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe\" -u https://activation.paceap.com/InitiateActivation".--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Completion time: 2014-01-15 15:50:04ComboFix-quarantined-files.txt 2014-01-15 15:50.Pre-Run: 20,643,483,648 bytes freePost-Run: 20,648,615,936 bytes free.- - End Of File - - 5BA396970CD1BFF4484A085D1BA981C0A36C5E4F47E84449FF07ED3517B43A31 ComboFix.txt Link to post Share on other sites More sharing options...
jasonf Posted January 15, 2014 Author ID:778205 Share Posted January 15, 2014 OTL LogOTL.Txt Link to post Share on other sites More sharing options...
jasonf Posted January 15, 2014 Author ID:778206 Share Posted January 15, 2014 The question now is, what do I copy-paste into the OTL fix window? Many thanks for your help! Link to post Share on other sites More sharing options...
Staff gringo_pr Posted January 21, 2014 Staff ID:780962 Share Posted January 21, 2014 Hello jasonf I would like to welcome you to the Malware Removal section of the forum. Around here they call me Gringo and I will be glad to help you with your malware problems. Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster. NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer. NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions. Sorry we did not get to you but by replying to your own topic it made it look like someone was already helping you I would like you to run this program for me. Please download Farbar Recovery Scan Tool and save it to your desktop. Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.Double-click to run it. When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.Gringo Link to post Share on other sites More sharing options...
jasonf Posted January 21, 2014 Author ID:781060 Share Posted January 21, 2014 Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-01-2014Ran by Jason (administrator) on MACHINE on 21-01-2014 21:25:11Running from C:\Users\Jason\DesktopWindows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)Internet Explorer Version 11Boot Mode: Normal The only official download link for FRST:Download link for 32-Bit version: Download link for 64-Bit Version: Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\System32\atiesrxx.exe(AMD) C:\Windows\System32\atieclxx.exe() C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe(RME) C:\Windows\System32\firefaceusb.exe(RME) C:\Windows\System32\TotalMixFX.exe(Cristi) C:\Program Files (x86)\Dual Monitor\DualMonitor.exe(Dropbox, Inc.) C:\Users\Jason\AppData\Roaming\Dropbox\bin\Dropbox.exe(MagicISO, Inc.) C:\Program Files (x86)\MagicDisc\MagicDisc.exe(ASUSTek Computer Inc.) C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe(KORG Inc.) C:\Program Files (x86)\KORG\KORG USB-MIDI Driver\EsHelper2.exe(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe() C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe() C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe(PACE Anti-Piracy, Inc.) C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe() C:\Windows\SysWOW64\PnkBstrA.exe(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [FirefaceUsbTray1] - C:\Windows\system32\firefaceusb.exe [91648 2012-05-17] (RME)HKLM\...\Run: [FirefaceMixTray2] - C:\Windows\system32\TotalMixFX.exe [3796992 2012-05-17] (RME)HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-09-25] (Adobe Systems Incorporated)HKLM-x32\...\Run: [ASUS AiChargerPlus Execute] - C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe [465536 2010-11-08] (ASUSTek Computer Inc.)HKLM-x32\...\Run: [KORG USB-MIDI Driver] - C:\Program Files (x86)\KORG\KORG USB-MIDI Driver\EsHelper2.exe [393616 2011-03-30] (KORG Inc.)HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)HKLM-x32\...\Run: [Adobe Creative Cloud] - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2237328 2013-11-05] (Adobe Systems Incorporated)HKLM-x32\...\Run: [startCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)HKCU\...\Run: [dualmonitor] - C:\Program Files (x86)\Dual Monitor\DualMonitor.exe [478720 2013-02-18] (Cristi)Startup: C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnkShortcutTarget: Dropbox.lnk -> C:\Users\Jason\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)Startup: C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnkShortcutTarget: MagicDisc.lnk -> C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankStartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exeTcpip\Parameters: [DhcpNameServer] 192.168.1.254Tcpip\..\Interfaces\{230210AB-0460-4546-A0C7-D451BD2647CC}: [NameServer]155.198.142.7 155.198.142.8 Chrome: =======CHR DefaultSearchKeyword: google.co.ukCHR Plugin: (Remoting Viewer) - internal-remoting-viewerCHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll ()CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\pdf.dll ()CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\gcswf32.dll No FileCHR Plugin: (Google Update) - C:\Users\Jason\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No FileCHR Extension: (YouTube) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-04-18]CHR Extension: (Google Search) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-04-18]CHR Extension: (Google Wallet) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-16]CHR Extension: (Gmail) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-04-18]CHR HKCU\...\Chrome\Extension: [fcoadpabahabkmdndndlimfikephnoka] - C:\Users\Jason\AppData\Local\CRE\fcoadpabahabkmdndndlimfikephnoka.crx [2012-04-17]CHR HKLM-x32\...\Chrome\Extension: [fcoadpabahabkmdndndlimfikephnoka] - C:\Users\Jason\AppData\Local\CRE\fcoadpabahabkmdndndlimfikephnoka.crx [2012-04-17] ==================== Services (Whitelisted) ================= R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe [922240 2011-06-13] ()R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe [915584 2010-12-02] ()R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [586880 2010-10-21] ()R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-06-14] () ==================== Drivers (Whitelisted) ==================== R0 AiChargerPlus; C:\Windows\System32\DRIVERS\AiChargerPlus.sys [14464 2010-11-08] (ASUSTek Computer Inc.)R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [36448 2011-03-23] (Asmedia Technology)R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] ()R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()R3 firefaceu64; C:\Windows\System32\drivers\fireface_usb_64.sys [101760 2012-05-17] (RME)R3 iLokDrvr; C:\Windows\System32\DRIVERS\iLokDrvr.sys [25808 2013-06-11] ()R3 KORGUMDS; C:\Windows\System32\Drivers\KORGUM64.SYS [33656 2011-03-30] (KORG INC.)S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [89304 2014-01-14] (Malwarebytes Corporation)R3 synusb64; C:\Windows\System32\DRIVERS\synusb64.sys [30352 2011-12-14] (Steinberg Media Technologies GmbH)R3 teVirtualMIDI64; C:\Windows\System32\DRIVERS\teVirtualMIDI64.sys [28160 2011-06-26] (Tobias Erichsen)S3 catchme; \??\C:\ComboFix\catchme.sys [x]S3 VGPU; System32\drivers\rdvgkmd.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-01-21 21:25 - 2014-01-21 21:25 - 00009534 _____ C:\Users\Jason\Desktop\FRST.txt2014-01-21 21:24 - 2014-01-21 21:24 - 02077184 _____ (Farbar) C:\Users\Jason\Desktop\FRST64.exe2014-01-21 21:24 - 2014-01-21 21:24 - 00000000 ____D C:\FRST2014-01-21 17:37 - 2014-01-21 17:37 - 00002412 _____ C:\Users\Jason\Desktop\home.php2014-01-18 15:32 - 2014-01-18 15:34 - 154656959 _____ C:\Users\Jason\Desktop\pics.zip2014-01-18 14:46 - 2014-01-18 15:31 - 00000000 ____D C:\Users\Jason\Desktop\pics2014-01-15 17:56 - 2014-01-15 17:56 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_xusb21_01009.Wdf2014-01-15 16:20 - 2014-01-15 16:20 - 00000000 ____D C:\_OTL2014-01-15 15:56 - 2014-01-15 15:56 - 00072004 _____ C:\Users\Jason\Desktop\OTL.Txt2014-01-15 15:50 - 2014-01-15 15:50 - 00027369 _____ C:\ComboFix.txt2014-01-15 15:45 - 2014-01-15 15:50 - 00000000 ____D C:\Qoobox2014-01-15 15:45 - 2014-01-15 15:50 - 00000000 ____D C:\ComboFix2014-01-15 15:45 - 2014-01-15 15:45 - 05165717 ____R (Swearware) C:\Users\Jason\Desktop\ComboFix.exe2014-01-15 15:45 - 2011-06-26 06:45 - 00256000 _____ C:\Windows\PEV.exe2014-01-15 15:45 - 2010-11-07 17:20 - 00208896 _____ C:\Windows\MBR.exe2014-01-15 15:45 - 2009-04-20 04:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe2014-01-15 15:45 - 2000-08-31 00:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe2014-01-15 15:45 - 2000-08-31 00:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe2014-01-15 15:45 - 2000-08-31 00:00 - 00098816 _____ C:\Windows\sed.exe2014-01-15 15:45 - 2000-08-31 00:00 - 00080412 _____ C:\Windows\grep.exe2014-01-15 15:45 - 2000-08-31 00:00 - 00068096 _____ C:\Windows\zip.exe2014-01-15 15:42 - 2014-01-15 15:42 - 00003500 _____ C:\Users\Jason\Desktop\RKreport[0]_S_01152014_154229.txt2014-01-15 15:42 - 2014-01-15 15:42 - 00003076 _____ C:\Users\Jason\Desktop\RKreport[0]_D_01152014_154247.txt2014-01-15 15:33 - 2014-01-15 15:33 - 00003731 _____ C:\Users\Jason\Desktop\mbar-logs.zip2014-01-15 15:30 - 2014-01-15 15:30 - 00000000 _____ C:\Users\Jason\Desktop\ark.txt2014-01-15 15:28 - 2014-01-15 15:28 - 00377856 _____ C:\Users\Jason\Desktop\it34572y.exe2014-01-15 15:25 - 2014-01-15 15:25 - 00003467 _____ C:\Users\Jason\Desktop\RKreport[0]_S_01152014_152557.txt2014-01-15 15:21 - 2014-01-15 15:42 - 00000000 ____D C:\Users\Jason\Desktop\RK_Quarantine2014-01-15 15:18 - 2014-01-15 15:18 - 00011102 _____ C:\Users\Jason\Desktop\attach.txt2014-01-15 15:18 - 2014-01-15 15:17 - 00016261 _____ C:\Users\Jason\Desktop\dds.txt2014-01-15 15:14 - 2014-01-15 15:22 - 04406272 _____ C:\Users\Jason\Desktop\RogueKillerX64.exe2014-01-15 15:11 - 2014-01-17 14:43 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)2014-01-15 15:10 - 2014-01-15 15:10 - 00688992 ____R (Swearware) C:\Users\Jason\Desktop\dds.scr2014-01-15 15:06 - 2014-01-15 15:45 - 00000000 ____D C:\AdwCleaner2014-01-15 14:57 - 2014-01-15 14:57 - 01236282 _____ C:\Users\Jason\Desktop\adwcleaner.exe2014-01-15 14:49 - 2014-01-15 14:49 - 00602112 _____ (OldTimer Tools) C:\Users\Jason\Desktop\OTL.exe2014-01-15 00:04 - 2014-01-15 00:04 - 00000000 ____D C:\ProgramData\KONAMI2014-01-15 00:03 - 2014-01-15 00:03 - 00001242 _____ C:\Users\Jason\Desktop\Pro Evolution Soccer 2014.lnk2014-01-15 00:01 - 2014-01-15 00:01 - 00000000 ____D C:\Program Files (x86)\KONAMI2014-01-14 20:05 - 2013-11-27 01:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys2014-01-14 20:05 - 2013-11-27 01:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys2014-01-14 20:05 - 2013-11-27 01:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys2014-01-14 20:05 - 2013-11-27 01:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys2014-01-14 20:05 - 2013-11-27 01:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys2014-01-14 20:05 - 2013-11-27 01:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys2014-01-14 20:05 - 2013-11-27 01:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys2014-01-14 20:05 - 2013-11-26 11:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys2014-01-14 20:05 - 2013-11-26 10:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys2014-01-14 14:48 - 2014-01-14 14:48 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies2014-01-14 14:48 - 2014-01-14 14:48 - 00000000 ____D C:\Program Files\AMD2014-01-14 14:48 - 2014-01-14 14:48 - 00000000 ____D C:\Program Files (x86)\AMD AVT2014-01-14 14:47 - 2014-01-14 14:48 - 00000000 ____D C:\Program Files\ATI Technologies2014-01-14 14:47 - 2014-01-14 14:47 - 00000000 ____D C:\Program Files\ATI2014-01-14 14:44 - 2014-01-14 14:44 - 00000000 ____D C:\ProgramData\ATI2014-01-14 14:27 - 2014-01-15 15:45 - 00000000 ____D C:\Windows\erdnt2014-01-14 14:26 - 2014-01-14 14:26 - 00987410 _____ C:\Users\Jason\Desktop\SecurityCheck.exe2014-01-14 14:17 - 2014-01-14 13:58 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\Jason\Desktop\tdsskiller.exe2014-01-14 14:11 - 2014-01-14 14:11 - 00000000 _____ C:\Windows\system32\Drivers\IGDKMD~1.BAK2014-01-14 14:00 - 2014-01-17 14:43 - 00000000 ____D C:\Users\Jason\Desktop\mbar2014-01-14 14:00 - 2014-01-17 13:06 - 00117464 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-01-14 14:00 - 2014-01-14 14:21 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2014-01-14 14:00 - 2014-01-14 14:00 - 00000000 ____D C:\ProgramData\Malwarebytes2014-01-14 13:51 - 2014-01-20 13:12 - 00001946 _____ C:\Windows\setupact.log2014-01-14 13:51 - 2014-01-14 13:51 - 00000000 _____ C:\Windows\setuperr.log2014-01-13 22:06 - 2014-01-13 22:06 - 01577620 _____ C:\Windows\SysWOW64\scrypt130511Bartsglg2tc4032w64l4.bin ==================== One Month Modified Files and Folders ======= 2014-01-21 21:25 - 2014-01-21 21:25 - 00009534 _____ C:\Users\Jason\Desktop\FRST.txt2014-01-21 21:24 - 2014-01-21 21:24 - 02077184 _____ (Farbar) C:\Users\Jason\Desktop\FRST64.exe2014-01-21 21:24 - 2014-01-21 21:24 - 00000000 ____D C:\FRST2014-01-21 20:47 - 2013-03-06 23:07 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job2014-01-21 20:33 - 2013-03-06 23:02 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2014-01-21 20:04 - 2012-04-18 13:11 - 02020927 _____ C:\Windows\WindowsUpdate.log2014-01-21 17:37 - 2014-01-21 17:37 - 00002412 _____ C:\Users\Jason\Desktop\home.php2014-01-21 17:36 - 2013-11-25 18:04 - 00001456 _____ C:\Users\Jason\AppData\Local\Adobe Save for Web 13.0 Prefs2014-01-21 17:29 - 2013-11-25 18:05 - 00000132 _____ C:\Users\Jason\AppData\Roaming\Adobe PNG Format CC Prefs2014-01-21 14:01 - 2012-06-05 15:13 - 00003922 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{03AC7533-B12B-4D37-9B0D-BC2B440BE324}2014-01-21 02:00 - 2013-02-09 00:15 - 00000000 ____D C:\Users\Jason\AppData\Local\Adobe2014-01-21 00:33 - 2013-03-06 23:02 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2014-01-20 13:19 - 2009-07-14 04:45 - 00021888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02014-01-20 13:19 - 2009-07-14 04:45 - 00021888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02014-01-20 13:18 - 2009-07-14 05:13 - 00782510 _____ C:\Windows\system32\PerfStringBackup.INI2014-01-20 13:13 - 2013-04-03 19:24 - 00000000 ____D C:\Users\Jason\AppData\Roaming\Dropbox2014-01-20 13:12 - 2014-01-14 13:51 - 00001946 _____ C:\Windows\setupact.log2014-01-20 13:12 - 2009-07-14 05:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT2014-01-18 15:34 - 2014-01-18 15:32 - 154656959 _____ C:\Users\Jason\Desktop\pics.zip2014-01-18 15:31 - 2014-01-18 14:46 - 00000000 ____D C:\Users\Jason\Desktop\pics2014-01-18 10:56 - 2013-04-03 19:25 - 00001024 _____ C:\Users\Jason\Desktop\Dropbox.lnk2014-01-18 10:56 - 2013-04-03 19:24 - 00000000 ____D C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox2014-01-18 10:56 - 2012-04-18 13:11 - 00000000 ___RD C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup2014-01-17 14:43 - 2014-01-15 15:11 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)2014-01-17 14:43 - 2014-01-14 14:00 - 00000000 ____D C:\Users\Jason\Desktop\mbar2014-01-17 13:06 - 2014-01-14 14:00 - 00117464 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-01-16 14:34 - 2013-03-06 23:03 - 00002189 _____ C:\Users\Public\Desktop\Google Chrome.lnk2014-01-15 17:56 - 2014-01-15 17:56 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_xusb21_01009.Wdf2014-01-15 16:21 - 2010-11-21 03:47 - 00125184 _____ C:\Windows\PFRO.log2014-01-15 16:20 - 2014-01-15 16:20 - 00000000 ____D C:\_OTL2014-01-15 15:56 - 2014-01-15 15:56 - 00072004 _____ C:\Users\Jason\Desktop\OTL.Txt2014-01-15 15:50 - 2014-01-15 15:50 - 00027369 _____ C:\ComboFix.txt2014-01-15 15:50 - 2014-01-15 15:45 - 00000000 ____D C:\Qoobox2014-01-15 15:50 - 2014-01-15 15:45 - 00000000 ____D C:\ComboFix2014-01-15 15:48 - 2009-07-14 02:34 - 00000215 _____ C:\Windows\system.ini2014-01-15 15:45 - 2014-01-15 15:45 - 05165717 ____R (Swearware) C:\Users\Jason\Desktop\ComboFix.exe2014-01-15 15:45 - 2014-01-15 15:06 - 00000000 ____D C:\AdwCleaner2014-01-15 15:45 - 2014-01-14 14:27 - 00000000 ____D C:\Windows\erdnt2014-01-15 15:42 - 2014-01-15 15:42 - 00003500 _____ C:\Users\Jason\Desktop\RKreport[0]_S_01152014_154229.txt2014-01-15 15:42 - 2014-01-15 15:42 - 00003076 _____ C:\Users\Jason\Desktop\RKreport[0]_D_01152014_154247.txt2014-01-15 15:42 - 2014-01-15 15:21 - 00000000 ____D C:\Users\Jason\Desktop\RK_Quarantine2014-01-15 15:33 - 2014-01-15 15:33 - 00003731 _____ C:\Users\Jason\Desktop\mbar-logs.zip2014-01-15 15:30 - 2014-01-15 15:30 - 00000000 _____ C:\Users\Jason\Desktop\ark.txt2014-01-15 15:28 - 2014-01-15 15:28 - 00377856 _____ C:\Users\Jason\Desktop\it34572y.exe2014-01-15 15:25 - 2014-01-15 15:25 - 00003467 _____ C:\Users\Jason\Desktop\RKreport[0]_S_01152014_152557.txt2014-01-15 15:22 - 2014-01-15 15:14 - 04406272 _____ C:\Users\Jason\Desktop\RogueKillerX64.exe2014-01-15 15:18 - 2014-01-15 15:18 - 00011102 _____ C:\Users\Jason\Desktop\attach.txt2014-01-15 15:17 - 2014-01-15 15:18 - 00016261 _____ C:\Users\Jason\Desktop\dds.txt2014-01-15 15:10 - 2014-01-15 15:10 - 00688992 ____R (Swearware) C:\Users\Jason\Desktop\dds.scr2014-01-15 14:57 - 2014-01-15 14:57 - 01236282 _____ C:\Users\Jason\Desktop\adwcleaner.exe2014-01-15 14:49 - 2014-01-15 14:49 - 00602112 _____ (OldTimer Tools) C:\Users\Jason\Desktop\OTL.exe2014-01-15 14:13 - 2009-07-14 04:45 - 04965080 _____ C:\Windows\system32\FNTCACHE.DAT2014-01-15 03:01 - 2013-08-15 02:00 - 00000000 ____D C:\Windows\system32\MRT2014-01-15 03:00 - 2012-04-28 12:16 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2014-01-15 00:04 - 2014-01-15 00:04 - 00000000 ____D C:\ProgramData\KONAMI2014-01-15 00:03 - 2014-01-15 00:03 - 00001242 _____ C:\Users\Jason\Desktop\Pro Evolution Soccer 2014.lnk2014-01-15 00:01 - 2014-01-15 00:01 - 00000000 ____D C:\Program Files (x86)\KONAMI2014-01-14 15:06 - 2013-06-14 00:25 - 00291088 _____ C:\Windows\SysWOW64\PnkBstrB.xtr2014-01-14 15:06 - 2013-06-14 00:25 - 00291088 _____ C:\Windows\SysWOW64\PnkBstrB.exe2014-01-14 15:05 - 2013-06-12 23:21 - 00000000 ____D C:\Program Files (x86)\Origin2014-01-14 14:48 - 2014-01-14 14:48 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies2014-01-14 14:48 - 2014-01-14 14:48 - 00000000 ____D C:\Program Files\AMD2014-01-14 14:48 - 2014-01-14 14:48 - 00000000 ____D C:\Program Files (x86)\AMD AVT2014-01-14 14:48 - 2014-01-14 14:47 - 00000000 ____D C:\Program Files\ATI Technologies2014-01-14 14:48 - 2013-07-31 21:52 - 00000000 ____D C:\ProgramData\Package Cache2014-01-14 14:48 - 2012-04-18 13:33 - 00000000 ____D C:\ProgramData\AMD2014-01-14 14:47 - 2014-01-14 14:47 - 00000000 ____D C:\Program Files\ATI2014-01-14 14:47 - 2013-07-31 21:54 - 00766376 _____ C:\Windows\SysWOW64\PerfStringBackup.INI2014-01-14 14:44 - 2014-01-14 14:44 - 00000000 ____D C:\ProgramData\ATI2014-01-14 14:26 - 2014-01-14 14:26 - 00987410 _____ C:\Users\Jason\Desktop\SecurityCheck.exe2014-01-14 14:21 - 2014-01-14 14:00 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2014-01-14 14:20 - 2009-07-14 03:20 - 00000000 __RSD C:\Windows\Media2014-01-14 14:11 - 2014-01-14 14:11 - 00000000 _____ C:\Windows\system32\Drivers\IGDKMD~1.BAK2014-01-14 14:00 - 2014-01-14 14:00 - 00000000 ____D C:\ProgramData\Malwarebytes2014-01-14 13:58 - 2014-01-14 14:17 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\Jason\Desktop\tdsskiller.exe2014-01-14 13:51 - 2014-01-14 13:51 - 00000000 _____ C:\Windows\setuperr.log2014-01-14 13:49 - 2012-04-18 13:30 - 00000000 ____D C:\Windows\Minidump2014-01-14 00:29 - 2012-05-12 23:24 - 00000000 ____D C:\Program Files (x86)\Dual Monitor2014-01-13 22:25 - 2012-05-20 22:56 - 00000000 ____D C:\Program Files (x86)\Steam2014-01-13 22:06 - 2014-01-13 22:06 - 01577620 _____ C:\Windows\SysWOW64\scrypt130511Bartsglg2tc4032w64l4.bin2014-01-13 22:03 - 2013-06-12 23:22 - 00000000 ____D C:\Users\Jason\AppData\Roaming\Origin2014-01-13 16:22 - 2012-05-14 19:49 - 00000000 ____D C:\Users\Jason\AppData\Roaming\uTorrent ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\SysWOW64\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\SysWOW64\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\rpcss.dll => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-01-19 00:43 ==================== End Of Log ============================ Link to post Share on other sites More sharing options...
jasonf Posted January 21, 2014 Author ID:781062 Share Posted January 21, 2014 Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-01-2014Ran by Jason at 2014-01-21 21:25:32Running from C:\Users\Jason\DesktopBoot Mode: Normal========================================================== ==================== Security Center ======================== AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== µTorrent (x32 Version: 3.3.0.29625 - BitTorrent Inc.)7-Zip 9.20 (x64 edition) (Version: 9.20.00.0 - Igor Pavlov)Adobe Bridge CC (64 Bit) (x32 Version: 6.0 - Adobe Systems Incorporated)Adobe Creative Cloud (x32 Version: 2.2.1.260 - Adobe Systems Incorporated)Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)Adobe Photoshop CC (x32 Version: 14.0 - Adobe Systems Incorporated)AI Suite II (x32 Version: 1.01.40 - ASUSTeK Computer Inc.)AMD Accelerated Video Transcoding (Version: 13.20.100.31206 - Advanced Micro Devices, Inc.) HiddenAMD Catalyst Control Center (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) HiddenAMD Catalyst Install Manager (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) HiddenAMD Media Foundation Decoders (Version: 1.0.81206.1620 - Advanced Micro Devices, Inc.) HiddenAMD Wireless Display v3.0 (Version: 1.0.0.14 - Advanced Micro Devices, Inc.) HiddenApple Application Support (x32 Version: 2.3 - Apple Inc.)Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)Asmedia ASM104x USB 3.0 Host Controller Driver (x32 Version: 1.14.3.0 - Asmedia Technology)Asmedia ASM106x SATA Host Controller Driver (x32 Version: 1.2.2.000 - Asmedia Technology)Battlefield 3™ (x32 Version: 1.6.0.0 - Electronic Arts)Battlelog Web Plugins (x32 Version: 2.1.7 - EA Digital Illusions CE AB)Bitcoin (HKCU Version: 0.8.5 - Bitcoin project)Blend for Visual Studio Add-in for Adobe FXG Import (x32 Version: 1.0.40218.0 - Microsoft Corporation) HiddenBlend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) HiddenBlend for Visual Studio SDK for Silverlight 5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) HiddenCamel Audio Alchemy64 (x32 Version: 1.25.0 - Camel Audio)Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) HiddenCatalyst Control Center Graphics Previews Common (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) HiddenCatalyst Control Center InstallProxy (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) HiddenCatalyst Control Center Localization All (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) HiddenCCC Help Chinese Standard (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) HiddenCCC Help Chinese Traditional (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) HiddenCCC Help Czech (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) HiddenCCC Help Danish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) HiddenCCC Help Dutch (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) HiddenCCC Help English (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) HiddenCCC Help Finnish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) HiddenCCC Help French (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) HiddenCCC Help German (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) HiddenCCC Help Greek (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) HiddenCCC Help Hungarian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) HiddenCCC Help Italian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) HiddenCCC Help Japanese (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) HiddenCCC Help Korean (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) HiddenCCC Help Norwegian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) HiddenCCC Help Polish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) HiddenCCC Help Portuguese (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) HiddenCCC Help Russian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) HiddenCCC Help Spanish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) HiddenCCC Help Swedish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) HiddenCCC Help Thai (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) HiddenCCC Help Turkish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hiddenccc-utility64 (Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) HiddenDropbox (HKCU Version: 2.4.11 - Dropbox, Inc.)Dual Monitor 1.22 (x32 Version: 1.22.021813 - Cristi Diaconu)eLicenser Control (x32 Version: - Steinberg Media Technologies GmbH)Entity Framework Designer for Visual Studio 2012 - enu (x32 Version: 11.1.20810.00 - Microsoft Corporation)FabFilter Total Bundle (64-bit) (x32 Version: - )Feathercoin 0.6.4.4-URI-Update (x32 Version: 0.6.4.4-URI-Update - Feathercoin)FileZilla Client 3.7.3 (x32 Version: 3.7.3 - Tim Kosse)FLAC 1.2.1b (remove only) (x32 Version: 1.2.1b - Xiph.org)Google Chrome (x32 Version: 32.0.1700.76 - Google Inc.)Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) HiddeniLok Client Helper (x32 Version: 5.9.7 - PACE Anti-Piracy, Inc.)iLok Client Helper (x32 Version: 5.9.7 - PACE Anti-Piracy, Inc.) HiddenIntel® OpenCL CPU Runtime (x32 Version: - Intel Corporation)Intel® Processor Graphics (x32 Version: 8.15.10.2598 - Intel Corporation)Interlok driver setup x64 (Version: 5.9.7 - PACE Anti-Piracy, Inc.)iZotope Ozone 5 Advanced (x32 Version: 5.03 - iZotope, Inc.)KORG USB-MIDI Driver Tools for Windows (x32 Version: 1.13.0601 - Korg Inc.)loopMIDI (x32 Version: 1.0.2.10 - Tobias Erichsen)MagicDisc 2.7.106 (x32 Version: - )Microsoft .NET Framework 4 Multi-Targeting Pack (x32 Version: 4.0.30319 - Microsoft Corporation) HiddenMicrosoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) HiddenMicrosoft .NET Framework 4.5 Multi-Targeting Pack (x32 Version: 4.5.50709 - Microsoft Corporation)Microsoft .NET Framework 4.5 SDK (x32 Version: 4.5.50709 - Microsoft Corporation)Microsoft Expression Blend SDK for .NET 4 (x32 Version: 2.0.20525.0 - Microsoft Corporation) HiddenMicrosoft Expression Blend SDK for Silverlight 4 (x32 Version: 2.0.20525.0 - Microsoft Corporation) HiddenMicrosoft Help Viewer 2.0 (x32 Version: 2.0.50727 - Microsoft Corporation)Microsoft Help Viewer 2.0 (x32 Version: 2.0.50727 - Microsoft Corporation) HiddenMicrosoft NuGet - Visual Studio Express 2012 for Windows Desktop (x32 Version: 2.0.30717.9005 - Microsoft Corporation) HiddenMicrosoft Portable Library Multi-Targeting Pack (x32 Version: 11.0.60418.17931 - Microsoft Corporation) HiddenMicrosoft SQL Server 2012 Command Line Utilities (Version: 11.0.2100.60 - Microsoft Corporation)Microsoft SQL Server 2012 Data-Tier App Framework (Version: 11.0.2316.0 - Microsoft Corporation)Microsoft SQL Server 2012 Data-Tier App Framework (x32 Version: 11.0.2316.0 - Microsoft Corporation)Microsoft SQL Server 2012 Express LocalDB (Version: 11.0.2100.60 - Microsoft Corporation)Microsoft SQL Server 2012 Management Objects (x32 Version: 11.0.2100.60 - Microsoft Corporation)Microsoft SQL Server 2012 Management Objects (x64) (Version: 11.0.2100.60 - Microsoft Corporation)Microsoft SQL Server 2012 Native Client (Version: 11.0.2100.60 - Microsoft Corporation)Microsoft SQL Server 2012 Transact-SQL Compiler Service (Version: 11.0.2100.60 - Microsoft Corporation)Microsoft SQL Server 2012 Transact-SQL ScriptDom (Version: 11.0.2100.60 - Microsoft Corporation)Microsoft SQL Server 2012 T-SQL Language Service (x32 Version: 11.0.2100.60 - Microsoft Corporation)Microsoft SQL Server Compact 4.0 SP1 x64 ENU (Version: 4.0.8876.1 - Microsoft Corporation)Microsoft SQL Server Data Tools - enu (11.1.20828.01) (x32 Version: 11.1.20828.01 - Microsoft Corporation)Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20828.01) (x32 Version: 11.1.20828.01 - Microsoft Corporation)Microsoft System CLR Types for SQL Server 2012 (x32 Version: 11.0.2100.60 - Microsoft Corporation)Microsoft System CLR Types for SQL Server 2012 (x64) (Version: 11.0.2100.60 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2012 32bit Compilers - ENU Resources (x32 Version: 11.0.60610 - Microsoft Corporation) HiddenMicrosoft Visual C++ 2012 Core Libraries (x32 Version: 11.0.51106 - Microsoft Corporation) HiddenMicrosoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (x32 Version: 11.0.50727.1 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (x32 Version: 11.0.50727.1 - Microsoft Corporation)Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) HiddenMicrosoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) HiddenMicrosoft Visual C++ 2012 x64 Debug Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) HiddenMicrosoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) HiddenMicrosoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) HiddenMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) HiddenMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) HiddenMicrosoft Visual C++ 2012 x86 Debug Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) HiddenMicrosoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) HiddenMicrosoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) HiddenMicrosoft Visual C++ 2012 x86-x64 Compilers (x32 Version: 11.0.50727 - Microsoft Corporation) HiddenMicrosoft Visual C++ 2012 x86-x64 Compilers (x32 Version: 11.0.60610 - Microsoft Corporation) HiddenMicrosoft Visual Studio 2012 Express Prerequisites x64 - ENU (Version: 11.0.50727 - Microsoft Corporation) HiddenMicrosoft Visual Studio 2012 Preparation (x32 Version: 11.0.50727 - Microsoft Corporation) HiddenMicrosoft Visual Studio 2012 Shell (Minimum) (x32 Version: 11.0.50727 - Microsoft Corporation) HiddenMicrosoft Visual Studio 2012 Shell (Minimum) Interop Assemblies (x32 Version: 11.0.50727 - Microsoft Corporation) HiddenMicrosoft Visual Studio 2012 Shell (Minimum) Resources (x32 Version: 11.0.50727 - Microsoft Corporation) HiddenMicrosoft Visual Studio 2012 Tools for SQL Server Compact 4.0 SP1 ENU (x32 Version: 4.0.8876.1 - Microsoft Corporation) HiddenMicrosoft Visual Studio Express 2012 for Windows Desktop - ENU (x32 Version: 11.0.50727 - Microsoft Corporation) HiddenMicrosoft Visual Studio Express 2012 for Windows Desktop - ENU (x32 Version: 11.0.50727.42 - Microsoft Corporation)Microsoft Visual Studio Express 2012 for Windows Desktop (x32 Version: 11.0.50727 - Microsoft Corporation) HiddenMicrosoft Visual Studio Team Foundation Server 2012 Object Model (Version: 11.0.60610 - Microsoft Corporation) HiddenMicrosoft Visual Studio Team Foundation Server 2012 Object Model Language Pack - ENU (Version: 11.0.60610 - Microsoft Corporation) HiddenMicrosoft Visual Studio Team Foundation Server 2012 Team Explorer (x32 Version: 11.0.50727 - Microsoft Corporation) HiddenMicrosoft Visual Studio Team Foundation Server 2012 Team Explorer Language Pack - ENU (x32 Version: 11.0.50727 - Microsoft Corporation) HiddenMicrosoft Visual Studio Ultimate 2012 XAML UI Designer Core (x32 Version: 11.0.50727 - Microsoft Corporation) HiddenMicrosoft Visual Studio Ultimate 2012 XAML UI Designer enu Resources (x32 Version: 11.0.50727 - Microsoft Corporation) HiddenMicrosoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) HiddenMicrosoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) HiddenNative Instruments Abbey Road 60s Drums (Version: 1.2.0.003 - Native Instruments) HiddenNative Instruments Abbey Road 60s Drums (x32 Version: - Native Instruments)Native Instruments Absynth 5 (Version: 5.1.0.1013 - Native Instruments) HiddenNative Instruments Absynth 5 (x32 Version: - Native Instruments)Native Instruments Battery 3 (Version: 3.2.3.637 - Native Instruments) HiddenNative Instruments Battery 3 (x32 Version: - Native Instruments)Native Instruments Battery Library Importer for Maschine (Version: 1.0.0.003 - Native Instruments) HiddenNative Instruments Battery Library Importer for Maschine (x32 Version: - Native Instruments)Native Instruments Berlin Concert Grand (Version: 1.3.0.004 - Native Instruments) HiddenNative Instruments Berlin Concert Grand (x32 Version: - Native Instruments)Native Instruments Controller Editor (Version: 1.4.5.910 - Native Instruments) HiddenNative Instruments Controller Editor (x32 Version: - Native Instruments)Native Instruments FM8 (Version: 1.2.0.1016 - Native Instruments) HiddenNative Instruments FM8 (x32 Version: - Native Instruments)Native Instruments Guitar Rig 5 (Version: 5.1.0.2645 - Native Instruments) HiddenNative Instruments Guitar Rig 5 (x32 Version: - Native Instruments)Native Instruments Komplete 8 (Version: 8.0.0.001 - Native Instruments) HiddenNative Instruments Komplete 8 (x32 Version: - Native Instruments)Native Instruments Kontakt 5 (Version: 5.0.2.5641 - Native Instruments) HiddenNative Instruments Kontakt 5 (x32 Version: - Native Instruments)Native Instruments Kontakt Factory Library (Version: 1.0.0.004 - Native Instruments) HiddenNative Instruments Kontakt Factory Library (x32 Version: - Native Instruments)Native Instruments Massive (Version: 1.3.0.2050 - Native Instruments) HiddenNative Instruments Massive (x32 Version: - Native Instruments)Native Instruments New York Concert Grand (Version: 1.3.0.004 - Native Instruments) HiddenNative Instruments New York Concert Grand (x32 Version: - Native Instruments)Native Instruments Rammfire (Version: 1.1.0.003 - Native Instruments) HiddenNative Instruments Rammfire (x32 Version: - Native Instruments)Native Instruments Reaktor 5 (Version: 5.6.2.11367 - Native Instruments) HiddenNative Instruments Reaktor 5 (x32 Version: - Native Instruments)Native Instruments Reaktor Prism (Version: 1.2.0.005 - Native Instruments) HiddenNative Instruments Reaktor Prism (x32 Version: - Native Instruments)Native Instruments Reaktor Spark R2 (Version: 1.1.0.004 - Native Instruments) HiddenNative Instruments Reaktor Spark R2 (x32 Version: - Native Instruments)Native Instruments Reflektor (Version: 1.2.0.003 - Native Instruments) HiddenNative Instruments Reflektor (x32 Version: - Native Instruments)Native Instruments Scarbee MM-Bass (Version: 1.2.0.006 - Native Instruments) HiddenNative Instruments Scarbee MM-Bass (x32 Version: - Native Instruments)Native Instruments Scarbee Vintage Keys (Version: 1.1.0.002 - Native Instruments) HiddenNative Instruments Scarbee Vintage Keys (x32 Version: - Native Instruments)Native Instruments Service Center (Version: 2.2.6.676 - Native Instruments) HiddenNative Instruments Service Center (x32 Version: - Native Instruments)Native Instruments Studio Drummer (Version: 1.0.0.005 - Native Instruments) HiddenNative Instruments Studio Drummer (x32 Version: - Native Instruments)Native Instruments The Finger R2 (Version: 1.1.0.004 - Native Instruments) HiddenNative Instruments The Finger R2 (x32 Version: - Native Instruments)Native Instruments Traktors 12 (Version: 1.1.0.002 - Native Instruments) HiddenNative Instruments Traktors 12 (x32 Version: - Native Instruments)Native Instruments Transient Master (Version: 1.0.0.004 - Native Instruments) HiddenNative Instruments Transient Master (x32 Version: - Native Instruments)Native Instruments Upright Piano (Version: 1.3.0.004 - Native Instruments) HiddenNative Instruments Upright Piano (x32 Version: - Native Instruments)Native Instruments Vienna Concert Grand (Version: 1.3.0.003 - Native Instruments) HiddenNative Instruments Vienna Concert Grand (x32 Version: - Native Instruments)Native Instruments Vintage Organs (Version: 1.1.0.007 - Native Instruments) HiddenNative Instruments Vintage Organs (x32 Version: - Native Instruments)Native Instruments West Africa (Version: 1.1.0.004 - Native Instruments) HiddenNative Instruments West Africa (x32 Version: - Native Instruments)NETGEAR WG111v3 wireless USB 2.0 adapter (x32 Version: 1.01.10 - NETGEAR)NETGEAR WG111v3 wireless USB 2.0 adapter (x32 Version: 1.01.10 - NETGEAR) HiddenOrigin (x32 Version: 9.2.1.4399 - Electronic Arts, Inc.)PACE License Support Win64 (Version: 2.0.0.0256 - PACE Anti-Piracy, Inc.) HiddenPACE License Support Win64 (x32 Version: 2.0.0.0256 - PACE Anti-Piracy, Inc.)PDF Settings CC (x32 Version: 12.0 - Adobe Systems Incorporated) HiddenPrerequisites for SSDT (x32 Version: 11.0.2100.60 - Microsoft Corporation)Pro Evolution Soccer 2014 (x32 Version: 1.00.0000 - KONAMI)PSP VintageWarmer2 2.5.0 64bit (x32 Version: 2.5.0 64bit - PSPaudioware.com)QuickTime (x32 Version: 7.73.80.64 - Apple Inc.)Realtek Ethernet Controller Driver (x32 Version: 7.45.516.2011 - Realtek)RME DIGICheck (x32 Version: 543rel - RME)RME Fireface USB (Version: 1.0.22.0 - RME Intelligent Audio Solutions)Setup - Pro Evolution Soccer 2014 © Konami ... (x32 Version: ... - Konami)SoundToys Devil-Loc Deluxe - Academic V1 (x32 Version: - SoundToys Inc)SoundToys NTV FX V4 - Academic V4 (x32 Version: - SoundToys Inc)StarCraft II (x32 Version: - Blizzard Entertainment)Steam (x32 Version: 1.0.0.0 - Valve Corporation)Steinberg Cubase 6 64bit (Version: 6.5.0 - Steinberg Media Technologies GmbH)Steinberg Drum Loop Expansion 01 (x32 Version: 2.0.0.0 - Steinberg Media Technologies GmbH)Steinberg Groove Agent ONE Content (x32 Version: 1.0.0.003 - Steinberg Media Technologies GmbH)Steinberg Groove Agent ONE Vintage Beatboxes (x32 Version: 1.0.0.000 - Steinberg Media Technologies GmbH)Steinberg HALion Sonic SE 64bit (Version: 1.5.2 - Steinberg Media Technologies GmbH)Steinberg HALion Sonic SE Content (x32 Version: 1.5.2.000 - Steinberg Media Technologies GmbH)Steinberg LoopMash Content (x32 Version: 2.0.0.000 - Steinberg Media Technologies GmbH)Steinberg LoopMash Content 2 (x32 Version: 1.0.0.000 - Steinberg Media Technologies GmbH)Steinberg Padshop 64bit (Version: 1.0.0 - Steinberg Media Technologies GmbH)Steinberg Retrologue 64bit (Version: 1.0.0 - Steinberg Media Technologies GmbH)Steinberg REVerence Content 01 (x32 Version: 2.0.1.000 - Steinberg Media Technologies GmbH)Steinberg Upload Manager (x32 Version: 1.0.1 - Steinberg Media Technologies GmbH)Steinberg VST Amp Rack Content 01 (x32 Version: 1.0.1 - Steinberg Media Technologies GmbH)Sugar Bytes WOW 1.2 (Version: 1.2 - Sugar Bytes)Update for (KB2504637) (x32 Version: 1 - Microsoft Corporation)Update for Microsoft .NET Framework 4.5 (KB2750147) (x32 Version: 1 - Microsoft Corporation)Update for Microsoft .NET Framework 4.5 (KB2805221) (x32 Version: 1 - Microsoft Corporation)Update for Microsoft .NET Framework 4.5 (KB2805226) (x32 Version: 1 - Microsoft Corporation)Visual C++ 64-bit Redistributables (Version: 1.3.0.8766 - PACE Anti-Piracy, Inc.) HiddenVisual C++ 64-bit Redistributables (x32 Version: 1.3.0.8766 - PACE Anti-Piracy, Inc.)Visual C++ Redistributables (x32 Version: 1.3.0.8766 - PACE Anti-Piracy, Inc.)Visual C++ Redistributables (x32 Version: 1.3.0.8766 - PACE Anti-Piracy, Inc.) HiddenVisual Studio 2012 Update 3 (KB2707250) (x32 Version: 11.0.60610 - Microsoft Corporation)Windows Software Development Kit (x32 Version: 8.59.25584 - Microsoft Corporation) HiddenWindows Software Development Kit DirectX x64 Remote (Version: 8.59.25584 - Microsoft Corporation) HiddenWindows Software Development Kit DirectX x86 Remote (x32 Version: 8.59.25584 - Microsoft Corporation) HiddenWindows Software Development Kit for Windows Store Apps (x32 Version: 8.59.25584 - Microsoft Corporation) HiddenWindows Software Development Kit for Windows Store Apps DirectX x64 Remote (Version: 8.59.25584 - Microsoft Corporation) HiddenWindows Software Development Kit for Windows Store Apps DirectX x86 Remote (x32 Version: 8.59.25584 - Microsoft Corporation) HiddenWindows XP Targeting with C++ (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden ==================== Restore Points ========================= 21-01-2014 10:29:00 Windows Update ==================== Hosts content: ========================== 2009-07-14 02:34 - 2014-01-15 15:48 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {0C460C9D-3F6A-4D69-B130-CB4DF9BE2EF3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-11] (Adobe Systems Incorporated)Task: {6E2FFC0E-C117-4B96-BA80-A2E151F0F9DF} - System32\Tasks\ASUS\ASUS AI Suite II Execute => C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe [2010-11-26] (ASUSTeK Computer Inc.)Task: {8214DD48-0FC8-4613-A20D-33BAC78F37BC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-16] (Google Inc.)Task: {8397C83B-80F9-4ADC-8A82-06374BBC1F47} - System32\Tasks\AdobeAAMUpdater-1.0-Machine-Jason => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-09-25] (Adobe Systems Incorporated)Task: {8D2886B2-0779-4268-9B1D-5D21AF04760E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-16] (Google Inc.)Task: {C59A3A6E-1ADB-4045-91F6-7D405566AD4D} - System32\Tasks\{E63336C7-E4CF-48C9-B03A-A7FCE037C5B6} => D:\Documents\Visual Studio 2012\Projects\Dice_Invaders\Release\Dice_Invaders.exe [2013-10-24] ()Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2012-04-18 13:26 - 2011-05-23 09:16 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll2013-10-16 18:02 - 2013-10-16 18:02 - 03358064 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll2012-05-12 23:24 - 2013-02-18 08:23 - 00695808 _____ () C:\Program Files (x86)\Dual Monitor\ExplorerHook64.dll2012-04-18 13:40 - 2014-01-20 13:12 - 00020480 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.14\PEbiosinterface32.dll2012-04-18 13:40 - 2010-06-29 02:58 - 00104448 ____R () C:\Program Files (x86)\ASUS\AXSP\1.00.14\ATKEX.dll2013-10-18 23:55 - 2013-10-18 23:55 - 25100288 _____ () C:\Users\Jason\AppData\Roaming\Dropbox\bin\libcef.dll2013-10-17 16:45 - 2013-10-17 16:45 - 32726528 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\libcef.dll2013-03-13 13:42 - 2013-06-05 14:21 - 00071560 _____ () C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\zlib1.dll2012-04-18 13:42 - 2011-06-29 07:05 - 00053248 ____N () C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\HookKey32.dll2012-04-18 13:42 - 2011-06-29 14:04 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\pngio.dll2012-04-18 13:41 - 2011-02-24 09:19 - 00143360 _____ () C:\Program Files (x86)\ASUS\AI Suite II\AssistFunc.dll2012-04-18 13:41 - 2010-06-21 14:21 - 00208896 _____ () C:\Program Files (x86)\ASUS\AI Suite II\ImageHelper.dll2012-04-18 13:41 - 2009-08-12 19:15 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite II\pngio.dll2012-04-18 13:42 - 2011-02-09 08:02 - 00873472 _____ () C:\Program Files (x86)\ASUS\AI Suite II\AI Charger+\AIChargerPlus.dll2012-04-18 13:42 - 2011-03-09 13:55 - 01036800 _____ () C:\Program Files (x86)\ASUS\AI Suite II\ASUS Update\Update.dll2012-04-18 13:41 - 2011-05-16 16:35 - 00965632 _____ () C:\Program Files (x86)\ASUS\AI Suite II\BarGadget\BarGadget.dll2012-04-18 13:42 - 2011-03-11 18:53 - 01257472 _____ () C:\Program Files (x86)\ASUS\AI Suite II\MyLogo\MyLogo.dll2012-04-18 13:42 - 2011-01-06 09:38 - 01027072 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Probe_II\ProbeII.dll2012-04-18 13:41 - 2011-05-20 08:12 - 00881152 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Sensor\Sensor.dll2012-04-18 13:41 - 2011-04-07 16:33 - 01607168 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Sensor Graph\SensorGraph.dll2012-04-18 13:41 - 2011-01-07 15:39 - 01246208 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Settings\Settings.dll2012-04-18 13:41 - 2010-08-06 17:11 - 00850944 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Splitter\Splitter.dll2012-04-18 13:41 - 2010-08-06 17:13 - 00886272 _____ () C:\Program Files (x86)\ASUS\AI Suite II\TabGadget\TabGadget.dll2012-04-18 13:40 - 2010-08-23 02:17 - 00662016 ____R () C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMLib.dll2012-04-18 13:41 - 2010-06-21 14:21 - 00208896 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\ImageHelper.dll2014-01-16 14:34 - 2014-01-11 10:28 - 00715544 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\libglesv2.dll2014-01-16 14:34 - 2014-01-11 10:28 - 00100120 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\libegl.dll2014-01-16 14:34 - 2014-01-11 10:28 - 01634584 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\ffmpegsumo.dll2014-01-16 14:34 - 2014-01-11 10:29 - 13615896 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\PepperFlash\pepflashplayer.dll2014-01-16 14:34 - 2014-01-11 10:29 - 04055320 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\pdf.dll2014-01-16 14:34 - 2014-01-11 10:29 - 00399640 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\ProgramData\Microsoft:1uWjyHR5BfF2dZxMpTVAlternateDataStreams: C:\ProgramData\Microsoft:kcPoNAny4ep8B8pTEhPIsAlternateDataStreams: C:\ProgramData\Microsoft:ptDCaAvaQPzZoS4izqeJAlternateDataStreams: C:\ProgramData\Microsoft:xwGIwubm0GZe10esza3dRkskAlternateDataStreams: C:\ProgramData\PACE:E73AA695E469C531 ==================== Safe Mode (whitelisted) =================== ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors:==================Error: (01/20/2014 01:12:53 PM) (Source: WinMgmt) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/17/2014 01:05:29 PM) (Source: WinMgmt) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/16/2014 01:59:18 PM) (Source: WinMgmt) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/15/2014 05:36:03 PM) (Source: SideBySide) (User: )Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.A component version required by the application conflicts with another component version already active.Conflicting components are:.Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (01/15/2014 04:28:54 PM) (Source: SideBySide) (User: )Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.A component version required by the application conflicts with another component version already active.Conflicting components are:.Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (01/15/2014 04:28:52 PM) (Source: SideBySide) (User: )Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.A component version required by the application conflicts with another component version already active.Conflicting components are:.Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (01/15/2014 04:22:22 PM) (Source: WinMgmt) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/15/2014 02:48:06 PM) (Source: SideBySide) (User: )Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.A component version required by the application conflicts with another component version already active.Conflicting components are:.Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (01/15/2014 02:48:03 PM) (Source: SideBySide) (User: )Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.A component version required by the application conflicts with another component version already active.Conflicting components are:.Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (01/15/2014 02:35:12 PM) (Source: WinMgmt) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors:=============Error: (01/15/2014 04:20:31 PM) (Source: Service Control Manager) (User: )Description: The ASUS Com Service service terminated unexpectedly. It has done this 1 time(s). Error: (01/15/2014 03:48:52 PM) (Source: Service Control Manager) (User: )Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (01/15/2014 03:48:36 PM) (Source: Application Popup) (User: )Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error: (01/15/2014 03:48:36 PM) (Source: Application Popup) (User: )Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error: (01/15/2014 03:47:28 PM) (Source: Service Control Manager) (User: )Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (01/15/2014 02:35:08 PM) (Source: EventLog) (User: )Description: The previous system shutdown at 14:33:42 on 15/01/2014 was unexpected. Error: (01/14/2014 03:05:53 PM) (Source: Schannel) (User: NT AUTHORITY)Description: The following fatal alert was generated: 43. The internal error state is 252. Error: (01/14/2014 02:33:06 PM) (Source: Ntfs) (User: )Description: The file system structure on the disk is corrupt and unusable.Please run the chkdsk utility on the volume System. Error: (01/14/2014 02:33:03 PM) (Source: Ntfs) (User: )Description: The file system structure on the disk is corrupt and unusable.Please run the chkdsk utility on the volume System. Error: (01/14/2014 02:32:55 PM) (Source: Service Control Manager) (User: )Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Microsoft Office Sessions:=========================Error: (01/20/2014 01:12:53 PM) (Source: WinMgmt)(User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/17/2014 01:05:29 PM) (Source: WinMgmt)(User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/16/2014 01:59:18 PM) (Source: WinMgmt)(User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/15/2014 05:36:03 PM) (Source: SideBySide)(User: )Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe Error: (01/15/2014 04:28:54 PM) (Source: SideBySide)(User: )Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestD:\Downloads\esetsmartinstaller_enu (2).exe Error: (01/15/2014 04:28:52 PM) (Source: SideBySide)(User: )Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestD:\Downloads\esetsmartinstaller_enu (2).exe Error: (01/15/2014 04:22:22 PM) (Source: WinMgmt)(User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/15/2014 02:48:06 PM) (Source: SideBySide)(User: )Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestD:\Downloads\esetsmartinstaller_enu (1).exe Error: (01/15/2014 02:48:03 PM) (Source: SideBySide)(User: )Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestD:\Downloads\esetsmartinstaller_enu (1).exe Error: (01/15/2014 02:35:12 PM) (Source: WinMgmt)(User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 CodeIntegrity Errors:=================================== Date: 2014-01-15 15:48:36.238 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-01-15 15:48:36.212 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-01-15 15:48:36.186 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-01-15 15:48:36.161 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-01-14 14:32:35.805 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-01-14 14:32:35.778 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2012-04-18 15:56:09.644 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2012-04-18 15:56:09.629 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2012-04-18 15:05:22.988 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2012-04-18 15:05:22.972 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Percentage of memory in use: 20%Total physical RAM: 16295.14 MBAvailable physical RAM: 13022.27 MBTotal Pagefile: 32588.45 MBAvailable Pagefile: 28734.53 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.82 MB ==================== Drives ================================ Drive c: (System) (Fixed) (Total:111.69 GB) (Free:18.8 GB) NTFSDrive d: (Data) (Fixed) (Total:489.13 GB) (Free:205.96 GB) NTFSDrive e: (Libraries) (Fixed) (Total:442.38 GB) (Free:313.08 GB) NTFSDrive f: (Audio) (Fixed) (Total:443.23 GB) (Free:365.32 GB) NTFSDrive g: (Samples) (Fixed) (Total:488.28 GB) (Free:394.64 GB) NTFSDrive j: (PES2014) (CDROM) (Total:4.78 GB) (Free:0 GB) CDFS ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 5EF66EED)Partition 1: (Not Active) - (Size=489 GB) - (Type=07 NTFS)Partition 2: (Not Active) - (Size=442 GB) - (Type=07 NTFS) ========================================================Disk: 1 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 5EF66EEC)Partition 1: (Not Active) - (Size=443 GB) - (Type=07 NTFS)Partition 2: (Not Active) - (Size=488 GB) - (Type=07 NTFS) ========================================================Disk: 2 (Size: 234 GB) (Disk ID: 00091F15)Partition 1: (Active) - (Size=224 GB) - (Type=83)Partition 2: (Not Active) - (Size=9 GB) - (Type=05) ========================================================Disk: 3 (MBR Code: Windows 7 or 8) (Size: 112 GB) (Disk ID: 47274726)Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)Partition 2: (Not Active) - (Size=112 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Link to post Share on other sites More sharing options...
Staff gringo_pr Posted January 22, 2014 Staff ID:781197 Share Posted January 22, 2014 Hello That report looks good so I would like to know what problems are you still having? gringo Link to post Share on other sites More sharing options...
jasonf Posted January 22, 2014 Author ID:781313 Share Posted January 22, 2014 I had to re-clean my system twice. I would just like to know if any traces remain?Does it mean I'm clean now?Thanks! Link to post Share on other sites More sharing options...
Staff gringo_pr Posted January 22, 2014 Staff ID:781401 Share Posted January 22, 2014 Hello jasonf we can run some extra test if you want just to be sure I Would like you to do the following. Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them. Run Combofix: You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this) Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here< Combofix may need to reboot your computer more than once to do its job this is normal. You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.Link 1 Link 2 Link 3 1. Close any open browsers or any other programs that are open. 2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Double click on combofix.exe & follow the prompts. When finished, it will produce a report for you. Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer "information and logs"In your next post I need the followingLog from Combofixlet me know of any problems you may have hadHow is the computer doing now?Gringo Link to post Share on other sites More sharing options...
jasonf Posted January 22, 2014 Author ID:781437 Share Posted January 22, 2014 The computer seems OK, although graphics drivers and audio had to be reinstalled after combofix. Here is the log: ComboFix 14-01-22.01 - Jason 22/01/2014 19:16:45.3.8 - x64Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.16295.13415 [GMT 0:00]Running from: c:\users\Jason\Desktop\ComboFix.exeSP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((( Files Created from 2013-12-22 to 2014-01-22 )))))))))))))))))))))))))))))))..2014-01-22 19:19 . 2014-01-22 19:19 -------- d-----w- c:\users\Default\AppData\Local\temp2014-01-22 19:15 . 2014-01-22 19:15 -------- d-----w- c:\users\Jason\AppData\Local\CrashDumps2014-01-22 02:44 . 2014-01-22 02:44 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D1BC5BC5-E02C-4B4E-972A-7FE3D5BDB1F8}\offreg.dll2014-01-21 21:24 . 2014-01-21 21:24 -------- d-----w- C:\FRST2014-01-21 10:29 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D1BC5BC5-E02C-4B4E-972A-7FE3D5BDB1F8}\mpengine.dll2014-01-15 16:20 . 2014-01-15 16:20 -------- d-----w- C:\_OTL2014-01-15 15:11 . 2014-01-17 14:43 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)2014-01-15 15:06 . 2014-01-15 15:45 -------- d-----w- C:\AdwCleaner2014-01-15 00:04 . 2014-01-15 00:04 -------- d-----w- c:\programdata\KONAMI2014-01-15 00:01 . 2014-01-15 00:01 -------- d-----w- c:\program files (x86)\KONAMI2014-01-14 20:05 . 2013-11-27 01:41 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys2014-01-14 20:05 . 2013-11-27 01:41 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys2014-01-14 20:05 . 2013-11-27 01:41 53248 ----a-w- c:\windows\system32\drivers\usbehci.sys2014-01-14 20:05 . 2013-11-27 01:41 325120 ----a-w- c:\windows\system32\drivers\usbport.sys2014-01-14 20:05 . 2013-11-27 01:41 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys2014-01-14 20:05 . 2013-11-27 01:41 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys2014-01-14 20:05 . 2013-11-27 01:41 7808 ----a-w- c:\windows\system32\drivers\usbd.sys2014-01-14 20:05 . 2013-11-26 11:40 376768 ----a-w- c:\windows\system32\drivers\netio.sys2014-01-14 20:05 . 2013-11-26 10:32 3156480 ----a-w- c:\windows\system32\win32k.sys2014-01-14 14:48 . 2014-01-14 14:48 -------- d-----w- c:\program files (x86)\AMD AVT2014-01-14 14:48 . 2014-01-14 14:48 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies2014-01-14 14:48 . 2014-01-14 14:48 -------- d-----w- c:\program files\AMD2014-01-14 14:48 . 2014-01-14 14:48 -------- d-----w- c:\program files\Common Files\ATI Technologies2014-01-14 14:47 . 2014-01-14 14:48 -------- d-----w- c:\program files\ATI Technologies2014-01-14 14:47 . 2014-01-14 14:47 -------- d-----w- c:\program files\ATI2014-01-14 14:44 . 2014-01-14 14:44 -------- d-----w- c:\programdata\ATI2014-01-14 14:00 . 2014-01-14 14:00 -------- d-----w- c:\programdata\Malwarebytes2014-01-14 14:00 . 2014-01-17 13:06 117464 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys2014-01-14 14:00 . 2014-01-14 14:21 89304 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys2014-01-13 22:06 . 2014-01-13 22:06 1577620 ----a-w- c:\windows\SysWow64\scrypt130511Bartsglg2tc4032w64l4.bin...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2014-01-15 03:00 . 2012-04-28 12:16 86054176 ----a-w- c:\windows\system32\MRT.exe2014-01-14 15:06 . 2013-06-14 00:25 291088 ----a-w- c:\windows\SysWow64\PnkBstrB.exe2014-01-14 15:06 . 2013-06-14 00:25 291088 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr2013-12-18 06:13 . 2010-11-21 03:27 270496 ------w- c:\windows\system32\MpSigStub.exe2013-12-11 19:47 . 2013-03-06 23:07 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2013-12-11 19:47 . 2013-03-06 23:07 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2013-12-06 22:07 . 2013-12-06 22:07 78432 ----a-w- c:\windows\system32\atimpc64.dll2013-12-06 22:07 . 2013-12-06 22:07 78432 ----a-w- c:\windows\system32\amdpcom64.dll2013-12-06 22:07 . 2013-12-06 22:07 71704 ----a-w- c:\windows\SysWow64\atimpc32.dll2013-12-06 22:07 . 2013-12-06 22:07 71704 ----a-w- c:\windows\SysWow64\amdpcom32.dll2013-12-06 22:04 . 2013-12-06 22:04 143304 ----a-w- c:\windows\system32\atiuxp64.dll2013-12-06 22:03 . 2013-12-06 22:03 126336 ----a-w- c:\windows\SysWow64\atiuxpag.dll2013-12-06 22:03 . 2013-12-06 22:03 115512 ----a-w- c:\windows\system32\atiu9p64.dll2013-12-06 22:02 . 2012-12-19 19:30 98496 ----a-w- c:\windows\SysWow64\atiu9pag.dll2013-12-06 22:01 . 2012-03-09 05:14 1318552 ----a-w- c:\windows\system32\aticfx64.dll2013-12-06 22:01 . 2012-12-19 20:09 1100216 ----a-w- c:\windows\SysWow64\aticfx32.dll2013-12-06 22:00 . 2012-03-09 04:45 9753752 ----a-w- c:\windows\system32\atidxx64.dll2013-12-06 21:59 . 2013-12-06 21:59 8406024 ----a-w- c:\windows\SysWow64\atidxx32.dll2013-12-06 21:59 . 2012-12-19 19:44 8287008 ----a-w- c:\windows\SysWow64\atiumdva.dll2013-12-06 21:58 . 2012-12-19 20:50 6630232 ----a-w- c:\windows\SysWow64\atiumdag.dll2013-12-06 21:57 . 2013-12-06 21:57 8927704 ----a-w- c:\windows\system32\atiumd6a.dll2013-12-06 21:56 . 2013-12-06 21:56 7751920 ----a-w- c:\windows\system32\atiumd64.dll2013-12-06 21:52 . 2013-12-06 21:52 13207552 ----a-w- c:\windows\system32\drivers\atikmdag.sys2013-12-06 21:38 . 2013-12-06 21:38 230912 ----a-w- c:\windows\system32\clinfo.exe2013-12-06 21:38 . 2013-12-06 21:38 1187342 ----a-w- c:\windows\system32\amdocl_as64.exe2013-12-06 21:38 . 2013-12-06 21:38 1061902 ----a-w- c:\windows\system32\amdocl_ld64.exe2013-12-06 21:38 . 2013-12-06 21:38 995342 ----a-w- c:\windows\SysWow64\amdocl_as32.exe2013-12-06 21:38 . 2013-12-06 21:38 798734 ----a-w- c:\windows\SysWow64\amdocl_ld32.exe2013-12-06 21:38 . 2013-12-06 21:38 99840 ----a-w- c:\windows\system32\OpenVideo64.dll2013-12-06 21:38 . 2013-12-06 21:38 83968 ----a-w- c:\windows\SysWow64\OpenVideo.dll2013-12-06 21:38 . 2013-12-06 21:38 86528 ----a-w- c:\windows\system32\OVDecode64.dll2013-12-06 21:38 . 2013-12-06 21:38 73728 ----a-w- c:\windows\SysWow64\OVDecode.dll2013-12-06 21:37 . 2013-12-06 21:37 29382144 ----a-w- c:\windows\system32\amdocl64.dll2013-12-06 21:35 . 2013-12-06 21:35 24860160 ----a-w- c:\windows\SysWow64\amdocl.dll2013-12-06 21:33 . 2013-12-06 21:33 63488 ----a-w- c:\windows\system32\OpenCL.dll2013-12-06 21:33 . 2013-12-06 21:33 57344 ----a-w- c:\windows\SysWow64\OpenCL.dll2013-12-06 21:26 . 2013-12-06 21:26 129536 ----a-w- c:\windows\system32\coinst_13.251.dll2013-12-06 21:16 . 2013-12-06 21:16 26352128 ----a-w- c:\windows\system32\atio6axx.dll2013-12-06 21:13 . 2013-12-06 21:13 368640 ----a-w- c:\windows\system32\atiapfxx.exe2013-12-06 21:12 . 2013-12-06 21:12 62464 ----a-w- c:\windows\system32\aticalrt64.dll2013-12-06 21:12 . 2013-12-06 21:12 52224 ----a-w- c:\windows\SysWow64\aticalrt.dll2013-12-06 21:12 . 2013-12-06 21:12 55808 ----a-w- c:\windows\system32\aticalcl64.dll2013-12-06 21:12 . 2013-12-06 21:12 49152 ----a-w- c:\windows\SysWow64\aticalcl.dll2013-12-06 21:12 . 2013-12-06 21:12 15716352 ----a-w- c:\windows\system32\aticaldd64.dll2013-12-06 21:09 . 2013-12-06 21:09 14302208 ----a-w- c:\windows\SysWow64\aticaldd.dll2013-12-06 20:58 . 2013-12-06 20:58 22157824 ----a-w- c:\windows\SysWow64\atioglxx.dll2013-12-06 20:53 . 2012-12-19 19:57 442368 ----a-w- c:\windows\system32\atidemgy.dll2013-12-06 20:53 . 2013-12-06 20:53 31232 ----a-w- c:\windows\system32\atimuixx.dll2013-12-06 20:53 . 2013-12-06 20:53 588288 ----a-w- c:\windows\system32\atieclxx.exe2013-12-06 20:52 . 2013-12-06 20:52 239616 ----a-w- c:\windows\system32\atiesrxx.exe2013-12-06 20:50 . 2013-12-06 20:50 190976 ----a-w- c:\windows\system32\atitmm64.dll2013-12-06 20:22 . 2013-12-06 20:22 1144320 ----a-w- c:\windows\system32\atiadlxx.dll2013-12-06 20:22 . 2013-12-06 20:22 825344 ----a-w- c:\windows\SysWow64\atiadlxy.dll2013-12-06 20:22 . 2013-12-06 20:22 74752 ----a-w- c:\windows\system32\atig6pxx.dll2013-12-06 20:22 . 2013-12-06 20:22 69632 ----a-w- c:\windows\SysWow64\atiglpxx.dll2013-12-06 20:22 . 2013-12-06 20:22 69632 ----a-w- c:\windows\system32\atiglpxx.dll2013-12-06 20:22 . 2013-12-06 20:22 100352 ----a-w- c:\windows\system32\atig6txx.dll2013-12-06 20:21 . 2013-12-06 20:21 96768 ----a-w- c:\windows\SysWow64\atigktxx.dll2013-12-06 20:21 . 2013-12-06 20:21 626176 ----a-w- c:\windows\system32\drivers\atikmpag.sys2013-12-06 20:18 . 2013-12-06 20:18 43520 ----a-w- c:\windows\system32\drivers\ati2erec.dll2013-12-06 16:49 . 2013-12-06 16:49 51200 ----a-w- c:\windows\system32\kdbsdk64.dll2013-12-06 16:44 . 2013-12-06 16:44 38912 ----a-w- c:\windows\SysWow64\kdbsdk32.dll2013-11-26 11:54 . 2013-12-12 03:00 23183360 ----a-w- c:\windows\system32\mshtml.dll2013-11-26 10:19 . 2013-12-12 03:00 2724864 ----a-w- c:\windows\system32\mshtml.tlb2013-11-26 10:18 . 2013-12-12 03:00 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll2013-11-26 09:48 . 2013-12-12 03:00 66048 ----a-w- c:\windows\system32\iesetup.dll2013-11-26 09:46 . 2013-12-12 03:00 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll2013-11-26 09:41 . 2013-12-12 03:00 2764288 ----a-w- c:\windows\system32\iertutil.dll2013-11-26 09:29 . 2013-12-12 03:00 53760 ----a-w- c:\windows\system32\jsproxy.dll2013-11-26 09:27 . 2013-12-12 03:00 33792 ----a-w- c:\windows\system32\iernonce.dll2013-11-26 09:23 . 2013-12-12 03:00 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb2013-11-26 09:21 . 2013-12-12 03:00 574976 ----a-w- c:\windows\system32\ieui.dll2013-11-26 09:18 . 2013-12-12 03:00 139264 ----a-w- c:\windows\system32\ieUnatt.exe2013-11-26 09:18 . 2013-12-12 03:00 111616 ----a-w- c:\windows\system32\ieetwcollector.exe2013-11-26 09:16 . 2013-12-12 03:00 708608 ----a-w- c:\windows\system32\jscript9diag.dll2013-11-26 08:57 . 2013-12-12 03:00 218624 ----a-w- c:\windows\system32\ie4uinit.exe2013-11-26 08:35 . 2013-12-12 03:00 5769216 ----a-w- c:\windows\system32\jscript9.dll2013-11-26 08:28 . 2013-12-12 03:00 553472 ----a-w- c:\windows\SysWow64\jscript9diag.dll2013-11-26 08:16 . 2013-12-12 03:00 4243968 ----a-w- c:\windows\SysWow64\jscript9.dll2013-11-26 08:02 . 2013-12-12 03:00 1995264 ----a-w- c:\windows\system32\inetcpl.cpl2013-11-26 07:48 . 2013-12-12 03:00 12996608 ----a-w- c:\windows\system32\ieframe.dll2013-11-26 07:32 . 2013-12-12 03:00 1928192 ----a-w- c:\windows\SysWow64\inetcpl.cpl2013-11-26 07:07 . 2013-12-12 03:00 2334208 ----a-w- c:\windows\system32\wininet.dll2013-11-26 06:40 . 2013-12-12 03:00 1395200 ----a-w- c:\windows\system32\urlmon.dll2013-11-26 06:34 . 2013-12-12 03:00 817664 ----a-w- c:\windows\system32\ieapfltr.dll2013-11-26 06:33 . 2013-12-12 03:00 1820160 ----a-w- c:\windows\SysWow64\wininet.dll2013-11-26 03:00 . 2013-11-26 03:00 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe2013-11-26 03:00 . 2013-11-26 03:00 194048 ----a-w- c:\windows\SysWow64\elshyph.dll2013-11-26 03:00 . 2013-11-26 03:00 942592 ----a-w- c:\windows\system32\jsIntl.dll2013-11-26 03:00 . 2013-11-26 03:00 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe2013-11-26 03:00 . 2013-11-26 03:00 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll2013-11-26 03:00 . 2013-11-26 03:00 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe2013-11-26 03:00 . 2013-11-26 03:00 84992 ----a-w- c:\windows\system32\mshtmled.dll2013-11-26 03:00 . 2013-11-26 03:00 83968 ----a-w- c:\windows\system32\MshtmlDac.dll2013-11-26 03:00 . 2013-11-26 03:00 81408 ----a-w- c:\windows\system32\icardie.dll2013-11-26 03:00 . 2013-11-26 03:00 774144 ----a-w- c:\windows\system32\jscript.dll2013-11-26 03:00 . 2013-11-26 03:00 77312 ----a-w- c:\windows\system32\tdc.ocx2013-11-26 03:00 . 2013-11-26 03:00 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe2013-11-26 03:00 . 2013-11-26 03:00 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe2013-11-26 03:00 . 2013-11-26 03:00 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]2013-09-10 23:54 131248 ----a-w- c:\users\Jason\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]2013-09-10 23:54 131248 ----a-w- c:\users\Jason\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]2013-09-10 23:54 131248 ----a-w- c:\users\Jason\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]2013-09-10 23:54 131248 ----a-w- c:\users\Jason\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"dualmonitor"="c:\program files (x86)\Dual Monitor\DualMonitor.exe" [2013-02-18 478720].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"ASUS AiChargerPlus Execute"="c:\program files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe" [2010-11-08 465536]"KORG USB-MIDI Driver"="c:\program files (x86)\KORG\KORG USB-MIDI Driver\EsHelper2.exe" [2011-03-30 393616]"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]"Adobe Creative Cloud"="c:\program files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" [2013-11-05 2237328]"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2013-12-06 766208].c:\users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk - c:\users\Jason\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-1-3 30714328]MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2012-4-19 576000].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0)"PromptOnSecureDesktop"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]"LoadAppInit_DLLs"=1 (0x1).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]"midi4"=KORGUM64.DRV"midi3"=KORGUM64.DRV"midi6"=KORGUM64.DRV"midi7"=KORGUM64.DRV"midi9"=KORGUM64.DRV.R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]R3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Win7 Driver;c:\windows\system32\DRIVERS\wg111v3.sys;c:\windows\SYSNATIVE\DRIVERS\wg111v3.sys [x]R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]S0 AiChargerPlus;ASUS Charger Plus Driver;c:\windows\system32\DRIVERS\AiChargerPlus.sys;c:\windows\SYSNATIVE\DRIVERS\AiChargerPlus.sys [x]S0 asahci64;asahci64;c:\windows\system32\DRIVERS\asahci64.sys;c:\windows\SYSNATIVE\DRIVERS\asahci64.sys [x]S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys;SysWow64\drivers\AsUpIO.sys [x]S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe;c:\program files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe [x]S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe;c:\program files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe [x]S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [x]S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [x]S2 PaceLicenseDServices;PACE License Services;c:\program files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe;c:\program files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe [x]S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]S3 firefaceu64;RME Fireface USB Audio Device;c:\windows\system32\drivers\fireface_usb_64.sys;c:\windows\SYSNATIVE\drivers\fireface_usb_64.sys [x]S3 iLokDrvr;Usb Driver;c:\windows\system32\DRIVERS\iLokDrvr.sys;c:\windows\SYSNATIVE\DRIVERS\iLokDrvr.sys [x]S3 KORGUMDS;KORG USB-MIDI Driver for Windows;c:\windows\system32\Drivers\KORGUM64.SYS;c:\windows\SYSNATIVE\Drivers\KORGUM64.SYS [x]S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]S3 synusb64;eLicenser;c:\windows\system32\DRIVERS\synusb64.sys;c:\windows\SYSNATIVE\DRIVERS\synusb64.sys [x]S3 teVirtualMIDI64;teVirtualMIDI - Virtual MIDI Driver x64;c:\windows\system32\DRIVERS\teVirtualMIDI64.sys;c:\windows\SYSNATIVE\DRIVERS\teVirtualMIDI64.sys [x]..[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2014-01-16 14:33 1211672 ----a-w- c:\program files (x86)\Google\Chrome\Application\32.0.1700.76\Installer\chrmstp.exe.Contents of the 'Scheduled Tasks' folder.2014-01-22 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-06 19:47].2014-01-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-06 23:24].2014-01-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-06 23:24]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco1]@="{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}"[HKEY_CLASSES_ROOT\CLSID\{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}]2013-10-16 18:02 3358064 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco2]@="{853B7E05-C47D-4985-909A-D0DC5C6D7303}"[HKEY_CLASSES_ROOT\CLSID\{853B7E05-C47D-4985-909A-D0DC5C6D7303}]2013-10-16 18:02 3358064 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco3]@="{42D38F2E-98E9-4382-B546-E24E4D6D04BB}"[HKEY_CLASSES_ROOT\CLSID\{42D38F2E-98E9-4382-B546-E24E4D6D04BB}]2013-10-16 18:02 3358064 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]2013-09-10 23:54 164016 ----a-w- c:\users\Jason\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]2013-09-10 23:54 164016 ----a-w- c:\users\Jason\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]2013-09-10 23:54 164016 ----a-w- c:\users\Jason\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]2013-09-10 23:54 164016 ----a-w- c:\users\Jason\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-04-02 170264]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-04-02 398104]"Persistence"="c:\windows\system32\igfxpers.exe" [2012-04-02 440600]"FirefaceUsbTray1"="firefaceusb.exe" [2012-05-17 91648]"FirefaceMixTray2"="TotalMixFX.exe" [2012-05-17 3796992]"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2013-09-25 472984].[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Drivers32]"midi4"=KORGUM64.DRV"midi3"=KORGUM64.DRV"midi6"=KORGUM64.DRV"midi7"=KORGUM64.DRV"midi9"=KORGUM64.DRV.------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmuStart Page = about:blankmLocal Page = c:\windows\SysWOW64\blank.htmTCP: DhcpNameServer = 192.168.1.254TCP: Interfaces\{230210AB-0460-4546-A0C7-D451BD2647CC}: NameServer = 155.198.142.7 155.198.142.8.- - - - ORPHANS REMOVED - - - -.AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe...[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PaceLicenseDServices]"ImagePath"="\"c:\program files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe\" -u https://activation.paceap.com/InitiateActivation".--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Completion time: 2014-01-22 19:20:41ComboFix-quarantined-files.txt 2014-01-22 19:20ComboFix2.txt 2014-01-15 15:50.Pre-Run: 20,319,739,904 bytes freePost-Run: 20,032,712,704 bytes free.- - End Of File - - 89839C705CE5E7E15FC267F9E21D8F3FA36C5E4F47E84449FF07ED3517B43A31 Link to post Share on other sites More sharing options...
Staff gringo_pr Posted January 22, 2014 Staff ID:781557 Share Posted January 22, 2014 Hello jasonf I would like to see a report that combofix makes.extra combofix reportpush the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)please copy and past the following into the boxC:\Qoobox\Add-Remove Programs.txtclick okcopy and paste the report into this topic for me to reviewGringo Link to post Share on other sites More sharing options...
Staff gringo_pr Posted January 25, 2014 Staff ID:782654 Share Posted January 25, 2014 Hello 48 Hour bump It has been more than 48 hours since my last post.do you still need help with this?do you need more time?are you having problems following my instructions?if after 48hrs you have not replied to this thread then it will have to be closed!Gringo Link to post Share on other sites More sharing options...
Staff gringo_pr Posted January 29, 2014 Staff ID:784147 Share Posted January 29, 2014 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts