Jump to content

TimeServer.exe Bitcoin Miner, help needed disinfecting


Recommended Posts

Hi everybody,

 

A few days ago my PC began running very slow. To try and find a solution I began to run my trusted group of virus scanner and male ware scanners, Malwarebytes Anti-Malware of course included. However my attempts of finding the solution seem to bring zero results. After poking around in the task manager is seem to find a process called TimeServer.exe that was eating a lot of CPU power. In my shock I hastily ended the process, a bit drastic but it seems to stop harassing my CPU and everything seems to be calming down.

So now that I found my evil doer my job was to identify it, however here I also found some problems in identifying the culprit. In my search I found two things http://processchecker.com/file/TimeServer.exe.html saying it might be a bitcoin miner and the 2nd item was http://forums.malwarebytes.org/index.php?showtopic=125666 

 

I knew I needed help getting rid of it even if I found the monster.

 

I followed the "I'm infected - What do i do now?"  and read some posts and the guide lines. After i did the preparations for the files in my post, I did some more digging and found the culprit located in C:\ProgramData\Microsoft\Windows\Time also I highlighted some interesting things I already found in the DDS.txt below. My apologies if I did something wrong but i try to give a much information to help you, help me :). Also English is my second language so sorry for any spelling and grammar mistakes.

 

Any advice would be a great help in getting rid of this monster. Also my thanks and appreciation for any help in advance.

 

DDS.txt 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16611  BrowserJavaVersion: 10.25.2
Run by Shodan at 4:30:28 on 2013-06-30
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.31.1043.18.8162.6318 [GMT 2:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Users\Shodan\Local Settings\Apps\F.lux\flux.exe
C:\Users\Shodan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\msiexec.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uProxyServer = :0
mWinlogon: Userinit = userinit.exe,
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin
\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files
\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft 
Office\Office15\URLREDIR.DLL
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files 
(x86)\Microsoft Office\Office15\GROOVEEX.DLL
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin
\jp2ssv.dll
uRun: [F.lux] "C:\Users\Shodan\Local Settings\Apps\F.lux\flux.exe" /noshow
uRun: [spotify Web Helper] "C:\Users\Shodan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [Google Update] "C:\Users\Shodan\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install 
/silent
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoResolveTrack = dword:1
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~1\Office15\EXCEL.EXE/3000
TCP: NameServer = 192.168.1.254 195.241.77.55 195.241.77.58
TCP: Interfaces\{26BE3159-496E-48B0-A381-EF578FFA0988} : DHCPNameServer = 192.168.1.254 195.241.77.55 
195.241.77.58
TCP: Interfaces\{D1A42AA2-92FE-4D1E-9A3C-F0EFA8999E7B} : DHCPNameServer = 192.168.1.254 195.241.77.55 
195.241.77.58
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared
\OFFICE15\MSOXMLMF.DLL
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype
\Skype4COM.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office
\Office15\OCHelper.dll
x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin
\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files
\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft 
Office\Office15\URLREDIR.DLL
x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin
\jp2ssv.dll
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files
\Microsoft Office\Office15\OCHelper.dll
x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared
\OFFICE15\MSOXMLMF.DLL
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\Windows\System32\drivers\iaStorA.sys [2012-12-7 652344]
R0 iaStorF;iaStorF;C:\Windows\System32\drivers\iaStorF.sys [2012-12-7 28216]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2012-7-11 140672]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage 
Technology\IAStorDataMgrSvc.exe [2012-12-7 14904]
R3 MBfilt;MBfilt;C:\Windows\System32\drivers\MBfilt64.sys [2013-6-22 32344]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-2-10 82432]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-2-10 
181760]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-6-22 805088]
R3 t3;Sound Blaster X-Fi Xtreme Audio;C:\Windows\System32\drivers\t3.sys [2009-5-6 639512]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework
\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET
\Framework64\v4.0.30319\mscorsvw.exe [2012-7-9 123856]
S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-6-30 
418376]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-6-30 701512]
S2 Time;Time;C:\ProgramData\Microsoft\Windows\Time\Time-svc.exe [2013-6-26 10752]
S3 b06diag;Broadcom NetXtreme II Diag Driver;C:\Windows\System32\drivers\bxdiaga.sys [2012-10-28 88104]
S3 BFN7x64;Bigfoot Networks Killer Gaming Service;C:\Windows\System32\drivers\Xeno7x64.sys [2012-10-28 157288]
S3 BFNVis64;Bigfoot Networks Killer Gaming Service;C:\Windows\System32\drivers\XenoVa64.sys [2012-10-28 157288]
S3 bxfcoe;bxfcoe;C:\Windows\System32\drivers\bxfcoe.sys [2012-10-28 178216]
S3 bxois;bxois;C:\Windows\System32\drivers\bxois.sys [2012-10-28 539176]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common 
Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-12-7 79360]
S3 D-LAN Core;D-LAN Core;C:\Program Files (x86)\D-LAN\D-LAN.Core.exe [2013-6-21 1813504]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
S3 IAMTVE;Stuurprogramma voor Intel® Active Management Technology - KCS;C:\Windows\System32\drivers\IAMTVE.sys 
[2012-10-28 43416]
S3 IAMTXPE;Stuurprogramma voor Intel® Active Management Technology - KCS;C:\Windows\System32\drivers\IAMTXPE.sys 
[2012-10-28 51096]
S3 IFCoEMP;IFCoEMP;C:\Windows\System32\drivers\ifM60x64.sys [2012-10-28 387344]
S3 IFCoEVB;IFCoEVB;C:\Windows\System32\drivers\ifP60x64.sys [2012-10-28 77584]
S3 ioatdma1;ioatdma1;C:\Windows\System32\drivers\qd162x64.sys [2012-10-28 40144]
S3 ioatdma2;Intel® QuickData Technology device ver.2;C:\Windows\System32\drivers\qd262x64.sys [2012-10-28 42192]
S3 ivusb;Initio Driver for USB Default Controller;C:\Windows\System32\drivers\ivusb.sys [2010-7-29 29720]
S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-6-30 25928]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\System32\drivers\MijXfilt.sys 
[2012-12-21 115272]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-30 130008]
S3 NisSrv;Microsoft Netwerkinspectie;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]
S3 NTIOLib_1_0_4;NTIOLib_1_0_4;C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [2013-6-22 14136]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2012-10-1 
178824]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-
10-28 19456]
S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revoflt.sys [2012-12-7 31800]
S3 rt61x64;Linksys Wireless-G PCI Adapter Driver;C:\Windows\System32\drivers\WMP54Gv41x64.sys [2012-10-28 446304]
S3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;C:\Windows\System32\drivers\Synth3dVsc.sys [2011-4-12 
88960]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2012-10-28 29696]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-10-28 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-10-28 30208]
S3 tsusbhub;Remote Deskotop USB Hub;C:\Windows\System32\drivers\tsusbhub.sys [2011-4-12 117248]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
.
=============== Created Last 30 ================
.
2013-06-30 02:26:33 9552976 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates
 
\{2F7F9B03-DF33-483F-AD56-474E3D45A4A0}\mpengine.dll
2013-06-30 01:44:39 -------- d-----w- C:\Users\Shodan\AppData\Roaming\Malwarebytes
2013-06-30 01:44:27 -------- d-----w- C:\ProgramData\Malwarebytes
2013-06-30 01:44:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-06-30 01:44:26 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-06-28 21:55:16 -------- d-----w- C:\Users\Shodan\AppData\Local\Google
2013-06-28 21:27:38 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-28 18:31:40 -------- d-----w- C:\Program Files (x86)\HD Tune
2013-06-28 01:26:59 -------- d-----w- C:\ProgramData\Origin
2013-06-27 18:05:24 9552976 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates
\Backup\mpengine.dll
2013-06-27 17:56:04 -------- d-----w- C:\Windows\pss
2013-06-26 20:50:20 -------- d-----w- C:\Users\Shodan\AppData\Roaming\NVIDIA
2013-06-26 20:03:58 -------- d-----w- C:\Users\Shodan\AppData\Local\NVIDIA
2013-06-26 20:02:45 884512 ----a-w- C:\Windows\System32\nvvsvc.exe
2013-06-26 20:02:45 6496544 ----a-w- C:\Windows\System32\nvcpl.dll
2013-06-26 20:02:45 63776 ----a-w- C:\Windows\System32\nvshext.dll
2013-06-26 20:02:45 3514656 ----a-w- C:\Windows\System32\nvsvc64.dll
2013-06-26 20:02:45 3253909 ----a-w- C:\Windows\System32\nvcoproc.bin
2013-06-26 20:02:45 2555680 ----a-w- C:\Windows\System32\nvsvcr.dll
2013-06-26 20:02:45 237856 ----a-w- C:\Windows\System32\nvmctray.dll
2013-06-26 20:02:38 61216 ----a-w- C:\Windows\System32\OpenCL.dll
2013-06-26 20:02:38 53024 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2013-06-26 20:02:35 -------- d-----w- C:\ProgramData\NVIDIA Corporation
2013-06-26 19:59:08 -------- d-----w- C:\NVIDIA
2013-06-26 19:26:55 49664 ----a-w- C:\ProgramData\Microsoft\Windows\Time\w9xpopen.exe
2013-06-26 19:26:55 10752 ----a-w- C:\ProgramData\Microsoft\Windows\Time\Time-svc.exe
2013-06-26 19:26:55 10240 ----a-w- C:\ProgramData\Microsoft\Windows\Time\WindowsTime.exe
2013-06-26 19:26:51 2303488 ----a-w- C:\ProgramData\Microsoft\Windows\Time\python27.dll
2013-06-26 19:26:50 24064 ----a-w- C:\ProgramData\Microsoft\Windows\Time\TimeServer.exe
2013-06-26 19:26:38 569680 ----a-w- C:\ProgramData\Microsoft\Windows\Time\msvcp90.dll
2013-06-26 19:26:32 219648 ----a-w- C:\ProgramData\Microsoft\Windows\Time\boost_python-vc90-mt-
1_48.dll
2013-06-23 16:45:00 -------- d-----w- C:\Program Files\iPod
2013-06-23 16:44:59 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-23 16:44:59 -------- d-----w- C:\Program Files\iTunes
2013-06-23 16:44:59 -------- d-----w- C:\Program Files (x86)\iTunes
2013-06-22 16:48:29 8192 ----a-w- C:\Windows\System32\drivers\IntelMEFWVer.dll
2013-06-22 16:48:21 56600 ----a-w- C:\Windows\System32\drivers\HECIx64.sys
2013-06-22 16:38:22 -------- d-----w- C:\Program Files (x86)\Microsoft XNA
2013-06-22 16:38:10 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2013-06-22 16:37:45 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-06-22 16:37:24 -------- d-----w- C:\Users\Shodan\AppData\Local\Programs
2013-06-22 16:36:20 -------- d-----w- C:\Users\Shodan\AppData\Roaming\The Longest Journey
2013-06-22 16:02:33 805088 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys
2013-06-22 16:02:33 74344 ----a-w- C:\Windows\System32\RtNicProp64.dll
2013-06-22 16:01:23 -------- d-----w- C:\ProgramData\Downloaded Installations
2013-06-22 15:59:56 11832 ----a-w- C:\Windows\acpimof.dll
2013-06-22 15:59:51 -------- d-----w- C:\Program Files (x86)\MSI
2013-06-22 15:09:28 -------- d-----w- C:\ProgramData\VS Revo Group
2013-06-22 12:01:36 964552 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates
\{CB6BD291-B671-4E20-BE07-506AACD0CC1E}\gapaengine.dll
2013-06-20 23:23:55 -------- d-----w- C:\Program Files (x86)\D-LAN
2013-06-16 19:25:37 -------- d-----w- C:\Users\Shodan\AppData\Local\ESN
2013-06-16 19:25:35 -------- d-----w- C:\Program Files (x86)\Battlelog Web Plugins
2013-06-16 19:22:48 -------- d-----w- C:\ProgramData\Electronic Arts
2013-06-16 19:22:48 -------- d-----w- C:\ProgramData\EA Logs
2013-06-16 19:22:48 -------- d-----w- C:\ProgramData\EA Core
2013-06-13 12:10:41 -------- d-----w- C:\Users\Shodan\AppData\Roaming\Belastingdienst
2013-06-12 22:25:40 -------- d-----w- C:\Users\Shodan\AppData\Roaming\cYo
2013-06-12 22:25:40 -------- d-----w- C:\Users\Shodan\AppData\Local\cYo
2013-06-12 22:25:07 -------- d-----w- C:\Program Files\ComicRack
2013-06-12 17:22:15 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-06-12 17:22:06 751104 ----a-w- C:\Windows\System32\win32spl.dll
2013-06-12 17:22:06 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll
2013-06-10 18:13:41 -------- d-----w- C:\Windows\System32\appmgmt
2013-06-10 10:41:49 -------- d-----w- C:\Users\Shodan\AppData\Local\ElevatedDiagnostics
.
==================== Find3M  ====================
.
2013-06-28 21:27:49 108968 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2013-06-28 21:27:48 972712 ----a-w- C:\Windows\System32\deployJava1.dll
2013-06-28 21:27:48 1093032 ----a-w- C:\Windows\System32\npDeployJava1.dll
2013-06-28 21:27:34 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-06-28 21:27:34 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-06-08 12:28:46 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-06-08 11:13:19 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-05-17 01:25:57 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-05-17 01:25:27 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-05-17 01:25:26 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-05-17 01:25:26 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-05-17 00:59:03 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-05-17 00:58:10 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-05-17 00:58:08 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-05-17 00:58:08 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-05-14 12:23:25 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-05-14 08:40:13 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-05-13 05:51:01 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-05-13 05:51:00 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2013-05-13 05:51:00 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll
2013-05-13 04:45:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-05-13 04:45:55 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-05-13 04:45:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-05-13 03:43:55 1192448 ----a-w- C:\Windows\System32\certutil.exe
2013-05-13 03:08:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe
2013-05-13 03:08:06 43008 ----a-w- C:\Windows\SysWow64\certenc.dll
2013-05-10 05:49:27 30720 ----a-w- C:\Windows\System32\cryptdlg.dll
2013-05-10 03:20:54 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll
2013-05-02 15:29:56 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-04-25 23:30:32 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll
2013-04-17 07:02:06 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2013-04-17 06:24:46 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2013-04-10 06:01:54 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2013-04-10 06:01:53 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2013-04-10 03:30:50 3153920 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH:  4:30:33,26 ===============
 
attach.txt
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate 
Boot Device: \Device\HarddiskVolume1
Install Date: 7-12-2012 2:53:33
System Uptime: 29-6-2013 23:02:19 (5 hours ago)
.
Motherboard: MSI |  | P67A-G45 (MS-7673)
Processor: Intel® Core i5-2500K CPU @ 3.30GHz | SOCKET 0 | 3301/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 233 GiB total, 135,402 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 932 GiB total, 343,375 GiB free.
F: is FIXED (NTFS) - 233 GiB total, 65,248 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Linksys Wireless-G PCI Adapter
Device ID: PCI\VEN_1814&DEV_0301&SUBSYS_00551737&REV_00\5&78811C5&0&0800E4
Manufacturer: Linksys, A Division of Cisco Systems, Inc.
Name: Linksys Wireless-G PCI Adapter
PNP Device ID: PCI\VEN_1814&DEV_0301&SUBSYS_00551737&REV_00\5&78811C5&0&0800E4
Service: rt61x64
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
A Game of Thrones version 0.4.4
Aangifte inkomstenbelasting 2011
Aangifte inkomstenbelasting 2012
Adobe Reader XI (11.0.03) - Nederlands
Adobe Shockwave Player 12.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Arma 2
Arma 2: DayZ Mod
Arma 2: Operation Arrowhead
Arma 2: Operation Arrowhead Beta
Battlelog Web Plugins
BattlEye for OA Uninstall
Bonjour
CCleaner
Company of Heroes 2
CPUID CPU-Z 1.62
Creation Kit
Creative Configuratiescherm voor geluid
Creative Console Launcher
Creative Software AutoUpdate
Creative Sound Blaster Properties x64 Edition
Crusader Kings II
D-LAN version 1.1.0 Beta15 - 2012-12-16_16-22
Dark Souls: Prepare to Die Edition
Dead Rising 2
Definition Update for Microsoft Office 2013 (KB2760587) 64-Bit Edition
Don't Starve
ESN Sonar
EVEMon
F.lux
Fraps
Google Chrome
HD Tune 2.55
Host OpenAL
Intel® Management Engine Components
Intel® Rapid Storage Technology
iTunes
Java 7 Update 25
Java 7 Update 25 (64-bit)
Java 7 Update 6 (64-bit)
Java Auto Updater
Kerbal Space Program
Live Update 5
Malwarebytes Anti-Malware version 1.75.0.1300
Marvel Heroes
Microsoft .NET Framework 4.5
Microsoft .NET Framework 4.5 NLD Language Pack
Microsoft Access MUI (English) 2013
Microsoft Access Setup Metadata MUI (English) 2013
Microsoft DCF MUI (English) 2013
Microsoft Excel MUI (English) 2013
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Groove MUI (English) 2013
Microsoft InfoPath MUI (English) 2013
Microsoft Lync MUI (English) 2013
Microsoft Office 32-bit Components 2013
Microsoft Office OSM MUI (English) 2013
Microsoft Office OSM UX MUI (English) 2013
Microsoft Office Professional Plus 2013
Microsoft Office Proofing (English) 2013
Microsoft Office Proofing Tools 2013 - English
Microsoft Office Proofing Tools 2013 - Español
Microsoft Office Shared 32-bit MUI (English) 2013
Microsoft Office Shared MUI (English) 2013
Microsoft Office Shared Setup Metadata MUI (English) 2013
Microsoft OneNote MUI (English) 2013
Microsoft Outlook MUI (English) 2013
Microsoft PowerPoint MUI (English) 2013
Microsoft Publisher MUI (English) 2013
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106
Microsoft Word MUI (English) 2013
Microsoft XNA Framework Redistributable 3.1
Microsoft_VC100_CRT_SP1_x64
Microsoft_VC100_CRT_SP1_x86
MotioninJoy DS3 driver version 0.6.0005
MSVC80_x64_v2
MSVC80_x86_v2
MSVC90_x64
MSVC90_x86
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Neverwinter
Nexus Mod Manager
Notepad++
NVIDIA-configuratiescherm 320.49
NVIDIA GeForce Experience 1.5
NVIDIA Grafisch stuurprogramma 320.49
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX systeemsoftware 9.13.0604
NVIDIA Update 4.11.9
NVIDIA Update Components
Outils de vérification linguistique 2013 de Microsoft Office - Français
Planescape Torment
Rayman Origins
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Renesas Electronics USB 3.0 Host Controller Driver
Revo Uninstaller Pro 3.0.5
Samsung SSD Magician
Security Update for Microsoft .NET Framework 4.5 (KB2729460)
Security Update for Microsoft .NET Framework 4.5 (KB2737083)
Security Update for Microsoft .NET Framework 4.5 (KB2742613)
Security Update for Microsoft .NET Framework 4.5 (KB2789648)
Security Update for Microsoft .NET Framework 4.5 (KB2804582)
Skype™ 6.0
Spotify
SUPERAntiSpyware
swMSM
System Shock 2
Taalpakket voor Microsoft .NET Framework 4.5 - NLD
TeamSpeak 3 Client
The Elder Scrolls V: Skyrim
The Secret of Monkey Island: Special Edition
The Settlers IV
Update for Microsoft .NET Framework 4.5 (KB2750147)
Update for Microsoft .NET Framework 4.5 (KB2805221)
Update for Microsoft .NET Framework 4.5 (KB2805226)
Update for Microsoft Access 2013 (KB2760350) 64-Bit Edition
Update for Microsoft Excel 2013 (KB2760339) 64-Bit Edition
Update for Microsoft Lync 2013 (KB2768004) 64-Bit Edition
Update for Microsoft Office 2013 (KB2726954) 64-Bit Edition
Update for Microsoft Office 2013 (KB2726961) 64-Bit Edition
Update for Microsoft Office 2013 (KB2726996) 64-Bit Edition
Update for Microsoft Office 2013 (KB2737954) 64-Bit Edition
Update for Microsoft Office 2013 (KB2752025) 64-Bit Edition
Update for Microsoft Office 2013 (KB2752094) 64-Bit Edition
Update for Microsoft Office 2013 (KB2752101) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760224) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760538) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760610) 64-Bit Edition
Update for Microsoft Office 2013 (KB2767845) 64-Bit Edition
Update for Microsoft Office 2013 (KB2767860) 64-Bit Edition
Update for Microsoft Office 2013 (KB2768016) 64-Bit Edition
Update for Microsoft Office 2013 (KB2810010) 64-Bit Edition
Update for Microsoft Office 2013 (KB2810014) 64-Bit Edition
Update for Microsoft Office 2013 (KB2810017) 64-Bit Edition
Update for Microsoft Office 2013 (KB2810018) 64-Bit Edition
Update for Microsoft Office 2013 (KB2817320) 64-Bit Edition
Update for Microsoft OneNote 2013 (KB2760334) 64-Bit Edition
Update for Microsoft Outlook 2013 (KB2810015) 64-Bit Edition
Update for Microsoft PowerPoint 2013 (KB2726947) 64-Bit Edition
Update for Microsoft PowerPoint 2013 (KB2727013) 64-Bit Edition
Update for Microsoft SkyDrive Pro (KB2767865) 64-Bit Edition
Update for Microsoft SkyDrive Pro (KB2810019) 64-Bit Edition
Update for Microsoft Visio 2013 (KB2810008) 64-Bit Edition
Update for Microsoft Visio Viewer 2013 (KB2768338) 64-Bit Edition
Update for Microsoft Word 2013 (KB2768007) 64-Bit Edition
Update for Microsoft Word 2013 (KB2768337) 64-Bit Edition
VirtualCloneDrive
VLC media player 2.0.7
Warhammer 40,000 Space Marine
Windows 7 USB/DVD Download Tool
Windows Live ID Sign-in Assistant
WinRAR 4.20 (64-bit)
Wrye Bash
XdN Tweaker 0.9.2.6
.
==== End Of File ===========================
 

 

Link to post
Share on other sites

Welcome to the forum.

Please download and run RogueKiller 32 Bit to your desktop.

RogueKiller 64 Bit <---use this one for 64 bit systems

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes)

P2P/Piracy Warning:

1. If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

2. If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

MrC

Note:

Please read all of my instructions completely including these.

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites

Hi MrCharlie,

 

Thank you for the fast reply, I have followed you instructions and ran RoguekillerX64.

 

RogueKiller V8.6.1 _x64_ [Jun 29 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
besturingssysteem : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Gestart vanuit : Normale modus
Gebruiker : Shodan [Administrator rechten]
Modus : Scan -- Datum : 06/30/2013 17:08:44
| ARK || FAK || MBR |
 
¤¤¤ Kwaadaardige processen : 3 ¤¤¤
[sUSP PATH] Time-svc.exe -- C:\ProgramData\Microsoft\Windows\Time\Time-svc.exe [-] -> BEEINDIGD [TermProc]
[sUSP PATH] WindowsTime.exe -- C:\ProgramData\Microsoft\Windows\Time\WindowsTime.exe [-] -> BEEINDIGD [TermProc]
[sUSP PATH] TimeServer.exe -- C:\ProgramData\Microsoft\Windows\Time\TimeServer.exe [-] -> BEEINDIGD [TermProc]
 
¤¤¤ Register verwijzingen : 19 ¤¤¤
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (:0) -> gevonden
[HJ POL] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> gevonden
[HJ POL] HKLM\[...]\System : ConsentPromptBehaviorUser (0) -> gevonden
[HJ POL] HKLM\[...]\System : EnableLUA (0) -> gevonden
[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> gevonden
[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorUser (0) -> gevonden
[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> gevonden
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyDocs (0) -> gevonden
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> gevonden
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowUser (0) -> gevonden
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> gevonden
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> gevonden
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> gevonden
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowVideos (0) -> gevonden
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowHelp (0) -> gevonden
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> gevonden
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> gevonden
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> gevonden
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> gevonden
 
¤¤¤ geplande taken : 0 ¤¤¤
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ webbrowsers : 0 ¤¤¤
 
¤¤¤ Speciale Files / Folders: ¤¤¤
 
¤¤¤ Driver : [Niet geladen 0x0] ¤¤¤
 
¤¤¤ Externe Hives: ¤¤¤
 
¤¤¤ Infectie :  ¤¤¤
 
¤¤¤ HOSTS Bestand: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
¤¤¤ MBR Controle: ¤¤¤
 
+++++ PhysicalDrive0: ATA Samsung SSD 840 SCSI Disk Device +++++
--- User ---
[MBR] a1df3d64ad30f298af3e91fe555139cd
[bSP] 8df895906e44d9fb152c09136666544c : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 238373 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
+++++ PhysicalDrive1: ATA Samsung SSD 840 SCSI Disk Device +++++
--- User ---
[MBR] 7940de1115c4065ced1b08c99cd48dd8
[bSP] c80da55afd5fd3b42e02b4e0295ea37c : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953867 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
+++++ PhysicalDrive2: ATA Samsung SSD 840 SCSI Disk Device +++++
--- User ---
[MBR] 1c66eceac17f6f05169855f096e136ed
[bSP] 4dd90d4d8f7f5d8dd2d6f3afb380c195 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 238473 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
Gereed : << RKreport[0]_S_06302013_170844.txt >>
RKreport[0]_S_06302013_031730.txt;RKreport[0]_S_06302013_040306.txt;RKreport[0]_S_06302013_170332.txt
Link to post
Share on other sites

Run RogueKiller again and click Scan
When the scan completes > click on the Kwaadaardige processen tab
Put a check next to all of these and uncheck the rest: (if found)
 
 


[sUSP PATH] Time-svc.exe -- C:\ProgramData\Microsoft\Windows\Time\Time-svc.exe [-] -> BEEINDIGD [TermProc]
[sUSP PATH] WindowsTime.exe -- C:\ProgramData\Microsoft\Windows\Time\WindowsTime.exe [-] -> BEEINDIGD [TermProc]
[sUSP PATH] TimeServer.exe -- C:\ProgramData\Microsoft\Windows\Time\TimeServer.exe [-] -> BEEINDIGD [TermProc]
 

 


 
Now click Delete on the right hand column under Options
 
-------------
 
Please download and run ComboFix.
 
The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.
 
Please visit this webpage for download links, and instructions for running ComboFix
 
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
 
Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
 
Information on disabling your malware programs can be found Here.
 
Make sure you run ComboFix from your desktop.  
 
Give it at least 30-45 minutes to finish if needed.
 
Please include the C:\ComboFix.txt in your next reply for further review.
 
 

---------->NOTE<----------


If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.
 
MrC

Link to post
Share on other sites

Wow, amazing fast reply. Again i followed your instructions and i hope i did everything correct.

 

ComboFix 13-06-30.01 - Shodan 30-06-2013  17:46:45.1.4 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.31.1043.18.8162.6960 [GMT 2:00]
Gestart vanuit: e:\users\Shodan\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Nieuw herstelpunt werd aangemaakt
.
.
((((((((((((((((((((((((((((((((((   Andere Verwijderingen   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\frapsvid.dll
c:\windows\wininit.ini
.
.
((((((((((((((((((((   Bestanden Gemaakt van 2013-05-28 to 2013-06-30  ))))))))))))))))))))))))))))))
.
.
2013-06-30 15:49 . 2013-06-30 15:49 -------- d-----w- c:\users\Shodan\AppData\Local\temp
2013-06-30 15:49 . 2013-06-30 15:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-06-30 13:40 . 2013-06-12 03:08 9552976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3DD57F5A-93CE-4B42-8E36-23CE263F9C02}\mpengine.dll
2013-06-30 03:46 . 2013-06-12 03:08 9552976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-06-30 01:44 . 2013-06-30 01:44 -------- d-----w- c:\users\Shodan\AppData\Roaming\Malwarebytes
2013-06-30 01:44 . 2013-06-30 01:44 -------- d-----w- c:\programdata\Malwarebytes
2013-06-30 01:44 . 2013-06-30 01:44 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-06-30 01:44 . 2013-04-04 12:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-06-30 01:39 . 2013-06-30 01:43 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-06-28 21:55 . 2013-06-28 21:55 -------- d-----w- c:\users\Shodan\AppData\Local\Google
2013-06-28 21:27 . 2013-06-28 21:27 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-06-28 21:27 . 2013-06-28 21:27 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-28 21:27 . 2013-06-28 21:27 -------- d-----w- c:\program files (x86)\Java
2013-06-28 18:31 . 2013-06-28 18:31 -------- d-----w- c:\program files (x86)\HD Tune
2013-06-28 01:26 . 2013-06-28 01:27 -------- d-----w- c:\programdata\Origin
2013-06-26 20:50 . 2013-06-27 00:11 -------- d-----w- c:\users\Shodan\AppData\Roaming\NVIDIA
2013-06-26 20:01 . 2013-06-26 20:01 -------- d-----w- c:\program files (x86)\AGEIA Technologies
2013-06-26 19:59 . 2013-06-26 19:59 -------- d-----w- C:\NVIDIA
2013-06-26 19:26 . 2013-06-26 19:26 49664 ----a-w- c:\programdata\Microsoft\Windows\Time\w9xpopen.exe
2013-06-26 19:26 . 2013-06-26 19:26 10752 ----a-w- c:\programdata\Microsoft\Windows\Time\Time-svc.exe
2013-06-26 19:26 . 2013-06-26 19:26 10240 ----a-w- c:\programdata\Microsoft\Windows\Time\WindowsTime.exe
2013-06-26 19:26 . 2013-06-26 19:26 2303488 ----a-w- c:\programdata\Microsoft\Windows\Time\python27.dll
2013-06-26 19:26 . 2013-06-26 19:26 24064 ----a-w- c:\programdata\Microsoft\Windows\Time\TimeServer.exe
2013-06-26 19:26 . 2013-06-26 19:26 569680 ----a-w- c:\programdata\Microsoft\Windows\Time\msvcp90.dll
2013-06-26 19:26 . 2013-06-26 19:26 219648 ----a-w- c:\programdata\Microsoft\Windows\Time\boost_python-vc90-mt-1_48.dll
2013-06-23 16:45 . 2013-06-23 16:45 -------- d-----w- c:\program files\iPod
2013-06-23 16:44 . 2013-06-23 16:45 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-23 16:44 . 2013-06-23 16:45 -------- d-----w- c:\program files\iTunes
2013-06-23 16:44 . 2013-06-23 16:45 -------- d-----w- c:\program files (x86)\iTunes
2013-06-22 16:48 . 2012-06-06 09:56 8192 ----a-w- c:\windows\system32\drivers\IntelMEFWVer.dll
2013-06-22 16:48 . 2011-09-22 07:49 56600 ----a-w- c:\windows\system32\drivers\HECIx64.sys
2013-06-22 16:38 . 2013-06-22 16:38 -------- d-----w- c:\program files (x86)\Microsoft XNA
2013-06-22 16:38 . 2013-06-25 22:51 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-06-22 16:37 . 2013-06-26 15:51 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2013-06-22 16:37 . 2013-06-22 16:37 -------- d-----w- c:\users\Shodan\AppData\Local\Programs
2013-06-22 16:36 . 2013-06-22 16:36 -------- d-----w- c:\users\Shodan\AppData\Roaming\The Longest Journey
2013-06-22 16:02 . 2012-12-26 23:26 805088 ----a-w- c:\windows\system32\drivers\Rt64win7.sys
2013-06-22 16:02 . 2012-12-26 23:26 74344 ----a-w- c:\windows\system32\RtNicProp64.dll
2013-06-22 16:01 . 2013-06-22 16:01 -------- d-----w- c:\programdata\Downloaded Installations
2013-06-22 15:59 . 2012-08-22 08:19 11832 ----a-w- c:\windows\acpimof.dll
2013-06-22 15:59 . 2013-06-22 15:59 -------- d-----w- c:\program files (x86)\MSI
2013-06-22 15:09 . 2013-06-22 15:09 -------- d-----w- c:\programdata\VS Revo Group
2013-06-22 12:01 . 2013-06-22 12:01 964552 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CB6BD291-B671-4E20-BE07-506AACD0CC1E}\gapaengine.dll
2013-06-20 23:23 . 2013-06-20 23:23 -------- d-----w- c:\program files (x86)\D-LAN
2013-06-19 18:01 . 2013-06-19 19:37 -------- d-----w- c:\users\Shodan\AppData\Roaming\Notepad++
2013-06-19 18:00 . 2013-06-19 18:00 -------- d-----w- c:\program files (x86)\Notepad++
2013-06-17 12:44 . 2013-06-24 00:33 -------- d-----w- c:\users\Shodan\AppData\Roaming\Skype
2013-06-16 19:25 . 2013-06-16 19:25 -------- d-----w- c:\users\Shodan\AppData\Local\ESN
2013-06-16 19:25 . 2013-06-16 19:25 -------- d-----w- c:\program files (x86)\Battlelog Web Plugins
2013-06-16 19:22 . 2013-06-16 19:22 -------- d-----w- c:\programdata\Electronic Arts
2013-06-16 19:22 . 2013-06-16 19:22 -------- d-----w- c:\programdata\EA Logs
2013-06-16 19:22 . 2013-06-16 19:22 -------- d-----w- c:\programdata\EA Core
2013-06-13 12:10 . 2013-06-22 15:15 -------- d-----w- c:\users\Shodan\AppData\Roaming\Belastingdienst
2013-06-12 22:25 . 2013-06-12 22:25 -------- d-----w- c:\users\Shodan\AppData\Roaming\cYo
2013-06-12 22:25 . 2013-06-12 22:25 -------- d-----w- c:\users\Shodan\AppData\Local\cYo
2013-06-12 22:25 . 2013-06-12 22:25 -------- d-----w- c:\program files\ComicRack
2013-06-12 17:22 . 2013-05-08 06:39 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-06-12 17:22 . 2013-04-26 05:51 751104 ----a-w- c:\windows\system32\win32spl.dll
2013-06-12 17:22 . 2013-04-26 04:55 492544 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-06-10 18:13 . 2013-06-10 18:13 -------- d-----w- c:\windows\system32\appmgmt
2013-06-10 10:41 . 2013-06-10 10:41 -------- d-----w- c:\users\Shodan\AppData\Local\ElevatedDiagnostics
.
.
.
(((((((((((((((((((((((((((((((((((((((   Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-28 21:27 . 2012-10-28 14:34 108968 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2013-06-28 21:27 . 2012-10-28 14:34 972712 ----a-w- c:\windows\system32\deployJava1.dll
2013-06-28 21:27 . 2012-10-28 14:34 312232 ----a-w- c:\windows\system32\javaws.exe
2013-06-28 21:27 . 2012-10-28 14:34 1093032 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-06-28 21:27 . 2012-10-28 14:34 189352 ----a-w- c:\windows\system32\javaw.exe
2013-06-28 21:27 . 2012-10-28 14:34 188840 ----a-w- c:\windows\system32\java.exe
2013-06-28 21:27 . 2012-12-07 02:20 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-06-28 21:27 . 2012-12-07 02:20 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-06-21 12:06 . 2013-03-26 14:06 6324360 ----a-w- c:\windows\SysWow64\nvopencl.dll
2013-06-21 12:06 . 2013-03-26 14:06 17560352 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2013-06-21 12:06 . 2013-03-26 14:06 12427240 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2013-06-21 12:06 . 2012-12-07 02:08 2936208 ----a-w- c:\windows\system32\nvapi64.dll
2013-06-21 12:06 . 2012-12-07 02:08 2597856 ----a-w- c:\windows\SysWow64\nvapi.dll
2013-06-21 12:06 . 2012-12-07 02:08 15920536 ----a-w- c:\windows\system32\nvwgf2umx.dll
2013-06-21 12:06 . 2012-12-07 02:08 1059560 ----a-w- c:\windows\system32\nvumdshimx.dll
2013-06-13 01:01 . 2012-10-28 09:47 75825640 ----a-w- c:\windows\system32\MRT.exe
2013-05-25 15:50 . 2009-08-18 11:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2013-05-25 15:50 . 2009-08-18 10:24 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-22 12:13 . 2013-03-23 22:25 964552 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-05-02 15:29 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-04-30 01:11 . 2013-04-30 01:11 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-04-30 01:11 . 2013-04-30 01:11 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-04-30 01:11 . 2013-04-30 01:11 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-04-30 01:11 . 2013-04-30 01:11 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-04-30 01:11 . 2013-04-30 01:11 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-04-30 01:11 . 2013-04-30 01:11 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-04-30 01:11 . 2013-04-30 01:11 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-04-30 01:11 . 2013-04-30 01:11 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-04-30 01:11 . 2013-04-30 01:11 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-04-30 01:11 . 2013-04-30 01:11 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-04-30 01:11 . 2013-04-30 01:11 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-04-30 01:11 . 2013-04-30 01:11 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-04-30 01:11 . 2013-04-30 01:11 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-04-30 01:11 . 2013-04-30 01:11 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-04-30 01:11 . 2013-04-30 01:11 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-04-30 01:11 . 2013-04-30 01:11 81408 ----a-w- c:\windows\system32\icardie.dll
2013-04-30 01:11 . 2013-04-30 01:11 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-04-30 01:11 . 2013-04-30 01:11 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-04-30 01:11 . 2013-04-30 01:11 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-04-30 01:11 . 2013-04-30 01:11 441856 ----a-w- c:\windows\system32\html.iec
2013-04-30 01:11 . 2013-04-30 01:11 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-04-30 01:11 . 2013-04-30 01:11 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-04-30 01:11 . 2013-04-30 01:11 235008 ----a-w- c:\windows\system32\url.dll
2013-04-30 01:11 . 2013-04-30 01:11 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-04-30 01:11 . 2013-04-30 01:11 216064 ----a-w- c:\windows\system32\msls31.dll
2013-04-30 01:11 . 2013-04-30 01:11 197120 ----a-w- c:\windows\system32\msrating.dll
2013-04-30 01:11 . 2013-04-30 01:11 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-04-30 01:11 . 2013-04-30 01:11 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-04-30 01:11 . 2013-04-30 01:11 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-04-30 01:11 . 2013-04-30 01:11 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-04-30 01:11 . 2013-04-30 01:11 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-04-30 01:11 . 2013-04-30 01:11 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-04-30 01:11 . 2013-04-30 01:11 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-04-30 01:11 . 2013-04-30 01:11 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-04-30 01:11 . 2013-04-30 01:11 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-04-30 01:11 . 2013-04-30 01:11 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-04-30 01:11 . 2013-04-30 01:11 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-04-30 01:11 . 2013-04-30 01:11 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-04-30 01:11 . 2013-04-30 01:11 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-04-30 01:11 . 2013-04-30 01:11 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-04-30 01:11 . 2013-04-30 01:11 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-04-30 01:11 . 2013-04-30 01:11 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-04-30 01:11 . 2013-04-30 01:11 149504 ----a-w- c:\windows\system32\occache.dll
2013-04-30 01:11 . 2013-04-30 01:11 144896 ----a-w- c:\windows\system32\wextract.exe
2013-04-30 01:11 . 2013-04-30 01:11 13824 ----a-w- c:\windows\system32\mshta.exe
2013-04-30 01:11 . 2013-04-30 01:11 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-04-30 01:11 . 2013-04-30 01:11 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-04-30 01:11 . 2013-04-30 01:11 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-04-30 01:11 . 2013-04-30 01:11 102912 ----a-w- c:\windows\system32\inseng.dll
2013-04-13 05:49 . 2013-05-15 12:21 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-15 12:21 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-15 12:21 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-15 12:21 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-15 12:21 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 12:21 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-24 10:41 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-10 06:01 . 2013-05-15 12:21 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-04-10 06:01 . 2013-05-15 12:21 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-04-10 03:30 . 2013-05-15 12:21 3153920 ----a-w- c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Opstartpunten   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2013-05-20 19:00 1725128 ----a-w- c:\progra~2\MICROS~4\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2013-05-20 19:00 1725128 ----a-w- c:\progra~2\MICROS~4\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2013-05-20 19:00 1725128 ----a-w- c:\progra~2\MICROS~4\Office15\GROOVEEX.DLL
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"F.lux"="c:\users\Shodan\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]
"Spotify Web Helper"="c:\users\Shodan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-06-15 1104384]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ   autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 Time;Time;c:\programdata\Microsoft\Windows\Time\Time-svc.exe;c:\programdata\Microsoft\Windows\Time\Time-svc.exe [x]
R3 b06diag;Broadcom NetXtreme II Diag Driver;c:\windows\system32\drivers\bxdiaga.sys;c:\windows\SYSNATIVE\drivers\bxdiaga.sys [x]
R3 BFN7x64;Bigfoot Networks Killer Gaming Service;c:\windows\system32\drivers\Xeno7x64.sys;c:\windows\SYSNATIVE\drivers\Xeno7x64.sys [x]
R3 BFNVis64;Bigfoot Networks Killer Gaming Service;c:\windows\system32\drivers\XenoVa64.sys;c:\windows\SYSNATIVE\drivers\XenoVa64.sys [x]
R3 bxfcoe;bxfcoe;c:\windows\system32\drivers\bxfcoe.sys;c:\windows\SYSNATIVE\drivers\bxfcoe.sys [x]
R3 bxois;bxois;c:\windows\system32\drivers\bxois.sys;c:\windows\SYSNATIVE\drivers\bxois.sys [x]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [x]
R3 D-LAN Core;D-LAN Core;c:\program files (x86)\D-LAN\D-LAN.Core.exe;c:\program files (x86)\D-LAN\D-LAN.Core.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 IAMTVE;Stuurprogramma voor Intel® Active Management Technology - KCS;c:\windows\system32\drivers\IAMTVE.sys;c:\windows\SYSNATIVE\drivers\IAMTVE.sys [x]
R3 IAMTXPE;Stuurprogramma voor Intel® Active Management Technology - KCS;c:\windows\system32\drivers\IAMTXPE.sys;c:\windows\SYSNATIVE\drivers\IAMTXPE.sys [x]
R3 IFCoEMP;IFCoEMP;c:\windows\system32\drivers\ifM60x64.sys;c:\windows\SYSNATIVE\drivers\ifM60x64.sys [x]
R3 IFCoEVB;IFCoEVB;c:\windows\system32\drivers\ifP60X64.sys;c:\windows\SYSNATIVE\drivers\ifP60X64.sys [x]
R3 ioatdma1;ioatdma1;c:\windows\System32\Drivers\qd162x64.sys;c:\windows\SYSNATIVE\Drivers\qd162x64.sys [x]
R3 ioatdma2;Intel® QuickData Technology device ver.2;c:\windows\System32\Drivers\qd262x64.sys;c:\windows\SYSNATIVE\Drivers\qd262x64.sys [x]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys;c:\windows\SYSNATIVE\DRIVERS\ivusb.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys;c:\windows\SYSNATIVE\DRIVERS\MijXfilt.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Netwerkinspectie;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files (x86)\MSI\Live Update 5\NTIOLib_X64.sys;c:\program files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys;c:\windows\SYSNATIVE\DRIVERS\revoflt.sys [x]
R3 rt61x64;Linksys Wireless-G PCI Adapter Driver;c:\windows\system32\DRIVERS\WMP54Gv41x64.sys;c:\windows\SYSNATIVE\DRIVERS\WMP54Gv41x64.sys [x]
R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys;c:\windows\SYSNATIVE\drivers\Synth3dVsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 t3;Sound Blaster X-Fi Xtreme Audio;c:\windows\system32\drivers\t3.sys;c:\windows\SYSNATIVE\drivers\t3.sys [x]
.
.
Inhoud van de 'Gedeelde Taken' map
.
2013-06-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3511419792-4291243797-1282643203-1000Core.job
- c:\users\Shodan\AppData\Local\Google\Update\GoogleUpdate.exe [2013-06-28 21:55]
.
2013-06-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3511419792-4291243797-1282643203-1000UA.job
- c:\users\Shodan\AppData\Local\Google\Update\GoogleUpdate.exe [2013-06-28 21:55]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
.
------- Bijkomende Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office15\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254 195.241.77.55 195.241.77.58
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
.
- - - - ORPHANS VERWIJDERD - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-pcsx2-r5350 - c:\my games\Roms\Emulator\Uninst-pcsx2-r5350.exe
AddRemove-S4Uninst - c:\bluebyte\The Settlers IV\Uninst.isu
.
.
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Voltooingstijd: 2013-06-30  17:49:59
ComboFix-quarantined-files.txt  2013-06-30 15:49
.
Pre-Run: 145.534.017.536 bytes beschikbaar
Post-Run: 145.377.710.080 bytes beschikbaar
.
- - End Of File - - 38871DADD5B5B72BCD930A6ABE564A38
A36C5E4F47E84449FF07ED3517B43A31
Link to post
Share on other sites

Using ComboFix......

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

4. If ComboFix wants to update.....please allow it to.

Driver::

Time

Folder::

c:\programdata\Microsoft\Windows\Time

ClearJavaCache::

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScript.gif

Refering to the picture above, drag CFScript into ComboFix.exe

CAUTION: Do not mouse-click ComboFix while it is running. It may cause it to stall.

After reboot, (in case it asks to reboot)......

Please provide the contents of the ComboFix log (C:\ComboFix.txt) in your next reply.

MrC

Link to post
Share on other sites

Follow the instructions and i seems that with the reboot the programs seems to have stopped.

The report from combofix below

 

 

ComboFix 13-06-30.01 - Shodan 30-06-2013  18:45:42.2.4 - x64

Microsoft Windows 7 Ultimate   6.1.7601.1.1252.31.1043.18.8162.6633 [GMT 2:00]

Gestart vanuit: e:\users\Shodan\Desktop\ComboFix.exe

gebruikte Opdracht switches :: e:\users\Shodan\Desktop\CFScript.txt

AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}

SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 * Nieuw herstelpunt werd aangemaakt

.

.

((((((((((((((((((((((((((((((((((   Andere Verwijderingen   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\Microsoft\Windows\Time

c:\programdata\Microsoft\Windows\Time\_ctypes.pyd

c:\programdata\Microsoft\Windows\Time\_hashlib.pyd

c:\programdata\Microsoft\Windows\Time\_socket.pyd

c:\programdata\Microsoft\Windows\Time\boost_python-vc90-mt-1_48.dll

c:\programdata\Microsoft\Windows\Time\c5ba51c8822b2ebb730d18f8bab93d8a.elf

c:\programdata\Microsoft\Windows\Time\ce6fda2a3f1eadf0c2bdadf9ad19fbd5.elf

c:\programdata\Microsoft\Windows\Time\d4ce4f36e508153bf25ab6a8dcde7f0d.elf

c:\programdata\Microsoft\Windows\Time\library.zip

c:\programdata\Microsoft\Windows\Time\msvcp90.dll

c:\programdata\Microsoft\Windows\Time\numpy.core._dotblas.pyd

c:\programdata\Microsoft\Windows\Time\numpy.core.multiarray.pyd

c:\programdata\Microsoft\Windows\Time\numpy.core.scalarmath.pyd

c:\programdata\Microsoft\Windows\Time\numpy.core.umath.pyd

c:\programdata\Microsoft\Windows\Time\numpy.fft.fftpack_lite.pyd

c:\programdata\Microsoft\Windows\Time\numpy.lib._compiled_base.pyd

c:\programdata\Microsoft\Windows\Time\numpy.linalg.lapack_lite.pyd

c:\programdata\Microsoft\Windows\Time\numpy.random.mtrand.pyd

c:\programdata\Microsoft\Windows\Time\phatk.cl

c:\programdata\Microsoft\Windows\Time\pyopencl._cl.pyd

c:\programdata\Microsoft\Windows\Time\python27.dll

c:\programdata\Microsoft\Windows\Time\select.pyd

c:\programdata\Microsoft\Windows\Time\Time-svc.exe

c:\programdata\Microsoft\Windows\Time\TimeServer.exe

c:\programdata\Microsoft\Windows\Time\w9xpopen.exe

c:\programdata\Microsoft\Windows\Time\WindowsTime.exe

.

.

(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_Time

.

.

((((((((((((((((((((   Bestanden Gemaakt van 2013-05-28 to 2013-06-30  ))))))))))))))))))))))))))))))

.

.

2013-06-30 16:47 . 2013-06-30 16:47 -------- d-----w- c:\users\Shodan\AppData\Local\temp

2013-06-30 13:40 . 2013-06-12 03:08 9552976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3DD57F5A-93CE-4B42-8E36-23CE263F9C02}\mpengine.dll

2013-06-30 03:46 . 2013-06-12 03:08 9552976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2013-06-30 01:44 . 2013-06-30 01:44 -------- d-----w- c:\users\Shodan\AppData\Roaming\Malwarebytes

2013-06-30 01:44 . 2013-06-30 01:44 -------- d-----w- c:\programdata\Malwarebytes

2013-06-30 01:44 . 2013-06-30 01:44 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2013-06-30 01:44 . 2013-04-04 12:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-06-30 01:39 . 2013-06-30 01:43 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)

2013-06-28 21:55 . 2013-06-28 21:55 -------- d-----w- c:\users\Shodan\AppData\Local\Google

2013-06-28 21:27 . 2013-06-28 21:27 -------- d-----w- c:\program files (x86)\Common Files\Java

2013-06-28 21:27 . 2013-06-28 21:27 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2013-06-28 21:27 . 2013-06-28 21:27 -------- d-----w- c:\program files (x86)\Java

2013-06-28 18:31 . 2013-06-28 18:31 -------- d-----w- c:\program files (x86)\HD Tune

2013-06-28 01:26 . 2013-06-28 01:27 -------- d-----w- c:\programdata\Origin

2013-06-26 20:50 . 2013-06-27 00:11 -------- d-----w- c:\users\Shodan\AppData\Roaming\NVIDIA

2013-06-26 20:01 . 2013-06-26 20:01 -------- d-----w- c:\program files (x86)\AGEIA Technologies

2013-06-26 19:59 . 2013-06-26 19:59 -------- d-----w- C:\NVIDIA

2013-06-23 16:45 . 2013-06-23 16:45 -------- d-----w- c:\program files\iPod

2013-06-23 16:44 . 2013-06-23 16:45 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69

2013-06-23 16:44 . 2013-06-23 16:45 -------- d-----w- c:\program files\iTunes

2013-06-23 16:44 . 2013-06-23 16:45 -------- d-----w- c:\program files (x86)\iTunes

2013-06-22 16:48 . 2012-06-06 09:56 8192 ----a-w- c:\windows\system32\drivers\IntelMEFWVer.dll

2013-06-22 16:48 . 2011-09-22 07:49 56600 ----a-w- c:\windows\system32\drivers\HECIx64.sys

2013-06-22 16:38 . 2013-06-22 16:38 -------- d-----w- c:\program files (x86)\Microsoft XNA

2013-06-22 16:38 . 2013-06-25 22:51 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2013-06-22 16:37 . 2013-06-26 15:51 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2

2013-06-22 16:37 . 2013-06-22 16:37 -------- d-----w- c:\users\Shodan\AppData\Local\Programs

2013-06-22 16:36 . 2013-06-22 16:36 -------- d-----w- c:\users\Shodan\AppData\Roaming\The Longest Journey

2013-06-22 16:02 . 2012-12-26 23:26 805088 ----a-w- c:\windows\system32\drivers\Rt64win7.sys

2013-06-22 16:02 . 2012-12-26 23:26 74344 ----a-w- c:\windows\system32\RtNicProp64.dll

2013-06-22 16:01 . 2013-06-22 16:01 -------- d-----w- c:\programdata\Downloaded Installations

2013-06-22 15:59 . 2012-08-22 08:19 11832 ----a-w- c:\windows\acpimof.dll

2013-06-22 15:59 . 2013-06-22 15:59 -------- d-----w- c:\program files (x86)\MSI

2013-06-22 15:09 . 2013-06-22 15:09 -------- d-----w- c:\programdata\VS Revo Group

2013-06-22 12:01 . 2013-06-22 12:01 964552 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CB6BD291-B671-4E20-BE07-506AACD0CC1E}\gapaengine.dll

2013-06-20 23:23 . 2013-06-20 23:23 -------- d-----w- c:\program files (x86)\D-LAN

2013-06-19 18:01 . 2013-06-19 19:37 -------- d-----w- c:\users\Shodan\AppData\Roaming\Notepad++

2013-06-19 18:00 . 2013-06-19 18:00 -------- d-----w- c:\program files (x86)\Notepad++

2013-06-17 12:44 . 2013-06-24 00:33 -------- d-----w- c:\users\Shodan\AppData\Roaming\Skype

2013-06-16 19:25 . 2013-06-16 19:25 -------- d-----w- c:\users\Shodan\AppData\Local\ESN

2013-06-16 19:25 . 2013-06-16 19:25 -------- d-----w- c:\program files (x86)\Battlelog Web Plugins

2013-06-16 19:22 . 2013-06-16 19:22 -------- d-----w- c:\programdata\Electronic Arts

2013-06-16 19:22 . 2013-06-16 19:22 -------- d-----w- c:\programdata\EA Logs

2013-06-16 19:22 . 2013-06-16 19:22 -------- d-----w- c:\programdata\EA Core

2013-06-13 12:10 . 2013-06-22 15:15 -------- d-----w- c:\users\Shodan\AppData\Roaming\Belastingdienst

2013-06-12 22:25 . 2013-06-12 22:25 -------- d-----w- c:\users\Shodan\AppData\Roaming\cYo

2013-06-12 22:25 . 2013-06-12 22:25 -------- d-----w- c:\users\Shodan\AppData\Local\cYo

2013-06-12 22:25 . 2013-06-12 22:25 -------- d-----w- c:\program files\ComicRack

2013-06-12 17:22 . 2013-05-08 06:39 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys

2013-06-12 17:22 . 2013-04-26 05:51 751104 ----a-w- c:\windows\system32\win32spl.dll

2013-06-12 17:22 . 2013-04-26 04:55 492544 ----a-w- c:\windows\SysWow64\win32spl.dll

2013-06-10 18:13 . 2013-06-10 18:13 -------- d-----w- c:\windows\system32\appmgmt

2013-06-10 10:41 . 2013-06-10 10:41 -------- d-----w- c:\users\Shodan\AppData\Local\ElevatedDiagnostics

.

.

.

(((((((((((((((((((((((((((((((((((((((   Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-06-28 21:27 . 2012-10-28 14:34 108968 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll

2013-06-28 21:27 . 2012-10-28 14:34 972712 ----a-w- c:\windows\system32\deployJava1.dll

2013-06-28 21:27 . 2012-10-28 14:34 312232 ----a-w- c:\windows\system32\javaws.exe

2013-06-28 21:27 . 2012-10-28 14:34 1093032 ----a-w- c:\windows\system32\npDeployJava1.dll

2013-06-28 21:27 . 2012-10-28 14:34 189352 ----a-w- c:\windows\system32\javaw.exe

2013-06-28 21:27 . 2012-10-28 14:34 188840 ----a-w- c:\windows\system32\java.exe

2013-06-28 21:27 . 2012-12-07 02:20 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2013-06-28 21:27 . 2012-12-07 02:20 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll

2013-06-21 12:06 . 2013-03-26 14:06 6324360 ----a-w- c:\windows\SysWow64\nvopencl.dll

2013-06-21 12:06 . 2013-03-26 14:06 17560352 ----a-w- c:\windows\SysWow64\nvcompiler.dll

2013-06-21 12:06 . 2013-03-26 14:06 12427240 ----a-w- c:\windows\SysWow64\nvd3dum.dll

2013-06-21 12:06 . 2012-12-07 02:08 2936208 ----a-w- c:\windows\system32\nvapi64.dll

2013-06-21 12:06 . 2012-12-07 02:08 2597856 ----a-w- c:\windows\SysWow64\nvapi.dll

2013-06-21 12:06 . 2012-12-07 02:08 15920536 ----a-w- c:\windows\system32\nvwgf2umx.dll

2013-06-21 12:06 . 2012-12-07 02:08 1059560 ----a-w- c:\windows\system32\nvumdshimx.dll

2013-06-13 01:01 . 2012-10-28 09:47 75825640 ----a-w- c:\windows\system32\MRT.exe

2013-05-25 15:50 . 2009-08-18 11:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll

2013-05-25 15:50 . 2009-08-18 10:24 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2013-05-22 12:13 . 2013-03-23 22:25 964552 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll

2013-05-02 15:29 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe

2013-04-30 01:11 . 2013-04-30 01:11 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

2013-04-30 01:11 . 2013-04-30 01:11 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll

2013-04-30 01:11 . 2013-04-30 01:11 523264 ----a-w- c:\windows\SysWow64\vbscript.dll

2013-04-30 01:11 . 2013-04-30 01:11 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

2013-04-30 01:11 . 2013-04-30 01:11 38400 ----a-w- c:\windows\SysWow64\imgutil.dll

2013-04-30 01:11 . 2013-04-30 01:11 226304 ----a-w- c:\windows\system32\elshyph.dll

2013-04-30 01:11 . 2013-04-30 01:11 185344 ----a-w- c:\windows\SysWow64\elshyph.dll

2013-04-30 01:11 . 2013-04-30 01:11 158720 ----a-w- c:\windows\SysWow64\msls31.dll

2013-04-30 01:11 . 2013-04-30 01:11 150528 ----a-w- c:\windows\SysWow64\iexpress.exe

2013-04-30 01:11 . 2013-04-30 01:11 138752 ----a-w- c:\windows\SysWow64\wextract.exe

2013-04-30 01:11 . 2013-04-30 01:11 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2013-04-30 01:11 . 2013-04-30 01:11 12800 ----a-w- c:\windows\SysWow64\mshta.exe

2013-04-30 01:11 . 2013-04-30 01:11 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

2013-04-30 01:11 . 2013-04-30 01:11 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe

2013-04-30 01:11 . 2013-04-30 01:11 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll

2013-04-30 01:11 . 2013-04-30 01:11 81408 ----a-w- c:\windows\system32\icardie.dll

2013-04-30 01:11 . 2013-04-30 01:11 762368 ----a-w- c:\windows\system32\ieapfltr.dll

2013-04-30 01:11 . 2013-04-30 01:11 61952 ----a-w- c:\windows\SysWow64\tdc.ocx

2013-04-30 01:11 . 2013-04-30 01:11 452096 ----a-w- c:\windows\system32\dxtmsft.dll

2013-04-30 01:11 . 2013-04-30 01:11 441856 ----a-w- c:\windows\system32\html.iec

2013-04-30 01:11 . 2013-04-30 01:11 361984 ----a-w- c:\windows\SysWow64\html.iec

2013-04-30 01:11 . 2013-04-30 01:11 281600 ----a-w- c:\windows\system32\dxtrans.dll

2013-04-30 01:11 . 2013-04-30 01:11 235008 ----a-w- c:\windows\system32\url.dll

2013-04-30 01:11 . 2013-04-30 01:11 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll

2013-04-30 01:11 . 2013-04-30 01:11 216064 ----a-w- c:\windows\system32\msls31.dll

2013-04-30 01:11 . 2013-04-30 01:11 197120 ----a-w- c:\windows\system32\msrating.dll

2013-04-30 01:11 . 2013-04-30 01:11 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2013-04-30 01:11 . 2013-04-30 01:11 1400416 ----a-w- c:\windows\system32\ieapfltr.dat

2013-04-30 01:11 . 2013-04-30 01:11 270848 ----a-w- c:\windows\system32\iedkcs32.dll

2013-04-30 01:11 . 2013-04-30 01:11 97280 ----a-w- c:\windows\system32\mshtmled.dll

2013-04-30 01:11 . 2013-04-30 01:11 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2013-04-30 01:11 . 2013-04-30 01:11 77312 ----a-w- c:\windows\system32\tdc.ocx

2013-04-30 01:11 . 2013-04-30 01:11 62976 ----a-w- c:\windows\system32\pngfilt.dll

2013-04-30 01:11 . 2013-04-30 01:11 599552 ----a-w- c:\windows\system32\vbscript.dll

2013-04-30 01:11 . 2013-04-30 01:11 52224 ----a-w- c:\windows\system32\msfeedsbs.dll

2013-04-30 01:11 . 2013-04-30 01:11 51200 ----a-w- c:\windows\system32\imgutil.dll

2013-04-30 01:11 . 2013-04-30 01:11 48640 ----a-w- c:\windows\system32\mshtmler.dll

2013-04-30 01:11 . 2013-04-30 01:11 27648 ----a-w- c:\windows\system32\licmgr10.dll

2013-04-30 01:11 . 2013-04-30 01:11 247296 ----a-w- c:\windows\system32\webcheck.dll

2013-04-30 01:11 . 2013-04-30 01:11 173568 ----a-w- c:\windows\system32\ieUnatt.exe

2013-04-30 01:11 . 2013-04-30 01:11 167424 ----a-w- c:\windows\system32\iexpress.exe

2013-04-30 01:11 . 2013-04-30 01:11 1509376 ----a-w- c:\windows\system32\inetcpl.cpl

2013-04-30 01:11 . 2013-04-30 01:11 149504 ----a-w- c:\windows\system32\occache.dll

2013-04-30 01:11 . 2013-04-30 01:11 144896 ----a-w- c:\windows\system32\wextract.exe

2013-04-30 01:11 . 2013-04-30 01:11 13824 ----a-w- c:\windows\system32\mshta.exe

2013-04-30 01:11 . 2013-04-30 01:11 136192 ----a-w- c:\windows\system32\iepeers.dll

2013-04-30 01:11 . 2013-04-30 01:11 135680 ----a-w- c:\windows\system32\IEAdvpack.dll

2013-04-30 01:11 . 2013-04-30 01:11 12800 ----a-w- c:\windows\system32\msfeedssync.exe

2013-04-30 01:11 . 2013-04-30 01:11 102912 ----a-w- c:\windows\system32\inseng.dll

2013-04-13 05:49 . 2013-05-15 12:21 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2013-04-13 05:49 . 2013-05-15 12:21 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2013-04-13 05:49 . 2013-05-15 12:21 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll

2013-04-13 05:49 . 2013-05-15 12:21 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll

2013-04-13 04:45 . 2013-05-15 12:21 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll

2013-04-13 04:45 . 2013-05-15 12:21 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll

2013-04-12 14:45 . 2013-04-24 10:41 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys

2013-04-10 06:01 . 2013-05-15 12:21 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys

2013-04-10 06:01 . 2013-05-15 12:21 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys

2013-04-10 03:30 . 2013-05-15 12:21 3153920 ----a-w- c:\windows\system32\win32k.sys

.

.

(((((((((((((((((((((((((((((((((((((   Reg Opstartpunten   )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]

@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"

[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]

2013-05-20 19:00 1725128 ----a-w- c:\progra~2\MICROS~4\Office15\GROOVEEX.DLL

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]

@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"

[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]

2013-05-20 19:00 1725128 ----a-w- c:\progra~2\MICROS~4\Office15\GROOVEEX.DLL

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]

@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"

[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]

2013-05-20 19:00 1725128 ----a-w- c:\progra~2\MICROS~4\Office15\GROOVEEX.DLL

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"F.lux"="c:\users\Shodan\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]

"Spotify Web Helper"="c:\users\Shodan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-06-15 1104384]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveTrack"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ   autocheck autochk *\0\0sdnclean64.exe

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]

R3 b06diag;Broadcom NetXtreme II Diag Driver;c:\windows\system32\drivers\bxdiaga.sys;c:\windows\SYSNATIVE\drivers\bxdiaga.sys [x]

R3 BFN7x64;Bigfoot Networks Killer Gaming Service;c:\windows\system32\drivers\Xeno7x64.sys;c:\windows\SYSNATIVE\drivers\Xeno7x64.sys [x]

R3 BFNVis64;Bigfoot Networks Killer Gaming Service;c:\windows\system32\drivers\XenoVa64.sys;c:\windows\SYSNATIVE\drivers\XenoVa64.sys [x]

R3 bxfcoe;bxfcoe;c:\windows\system32\drivers\bxfcoe.sys;c:\windows\SYSNATIVE\drivers\bxfcoe.sys [x]

R3 bxois;bxois;c:\windows\system32\drivers\bxois.sys;c:\windows\SYSNATIVE\drivers\bxois.sys [x]

R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [x]

R3 D-LAN Core;D-LAN Core;c:\program files (x86)\D-LAN\D-LAN.Core.exe;c:\program files (x86)\D-LAN\D-LAN.Core.exe [x]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]

R3 IAMTVE;Stuurprogramma voor Intel® Active Management Technology - KCS;c:\windows\system32\drivers\IAMTVE.sys;c:\windows\SYSNATIVE\drivers\IAMTVE.sys [x]

R3 IAMTXPE;Stuurprogramma voor Intel® Active Management Technology - KCS;c:\windows\system32\drivers\IAMTXPE.sys;c:\windows\SYSNATIVE\drivers\IAMTXPE.sys [x]

R3 IFCoEMP;IFCoEMP;c:\windows\system32\drivers\ifM60x64.sys;c:\windows\SYSNATIVE\drivers\ifM60x64.sys [x]

R3 IFCoEVB;IFCoEVB;c:\windows\system32\drivers\ifP60X64.sys;c:\windows\SYSNATIVE\drivers\ifP60X64.sys [x]

R3 ioatdma1;ioatdma1;c:\windows\System32\Drivers\qd162x64.sys;c:\windows\SYSNATIVE\Drivers\qd162x64.sys [x]

R3 ioatdma2;Intel® QuickData Technology device ver.2;c:\windows\System32\Drivers\qd262x64.sys;c:\windows\SYSNATIVE\Drivers\qd262x64.sys [x]

R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys;c:\windows\SYSNATIVE\DRIVERS\ivusb.sys [x]

R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys;c:\windows\SYSNATIVE\DRIVERS\MijXfilt.sys [x]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft Netwerkinspectie;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]

R3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files (x86)\MSI\Live Update 5\NTIOLib_X64.sys;c:\program files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [x]

R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]

R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys;c:\windows\SYSNATIVE\DRIVERS\revoflt.sys [x]

R3 rt61x64;Linksys Wireless-G PCI Adapter Driver;c:\windows\system32\DRIVERS\WMP54Gv41x64.sys;c:\windows\SYSNATIVE\DRIVERS\WMP54Gv41x64.sys [x]

R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys;c:\windows\SYSNATIVE\drivers\Synth3dVsc.sys [x]

R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]

R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]

S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]

S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]

S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

S3 t3;Sound Blaster X-Fi Xtreme Audio;c:\windows\system32\drivers\t3.sys;c:\windows\SYSNATIVE\drivers\t3.sys [x]

.

.

--- Andere Services/Drivers In Geheugen ---

.

*NewlyCreated* - WS2IFSL

.

Inhoud van de 'Gedeelde Taken' map

.

2013-06-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3511419792-4291243797-1282643203-1000Core.job

- c:\users\Shodan\AppData\Local\Google\Update\GoogleUpdate.exe [2013-06-28 21:55]

.

2013-06-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3511419792-4291243797-1282643203-1000UA.job

- c:\users\Shodan\AppData\Local\Google\Update\GoogleUpdate.exe [2013-06-28 21:55]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]

.

------- Bijkomende Scan -------

.

uLocal Page = c:\windows\system32\blank.htm


mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office15\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.254 195.241.77.55 195.241.77.58

Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL

.

- - - - ORPHANS VERWIJDERD - - - -

.

AddRemove-pcsx2-r5350 - c:\my games\Roms\Emulator\Uninst-pcsx2-r5350.exe

AddRemove-S4Uninst - c:\bluebyte\The Settlers IV\Uninst.isu

.

.

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe

c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

.

**************************************************************************

.

Voltooingstijd: 2013-06-30  18:49:34 - machine werd herstart

ComboFix-quarantined-files.txt  2013-06-30 16:49

ComboFix2.txt  2013-06-30 15:49

.

Pre-Run: 145.201.750.016 bytes beschikbaar

Post-Run: 144.932.634.624 bytes beschikbaar

.

- - End Of File - - D4326AB56685A693225B964FD98F0C99

A36C5E4F47E84449FF07ED3517B43A31
Link to post
Share on other sites

Looks Good.......

Lets check for any adware while you're here:

Please download AdwCleaner from here and save it on your Desktop.

 

AdwCleaner is a reliable removal tool for Adware, Foistware, toolbars and potentially unwanted programs.

AdwCleaner is a tool that deletes :

· Adwares (software ads)

· PUP/LPI (Potentially Undesirable Program)

· Toolbars

· Hijacker (Hijack of the browser's homepage)

It works with a Search and Deletion method. It can be easily uninstalled using the "Uninstall" mode.

  • Right-click on adwcleaner.exe and select Run As Administrator (for XP just double click) to launch the application.
  • Now click on the Search tab.
  • Please post the contents of the log-file created in your next post.
Note: The log can also be located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been ran, so in this should be something like R1.

Note:

Please look over what was found......especially any folders, we're going to permanently delete it all in the next step....if there's something you may want to keep...please let me know and I'll explain to why it shouldn't be on your system.

If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.

Please note that Antivir Webguard uses ASK Toolbar as part of its web security. If you remove ASK by using Adwcleaner, Antivir Webguard will no longer work properly. Therefore, if you use this program please use the instructions below to access the options screen where you should enable /DisableAskDetections before using AdwCleaner.

You can click on the question mark (?) in the upper left corner of the program and then click on Options. You will then be presented with a dialog where you can disable various detections. These options are described below:

/DisableAskDetection - This option disables Ask Toolbar detection.

MrC

Link to post
Share on other sites

Thanks again for the fast reply, i have a hard time keeping up but here the report again.

 

leaner v2.303 - Verslag gemaakt op 30/06/2013 om 19:51:28
# Geactualiseerd op 08/06/2013 door Xplode
# Besturingssysteem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Gebruiker : Shodan - SHODAN-PC
# Opstarten Modus : Normale modus
# Gelanceerd vanaf : E:\Users\Shodan\Desktop\adwcleaner.exe
# Optie [Zoeken]
 
 
***** [Diensten] *****
 
 
***** [Files / Mappen] *****
 
 
***** [Register] *****
 
 
***** [browsers] *****
 
-\\ Internet Explorer v10.0.9200.16611
 
[OK] Het register bevat geen enkele ongeoorloofde invoer.
 
-\\ Google Chrome v27.0.1453.116
 
File : C:\Users\Shodan\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
[OK] De file bevat geen enkele ongeoorloofde invoer.
 
*************************
 
AdwCleaner[R1].txt - [752 octets] - [30/06/2013 19:51:28]
 
########## EOF - C:\AdwCleaner[R1].txt - [811 octets] ##########
Link to post
Share on other sites

Looks OK...Clean

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!
MrC
Link to post
Share on other sites

Hi, glad to hear that my pc looks clean. I'm looking into Paypal so I can donate a tip.

I would like to thank you for all the help and time you took into resolving this problem.

Many thanks.

 

Lasternom

 

 

 Results of screen317's Security Check version 0.99.68  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:`````````````` 
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java 7 Update 25  
 Adobe Reader XI  
 Google Chrome 27.0.1453.116  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log`````````````````````` 
Link to post
Share on other sites

That's Good also.....

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall or download and run the uninstaller)

---------------------------------

If you used DeFogger to disable your CD Emulation drivers, please re-enable them.

-------------------------------

Please download OTC to your desktop.

http://oldtimer.geekstogo.com/OTC.exe

Double-click OTC to run it. (Vista and up users, please right click on OTC and select "Run as an Administrator")

Click on the CleanUp! button and follow the prompts.

(If you get a warning from your firewall or other security programs regarding OTC attempting to contact the Internet, please allow the connection.)

You will be asked to reboot the machine to finish the Cleanup process, choose Yes.

After the reboot all the tools we used should be gone.

Note: Some more recently created tools may not yet be removed by OTC. Feel free to manually delete any tools it leaves behind.

Any other programs or logs you can manually delete.

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST, MBAR, etc....AdwCleaner > just run the program and click uninstall.

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.