Jump to content

Avast! finds URL:mal on every startup


Recommended Posts

A couple of weeks ago my computer started to slow down severely, and MSE couldn't find anything. I ended up installing avast! and MBAM and scanned my computer, which removed a couple of virusses. However, avast! keeps telling me it stopped URL:mal every time I boot up my computer, and I can't find any more viruses.

DDS logs:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.16518  BrowserJavaVersion: 10.45.2
Run by CHRIS at 22:34:18 on 2014-03-06
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.31.1043.18.4087.1537 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files (x86)\Razer\Razer Lycosa\razerhid.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files (x86)\Razer\Razer Lycosa\razertra.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\schtasks.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\msiexec.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
BHO: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Aanmeldhulp voor Windows Live ID: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
mRun: [Lycosa] "C:\Program Files (x86)\Razer\Razer Lycosa\razerhid.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files\Logitech\SetPoint\SetPoint.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Download met MiPony - C:\Program Files (x86)\MiPony\Browser\IEContext.htm
IE: E&xporteren naar Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: Interfaces\{5B6E0689-76BF-44C8-8063-345115976656} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{5D7638B9-7309-4FE5-9E67-523B3BC89E9A} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{D1A1484E-8E9E-4CB1-9EDB-92B375CC4217} : DHCPNameServer = 212.54.40.25 212.54.35.25
TCP: Interfaces\{D1A1484E-8E9E-4CB1-9EDB-92B375CC4217}\3484259435 : DHCPNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\CHRIS\AppData\Roaming\Mozilla\Firefox\Profiles\h9rmj854.default\
FF - prefs.js: keyword.URL - 
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2014-3-3 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2014-3-3 207904]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-9-27 248240]
R0 waemu;waemu;C:\Windows\System32\drivers\waemu.sys [2012-10-15 139744]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2014-3-3 1038072]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2014-3-3 421704]
R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\System32\drivers\ctxusbm.sys [2009-9-8 87600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-12-6 239616]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2014-3-3 78648]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-3-3 50344]
R2 cpuz132;cpuz132;C:\Windows\System32\drivers\cpuz132_x64.sys [2009-12-20 19432]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2010-10-24 134944]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-9-24 94208]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2009-11-23 22408]
R3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;C:\Windows\System32\drivers\LGSHidFilt.Sys [2011-10-24 66328]
R3 Lycosa;Lycosa Keyboard;C:\Windows\System32\drivers\Lycosa.sys [2012-5-7 28928]
R3 MBfilt;MBfilt;C:\Windows\System32\drivers\MBfilt64.sys [2011-12-27 32344]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]
R3 RTL8167;Realtek 8167 NT-stuurprogramma;C:\Windows\System32\drivers\Rt64win7.sys [2009-6-10 187392]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);C:\Windows\System32\drivers\tap0901t.sys [2012-2-5 31232]
R3 VKbms;Virtual HID Minidriver;C:\Windows\System32\drivers\VKbms.sys [2012-5-7 13312]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 EzVpnSvc;COMODO Unite MultiLogin Service;"C:\Program Files\COMODO\Unite\EzVpnSvc.exe" --> C:\Program Files\COMODO\Unite\EzVpnSvc.exe [?]
S3 aswStm;aswStm;C:\Windows\System32\drivers\aswStm.sys [2014-3-3 80184]
S3 FLASHSYS;FLASHSYS;C:\Program Files (x86)\MSI\Live Update 4\LU4\Flashsys64.sys [2010-1-2 15192]
S3 gfiark;gfiark;C:\Windows\System32\drivers\gfiark.sys [2014-2-25 41032]
S3 gfiutil;gfiutil;C:\Windows\System32\drivers\gfiutil.sys [2014-2-25 31264]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2009-11-23 16008]
S3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;C:\PROGRA~1\MSI\MSIWDev\msibios64_100507.sys [2010-5-10 33592]
S3 MsibiosDevice;MsibiosDevice;C:\Program Files (x86)\MSI\Live Update 4\LU4\msibios64.sys [2010-1-2 33080]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\System32\GameMon.des -service --> C:\Windows\System32\GameMon.des -service [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-16 59392]
S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-6-15 1255736]
S4 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-1-3 1363616]
S4 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-1-3 1748640]
S4 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2014-2-4 2222416]
S4 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-1-13 9216]
S4 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-2-12 111616]
S4 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [2014-2-4 377616]
S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]
S4 StarWindServiceAE;StarWind AE Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
S4 TunngleService;TunngleService;C:\Program Files (x86)\Tunngle\TnglCtrl.exe [2012-2-5 759192]
S4 WinArchiver Service;WinArchiver Service;C:\Program Files (x86)\WinArchiver\WAService.exe [2012-9-25 201824]
.
=============== File Associations ===============
.
FileExt: .js: Applications\notepad++.exe="C:\Program Files (x86)\Notepad++\notepad++.exe" "%1" [userChoice]
.
=============== Created Last 30 ================
.
2014-03-06 21:25:00 -------- d-sh--w- C:\$RECYCLE.BIN
2014-03-06 14:15:50 -------- d-----w- C:\Users\CHRIS\AppData\Roaming\Malwarebytes
2014-03-06 14:15:36 -------- d-----w- C:\ProgramData\Malwarebytes
2014-03-06 14:15:34 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-03-06 14:15:34 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-06 14:04:05 1031560 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{15022210-27B0-4F37-9997-C16B59CD7F48}\gapaengine.dll
2014-03-06 14:03:55 10536864 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{44E1FCB7-5181-4C55-B0C1-C7E33064BF7F}\mpengine.dll
2014-03-06 14:00:48 -------- d-----w- C:\AdwCleaner
2014-03-05 10:34:35 10536864 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-03-03 12:03:37 -------- d-----w- C:\Users\CHRIS\AppData\Roaming\AVAST Software
2014-03-03 12:02:45 80184 ----a-w- C:\Windows\System32\drivers\aswStm.sys
2014-03-03 12:02:45 207904 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2014-03-03 12:02:44 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2014-03-03 12:02:44 1038072 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2014-03-03 12:02:37 92544 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2014-03-03 12:02:37 78648 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2014-03-03 12:02:32 43152 ----a-w- C:\Windows\avastSS.scr
2014-03-03 12:01:31 -------- d-----w- C:\Program Files\AVAST Software
2014-03-01 16:26:33 -------- d-----w- C:\ProgramData\AVAST Software
2014-02-28 21:23:08 -------- d-----w- C:\da3c6f957c7658988b6a21
2014-02-28 19:27:43 81920 ----a-w- C:\Windows\eSellerateControl350.dll
2014-02-28 19:27:43 356352 ----a-w- C:\Windows\eSellerateEngine.dll
2014-02-28 19:27:43 274432 ------w- C:\Windows\SysWow64\ssleay32.dll
2014-02-28 19:27:43 1122304 ------w- C:\Windows\SysWow64\libeay32.dll
2014-02-28 18:26:54 -------- d-----w- C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-02-28 17:54:02 -------- d-----w- C:\Program Files (x86)\Thief
2014-02-28 15:51:28 208216 ----a-w- C:\Windows\System32\drivers\59767899.sys
2014-02-28 15:45:25 208216 ----a-w- C:\Windows\System32\drivers\90326473.sys
2014-02-27 22:50:59 -------- d-----w- C:\Windows\Migration
2014-02-26 15:45:48 -------- d-----w- C:\Users\CHRIS\AppData\Roaming\AVG2014
2014-02-26 15:43:07 -------- d-----w- C:\Users\CHRIS\AppData\Roaming\TuneUp Software
2014-02-26 15:41:38 -------- d-----w- C:\ProgramData\AVG2014
2014-02-26 15:36:18 -------- d--h--w- C:\ProgramData\Common Files
2014-02-26 15:36:16 -------- d-----w- C:\Users\CHRIS\AppData\Local\MFAData
2014-02-26 15:36:16 -------- d-----w- C:\Users\CHRIS\AppData\Local\Avg2014
2014-02-25 18:33:40 -------- d-----w- C:\Users\CHRIS\AppData\Roaming\GetRightToGo
2014-02-25 18:27:43 31264 ----a-w- C:\Windows\System32\drivers\gfiutil.sys
2014-02-25 18:27:42 41032 ----a-w- C:\Windows\System32\drivers\gfiark.sys
2014-02-25 18:27:14 -------- d-----w- C:\VIPRERESCUE
2014-02-25 15:44:30 -------- d-----w- C:\Users\CHRIS\AppData\Roaming\YoudaGames
2014-02-24 22:10:23 -------- d-----w- C:\Program Files (x86)\Foxy Games
2014-02-24 11:46:31 -------- d-----w- C:\Users\CHRIS\AppData\Roaming\Microsoft Games
2014-02-23 18:55:29 -------- d-----w- C:\Program Files (x86)\AMD AVT
2014-02-23 18:48:43 -------- d-----w- C:\Program Files\AMD
2014-02-23 16:43:30 -------- d-----w- C:\Users\CHRIS\AppData\Local\ElevatedDiagnostics
2014-02-23 14:22:13 -------- d-----w- C:\ProgramData\SecTaskMan
2014-02-22 21:01:15 1577620 ------w- C:\Windows\SysWow64\scrypt130511Juniperglg2tc4032w64l4.bin
2014-02-15 23:12:29 -------- d-----w- C:\Program Files (x86)\BugbearEntertainment
2014-02-12 22:48:39 548864 ----a-w- C:\Windows\System32\vbscript.dll
2014-02-12 22:48:39 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-02-12 22:48:00 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-02-12 22:48:00 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-02-12 17:54:36 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2014-02-05 14:23:46 -------- d-----w- C:\Program Files (x86)\LogMeIn Hamachi
.
==================== Find3M  ====================
.
2014-02-20 20:34:57 71048 ------w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-20 20:34:57 692616 ------w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-02-06 11:30:12 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-02-06 11:07:39 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-02-06 11:06:47 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-02-06 10:49:03 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-02-06 10:48:45 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-02-06 10:48:11 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-02-06 10:11:37 5768704 ----a-w- C:\Windows\System32\jscript9.dll
2014-02-06 10:01:36 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-02-06 10:00:46 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-02-06 09:50:32 2041856 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-02-06 09:47:22 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-02-06 09:46:27 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-02-06 09:25:36 4244480 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-02-06 09:24:52 2334208 ----a-w- C:\Windows\System32\wininet.dll
2014-02-06 09:09:30 1964032 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-02-06 08:41:35 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-01-26 02:57:10 389120 ------w- C:\Windows\SysWow64\RegistryHelperLM.ocx
2014-01-24 19:24:30 43520 ------w- C:\Windows\SysWow64\CmdLineExt03.dll
2014-01-19 07:33:29 270496 ------w- C:\Windows\System32\MpSigStub.exe
2014-01-16 10:20:00 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
2013-12-24 23:09:41 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2013-12-24 22:48:32 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2013-12-06 22:07:36 78432 ----a-w- C:\Windows\System32\atimpc64.dll
2013-12-06 22:07:36 78432 ----a-w- C:\Windows\System32\amdpcom64.dll
2013-12-06 22:07:14 71704 ------w- C:\Windows\SysWow64\atimpc32.dll
2013-12-06 22:07:14 71704 ------w- C:\Windows\SysWow64\amdpcom32.dll
2013-12-06 22:04:10 143304 ----a-w- C:\Windows\System32\atiuxp64.dll
2013-12-06 22:03:46 126336 ------w- C:\Windows\SysWow64\atiuxpag.dll
2013-12-06 22:03:00 115512 ----a-w- C:\Windows\System32\atiu9p64.dll
2013-12-06 22:02:38 98496 ------w- C:\Windows\SysWow64\atiu9pag.dll
2013-12-06 22:01:52 1318552 ----a-w- C:\Windows\System32\aticfx64.dll
2013-12-06 22:01:04 1100216 ------w- C:\Windows\SysWow64\aticfx32.dll
2013-12-06 22:00:16 9753752 ----a-w- C:\Windows\System32\atidxx64.dll
2013-12-06 21:59:50 8406024 ------w- C:\Windows\SysWow64\atidxx32.dll
2013-12-06 21:59:00 8287008 ------w- C:\Windows\SysWow64\atiumdva.dll
2013-12-06 21:58:10 6630232 ------w- C:\Windows\SysWow64\atiumdag.dll
2013-12-06 21:57:20 8927704 ----a-w- C:\Windows\System32\atiumd6a.dll
2013-12-06 21:56:54 7751920 ----a-w- C:\Windows\System32\atiumd64.dll
2013-12-06 21:52:14 13207552 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2013-12-06 21:38:52 230912 ----a-w- C:\Windows\System32\clinfo.exe
2013-12-06 21:38:40 1187342 ----a-w- C:\Windows\System32\amdocl_as64.exe
2013-12-06 21:38:40 1061902 ----a-w- C:\Windows\System32\amdocl_ld64.exe
2013-12-06 21:38:38 995342 ------w- C:\Windows\SysWow64\amdocl_as32.exe
2013-12-06 21:38:38 798734 ------w- C:\Windows\SysWow64\amdocl_ld32.exe
2013-12-06 21:38:34 99840 ----a-w- C:\Windows\System32\OpenVideo64.dll
2013-12-06 21:38:28 83968 ------w- C:\Windows\SysWow64\OpenVideo.dll
2013-12-06 21:38:22 86528 ----a-w- C:\Windows\System32\OVDecode64.dll
2013-12-06 21:38:18 73728 ------w- C:\Windows\SysWow64\OVDecode.dll
2013-12-06 21:37:58 29382144 ----a-w- C:\Windows\System32\amdocl64.dll
.
============= FINISH: 22:36:40,12 ===============
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume1
Install Date: 20-12-2009 18:54:29
System Uptime: 6-3-2014 22:00:46 (0 hours ago)
.
Motherboard: MICRO-STAR INTERNATIONAL CO.,LTD |  | P55-GD65 (MS-7583)  
Processor: Intel® Core i5 CPU         750  @ 2.67GHz | CPU 1 | 2668/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 272,553 GiB free.
D: is CDROM ()
E: is CDROM ()
G: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: 
Description: Nexus 5
Device ID: USB\VID_18D1&PID_4EE2&MI_01\7&11CA1A85&0&0001
Manufacturer: 
Name: Nexus 5
PNP Device ID: USB\VID_18D1&PID_4EE2&MI_01\7&11CA1A85&0&0001
Service: 
.
==== System Restore Points ===================
.
RP1295: 6-3-2014 22:23:28 - ComboFix created restore point
RP1296: 6-3-2014 22:25:27 - Removed Pinnacle Studio 12.
RP1297: 6-3-2014 22:28:05 - Removed Pinnacle VideoSpin.
RP1298: 6-3-2014 22:29:15 - Removed Pinnacle Studio 12 Ultimate Plugins.
RP1299: 6-3-2014 22:30:10 - Removed Pinnacle Video Driver.
RP1300: 6-3-2014 22:30:32 - Removed Pinnacle Video Driver.
.
==== Installed Programs ======================
.
 Update for Microsoft Office 2007 (KB2508958)
7-Zip 4.65
Aangifte inkomstenbelasting 2008
Aangifte inkomstenbelasting 2009
Aangifte inkomstenbelasting 2010
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps x64 CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Recommended Settings
Adobe Color JA Extra Settings CS4
Adobe Color NA Extra Settings
Adobe Default Language CS4
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 12 ActiveX
Adobe Flash Player 12 Plugin
Adobe Fonts All x64
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe InDesign CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe Media Player
Adobe PDF Library Files x64 CS4
Adobe Photoshop CS3
Adobe Reader 9.5.2 - Nederlands
Adobe Setup
Adobe Shockwave Player 12.0
Adobe SING CS3
Adobe Stock Photos CS3
Adobe Type Support x64 CS4
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
AdobeColorCommonSetRGB
Age of Mythology
AMD Accelerated Video Transcoding
AMD APP SDK Runtime
AMD AVIVO64 Codecs
AMD Catalyst Control Center
AMD Catalyst Install Manager
AMD Drag and Drop Transcoding
AMD Media Foundation Decoders
AMD Wireless Display v3.0
applicationupdater
ATI Catalyst Registration
ATI Problem Report Wizard
Audacity 2.0.2
avast! Free Antivirus
Banished
Battle.net
BattlEye for OA Uninstall
Canon Utilities My Printer
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
CDBurnerXP
CDDRV_Installer
Cheat Engine 6.3
Citrix online plug-in - web
Citrix online plug-in (DV)
Citrix online plug-in (HDX)
Citrix online plug-in (USB)
Citrix online plug-in (Web)
CodeBlocks
COMODO Unite
ControlCenter
Convert AVI to MP4
Counter-Strike: Condition Zero
Counter-Strike: Source
CPUID CPU-Z 1.53
CPUID HWMonitor 1.15
Creeper World 2
Creeper World 3
Curse Client
D3DX10
DAEMON Tools Lite
Dark Souls: Prepare to Die Edition
DirectDownloader
Driver San Francisco
Dropbox
erLT
EverQuest Next Landmark
Fable III
Gadwin PrintScreen
GameSpy Arcade
Garry's Mod
GIMP 2.6.11
Google Chrome
Google Earth Plug-in
Google Toolbar for Internet Explorer
Google Update Helper
Gyazo 1.0
Hearthstone
HEMA Fotoservice
Hi-Rez Studios Authenticate and Update Service
Huur- en zorgtoeslag 2009
Huur- en zorgtoeslag 2010
HydraVision
ImgBurn
Infested Planet
Java 7 Update 45
Java Auto Updater
Java SE Development Kit 7 Update 7
Java 6 Update 35
Java 7 (64-bit)
Java SE Development Kit 7 (64-bit)
Junk Mail filter update
KhalInstallWrapper
League of Legends
Liveupdate4
Logitech Gaming Software
Logitech Gaming Software 8.20
Logitech SetPoint
LogMeIn Hamachi
LOLReplay
LookInMyPC
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 1.1
Microsoft .NET Framework 4.5.1
Microsoft .NET Framework 4.5.1 (Nederlands)
Microsoft .NET Framework 4.5.1 (NLD)
Microsoft Application Error Reporting
Microsoft AppLocale
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170)
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (Dutch) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (Dutch) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (Dutch) 2007
Microsoft Office InfoPath MUI (Dutch) 2007
Microsoft Office Live Add-in 1.5
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (Dutch) 2007
Microsoft Office Outlook MUI (Dutch) 2007
Microsoft Office PowerPoint MUI (Dutch) 2007
Microsoft Office Proof (Dutch) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proofing (Dutch) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (Dutch) 2007
Microsoft Office Shared 64-bit MUI (Dutch) 2007
Microsoft Office Shared MUI (Dutch) 2007
Microsoft Office Word MUI (Dutch) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable - x86 8.0.50727.42 False
Microsoft Visual C++ 2005 Redistributable - x86 8.0.51011 False
Microsoft Visual C++ 2005 Redistributable - x86 8.0.56336 False
Microsoft Visual C++ 2005 Redistributable - x86 8.0.58299 False
Microsoft Visual C++ 2005 Redistributable - x86 8.0.59193 False
Microsoft Visual C++ 2005 Redistributable - x86 8.0.61001
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 False
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.0 False
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 False
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 False
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 False
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 False
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4048 False
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 False
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.5570 False
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 Redistributable - x86 10.0.30319 False
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 False
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 False
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 False
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 False
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 False
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 False
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610
Microsoft Windows Application Compatibility Database
Microsoft XNA Framework Redistributable 3.0
Microsoft XNA Framework Redistributable 3.1
Microsoft XNA Framework Redistributable 4.0
Microsoft XNA Framework Redistributable 4.0 Refresh
Mozilla Firefox 15.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT Redists
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML4 Parser
Mulimedia Logic
Notepad++
NVIDIA PhysX
Octoshape add-in for Adobe Flash Player
OpenAL
OpenRA
Origin
Pando Media Booster
PDF Settings CS4
Pinball FX2
PlanetSide 2 Beta
PlayReady PC Runtime amd64
PowerISO
PunkBuster Services
Puzzle Pirates
Quake Live Mozilla Plugin
RaidCall
Razer Lycosa
Realtek High Definition Audio Driver
RescueTime 2.5.0
Revo Uninstaller 1.92
RPG Maker VX Ace
SABnzbd (remove only)
Samsung_MonSetup
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2837615) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition 
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition 
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition 
Security Update for Microsoft Office Outlook 2007 (KB2825644) 32-Bit Edition 
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition 
Security Update for Microsoft Office Word 2007 (KB2837617) 32-Bit Edition 
Skype Click to Call
Skype™ 6.11
Snagit 10.0.1
SONAR
Starsector by Fractal Softworks LLC
Steam
Stronghold Crusader
SureThing Express Labeler
swMSM
TeamSpeak 3 Client
Terraria
The Lord of the Rings FREE Trial 
Tunngle beta
Ubisoft Game Launcher
Unity Web Player
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition
Update voor Microsoft Office Excel 2007 Help (KB963678)
Update voor Microsoft Office Powerpoint 2007 Help (KB963669)
Update voor Microsoft Office Word 2007 Help (KB963665)
Uplay
Visual C++ 8.0 Runtime Setup Package (x64)
Visual Studio 2008 x64 Redistributables
Visual Studio 2012 x64 Redistributables
Visual Studio 2012 x86 Redistributables
VLC media player 1.1.5
WEBZEN Browser Extension
WinArchiver
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Movie Maker 2.6
WinRAR 4.00 (64-bit)
Xiph.Org Open Codecs 0.85.17777
Xvid Video Codec
.
==== End Of File ===========================
 
 
Link to post
Share on other sites

Welcome to the forum.

Please run a Quick Scan with Malwarebytes like this and post the log:

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

---------------------

Then........

Please download and run RogueKiller 32 Bit to your desktop.

RogueKiller 64 Bit <---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes and use the default font)

General Forum P2P/Piracy Warning:

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

2. If you have illegal/cracked software, cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

MrC

Note:

Please read all of my instructions completely including these.

Make sure system restore is turned on and running, please create a new restore point

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

 

Database version: v2014.03.06.05

 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 11.0.9600.16518

CHRIS :: CHRIS-PC [administrator]

 

7-3-2014 16:46:47

mbam-log-2014-03-07 (16-46-47).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 267741

Time elapsed: 7 minute(s), 

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end)

 

 


RogueKiller V8.8.10 _x64_ [Feb 28 2014] by Adlice Software





 

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : CHRIS [Admin rights]

Mode : Scan -- Date : 03/07/2014 17:03:08

| ARK || FAK || MBR |

 

¤¤¤ Bad processes : 0 ¤¤¤

 

¤¤¤ Registry Entries : 9 ¤¤¤

[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND

[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND

[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> FOUND

[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND

[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> FOUND

[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

 

¤¤¤ Scheduled tasks : 1 ¤¤¤

[V2][sUSP PATH] Origin : C:\Users\CHRIS\AppData\Roaming\Origin\update.vbe [-] -> FOUND

 

¤¤¤ Startup Entries : 0 ¤¤¤

 

¤¤¤ Web browsers : 0 ¤¤¤

 

¤¤¤ Browser Addons : 0 ¤¤¤

 

¤¤¤ Particular Files / Folders: ¤¤¤

 

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

 

¤¤¤ External Hives: ¤¤¤

 

¤¤¤ Infection :  ¤¤¤

 

¤¤¤ HOSTS File: ¤¤¤

--> %SystemRoot%\System32\drivers\etc\hosts

 

 

127.0.0.1       localhost

 

 

¤¤¤ MBR Check: ¤¤¤

 

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) SAMSUNG HD502HJ ATA Device +++++

--- User ---

[MBR] 2e63d8fef02087ff9c24e12653797bc2

[bSP] e72b677d7949cb94ce4a6fe3be204e3a : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476838 Mo

User = LL1 ... OK!

User = LL2 ... OK!

 

Finished : << RKreport[0]_S_03072014_170308.txt >>

RKreport[0]_S_03072014_165601.txt

 

 

 

Link to post
Share on other sites

Run RogueKiller again and click Scan

When the scan completes > click on the Registry tab

Put a check next to all of these and uncheck the rest: (if found)

[V2][sUSP PATH] Origin : C:\Users\CHRIS\AppData\Roaming\Origin\update.vbe [-] -> FOUND

Now click Delete on the right hand column under Options

-------------

Then........

Lets clean out any adware/spyware now: (this will require a reboot so save all your work)

Please download AdwCleaner from HERE or HERE to your desktop.

  • Double click on AdwCleaner.exe to run the tool.

    Vista/Windows 7/8 users right-click and select Run As Administrator

  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.
MrC
Link to post
Share on other sites

# AdwCleaner v3.020 - Report created 07/03/2014 at 18:46:18

# Updated 27/02/2014 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : CHRIS - CHRIS-PC

# Running from : C:\Users\CHRIS\Desktop\AdwCleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\Users\CHRIS\AppData\Roaming\Systweak

File Deleted : C:\Windows\System32\roboot64.exe

File Deleted : C:\Users\CHRIS\AppData\Local\Temp\Uninstall.exe

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKCU\Software\systweak

Key Deleted : HKLM\Software\systweak

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v11.0.9600.16518

 

 

-\\ Mozilla Firefox v15.0.1 (en-US)

 

[ File : C:\Users\CHRIS\AppData\Roaming\Mozilla\Firefox\Profiles\h9rmj854.default\prefs.js ]

 

 

-\\ Google Chrome v33.0.1750.146

 

[ File : C:\Users\CHRIS\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

*************************

 

AdwCleaner[R0].txt - [17892 octets] - [06/03/2014 15:02:13]

AdwCleaner[R1].txt - [1299 octets] - [07/03/2014 18:32:22]

AdwCleaner[s0].txt - [16600 octets] - [06/03/2014 15:04:22]

AdwCleaner[s1].txt - [1190 octets] - [07/03/2014 18:46:18]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [1250 octets] ##########
Link to post
Share on other sites

OK....Next:

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please make sure you click download buttons that look similar to this, not "sponsored ad links":

bleep-crop.jpg

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

 

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

ComboFix 14-03-05.01 - CHRIS 07-03-2014  19:37:32.5.4 - x64

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.31.1043.18.4087.2876 [GMT 1:00]

Gestart vanuit: c:\users\CHRIS\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}

AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}

SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((   Andere Verwijderingen   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

Besmet exemplaar van c:\windows\system32\Services.exe werd aangetroffen en gedesinfecteerd  

Hersteld exemplaar van - c:\windows\erdnt\cache64\services.exe 

.

.

((((((((((((((((((((   Bestanden Gemaakt van 2014-02-07 to 2014-03-07  ))))))))))))))))))))))))))))))

.

.

2014-03-07 18:49 . 2014-03-07 18:49 -------- d-----w- c:\users\user\AppData\Local\temp

2014-03-07 18:49 . 2014-03-07 18:49 -------- d-----w- c:\users\Public\AppData\Local\temp

2014-03-07 18:49 . 2014-03-07 18:49 -------- d-----w- c:\users\Default\AppData\Local\temp

2014-03-07 18:49 . 2014-03-07 18:49 -------- d-----w- c:\users\Azaq\AppData\Local\temp

2014-03-06 14:15 . 2014-03-06 14:15 -------- d-----w- c:\users\CHRIS\AppData\Roaming\Malwarebytes

2014-03-06 14:15 . 2014-03-06 14:15 -------- d-----w- c:\programdata\Malwarebytes

2014-03-06 14:15 . 2014-03-06 14:15 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2014-03-06 14:15 . 2013-04-04 13:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2014-03-06 14:00 . 2014-03-07 17:46 -------- d-----w- C:\AdwCleaner

2014-03-03 12:03 . 2014-03-03 12:03 -------- d-----w- c:\users\CHRIS\AppData\Roaming\AVAST Software

2014-03-03 12:02 . 2014-03-03 12:02 80184 ----a-w- c:\windows\system32\drivers\aswStm.sys

2014-03-03 12:02 . 2014-03-03 12:02 207904 ----a-w- c:\windows\system32\drivers\aswVmm.sys

2014-03-03 12:02 . 2014-03-03 12:02 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys

2014-03-03 12:02 . 2014-03-03 12:02 421704 ----a-w- c:\windows\system32\drivers\aswSP.sys

2014-03-03 12:02 . 2014-03-03 12:02 1038072 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2014-03-03 12:02 . 2014-03-03 12:02 78648 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2014-03-03 12:02 . 2014-03-03 12:02 92544 ----a-w- c:\windows\system32\drivers\aswRdr2.sys

2014-03-03 12:02 . 2014-03-03 12:02 334136 ----a-w- c:\windows\system32\aswBoot.exe

2014-03-03 12:02 . 2014-03-03 12:02 43152 ----a-w- c:\windows\avastSS.scr

2014-03-03 12:01 . 2014-03-03 12:01 -------- d-----w- c:\program files\AVAST Software

2014-03-01 16:26 . 2014-03-03 12:00 -------- d-----w- c:\programdata\AVAST Software

2014-02-28 21:23 . 2014-02-28 21:23 -------- d-----w- C:\da3c6f957c7658988b6a21

2014-02-28 19:27 . 2013-11-05 13:38 274432 ------w- c:\windows\SysWow64\ssleay32.dll

2014-02-28 19:27 . 2013-11-05 13:38 1122304 ------w- c:\windows\SysWow64\libeay32.dll

2014-02-28 19:27 . 2012-12-10 10:04 81920 ----a-w- c:\windows\eSellerateControl350.dll

2014-02-28 19:27 . 2012-12-10 10:04 356352 ----a-w- c:\windows\eSellerateEngine.dll

2014-02-28 18:26 . 2014-02-28 19:32 -------- d-----w- c:\windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP

2014-02-28 17:54 . 2014-03-06 21:24 -------- d-----w- c:\program files (x86)\Thief

2014-02-28 15:51 . 2014-02-28 15:51 208216 ----a-w- c:\windows\system32\drivers\59767899.sys

2014-02-28 15:45 . 2014-02-28 15:45 208216 ----a-w- c:\windows\system32\drivers\90326473.sys

2014-02-27 22:50 . 2014-02-27 22:50 -------- d-----w- c:\windows\Migration

2014-02-26 15:45 . 2014-02-26 15:45 -------- d-----w- c:\users\CHRIS\AppData\Roaming\AVG2014

2014-02-26 15:43 . 2014-02-26 15:43 -------- d-----w- c:\users\CHRIS\AppData\Roaming\TuneUp Software

2014-02-26 15:41 . 2014-02-27 21:07 -------- d-----w- c:\programdata\AVG2014

2014-02-26 15:36 . 2014-02-26 15:36 -------- d--h--w- c:\programdata\Common Files

2014-02-26 15:36 . 2014-02-27 21:11 -------- d-----w- c:\users\CHRIS\AppData\Local\Avg2014

2014-02-26 15:36 . 2014-02-26 15:36 -------- d-----w- c:\users\CHRIS\AppData\Local\MFAData

2014-02-25 18:33 . 2014-02-25 18:36 -------- d-----w- c:\users\CHRIS\AppData\Roaming\GetRightToGo

2014-02-25 18:27 . 2013-09-04 12:57 31264 ----a-w- c:\windows\system32\drivers\gfiutil.sys

2014-02-25 18:27 . 2013-05-23 06:39 41032 ----a-w- c:\windows\system32\drivers\gfiark.sys

2014-02-25 18:27 . 2014-02-25 18:27 -------- d-----w- C:\VIPRERESCUE

2014-02-25 15:44 . 2014-02-25 15:44 -------- d-----w- c:\users\CHRIS\AppData\Roaming\YoudaGames

2014-02-24 11:46 . 2014-02-24 11:46 -------- d-----w- c:\users\CHRIS\AppData\Roaming\Microsoft Games

2014-02-23 18:56 . 2014-02-23 18:56 -------- d-----w- c:\programdata\ATI

2014-02-23 18:55 . 2014-02-23 18:55 -------- d-----w- c:\program files (x86)\AMD AVT

2014-02-23 18:48 . 2014-02-23 18:48 -------- d-----w- c:\program files\AMD

2014-02-23 16:43 . 2014-02-23 16:43 -------- d-----w- c:\users\CHRIS\AppData\Local\ElevatedDiagnostics

2014-02-23 14:22 . 2014-03-06 21:25 -------- d-----w- c:\programdata\SecTaskMan

2014-02-22 21:01 . 2014-02-22 21:01 1577620 ------w- c:\windows\SysWow64\scrypt130511Juniperglg2tc4032w64l4.bin

2014-02-15 23:12 . 2014-02-15 23:12 -------- d-----w- c:\program files (x86)\BugbearEntertainment

2014-02-12 22:48 . 2013-12-21 09:53 548864 ----a-w- c:\windows\system32\vbscript.dll

2014-02-12 22:48 . 2013-12-21 08:56 454656 ----a-w- c:\windows\SysWow64\vbscript.dll

2014-02-12 22:48 . 2014-02-06 11:30 2724864 ----a-w- c:\windows\system32\mshtml.tlb

2014-02-12 22:48 . 2014-02-06 10:20 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb

2014-02-12 17:54 . 2013-12-06 02:30 2048 ----a-w- c:\windows\system32\msxml3r.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((   Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2014-02-20 20:34 . 2012-04-09 07:29 692616 ------w- c:\windows\SysWow64\FlashPlayerApp.exe

2014-02-20 20:34 . 2011-06-09 07:16 71048 ------w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2014-02-20 08:02 . 2014-03-06 14:04 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{15022210-27B0-4F37-9997-C16B59CD7F48}\gapaengine.dll

2014-02-20 08:02 . 2011-03-26 10:27 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll

2014-02-17 00:56 . 2009-12-22 16:36 88567024 ----a-w- c:\windows\system32\MRT.exe

2014-02-06 09:01 . 2014-03-07 15:44 10536864 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FC3DAB69-F076-49FE-AB84-6299CEEABF44}\mpengine.dll

2014-02-06 09:01 . 2014-03-06 14:03 10536864 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2014-01-26 02:57 . 2014-01-26 02:57 389120 ------w- c:\windows\SysWow64\RegistryHelperLM.ocx

2014-01-24 19:24 . 2014-01-24 19:24 43520 ------w- c:\windows\SysWow64\CmdLineExt03.dll

2014-01-19 07:33 . 2010-01-01 10:10 270496 ------w- c:\windows\system32\MpSigStub.exe

2014-01-16 10:20 . 2013-08-26 12:12 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys

.

.

(((((((((((((((((((((((((((((((((((((   Reg Opstartpunten   )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2013-09-10 23:54 131248 ----a-w- c:\users\CHRIS\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2013-09-10 23:54 131248 ----a-w- c:\users\CHRIS\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2013-09-10 23:54 131248 ----a-w- c:\users\CHRIS\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2013-09-10 23:54 131248 ----a-w- c:\users\CHRIS\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2011-09-23 393216]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2013-12-06 766208]

"Lycosa"="c:\program files (x86)\Razer\Razer Lycosa\razerhid.exe" [2011-03-21 233984]

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]

"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]

"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-03-03 3767096]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-12-22 1207312]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 EzVpnSvc;COMODO Unite MultiLogin Service;c:\program files\COMODO\Unite\EzVpnSvc.exe;c:\program files\COMODO\Unite\EzVpnSvc.exe [x]

R3 ATP;Comodo Unite Miniport Driver;c:\windows\system32\DRIVERS\cmdatp.sys;c:\windows\SYSNATIVE\DRIVERS\cmdatp.sys [x]

R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]

R3 FLASHSYS;FLASHSYS;c:\program files (x86)\MSI\Live Update 4\LU4\FLASHSYS64.sys;c:\program files (x86)\MSI\Live Update 4\LU4\FLASHSYS64.sys [x]

R3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys;c:\windows\SYSNATIVE\drivers\gfiark.sys [x]

R3 gfiutil;gfiutil;c:\windows\system32\drivers\gfiutil.sys;c:\windows\SYSNATIVE\drivers\gfiutil.sys [x]

R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]

R3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\progra~1\MSI\MSIWDev\msibios64_100507.sys;c:\progra~1\MSI\MSIWDev\msibios64_100507.sys [x]

R3 MsibiosDevice;MsibiosDevice;c:\program files (x86)\MSI\Live Update 4\LU4\msibios64.sys;c:\program files (x86)\MSI\Live Update 4\LU4\msibios64.sys [x]

R3 MSICDSetup;MSICDSetup;d:\cdriver64.sys;d:\CDriver64.sys [x]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]

R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

R3 WEBNTACCESS;WEBNTACCESS;c:\windows\system32\NTACCESS.SYS;c:\windows\SYSNATIVE\NTACCESS.SYS [x]

R4 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]

R4 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]

R4 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]

R4 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [x]

R4 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]

R4 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]

R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

R4 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe;c:\program files (x86)\Tunngle\TnglCtrl.exe [x]

R4 WinArchiver Service;WinArchiver Service;c:\program files (x86)\WinArchiver\WAService.exe;c:\program files (x86)\WinArchiver\WAService.exe [x]

S0 aswRvrt;avast! Revert; [x]

S0 aswVmm;avast! VM Monitor; [x]

S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]

S0 waemu;waemu;c:\windows\system32\Drivers\waemu.sys;c:\windows\SYSNATIVE\Drivers\waemu.sys [x]

S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]

S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]

S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys;c:\windows\SYSNATIVE\DRIVERS\ctxusbm.sys [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]

S3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]

S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]

S3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;c:\windows\system32\DRIVERS\LGSHidFilt.Sys;c:\windows\SYSNATIVE\DRIVERS\LGSHidFilt.Sys [x]

S3 Lycosa;Lycosa Keyboard;c:\windows\system32\drivers\Lycosa.sys;c:\windows\SYSNATIVE\drivers\Lycosa.sys [x]

S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]

S3 RTL8167;Realtek 8167 NT-stuurprogramma;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys;c:\windows\SYSNATIVE\DRIVERS\tap0901t.sys [x]

S3 VKbms;Virtual HID Minidriver;c:\windows\system32\DRIVERS\VKbms.sys;c:\windows\SYSNATIVE\DRIVERS\VKbms.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2014-03-04 13:09 1150280 ----a-w- c:\program files (x86)\Google\Chrome\Application\33.0.1750.146\Installer\chrmstp.exe

.

Inhoud van de 'Gedeelde Taken' map

.

2014-03-07 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 20:34]

.

2014-03-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-15 21:33]

.

2014-03-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-15 21:33]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2014-03-03 12:02 287280 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2013-09-10 23:54 164016 ----a-w- c:\users\CHRIS\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2013-09-10 23:54 164016 ----a-w- c:\users\CHRIS\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2013-09-10 23:54 164016 ----a-w- c:\users\CHRIS\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2013-09-10 23:54 164016 ----a-w- c:\users\CHRIS\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll

.

------- Bijkomende Scan -------

.

uLocal Page = c:\windows\system32\blank.htm




mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local


IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000

Trusted Zone: clonewarsadventures.com

Trusted Zone: com\www.msi

Trusted Zone: com.tw\asia.msi

Trusted Zone: com.tw\global.msi

Trusted Zone: com.tw\www.msi

Trusted Zone: freerealms.com

Trusted Zone: kluwer.nl\extranet

Trusted Zone: soe.com

Trusted Zone: sony.com

FF - ProfilePath - c:\users\CHRIS\AppData\Roaming\Mozilla\Firefox\Profiles\h9rmj854.default\

FF - prefs.js: keyword.URL - 

.

- - - - ORPHANS VERWIJDERD - - - -

.

HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start

AddRemove-Driver San Francisco - c:\program files (x86)\Black_Box\Driver San Francisco\Uninstall\Uninstall.exe

AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_USERS\S-1-5-21-755635431-1305819228-163964523-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:f4,f7,09,72,c8,03,3f,83,42,9c,dd,5c,a4,ea,71,4b,ec,cd,5e,7f,5d,9e,73,

   d3,37,23,15,9e,e3,4e,f1,03,47,98,cf,75,56,59,04,85,5c,82,a9,b8,5c,62,07,ff,\

"??"=hex:f6,f0,b5,ba,5d,4c,29,08,b9,ac,ed,4d,73,24,d6,de

.

[HKEY_USERS\S-1-5-21-755635431-1305819228-163964523-1001\Software\SecuROM\License information*]

"datasecu"=hex:eb,b5,d7,e6,61,4e,f8,13,83,80,bb,3c,b8,14,91,1a,01,a4,4b,a0,93,

   25,d4,c1,b2,e1,f1,cb,eb,61,d5,87,23,88,96,a0,c2,29,88,3a,cb,71,ff,9d,c4,b2,\

"rkeysecu"=hex:b9,57,4b,f8,85,91,07,c2,6b,55,9d,a0,32,1d,29,8d

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_70_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_70_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.12"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\program files\AVAST Software\Avast\AvastSvc.exe

c:\windows\SysWOW64\PnkBstrA.exe

c:\program files\Logitech\SetPoint\x86\SetPoint32.exe

c:\program files (x86)\Razer\Razer Lycosa\razertra.exe

.

**************************************************************************

.

Voltooingstijd: 2014-03-07  19:57:13 - machine werd herstart

ComboFix-quarantined-files.txt  2014-03-07 18:57

ComboFix2.txt  2014-02-28 16:35

.

Pre-Run: 292.363.796.480 bytes beschikbaar

Post-Run: 292.115.197.952 bytes beschikbaar

.

- - End Of File - - 494B73D91B1088F6BF332455D095BAC9

A36C5E4F47E84449FF07ED3517B43A31
Link to post
Share on other sites

OK...next:

Please read the directions carefully so you don't end up deleting something that is good!!

If in doubt about an entry....please ask or choose Skip!!!!

Don't Delete anything unless instructed to!

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

If a suspicious object is detected, the default action will be Skip, click on Continue

Please note that TDSSKiller can be run in safe mode if needed.

Please download the latest version of TDSSKiller from HERE and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    image000q.png

  • Put a checkmark beside loaded modules.

    2012081514h0118.png

  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.

    clip.jpg

  • Click the Start Scan button.

    19695967.jpg

  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    67776163.jpg

    Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.

    If in doubt about an entry....please ask or choose Skip

  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.

    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.

    62117367.jpg

    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here. There may be 3 logs > so post or attach all of them.
  • Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

Here's a summary of what to do if you would like to print it out:

If in doubt about an entry....please ask or choose Skip

Don't Delete anything unless instructed to!

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

~~~~~~~~~~~~~~~~~~~~

You can attach the logs if they're too long:

Bottom right corner of this page.

reply1.jpg

New window that comes up.

replyer1.jpg

MrC

Link to post
Share on other sites

Please download Farbar Recovery Scan Tool (FRST) and save it to a folder.

(use correct version for your system.....Which system am I using?)

FRST <----for 32 bit systems

FRST64 <----for 64 bit systems

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
If the logs are large, you can attach them:

To attach a log:

Bottom right corner of this page.

reply1.jpg

New window that comes up.

replyer1.jpg

MrC

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-03-2014 01
Ran by CHRIS (administrator) on CHRIS-PC on 09-03-2014 13:58:09
Running from C:\Users\CHRIS\Desktop\FRST
Windows 7 Home Premium Service Pack 1 (X64) OS Language: Dutch Standard
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link for 32-Bit version:
Download link for 64-Bit Version:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPoint\SetPoint.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
() C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
(Razer USA Ltd.) C:\Program Files (x86)\Razer\Razer Lycosa\razerhid.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
() C:\Program Files (x86)\Razer\Razer Lycosa\razertra.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM-x32\...\Run: [startCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Lycosa] - C:\Program Files (x86)\Razer\Razer Lycosa\razerhid.exe [233984 2011-03-21] (Razer USA Ltd.)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [ATICustomerCare] - C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe [311296 2010-03-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-03-03] (AVAST Software)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-755635431-1305819228-163964523-1001\...\Run: [HydraVisionDesktopManager] - C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [393216 2011-09-23] (AMD)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xFAD69C860348CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = nl-NL
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKCU - {373EF00D-5A82-40D3-A1E7-4CD01F68F483} URL = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=&rlz=1I7SUNC_nl
SearchScopes: HKCU - {70BA3E6B-1059-2266-0B2C-40E4A85231B8} URL = http://www.ddlstart.com/s/?q={searchTerms}&src=defsearch&provider=&provider_name=yahoo&provider_code=&partner_id=750&product_id=872&affiliate_id=&channel=&toolbar_id=200&toolbar_version=2.5.0&install_country=NL&install_date=20120713&user_guid=1BE91C0EF82441CA8EF1BC547A0C65A5&machine_id=03724436a7d96e9498cba89122fb7dae&browser=IE&os=win&os_version=6.1-x64-SP1&iesrc={referrer:source}
BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll (TechSmith Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll (TechSmith Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll (TechSmith Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll (TechSmith Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
DPF: HKLM-x32 {8167C273-DF59-4416-B647-C8BB2C7EE83E} http://liveupdate.msi.com.tw/autobios/LOnline/RELEASECAB/install.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
 
FireFox:
========
FF ProfilePath: C:\Users\CHRIS\AppData\Roaming\Mozilla\Firefox\Profiles\h9rmj854.default
FF Keyword.URL: user_pref("keyword.URL", "");
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1205146.dll (Adobe Systems, Inc.)
FF Plugin-x32: @comodo.com/EasyvpnLvn - C:\Program Files\COMODO\Unite\npEasyVpnLVN.dll No File
FF Plugin-x32: @comodo.com/EasyvpnRdp - C:\Program Files\COMODO\Unite\NpRdpView.dll No File
FF Plugin-x32: @comodo.com/EasyvpnVnc - C:\Program Files\COMODO\Unite\NpVncView.dll No File
FF Plugin-x32: @esn.me/esnsonar,version=0.70.0 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll No File
FF Plugin-x32: @gamersfirst.com/LiveLauncher - C:\Program Files (x86)\GamersFirst\LIVE!\nplivelauncher.dll No File
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @idsoftware.com/QuakeLive - C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @nexon.net/NxGame - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @raidcall.en/RCplugin - C:\Users\CHRIS\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
FF Plugin-x32: @thrixxx.com/WebLaunch - C:\Program Files (x86)\thriXXX\WebLaunch\Binaries\npWebLaunch.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=1.1.5 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF Plugin-x32: @Webzen.com/NPBrowserExt - C:\Program Files (x86)\WEBZEN\BrowserExtension\NPWZCmnCtrl.dll (WEBZEN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @onlive.com/OnLiveGameClientDetector,version=1.0.0 - C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll No File
FF Plugin HKCU: @thrixxx.com/WebLaunch - C:\Program Files (x86)\thriXXX\WebLaunch\Binaries\npWebLaunch.dll No File
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\CHRIS\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\The Settlers 7 - Paths to a Kingdom\Data\Base\_Dbg\Bin\Release\orbit\npuplaypc.dll (Ubisoft)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npWebLaunch.dll ( )
FF Extension: Groove Shredder - C:\Users\CHRIS\AppData\Roaming\Mozilla\Firefox\Profiles\h9rmj854.default\Extensions\grooveshredder@code.argee.org.xpi [2012-09-30]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012-09-08]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-01-03]
FF HKLM-x32\...\Firefox\Extensions: [fbphotozoom@installdaddy.com] - C:\Program Files (x86)\fbphotozoom\fbphotozoom15.xpi
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-03-03]
 
Chrome: 
=======
CHR Extension: (Google Documenten) - C:\Users\CHRIS\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-23]
CHR Extension: (Google Drive) - C:\Users\CHRIS\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-11-08]
CHR Extension: (YouTube) - C:\Users\CHRIS\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-17]
CHR Extension: (Google Zoeken) - C:\Users\CHRIS\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-17]
CHR Extension: (Tampermonkey) - C:\Users\CHRIS\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2014-02-23]
CHR Extension: (APNG) - C:\Users\CHRIS\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehkepjiconegkhpodgoaeamnpckdbblp [2014-02-23]
CHR Extension: (PanicButton) - C:\Users\CHRIS\AppData\Local\Google\Chrome\User Data\Default\Extensions\faminaibgiklngmfpfbhmokfmnglamcm [2014-02-23]
CHR Extension: (Stylish) - C:\Users\CHRIS\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe [2014-02-23]
CHR Extension: (Edit This Cookie) - C:\Users\CHRIS\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg [2014-02-23]
CHR Extension: (AdBlock) - C:\Users\CHRIS\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-02-23]
CHR Extension: (Don't Starve) - C:\Users\CHRIS\AppData\Local\Google\Chrome\User Data\Default\Extensions\hiledapehlkhdehbhppgmekfalnlfajc [2014-02-23]
CHR Extension: (Google Wallet) - C:\Users\CHRIS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-07-16]
CHR Extension: (Bastion) - C:\Users\CHRIS\AppData\Local\Google\Chrome\User Data\Default\Extensions\oohphhdkahjlioohbalmicpokoefkgid [2014-02-23]
CHR Extension: (Gmail) - C:\Users\CHRIS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-17]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-03-03]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-01-03]
CHR HKLM-x32\...\Chrome\Extension: [mpieaakhacmfleokhjcjnpcnmnmpfkid] - C:\Program Files (x86)\fbphotozoom\fbphotozoom15.crx [2014-01-03]
 
==================== Services (Whitelisted) =================
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-03-03] (AVAST Software)
S4 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1363616 2014-01-03] (Microsoft Corporation)
S4 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1748640 2014-01-03] (Microsoft Corporation)
S4 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-02-04] (LogMeIn, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
S4 NMSAccessU; C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe [71096 2009-09-06] ()
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3995128 2012-05-29] (INCA Internet Co., Ltd.)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2013-07-15] ()
S4 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software)
S4 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [759192 2013-09-03] (Tunngle.net GmbH)
S4 WinArchiver Service; C:\Program Files (x86)\WinArchiver\WAService.exe [201824 2012-09-25] ()
S2 EzVpnSvc; "C:\Program Files\COMODO\Unite\EzVpnSvc.exe" [X]
 
==================== Drivers (Whitelisted) ====================
 
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-03-03] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2014-03-03] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-03-03] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1038072 2014-03-03] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [421704 2014-03-03] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [80184 2014-03-03] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-03-03] ()
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2010-01-26] ()
S3 FLASHSYS; C:\Program Files (x86)\MSI\Live Update 4\LU4\FLASHSYS64.sys [15192 2008-02-15] ()
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security)
S3 gfiutil; C:\Windows\System32\drivers\gfiutil.sys [31264 2013-09-04] (ThreatTrack Security)
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [66328 2011-10-24] (Logitech Inc.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2010-01-26] ()
R3 Lycosa; C:\Windows\System32\drivers\Lycosa.sys [28928 2010-09-08] (Razer USA Ltd.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
S3 MsibiosDevice; C:\Program Files (x86)\MSI\Live Update 4\LU4\msibios64.sys [33080 2008-12-10] (Your Corporation)
S3 MSI_MSIBIOS_010507; C:\Program Files\MSI\MSIWDev\msibios64_100507.sys [33592 2010-05-10] (Your Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2013-03-27] (Duplex Secure Ltd.)
S3 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [5504 2009-11-12] ()
S3 StarOpen; C:\Windows\SysWow64\Drivers\StarOpen.sys [7168 2009-11-12] ()
S2 tandpl; C:\Windows\SysWOW64\drivers\tandpl.sys [4736 2003-04-19] ()
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
R0 waemu; C:\Windows\System32\Drivers\waemu.sys [139744 2012-09-25] (Power Software Ltd)
S3 WEBNTACCESS; C:\Windows\SysWOW64\NTACCESS.SYS [17920 2008-04-14] (Your Corporation)
U3 a89rtn48; C:\Windows\System32\Drivers\a89rtn48.sys [0 ] (Advanced Micro Devices)
U3 ats7es57; C:\Windows\System32\Drivers\ats7es57.sys [0 ] (Advanced Micro Devices)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 ATP; system32\DRIVERS\cmdatp.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-03-09 13:58 - 2014-03-09 13:58 - 00000000 ____D () C:\FRST
2014-03-09 13:57 - 2014-03-09 13:58 - 00000000 ____D () C:\Users\CHRIS\Desktop\FRST
2014-03-08 16:16 - 2014-03-08 16:16 - 00000000 ____D () C:\Users\CHRIS\Desktop\aa
2014-03-07 20:46 - 2014-03-07 20:46 - 04130656 _____ (Kaspersky Lab ZAO) C:\Users\CHRIS\Desktop\tdsskiller.exe
2014-03-07 19:57 - 2014-03-07 19:57 - 00025726 _____ () C:\ComboFix.txt
2014-03-07 19:35 - 2014-03-07 19:57 - 00000000 ____D () C:\Qoobox
2014-03-07 19:35 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-03-07 19:35 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-03-07 19:35 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-03-07 19:35 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-03-07 19:35 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-03-07 19:35 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-03-07 19:35 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-03-07 19:35 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-03-07 19:33 - 2014-03-07 19:33 - 05187267 ____R (Swearware) C:\Users\CHRIS\Desktop\ComboFix.exe
2014-03-07 18:04 - 2014-03-07 18:05 - 01244192 _____ () C:\Users\CHRIS\Desktop\AdwCleaner.exe
2014-03-07 16:46 - 2014-03-07 16:54 - 00000913 _____ () C:\Users\CHRIS\Desktop\Nieuw tekstdocument.txt
2014-03-07 16:44 - 2014-03-07 16:56 - 00000000 ____D () C:\Users\CHRIS\Desktop\RK_Quarantine
2014-03-07 16:32 - 2014-03-07 16:32 - 04413952 _____ () C:\Users\CHRIS\Desktop\RogueKillerX64.exe
2014-03-06 22:36 - 2014-03-06 22:36 - 00024257 _____ () C:\Users\CHRIS\Desktop\dds.txt
2014-03-06 22:36 - 2014-03-06 22:36 - 00013214 _____ () C:\Users\CHRIS\Desktop\attach.txt
2014-03-06 22:32 - 2014-03-06 22:32 - 00688992 ____R (Swearware) C:\Users\CHRIS\Desktop\dds.com
2014-03-06 15:15 - 2014-03-06 15:15 - 00001145 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-06 15:15 - 2014-03-06 15:15 - 00000000 ____D () C:\Users\CHRIS\AppData\Roaming\Malwarebytes
2014-03-06 15:15 - 2014-03-06 15:15 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-06 15:15 - 2014-03-06 15:15 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-06 15:15 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-06 15:00 - 2014-03-07 18:46 - 00000000 ____D () C:\AdwCleaner
2014-03-03 13:03 - 2014-03-03 13:03 - 00002002 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-03-03 13:03 - 2014-03-03 13:03 - 00000000 ____D () C:\Users\CHRIS\AppData\Roaming\AVAST Software
2014-03-03 13:02 - 2014-03-07 16:28 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-03-03 13:02 - 2014-03-03 13:02 - 01038072 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-03-03 13:02 - 2014-03-03 13:02 - 00421704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-03-03 13:02 - 2014-03-03 13:02 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-03-03 13:02 - 2014-03-03 13:02 - 00207904 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-03-03 13:02 - 2014-03-03 13:02 - 00092544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-03-03 13:02 - 2014-03-03 13:02 - 00080184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-03-03 13:02 - 2014-03-03 13:02 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-03-03 13:02 - 2014-03-03 13:02 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-03-03 13:02 - 2014-03-03 13:02 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-03-03 13:01 - 2014-03-03 13:01 - 00000000 ____D () C:\Program Files\AVAST Software
2014-03-01 17:26 - 2014-03-03 13:00 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-02-28 22:27 - 2014-02-28 22:27 - 426460783 _____ () C:\Windows\MEMORY.DMP
2014-02-28 22:27 - 2014-02-28 22:27 - 00275952 _____ () C:\Windows\Minidump\022814-25022-01.dmp
2014-02-28 22:23 - 2014-02-28 22:23 - 00000000 ____D () C:\da3c6f957c7658988b6a21
2014-02-28 21:05 - 2014-02-28 21:05 - 00000000 ____D () C:\Users\CHRIS\Documents\Thief
2014-02-28 20:27 - 2013-11-05 14:38 - 01122304 ____N (The OpenSSL Project, http://www.openssl.org/) C:\Windows\SysWOW64\libeay32.dll
2014-02-28 20:27 - 2013-11-05 14:38 - 00274432 ____N (The OpenSSL Project, http://www.openssl.org/) C:\Windows\SysWOW64\ssleay32.dll
2014-02-28 20:27 - 2012-12-10 11:04 - 00356352 _____ (eSellerate Inc.) C:\Windows\eSellerateEngine.dll
2014-02-28 20:27 - 2012-12-10 11:04 - 00081920 _____ (eSellerate Inc.) C:\Windows\eSellerateControl350.dll
2014-02-28 19:26 - 2014-02-28 20:32 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-02-28 18:54 - 2014-03-06 22:24 - 00000000 ____D () C:\Program Files (x86)\Thief
2014-02-28 16:51 - 2014-02-28 16:51 - 00208216 _____ (Kaspersky Lab, GERT) C:\Windows\system32\Drivers\59767899.sys
2014-02-28 16:45 - 2014-02-28 16:45 - 00208216 _____ (Kaspersky Lab, GERT) C:\Windows\system32\Drivers\90326473.sys
2014-02-26 16:45 - 2014-02-26 16:45 - 00000000 ____D () C:\Users\CHRIS\AppData\Roaming\AVG2014
2014-02-26 16:43 - 2014-02-26 16:43 - 00000000 ____D () C:\Users\CHRIS\AppData\Roaming\TuneUp Software
2014-02-26 16:41 - 2014-02-27 22:07 - 00000000 ____D () C:\ProgramData\AVG2014
2014-02-26 16:36 - 2014-02-27 22:11 - 00000000 ____D () C:\Users\CHRIS\AppData\Local\Avg2014
2014-02-26 16:36 - 2014-02-26 16:36 - 00000000 ____D () C:\Users\CHRIS\AppData\Local\MFAData
2014-02-26 16:04 - 2014-02-26 16:04 - 00000222 _____ () C:\Users\CHRIS\Desktop\RPG Maker VX Ace.url
2014-02-25 19:33 - 2014-02-25 19:36 - 00000000 ____D () C:\Users\CHRIS\AppData\Roaming\GetRightToGo
2014-02-25 19:27 - 2014-02-25 19:27 - 00000000 ____D () C:\VIPRERESCUE
2014-02-25 19:27 - 2013-09-04 13:57 - 00031264 _____ (ThreatTrack Security) C:\Windows\system32\Drivers\gfiutil.sys
2014-02-25 19:27 - 2013-05-23 07:39 - 00041032 _____ (ThreatTrack Security) C:\Windows\system32\Drivers\gfiark.sys
2014-02-25 16:44 - 2014-02-25 16:44 - 00000000 ____D () C:\Users\CHRIS\AppData\Roaming\YoudaGames
2014-02-24 12:46 - 2014-02-24 12:46 - 00000000 ____D () C:\Users\CHRIS\AppData\Roaming\Microsoft Games
2014-02-23 19:56 - 2014-02-23 19:56 - 00000000 ____D () C:\ProgramData\ATI
2014-02-23 19:55 - 2014-02-23 19:55 - 00055671 ____N () C:\Windows\SysWOW64\CCCInstall_201402231955112299.log
2014-02-23 19:55 - 2014-02-23 19:55 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-02-23 19:48 - 2014-02-23 19:48 - 00000000 ____D () C:\Program Files\AMD
2014-02-23 18:52 - 2014-02-23 18:52 - 00160176 _____ () C:\Users\CHRIS\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-23 16:56 - 2014-03-09 13:31 - 00002903 _____ () C:\Windows\setupact.log
2014-02-23 16:56 - 2014-02-23 16:56 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-23 16:55 - 2014-02-23 16:56 - 03378208 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-02-23 16:54 - 2014-03-07 19:50 - 00246322 _____ () C:\Windows\PFRO.log
2014-02-23 16:17 - 2014-03-04 14:10 - 00002239 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-23 15:22 - 2014-03-06 22:25 - 00000000 ____D () C:\ProgramData\SecTaskMan
2014-02-22 22:01 - 2014-02-22 22:01 - 01577620 ____N () C:\Windows\SysWOW64\scrypt130511Juniperglg2tc4032w64l4.bin
2014-02-18 19:57 - 2014-02-18 19:57 - 00000000 ____D () C:\Users\CHRIS\Documents\Banished
2014-02-18 19:29 - 2014-02-18 19:29 - 00000222 _____ () C:\Users\CHRIS\Desktop\Banished.url
2014-02-18 10:43 - 2014-02-18 10:43 - 00000000 ____D () C:\Users\CHRIS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-02-16 00:12 - 2014-02-16 00:12 - 00000000 ____D () C:\Program Files (x86)\BugbearEntertainment
2014-02-12 23:48 - 2014-02-06 12:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-12 23:48 - 2014-02-06 11:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-12 23:48 - 2014-02-06 10:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-12 23:48 - 2013-12-21 10:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-12 23:48 - 2013-12-21 09:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-12 23:47 - 2014-02-06 13:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-12 23:47 - 2014-02-06 12:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-12 23:47 - 2014-02-06 12:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-12 23:47 - 2014-02-06 12:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-12 23:47 - 2014-02-06 12:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-12 23:47 - 2014-02-06 11:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-12 23:47 - 2014-02-06 11:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-12 23:47 - 2014-02-06 11:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-12 23:47 - 2014-02-06 11:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-12 23:47 - 2014-02-06 11:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-12 23:47 - 2014-02-06 11:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-12 23:47 - 2014-02-06 11:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-12 23:47 - 2014-02-06 11:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-12 23:47 - 2014-02-06 11:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-12 23:47 - 2014-02-06 11:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-12 23:47 - 2014-02-06 11:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-12 23:47 - 2014-02-06 11:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-12 23:47 - 2014-02-06 10:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-12 23:47 - 2014-02-06 10:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-12 23:47 - 2014-02-06 10:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-12 23:47 - 2014-02-06 10:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-12 23:47 - 2014-02-06 10:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-12 23:47 - 2014-02-06 10:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-12 23:47 - 2014-02-06 10:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-12 23:47 - 2014-02-06 10:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-12 23:47 - 2014-02-06 10:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-12 23:47 - 2014-02-06 10:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-12 23:47 - 2014-02-06 10:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-12 23:47 - 2014-02-06 10:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-12 23:47 - 2014-02-06 10:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-12 23:47 - 2014-02-06 10:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-12 23:47 - 2014-02-06 09:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-12 23:47 - 2014-02-06 09:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-12 23:47 - 2014-02-06 09:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-12 23:47 - 2014-02-06 09:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-12 23:47 - 2014-02-06 09:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-12 18:54 - 2014-01-01 00:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-12 18:54 - 2014-01-01 00:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-12 18:54 - 2013-12-25 00:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-12 18:54 - 2013-12-24 23:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-12 18:54 - 2013-12-06 03:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-12 18:54 - 2013-12-06 03:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-12 18:54 - 2013-12-06 03:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-12 18:54 - 2013-12-06 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-12 18:54 - 2013-12-04 03:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-12 18:54 - 2013-12-04 03:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-12 18:54 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-12 18:54 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-12 18:54 - 2013-12-04 03:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-12 18:54 - 2013-12-04 03:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-12 18:54 - 2013-12-04 03:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-12 18:54 - 2013-12-04 03:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-12 18:54 - 2013-12-04 03:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-12 18:54 - 2013-12-04 03:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-12 18:54 - 2013-12-04 03:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-12 18:54 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-12 18:54 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-12 18:54 - 2013-12-04 03:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-12 18:54 - 2013-12-04 02:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-12 18:54 - 2013-12-04 02:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-12 18:54 - 2013-12-04 02:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-12 18:54 - 2013-12-04 02:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-12 18:54 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-12 18:54 - 2013-11-22 23:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
 
==================== One Month Modified Files and Folders =======
 
2014-03-09 13:58 - 2014-03-09 13:58 - 00000000 ____D () C:\FRST
2014-03-09 13:58 - 2014-03-09 13:57 - 00000000 ____D () C:\Users\CHRIS\Desktop\FRST
2014-03-09 13:55 - 2010-01-02 19:33 - 00003958 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{1D632FA4-ED98-47D7-B14C-0A276DDE1147}
2014-03-09 13:39 - 2009-07-14 05:45 - 00015360 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-09 13:39 - 2009-07-14 05:45 - 00015360 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-09 13:36 - 2009-12-20 18:54 - 01714359 _____ () C:\Windows\WindowsUpdate.log
2014-03-09 13:34 - 2012-04-09 08:29 - 00000940 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-09 13:33 - 2011-06-15 22:33 - 00001050 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-09 13:31 - 2014-02-23 16:56 - 00002903 _____ () C:\Windows\setupact.log
2014-03-09 13:31 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-09 11:08 - 2011-06-15 22:33 - 00001054 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-09 00:36 - 2011-08-25 14:41 - 00000000 ____D () C:\Users\CHRIS\AppData\Roaming\Skype
2014-03-09 00:35 - 2011-08-02 14:28 - 00000000 ____D () C:\Users\CHRIS\AppData\Local\PMB Files
2014-03-09 00:35 - 2011-08-02 14:28 - 00000000 ____D () C:\ProgramData\PMB Files
2014-03-08 16:16 - 2014-03-08 16:16 - 00000000 ____D () C:\Users\CHRIS\Desktop\aa
2014-03-07 20:46 - 2014-03-07 20:46 - 04130656 _____ (Kaspersky Lab ZAO) C:\Users\CHRIS\Desktop\tdsskiller.exe
2014-03-07 19:57 - 2014-03-07 19:57 - 00025726 _____ () C:\ComboFix.txt
2014-03-07 19:57 - 2014-03-07 19:35 - 00000000 ____D () C:\Qoobox
2014-03-07 19:51 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2014-03-07 19:50 - 2014-02-23 16:54 - 00246322 _____ () C:\Windows\PFRO.log
2014-03-07 19:50 - 2013-08-05 15:32 - 00000000 ____D () C:\Windows\erdnt
2014-03-07 19:33 - 2014-03-07 19:33 - 05187267 ____R (Swearware) C:\Users\CHRIS\Desktop\ComboFix.exe
2014-03-07 18:46 - 2014-03-06 15:00 - 00000000 ____D () C:\AdwCleaner
2014-03-07 18:05 - 2014-03-07 18:04 - 01244192 _____ () C:\Users\CHRIS\Desktop\AdwCleaner.exe
2014-03-07 16:56 - 2014-03-07 16:44 - 00000000 ____D () C:\Users\CHRIS\Desktop\RK_Quarantine
2014-03-07 16:54 - 2014-03-07 16:46 - 00000913 _____ () C:\Users\CHRIS\Desktop\Nieuw tekstdocument.txt
2014-03-07 16:32 - 2014-03-07 16:32 - 04413952 _____ () C:\Users\CHRIS\Desktop\RogueKillerX64.exe
2014-03-07 16:28 - 2014-03-03 13:02 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-03-06 23:25 - 2013-10-28 13:38 - 00000000 ____D () C:\Users\CHRIS\AppData\Local\Battle.net
2014-03-06 22:55 - 2013-10-28 13:38 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-03-06 22:47 - 2012-07-03 12:09 - 00000000 ____D () C:\Users\CHRIS\Desktop\derp
2014-03-06 22:36 - 2014-03-06 22:36 - 00024257 _____ () C:\Users\CHRIS\Desktop\dds.txt
2014-03-06 22:36 - 2014-03-06 22:36 - 00013214 _____ () C:\Users\CHRIS\Desktop\attach.txt
2014-03-06 22:32 - 2014-03-06 22:32 - 00688992 ____R (Swearware) C:\Users\CHRIS\Desktop\dds.com
2014-03-06 22:32 - 2012-05-14 15:55 - 00000000 ____D () C:\Users\CHRIS\AppData\Local\Apps\2.0
2014-03-06 22:30 - 2012-10-16 12:35 - 00000000 ____D () C:\Users\CHRIS\AppData\Roaming\proDAD
2014-03-06 22:29 - 2012-10-15 19:48 - 00000000 ____D () C:\Users\Public\Documents\Pinnacle
2014-03-06 22:29 - 2012-10-15 19:48 - 00000000 ____D () C:\Program Files (x86)\Pinnacle
2014-03-06 22:27 - 2012-10-15 19:47 - 00000000 ____D () C:\ProgramData\Pinnacle
2014-03-06 22:25 - 2014-02-23 15:22 - 00000000 ____D () C:\ProgramData\SecTaskMan
2014-03-06 22:24 - 2014-02-28 18:54 - 00000000 ____D () C:\Program Files (x86)\Thief
2014-03-06 22:16 - 2012-03-07 15:15 - 00000000 ____D () C:\Users\CHRIS\AppData\Local\Black_Tree_Gaming
2014-03-06 22:15 - 2012-09-15 13:30 - 00000000 ____D () C:\Program Files (x86)\FTL
2014-03-06 22:15 - 2011-09-12 15:49 - 00000000 ____D () C:\Fraps
2014-03-06 22:14 - 2013-05-08 22:26 - 00000000 ____D () C:\GOG Games
2014-03-06 22:13 - 2012-10-14 20:26 - 00000000 ____D () C:\Users\CHRIS\AppData\Local\Dxtory Software
2014-03-06 22:13 - 2011-08-04 10:39 - 00000000 ____D () C:\Users\CHRIS\AppData\Roaming\uTorrent
2014-03-06 15:15 - 2014-03-06 15:15 - 00001145 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-06 15:15 - 2014-03-06 15:15 - 00000000 ____D () C:\Users\CHRIS\AppData\Roaming\Malwarebytes
2014-03-06 15:15 - 2014-03-06 15:15 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-06 15:15 - 2014-03-06 15:15 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-06 15:04 - 2009-12-20 18:54 - 00001011 _____ () C:\Users\CHRIS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-03-05 18:48 - 2011-11-25 10:42 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-03-04 14:10 - 2014-02-23 16:17 - 00002239 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-03 19:54 - 2012-08-20 18:59 - 00000000 ____D () C:\Users\CHRIS\Desktop\anderen
2014-03-03 13:03 - 2014-03-03 13:03 - 00002002 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-03-03 13:03 - 2014-03-03 13:03 - 00000000 ____D () C:\Users\CHRIS\AppData\Roaming\AVAST Software
2014-03-03 13:02 - 2014-03-03 13:02 - 01038072 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-03-03 13:02 - 2014-03-03 13:02 - 00421704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-03-03 13:02 - 2014-03-03 13:02 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-03-03 13:02 - 2014-03-03 13:02 - 00207904 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-03-03 13:02 - 2014-03-03 13:02 - 00092544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-03-03 13:02 - 2014-03-03 13:02 - 00080184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-03-03 13:02 - 2014-03-03 13:02 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-03-03 13:02 - 2014-03-03 13:02 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-03-03 13:02 - 2014-03-03 13:02 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-03-03 13:01 - 2014-03-03 13:01 - 00000000 ____D () C:\Program Files\AVAST Software
2014-03-03 13:00 - 2014-03-01 17:26 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-02-28 22:27 - 2014-02-28 22:27 - 426460783 _____ () C:\Windows\MEMORY.DMP
2014-02-28 22:27 - 2014-02-28 22:27 - 00275952 _____ () C:\Windows\Minidump\022814-25022-01.dmp
2014-02-28 22:23 - 2014-02-28 22:23 - 00000000 ____D () C:\da3c6f957c7658988b6a21
2014-02-28 21:05 - 2014-02-28 21:05 - 00000000 ____D () C:\Users\CHRIS\Documents\Thief
2014-02-28 20:32 - 2014-02-28 19:26 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-02-28 20:27 - 2011-08-04 12:25 - 00000000 ____D () C:\Users\CHRIS\AppData\Roaming\Notepad++
2014-02-28 16:51 - 2014-02-28 16:51 - 00208216 _____ (Kaspersky Lab, GERT) C:\Windows\system32\Drivers\59767899.sys
2014-02-28 16:45 - 2014-02-28 16:45 - 00208216 _____ (Kaspersky Lab, GERT) C:\Windows\system32\Drivers\90326473.sys
2014-02-28 16:11 - 2010-11-11 09:29 - 00000000 ____D () C:\ProgramData\MFAData
2014-02-27 22:11 - 2014-02-26 16:36 - 00000000 ____D () C:\Users\CHRIS\AppData\Local\Avg2014
2014-02-27 22:07 - 2014-02-26 16:41 - 00000000 ____D () C:\ProgramData\AVG2014
2014-02-26 19:28 - 2012-09-13 10:39 - 00000000 ____D () C:\Users\CHRIS\Desktop\JE
2014-02-26 16:45 - 2014-02-26 16:45 - 00000000 ____D () C:\Users\CHRIS\AppData\Roaming\AVG2014
2014-02-26 16:43 - 2014-02-26 16:43 - 00000000 ____D () C:\Users\CHRIS\AppData\Roaming\TuneUp Software
2014-02-26 16:36 - 2014-02-26 16:36 - 00000000 ____D () C:\Users\CHRIS\AppData\Local\MFAData
2014-02-26 16:04 - 2014-02-26 16:04 - 00000222 _____ () C:\Users\CHRIS\Desktop\RPG Maker VX Ace.url
2014-02-25 19:36 - 2014-02-25 19:33 - 00000000 ____D () C:\Users\CHRIS\AppData\Roaming\GetRightToGo
2014-02-25 19:27 - 2014-02-25 19:27 - 00000000 ____D () C:\VIPRERESCUE
2014-02-25 16:44 - 2014-02-25 16:44 - 00000000 ____D () C:\Users\CHRIS\AppData\Roaming\YoudaGames
2014-02-24 14:32 - 2009-07-14 06:08 - 00032630 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-02-24 12:46 - 2014-02-24 12:46 - 00000000 ____D () C:\Users\CHRIS\AppData\Roaming\Microsoft Games
2014-02-23 19:56 - 2014-02-23 19:56 - 00000000 ____D () C:\ProgramData\ATI
2014-02-23 19:55 - 2014-02-23 19:55 - 00055671 ____N () C:\Windows\SysWOW64\CCCInstall_201402231955112299.log
2014-02-23 19:55 - 2014-02-23 19:55 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-02-23 19:55 - 2012-04-04 10:21 - 00000000 ____D () C:\ProgramData\AMD
2014-02-23 19:48 - 2014-02-23 19:48 - 00000000 ____D () C:\Program Files\AMD
2014-02-23 19:46 - 2013-09-12 14:57 - 00000000 ____D () C:\ProgramData\Package Cache
2014-02-23 18:56 - 2012-05-01 20:21 - 00007615 _____ () C:\Users\CHRIS\AppData\Local\Resmon.ResmonCfg
2014-02-23 18:52 - 2014-02-23 18:52 - 00160176 _____ () C:\Users\CHRIS\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-23 18:48 - 2012-01-21 13:07 - 00000000 ____D () C:\ProgramData\NexonUS
2014-02-23 18:46 - 2011-09-25 14:35 - 00000000 ____D () C:\Games
2014-02-23 17:43 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-02-23 17:29 - 2012-03-03 18:19 - 00000000 ____D () C:\Users\CHRIS\AppData\Local\LogMeIn Hamachi
2014-02-23 16:56 - 2014-02-23 16:56 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-23 16:56 - 2014-02-23 16:55 - 03378208 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-02-23 16:17 - 2010-01-24 15:00 - 00000000 ____D () C:\Program Files (x86)\Google
2014-02-23 16:16 - 2010-01-24 15:18 - 00000000 ____D () C:\Users\CHRIS\AppData\Local\Google
2014-02-23 15:56 - 2013-08-20 23:04 - 00000000 ____D () C:\Users\CHRIS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BeamNG-Techdemo-0.3
2014-02-23 15:56 - 2012-09-14 17:57 - 00000000 ____D () C:\Users\CHRIS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft AppLocale
2014-02-23 15:56 - 2011-08-04 11:56 - 00000000 ____D () C:\Users\CHRIS\AppData\Roaming\DAEMON Tools Lite
2014-02-23 15:56 - 2011-08-02 15:36 - 00000000 ____D () C:\Users\CHRIS\AppData\Roaming\TS3Client
2014-02-23 15:56 - 2010-03-12 20:28 - 00000000 ____D () C:\Users\CHRIS\Desktop\PC TOOLS
2014-02-23 15:56 - 2010-02-20 19:24 - 00000000 ____D () C:\Windows\Minidump
2014-02-23 15:56 - 2009-12-21 01:47 - 00000000 ____D () C:\Windows\Panther
2014-02-23 15:41 - 2011-09-18 10:22 - 00000000 ____D () C:\Windows\pss
2014-02-23 15:41 - 2009-12-20 18:54 - 00000000 ___RD () C:\Users\CHRIS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-23 15:31 - 2011-02-21 20:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-23 15:17 - 2011-09-09 18:04 - 00000000 ____D () C:\Users\CHRIS\AppData\Roaming\Dropbox
2014-02-23 15:15 - 2011-09-09 18:09 - 00000000 ___RD () C:\Users\CHRIS\Dropbox
2014-02-23 15:07 - 2012-05-03 12:43 - 00000000 ____D () C:\Program Files (x86)\intellidownload
2014-02-23 13:23 - 2013-08-20 23:03 - 00000000 ____D () C:\Users\CHRIS\AppData\Local\BeamNG
2014-02-23 13:22 - 2009-12-20 19:19 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-02-23 13:13 - 2010-01-03 15:32 - 00000000 ____D () C:\Program Files (x86)\TomTom HOME 2
2014-02-23 13:08 - 2012-02-18 20:42 - 00000000 ____D () C:\Program Files (x86)\Fractal Softworks
2014-02-23 13:07 - 2011-10-27 13:47 - 00000000 ____D () C:\Program Files (x86)\Firefly Studios
2014-02-23 13:04 - 2013-02-12 21:29 - 00000000 ____D () C:\Ubisoft
2014-02-23 13:04 - 2012-11-30 14:37 - 00000000 ____D () C:\Users\CHRIS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2014-02-23 13:04 - 2012-05-14 15:55 - 00000000 ____D () C:\Users\CHRIS\AppData\Local\Deployment
2014-02-22 22:01 - 2014-02-22 22:01 - 01577620 ____N () C:\Windows\SysWOW64\scrypt130511Juniperglg2tc4032w64l4.bin
2014-02-21 20:59 - 2014-01-21 16:58 - 00000000 ____D () C:\Program Files (x86)\METAL GEAR RISING REVENGEANCE
2014-02-20 21:35 - 2012-04-09 08:29 - 00003878 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-20 21:34 - 2012-04-09 08:29 - 00692616 ____N (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-20 21:34 - 2011-06-09 08:16 - 00071048 ____N (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-18 19:57 - 2014-02-18 19:57 - 00000000 ____D () C:\Users\CHRIS\Documents\Banished
2014-02-18 19:29 - 2014-02-18 19:29 - 00000222 _____ () C:\Users\CHRIS\Desktop\Banished.url
2014-02-18 10:43 - 2014-02-18 10:43 - 00000000 ____D () C:\Users\CHRIS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-02-17 02:00 - 2013-08-15 01:04 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-17 01:56 - 2009-12-22 17:36 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-16 11:07 - 2012-02-03 16:35 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-02-16 11:07 - 2011-08-25 14:41 - 00000000 ____D () C:\ProgramData\Skype
2014-02-16 00:22 - 2010-09-26 19:10 - 00000000 ____D () C:\Users\CHRIS\AppData\Local\SKIDROW
2014-02-16 00:12 - 2014-02-16 00:12 - 00000000 ____D () C:\Program Files (x86)\BugbearEntertainment
2014-02-14 09:14 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-02-13 18:33 - 2012-09-28 22:17 - 00000000 ____D () C:\Users\CHRIS\AppData\Local\EdgeOfReality
2014-02-12 21:03 - 2011-06-15 22:33 - 00004050 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-12 21:03 - 2011-06-15 22:33 - 00003798 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-10 12:46 - 2012-06-02 17:29 - 00000000 ____D () C:\Users\CHRIS\Desktop\scala
 
Files to move or delete:
====================
C:\ProgramData\hash.dat
C:\Users\CHRIS\CTX.DAT
C:\Users\CHRIS\jagex_cl_runescape_LIVE.dat
C:\Users\CHRIS\random.dat
C:\Users\CHRIS\AppData\Roaming\Origin\update.vbe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-03-03 18:04
 
==================== End Of Log ============================

 

Addition.txt

Link to post
Share on other sites

Not much showing......Chrome is always slow.

Clear Chrome Browser Data

Open up Chrome > Click on the 3 bars in the upper right hand corner

Go to Tools > Clear Browser Data

Put a check next to all of these:

  • Clear browsing history
  • Clear download history
  • Delete cookies and other site and plug-in data
  • Empty the cache
-----------------------------------------

Download the attached fixlist.txt to the same folder as FRST.

Run FRST.exe and click Fix only once and wait

The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.

---------------------------------------

I suggest you install CCleaner to clear out temp files:

Download, install and run CCleaner free to clean out temp files.

Here's a Tutorial if needed.

The default settings will be OK for now.

You may want to uncheck "cookies" and please stay away from the registry cleaner.

MrC

Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-03-2014 01

Ran by CHRIS at 2014-03-09 15:06:04 Run:1

Running from C:\Users\CHRIS\Desktop\FRST

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

C:\ProgramData\hash.dat

C:\Users\CHRIS\CTX.DAT

C:\Users\CHRIS\jagex_cl_runescape_LIVE.dat

C:\Users\CHRIS\random.dat

C:\Users\CHRIS\AppData\Roaming\Origin\update.vbe

AlternateDataStreams: C:\ProgramData:gs5sys

AlternateDataStreams: C:\Users\All Users:gs5sys

AlternateDataStreams: C:\Users\CHRIS:gs5sys

AlternateDataStreams: C:\ProgramData\Application Data:gs5sys

AlternateDataStreams: C:\ProgramData\Sjablonen:gs5sys

AlternateDataStreams: C:\ProgramData\TEMP:40752783

AlternateDataStreams: C:\ProgramData\Templates:gs5sys

AlternateDataStreams: C:\Users\CHRIS\Application Data:gs5sys

AlternateDataStreams: C:\Users\CHRIS\Cookies:gs5sys

AlternateDataStreams: C:\Users\CHRIS\Local Settings:gs5sys

AlternateDataStreams: C:\Users\CHRIS\Sjablonen:gs5sys

AlternateDataStreams: C:\Users\CHRIS\Desktop\desktop.ini:gs5sys

AlternateDataStreams: C:\Users\CHRIS\AppData\Local:gs5sys

AlternateDataStreams: C:\Users\CHRIS\AppData\Roaming:gs5sys

AlternateDataStreams: C:\Users\CHRIS\AppData\Local\Application Data:gs5sys

AlternateDataStreams: C:\Users\CHRIS\AppData\Local\Geschiedenis:gs5sys

AlternateDataStreams: C:\Users\CHRIS\Documents\desktop.ini:gs5sys

AlternateDataStreams: C:\Users\Public\Documents\desktop.ini:gs5sys

 

 

*****************

 

C:\ProgramData\hash.dat => Moved successfully.

C:\Users\CHRIS\CTX.DAT => Moved successfully.

C:\Users\CHRIS\jagex_cl_runescape_LIVE.dat => Moved successfully.

C:\Users\CHRIS\random.dat => Moved successfully.

C:\Users\CHRIS\AppData\Roaming\Origin\update.vbe => Moved successfully.

C:\ProgramData => ":gs5sys" ADS removed successfully.

"C:\Users\All Users" => ":gs5sys" ADS not found.

C:\Users\CHRIS => ":gs5sys" ADS removed successfully.

"C:\ProgramData\Application Data" => ":gs5sys" ADS not found.

"C:\ProgramData\Sjablonen" => ":gs5sys" ADS not found.

C:\ProgramData\TEMP => ":40752783" ADS removed successfully.

"C:\ProgramData\Templates" => ":gs5sys" ADS not found.

"C:\Users\CHRIS\Application Data" => ":gs5sys" ADS not found.

"C:\Users\CHRIS\Cookies" => ":gs5sys" ADS not found.

"C:\Users\CHRIS\Local Settings" => ":gs5sys" ADS not found.

"C:\Users\CHRIS\Sjablonen" => ":gs5sys" ADS not found.

C:\Users\CHRIS\Desktop\desktop.ini => ":gs5sys" ADS removed successfully.

C:\Users\CHRIS\AppData\Local => ":gs5sys" ADS removed successfully.

C:\Users\CHRIS\AppData\Roaming => ":gs5sys" ADS removed successfully.

"C:\Users\CHRIS\AppData\Local\Application Data" => ":gs5sys" ADS not found.

"C:\Users\CHRIS\AppData\Local\Geschiedenis" => ":gs5sys" ADS not found.

C:\Users\CHRIS\Documents\desktop.ini => ":gs5sys" ADS removed successfully.

C:\Users\Public\Documents\desktop.ini => ":gs5sys" ADS removed successfully.

 

==== End of Fixlog ====

Link to post
Share on other sites

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • If you get Unsupported operating system. Aborting now, just reboot and try again.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!
MrC
Link to post
Share on other sites

 Results of screen317's Security Check version 0.99.80  

 Windows 7 Service Pack 1 x64 (UAC is disabled!)  

 Internet Explorer 11  

``````````````Antivirus/Firewall Check:`````````````` 

Microsoft Security Essentials   

avast! Antivirus                

 Antivirus up to date!   

`````````Anti-malware/Other Utilities Check:````````` 

 Malwarebytes Anti-Malware version 1.75.0.1300  

 Java 6 Update 35  

 Java 7 Update 45  

 Java SE Development Kit 7 Update 7 

 Java version out of Date! 

 Adobe Flash Player 12.0.0.70  

 Adobe Reader 9 Adobe Reader out of Date! 

 Mozilla Firefox 15.0.1 Firefox out of Date!  

 Google Chrome 33.0.1750.117  

 Google Chrome 33.0.1750.146  

````````Process Check: objlist.exe by Laurent````````  

 Microsoft Security Essentials MSMpEng.exe 

 Microsoft Security Essentials msseces.exe 

 AVAST Software Avast AvastSvc.exe  

 AVAST Software Avast AvastUI.exe  

`````````````````System Health check````````````````` 

 Total Fragmentation on Drive C: 7% 

````````````````````End of Log`````````````````````` 
Link to post
Share on other sites

Out dated programs on the system are vulnerable to malware.
Please update or uninstall them:


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Uninstall these from your add/remove programs:
Java™ 6 Update 35
Java SE Development Kit 7 Update 7


Java version out of Date! <----please update, should be Update 51

Java 7 Update 45 <--------Go to control panel > Java > Update Tab > Update Now
Uncheck the box to install the Ask toolbar!!! and any other free "stuff".

If there's no update tab in Java, uninstall it and Download and install the latest version from Here
Uncheck the box to install the Ask toolbar!!! and any other free "stuff".

-----------------------------------------------------

Adobe Reader 9 Adobe Reader out of Date! <---please check for an update if available or uninstall and download and install Foxit Reader which is less vulnerable to malware and much better than Adobe. Don't install any toolbars that may come with it (ASK Toolbar).

 

----------------------------

Mozilla Firefox 15.0.1 Firefox out of Date! <----please check for an update if available.

----------------------------------------------

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter. (it may look like CF is re-installing but it's not)
This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall or download and run the uninstaller)

---------------------------------

Please download OTC to your desktop. (This will clean up most of the tools and logs)
http://oldtimer.geekstogo.com/OTC.exe

Double-click OTC to run it. (Vista and up users, please right click on OTC and select "Run as an Administrator")
Click on the CleanUp! button and follow the prompts.
(If you get a warning from your firewall or other security programs regarding OTC attempting to contact the Internet, please allow the connection.)
You will be asked to reboot the machine to finish the Cleanup process, choose Yes.
After the reboot all the tools we used should be gone.
Note: Some more recently created tools may not yet be removed by OTC. Feel free to manually delete any tools it leaves behind.

Any other programs or logs you can manually delete. (right click.....Delete)
IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST folder, FRST-OlderVersion folder, MBAR folder, etc....AdwCleaner > just run the program and click uninstall.

Note:
If you used FRST and can't delete the quarantine folder:
Download the fixlist.txt to the same folder as FRST.exe.
Run FRST.exe and click Fix only once and wait
That will delete the quarantine folder created by FRST.
The rest you can manually delete.

-------------------------------

Any questions...please post back.
If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again. (PM also found HERE)

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.