Jump to content

Recommended Posts

Hello,
 
I believe that my computer is infected with a root kit.
 
The first thing I noticed was that my firefox search extensions were rearranged and that a program called RocketTab was installed on my computer. I never conciously installed that program. Any attempts at uninstalling or deleting that program were unsuccessful so far, it always returns after reboot. This program is apparently located in the folder C:\Program Files\Search Extensions. First this folder contained only an uninstall.exe file. This is what virustotal says about that file:
 
 
Now the folder contains a whole bunch of files, among them one ironically named TrustedRoot.cer
I have attached the contents of that folder as a zip file.
 
Secondly, running or installing any anti-virus software is impossible and interrupted at some point by a different error message. I've tried Malwarebytes, Kaspersky Anti-Virus 2015, and Kaspersky TDSSKiller. I managed to run TDSSKiller in windows safe mode, and while it found no threats, it took particularly long to scan a file named mctadmin.exe which is apparently located at C:\Windows\System32. I also zipped and attached that file to this thread. While no virus scanner at virustotal identified it as a threat, one of the first hits when googling the name of that file is another malwarebytes forum thread describing symptoms very similar to mine:
 
 
Any help in this matter would be very highly appreciated!
 
Please also find attached my Farbar Recovery Scan Tool logfile and Addition.txt
 

 

Hello,

 
I believe that my computer is infected with a root kit.
 
The first thing I noticed was that my firefox search extensions were rearranged and that a program called RocketTab was installed on my computer. I never conciously installed that program. Any attempts at uninstalling or deleting that program were unsuccessful so far, it always returns after reboot. This program is apparently located in the folder C:\Program Files\Search Extensions. First this folder contained only an uninstall.exe file. This is what virustotal says about that file:
 
 
Now the folder contains a whole bunch of files, among them one ironically named TrustedRoot.cer
I have attached the contents of that folder as a zip file.
 
Secondly, running or installing any anti-virus software is impossible and interrupted at some point by a different error message. I've tried Malwarebytes, Kaspersky Anti-Virus 2015, and Kaspersky TDSSKiller. I managed to run TDSSKiller in windows safe mode, and while it found no threats, it took particularly long to scan a file named mctadmin.exe which is apparently located at C:\Windows\System32. I also zipped and attached that file to this thread. While no virus scanner at virustotal identified it as a threat, one of the first hits when googling the name of that file is another malwarebytes forum thread describing symptoms very similar to mine:
 
 
Any help in this matter would be very highly appreciated!
 
Please also find attached my Farbar Recovery Scan Tool logfile:
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 17-11-2014
Ran by Philip (administrator) on HELIOS on 17-11-2014 22:17:52
Running from D:\Downloads
Loaded Profile: Philip (Available profiles: Philip & UpdatusUser)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Juniper Networks) C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
() C:\Program Files\HDD Health\HDDHealthService.exe
() C:\Windows\System32\PnkBstrA.exe
(TomTom) D:\Programme\TomTom HOME 2\TomTomHOMEService.exe
(Renesas Electronics Corporation) C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
() C:\Windows\system\HsMgr.exe
(Nullsoft, Inc.) C:\Program Files\Winamp\winampa.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(CMedia) C:\Program Files\ASUS Xonar DS Audio\Customapp\AsusAudioCenter.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Dropbox, Inc.) C:\Users\Philip\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
() C:\Program Files\Search Extensions\Client.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(TeamSpeak Systems GmbH) C:\Program Files\TeamSpeak 3 Client\ts3client_win32.exe
(Nullsoft, Inc.) C:\Program Files\Winamp\winamp.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
() D:\Programme\QIP Infium\infium.exe
(Maple Studio) C:\Users\Philip\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe
(Maple Studio) C:\Users\Philip\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe
(Maple Studio) C:\Users\Philip\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe
(Maple Studio) C:\Users\Philip\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe
(Maple Studio) C:\Users\Philip\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe
(Maple Studio) C:\Users\Philip\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [NUSB3MON] => C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM\...\Run: [Cmaudio8788] => RunDll32 cmicnfgp.cpl,CMICtrlWnd
HKLM\...\Run: [Cmaudio8788GX] => C:\Windows\system\HsMgr.exe [200704 2008-07-11] ()
HKLM\...\Run: [WinampAgent] => C:\Program Files\Winamp\winampa.exe [85600 2013-12-13] (Nullsoft, Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKU\S-1-5-21-3863353782-2063135426-2818225667-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [3673728 2012-11-06] (DT Soft Ltd)
HKU\S-1-5-21-3863353782-2063135426-2818225667-1001\...\Run: [skype] => C:\Program Files\Skype\Phone\Skype.exe [22065760 2014-10-01] (Skype Technologies S.A.)
HKU\S-1-5-21-3863353782-2063135426-2818225667-1001\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-21-3863353782-2063135426-2818225667-1001\...\MountPoints2: H - H:\autorun.exe
HKU\S-1-5-21-3863353782-2063135426-2818225667-1001\...\MountPoints2: I - I:\SETUP.EXE
HKU\S-1-5-21-3863353782-2063135426-2818225667-1001\...\MountPoints2: K - K:\setup.exe
HKU\S-1-5-21-3863353782-2063135426-2818225667-1001\...\MountPoints2: {05ba20d7-558a-11e2-b16e-1c6f65465ca6} - H:\SETUP.EXE
HKU\S-1-5-21-3863353782-2063135426-2818225667-1001\...\MountPoints2: {29c0ff0a-4c53-11e4-813b-1c6f65465ca6} - E:\LaunchU3.exe -a
HKU\S-1-5-21-3863353782-2063135426-2818225667-1001\...\MountPoints2: {9651025c-580b-11e2-a7f2-1c6f65465ca6} - I:\SETUP.EXE
HKU\S-1-5-21-3863353782-2063135426-2818225667-1001\...\MountPoints2: {9651025f-580b-11e2-a7f2-1c6f65465ca6} - J:\autorun.exe
HKU\S-1-5-21-3863353782-2063135426-2818225667-1001\...\MountPoints2: {96510262-580b-11e2-a7f2-1c6f65465ca6} - K:\setup.exe
HKU\S-1-5-21-3863353782-2063135426-2818225667-1001\...\MountPoints2: {e61cbe9d-a1c8-11e1-91e3-1c6f65465ca6} - I:\AutoRunMorrowind.exe
Startup: C:\Users\Philip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Philip\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Philip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\taskmgr.lnk
ShortcutTarget: taskmgr.lnk -> C:\Windows\System32\taskmgr.exe (Microsoft Corporation)
ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [shareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyEnable: [s-1-5-21-3863353782-2063135426-2818225667-1001] => Internet Explorer proxy is enabled.
ProxyServer: [s-1-5-21-3863353782-2063135426-2818225667-1001] => http=127.0.0.1:49193;https=127.0.0.1:49193
HKU\S-1-5-21-3863353782-2063135426-2818225667-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
HKU\S-1-5-21-3863353782-2063135426-2818225667-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x5FD34D0C3335CD01
HKU\S-1-5-21-3863353782-2063135426-2818225667-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
SearchScopes: HKU\S-1-5-21-3863353782-2063135426-2818225667-1001 -> DefaultScope {13E76A80-3D1E-4CC8-9068-9E14ABA19477} URL = https://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=386496&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3863353782-2063135426-2818225667-1001 -> {13E76A80-3D1E-4CC8-9068-9E14ABA19477} URL = https://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=386496&p={searchTerms}
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-3863353782-2063135426-2818225667-1001 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{E8C775B5-1C3E-45FA-874A-F1850838E622}: [NameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\1nvqeehk.default
FF DefaultSearchEngine: LEO de<->en
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: LEO de<->en
FF Homepage: 
FF NetworkProxy: "backup.ftp", "194.36.10.156:3127"
FF NetworkProxy: "backup.ftp_port", 8080
FF NetworkProxy: "backup.gopher", "194.36.10.156:3127"
FF NetworkProxy: "backup.gopher_port", 8080
FF NetworkProxy: "backup.socks", "194.36.10.156:3127"
FF NetworkProxy: "backup.socks_port", 8080
FF NetworkProxy: "backup.ssl", "194.36.10.156:3127"
FF NetworkProxy: "backup.ssl_port", 8080
FF NetworkProxy: "ftp", "68.68.97.2"
FF NetworkProxy: "ftp_port", 3128
FF NetworkProxy: "gopher", "proxy.odem.org "
FF NetworkProxy: "gopher_port", 7007
FF NetworkProxy: "http", "68.68.97.2"
FF NetworkProxy: "http_port", 3128
FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1, stealthy.co"
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "68.68.97.2"
FF NetworkProxy: "socks_port", 3128
FF NetworkProxy: "ssl", "68.68.97.2"
FF NetworkProxy: "ssl_port", 3128
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3863353782-2063135426-2818225667-1001: ubisoft.com/uplaypc -> C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF SearchPlugin: C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\1nvqeehk.default\searchplugins\avaxhome.xml
FF SearchPlugin: C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\1nvqeehk.default\searchplugins\beemp3.xml
FF SearchPlugin: C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\1nvqeehk.default\searchplugins\biomedsearch.xml
FF SearchPlugin: C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\1nvqeehk.default\searchplugins\boersebz.xml
FF SearchPlugin: C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\1nvqeehk.default\searchplugins\bookya.xml
FF SearchPlugin: C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\1nvqeehk.default\searchplugins\dictionarycom.xml
FF SearchPlugin: C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\1nvqeehk.default\searchplugins\doi.xml
FF SearchPlugin: C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\1nvqeehk.default\searchplugins\ebay-kleinanzeigen.xml
FF SearchPlugin: C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\1nvqeehk.default\searchplugins\encyclopedia-dramatica-en.xml
FF SearchPlugin: C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\1nvqeehk.default\searchplugins\fallout-wiki.xml
FF SearchPlugin: C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\1nvqeehk.default\searchplugins\filestube.xml
FF SearchPlugin: C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\1nvqeehk.default\searchplugins\geizkragende-preisvergleich.xml
FF SearchPlugin: C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\1nvqeehk.default\searchplugins\google-blogs.xml
FF SearchPlugin: C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\1nvqeehk.default\searchplugins\google-books.xml
FF SearchPlugin: C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\1nvqeehk.default\searchplugins\google-directory.xml
FF SearchPlugin: C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\1nvqeehk.default\searchplugins\google-finance.xml
FF SearchPlugin: C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\1nvqeehk.default\searchplugins\google-groups.xml
FF SearchPlugin: C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\1nvqeehk.default\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\1nvqeehk.default\searchplugins\google-maps.xml
FF SearchPlugin: C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\1nvqeehk.default\searchplugins\google-news.xml
FF SearchPlugin: C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\1nvqeehk.default\searchplugins\google-products.xml
FF SearchPlugin: C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\1nvqeehk.default\searchplugins\google-scholar.xml
FF SearchPlugin: C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\1nvqeehk.default\searchplugins\google-trends.xml
FF SearchPlugin: C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\1nvqeehk.default\searchplugins\google-video.xml
FF SearchPlugin: C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\1nvqeehk.default\searchplugins\googlecom.xml
FF SearchPlugin: C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\1nvqeehk.default\searchplugins\idealode.xml
FF SearchPlugin: C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\1nvqeehk.default\searchplugins\iloadto.xml
FF SearchPlugin: C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\1nvqeehk.default\searchplugins\imdb.xml
FF SearchPlugin: C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\1nvqeehk.default\searchplugins\ineedfile.xml
FF SearchPlugin: C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\1nvqeehk.default\searchplugins\leo-de-en.xml
FF SearchPlugin: C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\1nvqeehk.default\searchplugins\library-of-congress.xml
FF SearchPlugin: C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\1nvqeehk.default\searchplugins\longman-english-dictionary.xml
FF SearchPlugin: C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\1nvqeehk.default\searchplugins\mrtzcmp3.xml
FF SearchPlugin: C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\1nvqeehk.default\searchplugins\mycroft-project.xml
FF SearchPlugin: C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\1nvqeehk.default\searchplugins\ncbi.xml
FF SearchPlugin: C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\1nvqeehk.default\searchplugins\openwetware-en.xml
FF SearchPlugin: C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\1nvqeehk.default\searchplugins\ponseu--polnisch--deutsch.xml
FF SearchPlugin: C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\1nvqeehk.default\searchplugins\pubmed.xml
FF SearchPlugin: C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\1nvqeehk.default\searchplugins\rapidshares.xml
FF SearchPlugin: C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\1nvqeehk.default\searchplugins\teledyskiinfo.xml
FF SearchPlugin: C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\1nvqeehk.default\searchplugins\thesauruscom.xml
FF SearchPlugin: C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\1nvqeehk.default\searchplugins\uespwiki-english.xml
FF SearchPlugin: C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\1nvqeehk.default\searchplugins\urban-dictionary.xml
FF SearchPlugin: C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\1nvqeehk.default\searchplugins\webster.xml
FF SearchPlugin: C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\1nvqeehk.default\searchplugins\wikigenes.xml
FF SearchPlugin: C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\1nvqeehk.default\searchplugins\wikimedia-commons.xml
FF SearchPlugin: C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\1nvqeehk.default\searchplugins\wolframalpha.xml
FF SearchPlugin: C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\1nvqeehk.default\searchplugins\worldcat-catalog.xml
FF SearchPlugin: C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\1nvqeehk.default\searchplugins\yahoo_ff.xml
FF SearchPlugin: C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\1nvqeehk.default\searchplugins\youtube-videosuche.xml
FF SearchPlugin: C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\1nvqeehk.default\searchplugins\youtube.xml
FF SearchPlugin: C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\1nvqeehk.default\searchplugins\ytmnd.xml
FF Extension: GFACE Experience Plugin - C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\1nvqeehk.default\Extensions\cryenginebrowserplugin@crytek.com [2013-11-07]
FF Extension: German Dictionary - C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\1nvqeehk.default\Extensions\de-DE@dictionaries.addons.mozilla.org [2014-06-10]
FF Extension: Dictionary Switcher - C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\1nvqeehk.default\Extensions\dictionary-switcher@design-noir.de [2014-02-19]
FF Extension: British English Dictionary - C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\1nvqeehk.default\Extensions\en-GB@dictionaries.addons.mozilla.org [2012-05-18]
FF Extension: FireShot - C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\1nvqeehk.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2014-11-10]
FF Extension: Biobar - C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\1nvqeehk.default\Extensions\{3e559c3c-4aad-4168-bd47-e1056298df8e} [2014-01-15]
FF Extension: EPUBReader - C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\1nvqeehk.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2014-08-23]
FF Extension: ChatZilla - C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\1nvqeehk.default\Extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} [2014-10-04]
FF Extension: ColorZilla - C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\1nvqeehk.default\Extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326} [2012-08-01]
FF Extension: FireFTP - C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\1nvqeehk.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f} [2014-10-16]
FF Extension: Download Statusbar - C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\1nvqeehk.default\Extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} [2012-05-18]
FF Extension: Menu Editor - C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\1nvqeehk.default\Extensions\{EDA7B1D7-F793-4e03-B074-E6F303317FB0} [2012-05-18]
FF Extension: ProxTube - C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\1nvqeehk.default\Extensions\ich@maltegoetz.de.xpi [2014-09-11]
FF Extension: Status-4-Evar - C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\1nvqeehk.default\Extensions\status4evar@caligonstudios.com.xpi [2012-05-18]
FF Extension: Stealthy - C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\1nvqeehk.default\Extensions\stealthyextension@gmail.com.xpi [2012-05-18]
FF Extension: Scientific Calculator - C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\1nvqeehk.default\Extensions\ststusscicalc@sunny.xpi [2012-05-18]
FF Extension: Tabs On Bottom - C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\1nvqeehk.default\Extensions\tabsonbottom@piro.sakura.ne.jp.xpi [2014-05-12]
FF Extension: Flagfox - C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\1nvqeehk.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2014-03-09]
FF Extension: Image Zoom - C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\1nvqeehk.default\Extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}.xpi [2013-04-16]
FF Extension: Nuke Anything Enhanced - C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\1nvqeehk.default\Extensions\{1ced4832-f06e-413f-aa14-9eb63ad40ace}.xpi [2014-10-19]
FF Extension: RSS Ticker - C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\1nvqeehk.default\Extensions\{1f91cde0-c040-11da-a94d-0800200c9a66}.xpi [2012-05-18]
FF Extension: ProxTube - C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\1nvqeehk.default\Extensions\{2541D29A-DB9E-4c1e-949A-31EFB4AEF4E7}.xpi [2014-07-29]
FF Extension: DragIt - C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\1nvqeehk.default\Extensions\{575cbcb9-3b7e-493a-b001-886b3ae793b5}.xpi [2012-05-18]
FF Extension: MR Tech Toolkit - C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\1nvqeehk.default\Extensions\{9669CC8F-B388-42FE-86F4-CB5E7F5A8BDC}.xpi [2012-05-18]
FF Extension: BBCodeXtra - C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\1nvqeehk.default\Extensions\{af79f858-4b25-4ca4-822b-b5db1be628fc}.xpi [2014-07-28]
FF Extension: Adblock Plus - C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\1nvqeehk.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-06-29]
FF Extension: Tab Mix Plus - C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\1nvqeehk.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2012-05-18]
FF Extension: DownThemAll! - C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\1nvqeehk.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2012-08-31]
FF Extension: Greasemonkey - C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\1nvqeehk.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2012-08-24]
FF Extension: User Agent Switcher - C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\1nvqeehk.default\Extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi [2012-05-18]
FF HKLM\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012-05-19]
 
Chrome: 
=======
CHR StartMenuInternet: Google Chrome - C:\Users\Philip\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 dsNcService; C:\Program Files\Juniper Networks\Common Files\dsNcService.exe [688240 2014-04-10] (Juniper Networks)
R2 HDDHealth; C:\Program Files\HDD Health\HDDHealthService.exe [17760 2013-03-08] () [File not signed]
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [75136 2012-05-19] ()
R2 TomTomHOMEService; D:\Programme\TomTom HOME 2\TomTomHOMEService.exe [93072 2013-07-02] (TomTom)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [121248 2012-08-26] (SlySoft, Inc.)
R3 cmudaxp; C:\Windows\System32\drivers\cmudaxp.sys [1760256 2011-03-10] (C-Media Inc)
R3 dsNcAdpt; C:\Windows\System32\DRIVERS\dsNcAdpt.sys [27648 2013-08-02] (Juniper Networks)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2013-01-03] (DT Soft Ltd)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [31088 2010-12-16] (Elaborate Bytes AG)
R3 nusb3hub; C:\Windows\System32\DRIVERS\nusb3hub.sys [62208 2010-11-19] (Renesas Electronics Corporation)
R3 nusb3xhc; C:\Windows\System32\DRIVERS\nusb3xhc.sys [141568 2010-11-19] (Renesas Electronics Corporation)
S3 WDC_SAM; C:\Windows\System32\DRIVERS\wdcsam.sys [11520 2008-05-12] (Western Digital Technologies) [File not signed]
S0 szkg5; system32\DRIVERS\szkg.sys [X]
S0 szkgfs; system32\drivers\szkgfs.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-17 22:17 - 2014-11-17 22:17 - 00000000 ____D () C:\FRST
2014-11-17 22:14 - 2014-11-17 22:14 - 00048815 _____ () C:\Windows\system32\mctadmin.zip
2014-11-17 22:11 - 2014-11-17 22:13 - 00001688 _____ () C:\Users\Philip\Desktop\aa.txt
2014-11-17 20:52 - 2014-11-17 20:52 - 00008211 _____ () C:\Users\Philip\Desktop\hijackthis.log
2014-11-15 14:29 - 2014-11-15 14:29 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Philip\Downloads\rkill (1).com
2014-11-14 20:14 - 2014-11-14 20:14 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-11-14 00:06 - 2014-11-14 20:12 - 00000000 ____D () C:\ProgramData\Kaspersky Lab Setup Files
2014-11-14 00:02 - 2014-11-14 00:02 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-12 19:02 - 2014-11-12 19:02 - 00000000 ____D () C:\ProgramData\FreeRIP MP3 Converter
2014-11-12 19:01 - 2014-11-17 20:43 - 00000000 ____D () C:\Program Files\Search Extensions
2014-11-12 19:00 - 2014-11-12 19:00 - 00000000 ____D () C:\Users\Philip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeRIP MP3 Converter
2014-10-22 22:25 - 2014-10-22 22:25 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2014-10-22 22:25 - 2014-10-22 22:25 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_wpdcomp_01_09_00.Wdf
2014-10-19 21:47 - 2014-10-19 21:47 - 00000000 ____D () C:\Users\Philip\AppData\Roaming\Oracle
2014-10-19 21:46 - 2014-10-19 21:46 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-10-19 21:46 - 2014-10-19 21:46 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-10-19 21:46 - 2014-10-19 21:46 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-10-19 21:46 - 2014-10-19 21:46 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-10-19 21:46 - 2014-10-19 21:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-10-19 21:46 - 2014-10-19 21:46 - 00000000 ____D () C:\Program Files\Java
2014-10-19 21:46 - 2014-10-19 21:46 - 00000000 ____D () C:\Program Files\Common Files\Java
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-17 22:15 - 2012-09-21 18:29 - 00000000 ____D () C:\Users\Philip\AppData\Roaming\Skype
2014-11-17 21:58 - 2012-07-28 20:46 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-17 20:58 - 2012-07-28 20:46 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-17 20:37 - 2010-11-20 22:01 - 01498506 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-17 20:22 - 2009-07-14 05:34 - 00020304 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-17 20:22 - 2009-07-14 05:34 - 00020304 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-17 20:18 - 2012-10-10 20:19 - 01730959 _____ () C:\Windows\WindowsUpdate.log
2014-11-17 20:15 - 2014-03-19 11:20 - 00015293 _____ () C:\Windows\setupact.log
2014-11-17 20:15 - 2013-12-22 16:28 - 00000000 ____D () C:\Users\Philip\AppData\Roaming\Dropbox
2014-11-17 20:15 - 2012-05-18 21:54 - 00000000 ____D () C:\Users\Philip\AppData\Roaming\TS3Client
2014-11-17 20:15 - 2012-05-18 21:32 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-11-17 20:15 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-14 20:04 - 2013-12-22 16:28 - 00000000 ____D () C:\Users\Philip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-11-14 00:16 - 2014-03-19 11:20 - 00022836 _____ () C:\Windows\PFRO.log
2014-11-13 23:25 - 2012-07-28 13:47 - 00008588 _____ () C:\Windows\cdplayer.ini
2014-11-13 23:16 - 2012-07-28 13:21 - 00001534 _____ () C:\ProgramData\ss.ini
2014-11-11 10:18 - 2012-05-18 22:16 - 00000000 ____D () C:\ProgramData\Zoom Player
2014-11-06 14:54 - 2012-07-28 20:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-11-05 14:20 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-31 08:16 - 2012-05-30 21:05 - 00000000 ____D () C:\Program Files\Steam
2014-10-27 22:48 - 2012-06-14 20:45 - 00000000 ____D () C:\Users\Philip\AppData\Roaming\vlc
2014-10-22 19:02 - 2012-05-18 23:37 - 00000000 ____D () C:\Program Files\JDownloader
2014-10-20 08:50 - 2014-06-23 23:22 - 00000000 ____D () C:\Users\Philip\AppData\Local\Adobe
2014-10-20 08:50 - 2012-07-19 23:04 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-10-20 08:50 - 2012-07-19 23:04 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-10-19 23:21 - 2012-07-27 19:08 - 00000116 _____ () C:\Windows\NeroDigital.ini
2014-10-19 21:47 - 2013-10-25 23:19 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-19 20:46 - 2009-07-14 05:53 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
 
Some content of TEMP:
====================
C:\Users\Philip\AppData\Local\Temp\DeskMetrics.dll
C:\Users\Philip\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpebhuti.dll
C:\Users\Philip\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Philip\AppData\Local\Temp\JuniperExt.exe
C:\Users\Philip\AppData\Local\Temp\JuniperSetupClientInstaller.exe
C:\Users\Philip\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Philip\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\Philip\AppData\Local\Temp\System.Data.SQLite35676.dll
C:\Users\Philip\AppData\Local\Temp\System.Data.SQLite37647.dll
C:\Users\Philip\AppData\Local\Temp\System.Data.SQLite43489.dll
C:\Users\Philip\AppData\Local\Temp\System.Data.SQLite44246.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-11-05 10:57
 
==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 17-11-2014

Ran by Philip at 2014-11-17 22:18:11
Running from D:\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKLM\...\uTorrent) (Version: 3.1.3 - )
2007 Microsoft Office Suite Service Pack 1 (SP1) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}) (Version:  - Microsoft)
2007 Microsoft Office Suite Service Pack 1 (SP1) (Version:  - Microsoft) Hidden
7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
AC3Filter 2.1a (HKLM\...\AC3Filter_is1) (Version: 2.1a - Alexander Vigovsky)
Accelrys Discovery Studio 3.5 Client (HKLM\...\{88BD4B2F-B6A7-462D-A8FC-D4B79FEE460E}) (Version: 3.50.0000 - Accelrys Software Inc.)
Accelrys License Pack (HKLM\...\{9D0A98A1-E339-4B43-9ACC-E06D8542B07F}) (Version: 7.6.7 - Accelrys Software Inc.)
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.2 - Adobe Systems)
Adobe Flash Player 10 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 10.0.12.36 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Photoshop 7.0.1 (HKLM\...\Adobe Photoshop 7.0.1) (Version: 7.0.1 - Adobe Systems, Inc.)
Adobe Reader XI (11.0.09) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
AnyDVD (HKLM\...\AnyDVD) (Version: 7.1.3.0 - SlySoft)
ASUS Xonar DS Audio Driver (HKLM\...\C-Media Oxygen HD Audio Driver) (Version:  - )
Audacity 2.0 (HKLM\...\Audacity_is1) (Version:  - Audacity Team)
Bass Audio Decoder (remove only) (HKLM\...\Bass Audio Decoder) (Version:  - )
BattlEye for OA Uninstall (HKLM\...\BattlEye for OA) (Version:  - )
Beyond Divinity (HKLM\...\Steam App 219760) (Version:  - Larian Studios)
CambridgeSoft Activation Client (HKLM\...\{863F58EF-467F-4BCC-A40B-D2304630DEA1}) (Version: 11.0 - CambridgeSoft Corporation)
CambridgeSoft Activation Client (HKLM\...\{E773E0B9-6ABE-4F9E-816C-56B2DD8613B9}) (Version: 12.0 - CambridgeSoft Corporation)
CambridgeSoft ChemBioOffice Ultra 2010 (HKLM\...\{D06EF6C2-62D8-4308-897E-B20FE81712B4}) (Version: 12.0 - CambridgeSoft Corporation)
CambridgeSoft ChemScript 12.0 (HKLM\...\{E145D9BE-D521-4527-A85D-2B2D47725506}) (Version: 12.0 - CambridgeSoft Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 3.18 - Piriform)
CD Audio Reader Filter (remove only) (HKLM\...\CD Audio Reader Filter) (Version:  - )
Classic Shell (HKLM\...\{9A4DB3C1-3B93-4CDC-9B9A-22C186079914}) (Version: 3.5.0 - IvoSoft)
Command & Conquer Generals (HKLM\...\InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}) (Version: 0.50.0000 - Electronic Arts)
Command & Conquer Generals (Version: 0.50.0000 - Electronic Arts) Hidden
Command and ConquerTM Generals Zero Hour (HKLM\...\InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}) (Version: 1.00.0000 - Electronic Arts)
Command and ConquerTM Generals Zero Hour (Version: 1.00.0000 - Electronic Arts) Hidden
CoolNovo (HKU\S-1-5-21-3863353782-2063135426-2818225667-1001\...\ChromePlus) (Version: 2.0.9.20 - The Maple Studio)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.46.1.0327 - DT Soft Ltd)
DayZ Commander (HKLM\...\{B5ABA6EA-2B01-455A-958A-7AF80EC604B9}) (Version: 1.09.53 - Dotjosh Open Source)
DCoder Image Source (remove only) (HKLM\...\DCoder Image Source) (Version:  - )
Deus Ex (HKLM\...\Deus Ex) (Version:  - )
Die Sims Deluxe (HKLM\...\{10798AE3-DCBB-43C3-9C93-C23512427E25}) (Version:  - )
DirectVobSub (remove only) (HKLM\...\DirectVobSub) (Version:  - )
Divine Divinity (HKLM\...\Steam App 214170) (Version:  - Larian Studios)
Dropbox (HKU\S-1-5-21-3863353782-2063135426-2818225667-1001\...\Dropbox) (Version: 2.10.52 - Dropbox, Inc.)
DScaler 5 Mpeg Decoders (HKLM\...\DScaler 5 Mpeg Decoders_is1) (Version:  - )
eMule (HKLM\...\eMule) (Version:  - )
EndNote X7 (HKLM\...\{86B3F2D6-AC2B-0017-8AE1-F2F77F781B0C}) (Version: 17.0.0.7072 - Thomson Reuters)
Eraser 6.0.10.2620 (HKLM\...\{A45C5EC7-F13E-4414-99BE-47373935C0FE}) (Version: 6.0.2620 - The Eraser Project)
Far Cry 3 Blood Dragon (HKLM\...\{A071F478-73E0-4143-AE55-4DD6BABD74F5}) (Version: 1.00 - Ubisoft)
ffdshow v1.2.4436 [2012-04-22] (HKLM\...\ffdshow_is1) (Version: 1.2.4436.0 - )
FFMPEG Core Files (remove only) (HKLM\...\FFMPEG Core Files) (Version:  - )
Free YouTube to MP3 Converter version 3.11.35.1031 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: 3.11.35.1031 - DVDVideoSoft Ltd.)
FreeRIP MP3 Converter 4.5.2 (HKLM\...\{501451DE-5808-4599-B544-8BD0915B6B24}_is1) (Version: 4.5.2 - GreenTree Applications SRL)
Gabest MPEG Splitter (remove only) (HKLM\...\Gabest MPEG Splitter) (Version:  - )
Google Drive (HKLM\...\{C60F3836-333A-4AE2-B526-CFDBA143A9BA}) (Version: 1.18.7821.2489 - Google, Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
GraphPad Prism 6 (HKLM\...\{606443B0-9831-11DC-5F90-015CFB7A6952}) (Version: 6.01 - GraphPad Software)
Haali Media Splitter (HKLM\...\HaaliMkx) (Version:  - )
HandBrake 0.9.8 (HKLM\...\HandBrake) (Version: 0.9.8 - )
HDD Health v4.2 (HKLM\...\HDD Health_is1) (Version:  - )
HP Deskjet 3050A J611 series - Grundlegende Software für das Gerät (HKLM\...\{DC2C5DE5-8315-48C3-8866-DC3A7C88DC84}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
Icewind Dale - Heart of Winter (HKLM\...\{433BF933-81D6-4646-A318-3DE5DB6108F2}) (Version:  - )
Icewind Dale (HKLM\...\Icewind Dale) (Version:  - )
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!)
Inkscape 0.48.2 (HKLM\...\Inkscape) (Version: 0.48.2 - )
Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
JavaFX 2.1.1 (HKLM\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
JDownloader 0.9 (HKLM\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
Juniper Networks Network Connect 7.1.8 (HKLM\...\Juniper Network Connect 7.1.8) (Version: 7.1.8.20737 - Juniper Networks)
Juniper Networks Network Connect 7.2.0 (HKLM\...\Juniper Network Connect 7.2.0) (Version: 7.2.0.21697 - Juniper Networks)
Juniper Networks Network Connect 7.3.0 (HKLM\...\Juniper Network Connect 7.3.0) (Version: 7.3.0.26561 - Juniper Networks)
Juniper Networks Network Connect 7.4.0 (HKLM\...\Juniper Network Connect 7.4.0) (Version: 7.4.0.30667 - Juniper Networks)
Juniper Networks, Inc. Setup Client (HKU\S-1-5-21-3863353782-2063135426-2818225667-1001\...\Juniper_Setup_Client) (Version: 7.4.9.45013 - Juniper Networks, Inc.)
Juniper Networks, Inc. Setup Client Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks, Inc.)
LAV Filters 0.50.2 (HKLM\...\lavfilters_is1) (Version: 0.50.2 - Hendrik Leppkes)
Magic Set Editor 2.0.0 (HKLM\...\Magic Set Editor 2_is1) (Version:  - )
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6215.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MidiEditor (HKU\S-1-5-21-3863353782-2063135426-2818225667-1001\...\MidiEditor) (Version:  - )
ModPlug Player (HKLM\...\ModPlug Player v1.46_is1) (Version: 1.46 - Olivier Lapicque/MODPlug Central)
MozBackup 1.5.1 (HKLM\...\MozBackup) (Version:  - Pavel Cvrcek)
Mozilla Firefox 32.0.3 (x86 de) (HKLM\...\Mozilla Firefox 32.0.3 (x86 de)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 24.5.0 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 de) (HKLM\...\Mozilla Thunderbird 24.6.0 (x86 de)) (Version: 24.6.0 - Mozilla)
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
NapiProjekt (2.1.1.2314) (HKLM\...\NapiProjekt_is1) (Version:  - )
Nero 6 Ultra Edition (HKLM\...\Nero - Burning Rom!UninstallKey) (Version:  - )
Nokia Connectivity Cable Driver (HKLM\...\{A57025CC-5F2E-4D01-B387-06DB10500D43}) (Version: 7.1.78.0 - Nokia)
Nokia PC Suite (HKLM\...\Nokia PC Suite) (Version: 7.1.180.94 - Nokia)
Nokia PC Suite (Version: 7.1.180.94 - Nokia) Hidden
NVIDIA 3D Vision Controller-Treiber 285.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 285.62 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 306.97 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 306.97 - NVIDIA Corporation)
NVIDIA Grafiktreiber 306.97 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 306.97 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.2.24.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.2.24.0 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.11.0621 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.11.0621 - NVIDIA Corporation)
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
OpenAL (HKLM\...\OpenAL) (Version:  - )
OpenSource AVI Splitter (remove only) (HKLM\...\OpenSource AVI Splitter) (Version:  - )
OpenSource DTS/AC3/DD+ Source Filter (remove only) (HKLM\...\OpenSource DTS/AC3/DD+ Source Filter) (Version:  - )
OpenSource Flash Video Splitter (remove only) (HKLM\...\OpenSource Flash Video Splitter) (Version:  - )
Papers, Please (HKLM\...\GOGPACKPAPERSPLEASE_is1) (Version: 2.0.0.4 - GOG.com)
PC Connectivity Solution (HKLM\...\{644F4910-E812-49AD-93EC-86828CB81A0D}) (Version: 12.0.27.0 - Nokia)
Python 2.5 (HKLM\...\{0A2C5854-557E-48C8-835A-3B9F074BDCAA}) (Version: 2.5.150 - Martin v. Löwis)
Python 2.5 pywin32-210 (HKLM\...\pywin32-py2.5) (Version:  - )
QIP Infium 3.0.9044 (HKU\S-1-5-21-3863353782-2063135426-2818225667-1001\...\QIP Infium) (Version: 3.0.9044 - )
QuickTime Alternative 3.2.2 (HKLM\...\QuicktimeAlt_is1) (Version: 3.2.2 - )
Renesas Electronics USB 3.0 Host Controller Driver (HKLM\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.30.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (Version: 2.0.30.0 - Renesas Electronics Corporation) Hidden
ResearchSoft Direct Export Helper (HKLM\...\ResearchSoft Direct Export Helper) (Version:  - Thomson Reuters)
RTP 1.32 Add-On for RM2k (HKLM\...\RTP 1.32 Add-On for RM2k) (Version:  - )
RTP for RM2K (Png, Wav, Midi, Fonts) (HKLM\...\RTP for RM2K (Png, Wav, Midi, Fonts)) (Version:  - )
Six Updater (HKLM\...\{AD42165D-FF3C-4975-A130-7AA2801AB5DD}) (Version: 2.09.7042 - Six Projects)
Skype™ 6.21 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
Starcraft (HKLM\...\Starcraft) (Version:  - )
Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Super Hexagon (HKLM\...\Steam App 221640) (Version:  - Terry Cavanagh)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
The Nameless Mod (HKLM\...\The Nameless Mod) (Version:  - )
TomTom HOME (HKLM\...\{99072AB4-D795-44D5-9D65-E3C9F8322C97}) (Version: 2.9.6 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (HKLM\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
TreeSize Free V3.0 (HKLM\...\TreeSize Free_is1) (Version: 3.0 - JAM Software)
VLC media player 2.0.1 (HKLM\...\VLC media player) (Version: 2.0.1 - VideoLAN)
Winamp (HKLM\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKU\S-1-5-21-3863353782-2063135426-2818225667-1001\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows-Treiberpaket - Nokia Modem  (02/25/2011 4.7) (HKLM\...\E0AC723A3DE3A04256288CADBBB011B112AED454) (Version: 02/25/2011 4.7 - Nokia)
Windows-Treiberpaket - Nokia Modem  (02/25/2011 7.01.0.9) (HKLM\...\72A50F48CC5601190B9C4E74D81161693133E7F7) (Version: 02/25/2011 7.01.0.9 - Nokia)
Windows-Treiberpaket - Nokia pccsmcfd “LegacyDriver”  (05/31/2012 7.1.2.0) (HKLM\...\17D063A0A9F5D5A225B76B1D9BCB5ADBE85C8382) (Version: 05/31/2012 7.1.2.0 - Nokia)
WinRAR 4.20 beta 1 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.1 - win.rar GmbH)
xp-AntiSpy 3.98-2 (HKLM\...\xp-AntiSpy) (Version:  - Christian Taubenheim)
Zoom Player (remove only) (HKLM\...\ZoomPlayer) (Version:  - )
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-3863353782-2063135426-2818225667-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Philip\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3863353782-2063135426-2818225667-1001_Classes\CLSID\{97D17A04-4438-4C8E-BAC7-BC21B8B9E999}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3863353782-2063135426-2818225667-1001_Classes\CLSID\{E6EF7AC8-3EAA-4751-9306-6E7F75CAE1C7}\localserver32 -> C:\Users\Philip\AppData\Local\MapleStudio\ChromePlus\Application\2.0.9.20\delegate_execute.exe (Maple Studio)
CustomCLSID: HKU\S-1-5-21-3863353782-2063135426-2818225667-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Philip\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3863353782-2063135426-2818225667-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Philip\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3863353782-2063135426-2818225667-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Philip\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3863353782-2063135426-2818225667-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Philip\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3863353782-2063135426-2818225667-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Philip\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3863353782-2063135426-2818225667-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Philip\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3863353782-2063135426-2818225667-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Philip\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3863353782-2063135426-2818225667-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Philip\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
 
==================== Restore Points  =========================
 
05-09-2014 20:17:14 Geplanter Prüfpunkt
24-09-2014 22:11:01 Geplanter Prüfpunkt
03-10-2014 08:57:41 Geplanter Prüfpunkt
19-10-2014 20:46:38 Installed Java 7 Update 71
03-11-2014 11:10:05 Geplanter Prüfpunkt
13-11-2014 22:27:18 Installed STOPzilla
13-11-2014 23:13:05 Installed STOPzilla
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 03:04 - 2012-05-19 12:37 - 00001805 ___RA C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net
 
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {51D52902-36B3-4379-8708-801912508A7F} - System32\Tasks\RocketTab => cmd.exe /C start "" "C:\Program Files\Search Extensions\Client.exe" /Preferred=true <==== ATTENTION
Task: {8C3935B2-CC1A-4DFA-9649-3DFE776E29EC} - System32\Tasks\hpUrlLauncher.exe_{C05347D7-ECF5-44AC-BFEA-5CD60B5B0DDD} => C:\Users\Philip\AppData\Local\Temp\7zS0D3E\utils\hpUrlLauncher.exe <==== ATTENTION
Task: {8CB82FD4-A005-4E0C-9D1C-9D74E0EAD61D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-07-28] (Google Inc.)
Task: {9813E513-92B5-4D7E-B292-78DF1B811300} - System32\Tasks\RocketTab Update Task => C:\Program Files\Search Extensions\uninstall.exe <==== ATTENTION
Task: {B85795AB-6BA2-4DEE-889A-5AB6B6625649} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-07-28] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2012-05-18 21:32 - 2012-10-02 20:28 - 00079208 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2013-07-23 08:35 - 2013-03-08 08:54 - 00017760 _____ () C:\Program Files\HDD Health\HDDHealthService.exe
2012-05-19 22:48 - 2012-05-19 22:48 - 00075136 _____ () C:\Windows\system32\PnkBstrA.exe
2012-05-18 21:52 - 2008-07-11 14:04 - 00200704 ____N () C:\Windows\system\HsMgr.exe
2012-05-18 21:52 - 2011-04-19 13:56 - 00143360 ____N () C:\Program Files\ASUS Xonar DS Audio\Customapp\VmixP8.dll
2014-11-17 20:15 - 2014-11-17 20:15 - 00043008 _____ () c:\users\philip\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpebhuti.dll
2013-08-23 20:01 - 2013-08-23 20:01 - 25100288 _____ () C:\Users\Philip\AppData\Roaming\Dropbox\bin\libcef.dll
2014-11-13 22:56 - 2014-11-13 22:56 - 05811432 _____ () C:\Program Files\Search Extensions\Client.exe
2014-03-15 20:06 - 2014-03-15 20:06 - 00148480 _____ () C:\Program Files\TeamSpeak 3 Client\quazip.dll
2014-03-15 20:06 - 2014-03-15 20:06 - 00864768 _____ () C:\Program Files\TeamSpeak 3 Client\platforms\qwindows.dll
2014-03-15 20:06 - 2014-03-15 20:06 - 00677376 _____ () C:\Program Files\TeamSpeak 3 Client\sqldrivers\qsqlite.dll
2012-04-20 10:18 - 2014-08-06 19:25 - 00092104 _____ () C:\Program Files\TeamSpeak 3 Client\soundbackends\directsound_win32.dll
2012-04-20 10:18 - 2014-08-06 19:25 - 00105416 _____ () C:\Program Files\TeamSpeak 3 Client\soundbackends\windowsaudiosession_win32.dll
2014-03-15 20:06 - 2014-03-15 20:06 - 00025600 _____ () C:\Program Files\TeamSpeak 3 Client\imageformats\qgif.dll
2014-03-15 20:06 - 2014-03-15 20:06 - 00242688 _____ () C:\Program Files\TeamSpeak 3 Client\imageformats\qjpeg.dll
2012-04-20 10:18 - 2014-08-06 19:25 - 00117704 _____ () C:\Program Files\TeamSpeak 3 Client\plugins\appscanner_plugin.dll
2012-04-20 10:18 - 2014-08-06 19:25 - 00477128 _____ () C:\Program Files\TeamSpeak 3 Client\plugins\clientquery_plugin.dll
2013-09-18 15:57 - 2014-08-06 19:25 - 00484808 _____ () C:\Program Files\TeamSpeak 3 Client\plugins\teamspeak_control_plugin.dll
2014-03-15 20:06 - 2014-03-15 20:06 - 00123904 _____ () C:\Program Files\TeamSpeak 3 Client\accessible\qtaccessiblewidgets.dll
2014-09-30 18:20 - 2007-03-13 18:25 - 00061535 _____ () C:\Program Files\Winamp\Plugins\in_gbs.dll
2007-07-21 17:52 - 2007-07-21 17:52 - 00163840 _____ () C:\Program Files\Winamp\Plugins\unrar.dll
2014-02-18 23:15 - 2012-04-29 22:09 - 00487424 _____ () C:\Program Files\Winamp\Plugins\in_vgm.dll
2013-12-13 03:47 - 2013-12-13 03:47 - 00333824 _____ () C:\Program Files\Winamp\Plugins\freeform\wacs\freetype\freetype.wac
2014-09-25 11:19 - 2014-09-25 11:19 - 03715184 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2009-05-03 22:17 - 2010-12-23 17:52 - 06012800 _____ () D:\Programme\QIP Infium\infium.exe
2010-05-11 18:48 - 2010-12-23 17:52 - 00087424 _____ () D:\Programme\QIP Infium\Core\WebWindow.dll
2009-05-03 22:17 - 2010-12-23 17:52 - 01994112 _____ () D:\Programme\QIP Infium\Protos\InfICQ\InfICQ.dll
2009-05-03 22:17 - 2010-12-23 17:52 - 01705344 _____ () D:\Programme\QIP Infium\Protos\MRA\MRA.dll
2009-05-03 22:17 - 2010-12-23 17:52 - 00052096 _____ () D:\Programme\QIP Infium\Protos\MRA\pics.dll
2010-05-11 18:48 - 2010-12-23 17:52 - 00489344 _____ () D:\Programme\QIP Infium\Protos\Social\Social.dll
2010-05-29 18:18 - 2010-05-27 16:58 - 00323024 _____ () D:\Programme\QIP Infium\Plugins\smssend\smssend.dll
2009-05-03 22:18 - 2010-12-23 17:52 - 04651392 _____ () D:\Programme\QIP Infium\Core\voip.dll
2009-05-03 22:18 - 2010-12-23 17:52 - 00634240 _____ () D:\Programme\QIP Infium\Core\YLUSBTEL.dll
2014-03-18 17:01 - 2013-08-21 11:48 - 00599968 _____ () C:\Users\Philip\AppData\Local\MapleStudio\ChromePlus\Application\2.0.9.20\libglesv2.dll
2014-03-18 17:01 - 2013-08-21 11:48 - 00124832 _____ () C:\Users\Philip\AppData\Local\MapleStudio\ChromePlus\Application\2.0.9.20\libegl.dll
2014-03-18 17:01 - 2013-08-21 11:48 - 04051408 _____ () C:\Users\Philip\AppData\Local\MapleStudio\ChromePlus\Application\2.0.9.20\pdf.dll
2014-03-18 17:01 - 2013-08-21 11:48 - 00393120 _____ () C:\Users\Philip\AppData\Local\MapleStudio\ChromePlus\Application\2.0.9.20\ppGoogleNaClPluginChrome.dll
2014-03-18 17:01 - 2013-08-21 11:48 - 01597856 _____ () C:\Users\Philip\AppData\Local\MapleStudio\ChromePlus\Application\2.0.9.20\ffmpegsumo.dll
2014-03-18 17:01 - 2013-08-21 11:48 - 13136336 _____ () C:\Users\Philip\AppData\Local\MapleStudio\ChromePlus\Application\2.0.9.20\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk => C:\Windows\pss\Adobe Gamma Loader.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HDDHealth.lnk => C:\Windows\pss\HDDHealth.lnk.CommonStartup
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Eraser => "C:\PROGRA~1\Eraser\Eraser.exe" --atRestart
MSCONFIG\startupreg: NeroFilterCheck => C:\Windows\system32\NeroCheck.exe
MSCONFIG\startupreg: TomTomHOME.exe => "D:\Programme\TomTom HOME 2\TomTomHOMERunner.exe" -s
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-3863353782-2063135426-2818225667-500 - Administrator - Disabled)
Gast (S-1-5-21-3863353782-2063135426-2818225667-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3863353782-2063135426-2818225667-1002 - Limited - Enabled)
Philip (S-1-5-21-3863353782-2063135426-2818225667-1001 - Administrator - Enabled) => C:\Users\Philip
UpdatusUser (S-1-5-21-3863353782-2063135426-2818225667-1003 - Limited - Enabled) => C:\Users\UpdatusUser
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/17/2014 08:16:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/15/2014 02:25:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/15/2014 11:00:55 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/14/2014 08:24:22 PM) (Source: MsiInstaller) (EventID: 11719) (User: Helios)
Description: Programm: Kaspersky Anti-Virus -- Fehler 1719. Der Installationsassistent ist nicht verfügbar. Wenden Sie sich bitte an den Technischen Support und stellen Sie sicher, dass dieser registriert und verfügbar ist.
 
Error: (11/14/2014 08:23:23 PM) (Source: MsiInstaller) (EventID: 11719) (User: Helios)
Description: Programm: Kaspersky Anti-Virus -- Fehler 1719. Der Installationsassistent ist nicht verfügbar. Wenden Sie sich bitte an den Technischen Support und stellen Sie sicher, dass dieser registriert und verfügbar ist.
 
Error: (11/14/2014 08:17:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/14/2014 08:15:19 PM) (Source: MsiInstaller) (EventID: 11719) (User: Helios)
Description: Programm: Kaspersky Anti-Virus -- Fehler 1719. Der Installationsassistent ist nicht verfügbar. Wenden Sie sich bitte an den Technischen Support und stellen Sie sicher, dass dieser registriert und verfügbar ist.
 
Error: (11/14/2014 08:13:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/14/2014 08:13:09 PM) (Source: MsiInstaller) (EventID: 11719) (User: Helios)
Description: Programm: Kaspersky Anti-Virus -- Fehler 1719. Der Installationsassistent ist nicht verfügbar. Wenden Sie sich bitte an den Technischen Support und stellen Sie sicher, dass dieser registriert und verfügbar ist.
 
Error: (11/14/2014 08:05:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (11/17/2014 08:34:46 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
 
Error: (11/17/2014 08:34:45 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
 
Error: (11/17/2014 08:17:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069
 
Error: (11/17/2014 08:17:09 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330
 
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
 
Error: (11/17/2014 08:15:09 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
szkg5
szkgfs
 
Error: (11/17/2014 08:15:08 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem Fehler beendet: 
%%-2147014847
 
Error: (11/15/2014 02:27:03 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
 
Error: (11/15/2014 02:27:01 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
 
Error: (11/15/2014 02:24:07 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068
 
Error: (11/15/2014 02:24:07 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068
 
 
Microsoft Office Sessions:
=========================
Error: (06/14/2012 00:57:58 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6214.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 965 seconds with 840 seconds of active time.  This session ended with a crash.
 
 
==================== Memory info =========================== 
 
Processor: AMD Phenom II X4 955 Processor
Percentage of memory in use: 60%
Total physical RAM: 3325.55 MB
Available physical RAM: 1309.98 MB
Total Pagefile: 6649.39 MB
Available Pagefile: 4306.61 MB
Total Virtual: 2999.88 MB
Available Virtual: 2827.32 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:119.14 GB) (Free:43.13 GB) NTFS
Drive d: (HDD) (Fixed) (Total:931.5 GB) (Free:298.25 GB) NTFS
Drive e: (PB) (Removable) (Total:7.48 GB) (Free:1.87 GB) FAT32
Drive h: (BROODWAR) (CDROM) (Total:0.68 GB) (Free:0 GB) CDFS
Drive i: (STARCRAFT) (CDROM) (Total:0.62 GB) (Free:0 GB) CDFS
Drive j: (IWD HOW) (CDROM) (Total:0.63 GB) (Free:0 GB) UDF
Drive k: () (CDROM) (Total:0.63 GB) (Free:0 GB) CDFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: 288CE4A5)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=119.1 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: FEA46F2C)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=42)
 
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 7.5 GB) (Disk ID: 00000000)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================

 

 

Link to post
Share on other sites
  • Staff

Hello,
    
 
They call me TwinHeadedEagle around here, and I'll be working with you.
 
     
    
Before we start please read and note the following:

  • Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
  • Please be patient. I know it is frustrating when your PC isn't working properly, but malware removal takes time.
  • Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
  • Do not paste the logs in your posts, attachments make my work easier. There is a More reply options button, that gives you Upload Files option below which you can use to attach your reports. Always attach reports from all tools.
  • Always execute my instructions in given order. If for some reason you cannot completely follow one instruction, inform me about that.
  • Stay with me to the end, the absence of symptoms doesn't mean that your machine is fully operational.
  • Note that we may live in totally different time zones, what may cause some delays between answers.
  • Do not ask for help for your business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.

:excl: I can't foresee everything, so if anything unexpected happens, please stop and inform me!
:excl: There are no silly questions. Never be afraid to ask if in doubt!
 
 
 
  warning.gif Rules and policies
 
We won't support any piracy.
That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!
The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!
 
Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.
 
 
 
 
Download 51a5f31352b88-icon_MBAR.pngMalwarebytes Anti-Rootkit to your desktop.

  • Double-click the icon to start the tool.
  • It will ask you where to extract it, then it will start.
  • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
  • Click in the introduction screen "next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
  • When the scan is finished and no malware has been found select "Exit".
  • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
  • Open the MBAR folder and paste the content of the following files in your next reply:
    • "mbar-log-{date} (xx-xx-xx).txt"
    • "system-log.txt"

 

 

 

 

FRST.gif Scan with Farbar Recovery Scan Tool
 
Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content into your next reply.

Link to post
Share on other sites

Hello TwinHeadedEagle,

 

thank you for your help!

 

I downloaded and started Malwarebytes Anti-Rootkit as instructed, however the unpacking was interrupted with the message 7-Zip: Data error. The archive is corrupted. This also happened after downloading the file again and when trying to run it in Windows safe mode.

 

I also ran Farbar Recovery Scan Tool as administrator, the logs are attached.

FRST.txt

Addition.txt

Link to post
Share on other sites

Download was sucessful as far as I can tell, anyway I downloaded it again just to be sure, with the same result. Antivirus is disabled. I now downloaded it on another computer now, and it runs successfully on that computer. I will try to copy and then run it on the infected computer later today if you approve.

Link to post
Share on other sites
  • Staff

Yes, try to move it unpacked and then run it.
 
If it fails again, try this:
 
 
 
TDSSKiller_Kaspersky.png Scan with TDSSKiller
 
Please download TDSSKiller by Kaspersky and save it to your desktop.

  • Right-click on TDSSKiller_Kaspersky.png
  • icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Click on Change parameters and put a checkmark beside Loaded modules. A reboot will be needed to apply the changes, allow it to do so.
  • Your machine may appear very slow and unusable after that - it's normal.
  • TDSSKiller will run automaticaly. Click on Change parameters and click OK.
  • Click the Start Scan button and wait patiently.
  • If anything will be found follow this guidelines:
    • If a suspicious object is detected, the default action will be Skip, click on Continue.
    • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
      Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
      If Cure is not available, please choose Skip instead.
    • Do not choose Delete unless instructed!
    A report will be created in your root directory, (usually C:\ drive) in the form of TDSSKiller.[Version]_[Date]_[Time]_log.txt. Please include the contents of that file in your next post.

 

 

 

adwcleaner_new.png Fix with AdwCleaner
 
Please download AdwCleaner by Xplode and save the file to your Desktop.

  • Right-click on adwcleaner_new.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait until the database is updated.
  • Accept the Terms of use and click Scan.
  • When finished, please click Clean.
  • Upon completion, click Report. A log (AdwCleaner[s*].txt) will open.

Please include the contents of that file in your reply.
 
Note: Reports will be saved in your system partition, usually at C:\Adwcleaner

Link to post
Share on other sites

I ran all the scans with Malwarebytes Anti-Rootkit, TDSSKiller, and AdwCleaner. Interestingly, TDSSKiller can now be run in regular Windows except only in safe mode, as previously. All three scans returned no results. I attached the logs.

mbar-log-2014-11-19 (19-50-32).txt

system-log.txt

TDSSKiller.3.0.0.41_19.11.2014_20.48.53_log.txt

AdwCleanerR0.txt

Link to post
Share on other sites
  • Staff

Let's try this way:
 
 
mbam-old.png Uninstall outdated Malwarebytes' Anti-Malware
 
Please download MBAM-clean and save it to your desktop.

  • Right-click on mbam-clean.exe icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • It will ask you to reboot the machine - please do so.

After that follow my next instructions to download & install the newset MBAM version.
 
 
 
51a46ae42d560-malwarebytes_anti_malware. Scan with Malwarebytes' Anti-Malware
 
Please download Malwarebytes Anti-Malware and save it to your desktop.

  • Install the progam and select update.
  • Once updated, click the Settings tab, in the left panel choose Detctions & protection and tick Scan for rootkits.
  • Click the Scan tab, choose Threat Scan is checked and click Scan Now.
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the Scan Log.
  • At the bottom click Export and choose Text file.

Save the file to your desktop and include its content in your next reply.

Link to post
Share on other sites

OK, I think I got that one solved, apparently it was an error with Malwarebytes not recognizing the database update. It tried to update a few more times and then it worked. I ran a scan as you described, and no malware was found, however it found three potentially unwanted files. I've attached the log, however it's empty. The names of the files are:

 

PUP.Optional.Spigot.A, C:\Users\Philip\AppData\Local\Temp\~sp53DC.tmp

PUP.Optional.Spigot.A, C:\Users\Philip\AppData\Local\Temp\~sp65D6.tmp

PUP.Optional.Spigot.A, C:\Users\Philip\AppData\Local\Temp\nsy678A.tmp\SP.dll

mwb log.txt

Link to post
Share on other sites
  • Staff

Glad I could help. We will delete all used tools and I'll give you some tips to harden your security and learn how to protect yourself :)
 
 

Recommended reading:

 
 
icon_exclaim.gifMUST READ - security tips:

icon_exclaim.gifMUST READ - general maintenance:

The Importance of Software Updating:

 

 
In order to stay protected it is very important that you regularly update all of your software. Cybercriminals depend on the apathy of users around software updates to keep their malicious endeavor running.
 
Operating systems, such as Windows, and applications, such as Adobe Reader or JAVA, are used by tens of millions of computers and devices around the world, making them a huge target for cybercriminals. Downloading updates and installing them can sometimes be tedious, but the advantages you get from the updates are certainly worth it.

Recommended additional software:

 
 
icon_arrow.gifTFC - to clean unneeded temporary files.
icon_arrow.gifMalwarebytes' Anti-Malware - to scan your system from time to time in search for malware.
icon_arrow.gifMalwarebytes' Anti-Exploit - to prevent plenty of mostly exploited vulnerabilities.
icon_arrow.gifMcShield - to prevent infections spread by removable media.
icon_arrow.gifUnchecky - to prevent from installing additional foistware, implemented in legitimate installations.
icon_arrow.gifFiheHippo.com Update Checker - to keep your programs up-to-date.
icon_arrow.gifAdblock - to surf the web without annoying ads! 
 
 

Post-cleanup procedures:

 

 
Download DelFix by Xplode and save it to your desktop.

  • Run the tool by right click on the 51a5ce45263de-delfix.png icon and Run as administrator option.
  • Make sure that these ones are checked:
    • Remove disinfection tools
    • Purge system restore
    • Reset system settings
  • Push Run.
  • The program will run for a few seconds and display a notepad report. You do not need to attach it.

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning. 
 
 
 


My help is free for everybody.

If you're happy with the help provided and/or wish to buy me a beer for the assistance you received, then you can consider a donation: xbtn_donate_SM.gif.pagespeed.ic.MMi5tqVp

Thank you!

 
 
Stay safe,
TwinHeadedEagle   :)

Link to post
Share on other sites
  • 2 weeks later...
  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.