Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Bitcoin Miner, possible SVC infection, missing files, DDS won't run


  • This topic is locked This topic is locked
41 replies to this topic

#1 Campy.Frankenbike

Campy.Frankenbike

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:47 PM

Posted 30 June 2013 - 08:14 PM

Hello! I a have bitcoin miner that Malwarebytes can't get rid of. I can stop the process in Task Manager and it doesn't come back while I have the computer on, but comes back on reboot.  I have Bufferzone installed and some of the infected files seem to have been INSIDE the buffer zone, with a .virtual suffix. However, they got out somehow and are loose on the OS drive. I deleted the virtual files I found but it has not helped. I also got some kind of drive by download of WebCake and a load of other crap which I was able to uninstall. Should I go ahead and empty Bufferzone or wait for instructions? Also, on reboot a cmd prompt window flashes and then I get a pop up that says failed installation. I tried to run DDS, and it says it won't run on my OS. I tried running viruclean.exe and it stopped working about 80% of the way through the scan. It did this twice. I didn't click on it while it was scanning. I have hijack this installed and it does work. I ran a scan earlier and there were a lot of 'missing' files the registry pointed to, some of which look important.

Thank you so much for your help.


Edited by Campy.Frankenbike, 30 June 2013 - 08:30 PM.


BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:47 PM

Posted 01 July 2013 - 09:39 AM

Hi there,
my name is Marius and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)

  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 Campy.Frankenbike

Campy.Frankenbike
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:47 PM

Posted 01 July 2013 - 03:42 PM

Hi, thanks for the fast response!
 

_____________________________

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-07-2013 02
Ran by Raven (administrator) on 01-07-2013 15:33:51
Running from C:\Users\Raven\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
() D:\Program Files\BufferZone\CLNTSVC.EXE
() D:\Program Files\BufferZone\BZRPCSS.EXE
() D:\Program Files\BufferZone\BZDCOMLAUNCH.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
() C:\Program Files (x86)\Philips\CamSuite\2.0.15.0\ACPService.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
(SlimWare Utilities, Inc.) C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe
(Chicony) C:\Windows\ModLEDKey.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\system32\IProsetMonitor.exe
(Malwarebytes Corporation) D:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(SoftEther Project at University of Tsukuba, Japan.) D:\Program Files\SoftEther VPN Client\Bridge\SoftEther VPN Bridge\vpnbridge_x64.exe
(SoftEther Project at University of Tsukuba, Japan.) D:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
() C:\Program Files (x86)\Philips\CamSuite\2.0.15.0\ACPGUI.dll
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(r2 Studios) C:\Program Files\r2 Studios\Startup Delayer\Startup Launcher.exe
(SoftPerfect Research) C:\Program Files\SoftPerfect RAM Disk\ramdiskws.exe
(SoftEther Project at University of Tsukuba, Japan.) D:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(ITSamples.com) C:\Program Files (x86)\NetworkIndicator\NetworkIndicator.exe
(SoftEther Project at University of Tsukuba, Japan.) D:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Chicony) C:\Windows\NumLockTool.exe
(Chicony) C:\Windows\CNYHKey.exe
() C:\Windows\SysWOW64\winvnc86.exe
() D:\Program Files\BufferZone\ClientGUI.exe
(Tonec Inc.) C:\Virtual\Untrusted\C_\program files (x86)\Portable\Internet Download Manager 6.15\IDMan.exe
() D:\PROGRAM FILES\BUFFERZONE\BzPackCmd64.exe
(Internet Download Manager, Tonec Inc.) C:\Virtual\Untrusted\C_\program files (x86)\Portable\Internet Download Manager 6.15\IDMIntegrator64.exe
(Tonec Inc.) C:\Virtual\Untrusted\C_\program files (x86)\Portable\Internet Download Manager 6.15\IEMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Sonix) C:\Windows\vspc1300.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
(Mozilla Corporation) C:\Program Files\Waterfox\waterfox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [13263072 1999-12-31] (Realtek Semiconductor)
HKLM\...\Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [1012000 2013-05-16] (NVIDIA Corporation)
HKLM\...\Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe" [1020064 2012-02-13] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe" [800416 2012-02-13] (Atheros Commnucations)
HKLM\...\Run: [StartupDelayer] "C:\Program Files\r2 Studios\Startup Delayer\Startup Launcher.exe" /LaunchType=Auto /LaunchApps=Common [1080832 2013-06-01] (r2 Studios)
HKLM\...\Run: [RAMDiskForWorkstations] "C:\Program Files\SoftPerfect RAM Disk\RAMDiskWS.exe" /hide [3447416 2013-03-10] (SoftPerfect Research)
HKLM\...\Run: [SoftEther VPN Client UI Helper] "D:\Program Files\SoftEther VPN Client\vpnclient_x64.exe" /uihelp [x]
Winlogon\Notify\WB: C:\PROGRA~2\Stardock\OBJECT~1\WINDOW~1\fast64.dll [X]
HKCU\...\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [1475584 2010-11-20] (Microsoft Corporation)
HKCU\...\Run: [NetworkIndicator] C:\Program Files (x86)\NetworkIndicator\NetworkIndicator.exe [344064 2010-10-25] (ITSamples.com)
HKCR\...0c966feabec1\InprocServer32: [Default-shell32] %SystemRoot%\system32\shell32.dll ATTENTION! ====> ZeroAccess?
HKCR\...409d6c4515e9\InprocServer32: [Default-shell32] %SystemRoot%\system32\shell32.dll ATTENTION! ====> ZeroAccess?
HKCU\...\Policies\system: [LogonHoursAction] 2
HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKLM-x32\...\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [291648 2012-12-04] (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60 [285240 2012-11-19] (Intel Corporation)
HKLM-x32\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4858968 2013-05-09] (AVAST Software)
HKLM-x32\...\Run: [NumLK] NumLockTool.exe [x]
HKLM-x32\...\Run: [ledpointer] CNYHKey.exe [x]
HKLM-x32\...\Run: [LchDrv] LchDrvKey.exe [x]
HKLM-x32\...\Run: [BufferZone] "D:\Program Files\BufferZone\CLIENTGUI.EXE" /STARTUP [x]
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2013-05-01] (Apple Inc.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\SoftEther VPN Client Manager Startup.lnk
ShortcutTarget: SoftEther VPN Client Manager Startup.lnk -> D:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe (SoftEther Project at University of Tsukuba, Japan.)
Startup: C:\Users\Raven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\initsrv.exe ()

==================== Internet (Whitelisted) ====================

BHO: BufferZone Web Privacy Manager - {311BA51F-64F2-439D-9A4A-772373D77312} - D:\Program Files\BufferZone\BZBHO64.dll No File
BHO: avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: BufferZone Web Privacy Manager - {311BA51F-64F2-439D-9A4A-772373D77312} - D:\Program Files\BufferZone\BZbho.dll No File
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.3.1

FireFox:
========
FF ProfilePath: C:\Users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\rem4fhjl.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.7 - D:\Program Files\VLC Media Player\VLC\npvlc.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: LavaFox V2 - C:\Users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\rem4fhjl.default\Extensions\info@djzig.com
FF Extension: No Name - C:\Users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\rem4fhjl.default\Extensions\staged
FF Extension: Forecastfox - C:\Users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\rem4fhjl.default\Extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
FF Extension: Flash and Video Download - C:\Users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\rem4fhjl.default\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
FF Extension: firegestures - C:\Users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\rem4fhjl.default\Extensions\firegestures@xuldev.org.xpi
FF Extension: ftd - C:\Users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\rem4fhjl.default\Extensions\ftd@ftd.com.xpi.virtual.lnk
FF Extension: nasanightlaunch - C:\Users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\rem4fhjl.default\Extensions\nasanightlaunch@example.com.xpi
FF Extension: No Name - C:\Users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\rem4fhjl.default\Extensions\{097d3191-e6fa-4728-9826-b533d755359d}.xpi
FF Extension: No Name - C:\Users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\rem4fhjl.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: No Name - C:\Users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\rem4fhjl.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi.virtual.lnk
FF Extension: No Name - C:\Users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\rem4fhjl.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi
FF Extension: No Name - C:\Users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\rem4fhjl.default\Extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
FF Extension: No Name - C:\Users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\rem4fhjl.default\Extensions\{cd617375-6743-4ee8-bac4-fbf10f35729e}.xpi
FF Extension: No Name - C:\Users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\rem4fhjl.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Nero Kwik Media Helper) - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Java™ Platform SE 7 U17) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.170.2) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
CHR Extension: (Google Docs) - C:\Users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube Options) - C:\Users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdokagampppgbnjfdlkfpphniapiiifn\1.8.121_0
CHR Extension: (YouTube) - C:\Users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Adblock Plus) - C:\Users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.4_0
CHR Extension: (Google Search) - C:\Users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (AdBlock) - C:\Users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.63_0
CHR Extension: (Earth) - C:\Users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\jieopfhnlbjmbpckpdhfdedccdmngdac\1.5_0
CHR Extension: (FastestChrome - Browse Faster) - C:\Users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm\7.1.1_0
CHR Extension: (Skyrim Theme) - C:\Users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpamhoiaakdgllnldcapkcgoeimodnle\1_0
CHR Extension: (Gmail) - C:\Users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

==================== Services (Whitelisted) =================

R2 ACPService; C:\Program Files (x86)\Philips\CamSuite\2.0.15.0\ACPService.exe [687104 2010-08-26] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
R2 BufferZoneSvc; D:\Program Files\BufferZone\CLNTSVC.EXE [3122104 2013-02-17] ()
S3 fdPHost_Untrusted_BZ; C:\Windows\system32\fdPHost.dll [16384 2009-07-13] (Microsoft Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation)
R2 MBAMScheduler; D:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 MSIServer_Untrusted_BZ; C:\Windows\System32\msiexec.exe [128000 2010-11-20] (Microsoft Corporation)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390672 2012-12-21] ()
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 SEVPNBRIDGE; D:\Program Files\SoftEther VPN Client\Bridge\SoftEther VPN Bridge\vpnbridge_x64.exe [4301880 2013-06-18] (SoftEther Project at University of Tsukuba, Japan.)
R2 SEVPNCLIENT; D:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [4290616 2013-06-18] (SoftEther Project at University of Tsukuba, Japan.)
S2 TrustedInstaller_Untrusted_BZ; C:\Virtual\Untrusted\C_\Windows\servicing\TrustedInstaller.exe [194048 2010-11-20] (Microsoft Corporation)
S3 upnphost_Untrusted_BZ; C:\Windows\System32\upnphost.dll [353792 2009-07-13] (Microsoft Corporation)
S2 winmgmt_Untrusted_BZ; C:\Windows\system32\wbem\WMIsvc.dll [242688 2009-07-13] (Microsoft Corporation)
S2 WSearch_Untrusted_BZ; C:\Virtual\Untrusted\C_\Windows\system32\SearchIndexer.exe [591872 2011-05-04] (Microsoft Corporation)
S2 wuauserv_Untrusted_BZ; C:\Windows\system32\wuaueng.dll [2428952 2012-06-02] (Microsoft Corporation)
S2 MBAMScheduler_Untrusted_BZ; "C:\Virtual\Untrusted\D_\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe" [x]
S4 WebCake Desktop Updater_Untrusted_BZ; "C:\Virtual\Untrusted\C_\Program Files (x86)\WebCake\WebCakeDesktop.Updater.exe" "C:\Users\Raven\AppData\Roaming\WebCake\WebCakeDesktop.exe" [x]

==================== Drivers (Whitelisted) ====================

R3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-13] (Microsoft Corporation)
R0 arcm_a64; C:\Windows\System32\DRIVERS\arcm_a64.sys [59936 2011-10-06] (ARECA Technology Corporation)
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-06-27] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-06-27] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-06-27] ()
R3 elntouch; C:\Windows\System32\DRIVERS\elntouch.sys [46720 2010-12-30] ()
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [16776 2011-07-29] ()
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [16776 2011-07-29] ()
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9096 2011-07-29] ()
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9096 2011-07-29] ()
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28216 2012-11-19] (Intel Corporation)
R3 MackieAudio; C:\Windows\System32\DRIVERS\MackieAudio64.sys [158432 2009-12-15] (LOUD Technologies, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 Neo_WormholeVPN; C:\Windows\System32\DRIVERS\Neo_0049.sys [28768 2013-06-19] (SoftEther Project at University of Tsukuba, Japan.)
R3 phaudlwr; C:\Windows\System32\DRIVERS\phaudlwr.sys [114608 2009-10-20] (Philips Applied Technologies)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19032 2013-03-07] ()
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19032 2013-03-07] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [9584 2013-03-07] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [9584 2013-03-07] ()
R1 REDLIGHT; C:\Windows\System32\drivers\REDLIGHT.SYS [460192 2013-02-17] (BufferZone)
R3 SEE; C:\Windows\System32\drivers\see.sys [38240 2013-06-18] (SoftEther Project at University of Tsukuba, Japan.)
R3 SPC1300; C:\Windows\System32\DRIVERS\spc1300.sys [3251968 2010-01-26] ()
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2013-07-01] ()
R1 UimBus; C:\Windows\System32\DRIVERS\uimx64.sys [90960 2013-02-18] (Windows ® 2000 DDK provider)
R1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [633680 2013-02-18] (Paragon)
R1 Uim_VIM; C:\Windows\System32\Drivers\uim_vimx64.sys [390352 2013-02-18] (Paragon)
R1 vvramd; C:\Program Files\SoftPerfect RAM Disk\vv.sys [253432 2013-03-10] ()

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-01 14:43 - 2013-07-01 14:43 - 00023934 ____A C:\Users\Raven\Desktop\Addition.txt
2013-07-01 14:42 - 2013-07-01 14:42 - 00000000 ____D C:\FRST
2013-07-01 14:37 - 2013-07-01 14:36 - 01933776 ____A (Farbar) C:\Users\Raven\Desktop\FRST64.exe
2013-07-01 13:36 - 2013-06-30 17:58 - 00241664 ____A C:\Windows\SysWOW64\winvnc86.exe
2013-06-30 18:53 - 2013-06-30 18:53 - 00002655 ____A C:\Users\Public\Desktop\Vista Shortcut Manager.lnk
2013-06-30 18:53 - 2013-06-30 18:53 - 00000000 ___AD C:\Program Files\Frameworkx
2013-06-30 18:30 - 2013-06-30 18:30 - 00000000 ___HD C:\Windows\PIF
2013-06-30 17:58 - 2013-06-30 17:58 - 00241664 ____A C:\Windows\SysWOW64\rpcminer-cpu.exe
2013-06-30 16:53 - 2013-06-30 16:53 - 00029184 __ASH C:\Users\Raven\AppData\Roaming\Thumbs.db
2013-06-29 01:35 - 2013-06-29 02:13 - 00000000 ___AD C:\Windows\SysWOW64\WNLT
2013-06-29 01:35 - 2013-06-29 01:35 - 00001983 ____A C:\Windows\SysWOW64\ImHttpComm.dll.virtual.lnk
2013-06-29 01:35 - 2013-06-29 01:35 - 00001969 ____A C:\Windows\SysWOW64\msvcr100.dll.virtual.lnk
2013-06-29 01:35 - 2013-06-29 01:35 - 00001969 ____A C:\Windows\SysWOW64\msvcp100.dll.virtual.lnk
2013-06-29 01:35 - 2013-06-29 01:35 - 00001937 ____A C:\Windows\SysWOW64\dmwu.exe.virtual.lnk
2013-06-28 23:57 - 2013-06-28 23:57 - 00000000 ___AD C:\Users\Raven\AppData\Local\PutLockerDownloader
2013-06-28 04:37 - 2013-06-28 04:37 - 00002097 ____A C:\Windows\SysWOW64\Drivers\idmwfp.sys.virtual.lnk
2013-06-28 04:36 - 2013-07-01 15:22 - 00000000 ___AD C:\Users\Raven\AppData\Roaming\DMCache
2013-06-28 04:36 - 2013-06-28 04:48 - 00000000 ___AD C:\Program Files (x86)\Portable
2013-06-28 04:36 - 2013-06-28 04:43 - 00000000 ___AD C:\Users\Raven\AppData\Roaming\IDM
2013-06-28 04:36 - 2013-06-28 04:36 - 00000000 ___AD C:\Users\Raven\Downloads\Video
2013-06-28 04:36 - 2013-06-28 04:36 - 00000000 ___AD C:\Users\Raven\Downloads\Compressed
2013-06-28 04:36 - 2013-06-28 04:36 - 00000000 ___AD C:\ProgramData\IDM
2013-06-28 04:29 - 2013-06-28 04:29 - 00001805 ____A C:\Windows\WORDPAD.INI.virtual.lnk
2013-06-27 15:18 - 2013-06-27 15:18 - 00000175 ____A C:\Windows\System32\Drivers\aswVmm.sys.sum
2013-06-26 21:09 - 2013-06-27 15:18 - 00000175 ____A C:\Windows\System32\Drivers\aswSP.sys.sum
2013-06-26 21:09 - 2013-06-27 15:18 - 00000175 ____A C:\Windows\System32\Drivers\aswSnx.sys.sum
2013-06-26 11:16 - 2013-06-30 15:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-06-26 09:28 - 2013-06-26 09:28 - 00000000 ____D C:\Users\Raven\AppData\Local\Apps\2.0
2013-06-25 18:55 - 2013-06-25 18:55 - 00000743 ____A C:\Users\Public\Desktop\REAPER (x64).lnk
2013-06-25 18:50 - 2013-06-25 18:50 - 01073152 ____A (The OpenSSL Project, http://www.openssl.org/) C:\Windows\SysWOW64\libeay32.dll
2013-06-25 18:50 - 2013-06-25 18:50 - 00221184 ____A (The OpenSSL Project, http://www.openssl.org/) C:\Windows\SysWOW64\ssleay32.dll
2013-06-25 18:50 - 2013-06-25 18:50 - 00194048 ____A C:\Windows\SysWOW64\curllib.dll
2013-06-25 18:50 - 2013-06-25 18:50 - 00110592 ____A C:\Windows\SysWOW64\openldap.dll
2013-06-25 18:50 - 2013-06-25 18:50 - 00077891 ____A (Carnegie Mellon University) C:\Windows\SysWOW64\libsasl.dll
2013-06-25 09:27 - 2013-06-30 20:51 - 00000000 ___AD C:\Users\Raven\AppData\Roaming\Media Player Classic
2013-06-25 09:27 - 2013-06-25 09:27 - 00000840 ____A C:\Users\Public\Desktop\MPC-HC x64.lnk
2013-06-25 08:19 - 2013-06-25 08:19 - 00000000 ___AD C:\Program Files\ffmpeg-20130624-git-bbe26ef-win64-static-SETUP
2013-06-25 08:17 - 2013-06-26 09:38 - 00000000 ___AD C:\Users\Raven\AppData\Roaming\PeaZip
2013-06-25 08:17 - 2013-06-25 08:17 - 00000661 ____A C:\Users\Raven\Desktop\Downloads.lnk
2013-06-24 17:53 - 2013-06-24 17:53 - 00000714 ____A C:\Users\Raven\Desktop\PeaZip.lnk
2013-06-20 21:42 - 2013-06-20 21:42 - 00002235 ____A C:\Users\Raven\AppData\Local\GDIPFONTCACHEV1.DAT.virtual.lnk
2013-06-19 21:46 - 2013-06-19 21:46 - 00288524 ____A C:\Windows\msxml4-KB954430-enu.LOG
2013-06-19 21:46 - 2013-06-19 21:46 - 00283860 ____A C:\Windows\msxml4-KB973688-enu.LOG
2013-06-19 21:46 - 2013-06-19 21:46 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0
2013-06-19 18:25 - 2013-06-19 18:25 - 00008001 ____A C:\Users\Raven\Desktop\RKreport[0]_S_06192013_182518.txt
2013-06-19 18:18 - 2013-06-19 21:46 - 00000000 ____D C:\Users\Raven\Desktop\RK_Quarantine
2013-06-19 11:20 - 2013-06-19 11:20 - 00000000 ____D C:\Users\Raven\Documents\Aiseesoft Studio
2013-06-19 11:20 - 2013-06-19 11:20 - 00000000 ____D C:\Users\Raven\AppData\Local\Aiseesoft Studio
2013-06-19 10:37 - 2013-06-19 10:37 - 00000000 ____D C:\ProgramData\Aiseesoft Studio
2013-06-19 09:37 - 2013-06-19 09:37 - 00028768 ____A (SoftEther Project at University of Tsukuba, Japan.) C:\Windows\System32\Drivers\Neo_0049.sys
2013-06-19 08:30 - 2013-06-19 08:30 - 00001428 ____A C:\Users\Raven\Desktop\geek.exe.lnk
2013-06-19 08:15 - 2013-06-19 08:15 - 00000000 ____D C:\Users\Raven\Documents\NeroVideo
2013-06-18 20:36 - 2013-06-30 20:05 - 00000000 ____D C:\Users\Raven\AppData\Roaming\ThumbsPlus
2013-06-18 20:36 - 2013-06-18 20:36 - 00000625 ____A C:\Users\Raven\Desktop\ThumbsPlus 9.lnk
2013-06-18 20:35 - 2013-06-18 20:36 - 00000000 __HDC C:\Users\Raven\AppData\Local\{16F7F61D-918E-461B-9A80-574686DE81D2}
2013-06-18 20:32 - 2013-06-18 20:32 - 00038240 ____A (SoftEther Project at University of Tsukuba, Japan.) C:\Windows\System32\Drivers\see.sys
2013-06-18 20:32 - 2013-06-18 20:32 - 00001357 ____A C:\Users\Public\Desktop\SoftEther VPN Server Manager.lnk
2013-06-18 20:28 - 2013-06-18 20:28 - 00135736 ____A (SoftEther Project at University of Tsukuba, Japan.) C:\Windows\System32\vpncmd.exe
2013-06-18 20:28 - 2013-06-18 20:28 - 00000989 ____A C:\Users\Public\Desktop\SoftEther VPN Client Manager.lnk
2013-06-18 17:52 - 2013-06-18 20:36 - 00000211 ____A C:\Windows\ODBCINST.INI
2013-06-18 17:52 - 2013-06-18 17:52 - 00000000 ____D C:\ProgramData\Package Cache
2013-06-18 17:47 - 2013-06-18 17:47 - 00000000 ____D C:\Users\Raven\AppData\Local\PackageAware
2013-06-18 14:05 - 2013-06-30 16:58 - 00000000 ___AD C:\Users\Raven\AppData\Local\System Navigator 2012
2013-06-18 14:03 - 2013-06-18 14:03 - 00000864 ____A C:\Users\Public\Desktop\System Navigator.lnk
2013-06-18 14:03 - 2013-06-18 14:03 - 00000000 ____D C:\Program Files\System Navigator
2013-06-18 14:03 - 2009-10-21 23:31 - 00023552 ____A (Bo Brantén) C:\Windows\System32\Drivers\filedisk.sys
2013-06-17 20:11 - 2013-06-17 20:11 - 00001849 ____A C:\Windows\WindowsUpdate.log.virtual.lnk
2013-06-17 19:04 - 2013-06-17 19:15 - 00002860 ___AH C:\Windows\EPMBatch.ept
2013-06-17 14:35 - 2013-06-17 14:35 - 00001456 ____A C:\Users\Public\Desktop\EASEUS Partition Master 9.0.0 Server Edition.lnk
2013-06-17 14:35 - 2013-06-17 14:35 - 00000000 ___AD C:\Program Files (x86)\EASEUS
2013-06-17 14:35 - 2011-08-02 20:48 - 03320192 ____A C:\Windows\System32\BootMan.exe
2013-06-17 14:35 - 2011-08-02 20:48 - 02469248 ____A C:\Windows\SysWOW64\BootMan.exe
2013-06-17 14:35 - 2011-07-29 13:54 - 00100232 ____A C:\Windows\System32\setupempdrvx64.exe
2013-06-17 14:35 - 2011-07-29 13:54 - 00086408 ____A C:\Windows\SysWOW64\setupempdrv03.exe
2013-06-17 14:35 - 2011-07-29 13:54 - 00019840 ____A C:\Windows\SysWOW64\EuEpmGdi.dll
2013-06-17 14:35 - 2011-07-29 13:54 - 00016776 ____A C:\Windows\System32\epmntdrv.sys
2013-06-17 14:35 - 2011-07-29 13:54 - 00016256 ____A C:\Windows\System32\EuEpmGdi.dll
2013-06-17 14:35 - 2011-07-29 13:54 - 00014216 ____A C:\Windows\SysWOW64\epmntdrv.sys
2013-06-17 14:35 - 2011-07-29 13:54 - 00009096 ____A C:\Windows\System32\EuGdiDrv.sys
2013-06-17 14:35 - 2011-07-29 13:54 - 00008456 ____A C:\Windows\SysWOW64\EuGdiDrv.sys
2013-06-17 14:31 - 2013-06-17 14:31 - 00002004 ____A C:\Windows\SysWOW64\setupempdrv03.exe.virtual.lnk
2013-06-17 14:31 - 2013-06-17 14:31 - 00001969 ____A C:\Windows\SysWOW64\EuGdiDrv.sys.virtual.lnk
2013-06-17 14:31 - 2013-06-17 14:31 - 00001969 ____A C:\Windows\SysWOW64\epmntdrv.sys.virtual.lnk
2013-06-17 14:19 - 2013-03-07 13:37 - 03074240 ____A C:\Windows\System32\pwNative.exe
2013-06-17 14:19 - 2013-03-07 13:37 - 00019032 ____N C:\Windows\System32\pwdrvio.sys
2013-06-17 14:19 - 2013-03-07 13:37 - 00009584 ____N C:\Windows\System32\pwdspio.sys
2013-06-17 14:18 - 2013-06-17 14:28 - 00000000 ____D C:\Program Files (x86)\MiniTool Partition Wizard Home Edition 7.8
2013-06-16 18:30 - 2013-06-16 18:30 - 00000000 ____D C:\Users\Raven\AppData\Roaming\PACE Anti-Piracy
2013-06-16 18:30 - 2013-06-16 18:30 - 00000000 ____D C:\Users\Raven\AppData\Local\PACE Anti-Piracy
2013-06-16 18:30 - 2013-06-16 18:30 - 00000000 ____D C:\ProgramData\PACE Anti-Piracy
2013-06-16 17:16 - 2013-06-16 17:16 - 00001960 ____A C:\Windows\SysWOW64\msiexec.exe.virtual.lnk
2013-06-16 15:54 - 2013-06-25 18:59 - 00000000 ___AD C:\Users\Raven\AppData\Roaming\REAPER
2013-06-16 15:52 - 2013-06-16 15:52 - 00001805 ____A C:\Windows\wininit.ini.virtual.lnk
2013-06-16 15:51 - 2013-06-16 15:51 - 00001969 ____A C:\Windows\SysWOW64\ssleay32.dll.virtual.lnk
2013-06-16 15:51 - 2013-06-16 15:51 - 00001969 ____A C:\Windows\SysWOW64\openldap.dll.virtual.lnk
2013-06-16 15:51 - 2013-06-16 15:51 - 00001969 ____A C:\Windows\SysWOW64\libeay32.dll.virtual.lnk
2013-06-16 15:51 - 2013-06-16 15:51 - 00001960 ____A C:\Windows\SysWOW64\libsasl.dll.virtual.lnk
2013-06-16 15:51 - 2013-06-16 15:51 - 00001960 ____A C:\Windows\SysWOW64\curllib.dll.virtual.lnk
2013-06-16 15:50 - 2013-07-01 15:32 - 00001527 ____A C:\Windows\SysWOW64\DELETEDKEYS.DB.virtual.lnk
2013-06-16 15:35 - 2013-06-16 15:35 - 00002104 ____A C:\Windows\SysWOW64\Drivers\revoflt.sys.virtual.lnk
2013-06-16 15:04 - 2013-06-16 15:04 - 00000000 ___AD C:\Users\Raven\AppData\Roaming\Malwarebytes
2013-06-16 15:03 - 2013-06-16 15:11 - 00000760 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-06-16 15:03 - 2013-06-16 15:03 - 00000000 ___AD C:\ProgramData\Malwarebytes
2013-06-16 15:03 - 2013-04-04 14:50 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-06-16 14:54 - 2013-06-16 14:54 - 00002004 ____A C:\Windows\SysWOW64\SearchIndexer.exe.virtual.lnk
2013-06-16 12:03 - 2013-02-17 14:10 - 04456352 ____A (TODO: <Company name>) C:\Windows\System32\RlShellExt64.dll
2013-06-16 12:03 - 2013-02-17 14:10 - 00460192 ____A (BufferZone) C:\Windows\System32\Drivers\redlight.sys
2013-06-16 12:03 - 2013-02-17 14:10 - 00392096 ____A C:\Windows\System32\AM64.dll
2013-06-16 12:03 - 2013-02-17 14:10 - 00078240 ____A (TODO: <Company name>) C:\Windows\System32\RlDragDrop64.dll
2013-06-16 11:11 - 2013-06-29 00:24 - 00000000 ____D C:\ProgramData\BufferZone
2013-06-16 10:58 - 2013-06-16 18:38 - 00000000 ____D C:\Windows\System32\appmgmt
2013-06-16 10:57 - 2013-07-01 15:23 - 00004333 ____A C:\PERF.LOG
2013-06-16 10:35 - 2013-07-01 15:24 - 00000000 ____A C:\LongFileName.txt
2013-06-16 10:35 - 2013-06-16 10:36 - 00000000 ____D C:\Virtual
2013-06-16 10:34 - 2013-06-16 12:03 - 00000063 ____A C:\BZInstallComplete.log
2013-06-16 09:51 - 2013-06-08 09:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-16 09:51 - 2013-06-08 09:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-16 09:51 - 2013-06-08 09:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-16 09:51 - 2013-06-08 07:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-16 09:51 - 2013-06-08 06:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-16 09:51 - 2013-06-08 06:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-16 09:51 - 2013-06-08 06:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-16 09:51 - 2013-06-08 06:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-16 09:50 - 2013-06-08 09:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-16 09:50 - 2013-06-08 09:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-16 09:50 - 2013-06-08 06:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-16 09:50 - 2013-06-08 06:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-13 21:27 - 2013-05-16 20:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-13 21:27 - 2013-05-16 20:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-13 21:27 - 2013-05-16 20:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-13 21:27 - 2013-05-16 20:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-13 21:27 - 2013-05-16 20:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-13 21:27 - 2013-05-16 20:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-13 21:27 - 2013-05-16 20:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-13 21:27 - 2013-05-16 20:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-13 21:27 - 2013-05-16 19:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-13 21:27 - 2013-05-16 19:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-13 21:27 - 2013-05-16 19:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-13 21:27 - 2013-05-16 19:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-13 21:27 - 2013-05-16 19:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-13 21:27 - 2013-05-16 19:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-13 21:27 - 2013-05-16 19:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-13 21:27 - 2013-05-16 19:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-13 21:27 - 2013-05-16 19:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-13 21:27 - 2013-05-14 07:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-13 21:27 - 2013-05-14 03:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-13 18:17 - 2013-05-10 00:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-13 18:17 - 2013-05-09 22:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-13 18:16 - 2013-05-08 01:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-13 18:14 - 2013-05-13 00:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-13 18:14 - 2013-05-13 00:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-13 18:14 - 2013-05-13 00:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-13 18:14 - 2013-05-13 00:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-13 18:14 - 2013-05-12 23:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-13 18:14 - 2013-05-12 23:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-13 18:14 - 2013-05-12 23:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-13 18:14 - 2013-05-12 22:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-13 18:14 - 2013-05-12 22:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-13 18:14 - 2013-05-12 22:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-13 18:13 - 2013-04-26 00:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-13 18:13 - 2013-04-25 23:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-13 18:12 - 2013-04-25 18:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-13 18:12 - 2013-04-17 02:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-13 18:12 - 2013-04-17 01:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-13 18:12 - 2013-03-31 17:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-06-11 21:44 - 2013-06-11 21:44 - 00000000 ___AD C:\Users\Raven\AppData\Local\Apple Computer
2013-06-10 22:33 - 2013-06-10 22:33 - 00000726 ____A C:\Users\Raven\Desktop\Format Factory.lnk
2013-06-10 15:39 - 2013-06-30 19:40 - 00000000 ____D C:\Users\Raven\AppData\Local\CrashDumps
2013-06-08 21:24 - 2009-12-15 10:52 - 00194648 ____A C:\Windows\System32\LoudAudioProp64.dll
2013-06-08 21:24 - 2009-12-15 10:52 - 00158432 ____A (LOUD Technologies, Inc.) C:\Windows\System32\Drivers\MackieAudio64.sys
2013-06-08 21:24 - 2009-12-15 10:52 - 00129624 ____A C:\Windows\System32\MackieAsio64.dll
2013-06-08 21:24 - 2009-12-15 10:52 - 00119384 ____A C:\Windows\SysWOW64\MackieAsio.dll
2013-06-08 21:24 - 2009-12-15 10:48 - 00084480 ____A (LOUD Technologies, Inc.) C:\Windows\Mackie.exe
2013-06-08 21:17 - 2013-06-08 21:17 - 00000000 ____D C:\Users\Raven\AppData\Roaming\driveridentifier

==================== One Month Modified Files and Folders =======

2013-07-01 15:32 - 2013-06-16 15:50 - 00001527 ____A C:\Windows\SysWOW64\DELETEDKEYS.DB.virtual.lnk
2013-07-01 15:31 - 2009-07-14 00:13 - 00780650 ____A C:\Windows\System32\PerfStringBackup.INI
2013-07-01 15:31 - 2009-07-13 23:45 - 00022096 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-01 15:31 - 2009-07-13 23:45 - 00022096 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-01 15:27 - 2013-05-13 14:35 - 00000402 ____A C:\Windows\Tasks\FreeFileViewerUpdateChecker.job
2013-07-01 15:24 - 2013-06-16 10:35 - 00000000 ____A C:\LongFileName.txt
2013-07-01 15:24 - 2013-05-22 20:06 - 00016152 ____A C:\Windows\System32\Drivers\SWDUMon.sys
2013-07-01 15:24 - 2013-05-22 20:06 - 00000410 ____A C:\Windows\Tasks\SlimDrivers Startup.job
2013-07-01 15:24 - 2013-04-10 08:32 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-01 15:24 - 2013-04-09 15:11 - 00000000 ____D C:\ProgramData\NVIDIA
2013-07-01 15:24 - 2009-07-14 00:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-01 15:24 - 2009-07-13 23:51 - 00040360 ____A C:\Windows\setupact.log
2013-07-01 15:23 - 2013-06-16 10:57 - 00004333 ____A C:\PERF.LOG
2013-07-01 15:22 - 2013-06-28 04:36 - 00000000 ___AD C:\Users\Raven\AppData\Roaming\DMCache
2013-07-01 15:22 - 2013-04-09 12:56 - 01713681 ____A C:\Windows\WindowsUpdate.log
2013-07-01 15:03 - 2013-04-10 08:27 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-01 15:00 - 2013-04-10 08:32 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-01 14:43 - 2013-07-01 14:43 - 00023934 ____A C:\Users\Raven\Desktop\Addition.txt
2013-07-01 14:42 - 2013-07-01 14:42 - 00000000 ____D C:\FRST
2013-07-01 14:36 - 2013-07-01 14:37 - 01933776 ____A (Farbar) C:\Users\Raven\Desktop\FRST64.exe
2013-07-01 13:47 - 2013-05-13 22:07 - 00007605 ____A C:\Users\Raven\AppData\Local\resmon.resmoncfg
2013-07-01 13:35 - 2010-11-20 22:47 - 00019940 ____A C:\Windows\PFRO.log
2013-06-30 20:51 - 2013-06-25 09:27 - 00000000 ___AD C:\Users\Raven\AppData\Roaming\Media Player Classic
2013-06-30 20:05 - 2013-06-18 20:36 - 00000000 ____D C:\Users\Raven\AppData\Roaming\ThumbsPlus
2013-06-30 19:40 - 2013-06-10 15:39 - 00000000 ____D C:\Users\Raven\AppData\Local\CrashDumps
2013-06-30 19:09 - 2013-05-14 22:48 - 00000000 ____D C:\Program Files (x86)\SpeedFan
2013-06-30 18:53 - 2013-06-30 18:53 - 00002655 ____A C:\Users\Public\Desktop\Vista Shortcut Manager.lnk
2013-06-30 18:53 - 2013-06-30 18:53 - 00000000 ___AD C:\Program Files\Frameworkx
2013-06-30 18:30 - 2013-06-30 18:30 - 00000000 ___HD C:\Windows\PIF
2013-06-30 17:58 - 2013-07-01 13:36 - 00241664 ____A C:\Windows\SysWOW64\winvnc86.exe
2013-06-30 17:58 - 2013-06-30 17:58 - 00241664 ____A C:\Windows\SysWOW64\rpcminer-cpu.exe
2013-06-30 17:57 - 2013-05-10 17:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-06-30 17:36 - 2013-05-22 20:06 - 00000000 ____D C:\Users\Public\Documents\Downloaded Installers
2013-06-30 16:58 - 2013-06-18 14:05 - 00000000 ___AD C:\Users\Raven\AppData\Local\System Navigator 2012
2013-06-30 16:53 - 2013-06-30 16:53 - 00029184 __ASH C:\Users\Raven\AppData\Roaming\Thumbs.db
2013-06-30 15:09 - 2013-06-26 11:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-06-29 03:02 - 2013-04-09 15:38 - 00774374 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2013-06-29 02:41 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Registration
2013-06-29 02:13 - 2013-06-29 01:35 - 00000000 ___AD C:\Windows\SysWOW64\WNLT
2013-06-29 01:35 - 2013-06-29 01:35 - 00001983 ____A C:\Windows\SysWOW64\ImHttpComm.dll.virtual.lnk
2013-06-29 01:35 - 2013-06-29 01:35 - 00001969 ____A C:\Windows\SysWOW64\msvcr100.dll.virtual.lnk
2013-06-29 01:35 - 2013-06-29 01:35 - 00001969 ____A C:\Windows\SysWOW64\msvcp100.dll.virtual.lnk
2013-06-29 01:35 - 2013-06-29 01:35 - 00001937 ____A C:\Windows\SysWOW64\dmwu.exe.virtual.lnk
2013-06-29 00:24 - 2013-06-16 11:11 - 00000000 ____D C:\ProgramData\BufferZone
2013-06-28 23:57 - 2013-06-28 23:57 - 00000000 ___AD C:\Users\Raven\AppData\Local\PutLockerDownloader
2013-06-28 14:37 - 2013-05-13 14:35 - 00000000 ____D C:\Program Files (x86)\File Type Assistant
2013-06-28 04:48 - 2013-06-28 04:36 - 00000000 ___AD C:\Program Files (x86)\Portable
2013-06-28 04:43 - 2013-06-28 04:36 - 00000000 ___AD C:\Users\Raven\AppData\Roaming\IDM
2013-06-28 04:37 - 2013-06-28 04:37 - 00002097 ____A C:\Windows\SysWOW64\Drivers\idmwfp.sys.virtual.lnk
2013-06-28 04:36 - 2013-06-28 04:36 - 00000000 ___AD C:\Users\Raven\Downloads\Video
2013-06-28 04:36 - 2013-06-28 04:36 - 00000000 ___AD C:\Users\Raven\Downloads\Compressed
2013-06-28 04:36 - 2013-06-28 04:36 - 00000000 ___AD C:\ProgramData\IDM
2013-06-28 04:29 - 2013-06-28 04:29 - 00001805 ____A C:\Windows\WORDPAD.INI.virtual.lnk
2013-06-27 15:18 - 2013-06-27 15:18 - 00000175 ____A C:\Windows\System32\Drivers\aswVmm.sys.sum
2013-06-27 15:18 - 2013-06-26 21:09 - 00000175 ____A C:\Windows\System32\Drivers\aswSP.sys.sum
2013-06-27 15:18 - 2013-06-26 21:09 - 00000175 ____A C:\Windows\System32\Drivers\aswSnx.sys.sum
2013-06-27 15:18 - 2013-04-10 08:32 - 01030952 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2013-06-27 15:18 - 2013-04-10 08:32 - 00378944 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2013-06-27 15:18 - 2013-04-10 08:32 - 00189936 ____A C:\Windows\System32\Drivers\aswVmm.sys
2013-06-26 09:38 - 2013-06-25 08:17 - 00000000 ___AD C:\Users\Raven\AppData\Roaming\PeaZip
2013-06-26 09:28 - 2013-06-26 09:28 - 00000000 ____D C:\Users\Raven\AppData\Local\Apps\2.0
2013-06-25 18:59 - 2013-06-16 15:54 - 00000000 ___AD C:\Users\Raven\AppData\Roaming\REAPER
2013-06-25 18:55 - 2013-06-25 18:55 - 00000743 ____A C:\Users\Public\Desktop\REAPER (x64).lnk
2013-06-25 18:50 - 2013-06-25 18:50 - 01073152 ____A (The OpenSSL Project, http://www.openssl.org/) C:\Windows\SysWOW64\libeay32.dll
2013-06-25 18:50 - 2013-06-25 18:50 - 00221184 ____A (The OpenSSL Project, http://www.openssl.org/) C:\Windows\SysWOW64\ssleay32.dll
2013-06-25 18:50 - 2013-06-25 18:50 - 00194048 ____A C:\Windows\SysWOW64\curllib.dll
2013-06-25 18:50 - 2013-06-25 18:50 - 00110592 ____A C:\Windows\SysWOW64\openldap.dll
2013-06-25 18:50 - 2013-06-25 18:50 - 00077891 ____A (Carnegie Mellon University) C:\Windows\SysWOW64\libsasl.dll
2013-06-25 09:27 - 2013-06-25 09:27 - 00000840 ____A C:\Users\Public\Desktop\MPC-HC x64.lnk
2013-06-25 08:33 - 2013-05-13 20:44 - 00000000 ____D C:\Users\Raven\AppData\Roaming\Audacity
2013-06-25 08:19 - 2013-06-25 08:19 - 00000000 ___AD C:\Program Files\ffmpeg-20130624-git-bbe26ef-win64-static-SETUP
2013-06-25 08:17 - 2013-06-25 08:17 - 00000661 ____A C:\Users\Raven\Desktop\Downloads.lnk
2013-06-24 17:53 - 2013-06-24 17:53 - 00000714 ____A C:\Users\Raven\Desktop\PeaZip.lnk
2013-06-20 21:42 - 2013-06-20 21:42 - 00002235 ____A C:\Users\Raven\AppData\Local\GDIPFONTCACHEV1.DAT.virtual.lnk
2013-06-20 18:03 - 2013-04-10 08:33 - 00002191 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-06-19 21:46 - 2013-06-19 21:46 - 00288524 ____A C:\Windows\msxml4-KB954430-enu.LOG
2013-06-19 21:46 - 2013-06-19 21:46 - 00283860 ____A C:\Windows\msxml4-KB973688-enu.LOG
2013-06-19 21:46 - 2013-06-19 21:46 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0
2013-06-19 21:46 - 2013-06-19 18:18 - 00000000 ____D C:\Users\Raven\Desktop\RK_Quarantine
2013-06-19 18:25 - 2013-06-19 18:25 - 00008001 ____A C:\Users\Raven\Desktop\RKreport[0]_S_06192013_182518.txt
2013-06-19 11:20 - 2013-06-19 11:20 - 00000000 ____D C:\Users\Raven\Documents\Aiseesoft Studio
2013-06-19 11:20 - 2013-06-19 11:20 - 00000000 ____D C:\Users\Raven\AppData\Local\Aiseesoft Studio
2013-06-19 10:37 - 2013-06-19 10:37 - 00000000 ____D C:\ProgramData\Aiseesoft Studio
2013-06-19 10:23 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Resources
2013-06-19 09:37 - 2013-06-19 09:37 - 00028768 ____A (SoftEther Project at University of Tsukuba, Japan.) C:\Windows\System32\Drivers\Neo_0049.sys
2013-06-19 08:35 - 2013-04-10 08:36 - 00000000 ____D C:\Program Files (x86)\Nero
2013-06-19 08:30 - 2013-06-19 08:30 - 00001428 ____A C:\Users\Raven\Desktop\geek.exe.lnk
2013-06-19 08:15 - 2013-06-19 08:15 - 00000000 ____D C:\Users\Raven\Documents\NeroVideo
2013-06-19 08:15 - 2013-05-11 20:20 - 00000000 ____D C:\Users\Raven\AppData\Roaming\Nero
2013-06-19 08:15 - 2013-05-11 20:20 - 00000000 ____D C:\Users\Raven\AppData\Local\Nero
2013-06-18 20:36 - 2013-06-18 20:36 - 00000625 ____A C:\Users\Raven\Desktop\ThumbsPlus 9.lnk
2013-06-18 20:36 - 2013-06-18 20:35 - 00000000 __HDC C:\Users\Raven\AppData\Local\{16F7F61D-918E-461B-9A80-574686DE81D2}
2013-06-18 20:36 - 2013-06-18 17:52 - 00000211 ____A C:\Windows\ODBCINST.INI
2013-06-18 20:32 - 2013-06-18 20:32 - 00038240 ____A (SoftEther Project at University of Tsukuba, Japan.) C:\Windows\System32\Drivers\see.sys
2013-06-18 20:32 - 2013-06-18 20:32 - 00001357 ____A C:\Users\Public\Desktop\SoftEther VPN Server Manager.lnk
2013-06-18 20:28 - 2013-06-18 20:28 - 00135736 ____A (SoftEther Project at University of Tsukuba, Japan.) C:\Windows\System32\vpncmd.exe
2013-06-18 20:28 - 2013-06-18 20:28 - 00000989 ____A C:\Users\Public\Desktop\SoftEther VPN Client Manager.lnk
2013-06-18 17:52 - 2013-06-18 17:52 - 00000000 ____D C:\ProgramData\Package Cache
2013-06-18 17:47 - 2013-06-18 17:47 - 00000000 ____D C:\Users\Raven\AppData\Local\PackageAware
2013-06-18 14:03 - 2013-06-18 14:03 - 00000864 ____A C:\Users\Public\Desktop\System Navigator.lnk
2013-06-18 14:03 - 2013-06-18 14:03 - 00000000 ____D C:\Program Files\System Navigator
2013-06-17 20:11 - 2013-06-17 20:11 - 00001849 ____A C:\Windows\WindowsUpdate.log.virtual.lnk
2013-06-17 19:15 - 2013-06-17 19:04 - 00002860 ___AH C:\Windows\EPMBatch.ept
2013-06-17 14:35 - 2013-06-17 14:35 - 00001456 ____A C:\Users\Public\Desktop\EASEUS Partition Master 9.0.0 Server Edition.lnk
2013-06-17 14:35 - 2013-06-17 14:35 - 00000000 ___AD C:\Program Files (x86)\EASEUS
2013-06-17 14:31 - 2013-06-17 14:31 - 00002004 ____A C:\Windows\SysWOW64\setupempdrv03.exe.virtual.lnk
2013-06-17 14:31 - 2013-06-17 14:31 - 00001969 ____A C:\Windows\SysWOW64\EuGdiDrv.sys.virtual.lnk
2013-06-17 14:31 - 2013-06-17 14:31 - 00001969 ____A C:\Windows\SysWOW64\epmntdrv.sys.virtual.lnk
2013-06-17 14:28 - 2013-06-17 14:18 - 00000000 ____D C:\Program Files (x86)\MiniTool Partition Wizard Home Edition 7.8
2013-06-16 19:22 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2013-06-16 18:38 - 2013-06-16 10:58 - 00000000 ____D C:\Windows\System32\appmgmt
2013-06-16 18:30 - 2013-06-16 18:30 - 00000000 ____D C:\Users\Raven\AppData\Roaming\PACE Anti-Piracy
2013-06-16 18:30 - 2013-06-16 18:30 - 00000000 ____D C:\Users\Raven\AppData\Local\PACE Anti-Piracy
2013-06-16 18:30 - 2013-06-16 18:30 - 00000000 ____D C:\ProgramData\PACE Anti-Piracy
2013-06-16 17:16 - 2013-06-16 17:16 - 00001960 ____A C:\Windows\SysWOW64\msiexec.exe.virtual.lnk
2013-06-16 15:52 - 2013-06-16 15:52 - 00001805 ____A C:\Windows\wininit.ini.virtual.lnk
2013-06-16 15:51 - 2013-06-16 15:51 - 00001969 ____A C:\Windows\SysWOW64\ssleay32.dll.virtual.lnk
2013-06-16 15:51 - 2013-06-16 15:51 - 00001969 ____A C:\Windows\SysWOW64\openldap.dll.virtual.lnk
2013-06-16 15:51 - 2013-06-16 15:51 - 00001969 ____A C:\Windows\SysWOW64\libeay32.dll.virtual.lnk
2013-06-16 15:51 - 2013-06-16 15:51 - 00001960 ____A C:\Windows\SysWOW64\libsasl.dll.virtual.lnk
2013-06-16 15:51 - 2013-06-16 15:51 - 00001960 ____A C:\Windows\SysWOW64\curllib.dll.virtual.lnk
2013-06-16 15:35 - 2013-06-16 15:35 - 00002104 ____A C:\Windows\SysWOW64\Drivers\revoflt.sys.virtual.lnk
2013-06-16 15:29 - 2013-05-13 14:36 - 00000000 ___AD C:\Users\Raven\AppData\Local\FreeFileViewer
2013-06-16 15:11 - 2013-06-16 15:03 - 00000760 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-06-16 15:04 - 2013-06-16 15:04 - 00000000 ___AD C:\Users\Raven\AppData\Roaming\Malwarebytes
2013-06-16 15:03 - 2013-06-16 15:03 - 00000000 ___AD C:\ProgramData\Malwarebytes
2013-06-16 14:55 - 2013-05-13 14:35 - 00000000 ___AD C:\Users\Raven\AppData\Local\FileTypeAssistant
2013-06-16 14:54 - 2013-06-16 14:54 - 00002004 ____A C:\Windows\SysWOW64\SearchIndexer.exe.virtual.lnk
2013-06-16 12:03 - 2013-06-16 10:34 - 00000063 ____A C:\BZInstallComplete.log
2013-06-16 10:36 - 2013-06-16 10:35 - 00000000 ____D C:\Virtual
2013-06-13 21:27 - 2013-04-09 15:27 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-11 21:44 - 2013-06-11 21:44 - 00000000 ___AD C:\Users\Raven\AppData\Local\Apple Computer
2013-06-11 14:03 - 2013-04-10 08:27 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-11 14:03 - 2013-04-10 08:27 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-10 22:33 - 2013-06-10 22:33 - 00000726 ____A C:\Users\Raven\Desktop\Format Factory.lnk
2013-06-08 22:15 - 2013-05-13 18:33 - 00000000 ____D C:\Program Files\DIFX
2013-06-08 22:15 - 2013-05-13 18:32 - 00024074 ____A C:\Windows\DPINST.LOG
2013-06-08 21:17 - 2013-06-08 21:17 - 00000000 ____D C:\Users\Raven\AppData\Roaming\driveridentifier
2013-06-08 09:08 - 2013-06-16 09:51 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-08 09:07 - 2013-06-16 09:50 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-08 09:06 - 2013-06-16 09:51 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-08 09:06 - 2013-06-16 09:51 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-08 09:06 - 2013-06-16 09:50 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-08 07:28 - 2013-06-16 09:51 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-08 06:42 - 2013-06-16 09:51 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-08 06:40 - 2013-06-16 09:51 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-08 06:40 - 2013-06-16 09:51 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-08 06:40 - 2013-06-16 09:50 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-08 06:40 - 2013-06-16 09:50 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-08 06:13 - 2013-06-16 09:51 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-07 19:10 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\NDF

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-06-24 16:13

==================== End Of Log ============================

 

_______________________________________

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-07-2013 02
Ran by Raven at 2013-07-01 15:33:51
Running from C:\Users\Raven\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224)
Adobe Reader XI (11.0.03) (x32 Version: 11.0.03)
Aiseesoft Blu-ray Ripper 6.3.70 (x32 Version: 6.3.70)
Apple Application Support (x32 Version: 2.3.4)
Apple Software Update (x32 Version: 2.1.3.127)
Atheros Bluetooth Suite (64) (Version: 7.4.0.122)
Audacity 2.0.3 (x32 Version: 2.0.3)
avast! Free Antivirus (x32 Version: 8.0.1489.0)
BufferZone (x32 Version: 4.05.71)
CyberLink PowerDirector 11 (Version: 11.0.0.2418)
CyberLink PowerDirector 11 (x32 Version: 11.0.0.2418)
CyberLink PowerDirector 11 Content Pack Essential (x32 Version: 11)
CyberLink PowerDirector 11 Content Pack Premium (x32 Version: 11)
CyberLink WaveEditor 2 (x32 Version: 2.0.3206)
EASEUS Partition Master 9.0.0 Server Edition (x32)
FairStars CD Ripper 1.52 (x32)
File Type Assistant (x32 Version: 2013.4.8.0)
FormatFactory 3.0.1 (x32 Version: 3.0.1)
Free File Viewer 2012 (x32 Version: 2012.10.9.0)
Google Chrome (x32 Version: 27.0.1453.116)
Google Update Helper (x32 Version: 1.3.21.145)
Intel® Management Engine Components (x32 Version: 9.0.0.1323)
Intel® Network Connections 18.1.59.0 (Version: 18.1.59.0)
Intel® Rapid Storage Technology (x32 Version: 11.7.0.1013)
Intel® USB 3.0 eXtensible Host Controller Driver (x32 Version: 1.0.7.248)
Intel® Trusted Connect Service Client (Version: 1.27.798.1)
IZArc 3.6 (x32 Version: 3.6)
Java 7 Update 21 (64-bit) (Version: 7.0.210)
Java 7 Update 21 (x32 Version: 7.0.210)
Java Auto Updater (x32 Version: 2.1.9.5)
LAME v3.99.3 (for Windows) (x32)
LibreOffice 4.0 Help Pack (English) (x32 Version: 4.0.2.2)
LibreOffice 4.0.2.2 (x32 Version: 4.0.2.2)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
marvell 91xx driver (x32 Version: 1.2.0.1006)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (x32 Version: 11.0.51106.1)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (x32 Version: 11.0.51106)
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (x32 Version: 11.0.51106)
Mozilla Maintenance Service (x32 Version: 17.0.7)
Mozilla Thunderbird 17.0.7 (x86 en-US) (x32 Version: 17.0.7)
MPC-HC 1.6.8 (64-bit) (Version: 1.6.8.7417)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
Nero Audio Pack 1 (x32 Version: 11.0.11500.110.0)
Nero Blu-ray Player (x32 Version: 12.0.14300)
Nero Blu-ray Player Help (CHM) (x32 Version: 12.0.4000)
Nero Core Components (x32 Version: 11.0.18100)
Nero Kwik Media (x32 Version: 1.18.18500)
Nero Kwik Media (x32 Version: 12.0.01300)
Nero Kwik Media Help (CHM) (x32 Version: 12.0.4000)
Nero Kwik Themes Basic (x32 Version: 12.0.11500)
Nero SharedVideoCodecs (x32 Version: 1.0.12100.2.0)
Nero Update (x32 Version: 11.0.11800.31.0)
neroxml (x32 Version: 1.0.0)
Network Activity Indicator for Windows 7 (x32 Version: 1.6)
Newblue Art Effects for PowerDirector (Version: 2.0)
NewBlue Motion and Paint Effects for PowerDirector (Version: 2.0)
NVIDIA 3D Vision Controller Driver 320.18 (Version: 320.18)
NVIDIA 3D Vision Driver 320.18 (Version: 320.18)
NVIDIA Control Panel 320.18 (Version: 320.18)
NVIDIA GeForce Experience 1.5 (Version: 1.5)
NVIDIA Graphics Driver 320.18 (Version: 320.18)
NVIDIA HD Audio Driver 1.3.24.2 (Version: 1.3.24.2)
NVIDIA Install Application (Version: 2.1002.124.810)
NVIDIA PhysX (x32 Version: 9.12.1031)
NVIDIA PhysX System Software 9.12.1031 (Version: 9.12.1031)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.2018)
NVIDIA Update 4.11.9 (Version: 4.11.9)
NVIDIA Update Components (Version: 4.11.9)
Paragon Backup & Recovery™ 2013 Free (x32 Version: 90.00.0003)
PeaZip 5.0 (WIN64)
Philips CamSuite (x32 Version: 2.0.15.0)
Philips SPC 1300NC Webcam Driver (x32 Version: 5.8.8.042)
Prerequisite installer (x32 Version: 12.0.0002)
Qualcomm Atheros WiFi Driver Installation (x32 Version: 3.1)
QuickTime (x32 Version: 7.74.80.86)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6804)
REAPER (x64)
SlimDrivers (x32 Version: 2.2.29035)
SmartSound Quicktracks 5 (x32 Version: 5.1.8)
Smart-Touch (x32 Version: 1.00.0000)
SoftEther VPN Bridge (Version: 1.00.9091)
SoftEther VPN Client (Version: 1.00.9091)
SoftPerfect RAM Disk 3.3.3
SONAR LE (x32 Version: 18.0)
SpeedFan (remove only) (x32)
Spybot - Search & Destroy (x32 Version: 1.6.2)
Startup Delayer v3.0 (build 333) (x32 Version: 3.0 (build 333))
System Navigator 2012
ThumbsPlus (HKCU)
ThumbsPlus (x32 Version: 9.0.0.3926)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
USB 2.4G Wireless Keyboard Driver (x32 Version: 3.3.13.927)
Vista Shortcut Manager x64 (Version: 2.0)
Waterfox (Version: 18.0.1)
Windows Driver Package - Elan (elntouch) USB  (12/30/2010 1.01.05) (Version: 12/30/2010 1.01.05)
Windows Driver Package - LOUD Technologies Inc. (MackieAudio) MEDIA  (12/15/2009 1.7.0.1) (Version: 12/15/2009 1.7.0.1)

==================== Restore Points  =========================


==================== Hosts content: ==========================
127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    100sexlinks.com
127.0.0.1    www.10sek.com
127.0.0.1    10sek.com
127.0.0.1    www.1-2005-search.com
127.0.0.1    1-2005-search.com
127.0.0.1    www.123fporn.info
127.0.0.1    123fporn.info
127.0.0.1    123haustiereundmehr.com
127.0.0.1    www.123haustiereundmehr.com
127.0.0.1    123moviedownload.com

There are more than 1000 lines.


==================== Scheduled Tasks (whitelisted) =============

Task: {070EA261-C8B2-40F9-BADF-C4358DBEAAB4} - System32\Tasks\{7E3D22D5-B2DE-4620-9F9D-6E7BC52BC99B} => C:\program files\waterfox\waterfox.exe [2013-01-19] (Mozilla Corporation)
Task: {0E71DD4F-9ECF-4090-8C1F-B3322484532B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-10] (Google Inc.)
Task: {10F6A70D-0993-4BAB-95CA-54EBDE440243} - System32\Tasks\MODLED => C:\Windows\ModLEDKey.exe [2010-09-17] (Chicony)
Task: {24DE8BEC-7FDD-4FB2-B1CA-0BD99667A125} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {2DD44025-C5D2-4766-9181-AF88425F8168} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-11] (Adobe Systems Incorporated)
Task: {61A2E794-D64F-4316-8045-60BA21E23A41} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => C:\program files\windows defender\MpCmdRun.exe [2009-07-13] (Microsoft Corporation)
Task: {64D8D39E-E3AE-47F7-9B77-1B65C07C040B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-10] (Google Inc.)
Task: {72108315-43E9-44F1-95E7-56DDAE974710} - System32\Tasks\SlimDrivers Scan => C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe [2013-04-24] (SlimWare Utilities, Inc.)
Task: {7CDA7AF2-5775-4751-B964-6B412EE8DC6A} - System32\Tasks\FreeFileViewerUpdateChecker => C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe [2013-03-25] (Bitberry Software)
Task: {7F68B72D-8586-4905-8BEE-99B28991A80C} - System32\Tasks\{807E3559-6961-4D0F-89EC-FB79F0A8484C} => C:\ThumbsPlus\Bin\Thumbs9.exe No File
Task: {9CE19E18-183C-4D3D-AE34-8331A970E083} - System32\Tasks\User_Feed_Synchronization-{2871F965-6D1E-4F07-9C3A-420270FE88CD} => C:\Windows\system32\msfeedssync.exe [2013-04-09] (Microsoft Corporation)
Task: {C0F44C94-94A0-4C7F-8ABE-49DDC3F6A473} - System32\Tasks\SlimDrivers Startup => C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe [2013-04-24] (SlimWare Utilities, Inc.)
Task: {C58E486A-C89C-4107-ADF4-FDE393C107B0} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-05-09] (AVAST Software)
Task: {F4D6F774-1D1F-43B6-8D18-1ED7407729A4} - System32\Tasks\{CE253EC9-3EBC-4EF9-820B-07AAF858516F} => C:\ThumbsPlus\Bin\Thumbs9.exe No File
Task: {F770A6D7-4E30-4878-B527-11ABB3B3F2C7} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-13] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FreeFileViewerUpdateChecker.job => C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\SlimDrivers Scan.job => C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe
Task: C:\Windows\Tasks\SlimDrivers Startup.job => C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/01/2013 02:17:05 PM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x80070422).

Error: (07/01/2013 02:11:19 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

Error: (07/01/2013 02:11:13 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/01/2013 02:10:59 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/01/2013 01:35:43 PM) (Source: Windows Search Service) (User: )
Description: The index cannot be initialized.


Details:
    (HRESULT : 0x80004005) (0x80004005)

Error: (07/01/2013 01:35:43 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/30/2013 08:00:06 PM) (Source: Application Hang) (User: )
Description: The program Thumbs9.exe version 9.0.0.3926 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: ebc

Start Time: 01ce75f63a5c3a2d

Termination Time: 0

Application Path: D:\ThumbsPlus\Bin\Thumbs9.exe

Report Id: 8fadd3e5-e1e9-11e2-bf9e-00ac1a8856c7

Error: (06/30/2013 07:38:08 PM) (Source: Application Error) (User: )
Description: Faulting application name: ViruClean.exe, version: 1.2.8.1175, time stamp: 0x4bc81615
Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec49b8f
Exception code: 0xc0000005
Fault offset: 0x00077e15
Faulting process id: 0x12b4
Faulting application start time: 0xViruClean.exe0
Faulting application path: ViruClean.exe1
Faulting module path: ViruClean.exe2
Report Id: ViruClean.exe3

Error: (06/30/2013 07:30:21 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

Error: (06/30/2013 07:30:15 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (07/01/2013 02:18:06 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMScheduler service.

Error: (07/01/2013 02:17:36 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMScheduler service.

Error: (07/01/2013 01:37:48 PM) (Source: Service Control Manager) (User: )
Description: The Windows Update_Untrusted_BZ service failed to start due to the following error:
%%2

Error: (07/01/2013 01:36:05 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search_Untrusted_BZ service failed to start due to the following error:
%%1053

Error: (07/01/2013 01:36:05 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Search_Untrusted_BZ service to connect.

Error: (07/01/2013 01:36:05 PM) (Source: DCOM) (User: )
Description: 1053WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (07/01/2013 01:35:43 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search_Untrusted_BZ service terminated with service-specific error %%-2147467259.

Error: (07/01/2013 01:35:42 PM) (Source: Service Control Manager) (User: )
Description: The MBAMScheduler_Untrusted_BZ service failed to start due to the following error:
%%2

Error: (07/01/2013 01:35:41 PM) (Source: Service Control Manager) (User: )
Description: The Windows Modules Installer_Untrusted_BZ service terminated with the following error:
%%32

Error: (06/30/2013 06:00:04 PM) (Source: Service Control Manager) (User: )
Description: The Windows Update_Untrusted_BZ service failed to start due to the following error:
%%2


Microsoft Office Sessions:
=========================
Error: (07/01/2013 02:17:05 PM) (Source: System Restore)(User: )
Description: C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreationScheduled Checkpoint0x80070422

Error: (07/01/2013 02:11:19 PM) (Source: SideBySide)(User: )
Description: assemblyIdentitylanguage*c:\program files (x86)\spybot - search & destroy\DelZip179.dllc:\program files (x86)\spybot - search & destroy\DelZip179.dll8

Error: (07/01/2013 02:11:13 PM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files (x86)\smart-touch\DPInst\ia64\DPInst.exe

Error: (07/01/2013 02:10:59 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"c:\program files (x86)\EASEUS\easeus partition master 9.0.0 server edition\res\Help.exe

Error: (07/01/2013 01:35:43 PM) (Source: Windows Search Service)(User: )
Description:
Details:
    (HRESULT : 0x80004005) (0x80004005)

Error: (07/01/2013 01:35:43 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/30/2013 08:00:06 PM) (Source: Application Hang)(User: )
Description: Thumbs9.exe9.0.0.3926ebc01ce75f63a5c3a2d0D:\ThumbsPlus\Bin\Thumbs9.exe8fadd3e5-e1e9-11e2-bf9e-00ac1a8856c7

Error: (06/30/2013 07:38:08 PM) (Source: Application Error)(User: )
Description: ViruClean.exe1.2.8.11754bc81615ntdll.dll6.1.7601.177254ec49b8fc000000500077e1512b401ce75ed8329550cH:\Program Install exes\viruclean\viruclean\ViruClean.exeC:\Windows\SysWOW64\ntdll.dll7f866bad-e1e6-11e2-bf9e-00ac1a8856c7

Error: (06/30/2013 07:30:21 PM) (Source: SideBySide)(User: )
Description: assemblyIdentitylanguage*c:\program files (x86)\spybot - search & destroy\DelZip179.dllc:\program files (x86)\spybot - search & destroy\DelZip179.dll8

Error: (06/30/2013 07:30:15 PM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files (x86)\smart-touch\DPInst\ia64\DPInst.exe


CodeIntegrity Errors:
===================================
  Date: 2013-07-01 14:38:13.647
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume9\Program Files\BufferZone\RlHook64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-07-01 14:30:21.292
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume9\Program Files\BufferZone\RlHook64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-07-01 13:51:10.804
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume9\Program Files\BufferZone\RlHook64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-07-01 13:35:37.855
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume9\Program Files\BufferZone\RlHook64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-30 22:23:23.673
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume9\Program Files\BufferZone\RlHook64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-30 20:51:24.512
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume9\Program Files\BufferZone\RlHook64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-30 19:52:33.170
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume9\Program Files\BufferZone\RlHook64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-30 19:47:09.848
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume9\Program Files\BufferZone\RlHook64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-30 19:02:44.336
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume9\Program Files\BufferZone\RlHook64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-30 18:44:42.079
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume9\Program Files\BufferZone\RlHook64.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 11%
Total physical RAM: 32728.66 MB
Available physical RAM: 29033.29 MB
Total Pagefile: 36822.84 MB
Available Pagefile: 33043.92 MB
Total Virtual: 8192 MB
Available Virtual: 8191.79 MB

==================== Drives ================================

Drive c: (Chochmah) (Fixed) (Total:119.02 GB) (Free:69.53 GB) NTFS (Disk=0 Partition=3)
Drive d: (Daat) (Fixed) (Total:119.14 GB) (Free:117.37 GB) NTFS (Disk=1 Partition=2)
Drive e: (Hod) (Fixed) (Total:1396.86 GB) (Free:1210.54 GB) NTFS (Disk=2 Partition=2)
Drive f: (Netzach) (Fixed) (Total:558.67 GB) (Free:444.48 GB) NTFS (Disk=3 Partition=2)
Drive g: () (Removable) (Total:14.9 GB) (Free:1.68 GB) FAT32 (Disk=4 Partition=1)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119 GB) (Disk ID: 2DB2D19E)

Partition: GPT Partition Type
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 119 GB) (Disk ID: 5CD725FA)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=119 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 1397 GB) (Disk ID: 0232F465)

Partition: GPT Partition Type
========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 559 GB) (Disk ID: 02335466)

Partition: GPT Partition Type
========================================================
Disk: 4 (Size: 15 GB) (Disk ID: 0233B467)
Partition 1: (Not Active) - (Size=15 GB) - (Type=0C)

==================== End Of Log ============================



#4 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:47 PM

Posted 02 July 2013 - 12:45 AM

Your system seems to be infected by the Zero Access rootkit.

 

 

Please download Malwarebytes Anti-Rootkit from here Malwarebytes : Malwarebytes Anti-Rootkit and save it to your desktop.

Be sure to print out and follow the instructions provided on that same page.

Caution: This is a beta version so please be sure to read the disclaimer and back up any important data before using.

  • Double click the mbar.zip file to open it, then 'Extract all files'.
  • Double click the mbar folder to open it, then double click mbar.exe to start the tool.

Check for Updates, then Scan your system for malware

If malware is found, do NOT press the Cleanup button yet. Click EXIT.

I'd like to see the log first so I can see what it sees. You'll find the log in that mbar folder as MBAR-log-***.txt . Please attach that to your next reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#5 Campy.Frankenbike

Campy.Frankenbike
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:47 PM

Posted 02 July 2013 - 11:09 AM

OK Marius, here's the scan:

____________________________________________

Malwarebytes Anti-Rootkit BETA 1.06.0.1004
www.malwarebytes.org

Database version: v2013.07.02.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16618
Raven :: BIG-KAHUNA [administrator]

7/2/2013 10:58:56 AM
mbar-log-2013-07-02 (10-58-56).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: PUP
Objects scanned: 257012
Time elapsed: 3 minute(s), 19 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
 



#6 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:47 PM

Posted 03 July 2013 - 01:40 AM

Fix with FRST

  • Open notepad (Start =>All Programs => Accessories => Notepad).
  • Please copy the entire contents of the code box below.
    (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste).
  • Save it to the same direction as frst.exe (or frst64.exe) as fixlist.txt.

    HKCR\...0c966feabec1\InprocServer32: [Default-shell32] %SystemRoot%\system32\shell32.dll ATTENTION! ====> ZeroAccess?
    HKCR\...409d6c4515e9\InprocServer32: [Default-shell32] %SystemRoot%\system32\shell32.dll ATTENTION! ====> ZeroAccess?
    S4 WebCake Desktop Updater_Untrusted_BZ; "C:\Virtual\Untrusted\C_\Program Files (x86)\WebCake\WebCakeDesktop.Updater.exe" "C:\Users\Raven\AppData\Roaming\WebCake\WebCakeDesktop.exe" [x]
    
    C:\Users\Raven\AppData\Roaming\WebCake
    C:\Program Files (x86)\WebCake
     
    
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Run frst.exe (on 64bit, run frst64.exe) and press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply.

 

 

 

Run another full system scan with MBAM and post up this log as well.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#7 Campy.Frankenbike

Campy.Frankenbike
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:47 PM

Posted 03 July 2013 - 09:46 AM

Marius, sorry, I should have introduced myself before. I'm Raven. I don't know if it matters, but I do have malwarebytes protection on and Avast free and Bufferzone are running. Anyway..

Here is the log:
 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 03-07-2013 01
Ran by Raven at 2013-07-03 09:43:21 Run:1
Running from C:\Users\Raven\Desktop
Boot Mode: Normal
==============================================

HKCU\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} => Key not found.
HKCU\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} => Key not found.
WebCake Desktop Updater_Untrusted_BZ => Service deleted successfully.
"C:\Users\Raven\AppData\Roaming\WebCake" => File/Directory not found.
"C:\Program Files (x86)\WebCake" => File/Directory not found.

==== End of Fixlog ====



#8 Campy.Frankenbike

Campy.Frankenbike
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:47 PM

Posted 03 July 2013 - 12:50 PM

Malwarebytes log I scanned my D drive too this time because it has programs installed on it.

 I have been terminating winvnc86.exe in task manager on startup.

 

----------------------------------

 

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.07.03.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16618
Raven :: BIG-KAHUNA [administrator]

Protection: Enabled

7/3/2013 12:21:22 PM
MBAM-log-2013-07-03 (12-45-34).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 404345
Time elapsed: 13 minute(s), 10 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\Users\Raven\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1S6ZB9C0\rpcminer-cpu[1].exe (PUP.BitCoinMiner) -> No action taken.
C:\Windows\System32\rpcminer-cpu.exe (PUP.BitCoinMiner) -> No action taken.
C:\Windows\System32\winvnc86.exe (PUP.BitCoinMiner) -> No action taken.

(end)

 



#9 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:47 PM

Posted 04 July 2013 - 05:24 AM

Run another MBAM and remove all threats found.

 

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.

 

 

 

Also post up another FRST log


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#10 Campy.Frankenbike

Campy.Frankenbike
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:47 PM

Posted 04 July 2013 - 08:48 AM

OK, here is what I did. I ran Malwarebytes, it found 4 things here is the log:
 
---------

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.07.03.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16618
Raven :: BIG-KAHUNA [administrator]

Protection: Enabled

7/4/2013 7:56:19 AM
mbam-log-2013-07-04 (07-56-19).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 400657
Time elapsed: 12 minute(s), 15 second(s)

Memory Processes Detected: 1
C:\Windows\SysWOW64\winvnc86.exe (PUP.BitCoinMiner) -> 3300 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 4
C:\Windows\SysWOW64\winvnc86.exe (PUP.BitCoinMiner) -> Delete on reboot.
C:\Users\Raven\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1S6ZB9C0\rpcminer-cpu[1].exe (PUP.BitCoinMiner) -> Quarantined and deleted successfully.
C:\Windows\System32\rpcminer-cpu.exe (PUP.BitCoinMiner) -> Quarantined and deleted successfully.
C:\Windows\System32\winvnc86.exe (PUP.BitCoinMiner) -> Delete on reboot.

(end)

---------------
I did not reboot after I deleted the MBAM items. I knew they'd come right back.

So I tried to run Eset. It had unexpected error 2002 right at the end of DL the virus database.
It also did not seem to like Firefox...I installed the exe it gave me...

anyway I checked after the first failed scan and Avast had not really shut down so I did that [again, I thought I"d done it the first time],
then ran the Eset again. Same error.

So, I thought I'd try IE, which I normally never use. My Internet Explorer will not open.
a very fast small screen flashes and then nothing. No instance of it in task manager.

I checked Bufferzone and there is a program installed IN the bufferzone that cannot be uninstalled
and it is called FTDownloader. Before I ever got on this forum I tried to uninstall it many times and
it would not.

I notice some of the problem files are in the temp internet files and in C:\virtual [ie Bufferzone]. Can't I just delete Temp files?

Should I clear out BZ and shut it down totally? That will get rid of any files whatsoever that are in C:\virtual.
I suspect BZ is blocking the Eset somehow. Both Firefox and IE automatically run in BZ.

thanks for helping

Edited by Campy.Frankenbike, 04 July 2013 - 08:50 AM.


#11 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:47 PM

Posted 04 July 2013 - 08:51 AM

Combofix


Combofix should only be run when adviced by a team member!


Link


Important - Save the file to your desktop!


  • Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
  • Run Combofix.exe


When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#12 Campy.Frankenbike

Campy.Frankenbike
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:47 PM

Posted 04 July 2013 - 10:35 AM

I rebooted and ran malwarebytes again, the result is same as the last one.
-===============================
Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.07.03.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16618
Raven :: BIG-KAHUNA [administrator]

Protection: Enabled

7/4/2013 9:24:37 AM
mbam-log-2013-07-04 (09-24-37).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 400904
Time elapsed: 12 minute(s), 25 second(s)

Memory Processes Detected: 1
C:\Windows\SysWOW64\winvnc86.exe (PUP.BitCoinMiner) -> 5080 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 4
C:\Windows\SysWOW64\winvnc86.exe (PUP.BitCoinMiner) -> Delete on reboot.
C:\Users\Raven\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYPC115V\rpcminer-cpu[1].exe (PUP.BitCoinMiner) -> Quarantined and deleted successfully.
C:\Windows\System32\rpcminer-cpu.exe (PUP.BitCoinMiner) -> Quarantined and deleted successfully.
C:\Windows\System32\winvnc86.exe (PUP.BitCoinMiner) -> Delete on reboot.

(end)

______________________________

I checked IE and yes, BufferZone had put 'no access' on it---why I have no idea! I only recently started using
BufferZone and don't totally know how to use it.
ALSO, I stupidly forgot about SPybot SD and yes, it had some protections running so I shut all that down.
Anyway, for IE I selected run outside BufferZone and the Eset scan completed sucessfully.

So here is the Eset log:

-----------------------

C:\Users\Raven\AppData\Local\Temp\AskPIP_FF_.exe a variant of Win32/Bundled.Toolbar.Ask.C application
C:\Users\Raven\AppData\Local\Temp\AskSLib.dll a variant of Win32/Bundled.Toolbar.Ask application
C:\Users\Raven\AppData\Local\Temp\DeltaTB.exe Win32/Toolbar.Babylon.E application
C:\Users\Raven\AppData\Local\Temp\FormatFactoryUpdateSetup.exe Win32/InstallCore.BL application
C:\Users\Raven\AppData\Local\Temp\ICReinstall_FormatFactoryUpdateSetup.exe Win32/InstallCore.BL application
C:\Users\Raven\AppData\Local\Temp\ICReinstall_VLC media playerUpdateSetup.exe Win32/InstallCore.BL application
C:\Users\Raven\AppData\Local\Temp\IZArcSetup.exe Win32/OpenCandy application
C:\Users\Raven\AppData\Local\Temp\MixiCND_CID18.exe Win32/OutBrowse.C application
C:\Users\Raven\AppData\Local\Temp\VLC media playerUpdateSetup.exe Win32/InstallCore.BL application
C:\Users\Raven\AppData\Local\Temp\is1852162411\6324196_Setup.EXE multiple threats
C:\Users\Raven\AppData\Local\Temp\NeroInstallFiles\NERO20120813133908588\ISSetupPrerequisites\neroAskToolbar\ApnIC.dll a variant of Win32/Bundled.Toolbar.Ask application
C:\Users\Raven\AppData\Local\Temp\NeroInstallFiles\NERO20120813133908588\ISSetupPrerequisites\neroAskToolbar\ApnToolbarInstaller.exe a variant of Win32/Bundled.Toolbar.Ask application
C:\Virtual\Untrusted\C_\Users\Raven\AppData\Local\Temp\DefaultTabSetup.exe a variant of Win32/Toolbar.DefaultTab.B application
C:\Virtual\Untrusted\C_\Users\Raven\AppData\Local\Temp\hsbing_717_active.exe multiple threats
C:\Virtual\Untrusted\C_\Users\Raven\AppData\Local\Temp\Shortcut_BundleSweetIMSetup.exe probably a variant of Win32/SweetIM.C application
C:\Virtual\Untrusted\C_\Users\Raven\AppData\Local\Temp\WSSetup.exe Win32/SweetIM.E application
C:\Windows\System32\winvnc86.exe probably a variant of Win32/BitCoinMiner.M application

------------------------------
I'm waiting to run Combofix until you see this log,
thanks

Edited by Campy.Frankenbike, 04 July 2013 - 11:08 AM.


#13 Campy.Frankenbike

Campy.Frankenbike
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:47 PM

Posted 04 July 2013 - 05:26 PM

While looking around online for info on the process that always starts with Windows and that I have been shutting down
in task manager [winvnc86.exe *32\, I thought why not use BufferZone to deny ALL access to the program. So I applied that to the exe in its system32 folder, rebooted and guess what? winvnc86.exe did not load on startup, and it is not running in task manaager.

Also, I have Startup Delayer running. I read that some anti malware progs won't see what is running on startup if you have
some things delayed. If you want I will set it to normal startup.

#14 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:47 PM

Posted 05 July 2013 - 12:40 AM

It is a good idea to block the malware from running, but we have to take the bad files and its loading informations as well.

Please proceed with combofix.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#15 Campy.Frankenbike

Campy.Frankenbike
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:47 PM

Posted 05 July 2013 - 06:59 AM

Marius, I have system restore turned off because I am using an SSD for OS.
However, I saved a full C drive iso backup.

Combofix says it automatically makes a restore point..so what should I do?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users