Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Just a chek for my computer.


  • This topic is locked This topic is locked
4 replies to this topic

#1 Korkel

Korkel

  • Banned
  • 58 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:56 PM

Posted 13 September 2013 - 02:31 AM

Hello,

 

I want chek if my computer is clean, can someone help me with that?

 

DDS:

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16537  BrowserJavaVersion: 10.25.2
Run by Mark at 9:22:13 on 2013-09-13
Microsoft Windows 8 Pro  6.2.9200.0.1252.31.1043.18.12140.9638 [GMT 2:00]
.
AV: Emsisoft Anti-Malware *Enabled/Updated* {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Emsisoft Anti-Malware *Enabled/Updated* {3E653F0B-EA3E-10F8-1B87-CAD78F211367}
FW: Online Armor Firewall *Enabled* {BD3F5FCA-866B-1E2E-0A68-58900A751EA1}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Online Armor\oasrv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe
C:\Windows\system32\dashost.exe
C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
C:\Windows\system32\inetsrv\inetinfo.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Fighters\FighterSuiteService.exe
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Program Files\Genie9\Zoolz2\ZoolzService.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\System32\dwm.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\KeyScrambler\x64\KeyScramblerLogon.exe
C:\Windows\system32\taskhostex.exe
C:\Windows\Explorer.EXE
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Process Lasso\processgovernor.exe
C:\Program Files\Process Lasso\processlasso.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Online Armor\oaui.exe
C:\Program Files (x86)\Keyboard LEDs\KeyboardLeds.exe
C:\Users\Mark\AppData\Local\Skillbrains\lightshot\4.4.2.0\LightShot.exe
C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Mark\AppData\Roaming\uTorrent\uTorrent.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Online Armor\OAhlp.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.nl/
mWinlogon: Userinit = userinit.exe,
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [KeyboardLeds.exe] "C:\Program Files (x86)\Keyboard LEDs\KeyboardLeds.exe"
uRun: [Facebook Update] "C:\Users\Mark\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [Nuria] C:\Program Files (x86)\Nuria\Nuria.exe
uRun: [Jing] C:\Program Files (x86)\TechSmith\Jing\jing.exe
uRun: [AdobeBridge] <no file>
mRun: [emsisoft anti-malware] "c:\program files (x86)\emsisoft anti-malware\a2guard.exe" /d=60
mRun: [CommonToolkitTray] C:\Program Files (x86)\Fighters\Tray\FightersTray.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [KeyScrambler] C:\Program Files (x86)\KeyScrambler\keyscrambler.exe /a
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
mRun: [vmware-tray.exe] "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"
mRun: [AdobeCEPServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe" -launchedbylogin
StartupFolder: C:\Users\Mark\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\FACEBO~1.LNK - C:\Users\Mark\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe
StartupFolder: C:\Users\Mark\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\VERZEN~1.LNK - C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
IE: &Verzenden naar OneNote - C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: E&xporteren naar Microsoft Excel - C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
TCP: Interfaces\{2599BFDE-B1B4-49CC-A728-0FE92F249A32} : DHCPNameServer = 145.90.234.110 145.90.234.111 10.1.0.55
TCP: Interfaces\{2599BFDE-B1B4-49CC-A728-0FE92F249A32}\146716E64656E624F637 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{2599BFDE-B1B4-49CC-A728-0FE92F249A32}\A7F643367603 : DHCPNameServer = 192.168.2.254
TCP: Interfaces\{B9FD90F7-DEF9-416C-9B0C-5955D40429CA} : NameServer = 8.8.8.8
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
x64-Run: [@OnlineArmor GUI] "C:\Program Files (x86)\Online Armor\oaui.exe"
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [Zoolz Tray] "C:\Program Files\Genie9\Zoolz2\ZoolzLauncher.exe" "C:\Program Files\Genie9\Zoolz2\Zoolz.exe" "-Delay"
x64-mPolicies-System: PromptOnSecureDesktop = dword:0
x64-mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.3 www.anchorfree.net
Hosts: 127.0.0.2 www.mefeedia.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\zknk5jwb.default-1373973751304\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/
FF - prefs.js: network.proxy.type - 4
FF - plugin: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll
FF - plugin: C:\Program Files (x86)\Common Files\ThreeShips Shared\Dll\npTSHelper.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
FF - plugin: C:\Users\Mark\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll
FF - plugin: C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\zknk5jwb.default-1373973751304\extensions\coralietab@mozdev.org\plugins\npCoralIETab.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-07-16 13:25; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\zknk5jwb.default-1373973751304\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-07-16 13:25; coralietab@mozdev.org; C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\zknk5jwb.default-1373973751304\extensions\coralietab@mozdev.org
FF - ExtSQL: 2013-09-04 20:03; afext@anchorfree.com; C:\Program Files (x86)\Mozilla Firefox\browser\extensions\afext@anchorfree.com
.
============= SERVICES / DRIVERS ===============
.
R0 nvpciflt;nvpciflt;C:\Windows\System32\Drivers\nvpciflt.sys [2012-12-11 30056]
R0 vsock;vSockets Driver;C:\Windows\System32\Drivers\vsock.sys [2013-9-4 73296]
R1 A2DDA;A2 Direct Disk Access Support Driver;C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [2013-5-21 26176]
R1 a2injectiondriver;a2injectiondriver;C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [2013-5-21 44688]
R1 a2util;a-squared Malware-IDS utility driver;C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [2013-5-21 17384]
R1 HssDRV6;Hotspot Shield Routing Driver 6;C:\Windows\System32\Drivers\hssdrv6.sys [2013-6-21 46792]
R1 OADevice;OADriver;C:\Windows\SysWOW64\drivers\OADriver.sys [2013-5-18 61632]
R1 oahlpXX;Online Armor helper driver;C:\Windows\SysWOW64\drivers\oahlp64.sys [2013-5-18 62016]
R1 OAmon;OAmon;C:\Windows\SysWOW64\drivers\OAmon.sys [2013-5-18 40520]
R2 a2AntiMalware;Emsisoft Anti-Malware 7.0 - Service;C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [2013-5-21 4159464]
R2 hshld;Hotspot Shield Service;C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [2013-8-16 852264]
R2 HssWd;Hotspot Shield Monitoring Service;C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [2013-8-16 555304]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-5-16 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-5-16 701512]
R2 Suite Service;Suite Service;C:\Program Files (x86)\Fighters\FighterSuiteService.exe [2013-6-5 1281568]
R2 SvcOnlineArmor;Online Armor;C:\Program Files (x86)\Online Armor\oasrv.exe [2013-5-18 4463864]
R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-8-9 4308320]
R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2013-8-26 904248]
R2 VMwareHostd;VMware Workstation Server;C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [2013-8-27 14401104]
R2 Zoolz 2 Service;Zoolz Service;C:\Program Files\Genie9\Zoolz2\ZoolzService.exe [2013-8-4 453648]
R3 a2acc;a2acc;C:\Program Files (x86)\Emsisoft Anti-Malware\a2accx64.sys [2013-5-21 70960]
R3 cleanhlp;cleanhlp;C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [2013-7-2 57024]
R3 dtscsibus;DAEMON Tools Virtual SCSI Bus;C:\Windows\System32\Drivers\dtscsibus.sys [2013-6-12 29696]
R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\Drivers\k57nd60a.sys [2012-6-2 425472]
R3 KeyScrambler;KeyScrambler;C:\Windows\System32\Drivers\keyscrambler.sys [2013-5-16 222200]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\Drivers\mbam.sys [2013-5-16 25928]
R3 OAnet;OnlineArmor Service;C:\Windows\System32\Drivers\OAnet.sys [2013-5-18 35376]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);C:\Windows\System32\Drivers\tap0901t.sys [2013-9-10 31232]
R3 taphss6;Anchorfree HSS VPN Adapter;C:\Windows\System32\Drivers\taphss6.sys [2013-6-21 42184]
S2 MySQL56;MySQL56;"C:/Program Files/MySQL/MySQL Server 5.6/bin\mysqld" --defaults-file="C:\ProgramData\MySQL\MySQL Server 5.6\my.ini" MySQL56 --> C:/Program Files/MySQL/MySQL Server 5.6/bin\mysqld [?]
S2 OAcat;Online Armor Helper Service;C:\Program Files (x86)\Online Armor\oacat.exe [2013-5-18 216072]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-7-25 162672]
S2 vToolbarUpdater15.4.0;vToolbarUpdater15.4.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe --> C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe [?]
S3 Disc Soft Bus Service;Disc Soft Bus Service;C:\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe [2013-5-23 632352]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE [2012-10-1 178824]
S3 PSI;PSI;C:\Windows\System32\Drivers\psi_mf_amd64.sys [2013-4-18 18456]
S3 Revoflt;Revoflt;C:\Windows\System32\Drivers\revoflt.sys [2013-5-15 31800]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TunngleService;TunngleService;C:\Program Files (x86)\Tunngle\TnglCtrl.exe [2013-9-10 759192]
S3 vmbusr;Provider van virtuele-machinebus;C:\Windows\System32\Drivers\vmbusr.sys [2012-7-26 117248]
S3 WMSVC;Web Management-service;C:\Windows\System32\inetsrv\WMSvc.exe [2012-7-26 10752]
S3 WUDFWpdMtp;WUDFWpdMtp;C:\Windows\System32\Drivers\WUDFRd.sys [2012-7-26 198656]
.
=============== File Associations ===============
.
ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CC\dreamweaver.exe", "%1"
ShellExec: Opera.exe: open="C:\Program Files (x86)\Opera\Launcher.exe" "%1"
.
=============== Created Last 30 ================
.
2013-09-12 15:03:26 -------- d-----w- C:\Program Files\PremiumSoft
2013-09-12 15:01:23 -------- d-----w- C:\Program Files (x86)\PremiumSoft
2013-09-12 11:12:55 -------- d-----w- C:\Users\Mark\AppData\Local\ElevatedDiagnostics
2013-09-10 19:25:04 1025024 ----a-w- C:\Users\Mark\MoodEditor.exe
2013-09-10 09:49:11 -------- d-----w- C:\Users\Mark\AppData\Roaming\Tunngle
2013-09-10 09:49:11 -------- d-----w- C:\ProgramData\Tunngle
2013-09-10 09:49:07 31232 ----a-w- C:\Windows\System32\drivers\tap0901t.sys
2013-09-10 09:49:06 -------- d-----w- C:\Program Files (x86)\Tunngle
2013-09-10 08:30:44 -------- d-----w- C:\Program Files (x86)\Microsoft Games
2013-09-10 08:29:53 485600 ------w- C:\Program Files (x86)\Microsoft Games\Age of Empires II\DPLAY61A.EXE
2013-09-07 09:54:57 -------- d-----w- C:\Users\Mark\AppData\Local\Spotify
2013-09-07 09:54:43 -------- d-----w- C:\Users\Mark\AppData\Roaming\Spotify
2013-09-05 11:49:52 -------- d-----w- C:\Users\Mark\AppData\Local\SmartFTP Client 5.0 Setup
2013-09-04 18:36:36 -------- d-----w- C:\Users\Mark\AppData\Local\Adobe
2013-09-04 16:33:29 -------- d-----w- C:\Users\Mark\Camera Mouse
2013-09-04 15:05:42 -------- d-----w- C:\Program Files (x86)\Camera Mouse
2013-09-04 11:38:23 73296 ----a-w- C:\Windows\System32\drivers\vsock.sys
2013-09-04 11:38:23 67664 ----a-w- C:\Windows\System32\vsocklib.dll
2013-09-04 11:38:21 64080 ----a-w- C:\Windows\System32\drivers\vmx86.sys
2013-09-04 11:38:21 32848 ----a-w- C:\Windows\System32\drivers\VMkbd.sys
2013-09-04 11:37:21 30800 ----a-w- C:\Windows\System32\drivers\vmnetuserif.sys
2013-09-04 11:37:04 930384 ----a-w- C:\Windows\System32\vnetlib64.dll
2013-09-04 11:36:59 53816 ----a-w- C:\Windows\System32\drivers\hcmon.sys
2013-09-04 11:36:37 -------- d-----w- C:\Program Files\Common Files\VMware
2013-09-04 11:35:36 -------- d-----w- C:\Program Files (x86)\VMware
2013-09-04 11:35:36 -------- d-----w- C:\Program Files (x86)\Common Files\VMware
2013-09-04 11:17:47 -------- d-----w- C:\Users\Mark\AppData\Roaming\MySQL
2013-09-04 11:11:12 -------- d-----w- C:\Program Files\MySQL
2013-09-04 11:07:17 -------- d-----w- C:\Program Files (x86)\MySQL
2013-09-04 11:07:16 -------- d-----w- C:\ProgramData\MySQL
2013-09-04 11:05:52 -------- d-----w- C:\Program Files (x86)\iis express
2013-09-04 11:05:06 -------- d-----w- C:\Program Files\runphp
2013-09-04 11:04:09 -------- d-----w- C:\Program Files\Microsoft
2013-09-04 10:55:42 -------- d-----w- C:\Windows\SysWow64\BestPractices
2013-09-04 10:55:19 -------- d-----w- C:\Windows\System32\BestPractices
2013-09-04 10:55:10 -------- d-----w- C:\inetpub
2013-08-30 16:14:17 -------- d-----w- C:\Users\Mark\AppData\Roaming\JAM Software
2013-08-30 16:14:11 -------- d-----w- C:\Program Files\JAM Software
2013-08-29 18:22:09 -------- d-----w- C:\Program Files (x86)\Sanny
2013-08-29 15:38:28 -------- d-----w- C:\Program Files (x86)\OPSWAT
2013-08-29 15:38:20 -------- d-----w- C:\ProgramData\OPSWAT
2013-08-29 15:33:33 -------- d-----w- C:\Users\Mark\AppData\Roaming\Genie9
2013-08-29 15:33:08 -------- d-----w- C:\Program Files\Genie9
2013-08-29 11:21:25 -------- d-----w- C:\Program Files (x86)\Common Files\ThreeShips Shared
2013-08-28 14:43:52 -------- d-----w- C:\ProgramData\ErrorEND64
2013-08-28 14:43:45 -------- d-----w- C:\Program Files\ErrorEND
2013-08-27 10:42:02 80464 ----a-w- C:\Windows\System32\vmnetbridge.dll
2013-08-27 10:42:02 49232 ----a-w- C:\Windows\System32\vnetinst.dll
2013-08-27 10:42:02 46160 ----a-w- C:\Windows\System32\drivers\vmnetbridge.sys
2013-08-27 10:42:02 24656 ----a-w- C:\Windows\System32\drivers\vmnet.sys
2013-08-27 10:42:02 20560 ----a-w- C:\Windows\System32\drivers\vmnetadapter.sys
2013-08-24 17:56:00 -------- d-----w- C:\AdwCleaner
2013-08-24 17:50:05 -------- d-----w- C:\Users\Mark\AppData\Local\Fighters
2013-08-24 17:50:03 -------- d-----w- C:\ProgramData\AVG SafeGuard toolbar
2013-08-24 17:49:55 -------- d-----w- C:\Program Files (x86)\AVG SafeGuard toolbar
2013-08-24 17:49:20 -------- d--h--w- C:\ProgramData\Common Files
2013-08-24 17:48:12 -------- d-----w- C:\Users\Mark\AppData\Roaming\Hotspot Shield
2013-08-22 19:17:51 -------- d-----w- C:\Program Files (x86)\MoonTools
2013-08-20 15:38:46 -------- d-----w- C:\Users\Mark\AppData\Roaming\Pamela
2013-08-20 15:38:41 -------- d-----w- C:\Program Files (x86)\Pamela RichMood Editor
2013-08-17 10:04:00 -------- d-----w- C:\Program Files (x86)\Maxis
2013-08-17 10:03:09 306176 ----a-w- C:\Windows\IsUn0413.exe
2013-08-17 10:00:35 -------- d-----w- C:\SETUP
2013-08-17 10:00:35 -------- d-----w- C:\SC3
2013-08-17 10:00:35 -------- d-----w- C:\Ref Cards
2013-08-15 16:25:12 85584 ----a-w- C:\Windows\System32\drivers\vmci.sys
2013-08-15 07:43:30 -------- d-----w- C:\Users\Mark\AppData\Local\SmartFTP Client 4.1 Setup
.
==================== Find3M  ====================
.
2013-07-22 02:19:42 126872 ----a-w- C:\Windows\System32\drivers\scdemu.sys
2013-07-21 13:58:55 98304 ----a-w- C:\Windows\SysWow64\CmdLineExt.dll
2013-07-14 04:29:50 105616 ----a-w- C:\Windows\System32\KeyScramblerLogon.dll
2013-07-02 16:26:15 82523 ----a-w- C:\Program Files\Uninstall.$$A
2013-06-21 01:09:44 42184 ----a-w- C:\Windows\System32\drivers\taphss6.sys
2013-06-21 01:07:16 46792 ----a-w- C:\Windows\System32\drivers\hssdrv6.sys
2013-06-16 22:41:31 997632 ----a-w- C:\Windows\System32\drivers\ndis.sys
2013-04-07 01:16:47 89144 ----a-w- C:\Program Files\bass.$$A
.
============= FINISH:  9:26:34,61 ===============
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16537  BrowserJavaVersion: 10.25.2
Run by Mark at 9:22:13 on 2013-09-13
Microsoft Windows 8 Pro  6.2.9200.0.1252.31.1043.18.12140.9638 [GMT 2:00]
.
AV: Emsisoft Anti-Malware *Enabled/Updated* {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Emsisoft Anti-Malware *Enabled/Updated* {3E653F0B-EA3E-10F8-1B87-CAD78F211367}
FW: Online Armor Firewall *Enabled* {BD3F5FCA-866B-1E2E-0A68-58900A751EA1}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Online Armor\oasrv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe
C:\Windows\system32\dashost.exe
C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
C:\Windows\system32\inetsrv\inetinfo.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Fighters\FighterSuiteService.exe
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Program Files\Genie9\Zoolz2\ZoolzService.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\System32\dwm.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\KeyScrambler\x64\KeyScramblerLogon.exe
C:\Windows\system32\taskhostex.exe
C:\Windows\Explorer.EXE
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Process Lasso\processgovernor.exe
C:\Program Files\Process Lasso\processlasso.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Online Armor\oaui.exe
C:\Program Files (x86)\Keyboard LEDs\KeyboardLeds.exe
C:\Users\Mark\AppData\Local\Skillbrains\lightshot\4.4.2.0\LightShot.exe
C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Mark\AppData\Roaming\uTorrent\uTorrent.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Online Armor\OAhlp.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.nl/
mWinlogon: Userinit = userinit.exe,
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [KeyboardLeds.exe] "C:\Program Files (x86)\Keyboard LEDs\KeyboardLeds.exe"
uRun: [Facebook Update] "C:\Users\Mark\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [Nuria] C:\Program Files (x86)\Nuria\Nuria.exe
uRun: [Jing] C:\Program Files (x86)\TechSmith\Jing\jing.exe
uRun: [AdobeBridge] <no file>
mRun: [emsisoft anti-malware] "c:\program files (x86)\emsisoft anti-malware\a2guard.exe" /d=60
mRun: [CommonToolkitTray] C:\Program Files (x86)\Fighters\Tray\FightersTray.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [KeyScrambler] C:\Program Files (x86)\KeyScrambler\keyscrambler.exe /a
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
mRun: [vmware-tray.exe] "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"
mRun: [AdobeCEPServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe" -launchedbylogin
StartupFolder: C:\Users\Mark\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\FACEBO~1.LNK - C:\Users\Mark\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe
StartupFolder: C:\Users\Mark\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\VERZEN~1.LNK - C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
IE: &Verzenden naar OneNote - C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: E&xporteren naar Microsoft Excel - C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
TCP: Interfaces\{2599BFDE-B1B4-49CC-A728-0FE92F249A32} : DHCPNameServer = 145.90.234.110 145.90.234.111 10.1.0.55
TCP: Interfaces\{2599BFDE-B1B4-49CC-A728-0FE92F249A32}\146716E64656E624F637 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{2599BFDE-B1B4-49CC-A728-0FE92F249A32}\A7F643367603 : DHCPNameServer = 192.168.2.254
TCP: Interfaces\{B9FD90F7-DEF9-416C-9B0C-5955D40429CA} : NameServer = 8.8.8.8
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
x64-Run: [@OnlineArmor GUI] "C:\Program Files (x86)\Online Armor\oaui.exe"
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [Zoolz Tray] "C:\Program Files\Genie9\Zoolz2\ZoolzLauncher.exe" "C:\Program Files\Genie9\Zoolz2\Zoolz.exe" "-Delay"
x64-mPolicies-System: PromptOnSecureDesktop = dword:0
x64-mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.3 www.anchorfree.net
Hosts: 127.0.0.2 www.mefeedia.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\zknk5jwb.default-1373973751304\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/
FF - prefs.js: network.proxy.type - 4
FF - plugin: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll
FF - plugin: C:\Program Files (x86)\Common Files\ThreeShips Shared\Dll\npTSHelper.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
FF - plugin: C:\Users\Mark\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll
FF - plugin: C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\zknk5jwb.default-1373973751304\extensions\coralietab@mozdev.org\plugins\npCoralIETab.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-07-16 13:25; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\zknk5jwb.default-1373973751304\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-07-16 13:25; coralietab@mozdev.org; C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\zknk5jwb.default-1373973751304\extensions\coralietab@mozdev.org
FF - ExtSQL: 2013-09-04 20:03; afext@anchorfree.com; C:\Program Files (x86)\Mozilla Firefox\browser\extensions\afext@anchorfree.com
.
============= SERVICES / DRIVERS ===============
.
R0 nvpciflt;nvpciflt;C:\Windows\System32\Drivers\nvpciflt.sys [2012-12-11 30056]
R0 vsock;vSockets Driver;C:\Windows\System32\Drivers\vsock.sys [2013-9-4 73296]
R1 A2DDA;A2 Direct Disk Access Support Driver;C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [2013-5-21 26176]
R1 a2injectiondriver;a2injectiondriver;C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [2013-5-21 44688]
R1 a2util;a-squared Malware-IDS utility driver;C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [2013-5-21 17384]
R1 HssDRV6;Hotspot Shield Routing Driver 6;C:\Windows\System32\Drivers\hssdrv6.sys [2013-6-21 46792]
R1 OADevice;OADriver;C:\Windows\SysWOW64\drivers\OADriver.sys [2013-5-18 61632]
R1 oahlpXX;Online Armor helper driver;C:\Windows\SysWOW64\drivers\oahlp64.sys [2013-5-18 62016]
R1 OAmon;OAmon;C:\Windows\SysWOW64\drivers\OAmon.sys [2013-5-18 40520]
R2 a2AntiMalware;Emsisoft Anti-Malware 7.0 - Service;C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [2013-5-21 4159464]
R2 hshld;Hotspot Shield Service;C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [2013-8-16 852264]
R2 HssWd;Hotspot Shield Monitoring Service;C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [2013-8-16 555304]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-5-16 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-5-16 701512]
R2 Suite Service;Suite Service;C:\Program Files (x86)\Fighters\FighterSuiteService.exe [2013-6-5 1281568]
R2 SvcOnlineArmor;Online Armor;C:\Program Files (x86)\Online Armor\oasrv.exe [2013-5-18 4463864]
R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-8-9 4308320]
R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2013-8-26 904248]
R2 VMwareHostd;VMware Workstation Server;C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [2013-8-27 14401104]
R2 Zoolz 2 Service;Zoolz Service;C:\Program Files\Genie9\Zoolz2\ZoolzService.exe [2013-8-4 453648]
R3 a2acc;a2acc;C:\Program Files (x86)\Emsisoft Anti-Malware\a2accx64.sys [2013-5-21 70960]
R3 cleanhlp;cleanhlp;C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [2013-7-2 57024]
R3 dtscsibus;DAEMON Tools Virtual SCSI Bus;C:\Windows\System32\Drivers\dtscsibus.sys [2013-6-12 29696]
R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\Drivers\k57nd60a.sys [2012-6-2 425472]
R3 KeyScrambler;KeyScrambler;C:\Windows\System32\Drivers\keyscrambler.sys [2013-5-16 222200]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\Drivers\mbam.sys [2013-5-16 25928]
R3 OAnet;OnlineArmor Service;C:\Windows\System32\Drivers\OAnet.sys [2013-5-18 35376]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);C:\Windows\System32\Drivers\tap0901t.sys [2013-9-10 31232]
R3 taphss6;Anchorfree HSS VPN Adapter;C:\Windows\System32\Drivers\taphss6.sys [2013-6-21 42184]
S2 MySQL56;MySQL56;"C:/Program Files/MySQL/MySQL Server 5.6/bin\mysqld" --defaults-file="C:\ProgramData\MySQL\MySQL Server 5.6\my.ini" MySQL56 --> C:/Program Files/MySQL/MySQL Server 5.6/bin\mysqld [?]
S2 OAcat;Online Armor Helper Service;C:\Program Files (x86)\Online Armor\oacat.exe [2013-5-18 216072]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-7-25 162672]
S2 vToolbarUpdater15.4.0;vToolbarUpdater15.4.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe --> C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe [?]
S3 Disc Soft Bus Service;Disc Soft Bus Service;C:\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe [2013-5-23 632352]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE [2012-10-1 178824]
S3 PSI;PSI;C:\Windows\System32\Drivers\psi_mf_amd64.sys [2013-4-18 18456]
S3 Revoflt;Revoflt;C:\Windows\System32\Drivers\revoflt.sys [2013-5-15 31800]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TunngleService;TunngleService;C:\Program Files (x86)\Tunngle\TnglCtrl.exe [2013-9-10 759192]
S3 vmbusr;Provider van virtuele-machinebus;C:\Windows\System32\Drivers\vmbusr.sys [2012-7-26 117248]
S3 WMSVC;Web Management-service;C:\Windows\System32\inetsrv\WMSvc.exe [2012-7-26 10752]
S3 WUDFWpdMtp;WUDFWpdMtp;C:\Windows\System32\Drivers\WUDFRd.sys [2012-7-26 198656]
.
=============== File Associations ===============
.
ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CC\dreamweaver.exe", "%1"
ShellExec: Opera.exe: open="C:\Program Files (x86)\Opera\Launcher.exe" "%1"
.
=============== Created Last 30 ================
.
2013-09-12 15:03:26 -------- d-----w- C:\Program Files\PremiumSoft
2013-09-12 15:01:23 -------- d-----w- C:\Program Files (x86)\PremiumSoft
2013-09-12 11:12:55 -------- d-----w- C:\Users\Mark\AppData\Local\ElevatedDiagnostics
2013-09-10 19:25:04 1025024 ----a-w- C:\Users\Mark\MoodEditor.exe
2013-09-10 09:49:11 -------- d-----w- C:\Users\Mark\AppData\Roaming\Tunngle
2013-09-10 09:49:11 -------- d-----w- C:\ProgramData\Tunngle
2013-09-10 09:49:07 31232 ----a-w- C:\Windows\System32\drivers\tap0901t.sys
2013-09-10 09:49:06 -------- d-----w- C:\Program Files (x86)\Tunngle
2013-09-10 08:30:44 -------- d-----w- C:\Program Files (x86)\Microsoft Games
2013-09-10 08:29:53 485600 ------w- C:\Program Files (x86)\Microsoft Games\Age of Empires II\DPLAY61A.EXE
2013-09-07 09:54:57 -------- d-----w- C:\Users\Mark\AppData\Local\Spotify
2013-09-07 09:54:43 -------- d-----w- C:\Users\Mark\AppData\Roaming\Spotify
2013-09-05 11:49:52 -------- d-----w- C:\Users\Mark\AppData\Local\SmartFTP Client 5.0 Setup
2013-09-04 18:36:36 -------- d-----w- C:\Users\Mark\AppData\Local\Adobe
2013-09-04 16:33:29 -------- d-----w- C:\Users\Mark\Camera Mouse
2013-09-04 15:05:42 -------- d-----w- C:\Program Files (x86)\Camera Mouse
2013-09-04 11:38:23 73296 ----a-w- C:\Windows\System32\drivers\vsock.sys
2013-09-04 11:38:23 67664 ----a-w- C:\Windows\System32\vsocklib.dll
2013-09-04 11:38:21 64080 ----a-w- C:\Windows\System32\drivers\vmx86.sys
2013-09-04 11:38:21 32848 ----a-w- C:\Windows\System32\drivers\VMkbd.sys
2013-09-04 11:37:21 30800 ----a-w- C:\Windows\System32\drivers\vmnetuserif.sys
2013-09-04 11:37:04 930384 ----a-w- C:\Windows\System32\vnetlib64.dll
2013-09-04 11:36:59 53816 ----a-w- C:\Windows\System32\drivers\hcmon.sys
2013-09-04 11:36:37 -------- d-----w- C:\Program Files\Common Files\VMware
2013-09-04 11:35:36 -------- d-----w- C:\Program Files (x86)\VMware
2013-09-04 11:35:36 -------- d-----w- C:\Program Files (x86)\Common Files\VMware
2013-09-04 11:17:47 -------- d-----w- C:\Users\Mark\AppData\Roaming\MySQL
2013-09-04 11:11:12 -------- d-----w- C:\Program Files\MySQL
2013-09-04 11:07:17 -------- d-----w- C:\Program Files (x86)\MySQL
2013-09-04 11:07:16 -------- d-----w- C:\ProgramData\MySQL
2013-09-04 11:05:52 -------- d-----w- C:\Program Files (x86)\iis express
2013-09-04 11:05:06 -------- d-----w- C:\Program Files\runphp
2013-09-04 11:04:09 -------- d-----w- C:\Program Files\Microsoft
2013-09-04 10:55:42 -------- d-----w- C:\Windows\SysWow64\BestPractices
2013-09-04 10:55:19 -------- d-----w- C:\Windows\System32\BestPractices
2013-09-04 10:55:10 -------- d-----w- C:\inetpub
2013-08-30 16:14:17 -------- d-----w- C:\Users\Mark\AppData\Roaming\JAM Software
2013-08-30 16:14:11 -------- d-----w- C:\Program Files\JAM Software
2013-08-29 18:22:09 -------- d-----w- C:\Program Files (x86)\Sanny
2013-08-29 15:38:28 -------- d-----w- C:\Program Files (x86)\OPSWAT
2013-08-29 15:38:20 -------- d-----w- C:\ProgramData\OPSWAT
2013-08-29 15:33:33 -------- d-----w- C:\Users\Mark\AppData\Roaming\Genie9
2013-08-29 15:33:08 -------- d-----w- C:\Program Files\Genie9
2013-08-29 11:21:25 -------- d-----w- C:\Program Files (x86)\Common Files\ThreeShips Shared
2013-08-28 14:43:52 -------- d-----w- C:\ProgramData\ErrorEND64
2013-08-28 14:43:45 -------- d-----w- C:\Program Files\ErrorEND
2013-08-27 10:42:02 80464 ----a-w- C:\Windows\System32\vmnetbridge.dll
2013-08-27 10:42:02 49232 ----a-w- C:\Windows\System32\vnetinst.dll
2013-08-27 10:42:02 46160 ----a-w- C:\Windows\System32\drivers\vmnetbridge.sys
2013-08-27 10:42:02 24656 ----a-w- C:\Windows\System32\drivers\vmnet.sys
2013-08-27 10:42:02 20560 ----a-w- C:\Windows\System32\drivers\vmnetadapter.sys
2013-08-24 17:56:00 -------- d-----w- C:\AdwCleaner
2013-08-24 17:50:05 -------- d-----w- C:\Users\Mark\AppData\Local\Fighters
2013-08-24 17:50:03 -------- d-----w- C:\ProgramData\AVG SafeGuard toolbar
2013-08-24 17:49:55 -------- d-----w- C:\Program Files (x86)\AVG SafeGuard toolbar
2013-08-24 17:49:20 -------- d--h--w- C:\ProgramData\Common Files
2013-08-24 17:48:12 -------- d-----w- C:\Users\Mark\AppData\Roaming\Hotspot Shield
2013-08-22 19:17:51 -------- d-----w- C:\Program Files (x86)\MoonTools
2013-08-20 15:38:46 -------- d-----w- C:\Users\Mark\AppData\Roaming\Pamela
2013-08-20 15:38:41 -------- d-----w- C:\Program Files (x86)\Pamela RichMood Editor
2013-08-17 10:04:00 -------- d-----w- C:\Program Files (x86)\Maxis
2013-08-17 10:03:09 306176 ----a-w- C:\Windows\IsUn0413.exe
2013-08-17 10:00:35 -------- d-----w- C:\SETUP
2013-08-17 10:00:35 -------- d-----w- C:\SC3
2013-08-17 10:00:35 -------- d-----w- C:\Ref Cards
2013-08-15 16:25:12 85584 ----a-w- C:\Windows\System32\drivers\vmci.sys
2013-08-15 07:43:30 -------- d-----w- C:\Users\Mark\AppData\Local\SmartFTP Client 4.1 Setup
.
==================== Find3M  ====================
.
2013-07-22 02:19:42 126872 ----a-w- C:\Windows\System32\drivers\scdemu.sys
2013-07-21 13:58:55 98304 ----a-w- C:\Windows\SysWow64\CmdLineExt.dll
2013-07-14 04:29:50 105616 ----a-w- C:\Windows\System32\KeyScramblerLogon.dll
2013-07-02 16:26:15 82523 ----a-w- C:\Program Files\Uninstall.$$A
2013-06-21 01:09:44 42184 ----a-w- C:\Windows\System32\drivers\taphss6.sys
2013-06-21 01:07:16 46792 ----a-w- C:\Windows\System32\drivers\hssdrv6.sys
2013-06-16 22:41:31 997632 ----a-w- C:\Windows\System32\drivers\ndis.sys
2013-04-07 01:16:47 89144 ----a-w- C:\Program Files\bass.$$A
.
============= FINISH:  9:26:34,61 ===============
 

Awesome.



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,461 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:56 AM

Posted 17 September 2013 - 09:30 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please reset your HOSTS file back to the default.
How To:
http://support.microsoft.com/kb/972034
===

Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete tab follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).
  • ===

    thisisujrt.gif Please download
    Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
  • ===

    --RogueKiller--
  • Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
  • Third party programs if not up to date can be the cause of infiltration an infection.
    ===

    Please run this security check for my review.

    Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  • p.s.
    If the SecurityCheck program fails to run for any reason, run it as an Administrator.
    ===

    Please paste the logs in your next reply DO NOT ATTACH THEM.
    Let me know what problem persists.


#3 Korkel

Korkel
  • Topic Starter

  • Banned
  • 58 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:56 PM

Posted 18 September 2013 - 12:53 PM

Sorry, but I reinstalled my PC, we must test an image on school on the PC. :P



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,461 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:56 AM

Posted 18 September 2013 - 01:21 PM

Thank you for the feedback.

This topic will be closed.

#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,461 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:56 AM

Posted 18 September 2013 - 01:21 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users