Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

(suspected) ZeroAccess infection - help please


  • This topic is locked This topic is locked
9 replies to this topic

#1 nikolajlh

nikolajlh

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:26 PM

Posted 09 June 2013 - 07:19 PM

So for a couple of weeks now I haven't been able to turn windows defender on but as I had a lot of stuff on my plate I never really investigated the issue. 

After 6 hours of researching online and several scans with various anti virus programs and anti-zeroaccess programs I still can't turn windows defender on nor install MSE.

 

Anyway here is the scan result of FRST. Hope you guys out there can help me out on this one.

 

Best regards, 

 

Nikolaj

-----------------------------

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-06-2013
Ran by Nikolaj Hansen (administrator) on 10-06-2013 02:13:56
Running from C:\Users\Nikolaj Hansen\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(NVIDIA Corporation) C:\windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Juniper Networks) C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(SFR) C:\Program Files (x86)\SFR\Kit\9props.exe
(Spotify Ltd) C:\Users\Nikolaj Hansen\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [12558440 2011-07-12] (Realtek Semiconductor)
HKLM\...\Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp [10358784 2011-11-14] (Intel Corporation)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2784552 2011-05-13] (Synaptics Incorporated)
HKCU\...\Run: [AdobeBridge]  [x]
HKCU\...\Run: [C3]  [x]
HKCU\...\Run: [Connexion SFR 9props.exe] "C:\Program Files (x86)\SFR\Kit\9props.exe" /trayicon [959880 2011-06-10] (SFR)
HKCU\...\Run: [Spotify Web Helper] "C:\Users\Nikolaj Hansen\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [1104384 2013-06-06] (Spotify Ltd)
HKCU\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [3672640 2013-03-14] (Disc Soft Ltd)
MountPoints2: {19f7a56a-6e82-11e2-8456-b80305944660} - D:\INSTALL.EXE
MountPoints2: {c0de094c-3794-11e2-82b2-b80305944660} - D:\setup.exe
HKLM-x32\...\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [2255184 2013-05-15] (LogMeIn Inc.)
HKU\Default\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [x]
HKU\Default User\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [x]
AppInit_DLLs: C:\windows\system32\nvinitx.dll [226920 2011-06-05] (NVIDIA Corporation)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung.msn.com
URLSearchHook: (No Name) - {7473b6bd-4691-4744-a82b-7854eb3d70b6} -  No File
URLSearchHook: (No Name) - {05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} -  No File
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Objet d'aide à la navigation SFR - {0F6E720A-1A6B-40E1-A294-1D4D19F156C8} - C:\Program Files (x86)\SFR\Kit\SFRNavErrorHelper.dll (SFR)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: No Name - {1d970ed5-3eda-438d-bffd-715931e2775b} -  No File
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} https://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5-x64 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 05 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
 
FireFox:
========
FF ProfilePath: C:\Users\Nikolaj Hansen\AppData\Roaming\Mozilla\Firefox\Profiles\user.js
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
Chrome: 
=======
 
==================== Services (Whitelisted) =================
 
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] ()
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] ()
S2 Orange update Core Service; C:\Program Files (x86)\Orange\OrangeUpdate\Service\OUCore.exe [1055872 2011-05-20] (France Telecom SA)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] ()
 
==================== Drivers (Whitelisted) ====================
 
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-05-06] (DT Soft Ltd)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2012-05-15] (Windows ® 2003 DDK 3790 provider)
S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2012-05-15] (Windows ® 2003 DDK 3790 provider)
R2 SGDrv; C:\Windows\System32\DRIVERS\SGdrv64.sys [7680 2011-04-11] (Phoenix Technologies Ltd.)
S3 AthBTPort; system32\DRIVERS\btath_flt.sys [x]
S3 athr; system32\DRIVERS\athrx.sys [x]
S3 BTATH_A2DP; system32\drivers\btath_a2dp.sys [x]
S3 btath_avdt; system32\drivers\btath_avdt.sys [x]
S3 BTATH_BUS; system32\DRIVERS\btath_bus.sys [x]
S3 BTATH_HCRP; system32\DRIVERS\btath_hcrp.sys [x]
S3 BTATH_LWFLT; system32\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP; system32\DRIVERS\btath_rcp.sys [x]
S3 BtFilter; system32\DRIVERS\btfilter.sys [x]
S3 clwvd; system32\DRIVERS\clwvd.sys [x]
S1 qxmukovx; \??\C:\windows\system32\drivers\qxmukovx.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
Error(0) reading file: "C:\Windows\System32\ "
2013-06-10 02:08 - 2013-06-10 02:09 - 01919988 ____A (Farbar) C:\Users\Nikolaj Hansen\Downloads\FRST64.exe
2013-06-10 01:58 - 2013-06-10 02:13 - 00000000 ____D C:\FRST
2013-06-10 01:56 - 2013-06-10 01:56 - 01919988 ____A (Farbar) C:\Users\Nikolaj Hansen\Desktop\FRST64.exe
2013-06-10 01:44 - 2013-06-10 01:46 - 117478104 ____A C:\Users\Nikolaj Hansen\Downloads\avast_free_antivirus_setup.exe
2013-06-10 01:42 - 2013-06-10 01:42 - 00000000 ____D C:\Users\Nikolaj Hansen\AppData\Local\Avg2013
2013-06-10 01:41 - 2013-06-10 01:41 - 00000000 ____D C:\Users\Nikolaj Hansen\Documents\My Received Files
2013-06-10 01:21 - 2013-06-10 01:21 - 00027256 ____A (Symantec Corporation) C:\Windows\System32\Drivers\FixZeroAccess.sys
2013-06-10 01:05 - 2013-06-10 01:06 - 00816128 ____A C:\Users\Nikolaj Hansen\Downloads\RogueKiller.exe
2013-06-10 00:42 - 2013-06-10 00:42 - 05154304 ____A C:\Users\Nikolaj Hansen\Downloads\WindowsDefender.msi
2013-06-10 00:00 - 2013-06-10 00:00 - 00001254 ____A C:\Windows\PFRO.log
2013-06-09 23:54 - 2013-06-09 23:57 - 00001542 ____A C:\FixitRegBackup.reg
2013-06-09 23:51 - 2013-06-09 23:51 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-06-09 23:41 - 2013-06-09 23:41 - 13475464 ____A (Microsoft Corporation) C:\Users\Nikolaj Hansen\Downloads\mseinstall.exe
2013-06-09 21:55 - 2013-06-09 21:55 - 00012879 ____A C:\Users\Nikolaj Hansen\Desktop\Dates rattrapages.odt
2013-06-08 07:45 - 2013-06-08 08:18 - 00000000 ____D C:\Users\Nikolaj Hansen\Downloads\Klovn.DANISH.English.Hardcoded.Subs.Seasons.1-6.Dvdrip.XviD
2013-06-02 00:17 - 2013-06-02 00:59 - 00000000 ____D C:\Users\Nikolaj Hansen\Desktop\Rattrapages
2013-05-28 14:12 - 2013-05-28 14:12 - 00000000 ____D C:\Program Files (x86)\x264 Video Codec
2013-05-23 18:38 - 2013-06-10 01:39 - 00000000 ____D C:\Users\Nikolaj Hansen\AppData\Local\LogMeIn Hamachi
2013-05-23 18:37 - 2013-05-23 18:37 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2013-05-23 18:20 - 2013-03-04 22:06 - 00310688 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-05-23 18:20 - 2013-03-04 22:06 - 00188832 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-05-23 18:20 - 2013-03-04 22:06 - 00188320 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2013-05-23 18:18 - 2013-05-25 19:04 - 00000000 ____D C:\Users\Nikolaj Hansen\AppData\Roaming\.minecraft
2013-05-23 16:32 - 2013-05-23 16:32 - 00000000 ____D C:\Users\Nikolaj Hansen\AppData\Roaming\NCH Software
2013-05-23 16:31 - 2013-05-23 16:31 - 00000000 ____D C:\ProgramData\NCH Software
2013-05-23 16:21 - 2013-05-25 23:40 - 00000000 ____D C:\Users\Nikolaj Hansen\AppData\Roaming\Audacity
2013-05-22 10:44 - 2013-05-22 10:44 - 00000921 ____A C:\Windows\QSFVExit.bat
2013-05-22 10:39 - 2013-05-22 10:39 - 00000000 ____D C:\Program Files\QuickSFV
2013-05-19 22:02 - 2013-06-10 01:37 - 00001456 ____A C:\Windows\setupact.log
2013-05-19 22:02 - 2013-05-19 22:02 - 00000000 ____A C:\Windows\setuperr.log
2013-05-19 12:59 - 2013-04-05 08:52 - 02242048 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-05-19 12:59 - 2013-04-05 08:52 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-05-19 12:59 - 2013-04-05 08:52 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-05-19 12:59 - 2013-04-05 08:50 - 19231232 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-19 12:59 - 2013-04-05 08:50 - 15404032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-05-19 12:59 - 2013-04-05 08:50 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-05-19 12:59 - 2013-04-05 08:50 - 02647552 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-05-19 12:59 - 2013-04-05 08:50 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-05-19 12:59 - 2013-04-05 08:50 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-05-19 12:59 - 2013-04-05 08:50 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-05-19 12:59 - 2013-04-05 08:50 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-05-19 12:59 - 2013-04-05 08:50 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-05-19 12:59 - 2013-04-05 08:50 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-05-19 12:59 - 2013-04-05 08:50 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-05-19 12:59 - 2013-04-05 07:28 - 01767424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-05-19 12:59 - 2013-04-05 07:28 - 01130496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-05-19 12:59 - 2013-04-05 07:26 - 14323712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-05-19 12:59 - 2013-04-05 07:26 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-05-19 12:59 - 2013-04-05 07:26 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-05-19 12:59 - 2013-04-05 07:26 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-05-19 12:59 - 2013-04-05 07:26 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-05-19 12:59 - 2013-04-05 07:26 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-05-19 12:59 - 2013-04-05 07:26 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-05-19 12:59 - 2013-04-05 07:26 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-05-19 12:59 - 2013-04-05 07:26 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-05-19 12:59 - 2013-04-05 07:26 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-05-19 12:59 - 2013-04-05 07:26 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-05-19 12:59 - 2013-04-05 06:43 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-05-19 12:59 - 2013-04-05 06:29 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-05-19 12:59 - 2013-04-05 05:51 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-05-19 12:59 - 2013-04-05 05:38 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-05-18 23:24 - 2013-05-22 10:44 - 00000000 ____D C:\Users\Nikolaj Hansen\AppData\Roaming\Octoshape
2013-05-16 08:27 - 2013-04-10 08:01 - 00983400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-05-16 08:27 - 2013-04-10 08:01 - 00265064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2013-05-16 08:27 - 2011-02-03 13:25 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
2013-05-16 08:26 - 2013-04-10 05:30 - 03153920 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-05-16 08:26 - 2013-03-19 07:53 - 00230400 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll
2013-05-16 08:26 - 2013-03-19 07:53 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll
2013-05-16 08:26 - 2013-02-27 08:02 - 00111448 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe
2013-05-16 08:26 - 2013-02-27 07:52 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-05-16 08:26 - 2013-02-27 07:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2013-05-16 08:26 - 2013-02-27 07:48 - 01930752 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-05-16 08:26 - 2013-02-27 07:47 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll
2013-05-16 08:26 - 2013-02-27 06:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-05-16 08:26 - 2013-02-27 06:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-05-16 08:26 - 2013-02-27 06:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-05-13 00:34 - 2013-05-13 00:40 - 00000000 ____D C:\Users\Nikolaj Hansen\AppData\Roaming\Bioshock2
 
==================== One Month Modified Files and Folders =======
 
2013-06-10 02:13 - 2013-06-10 01:58 - 00000000 ____D C:\FRST
2013-06-10 02:09 - 2013-06-10 02:08 - 01919988 ____A (Farbar) C:\Users\Nikolaj Hansen\Downloads\FRST64.exe
2013-06-10 01:56 - 2013-06-10 01:56 - 01919988 ____A (Farbar) C:\Users\Nikolaj Hansen\Desktop\FRST64.exe
2013-06-10 01:48 - 2013-03-21 17:24 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-10 01:48 - 2012-10-12 22:39 - 00000000 ____A C:\Windows\SysWOW64\config.nt
2013-06-10 01:48 - 2012-10-12 22:38 - 00000000 ____D C:\ProgramData\AVAST Software
2013-06-10 01:48 - 2012-10-12 22:38 - 00000000 ____D C:\Program Files\AVAST Software
2013-06-10 01:48 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2013-06-10 01:46 - 2013-06-10 01:44 - 117478104 ____A C:\Users\Nikolaj Hansen\Downloads\avast_free_antivirus_setup.exe
2013-06-10 01:45 - 2009-07-14 06:45 - 00021200 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-10 01:45 - 2009-07-14 06:45 - 00021200 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-10 01:42 - 2013-06-10 01:42 - 00000000 ____D C:\Users\Nikolaj Hansen\AppData\Local\Avg2013
2013-06-10 01:41 - 2013-06-10 01:41 - 00000000 ____D C:\Users\Nikolaj Hansen\Documents\My Received Files
2013-06-10 01:41 - 2012-03-09 00:10 - 01449991 ____A C:\Windows\WindowsUpdate.log
2013-06-10 01:39 - 2013-05-23 18:38 - 00000000 ____D C:\Users\Nikolaj Hansen\AppData\Local\LogMeIn Hamachi
2013-06-10 01:38 - 2012-10-13 03:46 - 00000944 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-10 01:37 - 2013-05-19 22:02 - 00001456 ____A C:\Windows\setupact.log
2013-06-10 01:37 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-10 01:32 - 2012-10-13 03:46 - 00000948 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-10 01:22 - 2009-07-14 07:08 - 00032608 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-06-10 01:21 - 2013-06-10 01:21 - 00027256 ____A (Symantec Corporation) C:\Windows\System32\Drivers\FixZeroAccess.sys
2013-06-10 01:06 - 2013-06-10 01:05 - 00816128 ____A C:\Users\Nikolaj Hansen\Downloads\RogueKiller.exe
2013-06-10 00:48 - 2013-04-23 23:20 - 00002150 ____A C:\Windows\epplauncher.mif
2013-06-10 00:42 - 2013-06-10 00:42 - 05154304 ____A C:\Users\Nikolaj Hansen\Downloads\WindowsDefender.msi
2013-06-10 00:11 - 2013-05-04 15:53 - 00000000 ____D C:\Program Files (x86)\hdvidcodec.com
2013-06-10 00:00 - 2013-06-10 00:00 - 00001254 ____A C:\Windows\PFRO.log
2013-06-09 23:57 - 2013-06-09 23:54 - 00001542 ____A C:\FixitRegBackup.reg
2013-06-09 23:51 - 2013-06-09 23:51 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-06-09 23:51 - 2013-04-23 23:20 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-06-09 23:41 - 2013-06-09 23:41 - 13475464 ____A (Microsoft Corporation) C:\Users\Nikolaj Hansen\Downloads\mseinstall.exe
2013-06-09 23:37 - 2012-11-07 19:31 - 00000000 ____D C:\Games
2013-06-09 21:55 - 2013-06-09 21:55 - 00012879 ____A C:\Users\Nikolaj Hansen\Desktop\Dates rattrapages.odt
2013-06-09 18:16 - 2013-04-27 14:37 - 00000000 ____D C:\Users\Nikolaj Hansen\AppData\Roaming\vlc
2013-06-08 20:24 - 2012-10-12 22:57 - 00000000 ____D C:\Users\Nikolaj Hansen\AppData\Roaming\Spotify
2013-06-08 17:55 - 2013-02-02 21:41 - 00000000 ____D C:\Users\Nikolaj Hansen\AppData\Roaming\BitTorrent
2013-06-08 08:18 - 2013-06-08 07:45 - 00000000 ____D C:\Users\Nikolaj Hansen\Downloads\Klovn.DANISH.English.Hardcoded.Subs.Seasons.1-6.Dvdrip.XviD
2013-06-06 17:15 - 2012-10-12 22:59 - 00000000 ____D C:\Users\Nikolaj Hansen\AppData\Local\Spotify
2013-06-03 21:20 - 2012-11-01 19:55 - 00846022 ____A C:\Users\Nikolaj Hansen\danid.log
2013-06-02 00:59 - 2013-06-02 00:17 - 00000000 ____D C:\Users\Nikolaj Hansen\Desktop\Rattrapages
2013-06-01 17:10 - 2012-10-13 04:24 - 00000000 ____D C:\Users\Nikolaj Hansen\AppData\Roaming\Skype
2013-05-28 14:13 - 2009-07-14 01:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe
2013-05-28 14:12 - 2013-05-28 14:12 - 00000000 ____D C:\Program Files (x86)\x264 Video Codec
2013-05-25 23:40 - 2013-05-23 16:21 - 00000000 ____D C:\Users\Nikolaj Hansen\AppData\Roaming\Audacity
2013-05-25 19:04 - 2013-05-23 18:18 - 00000000 ____D C:\Users\Nikolaj Hansen\AppData\Roaming\.minecraft
2013-05-23 18:37 - 2013-05-23 18:37 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2013-05-23 18:19 - 2013-03-04 22:06 - 00000000 ____D C:\Program Files\Java
2013-05-23 16:32 - 2013-05-23 16:32 - 00000000 ____D C:\Users\Nikolaj Hansen\AppData\Roaming\NCH Software
2013-05-23 16:31 - 2013-05-23 16:31 - 00000000 ____D C:\ProgramData\NCH Software
2013-05-22 10:44 - 2013-05-22 10:44 - 00000921 ____A C:\Windows\QSFVExit.bat
2013-05-22 10:44 - 2013-05-18 23:24 - 00000000 ____D C:\Users\Nikolaj Hansen\AppData\Roaming\Octoshape
2013-05-22 10:39 - 2013-05-22 10:39 - 00000000 ____D C:\Program Files\QuickSFV
2013-05-20 17:22 - 2012-11-10 11:44 - 00000000 ____D C:\Users\Nikolaj Hansen\AppData\Roaming\Bioshock
2013-05-20 16:33 - 2012-10-12 22:39 - 00000000 ____D C:\Users\Nikolaj Hansen\AppData\Local\CrashDumps
2013-05-19 22:02 - 2013-05-19 22:02 - 00000000 ____A C:\Windows\setuperr.log
2013-05-19 19:06 - 2012-10-15 21:40 - 00022114 ____A C:\Users\Nikolaj Hansen\Documents\CCCleaner registries.reg
2013-05-19 19:03 - 2012-10-13 20:52 - 00000000 ____D C:\Users\Nikolaj Hansen\AppData\Roaming\DAEMON Tools Lite
2013-05-19 18:51 - 2011-02-11 21:57 - 00000000 ____D C:\Windows\Panther
2013-05-19 18:31 - 2009-07-14 06:45 - 04933096 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-19 18:27 - 2012-11-15 15:53 - 00000000 ____D C:\Users\Nikolaj Hansen\AppData\Local\SKIDROW
2013-05-19 13:04 - 2012-10-13 17:08 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-05-19 13:02 - 2009-07-14 07:13 - 00806788 ____A C:\Windows\System32\PerfStringBackup.INI
2013-05-18 23:24 - 2012-10-13 18:38 - 00000000 ____D C:\Users\Nikolaj Hansen\AppData\Roaming\Mozilla
2013-05-15 20:49 - 2013-03-21 17:24 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-05-15 20:49 - 2013-03-21 17:24 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-05-13 00:40 - 2013-05-13 00:34 - 00000000 ____D C:\Users\Nikolaj Hansen\AppData\Roaming\Bioshock2
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
C:\Program Files\Microsoft Security Client\MsMpEng.exe => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Microsoft Security Client
 
 
LastRegBack: 2013-06-03 13:39
 
==================== End Of Log ============================

 



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:26 PM

Posted 09 June 2013 - 10:28 PM


Hello nikolajlh

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 nikolajlh

nikolajlh
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:26 PM

Posted 10 June 2013 - 02:15 AM

You guys are the best period :). I did everything you told me and Windows Defender works perfectly now. 

 

I had no problems whatsoever running ComboFix and I will post the log further down just in case you want to check it out.

 

But, really, thank you so much for helping me with this problem. I will definately recommend this site to any of my friends should they ever need support with anything cause your response was swift, detailing and most it importantly it worked like a charm!

 

Thank you so much for your aid and god bless.

 

Best regards,

 

Nikolaj

 

EDIT: Windows Defender still works fine, although I still can't intall MSE. It keeps giving the error message:

 

Cannot complete the Security Essentials installation

 

an error has prevented the Security Essentials setup wizard from completing succesfully. Please restart your  computer and try again.

 

Error code: 0x80070643

 

Anything to do here?

 

----------------------------------------------

 

ComboFix 13-06-08.02 - Nikolaj Hansen 10-Jun-13   9:02.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4010.2860 [GMT 2:00]
Running from: c:\users\Nikolaj Hansen\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2013-05-10 to 2013-06-10  )))))))))))))))))))))))))))))))
.
.
2013-06-10 07:08 . 2013-06-10 07:08 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-06-10 07:08 . 2013-06-10 07:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-06-09 23:58 . 2013-06-10 00:13 -------- d-----w- C:\FRST
2013-06-09 23:42 . 2013-06-09 23:42 -------- d-----w- c:\users\Nikolaj Hansen\AppData\Local\Avg2013
2013-06-09 23:21 . 2013-06-09 23:21 27256 ----a-w- c:\windows\system32\drivers\FixZeroAccess.sys
2013-06-09 21:54 . 2013-06-09 21:57 1542 ----a-w- C:\FixitRegBackup.reg
2013-06-09 21:51 . 2013-06-09 21:51 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2013-05-28 12:12 . 2013-05-28 12:12 225280 ----a-w- c:\programdata\Microsoft\Media Tools\MediaIconsOverlays.dll
2013-05-28 12:12 . 2013-05-28 12:12 -------- d-----w- c:\program files (x86)\x264 Video Codec
2013-05-23 16:38 . 2013-06-10 06:18 -------- d-----w- c:\users\Nikolaj Hansen\AppData\Local\LogMeIn Hamachi
2013-05-23 16:37 . 2013-05-23 16:37 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2013-05-23 16:20 . 2013-03-04 20:06 310688 ----a-w- c:\windows\system32\javaws.exe
2013-05-23 16:20 . 2013-03-04 20:06 188832 ----a-w- c:\windows\system32\javaw.exe
2013-05-23 16:20 . 2013-03-04 20:06 188320 ----a-w- c:\windows\system32\java.exe
2013-05-23 16:18 . 2013-05-25 17:04 -------- d-----w- c:\users\Nikolaj Hansen\AppData\Roaming\.minecraft
2013-05-23 14:32 . 2013-05-23 14:32 -------- d-----w- c:\users\Nikolaj Hansen\AppData\Roaming\NCH Software
2013-05-23 14:31 . 2013-05-23 14:31 -------- d-----w- c:\programdata\NCH Software
2013-05-23 14:21 . 2013-05-25 21:40 -------- d-----w- c:\users\Nikolaj Hansen\AppData\Roaming\Audacity
2013-05-22 08:44 . 2013-05-22 08:44 921 ----a-w- c:\windows\QSFVExit.bat
2013-05-22 08:39 . 2013-05-22 08:39 -------- d-----w- c:\program files\QuickSFV
2013-05-18 21:24 . 2013-05-22 08:44 -------- d-----w- c:\users\Nikolaj Hansen\AppData\Roaming\Octoshape
2013-05-16 06:27 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-05-16 06:27 . 2013-04-10 06:01 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-05-16 06:27 . 2011-02-03 11:25 144384 ----a-w- c:\windows\system32\cdd.dll
2013-05-16 06:26 . 2013-02-27 05:52 14172672 ----a-w- c:\windows\system32\shell32.dll
2013-05-16 06:26 . 2013-02-27 05:48 1930752 ----a-w- c:\windows\system32\authui.dll
2013-05-16 06:26 . 2013-02-27 05:52 197120 ----a-w- c:\windows\system32\shdocvw.dll
2013-05-16 06:26 . 2013-02-27 06:02 111448 ----a-w- c:\windows\system32\consent.exe
2013-05-16 06:26 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\SysWow64\authui.dll
2013-05-16 06:26 . 2013-02-27 05:47 70144 ----a-w- c:\windows\system32\appinfo.dll
2013-05-16 06:26 . 2013-04-10 03:30 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-05-16 06:26 . 2013-03-19 05:53 48640 ----a-w- c:\windows\system32\wwanprotdim.dll
2013-05-16 06:26 . 2013-03-19 05:53 230400 ----a-w- c:\windows\system32\wwansvc.dll
2013-05-12 22:34 . 2013-05-12 22:40 -------- d-----w- c:\users\Nikolaj Hansen\AppData\Roaming\Bioshock2
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-28 12:13 . 2009-07-13 23:19 328704 ----a-w- c:\windows\system32\services.exe
2013-05-19 11:04 . 2012-10-13 15:08 75016696 ----a-w- c:\windows\system32\MRT.exe
2013-05-15 18:49 . 2013-03-21 15:24 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-15 18:49 . 2013-03-21 15:24 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-12 07:16 . 2011-03-28 09:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-09 08:58 . 2012-10-12 20:39 287840 ----a-w- c:\windows\system32\aswBoot.exe
2013-05-06 08:51 . 2013-05-06 08:51 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2013-05-02 15:29 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-04-23 06:09 . 2013-04-23 06:09 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-23 06:09 . 2012-10-23 18:45 866720 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-04-23 06:09 . 2012-10-23 18:45 788896 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-04-13 05:49 . 2013-05-16 06:27 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-16 06:27 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-16 06:27 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-16 06:27 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-16 06:27 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-16 06:27 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-24 11:01 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-10 03:46 . 2013-04-23 13:13 9317456 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BFF6B3AC-EAB7-4D92-80B8-883FA9FAB3E9}\mpengine.dll
2013-03-28 16:48 . 2013-03-28 16:48 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-03-28 16:48 . 2013-03-28 16:48 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-03-28 16:48 . 2013-03-28 16:48 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-03-28 16:48 . 2013-03-28 16:48 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-03-28 16:48 . 2013-03-28 16:48 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-03-28 16:48 . 2013-03-28 16:48 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-03-28 16:48 . 2013-03-28 16:48 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-03-28 16:48 . 2013-03-28 16:48 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-03-28 16:48 . 2013-03-28 16:48 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-03-28 16:48 . 2013-03-28 16:48 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-03-28 16:48 . 2013-03-28 16:48 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-03-28 16:48 . 2013-03-28 16:48 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-03-28 16:48 . 2013-03-28 16:48 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-03-28 16:48 . 2013-03-28 16:48 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-03-28 16:48 . 2013-03-28 16:48 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-03-28 16:48 . 2013-03-28 16:48 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-03-28 16:48 . 2013-03-28 16:48 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-03-28 16:48 . 2013-03-28 16:48 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-03-28 16:48 . 2013-03-28 16:48 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-03-28 16:48 . 2013-03-28 16:48 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-03-28 16:48 . 2013-03-28 16:48 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-03-28 16:48 . 2013-03-28 16:48 81408 ----a-w- c:\windows\system32\icardie.dll
2013-03-28 16:48 . 2013-03-28 16:48 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-03-28 16:48 . 2013-03-28 16:48 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-03-28 16:48 . 2013-03-28 16:48 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-03-28 16:48 . 2013-03-28 16:48 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-03-28 16:48 . 2013-03-28 16:48 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-03-28 16:48 . 2013-03-28 16:48 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-03-28 16:48 . 2013-03-28 16:48 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-03-28 16:48 . 2013-03-28 16:48 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-03-28 16:48 . 2013-03-28 16:48 441856 ----a-w- c:\windows\system32\html.iec
2013-03-28 16:48 . 2013-03-28 16:48 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-03-28 16:48 . 2013-03-28 16:48 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-03-28 16:48 . 2013-03-28 16:48 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-03-28 16:48 . 2013-03-28 16:48 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-03-28 16:48 . 2013-03-28 16:48 235008 ----a-w- c:\windows\system32\url.dll
2013-03-28 16:48 . 2013-03-28 16:48 216064 ----a-w- c:\windows\system32\msls31.dll
2013-03-28 16:48 . 2013-03-28 16:48 197120 ----a-w- c:\windows\system32\msrating.dll
2013-03-28 16:48 . 2013-03-28 16:48 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-03-28 16:48 . 2013-03-28 16:48 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-03-28 16:48 . 2013-03-28 16:48 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-03-28 16:48 . 2013-03-28 16:48 149504 ----a-w- c:\windows\system32\occache.dll
2013-03-28 16:48 . 2013-03-28 16:48 144896 ----a-w- c:\windows\system32\wextract.exe
2013-03-28 16:48 . 2013-03-28 16:48 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-03-28 16:48 . 2013-03-28 16:48 13824 ----a-w- c:\windows\system32\mshta.exe
2013-03-28 16:48 . 2013-03-28 16:48 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-03-28 16:48 . 2013-03-28 16:48 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-03-28 16:48 . 2013-03-28 16:48 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-03-28 16:48 . 2013-03-28 16:48 102912 ----a-w- c:\windows\system32\inseng.dll
2013-03-23 01:09 . 2013-03-23 01:09 354656 ----a-w- c:\windows\SysWow64\DivXControlPanelApplet.cpl
2013-03-19 06:04 . 2013-04-10 06:32 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-10 06:32 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-10 06:32 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 06:32 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-10 06:32 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-10 06:32 112640 ----a-w- c:\windows\system32\smss.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{0F6E720A-1A6B-40E1-A294-1D4D19F156C8}]
2011-06-10 06:24 165256 ----a-w- c:\program files (x86)\SFR\Kit\SFRNavErrorHelper.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Connexion SFR 9props.exe"="c:\program files (x86)\SFR\Kit\9props.exe" [2011-06-10 959880]
"Spotify Web Helper"="c:\users\Nikolaj Hansen\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-06-06 1104384]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-03-14 3672640]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2013-05-15 2255184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 qxmukovx;qxmukovx;c:\windows\system32\drivers\qxmukovx.sys;c:\windows\SYSNATIVE\drivers\qxmukovx.sys [x]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Orange update Core Service;Orange update Core Service;c:\program files (x86)\Orange\OrangeUpdate\Service\OUCore.exe;c:\program files (x86)\Orange\OrangeUpdate\Service\OUCore.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
R3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]
R3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys;c:\windows\SYSNATIVE\Drivers\SABI.sys [x]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]
S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
S2 SGDrv;SGDrv;c:\windows\system32\DRIVERS\SGdrv64.sys;c:\windows\SYSNATIVE\DRIVERS\SGdrv64.sys [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
S3 btmaudio;Intel Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys;c:\windows\SYSNATIVE\drivers\btmaud.sys [x]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-06 20:32 1165776 ----a-w- c:\program files (x86)\Google\Chrome\Application\27.0.1453.110\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-21 18:49]
.
2013-06-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-13 01:46]
.
2013-06-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-13 01:46]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-04-16 14:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-04-16 14:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-04-16 14:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-04-16 14:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-07-12 12558440]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-07-18 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-07-18 391960]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-07-18 418584]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-11-14 10358784]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: ajouter cette page à vos favoris Orange - c:\users\Nikolaj Hansen\AppData\Roaming\Orange\OrangeInside\src\addfavorites_html\addfavorites.html
IE: envoyer le texte sélectionné par sms - c:\users\Nikolaj Hansen\AppData\Roaming\Orange\OrangeInside\src\sendsmsselectedtext_html\sendsmsselectedtext.html
IE: envoyer par sms - c:\users\Nikolaj Hansen\AppData\Roaming\Orange\OrangeInside\src\sendsms_html\sendsms.html
IE: envoyer un mail - c:\users\Nikolaj Hansen\AppData\Roaming\Orange\OrangeInside\src\sendmail_html\sendmail.html
IE: orange.fr - c:\users\Nikolaj Hansen\AppData\Roaming\Orange\OrangeInside\src\orange_html\orange.html
IE: rechercher le texte sélectionné - c:\users\Nikolaj Hansen\AppData\Roaming\Orange\OrangeInside\src\selectedsearch_html\selectedsearch.html
IE: traduire la page - c:\users\Nikolaj Hansen\AppData\Roaming\Orange\OrangeInside\src\translate_html\translate.html
IE: traduire le texte sélectionné - c:\users\Nikolaj Hansen\AppData\Roaming\Orange\OrangeInside\src\translateSelectedText_html\translateSelectedText.html
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{7473b6bd-4691-4744-a82b-7854eb3d70b6} - (no file)
URLSearchHooks-{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} - (no file)
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
SafeBoot-10796499.sys
SafeBoot-90026402.sys
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{1EC23CFF-4C58-458f-924C-8519AEF61B32} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-06-10  09:09:59
ComboFix-quarantined-files.txt  2013-06-10 07:09
.
Pre-Run: 135,083,458,560 bytes free
Post-Run: 134,849,814,528 bytes free
.
- - End Of File - - 563F989DB0EDD34AB5091A2985074693
D41D8CD98F00B204E9800998ECF8427E

Edited by nikolajlh, 10 June 2013 - 02:23 AM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:26 PM

Posted 10 June 2013 - 03:11 AM


Hello nikolajlh



Please download Farbar Recovery Scan Tool and save it to your desktop.


Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 nikolajlh

nikolajlh
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:26 PM

Posted 10 June 2013 - 06:05 AM

Okay here's the result from the FRST scan:

 

PS. I also included an additional scan and log it made.

 

---------------------------

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-06-2013
Ran by Nikolaj Hansen (administrator) on 10-06-2013 13:02:39
Running from C:\Users\Nikolaj Hansen\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(NVIDIA Corporation) C:\windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Juniper Networks) C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(SFR) C:\Program Files (x86)\SFR\Kit\9props.exe
(Spotify Ltd) C:\Users\Nikolaj Hansen\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [12558440 2011-07-12] (Realtek Semiconductor)
HKLM\...\Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp [10358784 2011-11-14] (Intel Corporation)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2784552 2011-05-13] (Synaptics Incorporated)
HKCU\...\Run: [Connexion SFR 9props.exe] "C:\Program Files (x86)\SFR\Kit\9props.exe" /trayicon [959880 2011-06-10] (SFR)
HKCU\...\Run: [Spotify Web Helper] "C:\Users\Nikolaj Hansen\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [1104384 2013-06-06] (Spotify Ltd)
HKCU\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [3672640 2013-03-14] (Disc Soft Ltd)
HKLM-x32\...\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [2255184 2013-05-15] (LogMeIn Inc.)
HKU\Default\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [x]
HKU\Default User\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [x]
AppInit_DLLs: C:\Windows\System32\nvinitx.dll [226920 2011-06-05] (NVIDIA Corporation)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Objet d'aide à la navigation SFR - {0F6E720A-1A6B-40E1-A294-1D4D19F156C8} - C:\Program Files (x86)\SFR\Kit\SFRNavErrorHelper.dll (SFR)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: No Name - {1d970ed5-3eda-438d-bffd-715931e2775b} -  No File
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} https://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 01 %SystemRoot%\System32\mswsock.dll [232448] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 %SystemRoot%\System32\mswsock.dll [326144] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Nikolaj Hansen\AppData\Roaming\Mozilla\Firefox\Profiles\user.js
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
Chrome: 
=======
 
==================== Services (Whitelisted) =================
 
S2 Orange update Core Service; C:\Program Files (x86)\Orange\OrangeUpdate\Service\OUCore.exe [1055872 2011-05-20] (France Telecom SA)
 
==================== Drivers (Whitelisted) ====================
 
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-05-06] (DT Soft Ltd)
S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2012-05-15] (Windows ® 2003 DDK 3790 provider)
S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2012-05-15] (Windows ® 2003 DDK 3790 provider)
R2 SGDrv; C:\Windows\System32\DRIVERS\SGdrv64.sys [7680 2011-04-11] (Phoenix Technologies Ltd.)
S3 AthBTPort; system32\DRIVERS\btath_flt.sys [x]
S3 athr; system32\DRIVERS\athrx.sys [x]
S3 BTATH_A2DP; system32\drivers\btath_a2dp.sys [x]
S3 btath_avdt; system32\drivers\btath_avdt.sys [x]
S3 BTATH_BUS; system32\DRIVERS\btath_bus.sys [x]
S3 BTATH_HCRP; system32\DRIVERS\btath_hcrp.sys [x]
S3 BTATH_LWFLT; system32\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP; system32\DRIVERS\btath_rcp.sys [x]
S3 BtFilter; system32\DRIVERS\btfilter.sys [x]
S3 clwvd; system32\DRIVERS\clwvd.sys [x]
S1 qxmukovx; \??\C:\windows\system32\drivers\qxmukovx.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
Error(0) reading file: "C:\Windows\System32\ "
2013-06-10 13:02 - 2013-06-10 13:02 - 00000000 ____D C:\FRST
2013-06-10 13:01 - 2013-06-10 13:01 - 01919988 ____A (Farbar) C:\Users\Nikolaj Hansen\Downloads\FRST64.exe
2013-06-10 10:16 - 2013-06-10 10:16 - 00071976 ____A C:\Users\Nikolaj Hansen\AppData\Local\GDIPFONTCACHEV1.DAT
2013-06-10 10:02 - 2013-06-10 10:02 - 00000000 ____D C:\58fa6e60d89f8f5b03
2013-06-10 09:44 - 2013-06-10 09:45 - 00000000 ____D C:\20f6601554f23fcbc0
2013-06-10 09:37 - 2013-06-10 09:38 - 00000000 ____D C:\bf0e9b58d1438ab04e94edaae63b2c1a
2013-06-10 09:09 - 2013-06-10 09:09 - 00027743 ____A C:\ComboFix.txt
2013-06-10 09:01 - 2013-06-10 09:48 - 00000000 ____D C:\Qoobox
2013-06-10 09:01 - 2011-06-26 08:45 - 00256000 ____A C:\Windows\PEV.exe
2013-06-10 09:01 - 2010-11-07 19:20 - 00208896 ____A C:\Windows\MBR.exe
2013-06-10 09:01 - 2009-04-20 06:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-06-10 09:01 - 2000-08-31 02:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-06-10 09:01 - 2000-08-31 02:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-06-10 09:01 - 2000-08-31 02:00 - 00098816 ____A C:\Windows\sed.exe
2013-06-10 09:01 - 2000-08-31 02:00 - 00080412 ____A C:\Windows\grep.exe
2013-06-10 09:01 - 2000-08-31 02:00 - 00068096 ____A C:\Windows\zip.exe
2013-06-10 09:00 - 2013-06-10 09:08 - 00000000 ____D C:\Windows\erdnt
2013-06-10 01:42 - 2013-06-10 01:42 - 00000000 ____D C:\Users\Nikolaj Hansen\AppData\Local\Avg2013
2013-06-10 01:41 - 2013-06-10 01:41 - 00000000 ____D C:\Users\Nikolaj Hansen\Documents\My Received Files
2013-06-10 01:21 - 2013-06-10 01:21 - 00027256 ____A (Symantec Corporation) C:\Windows\System32\Drivers\FixZeroAccess.sys
2013-06-09 23:54 - 2013-06-09 23:57 - 00001542 ____A C:\FixitRegBackup.reg
2013-06-09 23:41 - 2013-06-09 23:41 - 13475464 ____A (Microsoft Corporation) C:\Users\Nikolaj Hansen\Downloads\mseinstall.exe
2013-06-09 21:55 - 2013-06-09 21:55 - 00012879 ____A C:\Users\Nikolaj Hansen\Desktop\Dates rattrapages.odt
2013-06-08 07:45 - 2013-06-08 08:18 - 00000000 ____D C:\Users\Nikolaj Hansen\Downloads\Klovn.DANISH.English.Hardcoded.Subs.Seasons.1-6.Dvdrip.XviD
2013-06-02 00:17 - 2013-06-02 00:59 - 00000000 ____D C:\Users\Nikolaj Hansen\Desktop\Rattrapages
2013-05-28 14:12 - 2013-05-28 14:12 - 00000000 ____D C:\Program Files (x86)\x264 Video Codec
2013-05-23 18:38 - 2013-06-10 09:59 - 00000000 ____D C:\Users\Nikolaj Hansen\AppData\Local\LogMeIn Hamachi
2013-05-23 18:37 - 2013-05-23 18:37 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2013-05-23 18:20 - 2013-03-04 22:06 - 00310688 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-05-23 18:20 - 2013-03-04 22:06 - 00188832 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-05-23 18:20 - 2013-03-04 22:06 - 00188320 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2013-05-23 18:18 - 2013-05-25 19:04 - 00000000 ____D C:\Users\Nikolaj Hansen\AppData\Roaming\.minecraft
2013-05-23 16:32 - 2013-05-23 16:32 - 00000000 ____D C:\Users\Nikolaj Hansen\AppData\Roaming\NCH Software
2013-05-23 16:31 - 2013-05-23 16:31 - 00000000 ____D C:\ProgramData\NCH Software
2013-05-23 16:21 - 2013-05-25 23:40 - 00000000 ____D C:\Users\Nikolaj Hansen\AppData\Roaming\Audacity
2013-05-22 10:44 - 2013-05-22 10:44 - 00000921 ____A C:\Windows\QSFVExit.bat
2013-05-22 10:39 - 2013-05-22 10:39 - 00000000 ____D C:\Program Files\QuickSFV
2013-05-19 12:59 - 2013-04-05 08:52 - 02242048 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-05-19 12:59 - 2013-04-05 08:52 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-05-19 12:59 - 2013-04-05 08:52 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-05-19 12:59 - 2013-04-05 08:50 - 19231232 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-19 12:59 - 2013-04-05 08:50 - 15404032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-05-19 12:59 - 2013-04-05 08:50 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-05-19 12:59 - 2013-04-05 08:50 - 02647552 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-05-19 12:59 - 2013-04-05 08:50 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-05-19 12:59 - 2013-04-05 08:50 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-05-19 12:59 - 2013-04-05 08:50 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-05-19 12:59 - 2013-04-05 08:50 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-05-19 12:59 - 2013-04-05 08:50 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-05-19 12:59 - 2013-04-05 08:50 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-05-19 12:59 - 2013-04-05 08:50 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-05-19 12:59 - 2013-04-05 07:28 - 01767424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-05-19 12:59 - 2013-04-05 07:28 - 01130496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-05-19 12:59 - 2013-04-05 07:26 - 14323712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-05-19 12:59 - 2013-04-05 07:26 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-05-19 12:59 - 2013-04-05 07:26 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-05-19 12:59 - 2013-04-05 07:26 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-05-19 12:59 - 2013-04-05 07:26 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-05-19 12:59 - 2013-04-05 07:26 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-05-19 12:59 - 2013-04-05 07:26 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-05-19 12:59 - 2013-04-05 07:26 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-05-19 12:59 - 2013-04-05 07:26 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-05-19 12:59 - 2013-04-05 07:26 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-05-19 12:59 - 2013-04-05 07:26 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-05-19 12:59 - 2013-04-05 06:43 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-05-19 12:59 - 2013-04-05 06:29 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-05-19 12:59 - 2013-04-05 05:51 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-05-19 12:59 - 2013-04-05 05:38 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-05-18 23:24 - 2013-05-22 10:44 - 00000000 ____D C:\Users\Nikolaj Hansen\AppData\Roaming\Octoshape
2013-05-16 08:27 - 2013-04-10 08:01 - 00983400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-05-16 08:27 - 2013-04-10 08:01 - 00265064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2013-05-16 08:27 - 2011-02-03 13:25 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
2013-05-16 08:26 - 2013-04-10 05:30 - 03153920 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-05-16 08:26 - 2013-03-19 07:53 - 00230400 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll
2013-05-16 08:26 - 2013-03-19 07:53 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll
2013-05-16 08:26 - 2013-02-27 08:02 - 00111448 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe
2013-05-16 08:26 - 2013-02-27 07:52 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-05-16 08:26 - 2013-02-27 07:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2013-05-16 08:26 - 2013-02-27 07:48 - 01930752 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-05-16 08:26 - 2013-02-27 07:47 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll
2013-05-16 08:26 - 2013-02-27 06:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-05-16 08:26 - 2013-02-27 06:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-05-16 08:26 - 2013-02-27 06:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-05-13 00:34 - 2013-05-13 00:40 - 00000000 ____D C:\Users\Nikolaj Hansen\AppData\Roaming\Bioshock2
 
==================== One Month Modified Files and Folders =======
 
2013-06-10 13:02 - 2013-06-10 13:02 - 00000000 ____D C:\FRST
2013-06-10 13:01 - 2013-06-10 13:01 - 01919988 ____A (Farbar) C:\Users\Nikolaj Hansen\Downloads\FRST64.exe
2013-06-10 12:52 - 2012-03-09 00:10 - 01481230 ____A C:\Windows\WindowsUpdate.log
2013-06-10 12:48 - 2013-03-21 17:24 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-10 12:32 - 2012-10-13 03:46 - 00000948 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-10 10:16 - 2013-06-10 10:16 - 00071976 ____A C:\Users\Nikolaj Hansen\AppData\Local\GDIPFONTCACHEV1.DAT
2013-06-10 10:02 - 2013-06-10 10:02 - 00000000 ____D C:\58fa6e60d89f8f5b03
2013-06-10 10:02 - 2013-04-23 23:20 - 00002115 ____A C:\Windows\epplauncher.mif
2013-06-10 10:01 - 2012-10-15 21:40 - 00046422 ____A C:\Users\Nikolaj Hansen\Documents\CCCleaner registries.reg
2013-06-10 09:59 - 2013-05-23 18:38 - 00000000 ____D C:\Users\Nikolaj Hansen\AppData\Local\LogMeIn Hamachi
2013-06-10 09:59 - 2013-02-02 21:41 - 00000000 ____D C:\Users\Nikolaj Hansen\AppData\Roaming\BitTorrent
2013-06-10 09:58 - 2012-10-12 22:39 - 00000000 ____D C:\Users\Nikolaj Hansen\AppData\Local\CrashDumps
2013-06-10 09:55 - 2012-10-14 12:51 - 00000000 ____D C:\Program Files (x86)\CC-Cleaner
2013-06-10 09:48 - 2013-06-10 09:01 - 00000000 ____D C:\Qoobox
2013-06-10 09:45 - 2013-06-10 09:44 - 00000000 ____D C:\20f6601554f23fcbc0
2013-06-10 09:44 - 2009-07-14 06:45 - 00021200 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-10 09:44 - 2009-07-14 06:45 - 00021200 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-10 09:38 - 2013-06-10 09:37 - 00000000 ____D C:\bf0e9b58d1438ab04e94edaae63b2c1a
2013-06-10 09:36 - 2012-10-13 03:46 - 00000944 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-10 09:36 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-10 09:10 - 2009-07-14 05:20 - 00000000 __RHD C:\users\Default
2013-06-10 09:09 - 2013-06-10 09:09 - 00027743 ____A C:\ComboFix.txt
2013-06-10 09:08 - 2013-06-10 09:00 - 00000000 ____D C:\Windows\erdnt
2013-06-10 09:08 - 2009-07-14 04:34 - 00000215 ____A C:\Windows\system.ini
2013-06-10 08:59 - 2013-04-27 14:37 - 00000000 ____D C:\Users\Nikolaj Hansen\AppData\Roaming\vlc
2013-06-10 08:22 - 2012-10-24 17:36 - 00000000 ___SD C:\Users\Nikolaj Hansen\Google Drive
2013-06-10 01:48 - 2012-10-12 22:39 - 00000000 ____A C:\Windows\SysWOW64\config.nt
2013-06-10 01:48 - 2012-10-12 22:38 - 00000000 ____D C:\Program Files\AVAST Software
2013-06-10 01:48 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2013-06-10 01:42 - 2013-06-10 01:42 - 00000000 ____D C:\Users\Nikolaj Hansen\AppData\Local\Avg2013
2013-06-10 01:41 - 2013-06-10 01:41 - 00000000 ____D C:\Users\Nikolaj Hansen\Documents\My Received Files
2013-06-10 01:22 - 2009-07-14 07:08 - 00032608 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-06-10 01:21 - 2013-06-10 01:21 - 00027256 ____A (Symantec Corporation) C:\Windows\System32\Drivers\FixZeroAccess.sys
2013-06-10 00:11 - 2013-05-04 15:53 - 00000000 ____D C:\Program Files (x86)\hdvidcodec.com
2013-06-09 23:57 - 2013-06-09 23:54 - 00001542 ____A C:\FixitRegBackup.reg
2013-06-09 23:41 - 2013-06-09 23:41 - 13475464 ____A (Microsoft Corporation) C:\Users\Nikolaj Hansen\Downloads\mseinstall.exe
2013-06-09 23:37 - 2012-11-07 19:31 - 00000000 ____D C:\Games
2013-06-09 21:55 - 2013-06-09 21:55 - 00012879 ____A C:\Users\Nikolaj Hansen\Desktop\Dates rattrapages.odt
2013-06-08 20:24 - 2012-10-12 22:57 - 00000000 ____D C:\Users\Nikolaj Hansen\AppData\Roaming\Spotify
2013-06-08 08:18 - 2013-06-08 07:45 - 00000000 ____D C:\Users\Nikolaj Hansen\Downloads\Klovn.DANISH.English.Hardcoded.Subs.Seasons.1-6.Dvdrip.XviD
2013-06-06 17:15 - 2012-10-12 22:59 - 00000000 ____D C:\Users\Nikolaj Hansen\AppData\Local\Spotify
2013-06-03 21:20 - 2012-11-01 19:55 - 00846022 ____A C:\Users\Nikolaj Hansen\danid.log
2013-06-02 00:59 - 2013-06-02 00:17 - 00000000 ____D C:\Users\Nikolaj Hansen\Desktop\Rattrapages
2013-06-01 17:10 - 2012-10-13 04:24 - 00000000 ____D C:\Users\Nikolaj Hansen\AppData\Roaming\Skype
2013-05-28 14:13 - 2009-07-14 01:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe
2013-05-28 14:12 - 2013-05-28 14:12 - 00000000 ____D C:\Program Files (x86)\x264 Video Codec
2013-05-25 23:40 - 2013-05-23 16:21 - 00000000 ____D C:\Users\Nikolaj Hansen\AppData\Roaming\Audacity
2013-05-25 19:04 - 2013-05-23 18:18 - 00000000 ____D C:\Users\Nikolaj Hansen\AppData\Roaming\.minecraft
2013-05-23 18:37 - 2013-05-23 18:37 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2013-05-23 18:19 - 2013-03-04 22:06 - 00000000 ____D C:\Program Files\Java
2013-05-23 16:32 - 2013-05-23 16:32 - 00000000 ____D C:\Users\Nikolaj Hansen\AppData\Roaming\NCH Software
2013-05-23 16:31 - 2013-05-23 16:31 - 00000000 ____D C:\ProgramData\NCH Software
2013-05-22 10:44 - 2013-05-22 10:44 - 00000921 ____A C:\Windows\QSFVExit.bat
2013-05-22 10:44 - 2013-05-18 23:24 - 00000000 ____D C:\Users\Nikolaj Hansen\AppData\Roaming\Octoshape
2013-05-22 10:39 - 2013-05-22 10:39 - 00000000 ____D C:\Program Files\QuickSFV
2013-05-20 17:22 - 2012-11-10 11:44 - 00000000 ____D C:\Users\Nikolaj Hansen\AppData\Roaming\Bioshock
2013-05-19 19:03 - 2012-10-13 20:52 - 00000000 ____D C:\Users\Nikolaj Hansen\AppData\Roaming\DAEMON Tools Lite
2013-05-19 18:51 - 2011-02-11 21:57 - 00000000 ____D C:\Windows\Panther
2013-05-19 18:27 - 2012-11-15 15:53 - 00000000 ____D C:\Users\Nikolaj Hansen\AppData\Local\SKIDROW
2013-05-19 13:04 - 2012-10-13 17:08 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-05-19 13:02 - 2009-07-14 07:13 - 00806788 ____A C:\Windows\System32\PerfStringBackup.INI
2013-05-18 23:24 - 2012-10-13 18:38 - 00000000 ____D C:\Users\Nikolaj Hansen\AppData\Roaming\Mozilla
2013-05-15 20:49 - 2013-03-21 17:24 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-05-15 20:49 - 2013-03-21 17:24 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-05-13 00:40 - 2013-05-13 00:34 - 00000000 ____D C:\Users\Nikolaj Hansen\AppData\Roaming\Bioshock2
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-06-03 13:39
 
==================== End Of Log ============================

 

 

---------------------------

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-06-2013
Ran by Nikolaj Hansen at 2013-06-10 13:03:23 Run:
Running from C:\Users\Nikolaj Hansen\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Installed Programs =======================
 
???? ??? Windows Live (Version: 15.4.3502.0922)
???? Windows Live (Version: 15.4.3502.0922)
?????? ??????? ?? Windows Live (Version: 15.4.3502.0922)
???????? ?????????? Windows Live (Version: 15.4.3502.0922)
?????????? Windows Live (Version: 15.4.3502.0922)
??????????? ?? Windows Live (Version: 15.4.3502.0922)
„Windows Live Essentials“ (Version: 15.4.3502.0922)
„Windows Live Mail“ (Version: 15.4.3502.0922)
„Windows Live Messenger“ (Version: 15.4.3538.0513)
„Windows Live“ fotogalerija (Version: 15.4.3502.0922)
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
Adobe Flash Player 11 ActiveX (Version: 11.7.700.202)
Adobe Photoshop CS6 (Version: 13.0)
Adobe Reader XI (11.0.02) (Version: 11.0.02)
Apple Application Support (Version: 2.3.3)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
BitTorrent (Version: 7.8.0.29626)
Bonjour (Version: 3.0.0.10)
CCleaner (Version: 4.02)
D3DX10 (Version: 15.4.2368.0902)
DAEMON Tools Lite (Version: 4.47.1.0333)
DivX Setup (Version: 2.6.1.28)
Dual-Core Optimizer (Version: 1.1.4.0169)
Fotogalerija Windows Live (Version: 15.4.3502.0922)
Galeria de Fotografias do Windows Live (Version: 15.4.3502.0922)
Galería fotográfica de Windows Live (Version: 15.4.3502.0922)
Galeria fotografii uslugi Windows Live (Version: 15.4.3502.0922)
Galerie de photos Windows Live (Version: 15.4.3502.0922)
Galerie foto Windows Live (Version: 15.4.3502.0922)
Google Chrome (Version: 27.0.1453.110)
Google Drive (Version: 1.9.4536.8202)
Google Update Helper (Version: 1.3.21.145)
Intel PROSet Wireless
Intel® Management Engine Components (Version: 7.0.0.1144)
Intel® Processor Graphics (Version: 8.15.10.2266)
Intel® PROSet/Wireless for Bluetooth® 3.0 + High Speed (Version: 15.0.0.0059)
Intel® PROSet/Wireless Software for Bluetooth® Technology (Version: 1.3.0.0621)
Intel® Rapid Storage Technology (Version: 10.1.5.1001)
Intel® PROSet/Wireless WiFi Software (Version: 15.00.0000.0642)
iTunes (Version: 11.0.2.26)
Java 7 Update 17 (64-bit) (Version: 7.0.170)
Java 7 Update 21 (Version: 7.0.210)
Java 7 Update 9 (64-bit) (Version: 7.0.90)
Java Auto Updater (Version: 2.1.9.5)
Juniper Networks Network Connect 7.2.0 (Version: 7.2.0.21697)
Juniper Networks, Inc. Setup Client (Version: 7.2.4.25005)
Juniper Networks, Inc. Setup Client 64-bit Activex Control (Version: 2.1.1.1)
Juniper Networks, Inc. Setup Client Activex Control (Version: 2.1.1.1)
Junk Mail filter update (Version: 15.4.3502.0922)
League of Legends (Version: 1.3)
LogMeIn Hamachi (Version: 2.1.0.362)
Mesh Runtime (Version: 15.4.5722.2)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Games for Windows - LIVE Redistributable (Version: 3.5.88.0)
Microsoft Games for Windows Marketplace (Version: 3.5.50.0)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (Version: 9.0.21022.218)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual J# .NET Redistributable Package 1.1 (Version: 1.1.4322)
Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Mozilla Maintenance Service (Version: 16.0.2)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
msvcrt_installer (Version: 1.0.0)
NVIDIA Display Control Panel (Version: 6.14.12.6883)
NVIDIA Graphics Driver 268.83 (Version: 268.83)
NVIDIA Install Application (Version: 2.265.42.0)
NVIDIA Optimus 1.0.23 (Version: 1.0.23)
NVIDIA PhysX (Version: 9.12.0613)
NVIDIA Update Components (Version: 1.0.23)
OpenOffice.org 3.4.1 (Version: 3.41.9593)
PDF Settings CS6 (Version: 11.0)
Poczta uslugi Windows Live (Version: 15.4.3502.0922)
Podstawowe programy Windows Live (Version: 15.4.3502.0922)
Pošta Windows Live (Version: 15.4.3502.0922)
Raccolta foto di Windows Live (Version: 15.4.3502.0922)
Realtek Ethernet Controller Driver (Version: 7.44.421.2011)
Realtek High Definition Audio Driver (Version: 6.0.1.6413)
S?????? f?t???af??? t?? Windows Live (Version: 15.4.3502.0922)
Samsung Recovery Solution 5 (Version: 5.0.1.5)
SFR - Kit de connexion (Version: 11.5.2.1)
Skype™ 6.1 (Version: 6.1.129)
Spotify (Version: 0.9.1.43.gca4c2c73)
Synaptics Pointing Device Driver (Version: 15.3.7.0)
ToolbarFR (Version: 1.0.0)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
VLC media player 2.0.6 (Version: 2.0.6)
Windows Live ?? (Version: 15.4.3502.0922)
Windows Live ?? ??? (Version: 15.4.3502.0922)
Windows Live ??? (Version: 15.4.3502.0922)
Windows Live ??? (Version: 15.4.3538.0513)
Windows Live ???? (Version: 15.4.3502.0922)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live fotoattelu galerija (Version: 15.4.3502.0922)
Windows Live Fotogaléria (Version: 15.4.3502.0922)
Windows Live Fotogalerie (Version: 15.4.3502.0922)
Windows Live Foto-galerija (Version: 15.4.3502.0922)
Windows Live Fotogalleri (Version: 15.4.3502.0922)
Windows Live Fotograf Galerisi (Version: 15.4.3502.0922)
Windows Live Fotótár (Version: 15.4.3502.0922)
Windows Live Galeria de Fotos (Version: 15.4.3502.0922)
Windows Live Galerija fotografija (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3538.0513)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Pošta (Version: 15.4.3502.0922)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live Temel Parçalar (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Windows Liven asennustyökalu (Version: 15.4.3502.0922)
Windows Liven sähköposti (Version: 15.4.3502.0922)
Windows Liven valokuvavalikoima (Version: 15.4.3502.0922)
 
==================== Restore Points  =========================
 
27-05-2013 07:26:22 Windows Update
09-06-2013 21:38:01 Removed C3
09-06-2013 21:54:37 Installed Microsoft Fix it 50692
09-06-2013 21:57:41 Installed Microsoft Fix it 50692
09-06-2013 22:11:26 Removed C3
09-06-2013 23:47:49 avast! Free Antivirus Setup
10-06-2013 00:07:39 avast! Free Antivirus Setup
10-06-2013 07:11:55 Windows Update
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/10/2013 10:02:17 AM) (Source: Microsoft Security Client Setup) (User: NikolajHansen)
Description: HRESULT:0x8004FF82
Description:Cannot complete the Security Essentials installation. An error has prevented the Security Essentials setup wizard from completing successfully. Please restart your computer and try again. Error code:0x8004FF82.
 
Error: (06/10/2013 10:02:16 AM) (Source: MsiInstaller) (User: NikolajHansen)
Description: Product: Microsoft Security Client -- Error 1923. Service '@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243' (NisSrv) could not be installed.  Verify that you have sufficient privileges to install system services.
 
Error: (06/10/2013 10:02:16 AM) (Source: MsiInstaller) (User: NikolajHansen)
Description: Product: Microsoft Security Client -- Error 1923. Service 'Microsoft Antimalware Service' (MsMpSvc) could not be installed.  Verify that you have sufficient privileges to install system services.
 
Error: (06/10/2013 09:45:10 AM) (Source: Microsoft Security Client Setup) (User: NikolajHansen)
Description: HRESULT:0x80070643
Description:Cannot complete the Security Essentials installation. An error has prevented the Security Essentials setup wizard from completing successfully. Please restart your computer and try again. Error code:0x80070643. Fatal error during installation.
 
Error: (06/10/2013 09:38:23 AM) (Source: Microsoft Security Client Setup) (User: NikolajHansen)
Description: HRESULT:0x80070643
Description:Cannot complete the Security Essentials installation. An error has prevented the Security Essentials setup wizard from completing successfully. Please restart your computer and try again. Error code:0x80070643. Fatal error during installation.
 
Error: (06/10/2013 09:38:09 AM) (Source: Microsoft-Windows-WMI) (User: NT AUTHORITY)
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (06/10/2013 09:36:51 AM) (Source: Application Error) (User: )
Description: Faulting application name: OUCore.exe, version: 1.1.2.0, time stamp: 0x4dd6308d
Faulting module name: MSVCR90.dll, version: 9.0.30729.6161, time stamp: 0x4dace5b9
Exception code: 0x40000015
Fault offset: 0x0005beae
Faulting process id: 0x8c4
Faulting application start time: 0xOUCore.exe0
Faulting application path: OUCore.exe1
Faulting module path: OUCore.exe2
Report Id: OUCore.exe3
 
Error: (06/10/2013 09:24:43 AM) (Source: Microsoft Security Client Setup) (User: NikolajHansen)
Description: HRESULT:0x80070643
Description:Cannot complete the Security Essentials installation. An error has prevented the Security Essentials setup wizard from completing successfully. Please restart your computer and try again. Error code:0x80070643. Fatal error during installation.
 
Error: (06/10/2013 09:17:21 AM) (Source: Microsoft Security Client Setup) (User: NikolajHansen)
Description: HRESULT:0x80070643
Description:Cannot complete the Security Essentials installation. An error has prevented the Security Essentials setup wizard from completing successfully. Please restart your computer and try again. Error code:0x80070643. Fatal error during installation.
 
Error: (06/10/2013 08:19:21 AM) (Source: Microsoft-Windows-WMI) (User: NT AUTHORITY)
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
 
System errors:
=============
Error: (06/10/2013 09:36:54 AM) (Source: Service Control Manager) (User: )
Description: The Orange update Core Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (06/10/2013 09:36:31 AM) (Source: Service Control Manager) (User: )
Description: The Microsoft Antimalware Service service failed to start due to the following error: 
%%2
 
Error: (06/10/2013 09:08:13 AM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (06/10/2013 09:06:08 AM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (06/10/2013 09:03:27 AM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Bluetooth Device Monitor service.
 
Error: (06/10/2013 09:01:05 AM) (Source: Service Control Manager) (User: )
Description: The Bluetooth Media Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (06/10/2013 09:01:05 AM) (Source: Service Control Manager) (User: )
Description: The Bluetooth OBEX Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (06/10/2013 08:18:09 AM) (Source: Service Control Manager) (User: )
Description: The Orange update Core Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (06/10/2013 08:17:57 AM) (Source: Service Control Manager) (User: )
Description: The WinDefend service terminated with the following error: 
%%5
 
Error: (06/10/2013 08:17:42 AM) (Source: Service Control Manager) (User: )
Description: The Microsoft Antimalware Service service failed to start due to the following error: 
%%5
 
 
Microsoft Office Sessions:
=========================
Error: (06/10/2013 10:02:17 AM) (Source: Microsoft Security Client Setup)(User: NikolajHansen)
Description: HRESULT:0x8004FF82
Description:Cannot complete the Security Essentials installation. An error has prevented the Security Essentials setup wizard from completing successfully. Please restart your computer and try again. Error code:0x8004FF82.
 
Error: (06/10/2013 10:02:16 AM) (Source: MsiInstaller)(User: NikolajHansen)
Description: Product: Microsoft Security Client -- Error 1923. Service '@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243' (NisSrv) could not be installed.  Verify that you have sufficient privileges to install system services.(NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (06/10/2013 10:02:16 AM) (Source: MsiInstaller)(User: NikolajHansen)
Description: Product: Microsoft Security Client -- Error 1923. Service 'Microsoft Antimalware Service' (MsMpSvc) could not be installed.  Verify that you have sufficient privileges to install system services.(NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (06/10/2013 09:45:10 AM) (Source: Microsoft Security Client Setup)(User: NikolajHansen)
Description: HRESULT:0x80070643
Description:Cannot complete the Security Essentials installation. An error has prevented the Security Essentials setup wizard from completing successfully. Please restart your computer and try again. Error code:0x80070643. Fatal error during installation.
 
Error: (06/10/2013 09:38:23 AM) (Source: Microsoft Security Client Setup)(User: NikolajHansen)
Description: HRESULT:0x80070643
Description:Cannot complete the Security Essentials installation. An error has prevented the Security Essentials setup wizard from completing successfully. Please restart your computer and try again. Error code:0x80070643. Fatal error during installation.
 
Error: (06/10/2013 09:38:09 AM) (Source: Microsoft-Windows-WMI)(User: NT AUTHORITY)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/10/2013 09:36:51 AM) (Source: Application Error)(User: )
Description: OUCore.exe1.1.2.04dd6308dMSVCR90.dll9.0.30729.61614dace5b9400000150005beae8c401ce65ad3d1d1bd3C:\Program Files (x86)\Orange\OrangeUpdate\Service\OUCore.exeC:\windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll8391fa02-d1a0-11e2-860f-b80305944660
 
Error: (06/10/2013 09:24:43 AM) (Source: Microsoft Security Client Setup)(User: NikolajHansen)
Description: HRESULT:0x80070643
Description:Cannot complete the Security Essentials installation. An error has prevented the Security Essentials setup wizard from completing successfully. Please restart your computer and try again. Error code:0x80070643. Fatal error during installation.
 
Error: (06/10/2013 09:17:21 AM) (Source: Microsoft Security Client Setup)(User: NikolajHansen)
Description: HRESULT:0x80070643
Description:Cannot complete the Security Essentials installation. An error has prevented the Security Essentials setup wizard from completing successfully. Please restart your computer and try again. Error code:0x80070643. Fatal error during installation.
 
Error: (06/10/2013 08:19:21 AM) (Source: Microsoft-Windows-WMI)(User: NT AUTHORITY)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 46%
Total physical RAM: 4009.55 MB
Available physical RAM: 2144.63 MB
Total Pagefile: 8017.28 MB
Available Pagefile: 5983.19 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:675.26 GB) (Free:123.1 GB) NTFS (Disk=0 Partition=2)
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 699 GB) (Disk ID: 3882832C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=675 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=23 GB) - (Type=27)
 
==================== End Of Log ============================


#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:26 PM

Posted 10 June 2013 - 07:30 AM

Hello nikolajlh



I need you to download this script I have made for you --> Attached File  fixlist.txt   386bytes   2 downloads

It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)

Run FRST again but this time press the Fix button just once and wait.


When finished, it will make a log (fixlog.txt) next to FRST. Please copy and paste the content of this file to your reply.


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 nikolajlh

nikolajlh
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:26 PM

Posted 10 June 2013 - 08:58 AM

Ran the Fix but the problem still persists. Here's the log from the fix:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 09-06-2013
Ran by Nikolaj Hansen at 2013-06-10 15:54:41 Run:1
Running from C:\Users\Nikolaj Hansen\Downloads
Boot Mode: Normal
==============================================
 
Winsock: Catalog5 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll
Winsock: Catalog5-x64 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll
C:\Program Files\Microsoft Security Client => File/Directory not found.
 
==== End of Fixlog ====


#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:26 PM

Posted 10 June 2013 - 12:39 PM


Hello nikolajlh

I would like you to try and run these next.

TDSSKiller

Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Put a checkmark beside loaded modules.
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
  • Click the Start Scan button.
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
  • If malicious objects are found, they will show in the Scan results
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • more than one report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". The one that I need is the larger one. Please copy and paste the contents of that file here.

    Note** this report can be very long - so if the website gives you an error saying it is to long you may attache it

    If the forum still complains about it being to long send me everything that is at the end of the report after where it says

    ==================
    Scan finished
    ==================
and I will see if I want to see the whole report

--RogueKiller--

Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
  • Quit all programs that you may have started.
  • Please disconnect any external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • the scan will make two reports the one I would like to see is called RKreport[2].txt on your Desktop
  • Exit/Close RogueKiller+
send me the reports made from TDSSKiller and Roguekiller and also let me know how the computer is doing at this time.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:26 PM

Posted 13 June 2013 - 12:49 AM



Hello

48 Hour bump

It has been more than 48 hours since my last post.
  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:26 PM

Posted 15 June 2013 - 11:13 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users