Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Removing Virtool:win32/Beeinject


  • This topic is locked This topic is locked
33 replies to this topic

#1 dropdead33

dropdead33

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:49 PM

Posted 13 October 2014 - 01:46 PM

First of all thanks for the preparation guide, and I would love it if this all works out. 
I'm having alot of BSOD's lately (service_error_exception), so it happens that I can't even turn on my PC without a crash loop.

 

When checking for intel, I found that my PC warns me for a Virtool:win32/Beeinject virus. I have been running MRT, MSERT, MWB, Windows Defender, Mcafee, AVG scans but nothing seems to detect this virus. I really hope you guys can help me. Thanks in advance. 
 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
Internet Explorer: 9.0.8112.16470  BrowserJavaVersion: 1.6.0_20
Run by Nick at 20:27:58 on 2014-10-13
Microsoft Windows 7 Professional   6.1.7600.0.1252.32.1043.18.3958.2072 [GMT 2:00]
.
AV: McAfee VirusScan Enterprise *Enabled/Outdated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Users\Nick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Users\Nick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
uProxyServer = 77.243.116.113:3128
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files 
 
(x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: File Sanitizer for HP ProtectTools: {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program 
 
Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files 
 
(x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: HP ProtectTools Security Manager Extension: {395610AE-C624-4f58-B89E-23733EA00F9A} - C:
 
\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - 
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files 
 
(x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee
 
\VirusScan Enterprise\scriptsn.dll
BHO: Aanmeldhulp voor Windows Live ID: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files 
 
(x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype
 
\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files 
 
(x86)\Java\jre6\bin\jp2ssv.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files 
 
(x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files 
 
(x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\Program Files 
 
(x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
uRun: [Facebook Update] "C:\Users\Nick\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c 
 
/nocrashserver
uRun: [RGSC] C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe 
 
/silent
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe 
 
/Start
mRun: [ShStatEXE] "C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
mRun: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
dRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 
 
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program 
 
Files\Logitech\SetPoint\SetPoint.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Afbeelding verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth 
 
Software\btsendto_ie_ctx.htm
IE: E&xporteren naar Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Pagina verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software
 
\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program 
 
Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars
 
\PokerStarsUpdate.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program 
 
Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software
 
\btsendto_ie.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20
 
-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20
 
-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20
 
-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - 
 
hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 195.130.131.4 195.130.130.132
TCP: Interfaces\{5781C426-E853-4996-A236-F1E8EFA27933} : DHCPNameServer = 195.130.131.4 
 
195.130.130.132
TCP: Interfaces\{5781C426-E853-4996-A236-F1E8EFA27933}\2626F68723D253632643 : DHCPNameServer = 
 
192.168.1.1
TCP: Interfaces\{5781C426-E853-4996-A236-F1E8EFA27933}\54D494E454E445F5750535F513140343 : 
 
DHCPNameServer = 195.130.131.4 195.130.130.132
TCP: Interfaces\{5781C426-E853-4996-A236-F1E8EFA27933}\67562737475627B65627 : DHCPNameServer = 
 
195.130.131.4 195.130.130.132
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files 
 
(x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - 
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files 
 
(x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Notify: DeviceNP - DeviceNP.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files 
 
(x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
LSA: Notification Packages =  DPPassFilter scecli
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files
 
\LightScribe\LSRunOnce.exe"
x64-mWinlogon: Userinit = C:\Windows\System32\userinit.exe,C:\Program Files (x86)\Hewlett-
 
Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
x64-BHO: HP ProtectTools Security Manager Extension: {395610AE-C624-4f58-B89E-23733EA00F9A} - C:
 
\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll
x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - 
x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee
 
\VirusScan Enterprise\x64\scriptsn.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program 
 
Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program 
 
Files\Java\jre6\bin\jp2ssv.dll
x64-Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software
 
\btsendto_ie.htm
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-
 
1_6_0_21-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-
 
1_6_0_21-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-
 
1_6_0_21-windows-i586.cab
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - 
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\qvs3lc7x.default\
FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Users\Nick\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\Nick\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-8-25 55856]
R0 SafeBoot;SafeBoot;C:\Windows\System32\drivers\SafeBoot.sys [2009-11-11 56648]
R0 SbAlg;SbAlg;C:\Windows\System32\drivers\SbAlg.sys [2009-6-4 60160]
R0 SbFsLock;SbFsLock;C:\Windows\System32\drivers\SbFsLock.sys [2009-11-11 15688]
R1 PersonalSecureDrive;PersonalSecureDrive;C:\Windows\System32\drivers\psd.sys [2010-8-19 44576]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;C:\Windows
 
\System32\drivers\e1k62x64.sys [2010-8-19 293552]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-8-
 
19 56344]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-8-
 
19 75776]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers
 
\nusb3xhc.sys [2010-8-19 177152]
R3 rismcx64;RICOH Smart Card Reader;C:\Windows\System32\drivers\rismcx64.sys [2010-8-19 59008]
S0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2010-8-24 469400]
S1 RsvLock;RsvLock;C:\Windows\System32\drivers\RsvLock.sys [2009-11-11 58184]
S2 avg9wd;AVG Free WatchDog;"C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe" --> C:\Program Files 
 
(x86)\AVG\AVG9\avgwdsvc.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows
 
\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows
 
\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 123856]
S2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2011-5-13 30520]
S2 McAfeeEngineService;McAfee Engine Service;C:\Program Files (x86)\McAfee\VirusScan Enterprise
 
\x64\EngineServer.exe [2010-3-25 20792]
S2 McAfeeFramework;McAfee Framework Service;C:\Program Files (x86)\McAfee\Common Framework
 
\FrameworkService.exe [2009-8-25 103744]
S2 McShield;McAfee McShield;C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe 
 
[2010-3-25 180968]
S2 McTaskManager;McAfee Task Manager;C:\Program Files (x86)\McAfee\VirusScan Enterprise
 
\VsTskMgr.exe [2010-3-25 66880]
S2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2010-8-24 
 
79504]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2010-8-23 35104]
S3 DAMDrv;DAMDrv;C:\Windows\System32\drivers\DAMDrv64.sys [2009-10-21 40760]
S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-8-19 151936]
S3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2010-8-24 120096]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2010-8-24 78896]
S3 RICOH SmartCard Reader;RICOH SmartCard Reader;C:\Windows\System32\drivers\rismcx64.sys [2010-
 
8-19 59008]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009
 
-7-14 27136]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe 
 
[2010-8-23 1255736]
S4 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository
 
\stwrt64.inf_amd64_neutral_c06efa65923f756e\AESTSr64.exe [2010-8-19 89600]
S4 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons
 
\Com4QLBEx.exe [2010-8-19 228408]
S4 DEBridge;DEBridge;C:\Program Files\Hewlett-Packard\Drive Encryption
 
\SbHpAuthenticatorService.exe [2009-11-11 704512]
S4 FLCDLOCK;HP ProtectTools Device Locking / Auditing;C:\Windows\SysWOW64\flcdlock.exe [2009-11-9 
 
362040]
S4 HP Power Assistant Service;HP Power Assistant Service;C:\Program Files\Hewlett-Packard\HP 
 
Power Assistant\HPPA_Service.exe [2009-11-19 102968]
S4 HP ProtectTools Service;HP ProtectTools Service;C:\Program Files (x86)\Hewlett-Packard\2009 
 
Password Filter for HP ProtectTools\PTChangeFilterService.exe [2010-1-12 36864]
S4 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard
 
\HP Wireless Assistant\HPWA_Service.exe [2010-1-27 102968]
S4 HPDayStarterService;HP DayStarter Service;C:\Program Files\Hewlett-Packard\HP QuickLook\32-
 
bit\HPDayStarterService.exe [2010-5-10 90112]
S4 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard
 
\Shared\HPDrvMntSvc.exe [2009-12-10 251448]
S4 HpFkCryptService;Drive Encryption Service;C:\Program Files\Hewlett-Packard\Drive Encryption
 
\HpFkCrypt.exe [2009-11-11 277096]
S4 HPFSService;File Sanitizer for HP ProtectTools;C:\Program Files (x86)\Hewlett-Packard\File 
 
Sanitizer\HPFSService.exe [2009-11-4 297984]
S4 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2010-8-19 
 
635416]
S4 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files 
 
(x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-8-19 2320920]
.
=============== Created Last 30 ================
.
2014-10-13 17:58:23 -------- dc----w- C:\NVIDIA
2014-10-12 22:53:49 -------- d-----w- C:\Windows\System32\SPReview
2014-10-12 18:18:37 -------- d-----w- C:\Users\Nick\AppData\Local\Skype
2014-10-11 12:05:45 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender
 
\Definition Updates\{310DD3EE-4F69-42E5-B957-36AB76CDD62E}\offreg.dll
2014-10-11 11:58:09 11578928 ----a-w- C:\ProgramData\Microsoft\Windows 
 
Defender\Definition Updates\{310DD3EE-4F69-42E5-B957-36AB76CDD62E}\mpengine.dll
2014-10-11 11:53:51 -------- dc----w- C:\Program Files\Microsoft Windows 
 
Performance Toolkit
2014-10-11 11:53:16 -------- dc----w- C:\Program Files\Debugging Tools for 
 
Windows (x64)
2014-10-11 11:52:35 -------- dc----w- C:\Program Files (x86)\Application 
 
Verifier
2014-10-11 11:52:34 -------- dc----w- C:\Program Files\Application Verifier 
 
(x64)
2014-10-07 14:09:26 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-10-04 05:19:42 -------- dc----w- C:\56f1f1f8fed6becdb321edbb2f4eb4
2014-10-01 10:55:04 -------- dc----w- C:\b305cb832bfa22655d8909b6
.
==================== Find3M  ====================
.
2014-09-15 07:06:02 278152 ------w- C:\Windows\System32\MpSigStub.exe
2014-09-12 10:00:54 6783120 ----a-w- C:\Windows\System32\nvcpl.dll
2014-09-12 10:00:54 3521224 ----a-w- C:\Windows\System32\nvsvc64.dll
2014-09-12 10:00:51 932040 ----a-w- C:\Windows\System32\nvvsvc.exe
2014-09-12 10:00:51 61640 ----a-w- C:\Windows\System32\nvshext.dll
2014-09-12 10:00:51 385168 ----a-w- C:\Windows\System32\nvmctray.dll
2014-09-12 10:00:51 2559808 ----a-w- C:\Windows\System32\nvsvcr.dll
2014-09-11 14:36:10 3961833 ----a-w- C:\Windows\System32\nvcoproc.bin
2014-09-05 02:01:12 574976 ----a-w- C:\Windows\System32\aepdu.dll
2014-09-05 01:55:40 424448 ----a-w- C:\Windows\System32\aeinv.dll
.
============= FINISH: 20:28:11,64 ===============
 




 



BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:49 PM

Posted 14 October 2014 - 04:56 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

  • Important: To help me reviewing your logs, please post them in code boxes. You can create them by clicking on the <>-symbol on top of the reply window.

 
 
 
 
HijackThis is not the preferred initial scanning tool in this forum. With today's malware, a more comprehensive set of logs is required to determine the presence of malware.
 
 
  
Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)
 
  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.

 
 
Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.
  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )
  • Leave everything else as it is.
  • Close all other running programs as well as your Browser.
  • Click the Scan button & wait for it to finish.
  • Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop.
  • Please post the content of the ark.txt here.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.zip and extract to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt


Please attach this file to your next reply.
 


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 dropdead33

dropdead33
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:49 PM

Posted 14 October 2014 - 05:38 PM

Hi Marius, thanks for your reply and your commitment.

Here is the log + addition from the Farbar's Recovery Tool


 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-10-2014
Ran by Nick (administrator) on NICK on 15-10-2014 00:29:14
Running from C:\Users\Nick\Downloads
Loaded Profile: Nick (Available profiles: Nick & Jeroen & Nick-Ipod)
Platform: Windows 7 Professional (X64) OS Language: Nederlands (Nederland)
Internet Explorer Version 8
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-

tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(DigitalPersona, Inc.) C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager

\Bin\DPAgent.exe
(Google Inc.) C:\Users\Nick\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Nick\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Nick\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Nick\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Nick\AppData\Local\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or 

removed. The file will not be moved.)

HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [130576 2009-06

-17] (Logitech, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2174760 2010-06-04] 

(Synaptics Incorporated)
HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2727568 2014-09-12] 

()
HKLM-x32\...\Run: [QlbCtrl.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch 

Buttons\QlbCtrl.exe [287800 2009-11-11] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [ShStatEXE] => C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE 

[124224 2010-03-25] (McAfee, Inc.)
HKLM-x32\...\Run: [AVG9_TRAY] => C:\PROGRA~2\AVG\AVG9\avgtray.exe
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office

\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-

02-06] (Apple Inc.)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\Hewlett-

Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, 

Inc.)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
Winlogon\Notify\DeviceNP-x32: DeviceNP.dll [X]
HKU\S-1-5-21-3434663956-2992879644-1888042936-1007\...\Run: [Facebook Update] => C:\Users\Nick

\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-18] (Facebook Inc.)
HKU\S-1-5-21-3434663956-2992879644-1888042936-1007\...\Run: [] => [X]
HKU\S-1-5-21-3434663956-2992879644-1888042936-1007\...\Run: [RGSC] => C:\Program Files 

(x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
HKU\S-1-5-21-3434663956-2992879644-1888042936-1007\...\Run: [Skype] => C:\Program Files 

(x86)\Skype\Phone\Skype.exe [22066272 2014-10-01] (Skype Technologies S.A.)
HKU\S-1-5-21-3434663956-2992879644-1888042936-1007\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3434663956-2992879644-1888042936-1007\...\Policies\system: 

[DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-

10-13] (Microsoft Corporation)
AppInit_DLLs: avgrssta.dll => avgrssta.dll File Not Found
Lsa: [Notification Packages] DPPassFilter scecli
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe 

(Logitech, Inc.)
GroupPolicyUsers\S-1-5-21-3434663956-2992879644-1888042936-1009\User: Group Policy restriction 

detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored 

to default.)

ProxyServer: 77.243.116.113:3128
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = 

http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2304157
SearchScopes: HKLM-x32 - {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = 

http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2304157
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = 
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?

q={sear
SearchScopes: HKCU - {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = 

http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2304157
SearchScopes: HKCU - {D283BCBF-2216-48A6-B28E-A0E1D49F5DA4} URL = 

http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}

&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYBE&apn_uid=ED1959E7-11EA-42E2-BBDD-

6945EF2296F5&apn_sauid=D24271C1-F25F-4730-AC30-C579EAB779F7
BHO: HP ProtectTools Security Manager Extension -> {395610AE-C624-4f58-B89E-23733EA00F9A} -> C:

\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll 

(DigitalPersona, Inc.)
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files (x86)\AVG

\AVG9\avgssiea.dll No File
BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files (x86)\McAfee

\VirusScan Enterprise\x64\scriptsn.dll (McAfee, Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program 

Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files

\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files 

(x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: File Sanitizer for HP ProtectTools -> {3134413B-49B4-425C-98A5-893C1F195601} -> C:

\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files 

(x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: HP ProtectTools Security Manager Extension -> {395610AE-C624-4f58-B89E-23733EA00F9A} -> 

C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll 

(DigitalPersona, Inc.)
BHO-x32: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files (x86)\AVG

\AVG9\avgssie.dll No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files 

(x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files (x86)\McAfee

\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)
BHO-x32: Aanmeldhulp voor Windows Live ID -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program 

Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Plug-In -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype

\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program 

Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program 

Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKCU - No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} -  No File
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} 

http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG

\AVG9\avgppa.dll No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG

\AVG9\avgpp.dll No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows 

Live\Messenger\msgrapp.dll No File
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows 

Live\Messenger\msgrapp.dll No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files 

(x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows 

Live\Mail\mailcomm.dll No File
Tcpip\Parameters: [DhcpNameServer] 195.130.131.4 195.130.130.132

FireFox:
========
FF ProfilePath: C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\qvs3lc7x.default
FF SearchEngineOrder.1: Ask.com
FF DefaultSearchEngine: Google
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun 

Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins

\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL 

(CANON INC.)
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX 

Plus Web Player\npdivx32.dll No File
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth

\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight

\4.0.60531.0\npctrl.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update

\1.3.21.69\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update

\1.3.21.69\npGoogleUpdate3.dll No File
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Nick\AppData\Local

\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Nick\AppData\Local\Google

\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Nick\AppData\Local\Google

\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF user.js: detected! => C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\qvs3lc7x.default

\user.js
FF SearchPlugin: C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\qvs3lc7x.default

\searchplugins\askcom.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\bolcom-nl.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\marktplaats-nl.xml
FF Extension: DownloadHelper - C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles

\qvs3lc7x.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013-01-22]
FF Extension: Adblock Plus - C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles

\qvs3lc7x.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-09-18]
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\Hewlett-

Packard\HP ProtectTools Security Manager\Bin\FirefoxExt
FF Extension: DigitalPersona Extension - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools 

Security Manager\Bin\FirefoxExt [2010-08-19]
FF HKLM-x32\...\Firefox\Extensions: [{3f963a5b-e555-4543-90e2-c3908898db71}] - C:\Program Files 

(x86)\AVG\AVG9\Firefox
FF HKLM-x32\...\Firefox\Extensions: [belgiumeid@eid.belgium.be] - C:\Program Files\Mozilla 

Firefox\extensions\belgiumeid@eid.belgium.be

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.be/
CHR Profile: C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default

\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-06]
CHR Extension: (Adblock Plus) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default

\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2012-03-22]
CHR Extension: (Disconnect) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default

\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo [2014-02-25]
CHR Extension: (Auto Replay for YouTube™) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data

\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb [2013-12-13]
CHR Extension: (Unfriend Alerts) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default

\Extensions\lgbeldbnadmemecalekdfnffgobkpafc [2013-12-15]
CHR Extension: (Google Wallet) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default

\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-29]
CHR HKLM-x32\...\Chrome\Extension: [bmbpbcpokffodhpcdjaoopolhdlbconi] - C:\Users\Nick\AppData

\Local\Temp\tbch.crx []
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files 

(x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2011-02-11]
CHR StartMenuInternet: Google Chrome - C:\Users\Nick\AppData\Local\Google\Chrome\Application

\chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file 

will not be moved unless listed separately.)

S4 AESTFilters; C:\Windows\System32\DriverStore\FileRepository

\stwrt64.inf_amd64_neutral_c06efa65923f756e\AESTSr64.exe [89600 2010-08-19] (Andrea Electronics 

Corporation)
S4 DEBridge; C:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe 

[704512 2009-11-11] (McAfee, Inc.) [File not signed]
S4 DpHost; C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe 

[462088 2010-01-22] (DigitalPersona, Inc.)
S4 FLCDLOCK; C:\Windows\SysWOW64\flcdlock.exe [362040 2009-11-09] (Hewlett-Packard Ltd)
S4 HP Health Check Service; C:\Program Files (x86)\Hewlett-Packard\HP Health Check

\hphc_service.exe [121344 2010-06-30] (Hewlett-Packard Company) [File not signed]
S4 HP ProtectTools Service; C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP 

ProtectTools\PTChangeFilterService.exe [36864 2010-01-12] (Hewlett-Packard Development Company, 

L.P) [File not signed]
S4 HPDayStarterService; C:\Program Files\Hewlett-Packard\HP QuickLook\32-bit

\HPDayStarterService.exe [90112 2010-05-10] (Hewlett-Packard Company) [File not signed]
S4 HpFkCryptService; C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [277096 

2009-11-11] (McAfee, Inc.)
S4 HPFSService; C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [297984 

2009-11-04] (Hewlett-Packard) [File not signed]
S4 IFXSpMgtSrv; C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe 

[1107232 2010-08-19] (Infineon Technologies AG)
S4 IFXTCS; C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxtcs.exe [988448 

2010-08-19] (Infineon Technologies AG)
S4 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-06

-17] (Hewlett-Packard Company) [File not signed]
S2 McAfeeEngineService; C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe 

[20792 2010-03-25] (McAfee, Inc.)
S2 McAfeeFramework; C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [103744 

2009-08-25] (McAfee, Inc.)
S2 McShield; C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe [180968 2010-03

-25] (McAfee, Inc.)
S2 McTaskManager; C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe [66880 2010-03

-25] (McAfee, Inc.)
S2 mfevtp; C:\Windows\system32\mfevtps.exe [79504 2010-03-25] (McAfee, Inc.)
S4 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [635416 2010-03-06] (PDF 

Complete Inc)
S4 PersonalSecureDriveService; C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software

\IfxPsdSv.exe [214304 2010-08-19] (Infineon Technologies AG)
S2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2012-02-02] ()
S4 STacSV; C:\Windows\System32\DriverStore\FileRepository

\stwrt64.inf_amd64_neutral_c06efa65923f756e\STacSV64.exe [244224 2010-08-19] (IDT, Inc.)
S4 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe [4202496 2010-08-23] 

(Broadcom Corporation) [File not signed]
S2 avg9wd; "C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file 

will not be moved unless listed separately.)

S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [40760 2009-10-21] (Hewlett-Packard 

Development Company L.P.)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [97576 2010-03-25] (McAfee, Inc.)
S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [120096 2010-03-25] (McAfee, Inc.)
S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [469400 2010-03-25] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [78896 2010-03-25] (McAfee, Inc.)
R1 mfetdik; C:\Windows\System32\drivers\mfetdik.sys [84424 2010-03-25] (McAfee, Inc.)
R1 PersonalSecureDrive; C:\Windows\System32\drivers\psd.sys [44576 2010-08-19] (Infineon 

Technologies AG)
S3 RICOH SmartCard Reader; C:\Windows\System32\DRIVERS\rismcx64.sys [59008 2009-07-20] (RICOH 

Company, Ltd.)
R3 rismcx64; C:\Windows\System32\DRIVERS\rismcx64.sys [59008 2009-07-20] (RICOH Company, Ltd.)
S1 RsvLock; C:\Windows\System32\Drivers\RsvLock.sys [58184 2009-11-11] (McAfee, Inc.)
S1 RsvLock; C:\Windows\SysWow64\Drivers\RsvLock.sys [40088 2009-11-11] (McAfee, Inc.)
R0 SafeBoot; C:\Windows\System32\Drivers\SafeBoot.sys [56648 2009-11-11] (McAfee, Inc.)
R0 SafeBoot; C:\Windows\SysWow64\Drivers\SafeBoot.sys [110520 2009-11-11] (McAfee, Inc.)
R0 SbAlg; C:\Windows\System32\Drivers\SbAlg.sys [60160 2009-06-04] (McAfee, Inc.)
R0 SbAlg; C:\Windows\SysWow64\Drivers\SbAlg.sys [51800 2009-11-11] (McAfee, Inc.)
R0 SbFsLock; C:\Windows\System32\Drivers\SbFsLock.sys [15688 2009-11-11] (McAfee, Inc.)
R0 SbFsLock; C:\Windows\SysWow64\Drivers\SbFsLock.sys [13256 2009-11-11] (McAfee, Inc.)
S3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1805104 2009-09-17] ()
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [526392 2011-11-09] (Duplex Secure Ltd.)
S1 AvgLdx64; System32\Drivers\avgldx64.sys [X]
S1 AvgMfx64; System32\Drivers\avgmfx64.sys [X]
S1 AvgTdiA; System32\Drivers\avgtdia.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file 

could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-15 00:29 - 2014-10-15 00:30 - 00019406 _____ () C:\Users\Nick\Downloads\FRST.txt
2014-10-15 00:29 - 2014-10-15 00:29 - 00000000 ___DC () C:\FRST
2014-10-15 00:28 - 2014-10-15 00:28 - 02110464 _____ (Farbar) C:\Users\Nick\Downloads\FRST64.exe
2014-10-13 20:44 - 2014-10-13 20:44 - 00052736 _____ () C:\Users\Nick\Downloads\00216557.xls
2014-10-13 20:44 - 2014-10-13 20:44 - 00052736 _____ () C:\Users\Nick\Downloads\00216557 (2).xls
2014-10-13 20:44 - 2014-10-13 20:44 - 00052736 _____ () C:\Users\Nick\Downloads\00216557 (1).xls
2014-10-13 20:28 - 2014-10-13 20:30 - 00012323 _____ () C:\Users\Nick\Desktop\attach.txt
2014-10-13 20:28 - 2014-10-13 20:29 - 00018303 _____ () C:\Users\Nick\Desktop\dds.txt
2014-10-13 20:01 - 2014-10-13 20:02 - 00000000 ____D () C:\Windows\LastGood.Tmp
2014-10-13 20:00 - 2014-09-12 13:56 - 31514432 _____ (NVIDIA Corporation) C:\Windows

\system32\nvoglv64.dll
2014-10-13 20:00 - 2014-09-12 13:56 - 24199824 _____ (NVIDIA Corporation) C:\Windows

\SysWOW64\nvoglv32.dll
2014-10-13 20:00 - 2014-09-12 13:56 - 22994240 _____ (NVIDIA Corporation) C:\Windows

\system32\nvcompiler.dll
2014-10-13 20:00 - 2014-09-12 13:56 - 18628392 _____ (NVIDIA Corporation) C:\Windows

\system32\nvwgf2umx.dll
2014-10-13 20:00 - 2014-09-12 13:56 - 17552560 _____ (NVIDIA Corporation) C:\Windows

\system32\nvd3dumx.dll
2014-10-13 20:00 - 2014-09-12 13:56 - 16124456 _____ (NVIDIA Corporation) C:\Windows

\SysWOW64\nvwgf2um.dll
2014-10-13 20:00 - 2014-09-12 13:56 - 15294096 _____ (NVIDIA Corporation) C:\Windows

\SysWOW64\nvcompiler.dll
2014-10-13 20:00 - 2014-09-12 13:56 - 14493448 _____ (NVIDIA Corporation) C:\Windows

\SysWOW64\nvd3dum.dll
2014-10-13 20:00 - 2014-09-12 13:56 - 13913528 _____ (NVIDIA Corporation) C:\Windows

\system32\nvopencl.dll
2014-10-13 20:00 - 2014-09-12 13:56 - 13824960 _____ (NVIDIA Corporation) C:\Windows

\system32\nvcuda.dll
2014-10-13 20:00 - 2014-09-12 13:56 - 12882064 _____ (NVIDIA Corporation) C:\Windows

\system32\Drivers\nvlddmkm.sys
2014-10-13 20:00 - 2014-09-12 13:56 - 11270000 _____ (NVIDIA Corporation) C:\Windows

\SysWOW64\nvopencl.dll
2014-10-13 20:00 - 2014-09-12 13:56 - 11207656 _____ (NVIDIA Corporation) C:\Windows

\SysWOW64\nvcuda.dll
2014-10-13 20:00 - 2014-09-12 13:56 - 04246848 _____ (NVIDIA Corporation) C:\Windows

\system32\nvcuvid.dll
2014-10-13 20:00 - 2014-09-12 13:56 - 03987784 _____ (NVIDIA Corporation) C:\Windows

\SysWOW64\nvcuvid.dll
2014-10-13 20:00 - 2014-09-12 13:56 - 03196864 _____ (NVIDIA Corporation) C:\Windows

\system32\nvapi64.dll
2014-10-13 20:00 - 2014-09-12 13:56 - 02814704 _____ (NVIDIA Corporation) C:\Windows

\SysWOW64\nvapi.dll
2014-10-13 20:00 - 2014-09-12 13:56 - 01889096 _____ (NVIDIA Corporation) C:\Windows

\system32\nvdispco6434084.dll
2014-10-13 20:00 - 2014-09-12 13:56 - 01539728 _____ (NVIDIA Corporation) C:\Windows

\system32\nvdispgenco6434084.dll
2014-10-13 20:00 - 2014-09-12 13:56 - 00943304 _____ (NVIDIA Corporation) C:\Windows

\system32\NvIFR64.dll
2014-10-13 20:00 - 2014-09-12 13:56 - 00906952 _____ (NVIDIA Corporation) C:\Windows

\SysWOW64\NvIFR.dll
2014-10-13 20:00 - 2014-09-12 13:56 - 00901776 _____ (NVIDIA Corporation) C:\Windows

\system32\NvFBC64.dll
2014-10-13 20:00 - 2014-09-12 13:56 - 00869192 _____ (NVIDIA Corporation) C:\Windows

\SysWOW64\NvFBC.dll
2014-10-13 20:00 - 2014-09-12 13:56 - 00197408 _____ (NVIDIA Corporation) C:\Windows

\system32\Drivers\nvhda64v.sys
2014-10-13 20:00 - 2014-09-12 13:56 - 00031520 _____ (NVIDIA Corporation) C:\Windows

\system32\nvhdap64.dll
2014-10-13 19:59 - 2014-10-13 19:59 - 00688992 ____R (Swearware) C:\Users\Nick\Downloads\dds.com
2014-10-13 19:58 - 2014-10-13 19:58 - 00000000 ___DC () C:\NVIDIA
2014-10-13 19:50 - 2014-10-13 19:52 - 221948176 _____ (NVIDIA Corporation) C:\Users\Nick

\Downloads\340.84-quadro-grid-desktop-notebook-win8-win7-64bit-international-whql.exe
2014-10-13 00:59 - 2014-10-13 00:59 - 00008212 _____ () C:\Windows\mfebcdata
2014-10-13 00:53 - 2014-10-13 00:53 - 00000000 ____D () C:\Windows\system32\SPReview
2014-10-12 22:15 - 2014-10-12 22:16 - 61205128 _____ (Microsoft Corporation) C:\Users\Nick

\Downloads\EIE11_NL-NL_WOL_WIN764.EXE
2014-10-12 20:18 - 2014-10-12 20:18 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start 

Menu\Programs\Skype
2014-10-12 20:18 - 2014-10-12 20:18 - 00000000 ____D () C:\Users\Nick\AppData\Local\Skype
2014-10-12 20:07 - 2014-10-12 20:08 - 36031592 _____ (Skype Technologies S.A.) C:\Users\Nick

\Downloads\SkypeSetupFull.exe
2014-10-11 15:18 - 2014-10-11 15:18 - 00000000 ____D () C:\Users\Nick\Documents\Crash
2014-10-11 13:58 - 2014-10-11 13:58 - 00163917 _____ () C:\Users\Nick\Downloads

\ReleaseNotes_Win7_1RTMSDK.Htm
2014-10-11 13:53 - 2014-10-11 13:53 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start 

Menu\Programs\Debugging Tools for Windows (x64)
2014-10-11 13:53 - 2014-10-11 13:53 - 00000000 ___DC () C:\Program Files\Microsoft Windows 

Performance Toolkit
2014-10-11 13:53 - 2014-10-11 13:53 - 00000000 ___DC () C:\Program Files\Debugging Tools for 

Windows (x64)
2014-10-11 13:53 - 2014-10-11 13:53 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\Microsoft

\Windows\Start Menu\Programs\Microsoft Windows Performance Toolkit
2014-10-11 13:52 - 2014-10-11 13:52 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start 

Menu\Programs\Application Verifier (x64)
2014-10-11 13:52 - 2014-10-11 13:52 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start 

Menu\Programs\Application Verifier
2014-10-11 13:52 - 2014-10-11 13:52 - 00000000 ___DC () C:\Program Files\Application Verifier 

(x64)
2014-10-11 13:52 - 2014-10-11 13:52 - 00000000 ___DC () C:\Program Files (x86)\Application 

Verifier
2014-10-11 13:45 - 2014-10-11 13:52 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start 

Menu\Programs\Microsoft Windows SDK v7.1
2014-10-11 13:45 - 2014-10-11 13:45 - 00000000 ___DC () C:\Program Files\Microsoft SDKs
2014-10-11 13:38 - 2014-10-11 13:39 - 00509264 _____ (Microsoft Corporation) C:\Users\Nick

\Downloads\winsdk_web.exe
2014-10-07 16:10 - 2014-10-07 16:11 - 125267192 _____ (Microsoft Corporation) C:\Users\Nick

\Downloads\msert.exe
2014-10-07 16:09 - 2014-10-07 16:09 - 00122584 _____ (Malwarebytes Corporation) C:\Windows

\system32\Drivers\MBAMSwissArmy.sys
2014-10-07 11:34 - 2014-10-07 11:34 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Nick\Downloads

\tdsskiller.exe
2014-10-04 11:01 - 2014-10-04 11:01 - 00508374 _____ () C:\Users\Nick\Downloads\uitnodiging 

uitvaartsplechtigheid.zip
2014-10-04 07:19 - 2014-10-07 01:51 - 00000000 ___DC () C:\56f1f1f8fed6becdb321edbb2f4eb4
2014-10-02 22:04 - 2014-10-02 22:04 - 00051261 _____ () C:\Users\Nick\Downloads\a-million-ways-

to-die-in-the-west_english-974441 (1).zip
2014-10-02 22:04 - 2014-10-02 22:04 - 00048965 _____ () C:\Users\Nick\Downloads\kid-

cannabis_english-932889.zip
2014-10-02 19:54 - 2014-10-02 19:54 - 00051261 _____ () C:\Users\Nick\Downloads\a-million-ways-

to-die-in-the-west_english-974441.zip
2014-10-01 13:04 - 2014-10-01 13:04 - 02886144 _____ () C:\Users\Nick\Downloads\C1_IMT_2014_2015

(2).ppt
2014-10-01 12:55 - 2014-10-01 12:55 - 00000000 ___DC () C:\b305cb832bfa22655d8909b6
2014-09-30 20:51 - 2014-09-30 20:51 - 00071253 _____ () C:\Users\Nick\Downloads\transformers-

age-of-extinction_english-982949.zip
2014-09-28 20:54 - 2014-09-28 20:54 - 00046847 _____ () C:\Users\Nick\Downloads\the-amazing-

spider-man-2_english-958447.zip
2014-09-23 11:41 - 2014-09-23 11:41 - 00117797 _____ () C:\Users\Nick\Downloads\vikings-second-

season_english-907247.zip
2014-09-19 09:02 - 2014-09-19 09:03 - 00055141 _____ () C:\Users\Nick\Downloads\the-lego-

movie_english-923328.zip
2014-09-17 20:36 - 2014-09-25 02:05 - 1072239304 _____ () C:\Users\Nick\Documents\Fotoboek 

Fietsreis2.dtp
2014-09-17 20:32 - 2014-09-17 20:34 - 608569165 _____ () C:\Users\Nick\Documents\Fotoboek 

Fietsreis.$$$
2014-09-17 19:18 - 2014-09-17 19:20 - 120827707 _____ () C:\Users\Nick\Downloads

\SnowyFietsreis.zip

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-14 13:49 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-14 13:48 - 2014-04-06 18:00 - 00025051 _____ () C:\Windows\setupact.log
2014-10-13 20:59 - 2010-08-19 12:45 - 00000000 ___DC () C:\ProgramData\NVIDIA
2014-10-13 20:02 - 2010-08-19 11:22 - 01996125 _____ () C:\Windows\WindowsUpdate.log
2014-10-13 20:01 - 2010-08-19 11:30 - 00000000 ___DC () C:\Program Files\NVIDIA Corporation
2014-10-13 19:48 - 2010-08-19 15:16 - 00000000 ____D () C:\Windows\pss
2014-10-13 19:40 - 2010-10-05 18:18 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\uTorrent
2014-10-13 00:46 - 2011-04-04 19:24 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\Skype
2014-10-12 22:51 - 2009-07-14 06:45 - 00022000 ____H () C:\Windows\system32\7B296FB0-376B-497e-

B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-12 22:51 - 2009-07-14 06:45 - 00022000 ____H () C:\Windows\system32\7B296FB0-376B-497e-

B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-12 22:47 - 2009-07-14 11:16 - 00763842 _____ () C:\Windows\system32\perfh013.dat
2014-10-12 22:47 - 2009-07-14 11:16 - 00159912 _____ () C:\Windows\system32\perfc013.dat
2014-10-12 22:47 - 2009-07-14 07:13 - 01707124 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-12 22:43 - 2011-11-08 18:15 - 00000000 ___DC () C:\Program Files (x86)\Steam
2014-10-12 21:31 - 2010-12-02 04:11 - 00000000 ___DC () C:\Program Files (x86)\NVIDIA Corporation
2014-10-12 21:25 - 2010-08-24 09:01 - 00000000 ___DC () C:\Program Files (x86)\Microsoft Office
2014-10-12 20:18 - 2011-04-04 19:24 - 00000000 __RDC () C:\Program Files (x86)\Skype
2014-10-12 20:18 - 2011-04-04 19:24 - 00000000 ___DC () C:\ProgramData\Skype
2014-10-11 13:45 - 2009-07-14 07:32 - 00000000 ___DC () C:\Program Files (x86)\MSBuild
2014-10-07 16:09 - 2014-09-10 23:42 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start 

Menu\Programs\Malwarebytes Anti-Malware
2014-10-07 16:09 - 2014-09-10 23:42 - 00000000 ___DC () C:\Program Files (x86)\Malwarebytes 

Anti-Malware
2014-10-07 16:09 - 2014-02-25 17:45 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes 

Anti-Malware.lnk
2014-10-07 02:21 - 2014-06-17 01:44 - 00114502 _____ () C:\Windows\PFRO.log
2014-10-07 01:58 - 2014-02-12 12:54 - 00000000 ___RD () C:\Users\Nick\Dropbox
2014-10-07 01:58 - 2014-02-12 12:52 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\Dropbox
2014-10-07 01:54 - 2010-09-27 18:19 - 00000000 ____D () C:\Users\Nick
2014-10-07 01:52 - 2011-03-06 13:33 - 00000000 ____D () C:\Users\Nick-Ipod
2014-10-07 01:52 - 2010-12-31 11:29 - 00000000 ___DC () C:\Users\Jeroen
2014-10-07 01:51 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2014-10-07 01:49 - 2011-10-19 22:21 - 00000000 ____D () C:\Users\Nick\AppData\Local\Facebook
2014-10-02 23:56 - 2010-10-15 11:19 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\vlc
2014-09-25 11:49 - 2010-09-27 21:35 - 00002379 _____ () C:\Users\Nick\Desktop\Google Chrome.lnk
2014-09-24 23:38 - 2012-12-07 10:53 - 00000000 ____D () C:\Users\Nick\Documents\Milieumanagement
2014-09-21 15:00 - 2011-03-06 11:09 - 00007606 _____ () C:\Users\Nick\AppData\Local

\resmon.resmoncfg
2014-09-19 12:44 - 2014-02-12 12:53 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\Microsoft

\Windows\Start Menu\Programs\Dropbox
2014-09-17 13:38 - 2014-09-07 16:39 - 557686542 _____ () C:\Users\Nick\Documents\Fotoboek 

Fietsreis.dtp
2014-09-17 13:07 - 2012-02-22 14:10 - 1519671052 _____ () C:\Users\Nick\Documents\Fotoalbum.dtp
2014-09-16 19:39 - 2012-02-22 13:52 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\Fotogoed 

Designer
2014-09-15 09:06 - 2010-08-19 11:39 - 00278152 ____N (Microsoft Corporation) C:\Windows

\system32\MpSigStub.exe

Files to move or delete:
====================
C:\Users\Jeroen\jagex_runescape_preferences.dat
C:\Users\Jeroen\jagex_runescape_preferences2.dat
C:\Users\Nick\jagex_cl_oldschool_LIVE.dat
C:\Users\Nick\jagex_cl_runescape_LIVE.dat
C:\Users\Nick\random.dat


Some content of TEMP:
====================
C:\Users\Jeroen\AppData\Local\Temp

\ICReinstall_tupac_greatest_hits_rapidshare_com.setup_downloader.exe
C:\Users\Jeroen\AppData\Local\Temp\install_flashplayer11x32ax_gtba_chra_dy_aih.exe
C:\Users\Jeroen\AppData\Local\Temp\install_flashplayer11x32ax_gtbp_chra_aih.exe
C:\Users\Jeroen\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Nick\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-

3e3e7ecf0d81}.tmpahiuvf.dll
C:\Users\Nick\AppData\Local\Temp\NEventMessages.dll
C:\Users\Nick\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\Nick\AppData\Local\Temp\{55368AF0-0F7E-4806-9BF2-35C42F50A5D8}.exe
C:\Users\Nick-Ipod\AppData\Local\Temp\SkypeSetup.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-12 04:11

==================== End Of Log ============================


The addition file

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-10-2014
Ran by Nick at 2014-10-15 00:30:51
Running from C:\Users\Nick\Downloads
Boot Mode: Safe Mode (with Networking)
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee VirusScan Enterprise (Enabled - Out of date) {86355677-4064-3EA7-ABB3-1B136EB04637}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The 

adware programs should be uninstalled manually.)

 Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{90120000-0030-0000-0000-

0000000FF1CE}_ENTERPRISE_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
µTorrent (HKCU\...\uTorrent) (Version: 3.3.2.30303 - BitTorrent Inc.)
µTorrent (HKLM-x32\...\uTorrent) (Version: 2.0.4 - )
7-Zip 4.65 (HKLM-x32\...\7-Zip) (Version:  - )
ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) 

Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.3.9120 - Adobe Systems Inc.) Hidden
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 

3.0.0.400 - Adobe Systems Incorporated)
Adobe Community Help (x32 Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 10 ActiveX (HKLM-x32\...\{6E9EF98E-259E-416D-B5F8-0ABDB99942CE}) (Version: 

10.1.52.14 - Adobe Systems, Inc.)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.1.82.76 - 

Adobe Systems Incorporated)
Adobe Flash Player 10 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 10.1.85.3 - Adobe 

Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) 

(Version: 1.8 - Adobe Systems Incorporated)
Adobe Media Player (x32 Version: 1.8 - Adobe Systems Incorporated) Hidden
Adobe Reader 9.4.1 - Nederlands (HKLM-x32\...\{AC76BA86-7AD7-1043-7B44-A94000000001}) (Version: 

9.4.1 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{B3575D00-27EF-49C2-B9E0-14B3D954E992}) (Version: 1.5.2 - 

Apple Inc.)
Apple Mobile Device Support (HKLM\...\{439760BC-7737-4386-9B1D-A90A3E8A22EA}) (Version: 3.4.1.2 - 

Apple Inc.)
Apple Software Update (HKLM-x32\...\{C6579A65-9CAE-4B31-8B6B-3306E0630A66}) (Version: 2.1.3.127 - 

Apple Inc.)
Application Verifier (x64) (HKLM\...\{89026002-A893-42D9-9E20-6829B844735E}) (Version: 4.1.1078 - 

Microsoft Corporation)
Astroburn Lite (HKLM-x32\...\Astroburn Lite) (Version: 1.2.0.0087 - Disk Software Ltd)
AVG Free 9.0 (HKLM-x32\...\AVG9Uninstall) (Version:  - AVG Technologies)
Belgium e-ID middleware 3.5.5 (build 6870) (HKLM\...\{824563DE-75AD-4166-9DC0-B6482F206870}) 

(Version: 3.5.6870 - Belgian Government)
Bonjour (HKLM\...\{0E543634-7E25-4B8F-8D5B-97880E5E5088}) (Version: 2.0.5.0 - Apple Inc.)
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 

5.60.18.12 - Broadcom Corporation)
Broadcom Wireless Utility (HKLM\...\Broadcom Wireless Utility) (Version: 5.60.18.12 - Broadcom 

Corporation)
Call of Duty(R) 4 - Modern Warfare(TM) (HKLM-x32\...\InstallShield_{E48469CC-635E-4FD5-A122-

1497C286D217}) (Version: 1.7 - Activision)
Call of Duty(R) 4 - Modern Warfare(TM) (x32 Version: 1.00.0000 - Activision) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.1 Patch (x32 Version:  - ) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.1 Patch (x32 Version: 1.1 - Activision) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.2 Patch (x32 Version:  - ) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.2 Patch (x32 Version: 1.2 - Activision) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.3 Patch (x32 Version:  - ) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.3 Patch (x32 Version: 1.3 - Activision) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch (x32 Version:  - ) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch (x32 Version: 1.4 - Activision) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch (x32 Version:  - ) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Patch (x32 Version: 1.5 - Activision) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch (x32 Version:  - ) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch (x32 Version: 1.6 - Activision) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch (x32 Version:  - ) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch (x32 Version: 1.7 - Activision) Hidden
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version:  - )
Canon MP Navigator EX 3.0 (HKLM-x32\...\MP Navigator EX 3.0) (Version:  - )
Canon MP550 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}

_Canon_MP550_series) (Version:  - )
Canon Utilities My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 3.00 - Piriform)
CDDRV_Installer (Version: 4.60 - Logitech) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - 

Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco 

Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco 

Systems, Inc.)
Conduit Engine (HKLM-x32\...\conduitEngine) (Version:  - Conduit Ltd.) <==== ATTENTION
ConvertHelper 2.2 (HKLM-x32\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1) (Version:  - 

DownloadHelper)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Debugging Tools for Windows (x64) (HKLM\...\{DBFC6AAE-DCCB-4C23-B01C-3EDDDC03298B}) (Version: 

6.12.2.633 - Microsoft Corporation)
Device Access Manager for HP ProtectTools (HKLM\...\{55B52830-024A-443E-AF61-61E1E71AFA1B}) 

(Version: 5.0.1.4 - Hewlett-Packard)
DivX Setup (HKLM-x32\...\DivX Setup.divx.com) (Version: 2.1.2.2 - DivX, Inc. )
Drive Encryption for HP ProtectTools (HKLM\...\{D6782B98-BDC0-45F4-A046-9D26C475CBF8}) (Version: 

5.0.2.10 - Hewlett-Packard)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
Embedded Security for HP ProtectTools (HKLM\...\{6D47A7D8-C61B-411E-B549-BF3EDAE6A4E9}) (Version: 

5.7.001 - Hewlett-Packard)
EpicBot (HKLM-x32\...\EpicBot) (Version:  - )
erLT (x32 Version: 1.20.0137 - Logitech, Inc.) Hidden
ffdshow v1.1.3721 [2011-01-07] (HKLM-x32\...\ffdshow_is1) (Version: 1.1.3721.0 - )
File Sanitizer For HP ProtectTools (HKLM-x32\...\{6D6ADF03-B257-4EA5-BBC1-1D145AF8D514}) 

(Version: 5.0.1.1 - Hewlett-Packard)
Fotogoed Designer 3.8.3 (HKLM-x32\...\fotogoed-nl_is1) (Version:  - 1STEIN Corp.)
Gebruikersregistratie voor Canon MP550 series (HKLM-x32\...\Gebruikersregistratie voor Canon 

MP550 series) (Version:  - )
Google Chrome (HKCU\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
Google Earth (HKLM-x32\...\{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}) (Version: 6.0.3.2197 - Google)
Google Update Helper (x32 Version: 1.3.21.69 - Google Inc.) Hidden
Hitman Pro 3.5 (HKLM\...\HitmanPro35) (Version: 3.5.6.113 - SurfRight B.V.)
HP 3D DriveGuard (HKLM\...\{DC1C0BB6-8C9E-4886-A145-A487D8EAB073}) (Version: 4.0.4.1 - Hewlett-

Packard)
HP Business Card Reader (HKLM-x32\...\{FD8234FF-A70D-4632-B146-F41AB37C0B24}) (Version: 0.6.3.0 - 

Hewlett-Packard)
HP Customer Experience Enhancements (x32 Version: 6.0.1.3 - Hewlett-Packard) Hidden
HP ESU for Microsoft Windows 7 (HKLM-x32\...\{A88C35D3-A24A-4B10-9B78-E7409887A28D}) (Version: 

1.1.5.1 - Hewlett-Packard Company)
HP Integrated Module with Bluetooth wireless technology (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-

5D87A893088E}) (Version: 6.2.1.500 - Broadcom Corporation)
HP Power Assistant (HKLM\...\{4FAAFB50-D526-4F86-A929-19BA87A5FCF1}) (Version: 1.0.2.4 - 

Hewlett-Packard)
HP Power Data (HKLM\...\{B4246AFB-DDE7-4C80-8B9B-CE17E5F92A1E}) (Version: 1.0.7.77 - Hewlett-

Packard)
HP ProtectTools Security Manager (HKLM\...\HPProtectTools) (Version: 5.04.669 - Hewlett-Packard)
HP ProtectTools Security Manager (Version: 5.04.669 - Hewlett-Packard) Hidden
HP Quick Launch Buttons (HKLM-x32\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.12.1 

- Hewlett-Packard)
HP QuickLook (HKLM\...\{B498F489-881F-4F05-BEE5-E04E210C607A}) (Version: 3.3.1.2 - Hewlett-

Packard Company)
HP QuickWeb (HKLM-x32\...\{7861911B-4270-498A-8F7A-FCF0570F484B}) (Version: 1.0.1.48 - DeviceVM, 

Inc.)
HP SoftPaq Download Manager (HKLM-x32\...\{C02A47C0-8F30-4193-88E6-957FB8AFE4CA}) (Version: 

3.1.0.0 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{FC17E0A7-EAA9-4902-92F8-C83B9FD02246}) (Version: 5.0.14.2 - 

Hewlett-Packard Company)
HP Web Camera (Version: 1.0.0 - Hewlett-Packard) Hidden
HP Webcam (HKLM-x32\...\{1D61E881-43CD-447B-9E6B-D2C6138B2862}) (Version: 1.0 - Roxio)
HP Webcam Driver (HKLM-x32\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 5.8.50009.1 - 

Sonix)
HP Wireless Assistant (HKLM\...\{B7722D22-167A-4598-B666-0A4ADCCDE82B}) (Version: 4.0.4.2 - 

Hewlett-Packard)
HPAsset component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6257.0 - IDT)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.1.0 - LIGHTNING UK!)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) 

(Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 14.8 - Intel)
Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) 

(Version: 01.00.01.1002 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - 

Intel Corporation)
iTunes (HKLM\...\{28D73032-5DAA-4F83-B154-85105DBCCB92}) (Version: 10.3.1.55 - Apple Inc.)
Java Auto Updater (x32 Version: 2.0.2.1 - Sun Microsystems, Inc.) Hidden
Java Card Security for HP ProtectTools (HKLM\...\{F4477CC0-7293-414A-93BC-20EE897A80F0}) 

(Version: 5.0.4.1 - Hewlett-Packard)
Java(TM) 6 Update 20 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216020FF}) (Version: 6.0.200 - 

Sun Microsystems, Inc.)
Java(TM) 6 Update 21 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416021FF}) (Version: 6.0.210 

- Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
KhalInstallWrapper (Version: 2.00.0000 - Logitech) Hidden
LightScribe System Software (HKLM-x32\...\{82EF29B1-9B60-4142-A155-0599216DD053}) (Version: 

1.18.6.1 - LightScribe)
Logitech SetPoint (HKLM-x32\...\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}) (Version: 4.80 - 

Logitech)
LSI HDA Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.97 - LSI Corporation)
Malwarebytes Anti-Malware versie 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) 

(Version: 2.0.2.1012 - Malwarebytes Corporation)
MATLAB R2010b (HKLM\...\MatlabR2010b) (Version: 7.11 - The MathWorks, Inc.)
McAfee Agent (HKLM-x32\...\{AA951B10-7089-4D60-B288-516E641F48E6}) (Version: 4.0.0.1496 - McAfee, 

Inc.)
McAfee VirusScan Enterprise (HKLM-x32\...\{147BCE03-C0F1-4C9F-8157-6A89B6D2D973}) (Version: 

8.7.00003 - McAfee, Inc.)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) 

(Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile NLD Language Pack (Version: 4.0.30319 - Microsoft 

Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}

_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (Dutch) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) 

Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft 

Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (Dutch) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) 

Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) 

(Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (Dutch) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) 

Hidden
Microsoft Office InfoPath MUI (Dutch) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) 

Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) 

Hidden
Microsoft Office OneNote MUI (Dutch) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) 

Hidden
Microsoft Office Outlook MUI (Dutch) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) 

Hidden
Microsoft Office PowerPoint MUI (Dutch) 2007 (x32 Version: 12.0.6612.1000 - Microsoft 

Corporation) Hidden
Microsoft Office Proof (Dutch) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) 

Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (Dutch) 2007 (x32 Version: 12.0.4518.1017 - Microsoft Corporation) 

Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (Dutch) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) 

Hidden
Microsoft Office Shared 64-bit MUI (Dutch) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) 

Hidden
Microsoft Office Shared MUI (Dutch) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) 

Hidden
Microsoft Office Word MUI (Dutch) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) 

Hidden
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.60531.0 

- Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915

-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-

3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) 

(Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-

b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) 

(Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) 

(Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5

-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-

3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-

0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...

\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-

13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-

B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-

BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06

-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9

-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-

6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-

B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Windows Performance Toolkit (HKLM\...\{E7F9E526-2324-437B-A609-E8C5309465CB}) (Version: 

4.8.0 - Microsoft Corporation)
Microsoft Windows SDK for Windows 7 (7.1) (HKLM\...\SDKSetup_7.1.7600.0.30514) (Version: 

7.1.7600.0.30514 - Microsoft Corporation)
Microsoft Windows SDK for Windows 7 (7.1) (Version: 7.1.30514 - Microsoft Corporation) Hidden
Microsoft Windows SDK for Windows 7 Common Utilities (30514) (Version: 7.1.30514 - Microsoft 

Corporation) Hidden
Microsoft Windows SDK for Windows 7 Headers and Libraries (30514) (Version: 7.1.30514 - Microsoft 

Corporation) Hidden
Microsoft Windows SDK for Windows 7 Samples (30514) (Version: 7.1.30514 - Microsoft Corporation) 

Hidden
Microsoft Windows SDK for Windows 7 Utilities for Win32 Development (30514) (Version: 7.1.30514 - 

Microsoft Corporation) Hidden
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
MobileMe Control Panel (HKLM\...\{3C5E60F1-0821-4B07-97EA-84EB5A927CF6}) (Version: 3.1.6.0 - 

Apple Inc.)
Mozilla Firefox (3.6.17) (HKLM-x32\...\Mozilla Firefox (3.6.17)) (Version: 3.6.17 (nl) - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
NEC Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{D7BF9739-8A68-4335-

BBEE-37752AD9E86B}) (Version: 1.0.18.0 - NEC Electronics Corporation)
NEC Electronics USB 3.0 Host Controller Driver (x32 Version: 1.0.18.0 - NEC Electronics 

Corporation) Hidden
NVIDIA Grafisch stuurprogramma 340.84 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}

_Display.Driver) (Version: 340.84 - NVIDIA Corporation)
NVIDIA HD Audio-stuurprogramma 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}

_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.154.1150 - NVIDIA Corporation) Hidden
NVIDIA nView 141.36 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 

141.36 - NVIDIA Corporation)
NVIDIA nView Desktop Manager (Version: 6.14.10.13065 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.10.0514 - NVIDIA Corporation) Hidden
NVIDIA PhysX systeemsoftware 260.99 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}

_Display.PhysX) (Version: 260.99 - NVIDIA Corporation)
NVIDIA-configuratiescherm 340.84 (Version: 340.84 - NVIDIA Corporation) Hidden
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 3.5.117 - PDF Complete, Inc)
PokerStars (HKLM-x32\...\PokerStars) (Version:  - PokerStars)
Power Tab Editor 1.7 (HKLM-x32\...\{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}) (Version: 1.7.0 - 

Power Tab Software)
Pre-Boot Security for HP ProtectTools (Version: 5.0.7.1 - Hewlett-Packard) Hidden
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
PxMergeModule (x32 Version: 1.00.0000 - Your Company Name) Hidden
QLBCASL (x32 Version: 6.40.17.2 - Hewlett-Packard) Hidden
QuickTime (HKLM-x32\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)
RICOH Media Driver (HKLM-x32\...\{F5CC2EF8-20A4-4366-A681-3FE849E65809}) (Version: 2.13.00.05 - 

RICOH)
Skype Toolbars (HKLM-x32\...\{A29549FD-65F3-440C-A552-6B8114CF319D}) (Version: 5.2.4170 - Skype 

Technologies S.A.)
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype 

Technologies S.A.)
Stuurprogrammapakket voor Windows - Fedict SmartCard  (12/08/2009 4.0.0.3) (HKLM\...

\C22EC48700B9B9C08DDC2C12DA3BD6F8EA0DFFDE) (Version: 12/08/2009 4.0.0.3 - Fedict)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.24.0 - Synaptics 

Incorporated)
Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD (HKLM\...\Microsoft .NET 

Framework 4 Client Profile NLD Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Theft Recovery (HKLM-x32\...\InstallShield_{33C9F24B-1D92-4632-A915-81E3BB1D5D6B}) (Version: 

5.1.0.18 - Hewlett-Packard)
Theft Recovery (x32 Version: 5.1.0.18 - Hewlett-Packard) Hidden
UGS NX 7.5 (HKLM\...\{1A3B7925-AAFC-42BA-9E1F-A87CB777D0F6}) (Version: 7.5.0.32 - UGS)
UGS NX 7.5 Documentation (HKLM\...\{F90F9BCF-5138-4398-9F51-31DB55E940A4}) (Version: 7.5.0.32 - 

UGS)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-

0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-

36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-

36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0030-

0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - 

Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-

0000-1000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - 

Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0030-

0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - 

Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0030-

0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - 

Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-

001A-0413-0000-0000000FF1CE}_ENTERPRISE_{F8564AF8-30AE-4427-ACF3-69714E1BB656}) (Version:  - 

Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{90120000-0030

-0000-0000-0000000FF1CE}_ENTERPRISE_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - 

Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2889914) 32-Bit Edition (HKLM-

x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{F3F83933-75FC-4B60-84F2-3F8FA63D042E}) 

(Version:  - Microsoft)
Update voor Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0413-0000-

0000000FF1CE}_ENTERPRISE_{5CF7002F-6F49-4482-9564-5614FBE560FA}) (Version:  - Microsoft)
Update voor Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0413-

0000-0000000FF1CE}_ENTERPRISE_{15D84E79-1ED7-42C5-B2FD-745C3FBDDDC5}) (Version:  - Microsoft)
Update voor Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0413-0000-

0000000FF1CE}_ENTERPRISE_{A66AE6A1-8D8C-4102-BC18-38CBDE40F809}) (Version:  - Microsoft)
VC80CRTRedist - 8.0.50727.4053 (x32 Version: 1.1.0 - DivX, Inc) Hidden
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 

3.0.8.0 - Flagship Industries, Inc.)
Visual C++ 8.0 Runtime Setup Package (x64) (HKLM-x32\...\{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}) 

(Version: 9.0.0.623 - AVG Technologies CZ, s.r.o.)
VLC media player 1.0.1 (HKLM-x32\...\VLC media player) (Version: 1.0.1 - VideoLAN Team)
Windows 7 Default Setting (HKLM-x32\...\{26D317F9-B72D-42AA-B76A-F8CBEC350D99}) (Version: 1.0.1.4 

- Hewlett-Packard Company)
Windows Driver Package - Broadcom Bluetooth  (06/15/2009 6.2.0.9000) (HKLM\...

\6B8550A319DDC8B17F35F4A89988705E4592349B) (Version: 06/15/2009 6.2.0.9000 - Broadcom)
Windows Driver Package - Broadcom Bluetooth  (07/30/2009 6.2.0.9405) (HKLM\...

\6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1) (Version: 07/30/2009 6.2.0.9405 - Broadcom)
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800) (HKLM\...

\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft 

Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922 - Microsoft Corporation) 

Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
XBMC (HKCU\...\XBMC) (Version:  - Team XBMC)
Xfire (remove only) (HKLM-x32\...\Xfire) (Version:  - )
Xvid 1.2.1 final uninstall (HKLM-x32\...\Xvid_is1) (Version: 1.2 - Xvid team (Koepi))

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will 

not be moved.)

CustomCLSID: HKU\S-1-5-21-3434663956-2992879644-1888042936-1007_Classes\CLSID\{005A3A96-BAC4-

4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Nick\AppData\Roaming\Dropbox\bin\Dropbox.exe 

(Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3434663956-2992879644-1888042936-1007_Classes\CLSID\{355EC88A-02E2-

4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Nick\AppData\Local\Google\Update

\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3434663956-2992879644-1888042936-1007_Classes\CLSID\{90B3DFBF-AF6A-

4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Nick\AppData\Local\Google\Update

\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3434663956-2992879644-1888042936-1007_Classes\CLSID\{E8CF3E55-F919-

49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Nick\AppData\Local\Google\Update

\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3434663956-2992879644-1888042936-1007_Classes\CLSID\{FB314ED9-A251-

47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nick\AppData\Roaming\Dropbox\bin

\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3434663956-2992879644-1888042936-1007_Classes\CLSID\{FB314EDA-A251-

47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nick\AppData\Roaming\Dropbox\bin

\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3434663956-2992879644-1888042936-1007_Classes\CLSID\{FB314EDB-A251-

47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nick\AppData\Roaming\Dropbox\bin

\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3434663956-2992879644-1888042936-1007_Classes\CLSID\{FB314EDC-A251-

47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nick\AppData\Roaming\Dropbox\bin

\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3434663956-2992879644-1888042936-1007_Classes\CLSID\{FB314EDD-A251-

47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nick\AppData\Roaming\Dropbox\bin

\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3434663956-2992879644-1888042936-1007_Classes\CLSID\{FB314EDE-A251-

47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nick\AppData\Roaming\Dropbox\bin

\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3434663956-2992879644-1888042936-1007_Classes\CLSID\{FB314EDF-A251-

47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nick\AppData\Roaming\Dropbox\bin

\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3434663956-2992879644-1888042936-1007_Classes\CLSID\{FB314EE0-A251-

47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nick\AppData\Roaming\Dropbox\bin

\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3434663956-2992879644-1888042936-1007_Classes\CLSID\{FE498BAB-CB4C-

4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Nick\AppData\Local\Google\Update

\1.3.24.7\psuser_64.dll No File

==================== Restore Points  =========================

12-10-2014 01:04:15 Windows 7 Service Pack 1
12-10-2014 19:16:59 Windows Update
12-10-2014 22:50:07 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file 

could be listed separately to be moved.)

Task: {1855AF7B-C979-4988-82DC-9A393AB81DE1} - System32\Tasks\{36EC67D2-CC09-4F72-87EF-

96C0F09033E4} => Firefox.exe http://ui.skype.com/ui/0/5.3.0.111/en/abandoninstall?

page=tsChrome&amp;installinfo=google-toolbar:notoffered;ienotdefaultbrowser2,google-

chrome:offered-installed;madedefault
Task: {653AD53C-65E2-4A26-A922-39D9D075CC62} - System32\Tasks\{BECBD81D-09B7-47B1-93C7-

ED15B22486CD} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2014-10-01] (Skype Technologies 

S.A.)
Task: {8B6F9D5B-C153-44F3-9D15-55338860AA2B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:

\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-16] (Google Inc.)
Task: {9C814824-F337-4F9D-A86F-46542C6A2719} - System32\Tasks\GoogleUpdateTaskMachineUA => C:

\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-16] (Google Inc.)
Task: {CDC53167-4463-42EE-BFEF-2471E966F62D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:

\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash

\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3434663956-2992879644-1888042936-

1007Core1cd64f3c02902e5.job => C:\Users\Nick\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3434663956-2992879644-1888042936-1007UA.job 

=> C:\Users\Nick\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update

\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update

\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3434663956-2992879644-1888042936-

1007Core1ce086acbd84722.job => C:\Users\Nick\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3434663956-2992879644-1888042936-1007UA.job 

=> C:\Users\Nick\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-09-25 11:49 - 2014-09-23 06:07 - 08577864 _____ () C:\Users\Nick\AppData\Local\Google

\Chrome\Application\37.0.2062.124\pdf.dll
2014-09-25 11:49 - 2014-09-23 06:07 - 00331592 _____ () C:\Users\Nick\AppData\Local\Google

\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll
2014-09-25 11:49 - 2014-09-23 06:06 - 01660232 _____ () C:\Users\Nick\AppData\Local\Google

\Chrome\Application\37.0.2062.124\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The 

"AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\34695040.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\34695040.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will 

be removed.)

HKU\S-1-5-21-3434663956-2992879644-1888042936-1007\Software\Classes\.exe:  =>  <===== ATTENTION!

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AESTFilters => 2
MSCONFIG\Services: AgereModemAudio => 2
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: btwdins => 2
MSCONFIG\Services: Com4QLBEx => 3
MSCONFIG\Services: DEBridge => 3
MSCONFIG\Services: DpHost => 2
MSCONFIG\Services: FLCDLOCK => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: HP Health Check Service => 2
MSCONFIG\Services: HP Power Assistant Service => 2
MSCONFIG\Services: HP ProtectTools Service => 2
MSCONFIG\Services: HP Wireless Assistant Service => 2
MSCONFIG\Services: HPDayStarterService => 2
MSCONFIG\Services: HPDrvMntSvc.exe => 2
MSCONFIG\Services: HpFkCryptService => 2
MSCONFIG\Services: HPFSService => 2
MSCONFIG\Services: hpqwmiex => 3
MSCONFIG\Services: hpsrv => 2
MSCONFIG\Services: IAANTMON => 2
MSCONFIG\Services: IFXSpMgtSrv => 2
MSCONFIG\Services: IFXTCS => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: LightScribeService => 2
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: pdfcDispatcher => 2
MSCONFIG\Services: PersonalSecureDriveService => 2
MSCONFIG\Services: STacSV => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: UNS => 2
MSCONFIG\Services: wltrysvc => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start 

Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start 

Menu^Programs^Startup^vpngui.exe.lnk => C:\Windows\pss\vpngui.exe.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM

\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 

9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE

\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AppleSyncNotifier => C:\Program Files (x86)\Common Files\Apple\Mobile Device 

Support\AppleSyncNotifier.exe
MSCONFIG\startupreg: beid => "C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe" 

/startup
MSCONFIG\startupreg: Broadcom Wireless Manager UI => C:\Program Files\Broadcom\Broadcom 

802.11\WLTRAY.exe
MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
MSCONFIG\startupreg: CanonSolutionMenu => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe 

/logon
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" 

/CHECKNOW
MSCONFIG\startupreg: DS3 Tool => C:\Program Files\MotioninJoy\ds3\DS3_Tool.exe -mini
MSCONFIG\startupreg: Google Update => "C:\Users\Nick\AppData\Local\Google\Update

\GoogleUpdate.exe" /c
MSCONFIG\startupreg: GoogleDriveSync => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" 

/autostart
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: McAfeeUpdaterUI => "C:\Program Files (x86)\McAfee\Common Framework

\udaterui.exe" /StartedFromRunKey
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" 

/background
MSCONFIG\startupreg: NokiaSuite.exe => C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -

tray
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update

\jusched.exe"

========================= Accounts: ==========================

Administrator (S-1-5-21-3434663956-2992879644-1888042936-500 - Administrator - Disabled)
Gast (S-1-5-21-3434663956-2992879644-1888042936-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-3434663956-2992879644-1888042936-1008 - Limited - Enabled)
Jeroen (S-1-5-21-3434663956-2992879644-1888042936-1009 - Limited - Enabled) => C:\Users\Jeroen
Nick (S-1-5-21-3434663956-2992879644-1888042936 - Administrator - Enabled)
Nick-Ipod (S-1-5-21-3434663956-2992879644-1888042936-1010 - Administrator - Enabled) => C:\Users

\Nick-Ipod

==================== Faulty Device Manager Devices =============

Name: AVG Free Network Redirector x64
Description: AVG Free Network Redirector x64
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: AvgTdiA
Problem: : This device is not present, is not working properly, or does not have all its drivers 

installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a 

new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be 

resolved.

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers 

installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a 

new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be 

resolved.

Name: sptd
Description: sptd
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: sptd
Problem: : This device is not present, is not working properly, or does not have all its drivers 

installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a 

new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be 

resolved.

Name: McAfee Inc. mfehidk
Description: McAfee Inc. mfehidk
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: mfehidk
Problem: : This device is not present, is not working properly, or does not have all its drivers 

installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a 

new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be 

resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/13/2014 00:45:01 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) 

(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to 

compile: System.IdentityModel, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 

. Error code = 0x800706be

Error: (10/13/2014 00:44:58 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Naam van toepassing met fout: mscorsvw.exe, versie: 4.0.30319.17929, tijdstempel: 

0x4ffa55d9
Naam van module met fout: mscorwks.dll, versie: 2.0.50727.4984, tijdstempel: 0x503f0189
Uitzonderingscode: 0xc0000005
Foutoffset: 0x00003f94
Id van proces met fout: 0x%9
Starttijd van toepassing met fout: 0xmscorsvw.exe0
Pad naar toepassing met fout: mscorsvw.exe1
Pad naar module met fout: mscorsvw.exe2
Rapport-id: mscorsvw.exe3

Error: (10/13/2014 00:44:57 AM) (Source: .NET Runtime) (EventID: 1023) (User: )
Description: .NET Runtime version 2.0.50727.4984 - Onherstelbare fout van Execution Engine 

(59BED58E) (80131506)

Error: (10/12/2014 10:36:18 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description: De service Cryptografische services kan het object van VSS-back-up 'System Writer' 

niet initialiseren.


Details:
Could not query the status of the EventSystem service.

System Error:
Systeem wordt 

afgesloten.
.

Error: (10/12/2014 10:32:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Naam van toepassing met fout: taskmgr.exe, versie: 6.1.7600.16385, tijdstempel: 

0x4a5bc3ee
Naam van module met fout: nview64.dll, versie: 6.14.10.14062, tijdstempel: 0x519b73dc
Uitzonderingscode: 0xc0000409
Foutoffset: 0x00000000000dc6ff
Id van proces met fout: 0x1048
Starttijd van toepassing met fout: 0xtaskmgr.exe0
Pad naar toepassing met fout: taskmgr.exe1
Pad naar module met fout: taskmgr.exe2
Rapport-id: taskmgr.exe3

Error: (10/12/2014 10:31:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Naam van toepassing met fout: taskmgr.exe, versie: 6.1.7600.16385, tijdstempel: 

0x4a5bc3ee
Naam van module met fout: nview64.dll, versie: 6.14.10.14062, tijdstempel: 0x519b73dc
Uitzonderingscode: 0xc0000409
Foutoffset: 0x00000000000dc6ff
Id van proces met fout: 0xfb8
Starttijd van toepassing met fout: 0xtaskmgr.exe0
Pad naar toepassing met fout: taskmgr.exe1
Pad naar module met fout: taskmgr.exe2
Rapport-id: taskmgr.exe3

Error: (10/12/2014 10:30:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Naam van toepassing met fout: taskmgr.exe, versie: 6.1.7600.16385, tijdstempel: 

0x4a5bc3ee
Naam van module met fout: nview64.dll, versie: 6.14.10.14062, tijdstempel: 0x519b73dc
Uitzonderingscode: 0xc0000409
Foutoffset: 0x00000000000dc6ff
Id van proces met fout: 0xd00
Starttijd van toepassing met fout: 0xtaskmgr.exe0
Pad naar toepassing met fout: taskmgr.exe1
Pad naar module met fout: taskmgr.exe2
Rapport-id: taskmgr.exe3

Error: (10/12/2014 10:29:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Naam van toepassing met fout: wmpnscfg.exe, versie: 12.0.7600.16385, tijdstempel: 

0x4a5bd026
Naam van module met fout: nview64.dll, versie: 6.14.10.14062, tijdstempel: 0x519b73dc
Uitzonderingscode: 0xc0000409
Foutoffset: 0x00000000000dc6ff
Id van proces met fout: 0x42c
Starttijd van toepassing met fout: 0xwmpnscfg.exe0
Pad naar toepassing met fout: wmpnscfg.exe1
Pad naar module met fout: wmpnscfg.exe2
Rapport-id: wmpnscfg.exe3

Error: (10/12/2014 10:29:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Naam van toepassing met fout: wmpnscfg.exe, versie: 12.0.7600.16385, tijdstempel: 

0x4a5bd026
Naam van module met fout: nview64.dll, versie: 6.14.10.14062, tijdstempel: 0x519b73dc
Uitzonderingscode: 0xc0000409
Foutoffset: 0x00000000000dc6ff
Id van proces met fout: 0x1690
Starttijd van toepassing met fout: 0xwmpnscfg.exe0
Pad naar toepassing met fout: wmpnscfg.exe1
Pad naar module met fout: wmpnscfg.exe2
Rapport-id: wmpnscfg.exe3

Error: (10/12/2014 10:29:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Naam van toepassing met fout: wmpnscfg.exe, versie: 12.0.7600.16385, tijdstempel: 

0x4a5bd026
Naam van module met fout: nview64.dll, versie: 6.14.10.14062, tijdstempel: 0x519b73dc
Uitzonderingscode: 0xc0000409
Foutoffset: 0x00000000000dc6ff
Id van proces met fout: 0x500
Starttijd van toepassing met fout: 0xwmpnscfg.exe0
Pad naar toepassing met fout: wmpnscfg.exe1
Pad naar module met fout: wmpnscfg.exe2
Rapport-id: wmpnscfg.exe3


System errors:
=============
Error: (10/15/2014 00:28:50 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: De Computer Browser-service is afhankelijk van de Server-service, die vanwege de 

volgende fout niet kan worden gestart: 
%%1068

Error: (10/15/2014 00:28:50 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: De Computer Browser-service is afhankelijk van de Server-service, die vanwege de 

volgende fout niet kan worden gestart: 
%%1068

Error: (10/15/2014 00:28:50 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: De Computer Browser-service is afhankelijk van de Server-service, die vanwege de 

volgende fout niet kan worden gestart: 
%%1068

Error: (10/15/2014 00:28:26 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: De Computer Browser-service is afhankelijk van de Server-service, die vanwege de 

volgende fout niet kan worden gestart: 
%%1068

Error: (10/15/2014 00:28:26 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: De Computer Browser-service is afhankelijk van de Server-service, die vanwege de 

volgende fout niet kan worden gestart: 
%%1068

Error: (10/15/2014 00:28:26 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: De Computer Browser-service is afhankelijk van de Server-service, die vanwege de 

volgende fout niet kan worden gestart: 
%%1068

Error: (10/15/2014 00:27:30 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: De Computer Browser-service is afhankelijk van de Server-service, die vanwege de 

volgende fout niet kan worden gestart: 
%%1068

Error: (10/15/2014 00:27:30 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: De Computer Browser-service is afhankelijk van de Server-service, die vanwege de 

volgende fout niet kan worden gestart: 
%%1068

Error: (10/15/2014 00:27:30 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: De Computer Browser-service is afhankelijk van de Server-service, die vanwege de 

volgende fout niet kan worden gestart: 
%%1068

Error: (10/15/2014 00:27:30 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: De Computer Browser-service is afhankelijk van de Server-service, die vanwege de 

volgende fout niet kan worden gestart: 
%%1068


Microsoft Office Sessions:
=========================
Error: (05/27/2014 02:12:08 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, 

Microsoft Office Version: 12.0.6612.1000. This session lasted 3091 seconds with 2340 seconds of 

active time.  This session ended with a crash.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5 CPU M 520 @ 2.40GHz
Percentage of memory in use: 23%
Total physical RAM: 3957.5 MB
Available physical RAM: 3032.04 MB
Total Pagefile: 7913.14 MB
Available Pagefile: 6988.6 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:280.46 GB) (Free:80.58 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 71168071)
Partition 1: (Active) - (Size=283 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=280.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Edited by dropdead33, 14 October 2014 - 05:45 PM.


#4 dropdead33

dropdead33
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:49 PM

Posted 14 October 2014 - 06:15 PM

2: Results Gmer rootkit scanner

GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-10-15 01:13:23
Windows 6.1.7600  x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.LH01 298,09GB
Running: mclx39op.exe; Driver: C:\Users\Nick\AppData\Local\Temp\pxldqpoc.sys


---- Threads - GMER 2.1 ----

Thread  C:\Windows\System32\svchost.exe [2260:2348]                                                      000007fef8389688

---- Registry - GMER 2.1 ----

Reg     HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\70f3955af771                      
Reg     HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\70f3955b1cf8                      
Reg     HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\70f3955af771 (not active ControlSet)  
Reg     HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\70f3955b1cf8 (not active ControlSet)  

---- EOF - GMER 2.1 ----


Edited by dropdead33, 14 October 2014 - 06:17 PM.


#5 dropdead33

dropdead33
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:49 PM

Posted 14 October 2014 - 06:31 PM

3: TDSS killer.

So here's the downside. I tried using this program before. 
I don't recall using/finding any results then though. 

Luckily I didn't run the program after my original post on this forum (Forum rules)
So that this is still step 3. 
I hope I didn't screw things up and we're still good to go. 

In attachment are the log files from 15/10/2015 
If you also need the log files from 7/10/2015 (before the previous scans) Just ask :) 

 

 



#6 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:49 PM

Posted 16 October 2014 - 09:15 AM

I can´t see an attachment - did you forget to add it?


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#7 dropdead33

dropdead33
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:49 PM

Posted 17 October 2014 - 05:58 AM

 Damn I feel like a newb now. 

 

Yup forgot to click the second button.
My apologies. 

Attached Files



#8 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:49 PM

Posted 17 October 2014 - 08:00 AM

Going over your logs I noticed that you have uTorrent installed.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall uTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.
If you wish to keep it, please do not use it until your computer is cleaned.

 

 

 

Add-/remove programms

Click on start-->control panel.

Vista/7: Open Programs and Features
XP: Open add/remove programs

Search for and remove the following programs

Conduit Engine


Close the window.

 

 

 

 

Fix with FRST (normal mode)

WARNING: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
 

  • Download the attached fixlist.txt and save it to the location where FRST is saved to.
  • Run FRST.exe (on 64bit, run FRST64.exe) and press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply.

 

 

 

 

Full System Scan with Malwarebytes Antimalware
 

  • If not existing, please download Malwarebytes Anti-Malware to your desktop.
  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

Attached Files


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#9 dropdead33

dropdead33
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:49 PM

Posted 17 October 2014 - 09:43 AM

Hey there,

This is the FRST fixlog.txt
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-10-2014
Ran by Nick at 2014-10-17 16:27:21 Run:1
Running from C:\Users\Nick\Downloads
Loaded Profile: Nick (Available profiles: Nick & Jeroen & Nick-Ipod)
Boot Mode: Safe Mode (with Networking)
==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-3434663956-2992879644-1888042936-1007\Software\Classes\.exe:  =>  <===== ATTENTION!
http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2304157
SearchScopes: HKCU - {D283BCBF-2216-48A6-B28E-A0E1D49F5DA4} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYBE&apn_uid=ED1959E7-11EA-42E2-BBDD-6945EF2296F5&apn_sauid=D24271C1-F25F-4730-AC30-C579EAB779F7
SearchScopes: HKLM-x32 - DefaultScope {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2304157
SearchScopes: HKLM-x32 - {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2304157
GroupPolicyUsers\S-1-5-21-3434663956-2992879644-1888042936-1009\User: Group Policy restriction detected <======= ATTENTION
C:\Users\Jeroen\jagex_runescape_preferences.dat
C:\Users\Jeroen\jagex_runescape_preferences2.dat
C:\Users\Nick\jagex_cl_oldschool_LIVE.dat
C:\Users\Nick\jagex_cl_runescape_LIVE.dat
C:\Users\Nick\random.dat

EmptyTemp:
*****************

"HKU\S-1-5-21-3434663956-2992879644-1888042936-1007\Software\Classes\.exe" => Key deleted successfully.
http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2304157 => Error: No automatic fix found for this entry.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D283BCBF-2216-48A6-B28E-A0E1D49F5DA4}" => Key deleted successfully.
"HKCR\CLSID\{D283BCBF-2216-48A6-B28E-A0E1D49F5DA4}" => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}" => Key not found.
C:\Windows\system32\GroupPolicyUsers\S-1-5-21-3434663956-2992879644-1888042936-1009\User => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
C:\Users\Jeroen\jagex_runescape_preferences.dat => Moved successfully.
C:\Users\Jeroen\jagex_runescape_preferences2.dat => Moved successfully.
C:\Users\Nick\jagex_cl_oldschool_LIVE.dat => Moved successfully.
C:\Users\Nick\jagex_cl_runescape_LIVE.dat => Moved successfully.
C:\Users\Nick\random.dat => Moved successfully.
EmptyTemp: => Removed 31.5 GB temporary data.



#10 dropdead33

dropdead33
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:49 PM

Posted 17 October 2014 - 10:04 AM

<?xml version="1.0" encoding="UTF-16" ?>
<mbam-log>
<header>
<date>2014/10/17 16:35:45 +0200</date>
<logfile>mbam-log-2014-10-17 (16-35-44).xml</logfile>
<isadmin>yes</isadmin>
</header>
<engine>
<version>2.00.2.1012</version>
<malware-database>v2014.10.17.05</malware-database>
<rootkit-database>v2014.10.15.01</rootkit-database>
<license>free</license>
<file-protection>disabled</file-protection>
<web-protection>disabled</web-protection>
<self-protection>disabled</self-protection>
</engine>
<system>
<osversion>Windows 7</osversion>
<arch>x64</arch>
<username>Nick</username>
<filesys>NTFS</filesys>
</system>
<summary>
<type>threat</type>
<result>completed</result>
<objects>402128</objects>
<time>807</time>
<processes>0</processes>
<modules>0</modules>
<keys>0</keys>
<values>0</values>
<datas>0</datas>
<folders>0</folders>
<files>0</files>
<sectors>0</sectors>
</summary>
<options>
<memory>enabled</memory>
<startup>enabled</startup>
<filesystem>enabled</filesystem>
<archives>enabled</archives>
<rootkits>disabled</rootkits>
<deeprootkit>disabled</deeprootkit>
<heuristics>enabled</heuristics>
<pup>enabled</pup>
<pum>enabled</pum>
</options>
<items>
</items>
</mbam-log>

The scan didn't show up any threats. 



#11 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:49 PM

Posted 20 October 2014 - 10:43 AM

Scan with ESET Online Scan

Go here to run an online scannner from ESET. Windows Vista/Windows 7/Windows 8 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

  • Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Here's how.
  • Click the blue Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the program to install the "OnlineScanner.cab" activex control by clicking the Install button
  • Once the activex control is installed, on the next screen click on Enable detection of potentially unwanted applications
  • Click on Advanced Settings
  • Make sure that the option Remove found threats is unticked.
  • Ensure these options are ticked
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start
  • Wait for the scan to finish
  • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
  • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
  • Close the ESET online scan, and let me know how things are now.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#12 dropdead33

dropdead33
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:49 PM

Posted 21 October 2014 - 09:52 AM

C:\Program Files (x86)\Conduit\Community Alerts\Alert.dll Win32/Toolbar.Conduit.Y potentially unwanted application
C:\Users\Jeroen\AppData\LocalLow\ConduitEngine\ConduitEngine.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted application
C:\Users\Jeroen\AppData\LocalLow\XfireXO\tbXfir.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted application
C:\Users\Nick\Downloads\bitcoin-0.8.5-win32-setup.exe a variant of Win32/BitCoinMiner.BJ potentially unsafe application
C:\Users\Nick\Downloads\ccsetup412.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Nick\Downloads\litecoin-0.8.5.1-win32-setup.exe a variant of Win32/BitCoinMiner.BJ potentially unsafe application
C:\Users\Nick\Downloads\litecoin-0.8.6.1-win32-setup.exe a variant of Win32/BitCoinMiner.BJ potentially unsafe application
C:\Users\Nick\Downloads\PDF_Sam_Installer.exe a variant of Win32/InstallIQ.A potentially unwanted application
C:\Users\Nick-Ipod\AppData\LocalLow\ConduitEngine\ConduitEngine.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted application
C:\Users\Nick-Ipod\AppData\LocalLow\XfireXO\tbXfir.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted application

Edited by dropdead33, 21 October 2014 - 11:07 AM.


#13 dropdead33

dropdead33
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:49 PM

Posted 21 October 2014 - 09:56 AM

Well, I noticed a decrease in BSOD's. I'm currently on a normal boot.
But I still don't feel save with that spooky virus.

I noticed you have a paypal donation adress. Any chance I can donate using Bitcoin? :)


Edited by dropdead33, 21 October 2014 - 09:57 AM.


#14 dropdead33

dropdead33
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:49 PM

Posted 26 October 2014 - 10:06 AM

I haven't removed any of the found threats. 

Just posted 'em here :P what should I do now? 



#15 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:05:49 PM

Posted 29 October 2014 - 02:57 AM

Hi dropdead33,

Marius is not available at the moment, so I will work with you from now on. Please post back with a fresh FRST logfile and tell me how the system is running.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users