Jump to content


Recommended Posts


seems like I'm heavily infected with various malware. My PC behaves strangely as in my desktop/menus are laggin quite often and my facebook isn't working properly in Chrome.


DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.21.2

Run by Seph at 23:19:36 on 2013-04-24

Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.8175.5997 [GMT 2:00]


AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}

SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}


============== Running Processes ===============



C:\Windows\system32\svchost.exe -k DcomLaunch


C:\Windows\system32\svchost.exe -k RPCSS

C:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe



C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\system32\svchost.exe -k bthsvcs


C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\svchost.exe -k bthaudiosvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe





D:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe

D:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe

D:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe


C:\Program Files\Logitech\FlowScroll\KhalScroll.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE




C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe



C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe


C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe





============== Pseudo HJT Report ===============


uStart Page = hxxp://watchever.de/home

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Windows Live ID-Anmelde-Hilfsprogramm: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

BHO: Logitech Flow Scroll: {E11DB59D-5008-42ff-9069-535843BC0BE1} - C:\Program Files\Logitech\FlowScroll\32-bit\LogiSmooth.dll

TB: loadtbs: {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - C:\Users\Seph\AppData\Roaming\loadtbs\toolbar.dll

TB: loadtbs: {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - C:\Users\Seph\AppData\Roaming\loadtbs\toolbar.dll

uRun: [AdobeBridge] <no file>


mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

StartupFolder: C:\Users\Seph\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Seph\AppData\Roaming\Dropbox\bin\Dropbox.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDrives = dword:0

mPolicies-System: ConsentPromptBehaviorAdmin = dword:0

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableLUA = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: PromptOnSecureDesktop = dword:0

IE: E&xport to Microsoft Excel - D:\PROGRA~1\OFFICE~1\Office14\EXCEL.EXE/3000

LSP: mswsock.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab

DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab

DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab

TCP: NameServer =

TCP: Interfaces\{C3F21B97-B671-4606-BB56-C6CDEF8FDB02} : DHCPNameServer =

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Programme\Office2010\Office14\URLREDIR.DLL

x64-BHO: Logitech Flow Scroll: {E11DB59D-5008-42ff-9069-535843BC0BE1} - C:\Program Files\Logitech\FlowScroll\LogiSmooth.dll

x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe

x64-Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun

x64-Run: [EvtMgr6] D:\Programme\Logitech\SetPointP\SetPoint.exe /launchGaming

x64-Run: [LogiScrollApp] C:\Program Files\Logitech\FlowScroll\KhalScroll.exe

x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

x64-DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-Notify: igfxcui - igfxdev.dll

x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll


================= FIREFOX ===================


FF - ProfilePath - C:\Users\Seph\AppData\Roaming\Mozilla\Firefox\Profiles\tx3jwk86.default\

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll

FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\Seph\AppData\Local\Google\Update\\npGoogleUpdate3.dll

FF - plugin: C:\Users\Seph\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

FF - plugin: C:\Users\Seph\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

FF - plugin: C:\Users\Seph\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: C:\Users\Seph\AppData\Roaming\Mozilla\plugins\npo1d.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll

FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

FF - ExtSQL: !HIDDEN! 2012-08-29 18:48; {9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}; C:\Users\Seph\AppData\Roaming\14001.018



FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false


============= SERVICES / DRIVERS ===============


R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-1-1 279616]

R2 cpuz135;cpuz135;C:\Windows\System32\drivers\cpuz135_x64.sys [2012-1-1 21992]

R2 HFGService;Handsfree Headset Service;C:\Windows\System32\svchost.exe -k bthaudiosvc [2009-7-14 27136]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-1-1 13592]

R2 MBAMScheduler;MBAMScheduler;D:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-19 418376]

R2 MBAMService;MBAMService;D:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-19 701512]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-1-1 2656280]

R3 BthAudioHF;BthAudioHF-Dienst;C:\Windows\System32\drivers\BthAudioHF.sys [2009-12-21 52224]

R3 COMMONFX.SYS;COMMONFX.SYS;C:\Windows\System32\drivers\COMMONFX.sys [2010-3-18 158808]

R3 CTAUDFX.SYS;CTAUDFX.SYS;C:\Windows\System32\drivers\CTAUDFX.sys [2010-3-18 706648]

R3 CTSBLFX.SYS;CTSBLFX.SYS;C:\Windows\System32\drivers\CTSBLFX.sys [2010-3-18 681048]

R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\System32\drivers\EtronHub3.sys [2011-2-8 39936]

R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\System32\drivers\EtronXHCI.sys [2011-2-8 64512]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-3-16 25928]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-1-1 471144]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536]

S3 COMMONFX;COMMONFX;C:\Windows\System32\drivers\COMMONFX.sys [2010-3-18 158808]

S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-5-27 79360]

S3 CTAUDFX;CTAUDFX;C:\Windows\System32\drivers\CTAUDFX.sys [2010-3-18 706648]

S3 CTERFXFX.SYS;CTERFXFX.SYS;C:\Windows\System32\drivers\CTERFXFX.sys [2010-3-18 141912]

S3 CTERFXFX;CTERFXFX;C:\Windows\System32\drivers\CTERFXFX.sys [2010-3-18 141912]

S3 CTSBLFX;CTSBLFX;C:\Windows\System32\drivers\CTSBLFX.sys [2010-3-18 681048]

S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-4-22 103064]

S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]

S3 FsUsbExDisk;FsUsbExDisk;C:\Windows\SysWOW64\FsUsbExDisk.Sys [2013-2-18 37344]

S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2012-1-21 135584]

S3 hitmanpro36;Hitman Pro 3.5 Support Driver;C:\Windows\System32\drivers\hitmanpro36.sys [2012-7-15 30496]

S3 IntcDAud;Intel® Display-Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-1-10 317440]

S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\System32\drivers\LEqdUsb.sys [2011-9-2 76056]

S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\System32\drivers\LHidEqd.sys [2011-9-2 15128]

S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\System32\drivers\MijXfilt.sys [2012-1-5 115272]

S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-3-20 130008]

S3 NisSrv;Microsoft-Netzwerkinspektion;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]

S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]

S3 pwdrvio;pwdrvio;C:\Windows\System32\pwdrvio.sys [2012-3-12 19936]

S3 pwdspio;pwdspio;C:\Windows\System32\pwdspio.sys [2012-3-12 13280]

S3 RivaTuner64;RivaTuner64;D:\Programme\RivaTuner v2.24\RivaTuner64.sys [2009-8-22 19952]

S3 RTCore64;RTCore64;D:\Programme\MSI Afterburner\RTCore64.sys [2012-7-24 10568]

S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-4-22 203672]

S3 StorSvc;Speicherdienst;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]

S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]


=============== Created Last 30 ================


2013-04-24 16:17:59 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2013-04-24 16:17:44 0 ----a-w- C:\Windows\SysWow64\REN7A09.tmp

2013-04-24 16:17:44 0 ----a-w- C:\Windows\SysWow64\REN79F9.tmp

2013-04-24 11:28:03 905296 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{25B0E9BF-F7C5-4D52-8D40-4F8500F083E7}\gapaengine.dll

2013-04-24 11:27:56 9317456 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EF4B9ECC-28C2-4BC3-87EA-E5216A8CBAE3}\mpengine.dll

2013-04-22 16:41:45 203672 ----a-w- C:\Windows\System32\drivers\ssudmdm.sys

2013-04-22 16:41:45 103064 ----a-w- C:\Windows\System32\drivers\ssudbus.sys

2013-04-22 16:33:19 9317456 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2013-04-13 21:14:38 -------- d-----w- C:\Users\Seph\AppData\Local\Spotify

2013-04-13 21:14:16 -------- d-----w- C:\Users\Seph\AppData\Roaming\Spotify

2013-04-13 21:09:30 877856 ----a-w- C:\Windows\System32\nvvsvc.exe

2013-04-13 21:09:30 6398240 ----a-w- C:\Windows\System32\nvcpl.dll

2013-04-13 21:09:30 63776 ----a-w- C:\Windows\System32\nvshext.dll

2013-04-13 21:09:30 3477280 ----a-w- C:\Windows\System32\nvsvc64.dll

2013-04-13 21:09:30 3065455 ----a-w- C:\Windows\System32\nvcoproc.bin

2013-04-13 21:09:30 2555680 ----a-w- C:\Windows\System32\nvsvcr.dll

2013-04-13 21:09:30 237856 ----a-w- C:\Windows\System32\nvmctray.dll

2013-04-13 21:09:11 -------- d-----w- C:\ProgramData\NVIDIA Corporation

2013-04-09 22:23:22 3717632 ----a-w- C:\Windows\System32\mstscax.dll

2013-04-09 22:22:59 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll

2013-04-09 22:22:59 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe

2013-04-09 22:22:59 43520 ----a-w- C:\Windows\System32\csrsrv.dll

2013-04-09 22:22:59 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2013-04-09 22:22:59 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2013-04-09 22:22:59 112640 ----a-w- C:\Windows\System32\smss.exe

2013-03-27 13:11:27 -------- d-----w- C:\Program Files (x86)\VideoLAN

2013-03-27 10:25:20 -------- d-----w- C:\Users\Seph\AppData\Local\Unity

2013-03-26 17:30:35 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys


==================== Find3M ====================


2013-04-24 16:38:52 151552 ----a-w- C:\Windows\KMSEmulator.exe

2013-04-22 21:25:39 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-04-22 21:25:39 691592 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-04-04 12:50:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-04-02 10:34:28 282744 ------w- C:\Windows\System32\MpSigStub.exe

2013-03-08 17:14:43 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2013-03-08 17:14:43 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2013-03-08 17:14:33 0 ----a-w- C:\Windows\SysWow64\REN8BC0.tmp

2013-03-08 17:14:33 0 ----a-w- C:\Windows\SysWow64\REN8BBF.tmp

2013-03-02 06:04:53 1655656 ----a-w- C:\Windows\System32\drivers\ntfs.sys

2013-03-02 05:56:00 1188864 ----a-w- C:\Windows\System32\wininet.dll

2013-03-02 04:58:26 981504 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-03-02 03:57:05 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2013-03-02 03:22:06 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-03-01 03:36:04 3153408 ----a-w- C:\Windows\System32\win32k.sys

2013-02-26 15:08:35 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr

2013-02-26 15:08:35 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe

2013-02-21 03:59:24 0 ----a-w- C:\Windows\SysWow64\REN3CF5.tmp

2013-02-21 03:59:24 0 ----a-w- C:\Windows\SysWow64\REN3CF4.tmp

2013-02-15 06:08:40 44032 ----a-w- C:\Windows\System32\tsgqec.dll

2013-02-15 06:02:26 158720 ----a-w- C:\Windows\System32\aaclient.dll

2013-02-15 04:37:10 3217408 ----a-w- C:\Windows\SysWow64\mstscax.dll

2013-02-15 04:34:10 131584 ----a-w- C:\Windows\SysWow64\aaclient.dll

2013-02-15 03:25:51 36864 ----a-w- C:\Windows\SysWow64\tsgqec.dll

2013-02-14 18:35:05 0 ----a-w- C:\Windows\SysWow64\RENFE0E.tmp

2013-02-14 18:35:05 0 ----a-w- C:\Windows\SysWow64\RENFE0D.tmp

2013-02-12 05:45:24 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll

2013-02-12 05:45:22 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll

2013-02-12 05:45:22 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll

2013-02-12 05:45:22 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll

2013-02-12 04:48:31 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll

2013-02-12 04:48:26 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll

2013-02-05 08:54:40 37344 ----a-w- C:\Windows\SysWow64\FsUsbExDisk.Sys

2013-02-05 08:54:40 233472 ----a-w- C:\Windows\SysWow64\FsUsbExService.Exe


============= FINISH: 23:19:47,47 ===============





DDS (Ver_2012-11-20.01)


Microsoft Windows 7 Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 01.01.2012 18:20:02

System Uptime: 24.04.2013 20:47:03 (3 hours ago)


Motherboard: ASRock | | Z68 Pro3

Processor: Intel® Core™ i5-2500K CPU @ 3.30GHz | CPUSocket | 3301/100mhz


==== Disk Partitions =========================


C: is FIXED (NTFS) - 73 GiB total, 7,849 GiB free.

D: is FIXED (NTFS) - 393 GiB total, 38,94 GiB free.

E: is CDROM ()

F: is Removable

G: is CDROM ()


==== Disabled Device Manager Items =============


Class GUID: {4d36e96c-e325-11ce-bfc1-08002be10318}

Description: Creative Game Port

Device ID: PCI\VEN_1102&DEV_7003&SUBSYS_00401102&REV_04\5&F4E416D&0&0900E4

Manufacturer: Creative

Name: Creative Game Port

PNP Device ID: PCI\VEN_1102&DEV_7003&SUBSYS_00401102&REV_04\5&F4E416D&0&0900E4



==== System Restore Points ===================


RP406: 24.04.2013 22:00:01 - Geplanter Prüfpunkt


==== Installed Programs ======================


3DMark 11


Adobe AIR

Adobe Community Help

Adobe Content Viewer

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe InDesign CS5.5

Adobe Media Player

Adobe Photoshop CS5

Adobe Reader X (10.1.2) - Deutsch

ASRock eXtreme Tuner v0.1.78

Atmosphere Lite v7.0



Bandisoft MPEG-1 Decoder

Batman: Arkham City™


Battlefield 3™

Battlelog Web Plugins

BodyMedia Activity Manager


Cave Story+

Condemned - Criminal Origins Demo

CPUID HWMonitor 1.18


Creative Software AutoUpdate


CrystalDiskInfo 4.1.4


DAEMON Tools Lite

Dark Souls: Prepare to Die Edition


Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition


Diablo III



Dual-Core Optimizer



ESN Sonar

Etron USB3.0 Host Controller

Fallout Mod Manager 0.13.21

ffdshow v1.2.4489 [2012-10-25]

FIFA 13 Demo

Foxit Reader 5.1


Futuremark SystemInfo

GameSave Manager

GameSpy Comrade

Geeks3D.com FurMark 1.9.2

Google Chrome

Google Earth

Google Talk Plugin

Google Update Helper

Grand Theft Auto: Episodes from Liberty City

Hitman: Absolution

Hitman: Sniper Challenge

Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)

Intel® Management Engine Components

Intel® Processor Graphics

Intel® Rapid Storage Technology

Java 7 Update 21

Java Auto Updater

Java™ 6 Update 30

JavaFX 2.1.1

JDownloader 0.9

Left 4 Dead 2

Logitech Flow Scroll 4.0

Logitech SetPoint 6.32

Lone Survivor

Malwarebytes Anti-Malware Version

Mark of the Ninja

Max Payne 3

Metro 2033

Microsoft .NET Framework 1.1

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Client Profile DEU Language Pack

Microsoft .NET Framework 4 Extended

Microsoft Antimalware Service DE-DE Language Pack

Microsoft Application Error Reporting

Microsoft Games for Windows - LIVE Redistributable

Microsoft Games for Windows Marketplace

Microsoft Office 2010 Language Pack Service Pack 1 (SP1)

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access MUI (German) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Excel MUI (German) 2010

Microsoft Office Groove MUI (English) 2010

Microsoft Office Groove MUI (German) 2010

Microsoft Office InfoPath MUI (English) 2010

Microsoft Office InfoPath MUI (German) 2010

Microsoft Office Language Pack 2010 - German/Deutsch

Microsoft Office O MUI (German) 2010

Microsoft Office Office 32-bit Components 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office OneNote MUI (German) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office Outlook MUI (German) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office PowerPoint MUI (German) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (German) 2010

Microsoft Office Proof (Italian) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Proofing (German) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Publisher MUI (German) 2010

Microsoft Office Shared 32-bit MUI (English) 2010

Microsoft Office Shared 32-bit MUI (German) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared MUI (German) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office SharePoint Designer MUI (German) 2010

Microsoft Office Word MUI (English) 2010

Microsoft Office Word MUI (German) 2010

Microsoft Office X MUI (German) 2010

Microsoft Security Client

Microsoft Security Client DE-DE Language Pack

Microsoft Security Essentials

Microsoft SharePoint Designer 2010 Service Pack 1 (SP1)

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft Xbox 360 Accessories 1.2

Microsoft XNA Framework Redistributable 3.1
















MiniTool Partition Wizard Home Edition 7.1

Mozilla Firefox 15.0 (x86 de)

Mozilla Maintenance Service

Mozilla Thunderbird 17.0.5 (x86 de)

MSI Afterburner 2.2.3


Mumble 1.2.3

My Game Long Name



NVIDIA Grafiktreiber 314.22

NVIDIA Install Application


NVIDIA PhysX-Systemsoftware 9.12.1031

NVIDIA Systemsteuerung 314.22

OCCT 4.0.0



PDF Settings CS5


Pro Evolution Soccer 2013

PunkBuster Services

Rapture3D 2.5.1 Game

Realtek Ethernet Controller Driver

Realtek High Definition Audio Driver

Renegade Ops

Rise of Flight

RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition



Rockstar Games Social Club

Samsung Kies

SAMSUNG USB Driver for Mobile Phones

Secure Download Manager

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft .NET Framework 4 Extended (KB2736428)

Security Update for Microsoft .NET Framework 4 Extended (KB2742595)


Skype™ 6.1

Sleeping Dogs™

Space Pirates and Zombies


Stalker Complete 2009 v1.4.4

Super Meat Boy

To the Moon


Ubisoft Game Launcher

Unigine Heaven DX11 Benchmark 2.5 version 2.5

Unity Web Player

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553092)

Update for Microsoft Office 2010 (KB2553270) 64-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 64-Bit Edition

Update for Microsoft Office 2010 (KB2553378) 64-Bit Edition

Update for Microsoft Office 2010 (KB2598242) 64-Bit Edition

Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 64-Bit Edition

Update for Microsoft Outlook 2010 (KB2687623) 64-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 64-Bit Edition

Update for Microsoft SharePoint Designer 2010 (KB2553459) 64-Bit Edition

VLC media player 2.0.5

Windows Live Communications Platform

Windows Live Essentials

Windows Live Fotogalerie

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

WinRAR 4.01 (64-Bit)


==== End Of File ===========================

MBAM-log-2013-04-24 (20-43-20).txt

Link to post
Share on other sites

  • Replies 53
  • Created
  • Last Reply

Top Posters In This Topic

Welcome to the forum.

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller 32 Bit to your desktop.

RogueKiller 64 Bit <---use this one for 64 bit systems

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes)

P2P Warning:

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.



Make sure you're subscribed to this topic:
Click on the
Follow This Topic Button
(at the top right of this page), make sure that the
Receive notification
box is checked and that it is set to

Removing malware can be unpredictable
...things can go very wrong!
any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

Please stick with me until I give you the "all clear".

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites

Keine Aktion durchgeführt <---what does this mean??? Deleted or no action taken???


Please download AdwCleaner from here and save it on your Desktop.

AdwCleaner is a reliable removal tool for Adware, Foistware, toolbars and potentially unwanted programs.

AdwCleaner is a tool that deletes :

· Adwares (software ads)

· PUP/LPI (Potentially Undesirable Program)

· Toolbars

· Hijacker (Hijack of the browser's homepage)

It works with a Search and Deletion methode. It can be easily uninstalled using the "Uninstall" mode.

  1. Right-click on adwcleaner.exe and select Run As Administrator (for XP just double click) to launch the application.
  2. Now click on the Search tab.
  3. Please post the contents of the log-file created in your next post.

Note: The log can also be located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been ran, so in this should be something like R1.


Please look over what was found......especially any folders, we're going to permanently delete it all in the next step....if there's something you may want to keep...please let me know and I'll explain to why it shouldn't be on your system.

If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.

Please note that Antivir Webguard uses ASK Toolbar as part of its web security. If you remove ASK by using Adwcleaner, Antivir Webguard will no longer work properly. Therefore, if you use this program please use the instructions below to access the options screen where you should enable /DisableAskDetections before using AdwCleaner.

You can click on the question mark (?) in the upper left corner of the program and then click on Options. You will then be presented with a dialog where you can disable various detections. These options are described below:

/DisableAskDetection - This option disables Ask Toolbar detection.


Link to post
Share on other sites

Some adware found....lets clear it out.....

  1. Please re-run AdwCleaner
  2. Click on Delete button.
  3. Confirm each time with OK if asked.
  4. Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.

Note: You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number.


Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select Show in Results List and Check for removal.


Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.


Link to post
Share on other sites

Well I would like you run one more scan:

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix


Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.


If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.


Link to post
Share on other sites

You mean if my problems are gone with the lagging menu? I'm afraid not and I don't get a pattern here when and why it's happening. Facebook in Chrome is still crashing sometimes, it's always fine in Firefox though. I don't get what's wrong, it's really hard to recognize a pattern here.


I also found this but I don't quite get it. It say XP though. But maybe it's still the same for Windows 7!?


Link to post
Share on other sites

It's not malware related, download and install CCLeaner to clean out temp files: (please stay away from the registry cleaner)

http://www.piriform....leaner/download <--download

http://www.howtogeek...-9-tips-tricks/ <---tutorial

Run the program and clean out temp files, you may want to un-check "cookies".


Download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!


Link to post
Share on other sites

OK, I did, 7GB more on C, that's positive. ;) Let's see if it helps with those problems...were the PUP files malware?

It definitly didn't help with the context menu...it's still lagging in Spotify. When I right click it needs some time to open itself and when I click an item after it opened, it will just "stay" on the desktop all the time. Only help is to switch the resolution back and forth.

Link to post
Share on other sites

Results of screen317's Security Check version 0.99.63

Windows 7 Service Pack 1 x64 (UAC is disabled!)

Internet Explorer 8 Out of date!

``````````````Antivirus/Firewall Check:``````````````

Microsoft Security Essentials

(On Access scanning disabled!)

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware Version

JavaFX 2.1.1

Java™ 6 Update 30

Java 7 Update 21

Adobe Flash Player 11.7.700.169

Adobe Reader 10.1.2 Adobe Reader out of Date!

Mozilla Firefox (15.0)

Mozilla Thunderbird (17.0.5)

Google Chrome 26.0.1410.43

Google Chrome 26.0.1410.64

````````Process Check: objlist.exe by Laurent````````

Microsoft Security Essentials MSMpEng.exe

Microsoft Security Essentials msseces.exe

Malwarebytes Anti-Malware mbamservice.exe

Malwarebytes Anti-Malware mbamgui.exe

Malwarebytes' Anti-Malware mbamscheduler.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C:

````````````````````End of Log``````````````````````

Link to post
Share on other sites

Out dated programs on the system are vulnerable to malware.

Please update or uninstall them:

Uninstall these from your add/remove programs

JavaFX 2.1.1

Java™ 6 Update 30

Java 7 Update 21 <----OK

Adobe Reader 10.1.2 Adobe Reader out of Date! <---please check for an update if available or uninstall and download and install Foxit Reader which is less vulnerable to malware and much better than Adobe. Don't install any toolbars that may come with it (ASK Toolbar).

Google Chrome 26.0.1410.43 <---OLD

Google Chrome 26.0.1410.64 <---OK

You have old versions of Google Chrome on the system.

Please download and run OldChromeRemover.

@Windows Vista/Windows 7-8 users must use “Run As Administrator.”


For the right click menu, see if any of this helps:



Link to post
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.