Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I believe im infected with something called "Zero Access".


  • This topic is locked This topic is locked
26 replies to this topic

#1 jackjohn

jackjohn

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:27 AM

Posted 07 December 2013 - 02:28 PM

So i came across http://www.bleepingcomputer.com/forums/t/506048/very-nasty-redirect-virus/ this thread after googling a chrome redirect virus. The symptoms the user describes are familiar. So, after reading the thread i decided to run the Farbar recorvery scan tool and lo and behold there are some "zero access" lines in there. Specifically these ones:

 

ZeroAccess:

C:\Windows\Installer\{ed25164d-75c9-ed26-18e8-b85a2a42aa1b}
C:\Windows\Installer\{ed25164d-75c9-ed26-18e8-b85a2a42aa1b}\L\00000004.@
 
ZeroAccess:
C:\Users\Jelco\AppData\Local\4111c9b6
C:\Users\Jelco\AppData\Local\4111c9b6\@
 
At first i wanted to follow the same steps as in the thread above, but the instructor warned against that. So here I am.
 
Thank you in advance for any help.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:27 AM

Posted 08 December 2013 - 02:52 AM



Hello jackjohn

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.





I need to get some reports to get a base to start from so I need you to run these programs first.



-Download DDS-
  • Please download DDS from one of the links below and save it to your desktop:

    dds_scr.gif
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3
    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
      • DDS.txt
      • Attach.txt
    • A window will open instructing you save & post the logs
    • Save the logs to a convenient place such as your desktop
    • Copy the contents of both logs & post in your next reply
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 jackjohn

jackjohn
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:27 AM

Posted 08 December 2013 - 12:44 PM

Thank you for replying. I was beginning to think this post got buried. Anyway here are the logs:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 1.6.0_33
Run by Jelco at 18:39:43 on 2013-12-08
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.31.1043.18.8173.5695 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: IObit Malware Fighter *Enabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 7\Monitor.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Users\Jelco\AppData\Roaming\Faceless LLC\Faceless Internet Connection\FacelessService.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Users\Jelco\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Users\Jelco\AppData\Local\FluxSoftware\Flux\flux.exe
C:\Users\Jelco\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe
"C:\Users\Jelco\AppData\Roaming\miner\Svchost.exe" -o pool.50btc.com:8332 -u johnsontremor@gmail.com -p 123 -I d
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
C:\Program Files (x86)\AutoPowerOn\AutoPowerOnService.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Users\Jelco\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jelco\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jelco\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jelco\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jelco\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jelco\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jelco\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jelco\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jelco\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jelco\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jelco\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jelco\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jelco\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://nl.search.yahoo.com/?type=198484&fr=spigot-yhp-ie
uWindow Title = Internet Explorer, enhanced for Bing and MSN
uSearch Page = hxxp://www.google.com
uProxyServer = 66.146.193.31:80
uSearchAssistant = hxxp://www.google.com
uURLSearchHooks: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - <orphaned>
uURLSearchHooks: {87775fdb-6972-41f9-ae51-8326e38cb206} - <orphaned>
BHO: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - <orphaned>
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Aanmeldhulp voor Windows Live ID: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Advanced SystemCare Browser Protection: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [update] "\.exeFalse"
uRun: [flashupdate] "\.exeFalse"
uRun: [updater] "\.exeFalse"
uRun: [Google Update] "C:\Users\Jelco\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Akamai NetSession Interface] "C:\Users\Jelco\AppData\Local\Akamai\netsession_win.exe"
uRun: [ISUSPM Startup] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
uRun: [F.lux] "C:\Users\Jelco\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
uRun: [miner] "C:\Users\Jelco\AppData\Roaming\miner\nircmd.exe" exec hide "C:\Users\Jelco\AppData\Roaming\miner\begin.bat"
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [Advanced SystemCare 7] "C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun: [SearchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
mRun: [IObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart
dRun: [Advanced SystemCare 6] "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart
StartupFolder: C:\Users\Jelco\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Logitech . Productregistratie.lnk - C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html
IE: Free YouTube Download - C:\Users\Jelco\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
TCP: NameServer = 212.54.40.25 212.54.35.25
TCP: Interfaces\{C807A93C-8B03-4F6A-A92A-5AB81D11D27D} : DHCPNameServer = 212.54.40.25 212.54.35.25
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
x64-mWinlogon: Userinit = C:\Windows\System32\userinit.exe
x64-BHO: ExplorerWnd Helper: {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Jelco\AppData\Roaming\Mozilla\Firefox\Profiles\wtsx8lr0.default\
FF - prefs.js: browser.startup.homepage - hxxp://nl.search.yahoo.com/?type=198484&fr=spigot-yhp-ff
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\id Software\QuakeLive\npquakezero.dll
FF - plugin: C:\Users\Jelco\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: C:\Users\Jelco\AppData\Roaming\raidcall\plugins\nprcplugin.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-12-06 20:45; {58d2a791-6199-482f-a9aa-9b725ec61362}; C:\Users\Jelco\AppData\Roaming\Mozilla\Firefox\Profiles\wtsx8lr0.default\extensions\{58d2a791-6199-482f-a9aa-9b725ec61362}
FF - ExtSQL: 2013-12-06 21:46; ascsurfingprotection@iobit.com; C:\Users\Jelco\AppData\Roaming\Mozilla\Firefox\Profiles\wtsx8lr0.default\extensions\ascsurfingprotection@iobit.com
.
---- FIREFOX POLICIES ----
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: content.notify.ontimer - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.switch.threshold - 750000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-9-27 248240]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-11-8 283064]
R2 AdvancedSystemCareService7;Advanced SystemCare Service 7;C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [2013-12-6 878368]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-14 27136]
R2 Application Updater;Application Updater;C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe [2013-11-27 807800]
R2 Faceless;Faceless;C:\Users\Jelco\AppData\Roaming\Faceless LLC\Faceless Internet Connection\FacelessService.exe [2013-6-8 109552]
R2 IMFservice;IMF Service;C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2013-12-8 335168]
R2 LiveUpdateSvc;LiveUpdate;C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2013-12-6 2151200]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-1-20 134944]
R2 PCAutoPowerOnService;Auto Power-on & Shut-down Service;C:\Program Files (x86)\AutoPowerOn\AutoPowerOnService.exe [2012-8-10 599040]
R2 RtNdPt60;Realtek NDIS Protocol Driver;C:\Windows\System32\drivers\RtNdPt60.sys [2011-9-24 32544]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]
R3 AmUStor;AM USB Stroage Driver;C:\Windows\System32\drivers\AmUStor.sys [2012-11-9 104280]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2013-6-24 140032]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2013-6-24 420608]
R3 FileMonitor;FileMonitor;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2013-12-8 23048]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]
R3 RegFilter;RegFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys [2013-12-8 34336]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-10-21 883928]
R3 UrlFilter;UrlFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys [2013-12-8 23016]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2013-4-30 9216]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-21 162408]
S3 DIRECTIO;DIRECTIO;C:\Program Files\PerformanceTest\DirectIo64.sys [2013-9-23 25704]
S3 DrvAgent64;DrvAgent64;C:\Windows\SysWOW64\drivers\DrvAgent64.SYS [2012-7-23 21712]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2013-9-6 137336]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-11-27 111616]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2011-9-25 17152]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136]
S3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\System32\drivers\LVUSBS64.sys [2007-5-11 50208]
S3 LVUVC64;Logitech HD Webcam C270(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-5 19456]
S3 RivaTuner64;RivaTuner64;C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [2009-8-22 19952]
S3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.2);C:\Windows\System32\drivers\RtTeam60.sys [2011-9-24 48416]
S3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);C:\Windows\System32\drivers\RtVlan60.sys [2011-9-24 29472]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013.SP5\RpcAgentSrv.exe [2013-9-6 71832]
S3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.2);C:\Windows\System32\drivers\RtTeam60.sys [2011-9-24 48416]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-5 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-11-5 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-9-25 1255736]
.
=============== File Associations ===============
.
FileExt: .txt: textfile="C:\Program Files (x86)\Windows NT\Accessories\WORDPAD.EXE" "%1" [UserChoice]
.
=============== Created Last 30 ================
.
2013-12-08 17:31:29 10285968 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{15BF1741-15F2-452E-8076-4F31934E89FC}\mpengine.dll
2013-12-07 19:04:42 -------- d-----w- C:\FRST
2013-12-07 00:37:21 965000 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F17C104C-B0D7-45CF-8843-953E941BDE94}\gapaengine.dll
2013-12-07 00:37:08 10285968 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-12-07 00:37:08 10285968 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{575FBB38-782E-4301-8AA6-7AFE3BF70D5F}\mpengine.dll
2013-12-06 21:30:47 -------- d-----w- C:\Program Files (x86)\The Dark Descent
2013-12-06 19:46:23 -------- d-----w- C:\ProgramData\ProductData
2013-12-06 19:46:18 -------- d-----w- C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2013-12-06 19:45:33 -------- d-----w- C:\Program Files (x86)\Application Updater
2013-11-28 13:27:46 -------- d-----w- C:\Users\Jelco\AppData\Local\Logitech® Webcam Software
2013-11-28 13:16:30 53248 ----a-r- C:\Users\Jelco\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2013-11-28 13:15:52 -------- d-----w- C:\Program Files (x86)\Common Files\LWS
2013-11-28 13:09:57 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
2013-11-28 13:07:29 -------- d-----w- C:\Users\Jelco\AppData\Roaming\Logishrd
2013-11-27 12:20:55 -------- d-----w- C:\Users\Jelco\AppData\Roaming\GameMaker-Studio
2013-11-27 12:10:54 -------- d-----w- C:\Users\Jelco\GameMaker-Studio 1.2
2013-11-27 12:10:54 -------- d-----w- C:\Users\Jelco\AppData\Local\GameMaker-Studio
2013-11-22 11:49:08 197120 ----a-w- C:\Windows\System32\credui.dll
2013-11-22 11:49:08 1930752 ----a-w- C:\Windows\System32\authui.dll
2013-11-22 11:49:08 190464 ----a-w- C:\Windows\System32\SmartcardCredentialProvider.dll
2013-11-22 11:49:08 1796096 ----a-w- C:\Windows\SysWow64\authui.dll
2013-11-22 11:49:08 168960 ----a-w- C:\Windows\SysWow64\credui.dll
2013-11-22 11:49:08 152576 ----a-w- C:\Windows\SysWow64\SmartcardCredentialProvider.dll
2013-11-16 14:01:16 -------- d-----w- C:\ProgramData\WaLMaRT
2013-11-12 01:59:46 -------- d-----w- C:\Users\Jelco\AppData\Local\factormystic.net
2013-11-08 20:58:16 -------- d-----w- C:\ProgramData\Blizzard Entertainment
.
==================== Find3M  ====================
.
2013-11-19 10:21:41 267936 ------w- C:\Windows\System32\MpSigStub.exe
2013-11-08 00:51:10 283064 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2013-10-21 16:22:09 836544 ----a-w- C:\Windows\System32\tadefxapo264.dll
2013-10-21 16:21:59 693352 ----a-w- C:\Windows\System32\DTSVoiceClarityDLL64.dll
2013-10-21 16:20:39 31672 ----a-w- C:\Windows\System32\nvhdap64.dll
2013-10-21 16:20:39 194488 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys
2013-10-21 16:20:39 1510328 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll
2013-10-21 16:19:14 883928 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys
2013-10-21 16:19:14 74456 ----a-w- C:\Windows\System32\RtNicProp64.dll
2013-10-21 16:19:14 108760 ----a-w- C:\Windows\System32\RTNUninst64.dll
2013-10-21 15:59:16 81920 ----a-w- C:\Windows\SysWow64\davclnt.dll
2013-10-21 15:59:16 259584 ----a-w- C:\Windows\System32\WebClnt.dll
2013-10-21 15:59:16 205824 ----a-w- C:\Windows\SysWow64\WebClnt.dll
2013-10-21 15:59:16 140800 ----a-w- C:\Windows\System32\drivers\mrxdav.sys
2013-10-21 15:59:16 102400 ----a-w- C:\Windows\System32\davclnt.dll
2013-10-12 02:30:42 830464 ----a-w- C:\Windows\System32\nshwfp.dll
2013-10-12 02:29:21 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL
2013-10-12 02:29:08 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
2013-10-12 02:03:08 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll
2013-10-12 02:01:25 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL
2013-10-08 23:27:11 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-08 23:27:11 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-10-05 20:25:35 1474048 ----a-w- C:\Windows\System32\crypt32.dll
2013-10-05 19:57:25 1168384 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-10-03 02:23:48 404480 ----a-w- C:\Windows\System32\gdi32.dll
2013-10-03 02:00:44 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2013-09-28 01:09:10 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2013-09-27 08:53:06 248240 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2013-09-27 08:53:06 134944 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2013-09-25 02:26:40 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2013-09-25 02:26:40 154560 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2013-09-25 02:23:33 28672 ----a-w- C:\Windows\System32\sspisrv.dll
2013-09-25 02:23:33 135680 ----a-w- C:\Windows\System32\sspicli.dll
2013-09-25 02:23:01 28160 ----a-w- C:\Windows\System32\secur32.dll
2013-09-25 02:22:59 340992 ----a-w- C:\Windows\System32\schannel.dll
2013-09-25 02:21:50 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2013-09-25 02:21:07 1447936 ----a-w- C:\Windows\System32\lsasrv.dll
2013-09-25 01:58:17 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2013-09-25 01:57:26 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2013-09-25 01:57:24 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2013-09-25 01:56:42 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2013-09-25 01:03:24 30720 ----a-w- C:\Windows\System32\lsass.exe
2013-09-20 16:46:56 155584 ----a-w- C:\Windows\System32\drivers\ataport.sys
2013-09-16 11:19:22 99288 ----a-w- C:\Windows\System32\drivers\TeeDriverx64.sys
2013-09-16 11:19:22 1795952 ----a-w- C:\Windows\System32\WdfCoInstaller01011.dll
.
============= FINISH: 18:40:42,88 ===============
 
 
 
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume1
Install Date: 24-9-2011 14:18:28
System Uptime: 8-12-2013 18:19:11 (0 hours ago)
.
Motherboard: ASUSTeK Computer INC. |  | P8H67
Processor: Intel® Core™ i7-2600K CPU @ 3.40GHz | LGA1155 | 3401/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 931 GiB total, 457,258 GiB free.
D: is CDROM ()
E: is CDROM (CDFS)
F: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: WAN-minipoort (PPPOE)
Device ID: ROOT\MS_PPPOEMINIPORT\0000
Manufacturer: Microsoft
Name: WAN-minipoort (PPPOE)
PNP Device ID: ROOT\MS_PPPOEMINIPORT\0000
Service: RasPppoe
.
==== System Restore Points ===================
.
RP973: 13-11-2013 18:26:22 - Windows Update
RP975: 16-11-2013 1:49:31 - Windows Update
RP977: 20-11-2013 23:38:12 - Windows Update
RP979: 22-11-2013 12:48:25 - Installatieprogramma voor Windows-modules
RP980: 22-11-2013 22:07:41 - DirectX is geïnstalleerd.
RP981: 22-11-2013 22:08:47 - DirectX is geïnstalleerd.
RP983: 24-11-2013 12:56:01 - Windows Update
RP985: 27-11-2013 2:42:48 - Windows Update
RP987: 30-11-2013 14:16:24 - Windows Update
RP988: 2-12-2013 1:30:10 - DirectX is geïnstalleerd.
RP990: 4-12-2013 10:53:06 - Windows Update
RP992: 6-12-2013 20:44:35 - Removed IObit Apps Toolbar v6.7.
RP993: 6-12-2013 22:25:32 - DirectX is geïnstalleerd.
RP995: 8-12-2013 18:31:12 - Windows Update
.
==== Installed Programs ======================
.
«Total War™: SHOGUN 2»
1ClickDownloader
3DMark 11 Demo
3DMark Demo
Acrobat.com
Adobe Acrobat 5.0
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.03)
Adobe Shockwave Player 12.0
Advanced SystemCare 7
Aeria Ignite
AhaView
Akamai NetSession Interface
Akamai NetSession Interface Service
Amnesia - The Dark Descent 
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASIO4ALL
Asmedia ASM104x USB 3.0 Host Controller Driver
Assassin's Creed ® III
Assassin's Creed III
Assassin's Creed Revelations 1.03
µTorrent
Audacity 2.0.3
Auto Power-on & Shut-down 2.60
Baldur's Gate & Tales of the Sword Coast
Baldur's Gate™ II - Shadows of Amn™
Bastion
Battle for Wesnoth 1.10.0
Battle.net
BioWare Premium Module: Neverwinter Nights™ Kingmaker
BitZipper 2010
Black & White® 2
Black & White® 2 Battle of the Gods
Black and White
Bloodline Champions
Bonjour
Braid Game
Brothers - A Tale of Two Sons
Brytenwalda version 1.394
Bulk Rename Utility 2.7.1.2
Call of Duty® 4 - Modern Warfare™
Call of Duty® 4 - Modern Warfare™ 1.6 Patch
Call of Duty® 4 - Modern Warfare™ 1.7 Patch
Call of Duty: Black Ops II
Call of Duty: Black Ops II - Multiplayer
Call of Duty: Black Ops II - Zombies
CameraHelperMsi
CBR Reader
CCleaner
Chivalry: Medieval Warfare
Civilization III
Civilization III v1.29f
Civilization III: Conquests
Combined Community Codec Pack 2012-12-30
Command & Conquer Generals
Command and ConquerTM Generals Zero Hour
CPUID CPU-Z 1.60.1
CPUID HWMonitor 1.21
Cry of Fear
D3DX10
DAEMON Tools Lite
Dark Souls Prepare to Die Edition
DarthMod: Shogun II
Divine Wind version 5.1
Don't Starve
Doom 3 BFG Edition
Dota 2
DriverAgent by eSupport.com
DriverTuner 3.1.0.1
Duel of Champions
Dust: An Elysian Tail
erLT
f.lux
Far Cry 2
ffdshow [rev 3154] [2009-12-09]
FL Studio 10
foobar2000 v1.1.13
Forged By Chaos
Foxit Reader
Free File Viewer 2012
Free YouTube to MP3 Converter version 3.12.7.711
Futuremark SystemInfo
Game Dev Tycoon version 1.3.8
GameMaker-Studio 1.2
Geeks3D FurMark 1.11.0
Ghost Recon Online (EU)
GIF Viewer 3.3
Google Chrome
Google Update Helper
Hearthstone
Hearts of Iron III
Hi-Rez Studios Authenticate and Update Service
HiJackThis
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB945282)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946040)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946308)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946344)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB947540)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB947789)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB948127)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB951708)
Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB945282)
Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB946040)
Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB946308)
Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB947540)
Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB947789)
Hotfix for Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU (KB944899)
IObit Apps Toolbar v8.3
IObit Malware Fighter
IObit Uninstaller
iTunes
Java 7 Update 21 (64-bit)
Java Auto Updater
Java™ 6 Update 22
Java™ 6 Update 33
League of Legends
Legend of Grimrock
LIMBO
Logitech-webcamsoftware
Logitech SetPoint 6.32
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Twitter
LWS Video Mask Maker
LWS VideoEffects
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
Malwarebytes Anti-Malware version 1.75.0.1300
Medieval - Total War - Gold Edition
Metro 2033
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2008 Management Objects
Microsoft SQL Server Compact 3.5 SP1 Design Tools English
Microsoft SQL Server Compact 3.5 SP1 English
Microsoft Visual Basic 2008 Express Edition with SP1 - ENU
Microsoft Visual C# 2008 Express Edition with SP1 - ENU
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106
Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU
Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU Service Pack 1 (KB945140)
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
Microsoft XNA Framework Redistributable 3.1
Mount&Blade Warband
Mount&Blade With Fire and Sword
Mozilla Firefox 25.0 (x86 nl)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
My Game Long Name
Myst III: Exile
Myst IV - Revelation
Myst Masterpiece Edition
Neverwinter Nights
Nexus Mod Manager
Notepad++
NovaBench 3.0.4
NVIDIA-configuratiescherm 320.49
NVIDIA 3D Vision Controller Driver
NVIDIA 3D Vision controllerstuurprogramma 301.42
NVIDIA Install Application
NVIDIA PhysX
NVIDIA Update 1.11.3
NVIDIA Update Components
Open Broadcaster Software version 0.452a
OpenOffice.org 3.4.1
Panzar
Path of Exile
PerformanceTest v8.0
PlanetSide 2
PunkBuster Services
Python 2.7.5
Quake Live Mozilla Plugin
Realistic Colors and Real Nights 3.0.1 - HDR Edition -
Realtek Ethernet Controller Driver For Windows Vista and Later
Realtek Ethernet Diagnostic Utility
Realtek High Definition Audio Driver
Reus
RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
Scratches Director's Cut 1.07
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
Security Update for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB2251487)
Security Update for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB2251487)
Sid Meier's Civilization 4
Sid Meier's Civilization 4 - Warlords
Sid Meier's Civilization V Brave New World
SiSoftware Sandra Lite 2013.SP5
Six Updater
Skype™ 6.6
Smite
SMPlayer 0.6.7
SpeedFan (remove only)
SPORE™
SQL Server System CLR Types
Steam
Surfing Protection
swMSM
System Requirements Lab
System Requirements Lab CYRI
TeamSpeak 3 Client
TechPowerUp GPU-Z
Terra Nova mod
The Darkness II
The Elder Scrolls V: Skyrim
The Settlers IV
The Ship
To the Moon
Total War ROME II
Total War Shogun 2 - Fall Of The Samurai
Ubisoft Game Launcher
Uninstall
Unlocker 1.9.2
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939)
Ventrilo Client for Windows x64
Victoria 2
Visual Studio 2008 x64 Redistributables
VLC media player 2.1.1
Vtune 7.20
Warhammer Mark of Chaos
Windows-stuurprogrammapakket - Alcor Micro, Corp. (AmUStor) USB  (11/06/2012 1.0.37.124)
Windows-stuurprogrammapakket - ASMedia Technology Inc (asmthub3) USB  (06/24/2013 1.16.10.0)
Windows-stuurprogrammapakket - ASMedia Technology Inc (asmtxhci) USB  (06/24/2013 1.16.10.0)
Windows-stuurprogrammapakket - Intel (MEIx64) System  (09/05/2013 9.5.15.1730)
Windows-stuurprogrammapakket - Intel hdc  (07/25/2013 9.2.0.1035)
Windows-stuurprogrammapakket - Intel hdc  (09/28/2010 9.2.0.1014)
Windows-stuurprogrammapakket - Intel System  (03/10/2011 9.2.0.1026)
Windows-stuurprogrammapakket - Intel System  (04/14/2011 1.2.0.1030)
Windows-stuurprogrammapakket - Intel System  (07/19/2011 9.2.0.1032)
Windows-stuurprogrammapakket - Intel System  (07/25/2013 9.2.0.1035)
Windows-stuurprogrammapakket - Intel USB  (07/25/2013 9.2.0.1035)
Windows 7 Upgrade Advisor
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
WinRAR 4.01 (64-bit)
Xfire (remove only)
XSplit
YGOPro DevPro version 1.9.6 r0
.
==== End Of File ===========================
 


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:27 AM

Posted 08 December 2013 - 08:28 PM



Hello jackjohn

These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 jackjohn

jackjohn
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:27 AM

Posted 09 December 2013 - 05:18 AM

# AdwCleaner v3.014 - Report created 09/12/2013 at 11:05:30
# Updated 01/12/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Jelco - JELCO-PC
# Running from : C:\Users\Jelco\Downloads\Setups\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
Service Deleted : Application Updater
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\ParetoLogic
Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder
Folder Deleted : C:\Program Files (x86)\Application Updater
Folder Deleted : C:\Program Files (x86)\Common Files\Spigot
Folder Deleted : C:\Users\Jelco\AppData\Local\apn
Folder Deleted : C:\Users\Jelco\AppData\Local\Conduit
Folder Deleted : C:\Users\Jelco\AppData\Local\eSupport.com
Folder Deleted : C:\Users\Jelco\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Jelco\AppData\LocalLow\Search Settings
Folder Deleted : C:\Users\Jelco\AppData\Roaming\dvdvideosoftiehelpers
Folder Deleted : C:\Users\Jelco\AppData\Roaming\Media Finder
Folder Deleted : C:\Users\Jelco\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\fcmdSrch.xml
File Deleted : C:\Users\Jelco\AppData\Roaming\Mozilla\Firefox\Profiles\wtsx8lr0.default\user.js
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Download with &Media Finder
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\adawarebp_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\adawarebp_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASMANCS
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchSettings]
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\GOGPACKREUS_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_hamachi_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_hamachi_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_voor_windows-movie-maker_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_voor_windows-movie-maker_RASMANCS
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [updater]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{03EB0E9C-7A91-4381-A220-9B52B641CDB1}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{03EB0E9C-7A91-4381-A220-9B52B641CDB1}]
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{03EB0E9C-7A91-4381-A220-9B52B641CDB1}]
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\MediaFinder
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKCU\Software\Search Settings
Key Deleted : HKCU\Software\smartbarbackup
Key Deleted : HKCU\Software\smartbarlog
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\Application Updater
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\Software\ParetoLogic
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\Search Settings
Key Deleted : HKLM\Software\Uniblue
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16428
 
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
 
-\\ Mozilla Firefox v25.0 (nl)
 
[ File : C:\Users\Jelco\AppData\Roaming\Mozilla\Firefox\Profiles\wtsx8lr0.default\prefs.js ]
 
 
-\\ Google Chrome v
 
[ File : C:\Users\Jelco\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [7965 octets] - [09/12/2013 11:04:51]
AdwCleaner[S0].txt - [6947 octets] - [09/12/2013 11:05:30]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7007 octets] ##########
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Home Premium x64
Ran by Jelco on ma 09-12-2013 at 11:10:07,75
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\adawarebp_rasdlg
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\Softonic_downloader_for_msft_word_wiewer_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\Softonic_downloader_for_msft_word_wiewer_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\Softonic_downloader_for_msft_word_wiewer_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\Softonic_downloader_for_msft_word_wiewer_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8551A0BB-BBF7-4EE1-B661-B7974A513004}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Users\Jelco\appdata\local\cre"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
Successfully deleted: [Empty Folder] C:\Users\Jelco\appdata\local\{30DDBE8D-1CEB-4FBC-A51A-4AAC2F4C9C42}
Successfully deleted: [Empty Folder] C:\Users\Jelco\appdata\local\{395352A5-8297-4E43-8478-0752E5A695EA}
Successfully deleted: [Empty Folder] C:\Users\Jelco\appdata\local\{67225FF2-17F9-44B5-8425-B8C8DC3850DE}
Successfully deleted: [Empty Folder] C:\Users\Jelco\appdata\local\{6A791FA9-0207-4166-8792-FE66C0A99DF3}
Successfully deleted: [Empty Folder] C:\Users\Jelco\appdata\local\{6E817C10-CA9C-480D-8753-51E47974813D}
Successfully deleted: [Empty Folder] C:\Users\Jelco\appdata\local\{75B3F490-231F-482C-B4ED-D3E16ED5F7EB}
Successfully deleted: [Empty Folder] C:\Users\Jelco\appdata\local\{78EE2553-D953-451F-A833-F2FDD1203EE1}
Successfully deleted: [Empty Folder] C:\Users\Jelco\appdata\local\{7ABA5C02-6BAD-45DC-B145-9F28AEE9BA80}
Successfully deleted: [Empty Folder] C:\Users\Jelco\appdata\local\{7CFEE42F-ECE9-467F-8B93-8B98A3E8A2AA}
Successfully deleted: [Empty Folder] C:\Users\Jelco\appdata\local\{A709EA3E-F30A-4927-AF45-59BC2E78B049}
Successfully deleted: [Empty Folder] C:\Users\Jelco\appdata\local\{BB4046EB-F998-4A85-A496-2BF867C43F6D}
Successfully deleted: [Empty Folder] C:\Users\Jelco\appdata\local\{C6A22124-BB5F-4918-A864-2E339609083E}
Successfully deleted: [Empty Folder] C:\Users\Jelco\appdata\local\{D20E33D7-F93F-4E9C-8573-66542BD2DDFA}
Successfully deleted: [Empty Folder] C:\Users\Jelco\appdata\local\{E20526F9-D4E5-45AA-9664-5A03D4DC1DC9}
Successfully deleted: [Empty Folder] C:\Users\Jelco\appdata\local\{E637BCD0-CA55-4F54-82B0-B50C52E55BF0}
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on ma 09-12-2013 at 11:14:32,53
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#6 jackjohn

jackjohn
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:27 AM

Posted 09 December 2013 - 05:21 AM

After running the Junkware Removal Tool i've noticed a decent speed increase. Definitely seems like we got rid of some nasty stuff.


Edited by jackjohn, 09 December 2013 - 05:23 AM.


#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:27 AM

Posted 09 December 2013 - 12:58 PM


Hello jackjohn

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 jackjohn

jackjohn
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:27 AM

Posted 09 December 2013 - 04:08 PM

ComboFix 13-12-08.01 - Jelco 09-12-2013  21:50:42.2.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.31.1043.18.8173.6424 [GMT 1:00]
Gestart vanuit: c:\users\Jelco\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((   Andere Verwijderingen   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\WinZip Driver Updater
c:\program files (x86)\WinZip Driver Updater\lang.lng
c:\program files (x86)\WinZip Driver Updater\unins000.dat
c:\program files (x86)\WinZip Driver Updater\updater\extract\copying.txt
c:\program files (x86)\WinZip Driver Updater\updater\extract\History.txt
c:\program files (x86)\WinZip Driver Updater\updater\extract\license.txt
c:\program files (x86)\WinZip Driver Updater\updater\extract\readme.txt
C:\STFA1AD.tmp
C:\STFDAFC.tmp
C:\STFDF81.tmp
C:\STFEAC4.tmp
c:\users\Jelco\AppData\Local\Tempals_inst.exe
c:\users\Jelco\AppData\Roaming\Adobe32
c:\users\Jelco\AppData\Roaming\Adobe32\diablo120328.cl
c:\users\Jelco\AppData\Roaming\Adobe32\diakgcn120427.cl
c:\users\Jelco\AppData\Roaming\Adobe32\libcurl.dll
c:\users\Jelco\AppData\Roaming\Adobe32\libeay32.dll
c:\users\Jelco\AppData\Roaming\Adobe32\libidn-11.dll
c:\users\Jelco\AppData\Roaming\Adobe32\libssl32.dll
c:\users\Jelco\AppData\Roaming\Adobe32\poclbm120327.cl
c:\users\Jelco\AppData\Roaming\Adobe32\pthreadGC2.dll
c:\users\Jelco\AppData\Roaming\dclogs
c:\users\Jelco\AppData\Roaming\dclogs\2013-10-13-1.dc
c:\users\Jelco\AppData\Roaming\dclogs\2013-10-14-2.dc
c:\users\Jelco\AppData\Roaming\dclogs\2013-10-15-3.dc
c:\users\Jelco\AppData\Roaming\dclogs\2013-10-16-4.dc
c:\users\Jelco\AppData\Roaming\dclogs\2013-10-17-5.dc
c:\users\Jelco\AppData\Roaming\dclogs\2013-10-18-6.dc
c:\users\Jelco\AppData\Roaming\dclogs\2013-10-19-7.dc
c:\users\Jelco\AppData\Roaming\dclogs\2013-10-20-1.dc
c:\users\Jelco\AppData\Roaming\dclogs\2013-10-21-2.dc
c:\users\Jelco\AppData\Roaming\Jelcolog.dat
c:\users\Jelco\AppData\Roaming\Microsoft\Windows\appverif.exe
c:\users\Jelco\AppData\Roaming\poclbm120327GeForce GTX 570gv1w256l4.bin
c:\users\Jelco\AppData\Roaming\Windir
c:\windows\SysWow64\frapsvid.dll
c:\windows\wininit.ini
.
.
((((((((((((((((((((   Bestanden Gemaakt van 2013-11-09 to 2013-12-09  ))))))))))))))))))))))))))))))
.
.
2013-12-09 20:56 . 2013-12-09 20:56 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-12-09 20:56 . 2013-12-09 20:56 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-12-09 20:56 . 2013-12-09 20:56 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
2013-12-09 20:56 . 2013-12-09 20:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-12-09 10:10 . 2013-12-09 10:10 -------- d-----w- c:\windows\ERUNT
2013-12-09 10:04 . 2013-12-09 10:05 -------- d-----w- C:\AdwCleaner
2013-12-08 17:31 . 2013-11-08 03:12 10285968 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{15BF1741-15F2-452E-8076-4F31934E89FC}\mpengine.dll
2013-12-07 19:04 . 2013-12-07 19:04 -------- d-----w- C:\FRST
2013-12-07 00:37 . 2013-10-19 16:39 965000 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F17C104C-B0D7-45CF-8843-953E941BDE94}\gapaengine.dll
2013-12-07 00:37 . 2013-11-08 03:12 10285968 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-12-06 21:30 . 2013-12-06 21:41 -------- d-----w- c:\program files (x86)\The Dark Descent
2013-12-06 19:46 . 2013-12-06 19:46 -------- d-----w- c:\programdata\ProductData
2013-12-06 19:46 . 2013-12-06 19:46 -------- d-----w- c:\programdata\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2013-11-28 13:27 . 2013-11-28 13:27 -------- d-----w- c:\users\Jelco\AppData\Local\Logitech® Webcam Software
2013-11-28 13:16 . 2013-11-28 13:16 53248 ----a-r- c:\users\Jelco\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2013-11-28 13:15 . 2013-11-28 13:15 -------- d-----w- c:\programdata\Logitech
2013-11-28 13:15 . 2013-11-28 13:15 -------- d-----w- c:\program files (x86)\Common Files\LWS
2013-11-28 13:15 . 2013-11-28 13:15 -------- d-----w- c:\program files (x86)\Logitech
2013-11-28 13:10 . 2013-11-28 13:10 -------- d-----w- c:\program files\DIFX
2013-11-28 13:10 . 2013-11-28 13:30 -------- d-----w- c:\program files (x86)\Common Files\LogiShrd
2013-11-28 13:09 . 2013-12-07 07:48 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2013-11-28 13:09 . 2013-11-28 13:10 -------- d-----w- c:\programdata\Logishrd
2013-11-28 13:09 . 2013-11-28 13:09 -------- d-----w- c:\program files\Logitech
2013-11-28 13:07 . 2013-11-28 13:10 -------- d-----w- c:\users\Jelco\AppData\Roaming\Logitech
2013-11-28 13:07 . 2013-11-28 13:07 -------- d-----w- c:\users\Jelco\AppData\Roaming\Logishrd
2013-11-27 12:20 . 2013-11-27 12:22 -------- d-----w- c:\users\Jelco\AppData\Roaming\GameMaker-Studio
2013-11-27 12:10 . 2013-11-27 12:30 -------- d-----w- c:\users\Jelco\AppData\Local\GameMaker-Studio
2013-11-27 12:10 . 2013-11-27 12:11 -------- d-----w- c:\users\Jelco\GameMaker-Studio 1.2
2013-11-22 11:49 . 2013-11-22 11:49 197120 ----a-w- c:\windows\system32\credui.dll
2013-11-22 11:49 . 2013-11-22 11:49 1930752 ----a-w- c:\windows\system32\authui.dll
2013-11-22 11:49 . 2013-11-22 11:49 190464 ----a-w- c:\windows\system32\SmartcardCredentialProvider.dll
2013-11-22 11:49 . 2013-11-22 11:49 1796096 ----a-w- c:\windows\SysWow64\authui.dll
2013-11-22 11:49 . 2013-11-22 11:49 168960 ----a-w- c:\windows\SysWow64\credui.dll
2013-11-22 11:49 . 2013-11-22 11:49 152576 ----a-w- c:\windows\SysWow64\SmartcardCredentialProvider.dll
2013-11-16 14:01 . 2013-11-16 14:01 -------- d-----w- c:\programdata\WaLMaRT
2013-11-12 01:59 . 2013-11-12 01:59 -------- d-----w- c:\users\Jelco\AppData\Local\factormystic.net
.
.
.
(((((((((((((((((((((((((((((((((((((((   Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-19 10:21 . 2010-11-21 03:27 267936 ------w- c:\windows\system32\MpSigStub.exe
2013-11-13 17:26 . 2011-09-24 19:37 82896128 ----a-w- c:\windows\system32\MRT.exe
2013-11-08 00:51 . 2013-11-08 00:50 283064 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2013-10-21 16:24 . 2013-10-21 16:24 858032 ----a-w- c:\windows\system32\tossaeapo64.dll
2013-10-21 16:24 . 2013-10-21 16:24 635160 ----a-w- c:\windows\system32\sltech64.dll
2013-10-21 16:24 . 2013-10-21 16:24 569256 ----a-w- c:\windows\system32\tosasfapo64.dll
2013-10-21 16:24 . 2013-10-21 16:24 215320 ----a-w- c:\windows\system32\slprp64.dll
2013-10-21 16:24 . 2013-10-21 16:24 148912 ----a-w- c:\windows\system32\toseaeapo64.dll
2013-10-21 16:24 . 2013-10-21 16:24 834328 ----a-w- c:\windows\system32\slcnt64.dll
2013-10-21 16:24 . 2013-10-21 16:24 528152 ----a-w- c:\windows\system32\sl3apo64.dll
2013-10-21 16:24 . 2013-10-21 16:24 748376 ----a-w- c:\windows\system32\RTKSMSettingsIPC.dll
2013-10-21 16:24 . 2013-10-21 16:24 4819224 ----a-w- c:\windows\system32\RTKSMlfx.dll
2013-10-21 16:24 . 2013-10-21 16:24 613448 ----a-w- c:\windows\system32\RtDataProc64.dll
2013-10-21 16:24 . 2013-10-21 16:24 906800 ----a-w- c:\windows\system32\MISS_APO.dll
2013-10-21 16:24 . 2013-10-21 16:24 3138304 ----a-w- c:\windows\system32\MaxxAudioVnN64.dll
2013-10-21 16:24 . 2013-10-21 16:24 722688 ----a-w- c:\windows\system32\MaxxAudioAPO5064.dll
2013-10-21 16:22 . 2013-10-21 16:22 836544 ----a-w- c:\windows\system32\tadefxapo264.dll
2013-10-21 16:22 . 2013-10-21 16:22 65944 ----a-w- c:\windows\system32\tepeqapo64.dll
2013-10-21 16:22 . 2013-10-21 16:22 148416 ----a-w- c:\windows\system32\tadefxapo.dll
2013-10-21 16:22 . 2013-10-21 16:22 1361336 ----a-w- c:\windows\system32\tosade.dll
2013-10-21 16:22 . 2013-10-21 16:22 81248 ----a-w- c:\windows\system32\SFCOM64.dll
2013-10-21 16:22 . 2013-10-21 16:22 78688 ----a-w- c:\windows\system32\SFAPO64.dll
2013-10-21 16:22 . 2013-10-21 16:22 331880 ----a-w- c:\windows\system32\RtlCPAPI64.dll
2013-10-21 16:22 . 2013-10-21 16:22 221024 ----a-w- c:\windows\system32\SFNHK64.dll
2013-10-21 16:22 . 2013-10-21 16:22 14952 ----a-w- c:\windows\system32\RtkCoLDR64.dll
2013-10-21 16:22 . 2013-10-21 16:22 75024 ----a-w- c:\windows\system32\R4EEG64A.dll
2013-10-21 16:22 . 2013-10-21 16:22 7164176 ----a-w- c:\windows\system32\R4EEP64A.dll
2013-10-21 16:22 . 2013-10-21 16:22 434960 ----a-w- c:\windows\system32\R4EED64A.dll
2013-10-21 16:22 . 2013-10-21 16:22 394616 ----a-w- c:\windows\system32\MaxxVolumeSDAPO.dll
2013-10-21 16:22 . 2013-10-21 16:22 141584 ----a-w- c:\windows\system32\R4EEL64A.dll
2013-10-21 16:22 . 2013-10-21 16:22 1284680 ----a-w- c:\windows\system32\RTCOM64.dll
2013-10-21 16:22 . 2013-10-21 16:22 124176 ----a-w- c:\windows\system32\R4EEA64A.dll
2013-10-21 16:22 . 2013-10-21 16:22 9123608 ----a-w- c:\windows\system32\MaxxAudioVnA64.dll
2013-10-21 16:22 . 2013-10-21 16:22 612728 ----a-w- c:\windows\system32\MaxxAudioAPO4064.dll
2013-10-21 16:22 . 2013-10-21 16:22 603984 ----a-w- c:\windows\system32\KAAPORT64.dll
2013-10-21 16:22 . 2013-10-21 16:22 395208 ----a-w- c:\windows\system32\MaxxAudioAPO30.dll
2013-10-21 16:21 . 2013-10-21 16:21 693352 ----a-w- c:\windows\system32\DTSVoiceClarityDLL64.dll
2013-10-21 16:21 . 2013-10-21 16:21 415688 ----a-w- c:\windows\system32\DTSU2PREC64.dll
2013-10-21 16:21 . 2013-10-21 16:21 712296 ----a-w- c:\windows\system32\DTSSymmetryDLL64.dll
2013-10-21 16:21 . 2013-10-21 16:21 501192 ----a-w- c:\windows\system32\DTSU2PLFX64.dll
2013-10-21 16:21 . 2013-10-21 16:21 487368 ----a-w- c:\windows\system32\DTSU2PGFX64.dll
2013-10-21 16:21 . 2013-10-21 16:21 1756264 ----a-w- c:\windows\system32\DTSS2SpeakerDLL64.dll
2013-10-21 16:21 . 2013-10-21 16:21 728680 ----a-w- c:\windows\system32\DTSBassEnhancementDLL64.dll
2013-10-21 16:21 . 2013-10-21 16:21 491112 ----a-w- c:\windows\system32\DTSNeoPCDLL64.dll
2013-10-21 16:21 . 2013-10-21 16:21 432744 ----a-w- c:\windows\system32\DTSLimiterDLL64.dll
2013-10-21 16:21 . 2013-10-21 16:21 428648 ----a-w- c:\windows\system32\DTSGainCompensatorDLL64.dll
2013-10-21 16:21 . 2013-10-21 16:21 242792 ----a-w- c:\windows\system32\DTSLFXAPO64.dll
2013-10-21 16:21 . 2013-10-21 16:21 242792 ----a-w- c:\windows\system32\DTSGFXAPO64.dll
2013-10-21 16:21 . 2013-10-21 16:21 241768 ----a-w- c:\windows\system32\DTSGFXAPONS64.dll
2013-10-21 16:21 . 2013-10-21 16:21 208072 ----a-w- c:\windows\system32\AERTAC64.dll
2013-10-21 16:21 . 2013-10-21 16:21 1568360 ----a-w- c:\windows\system32\DTSS2HeadphoneDLL64.dll
2013-10-21 16:21 . 2013-10-21 16:21 1486952 ----a-w- c:\windows\system32\DTSBoostDLL64.dll
2013-10-21 16:21 . 2013-10-21 16:21 110592 ----a-w- c:\windows\system32\CONEQMSAPOGUILibrary.dll
2013-10-21 16:21 . 2013-10-21 16:21 108640 ----a-w- c:\windows\system32\AERTAR64.dll
2013-10-21 16:20 . 2013-10-21 16:20 31672 ----a-w- c:\windows\system32\nvhdap64.dll
2013-10-21 16:20 . 2013-10-21 16:20 194488 ----a-w- c:\windows\system32\drivers\nvhda64v.sys
2013-10-21 16:20 . 2012-04-27 08:02 1510328 ----a-w- c:\windows\system32\nvhdagenco6420103.dll
2013-10-21 16:19 . 2013-10-21 16:19 883928 ----a-w- c:\windows\system32\drivers\Rt64win7.sys
2013-10-21 16:19 . 2013-10-21 16:19 74456 ----a-w- c:\windows\system32\RtNicProp64.dll
2013-10-21 16:19 . 2013-07-30 20:52 108760 ----a-w- c:\windows\system32\RTNUninst64.dll
2013-10-21 16:16 . 2013-10-21 16:16 925648 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2013-10-21 16:16 . 2013-10-21 16:16 7641832 ----a-w- c:\windows\system32\nvopencl.dll
2013-10-21 16:16 . 2013-02-25 22:32 6324360 ----a-w- c:\windows\SysWow64\nvopencl.dll
2013-10-21 16:16 . 2013-02-25 22:32 1059560 ----a-w- c:\windows\system32\nvumdshimx.dll
2013-10-21 16:16 . 2013-02-25 22:32 15920536 ----a-w- c:\windows\system32\nvwgf2umx.dll
2013-10-21 16:16 . 2013-02-25 22:32 13411896 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2013-10-21 16:16 . 2013-10-21 16:16 572704 ----a-w- c:\windows\system32\NvFBC64.dll
2013-10-21 16:16 . 2013-10-21 16:16 570656 ----a-w- c:\windows\system32\NvIFR64.dll
2013-10-21 16:16 . 2013-10-21 16:16 467232 ----a-w- c:\windows\SysWow64\NvIFR.dll
2013-10-21 16:16 . 2013-10-21 16:16 465184 ----a-w- c:\windows\SysWow64\NvFBC.dll
2013-10-21 16:16 . 2013-10-21 16:16 27781920 ----a-w- c:\windows\system32\nvoglv64.dll
2013-10-21 16:16 . 2013-10-21 16:16 266448 ----a-w- c:\windows\system32\nvinitx.dll
2013-10-21 16:16 . 2013-10-21 16:16 218592 ----a-w- c:\windows\system32\nvoglshim64.dll
2013-10-21 16:16 . 2013-10-21 16:16 214448 ----a-w- c:\windows\SysWow64\nvinit.dll
2013-10-21 16:16 . 2013-10-21 16:16 21102368 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2013-10-21 16:16 . 2013-10-21 16:16 1832224 ----a-w- c:\windows\system32\nvdispco6432049.dll
2013-10-21 16:16 . 2013-10-21 16:16 181488 ----a-w- c:\windows\SysWow64\nvoglshim32.dll
2013-10-21 16:16 . 2013-10-21 16:16 15144928 ----a-w- c:\windows\system32\nvd3dumx.dll
2013-10-21 16:16 . 2013-10-21 16:16 1511712 ----a-w- c:\windows\system32\nvdispgenco6432049.dll
2013-10-21 16:16 . 2013-10-21 16:16 11235104 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2013-10-21 16:16 . 2013-02-25 22:32 12427240 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2013-10-21 16:16 . 2013-10-21 16:16 9239344 ----a-w- c:\windows\system32\nvcuda.dll
2013-10-21 16:16 . 2013-10-21 16:16 7687592 ----a-w- c:\windows\SysWow64\nvcuda.dll
2013-10-21 16:16 . 2013-10-21 16:16 2953504 ----a-w- c:\windows\system32\nvcuvid.dll
2013-10-21 16:16 . 2013-10-21 16:16 2777888 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2013-10-21 16:16 . 2013-10-21 16:16 2363680 ----a-w- c:\windows\system32\nvcuvenc.dll
2013-10-21 16:16 . 2013-10-21 16:16 2002720 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2013-10-21 16:16 . 2013-10-21 16:16 25256224 ----a-w- c:\windows\system32\nvcompiler.dll
2013-10-21 16:16 . 2013-10-21 16:16 17560352 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2013-10-21 16:16 . 2013-02-25 22:32 2597856 ----a-w- c:\windows\SysWow64\nvapi.dll
2013-10-21 16:16 . 2013-02-25 22:32 2936208 ----a-w- c:\windows\system32\nvapi64.dll
2013-10-21 15:59 . 2013-10-21 15:59 81920 ----a-w- c:\windows\SysWow64\davclnt.dll
2013-10-21 15:59 . 2013-10-21 15:59 259584 ----a-w- c:\windows\system32\WebClnt.dll
2013-10-21 15:59 . 2013-10-21 15:59 205824 ----a-w- c:\windows\SysWow64\WebClnt.dll
2013-10-21 15:59 . 2013-10-21 15:59 140800 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2013-10-21 15:59 . 2013-10-21 15:59 102400 ----a-w- c:\windows\system32\davclnt.dll
2013-10-21 15:58 . 2013-10-21 15:58 878080 ----a-w- c:\windows\system32\advapi32.dll
2013-10-21 15:58 . 2013-10-21 15:58 859648 ----a-w- c:\windows\system32\tdh.dll
2013-10-21 15:58 . 2013-10-21 15:58 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-10-21 15:58 . 2013-10-21 15:58 640512 ----a-w- c:\windows\SysWow64\advapi32.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Opstartpunten   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"flashupdate"="\.exeFalse" [X]
"Akamai NetSession Interface"="c:\users\Jelco\AppData\Local\Akamai\netsession_win.exe" [2013-06-04 4489472]
"ISUSPM Startup"="c:\program files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]
"F.lux"="c:\users\Jelco\AppData\Local\FluxSoftware\Flux\flux.exe" [2013-10-15 1016712]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-10-28 3675352]
"Advanced SystemCare 7"="c:\program files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe" [2013-10-28 2283296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
.
c:\users\Jelco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech . Productregistratie.lnk - c:\program files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe /remind /language=NLD /_WFM="." [2009-11-16 517384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_Dlls"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
R3 DIRECTIO;DIRECTIO;c:\program files\PerformanceTest\DirectIo64.sys;c:\program files\PerformanceTest\DirectIo64.sys [x]
R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [x]
R3 GPU-Z;GPU-Z;c:\users\Jelco\AppData\Local\Temp\GPU-Z.sys;c:\users\Jelco\AppData\Local\Temp\GPU-Z.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
R3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\DRIVERS\LVUSBS64.sys;c:\windows\SYSNATIVE\DRIVERS\LVUSBS64.sys [x]
R3 LVUVC64;Logitech HD Webcam C270(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RegFilter;RegFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [x]
R3 RivaTuner64;RivaTuner64;c:\program files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys;c:\program files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [x]
R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys;c:\windows\SYSNATIVE\DRIVERS\RtTeam60.sys [x]
R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan60.sys;c:\windows\SYSNATIVE\DRIVERS\RtVlan60.sys [x]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2013.SP5\RpcAgentSrv.exe;c:\program files\SiSoftware\SiSoftware Sandra Lite 2013.SP5\RpcAgentSrv.exe [x]
R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys;c:\windows\SYSNATIVE\DRIVERS\RtTeam60.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 UrlFilter;UrlFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 usj;usj;c:\aeriagames\EdenEternal\avital\ussjcs64.sys;c:\aeriagames\EdenEternal\avital\ussjcs64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 FileMonitor;FileMonitor;c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys;c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 AdvancedSystemCareService7;Advanced SystemCare Service 7;c:\program files (x86)\IObit\Advanced SystemCare 7\ASCService.exe;c:\program files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 Faceless;Faceless;c:\users\Jelco\AppData\Roaming\Faceless LLC\Faceless Internet Connection\FacelessService.exe;c:\users\Jelco\AppData\Roaming\Faceless LLC\Faceless Internet Connection\FacelessService.exe [x]
S2 IMFservice;IMF Service;c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe;c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [x]
S2 LiveUpdateSvc;LiveUpdate;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe [x]
S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys;c:\windows\SYSNATIVE\DRIVERS\RtNdPt60.sys [x]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
S3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ   Akamai
apphost REG_MULTI_SZ   apphostsvc
iissvcs REG_MULTI_SZ   w3svc was
.
Inhoud van de 'Gedeelde Taken' map
.
2013-12-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 23:27]
.
2013-12-09 c:\windows\Tasks\FreeFileViewerUpdateChecker.job
- c:\program files (x86)\FreeFileViewer\FFVCheckForUpdates.exe [2012-09-03 13:24]
.
2013-12-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-17 22:28]
.
2013-12-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-17 22:28]
.
2013-12-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3885245257-1654512441-2441933306-1000Core.job
- c:\users\Jelco\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-07 17:19]
.
2013-12-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3885245257-1654512441-2441933306-1000UA.job
- c:\users\Jelco\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-07 17:19]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
2013-12-06 19:46 2486592 ----a-w- c:\program files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 1266912]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-04-10 13519432]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
.
------- Bijkomende Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://nl.search.yahoo.com/?type=198484&fr=spigot-yhp-ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = 66.146.193.31:80
uInternet Settings,ProxyOverride = *.local;<local>
uSearchAssistant = hxxp://www.google.com
IE: Free YouTube Download - c:\users\Jelco\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 212.54.40.25 212.54.35.25
FF - ProfilePath - c:\users\Jelco\AppData\Roaming\Mozilla\Firefox\Profiles\wtsx8lr0.default\
FF - prefs.js: browser.startup.homepage - hxxp://nl.search.yahoo.com/?type=198484&fr=spigot-yhp-ff
FF - ExtSQL: 2013-12-06 20:45; {58d2a791-6199-482f-a9aa-9b725ec61362}; c:\users\Jelco\AppData\Roaming\Mozilla\Firefox\Profiles\wtsx8lr0.default\extensions\{58d2a791-6199-482f-a9aa-9b725ec61362}
FF - ExtSQL: 2013-12-06 21:46; ascsurfingprotection@iobit.com; c:\users\Jelco\AppData\Roaming\Mozilla\Firefox\Profiles\wtsx8lr0.default\extensions\ascsurfingprotection@iobit.com
.
- - - - ORPHANS VERWIJDERD - - - -
.
URLSearchHooks-{87775fdb-6972-41f9-ae51-8326e38cb206} - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKU-Default-Run-Advanced SystemCare 6 - c:\program files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe
SafeBoot-SolutoService
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
AddRemove-Baldur's Gate & Tales of the Sword Coast - c:\program files (x86)\Black Isle\Baldur's Gate\Uninst.isu
AddRemove-NVIDIA StereoUSB Driver - c:\program files (x86)\InstallShield Installation Information\{714B9C6C-70FC-4750-98E2-61520B906C45}\setup.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-Terra Nova mod - c:\program files (x86)\Paradox Interactive\Europa Universalis III\TN mod Uninstal.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll"
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,70,04,ee,04,ac,50,72,42,aa,47,97,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,70,04,ee,04,ac,50,72,42,aa,47,97,\
.
[HKEY_USERS\S-1-5-21-3885245257-1654512441-2441933306-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:aa,9c,ae,71,22,8d,c1,af,54,41,b5,78,9d,7f,a1,49,14,53,34,0c,4c,43,59,
   b4,c0,fc,c2,74,af,e9,cd,a1,03,a9,fe,6c,89,4a,d9,a6,65,3e,02,cb,60,68,8b,c6,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
.
[HKEY_USERS\S-1-5-21-3885245257-1654512441-2441933306-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:6c,c5,32,cb,98,02,99,61,7c,15,8c,e2,0b,67,55,a6,65,22,b1,77,b1,
   2c,35,4d,67,1e,3a,4f,7d,c4,fe,46,8a,4b,61,7d,6d,e8,f7,06,3d,d0,ff,6c,b4,0d,\
"rkeysecu"=hex:09,f8,c2,50,d5,e9,2f,8c,db,ed,2d,ba,1c,08,7b,2a
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Voltooingstijd: 2013-12-09  22:04:00 - machine werd herstart
ComboFix-quarantined-files.txt  2013-12-09 21:04
.
Pre-Run: 537.421.488.128 bytes beschikbaar
Post-Run: 537.191.997.440 bytes beschikbaar
.
- - End Of File - - D59F90FA2F4A0B4BC57761AA4D1926E9
A36C5E4F47E84449FF07ED3517B43A31


#9 jackjohn

jackjohn
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:27 AM

Posted 09 December 2013 - 04:11 PM

No problems up till now, and the computer is running faster. It definitely feels more responsive, could be better though.



#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:27 AM

Posted 09 December 2013 - 08:24 PM


Hello jackjohn

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

DDS::
uStart Page = hxxp://nl.search.yahoo.com/?type=198484&fr=spigot-yhp-ie

Firefox::
FF - ProfilePath - c:\users\Jelco\AppData\Roaming\Mozilla\Firefox\Profiles\wtsx8lr0.default\ 
FF - prefs.js: browser.startup.homepage - hxxp://nl.search.yahoo.com/?type=198484&fr=spigot-yhp-ff

 
Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe
CFScriptB-4.gif
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
    • report from Combofix
    • let me know of any problems you may have had
    • How is the computer doing now after running the script?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 jackjohn

jackjohn
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:27 AM

Posted 09 December 2013 - 09:23 PM

ComboFix 13-12-08.01 - Jelco 10-12-2013   3:07.3.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.31.1043.18.8173.6176 [GMT 1:00]
Gestart vanuit: c:\users\Jelco\Desktop\ComboFix.exe
gebruikte Opdracht switches :: c:\users\Jelco\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Nieuw herstelpunt werd aangemaakt
.
.
((((((((((((((((((((((((((((((((((   Andere Verwijderingen   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Jelco\AppData\Local\Temp\sfamcc00001.dll
c:\users\Jelco\AppData\Local\Temp\sfareca00001.dll
.
.
((((((((((((((((((((   Bestanden Gemaakt van 2013-11-10 to 2013-12-10  ))))))))))))))))))))))))))))))
.
.
2013-12-10 02:13 . 2013-12-10 02:13 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-12-10 02:13 . 2013-12-10 02:13 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-12-10 02:13 . 2013-12-10 02:13 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
2013-12-10 02:13 . 2013-12-10 02:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-12-09 10:10 . 2013-12-09 10:10 -------- d-----w- c:\windows\ERUNT
2013-12-09 10:04 . 2013-12-09 10:05 -------- d-----w- C:\AdwCleaner
2013-12-08 17:31 . 2013-11-08 03:12 10285968 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{15BF1741-15F2-452E-8076-4F31934E89FC}\mpengine.dll
2013-12-07 19:04 . 2013-12-07 19:04 -------- d-----w- C:\FRST
2013-12-07 00:37 . 2013-10-19 16:39 965000 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F17C104C-B0D7-45CF-8843-953E941BDE94}\gapaengine.dll
2013-12-07 00:37 . 2013-11-08 03:12 10285968 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-12-06 21:30 . 2013-12-06 21:41 -------- d-----w- c:\program files (x86)\The Dark Descent
2013-12-06 19:46 . 2013-12-06 19:46 -------- d-----w- c:\programdata\ProductData
2013-12-06 19:46 . 2013-12-06 19:46 -------- d-----w- c:\programdata\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2013-11-28 13:27 . 2013-11-28 13:27 -------- d-----w- c:\users\Jelco\AppData\Local\Logitech® Webcam Software
2013-11-28 13:16 . 2013-11-28 13:16 53248 ----a-r- c:\users\Jelco\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2013-11-28 13:15 . 2013-11-28 13:15 -------- d-----w- c:\programdata\Logitech
2013-11-28 13:15 . 2013-11-28 13:15 -------- d-----w- c:\program files (x86)\Common Files\LWS
2013-11-28 13:15 . 2013-11-28 13:15 -------- d-----w- c:\program files (x86)\Logitech
2013-11-28 13:10 . 2013-11-28 13:10 -------- d-----w- c:\program files\DIFX
2013-11-28 13:10 . 2013-11-28 13:30 -------- d-----w- c:\program files (x86)\Common Files\LogiShrd
2013-11-28 13:09 . 2013-12-07 07:48 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2013-11-28 13:09 . 2013-11-28 13:10 -------- d-----w- c:\programdata\Logishrd
2013-11-28 13:09 . 2013-11-28 13:09 -------- d-----w- c:\program files\Logitech
2013-11-28 13:07 . 2013-11-28 13:10 -------- d-----w- c:\users\Jelco\AppData\Roaming\Logitech
2013-11-28 13:07 . 2013-11-28 13:07 -------- d-----w- c:\users\Jelco\AppData\Roaming\Logishrd
2013-11-27 12:20 . 2013-11-27 12:22 -------- d-----w- c:\users\Jelco\AppData\Roaming\GameMaker-Studio
2013-11-27 12:10 . 2013-11-27 12:30 -------- d-----w- c:\users\Jelco\AppData\Local\GameMaker-Studio
2013-11-27 12:10 . 2013-11-27 12:11 -------- d-----w- c:\users\Jelco\GameMaker-Studio 1.2
2013-11-22 11:49 . 2013-11-22 11:49 197120 ----a-w- c:\windows\system32\credui.dll
2013-11-22 11:49 . 2013-11-22 11:49 1930752 ----a-w- c:\windows\system32\authui.dll
2013-11-22 11:49 . 2013-11-22 11:49 190464 ----a-w- c:\windows\system32\SmartcardCredentialProvider.dll
2013-11-22 11:49 . 2013-11-22 11:49 1796096 ----a-w- c:\windows\SysWow64\authui.dll
2013-11-22 11:49 . 2013-11-22 11:49 168960 ----a-w- c:\windows\SysWow64\credui.dll
2013-11-22 11:49 . 2013-11-22 11:49 152576 ----a-w- c:\windows\SysWow64\SmartcardCredentialProvider.dll
2013-11-16 14:01 . 2013-11-16 14:01 -------- d-----w- c:\programdata\WaLMaRT
2013-11-12 01:59 . 2013-11-12 01:59 -------- d-----w- c:\users\Jelco\AppData\Local\factormystic.net
.
.
.
(((((((((((((((((((((((((((((((((((((((   Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-19 10:21 . 2010-11-21 03:27 267936 ------w- c:\windows\system32\MpSigStub.exe
2013-11-13 17:26 . 2011-09-24 19:37 82896128 ----a-w- c:\windows\system32\MRT.exe
2013-11-08 00:51 . 2013-11-08 00:50 283064 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2013-10-21 16:24 . 2013-10-21 16:24 858032 ----a-w- c:\windows\system32\tossaeapo64.dll
2013-10-21 16:24 . 2013-10-21 16:24 635160 ----a-w- c:\windows\system32\sltech64.dll
2013-10-21 16:24 . 2013-10-21 16:24 569256 ----a-w- c:\windows\system32\tosasfapo64.dll
2013-10-21 16:24 . 2013-10-21 16:24 215320 ----a-w- c:\windows\system32\slprp64.dll
2013-10-21 16:24 . 2013-10-21 16:24 148912 ----a-w- c:\windows\system32\toseaeapo64.dll
2013-10-21 16:24 . 2013-10-21 16:24 834328 ----a-w- c:\windows\system32\slcnt64.dll
2013-10-21 16:24 . 2013-10-21 16:24 528152 ----a-w- c:\windows\system32\sl3apo64.dll
2013-10-21 16:24 . 2013-10-21 16:24 748376 ----a-w- c:\windows\system32\RTKSMSettingsIPC.dll
2013-10-21 16:24 . 2013-10-21 16:24 4819224 ----a-w- c:\windows\system32\RTKSMlfx.dll
2013-10-21 16:24 . 2013-10-21 16:24 613448 ----a-w- c:\windows\system32\RtDataProc64.dll
2013-10-21 16:24 . 2013-10-21 16:24 906800 ----a-w- c:\windows\system32\MISS_APO.dll
2013-10-21 16:24 . 2013-10-21 16:24 3138304 ----a-w- c:\windows\system32\MaxxAudioVnN64.dll
2013-10-21 16:24 . 2013-10-21 16:24 722688 ----a-w- c:\windows\system32\MaxxAudioAPO5064.dll
2013-10-21 16:22 . 2013-10-21 16:22 836544 ----a-w- c:\windows\system32\tadefxapo264.dll
2013-10-21 16:22 . 2013-10-21 16:22 65944 ----a-w- c:\windows\system32\tepeqapo64.dll
2013-10-21 16:22 . 2013-10-21 16:22 148416 ----a-w- c:\windows\system32\tadefxapo.dll
2013-10-21 16:22 . 2013-10-21 16:22 1361336 ----a-w- c:\windows\system32\tosade.dll
2013-10-21 16:22 . 2013-10-21 16:22 81248 ----a-w- c:\windows\system32\SFCOM64.dll
2013-10-21 16:22 . 2013-10-21 16:22 78688 ----a-w- c:\windows\system32\SFAPO64.dll
2013-10-21 16:22 . 2013-10-21 16:22 331880 ----a-w- c:\windows\system32\RtlCPAPI64.dll
2013-10-21 16:22 . 2013-10-21 16:22 221024 ----a-w- c:\windows\system32\SFNHK64.dll
2013-10-21 16:22 . 2013-10-21 16:22 14952 ----a-w- c:\windows\system32\RtkCoLDR64.dll
2013-10-21 16:22 . 2013-10-21 16:22 75024 ----a-w- c:\windows\system32\R4EEG64A.dll
2013-10-21 16:22 . 2013-10-21 16:22 7164176 ----a-w- c:\windows\system32\R4EEP64A.dll
2013-10-21 16:22 . 2013-10-21 16:22 434960 ----a-w- c:\windows\system32\R4EED64A.dll
2013-10-21 16:22 . 2013-10-21 16:22 394616 ----a-w- c:\windows\system32\MaxxVolumeSDAPO.dll
2013-10-21 16:22 . 2013-10-21 16:22 141584 ----a-w- c:\windows\system32\R4EEL64A.dll
2013-10-21 16:22 . 2013-10-21 16:22 1284680 ----a-w- c:\windows\system32\RTCOM64.dll
2013-10-21 16:22 . 2013-10-21 16:22 124176 ----a-w- c:\windows\system32\R4EEA64A.dll
2013-10-21 16:22 . 2013-10-21 16:22 9123608 ----a-w- c:\windows\system32\MaxxAudioVnA64.dll
2013-10-21 16:22 . 2013-10-21 16:22 612728 ----a-w- c:\windows\system32\MaxxAudioAPO4064.dll
2013-10-21 16:22 . 2013-10-21 16:22 603984 ----a-w- c:\windows\system32\KAAPORT64.dll
2013-10-21 16:22 . 2013-10-21 16:22 395208 ----a-w- c:\windows\system32\MaxxAudioAPO30.dll
2013-10-21 16:21 . 2013-10-21 16:21 693352 ----a-w- c:\windows\system32\DTSVoiceClarityDLL64.dll
2013-10-21 16:21 . 2013-10-21 16:21 415688 ----a-w- c:\windows\system32\DTSU2PREC64.dll
2013-10-21 16:21 . 2013-10-21 16:21 712296 ----a-w- c:\windows\system32\DTSSymmetryDLL64.dll
2013-10-21 16:21 . 2013-10-21 16:21 501192 ----a-w- c:\windows\system32\DTSU2PLFX64.dll
2013-10-21 16:21 . 2013-10-21 16:21 487368 ----a-w- c:\windows\system32\DTSU2PGFX64.dll
2013-10-21 16:21 . 2013-10-21 16:21 1756264 ----a-w- c:\windows\system32\DTSS2SpeakerDLL64.dll
2013-10-21 16:21 . 2013-10-21 16:21 728680 ----a-w- c:\windows\system32\DTSBassEnhancementDLL64.dll
2013-10-21 16:21 . 2013-10-21 16:21 491112 ----a-w- c:\windows\system32\DTSNeoPCDLL64.dll
2013-10-21 16:21 . 2013-10-21 16:21 432744 ----a-w- c:\windows\system32\DTSLimiterDLL64.dll
2013-10-21 16:21 . 2013-10-21 16:21 428648 ----a-w- c:\windows\system32\DTSGainCompensatorDLL64.dll
2013-10-21 16:21 . 2013-10-21 16:21 242792 ----a-w- c:\windows\system32\DTSLFXAPO64.dll
2013-10-21 16:21 . 2013-10-21 16:21 242792 ----a-w- c:\windows\system32\DTSGFXAPO64.dll
2013-10-21 16:21 . 2013-10-21 16:21 241768 ----a-w- c:\windows\system32\DTSGFXAPONS64.dll
2013-10-21 16:21 . 2013-10-21 16:21 208072 ----a-w- c:\windows\system32\AERTAC64.dll
2013-10-21 16:21 . 2013-10-21 16:21 1568360 ----a-w- c:\windows\system32\DTSS2HeadphoneDLL64.dll
2013-10-21 16:21 . 2013-10-21 16:21 1486952 ----a-w- c:\windows\system32\DTSBoostDLL64.dll
2013-10-21 16:21 . 2013-10-21 16:21 110592 ----a-w- c:\windows\system32\CONEQMSAPOGUILibrary.dll
2013-10-21 16:21 . 2013-10-21 16:21 108640 ----a-w- c:\windows\system32\AERTAR64.dll
2013-10-21 16:20 . 2013-10-21 16:20 31672 ----a-w- c:\windows\system32\nvhdap64.dll
2013-10-21 16:20 . 2013-10-21 16:20 194488 ----a-w- c:\windows\system32\drivers\nvhda64v.sys
2013-10-21 16:20 . 2012-04-27 08:02 1510328 ----a-w- c:\windows\system32\nvhdagenco6420103.dll
2013-10-21 16:19 . 2013-10-21 16:19 883928 ----a-w- c:\windows\system32\drivers\Rt64win7.sys
2013-10-21 16:19 . 2013-10-21 16:19 74456 ----a-w- c:\windows\system32\RtNicProp64.dll
2013-10-21 16:19 . 2013-07-30 20:52 108760 ----a-w- c:\windows\system32\RTNUninst64.dll
2013-10-21 16:16 . 2013-10-21 16:16 925648 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2013-10-21 16:16 . 2013-10-21 16:16 7641832 ----a-w- c:\windows\system32\nvopencl.dll
2013-10-21 16:16 . 2013-02-25 22:32 6324360 ----a-w- c:\windows\SysWow64\nvopencl.dll
2013-10-21 16:16 . 2013-02-25 22:32 1059560 ----a-w- c:\windows\system32\nvumdshimx.dll
2013-10-21 16:16 . 2013-02-25 22:32 15920536 ----a-w- c:\windows\system32\nvwgf2umx.dll
2013-10-21 16:16 . 2013-02-25 22:32 13411896 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2013-10-21 16:16 . 2013-10-21 16:16 572704 ----a-w- c:\windows\system32\NvFBC64.dll
2013-10-21 16:16 . 2013-10-21 16:16 570656 ----a-w- c:\windows\system32\NvIFR64.dll
2013-10-21 16:16 . 2013-10-21 16:16 467232 ----a-w- c:\windows\SysWow64\NvIFR.dll
2013-10-21 16:16 . 2013-10-21 16:16 465184 ----a-w- c:\windows\SysWow64\NvFBC.dll
2013-10-21 16:16 . 2013-10-21 16:16 27781920 ----a-w- c:\windows\system32\nvoglv64.dll
2013-10-21 16:16 . 2013-10-21 16:16 266448 ----a-w- c:\windows\system32\nvinitx.dll
2013-10-21 16:16 . 2013-10-21 16:16 218592 ----a-w- c:\windows\system32\nvoglshim64.dll
2013-10-21 16:16 . 2013-10-21 16:16 214448 ----a-w- c:\windows\SysWow64\nvinit.dll
2013-10-21 16:16 . 2013-10-21 16:16 21102368 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2013-10-21 16:16 . 2013-10-21 16:16 1832224 ----a-w- c:\windows\system32\nvdispco6432049.dll
2013-10-21 16:16 . 2013-10-21 16:16 181488 ----a-w- c:\windows\SysWow64\nvoglshim32.dll
2013-10-21 16:16 . 2013-10-21 16:16 15144928 ----a-w- c:\windows\system32\nvd3dumx.dll
2013-10-21 16:16 . 2013-10-21 16:16 1511712 ----a-w- c:\windows\system32\nvdispgenco6432049.dll
2013-10-21 16:16 . 2013-10-21 16:16 11235104 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2013-10-21 16:16 . 2013-02-25 22:32 12427240 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2013-10-21 16:16 . 2013-10-21 16:16 9239344 ----a-w- c:\windows\system32\nvcuda.dll
2013-10-21 16:16 . 2013-10-21 16:16 7687592 ----a-w- c:\windows\SysWow64\nvcuda.dll
2013-10-21 16:16 . 2013-10-21 16:16 2953504 ----a-w- c:\windows\system32\nvcuvid.dll
2013-10-21 16:16 . 2013-10-21 16:16 2777888 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2013-10-21 16:16 . 2013-10-21 16:16 2363680 ----a-w- c:\windows\system32\nvcuvenc.dll
2013-10-21 16:16 . 2013-10-21 16:16 2002720 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2013-10-21 16:16 . 2013-10-21 16:16 25256224 ----a-w- c:\windows\system32\nvcompiler.dll
2013-10-21 16:16 . 2013-10-21 16:16 17560352 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2013-10-21 16:16 . 2013-02-25 22:32 2597856 ----a-w- c:\windows\SysWow64\nvapi.dll
2013-10-21 16:16 . 2013-02-25 22:32 2936208 ----a-w- c:\windows\system32\nvapi64.dll
2013-10-21 15:59 . 2013-10-21 15:59 81920 ----a-w- c:\windows\SysWow64\davclnt.dll
2013-10-21 15:59 . 2013-10-21 15:59 259584 ----a-w- c:\windows\system32\WebClnt.dll
2013-10-21 15:59 . 2013-10-21 15:59 205824 ----a-w- c:\windows\SysWow64\WebClnt.dll
2013-10-21 15:59 . 2013-10-21 15:59 140800 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2013-10-21 15:59 . 2013-10-21 15:59 102400 ----a-w- c:\windows\system32\davclnt.dll
2013-10-21 15:58 . 2013-10-21 15:58 878080 ----a-w- c:\windows\system32\advapi32.dll
2013-10-21 15:58 . 2013-10-21 15:58 859648 ----a-w- c:\windows\system32\tdh.dll
2013-10-21 15:58 . 2013-10-21 15:58 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-10-21 15:58 . 2013-10-21 15:58 640512 ----a-w- c:\windows\SysWow64\advapi32.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Opstartpunten   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"flashupdate"="\.exeFalse" [X]
"Akamai NetSession Interface"="c:\users\Jelco\AppData\Local\Akamai\netsession_win.exe" [2013-06-04 4489472]
"ISUSPM Startup"="c:\program files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]
"F.lux"="c:\users\Jelco\AppData\Local\FluxSoftware\Flux\flux.exe" [2013-10-15 1016712]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-10-28 3675352]
"Advanced SystemCare 7"="c:\program files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe" [2013-10-28 2283296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
.
c:\users\Jelco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech . Productregistratie.lnk - c:\program files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe /remind /language=NLD /_WFM="." [2009-11-16 517384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_Dlls"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
R3 DIRECTIO;DIRECTIO;c:\program files\PerformanceTest\DirectIo64.sys;c:\program files\PerformanceTest\DirectIo64.sys [x]
R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [x]
R3 GPU-Z;GPU-Z;c:\users\Jelco\AppData\Local\Temp\GPU-Z.sys;c:\users\Jelco\AppData\Local\Temp\GPU-Z.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
R3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\DRIVERS\LVUSBS64.sys;c:\windows\SYSNATIVE\DRIVERS\LVUSBS64.sys [x]
R3 LVUVC64;Logitech HD Webcam C270(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RegFilter;RegFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [x]
R3 RivaTuner64;RivaTuner64;c:\program files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys;c:\program files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [x]
R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys;c:\windows\SYSNATIVE\DRIVERS\RtTeam60.sys [x]
R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan60.sys;c:\windows\SYSNATIVE\DRIVERS\RtVlan60.sys [x]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2013.SP5\RpcAgentSrv.exe;c:\program files\SiSoftware\SiSoftware Sandra Lite 2013.SP5\RpcAgentSrv.exe [x]
R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys;c:\windows\SYSNATIVE\DRIVERS\RtTeam60.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 UrlFilter;UrlFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 usj;usj;c:\aeriagames\EdenEternal\avital\ussjcs64.sys;c:\aeriagames\EdenEternal\avital\ussjcs64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 FileMonitor;FileMonitor;c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys;c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 AdvancedSystemCareService7;Advanced SystemCare Service 7;c:\program files (x86)\IObit\Advanced SystemCare 7\ASCService.exe;c:\program files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 Faceless;Faceless;c:\users\Jelco\AppData\Roaming\Faceless LLC\Faceless Internet Connection\FacelessService.exe;c:\users\Jelco\AppData\Roaming\Faceless LLC\Faceless Internet Connection\FacelessService.exe [x]
S2 IMFservice;IMF Service;c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe;c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [x]
S2 LiveUpdateSvc;LiveUpdate;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe [x]
S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys;c:\windows\SYSNATIVE\DRIVERS\RtNdPt60.sys [x]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
S3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ   Akamai
apphost REG_MULTI_SZ   apphostsvc
iissvcs REG_MULTI_SZ   w3svc was
.
Inhoud van de 'Gedeelde Taken' map
.
2013-12-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 23:27]
.
2013-12-10 c:\windows\Tasks\FreeFileViewerUpdateChecker.job
- c:\program files (x86)\FreeFileViewer\FFVCheckForUpdates.exe [2012-09-03 13:24]
.
2013-12-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-17 22:28]
.
2013-12-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-17 22:28]
.
2013-12-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3885245257-1654512441-2441933306-1000Core.job
- c:\users\Jelco\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-07 17:19]
.
2013-12-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3885245257-1654512441-2441933306-1000UA.job
- c:\users\Jelco\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-07 17:19]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
2013-12-06 19:46 2486592 ----a-w- c:\program files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 1266912]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-04-10 13519432]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
.
------- Bijkomende Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://nl.search.yahoo.com/?type=198484&fr=spigot-yhp-ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = 66.146.193.31:80
uInternet Settings,ProxyOverride = *.local;<local>
uSearchAssistant = hxxp://www.google.com
IE: Free YouTube Download - c:\users\Jelco\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 212.54.40.25 212.54.35.25
FF - ProfilePath - c:\users\Jelco\AppData\Roaming\Mozilla\Firefox\Profiles\wtsx8lr0.default\
FF - prefs.js: browser.startup.homepage - hxxp://nl.search.yahoo.com/?type=198484&fr=spigot-yhp-ff
FF - ExtSQL: 2013-12-06 20:45; {58d2a791-6199-482f-a9aa-9b725ec61362}; c:\users\Jelco\AppData\Roaming\Mozilla\Firefox\Profiles\wtsx8lr0.default\extensions\{58d2a791-6199-482f-a9aa-9b725ec61362}
FF - ExtSQL: 2013-12-06 21:46; ascsurfingprotection@iobit.com; c:\users\Jelco\AppData\Roaming\Mozilla\Firefox\Profiles\wtsx8lr0.default\extensions\ascsurfingprotection@iobit.com
.
- - - - ORPHANS VERWIJDERD - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
AddRemove-Baldur's Gate & Tales of the Sword Coast - c:\program files (x86)\Black Isle\Baldur's Gate\Uninst.isu
AddRemove-NVIDIA StereoUSB Driver - c:\program files (x86)\InstallShield Installation Information\{714B9C6C-70FC-4750-98E2-61520B906C45}\setup.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll"
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,70,04,ee,04,ac,50,72,42,aa,47,97,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,70,04,ee,04,ac,50,72,42,aa,47,97,\
.
[HKEY_USERS\S-1-5-21-3885245257-1654512441-2441933306-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:aa,9c,ae,71,22,8d,c1,af,54,41,b5,78,9d,7f,a1,49,14,53,34,0c,4c,43,59,
   b4,c0,fc,c2,74,af,e9,cd,a1,03,a9,fe,6c,89,4a,d9,a6,65,3e,02,cb,60,68,8b,c6,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
.
[HKEY_USERS\S-1-5-21-3885245257-1654512441-2441933306-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:6c,c5,32,cb,98,02,99,61,7c,15,8c,e2,0b,67,55,a6,65,22,b1,77,b1,
   2c,35,4d,67,1e,3a,4f,7d,c4,fe,46,8a,4b,61,7d,6d,e8,f7,06,3d,d0,ff,6c,b4,0d,\
"rkeysecu"=hex:09,f8,c2,50,d5,e9,2f,8c,db,ed,2d,ba,1c,08,7b,2a
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Voltooingstijd: 2013-12-10  03:21:14 - machine werd herstart
ComboFix-quarantined-files.txt  2013-12-10 02:21
ComboFix2.txt  2013-12-09 21:04
.
Pre-Run: 535.148.802.048 bytes beschikbaar
Post-Run: 538.020.179.968 bytes beschikbaar
.
- - End Of File - - F4119489ECC42B6A0615C1B382D8AA4E
A36C5E4F47E84449FF07ED3517B43A31


#12 jackjohn

jackjohn
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:27 AM

Posted 09 December 2013 - 09:29 PM

Computer is doing fine now. Before your help it was cloggy and slow, working much better now. The combofix improved the performance by a tad.. I think. I'm unable to know for sure since I hardly used the PC since using the Junkware Removal Tool.



#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:27 AM

Posted 09 December 2013 - 09:35 PM


Hello

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)
  • Programs to remove

    • 1ClickDownloader
      µTorrent
      Java 7 Update 21 (64-bit)
      Java™ 6 Update 22
      Java™ 6 Update 33
      Uninstall



Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.


Install Java:

Please go here to install Java
  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close
Clean Out Temp Files
  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here CCleaner
    • Run the installer to install the application.
    • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
    • Run CCleaner. default settings are fine
    • Click Run Cleaner.
    • Close CCleaner.
: Malwarebytes' Anti-Malware :

I see that you have MBAM installed - That is great!! and at this time I would like you to update it and run me a quick scan
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidentally close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.



Download HijackThis
  • Go Here to download HijackThis program
  • Save HijackThis to your desktop.
  • Right Click on Hijackthis and select "Run as Admin" (XP users just need to double click to run)
  • Click on "Do A system scan and save a logfile" (if you do not see "Do A system scan and save a logfile" then click on main menu)
  • copy and paste hijackthis report into the topic
"information and logs"
  • In your next post I need the following
    • Log From MBAM
    • report from Hijackthis
    • let me know of any problems you may have had
    • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 jackjohn

jackjohn
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:27 AM

Posted 09 December 2013 - 10:03 PM

Ok, so running Revo:

 

Succesfully removed Utorrent and Uninstall.

Cant locate 1clickdownloader and Java 7 update (64-bit) 

Unable to uninstall the Java 6 updates. I get this error message (translated from Dutch)

 
Can't access the Windows Installer-service. This can occur if the Windows Installer did not install properly. Contact supportive personnel for assistence.
 
After clicking OK however, Revo still lets me click on next and scans just as it did with Utorrent and Uninstall. Should i delete the leftover files and proceed to the next steps despite of this error?

Edited by jackjohn, 09 December 2013 - 10:07 PM.


#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:27 AM

Posted 09 December 2013 - 10:15 PM

Yes please do

gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users