Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

COM surrogate 32* / SYSWOW64


  • This topic is locked This topic is locked
8 replies to this topic

#1 HardCoreHolland

HardCoreHolland

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:36 PM

Posted 05 January 2015 - 06:38 PM

Dear helpers,

 

After an quick download&install of software my pc got infected by the COM Surrogate 32 virus.

I already tried MBAM and AdwCleaner, but the tools run in the 32* file and won't be found.

 

I also found the SysWow64 map in  C:/Windows

 

Operating System
Windows 7 Ultimate 64-bit SP1
Computer type: Desktop

 

 

DDS Log :

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17496  BrowserJavaVersion: 11.25.2
Run by Colin at 0:18:19 on 2015-01-06
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.31.1043.18.7935.6404 [GMT 1:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
mRun: [StartCCC] "C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
TCP: NameServer = 192.168.2.254 195.121.1.34 195.121.1.66
TCP: Interfaces\{70A37CDF-090A-4939-A86C-FA8284A97C6C} : DHCPNameServer = 192.168.2.254 195.121.1.34 195.121.1.66
TCP: Interfaces\{70A37CDF-090A-4939-A86C-FA8284A97C6C}\35F444F4D213 : DHCPNameServer = 192.168.2.254 195.121.1.34 195.121.1.66
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = about:blank
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2014-11-21 244736]
R2 AODDriver4.3;AODDriver4.3;C:\Program Files\AMD\ATI.ACE\Fuel\amd64\aoddriver2.sys [2014-2-11 59616]
R3 athur;Atheros AR9271 Wireless Network Adapter Service;C:\Windows\System32\drivers\athurx.sys [2010-1-5 1847296]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2014-11-12 58536]
R3 ysusb64;Yamaha Steinberg USB Audio;C:\Windows\System32\drivers\ysusb64.sys [2014-8-19 132160]
RUnknown SASKUTIL;SASKUTIL; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2014-6-21 94720]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-12-9 114688]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-9-21 351520]
S3 LVUVC64;Logitech HD Webcam C270(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-9-21 4763680]
S3 PSKMAD;PSKMAD;C:\Windows\System32\drivers\PSKMAD.sys [2014-11-26 47632]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2015-1-5 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2015-1-5 56832]
S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-11-26 1255736]
.
=============== Created Last 30 ================
.
2015-01-05 22:34:11 135384 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2015-01-05 22:33:58 96472 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2015-01-05 22:02:57 -------- d-----w- C:\Program Files\HitmanPro
2015-01-05 22:02:21 -------- d-----w- C:\ProgramData\HitmanPro
2015-01-05 21:30:30 -------- d-----w- C:\Users\Colin\AppData\Roaming\WinPatrol
2015-01-05 21:06:41 -------- d-----w- C:\AdwCleaner
2015-01-05 20:50:44 35064 ----a-w- C:\Windows\System32\drivers\TrueSight.sys
2015-01-05 20:50:42 -------- d-----w- C:\ProgramData\RogueKiller
2015-01-05 20:37:22 -------- d-----w- C:\Program Files (x86)\Elaborate Bytes
2015-01-05 19:01:29 -------- d-sh--w- C:\Users\Colin\AppData\Local\EmieUserList
2015-01-05 19:01:29 -------- d-sh--w- C:\Users\Colin\AppData\Local\EmieSiteList
2015-01-05 19:01:29 -------- d-sh--w- C:\Users\Colin\AppData\Local\EmieBrowserModeList
2015-01-05 18:37:19 -------- d-s---w- C:\Windows\SysWow64\Microsoft
2015-01-05 17:47:24 -------- d-----w- C:\Windows\System32\drivers\en-US
2015-01-05 14:49:01 -------- d-----w- C:\Users\Colin\AppData\Local\DriverToolkit
2015-01-05 14:48:57 -------- d-----w- C:\Program Files (x86)\DriverToolkit
2015-01-02 14:53:21 11870360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2B581575-2198-4939-A2D6-D156C094A598}\mpengine.dll
2015-01-01 12:06:37 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-12-31 19:12:03 -------- d-----w- C:\Windows\SysWow64\vbox
2014-12-31 19:12:03 -------- d-----w- C:\Windows\System32\vbox
2014-12-31 19:08:45 -------- d-----w- C:\ProgramData\AVAST Software
2014-12-31 08:59:46 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-12-31 08:08:56 -------- d-sh--w- C:\$RECYCLE.BIN
2014-12-31 06:09:21 -------- d-----w- C:\Program Files (x86)\System Ninja
2014-12-30 23:57:18 -------- d-----w- C:\Users\Colin\AppData\Local\TechSmith
2014-12-30 23:14:55 -------- d-----w- C:\Users\Colin\AppData\Local\Logitech® Webcam Software
2014-12-30 01:58:03 -------- d-----w- C:\Users\Colin\AppData\Local\gtk-2.0
2014-12-22 16:07:57 -------- d--h--w- C:\ProgramData\CanonIJMIG
2014-12-22 16:07:33 -------- d--h--w- C:\ProgramData\CanonIJScan
2014-12-21 21:40:10 -------- d-----w- C:\Users\Colin\AppData\Roaming\PowerISO
2014-12-19 14:08:21 -------- d-----w- C:\Users\Colin\AppData\Roaming\library_dir
2014-12-18 03:50:30 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-12-18 03:50:30 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-12-14 12:40:14 15576 ----a-w- C:\Users\Colin\AppData\Roaming\Microsoft\IdentityCRL\ppcrlconfig.dll
2014-12-10 17:45:35 -------- d-----w- C:\Program Files (x86)\AMD AVT
2014-12-10 17:42:47 -------- d-----w- C:\Program Files (x86)\AMD
2014-12-10 02:01:32 55808 ----a-w- C:\Windows\System32\rrinstaller.exe
2014-12-10 02:01:32 50176 ----a-w- C:\Windows\SysWow64\rrinstaller.exe
2014-12-10 02:01:32 4121600 ----a-w- C:\Windows\System32\mf.dll
2014-12-10 02:01:32 3209728 ----a-w- C:\Windows\SysWow64\mf.dll
2014-12-10 02:01:32 24576 ----a-w- C:\Windows\System32\mfpmp.exe
2014-12-10 02:01:32 23040 ----a-w- C:\Windows\SysWow64\mfpmp.exe
2014-12-10 02:01:32 206848 ----a-w- C:\Windows\System32\mfps.dll
2014-12-10 02:01:32 2048 ----a-w- C:\Windows\SysWow64\mferror.dll
2014-12-10 02:01:32 2048 ----a-w- C:\Windows\System32\mferror.dll
2014-12-10 02:01:32 103424 ----a-w- C:\Windows\SysWow64\mfps.dll
2014-12-09 21:42:24 165888 ----a-w- C:\Windows\System32\charmap.exe
.
==================== Find3M  ====================
.
2014-11-26 03:28:09 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-11-25 02:06:30 175616 ----a-w- C:\Windows\System32\msclmd.dll
2014-11-25 02:06:30 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2014-11-24 13:04:56 275080 ------w- C:\Windows\System32\MpSigStub.exe
2014-11-22 03:06:23 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-11-22 03:06:11 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-11-22 02:50:39 66560 ----a-w- C:\Windows\System32\iesetup.dll
2014-11-22 02:50:10 580096 ----a-w- C:\Windows\System32\vbscript.dll
2014-11-22 02:49:54 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-11-22 02:48:20 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-11-22 02:35:29 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-11-22 02:34:51 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-11-22 02:34:07 6039552 ----a-w- C:\Windows\System32\jscript9.dll
2014-11-22 02:26:31 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-11-22 02:20:44 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-11-22 02:14:16 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-11-22 02:07:43 501248 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-11-22 02:07:17 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-11-22 02:06:32 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-11-22 02:05:02 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-11-22 01:54:30 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-11-22 01:47:10 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-11-22 01:46:58 2125312 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-11-22 01:40:04 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-22 01:29:26 4299264 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-11-22 01:28:21 2358272 ----a-w- C:\Windows\System32\wininet.dll
2014-11-22 01:22:49 2052096 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-11-22 01:21:57 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-11-22 01:00:20 1888256 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-11-21 02:44:42 78432 ----a-w- C:\Windows\System32\atimpc64.dll
2014-11-21 02:44:42 78432 ----a-w- C:\Windows\System32\amdpcom64.dll
2014-11-21 02:44:40 71704 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2014-11-21 02:44:40 71704 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2014-11-21 02:44:28 144328 ----a-w- C:\Windows\System32\atiuxp64.dll
2014-11-21 02:44:26 126848 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2014-11-21 02:44:24 118096 ----a-w- C:\Windows\System32\atiu9p64.dll
2014-11-21 02:44:22 100032 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2014-11-21 02:44:20 1348928 ----a-w- C:\Windows\System32\aticfx64.dll
2014-11-21 02:44:16 1127496 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2014-11-21 02:44:10 11076784 ----a-w- C:\Windows\System32\atidxx64.dll
2014-11-21 02:44:04 9401480 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2014-11-21 02:43:56 7558816 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2014-11-21 02:43:50 7077776 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2014-11-21 02:43:42 8379720 ----a-w- C:\Windows\System32\atiumd6a.dll
2014-11-21 02:43:38 8369408 ----a-w- C:\Windows\System32\atiumd64.dll
2014-11-21 02:41:36 294600 ----a-w- C:\Windows\System32\drivers\amdacpksd.sys
2014-11-21 02:40:00 18959360 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2014-11-21 02:33:12 235008 ----a-w- C:\Windows\System32\clinfo.exe
2014-11-21 02:33:06 98816 ----a-w- C:\Windows\System32\OpenVideo64.dll
2014-11-21 02:33:06 83456 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2014-11-21 02:33:04 86528 ----a-w- C:\Windows\System32\OVDecode64.dll
2014-11-21 02:33:02 73216 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2014-11-21 02:33:00 47899136 ----a-w- C:\Windows\System32\amdocl64.dll
2014-11-21 02:32:08 40987136 ----a-w- C:\Windows\SysWow64\amdocl.dll
2014-11-21 02:31:18 65024 ----a-w- C:\Windows\System32\OpenCL.dll
2014-11-21 02:31:16 58880 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2014-11-21 02:24:50 28354560 ----a-w- C:\Windows\System32\atio6axx.dll
2014-11-21 02:19:36 23621632 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2014-11-21 02:19:26 49664 ----a-w- C:\Windows\System32\amdmmcl6.dll
2014-11-21 02:19:22 38912 ----a-w- C:\Windows\SysWow64\amdmmcl.dll
2014-11-21 02:18:46 127488 ----a-w- C:\Windows\System32\mantle64.dll
2014-11-21 02:18:42 113664 ----a-w- C:\Windows\SysWow64\mantle32.dll
2014-11-21 02:18:36 5837312 ----a-w- C:\Windows\System32\amdmantle64.dll
2014-11-21 02:17:04 367104 ----a-w- C:\Windows\System32\atiapfxx.exe
2014-11-21 02:17:02 62464 ----a-w- C:\Windows\System32\aticalrt64.dll
2014-11-21 02:17:02 52224 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2014-11-21 02:16:58 55808 ----a-w- C:\Windows\System32\aticalcl64.dll
2014-11-21 02:16:58 49152 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2014-11-21 02:16:52 15716352 ----a-w- C:\Windows\System32\aticaldd64.dll
2014-11-21 02:16:04 14302208 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2014-11-21 02:15:42 4590592 ----a-w- C:\Windows\SysWow64\amdmantle32.dll
2014-11-21 02:13:12 91648 ----a-w- C:\Windows\System32\mantleaxl64.dll
2014-11-21 02:13:10 85504 ----a-w- C:\Windows\SysWow64\mantleaxl32.dll
2014-11-21 02:12:50 442368 ----a-w- C:\Windows\System32\atidemgy.dll
2014-11-21 02:12:50 31232 ----a-w- C:\Windows\System32\atimuixx.dll
2014-11-21 02:12:48 774656 ----a-w- C:\Windows\System32\atieclxx.exe
2014-11-21 02:12:40 244736 ----a-w- C:\Windows\System32\atiesrxx.exe
2014-11-21 02:12:26 190976 ----a-w- C:\Windows\System32\atitmm64.dll
2014-11-21 02:10:02 843776 ----a-w- C:\Windows\System32\coinst_14.50.dll
2014-11-21 02:09:06 1214976 ----a-w- C:\Windows\System32\atiadlxx.dll
2014-11-21 02:09:04 903168 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2014-11-21 02:09:00 75264 ----a-w- C:\Windows\System32\atig6pxx.dll
2014-11-21 02:09:00 69632 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2014-11-21 02:09:00 69632 ----a-w- C:\Windows\System32\atiglpxx.dll
2014-11-21 02:08:58 146944 ----a-w- C:\Windows\System32\atig6txx.dll
2014-11-21 02:08:56 133632 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2014-11-21 02:08:54 589312 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2014-11-21 02:08:54 43520 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2014-11-20 20:36:32 51200 ----a-w- C:\Windows\System32\kdbsdk64.dll
2014-11-20 20:35:00 38912 ----a-w- C:\Windows\SysWow64\kdbsdk32.dll
2014-11-12 21:31:23 111016 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2014-11-12 21:25:24 0 ----a-w- C:\Windows\ativpsrm.bin
2014-11-11 03:09:06 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2014-11-11 03:08:52 241152 ----a-w- C:\Windows\System32\pku2u.dll
2014-11-11 03:08:48 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-11-11 02:44:45 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2014-11-11 02:44:32 186880 ----a-w- C:\Windows\SysWow64\pku2u.dll
2014-11-11 02:44:25 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-11-11 01:46:26 119296 ----a-w- C:\Windows\System32\drivers\tdx.sys
2014-11-08 03:16:08 2048 ----a-w- C:\Windows\System32\tzres.dll
.
============= FINISH:  0:18:36,03 ===============
 
 
I really appreciate all the work you guys do here to help everyone!
Thank you

Attached Files


Edited by HardCoreHolland, 05 January 2015 - 07:01 PM.


BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:36 PM

Posted 06 January 2015 - 04:57 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

  • Important: To help me reviewing your logs, please post them in code boxes. You can create them by clicking on the <>-symbol on top of the reply window.

 
 
 
 
HijackThis is not the preferred initial scanning tool in this forum. With today's malware, a more comprehensive set of logs is required to determine the presence of malware.
 
 
  
Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)
 
  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.

 
 
Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.
  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )
  • Leave everything else as it is.
  • Close all other running programs as well as your Browser.
  • Click the Scan button & wait for it to finish.
  • Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop.
  • Please post the content of the ark.txt here.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.zip and extract to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt


Please attach this file to your next reply.
 


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 HardCoreHolland

HardCoreHolland
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:36 PM

Posted 06 January 2015 - 10:09 AM

Hi Marius, 

 

thanks for your quick response!

FARBAR 

FRST TXT :
 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-01-2015
Ran by Colin (administrator) on COLIN-PC on 06-01-2015 15:40:43
Running from C:\Users\Colin\Desktop
Loaded Profile: Colin (Available profiles: Colin)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Nederlands (Nederland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
(Spotify Ltd) C:\Users\Colin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngtool.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngtool.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55568 2014-12-08] (Raptr, Inc)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2561848 2014-12-10] (Malwarebytes Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5225064 2014-12-31] (AVAST Software)
HKU\S-1-5-21-3666549355-1969835559-904239995-1000\...\Run: [Spotify Web Helper] => C:\Users\Colin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-11] (Spotify Ltd)
HKU\S-1-5-21-3666549355-1969835559-904239995-1000\...\RunOnce: [Adobe Speed Launcher] => 1420554689
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
BootExecute: autocheck autochk * PCloudBroom64.exe \systemroot\system32\BroomData.bitPCloudBroom64.exe \systemroot\system32\BroomData.bitPCloudBroom64.exe \systemroot\system32\BroomData.bitPCloudBroom64.exe \systemroot\system32\BroomData.bit
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-3666549355-1969835559-904239995-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:65473;https=127.0.0.1:65473
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = auto:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3666549355-1969835559-904239995-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3666549355-1969835559-904239995-1000\Software\Microsoft\Internet Explorer\Main,Start Page = auto:blank
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3666549355-1969835559-904239995-1000 -> {16122499-597F-4BDF-9E3D-465BAEF95159} URL = https://www.google.com/search?q={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitIEAddin.dll (TechSmith Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.254 195.121.1.34 195.121.1.66
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-12-31]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://search.conduit.com/?ctid=CT3312375&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP33A27EC6-0572-43B1-8C9F-C391466AB759
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Colin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Presentaties) - C:\Users\Colin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-24]
CHR Extension: (Magic Actions for YouTube™) - C:\Users\Colin\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2014-11-24]
CHR Extension: (Google Documenten) - C:\Users\Colin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-24]
CHR Extension: (Google Drive) - C:\Users\Colin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-12]
CHR Extension: (Adblock Plus) - C:\Users\Colin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-11-12]
CHR Extension: (Google Spreadsheets) - C:\Users\Colin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-24]
CHR Extension: (Avast Online Security) - C:\Users\Colin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-12-31]
CHR Extension: (Gmail) - C:\Users\Colin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-12]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-01-06]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-31] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-12-31] (Avast Software)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140936 2013-05-14] ()
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [555320 2014-12-10] (Malwarebytes Corporation)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-31] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-31] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-12-31] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-31] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2015-01-06] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-31] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-12-31] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-31] ()
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63064 2014-12-10] ()
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-05] (Malwarebytes Corporation)
S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [47632 2013-04-29] (Panda Security, S.L.)
S3 RdpVideoMiniport; C:\Windows\System32\drivers\rdpvideominiport.sys [19456 2012-08-23] (Microsoft Corporation) [File not signed]
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-12-31] (Avast Software)
R3 ysusb64; C:\Windows\System32\drivers\ysusb64.sys [132160 2014-08-19] (Yamaha Corporation)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 TfNetMon; \??\C:\Windows\system32\drivers\TfNetMon.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-06 15:40 - 2015-01-06 15:41 - 00012200 _____ () C:\Users\Colin\Desktop\FRST.txt
2015-01-06 15:40 - 2015-01-06 15:40 - 00000000 ____D () C:\FRST
2015-01-06 15:39 - 2015-01-06 15:39 - 02123776 _____ (Farbar) C:\Users\Colin\Desktop\FRST64.exe
2015-01-06 15:34 - 2014-12-31 20:11 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-01-06 14:40 - 2015-01-06 14:40 - 00147125 _____ () C:\Users\Colin\Documents\recovery.daa
2015-01-06 14:20 - 2015-01-06 14:20 - 00000000 ___DC () C:\Users\Colin\AppData\Local\MigWiz
2015-01-06 13:56 - 2015-01-06 13:57 - 00007243 _____ () C:\Users\Colin\Desktop\MBRCheck_01.06.15_13.56.57.txt
2015-01-06 13:52 - 2015-01-06 13:52 - 01454502 _____ () C:\Users\Colin\Documents\AutoRuns.arn
2015-01-06 05:47 - 2015-01-06 05:47 - 00000000 ____D () C:\Users\Colin\AppData\Roaming\Malwarebytes
2015-01-06 05:41 - 2015-01-06 05:41 - 00004506 _____ () C:\$tmplistd.txt
2015-01-06 05:35 - 2015-01-06 05:35 - 00007497 _____ () C:\Users\Colin\Desktop\MBRCheck_01.06.15_05.35.25.txt
2015-01-06 05:07 - 2015-01-06 05:07 - 00007509 _____ () C:\Users\Colin\Desktop\MBRCheck_01.06.15_05.07.47.txt
2015-01-06 05:00 - 2015-01-06 15:15 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-01-06 04:35 - 2015-01-06 04:35 - 00082168 _____ () C:\Users\Colin\Documents\CDROM.daa
2015-01-06 04:23 - 2015-01-06 04:23 - 00000000 ____D () C:\Program Files (x86)\AMD APP
2015-01-06 04:19 - 2015-01-06 15:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VIA
2015-01-06 04:19 - 2015-01-06 04:19 - 00000000 ____D () C:\Windows\system32\SRSLabs
2015-01-06 04:19 - 2015-01-06 04:19 - 00000000 ____D () C:\Program Files (x86)\VIA
2015-01-06 04:12 - 2015-01-06 04:13 - 00000000 ____D () C:\Users\Colin\Documents\drivers moederbord
2015-01-06 03:39 - 2015-01-06 15:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2015-01-06 03:39 - 2015-01-06 03:39 - 00000000 ____D () C:\Program Files (x86)\ASUS
2015-01-06 03:36 - 2015-01-06 03:36 - 03553805 _____ () C:\Users\Colin\Downloads\MultiFrame_win7.zip
2015-01-06 02:26 - 2015-01-06 14:32 - 00000000 ____D () C:\Users\Colin\AppData\Local\CrashDumps
2015-01-06 01:19 - 2015-01-06 06:10 - 00004752 _____ () C:\Users\Colin\Desktop\Rkill.txt
2015-01-06 01:16 - 2015-01-06 01:16 - 00018662 _____ () C:\Users\Colin\Desktop\combofix.txt
2015-01-06 00:42 - 2015-01-06 00:42 - 00004357 _____ () C:\Users\Colin\Downloads\attach.txt
2015-01-06 00:40 - 2015-01-06 00:40 - 00016362 _____ () C:\Users\Colin\Desktop\bleep.txt
2015-01-06 00:18 - 2015-01-06 00:19 - 00016013 _____ () C:\Users\Colin\Desktop\dds.txt
2015-01-06 00:18 - 2015-01-06 00:19 - 00004357 _____ () C:\Users\Colin\Desktop\attach.txt
2015-01-05 23:02 - 2015-01-06 00:00 - 00000000 ____D () C:\Program Files\HitmanPro
2015-01-05 23:02 - 2015-01-05 23:05 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-01-05 22:30 - 2015-01-05 22:30 - 00000000 ____D () C:\Users\Colin\AppData\Roaming\WinPatrol
2015-01-05 22:06 - 2015-01-06 06:09 - 00000000 ____D () C:\AdwCleaner
2015-01-05 21:50 - 2015-01-05 21:50 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-01-05 20:01 - 2015-01-05 20:01 - 00000000 __SHD () C:\Users\Colin\AppData\Local\EmieUserList
2015-01-05 20:01 - 2015-01-05 20:01 - 00000000 __SHD () C:\Users\Colin\AppData\Local\EmieSiteList
2015-01-05 20:01 - 2015-01-05 20:01 - 00000000 __SHD () C:\Users\Colin\AppData\Local\EmieBrowserModeList
2015-01-05 19:15 - 2015-01-06 07:12 - 00000000 ____D () C:\Users\Colin\Desktop\hirens
2015-01-05 19:08 - 2015-01-05 19:14 - 621283886 _____ () C:\Users\Colin\Downloads\Hirens.BootCD.15.2.zip
2015-01-05 19:04 - 2015-01-05 19:04 - 00183544 _____ () C:\Users\Colin\Downloads\grub4dos.zip
2015-01-05 19:02 - 2015-01-05 19:02 - 00035228 _____ () C:\Users\Colin\Downloads\USBFormat.zip
2015-01-05 18:57 - 2014-05-08 10:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-01-05 18:46 - 2013-10-02 01:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-01-05 18:46 - 2013-10-02 00:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2015-01-05 18:46 - 2012-08-23 15:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2015-01-05 15:53 - 2015-01-05 15:53 - 00000280 _____ () C:\Windows\system32\2015-01-05-14-53-11.064-aswFe.exe-4692.log
2015-01-05 15:52 - 2015-01-05 15:52 - 00000280 _____ () C:\Windows\system32\2015-01-05-14-52-40.091-aswFe.exe-4344.log
2015-01-05 15:49 - 2015-01-05 15:49 - 00000000 ____D () C:\Users\Colin\AppData\Local\DriverToolkit
2015-01-05 15:48 - 2015-01-05 15:54 - 00000000 ____D () C:\Program Files (x86)\DriverToolkit
2015-01-05 15:48 - 2015-01-05 15:48 - 02448688 _____ (Megaify Software ) C:\Users\Colin\Downloads\DriverToolkitInstaller.exe
2015-01-04 12:37 - 2015-01-04 12:37 - 00000197 _____ () C:\Windows\system32\2015-01-04-11-37-18.020-AvastVBoxSVC.exe-3424.log
2015-01-03 20:33 - 2015-01-03 20:33 - 00000197 _____ () C:\Windows\system32\2015-01-03-19-33-31.097-AvastVBoxSVC.exe-3916.log
2015-01-01 13:06 - 2015-01-01 13:06 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-01-01 13:03 - 2015-01-01 13:03 - 00638888 _____ (Oracle Corporation) C:\Users\Colin\Downloads\chromeinstall-8u25.exe
2014-12-31 21:44 - 2014-12-31 21:44 - 00000247 _____ () C:\Windows\system32\2014-12-31-20-44-29.014-aswFe.exe-5732.log
2014-12-31 21:39 - 2014-12-31 21:44 - 00000247 _____ () C:\Windows\system32\2014-12-31-20-39-27.078-aswFe.exe-5480.log
2014-12-31 21:39 - 2014-12-31 21:39 - 00000197 _____ () C:\Windows\system32\2014-12-31-20-39-23.030-AvastVBoxSVC.exe-6076.log
2014-12-31 20:25 - 2014-12-31 20:25 - 00000247 _____ () C:\Windows\system32\2014-12-31-19-25-04.034-aswFe.exe-5692.log
2014-12-31 20:25 - 2014-12-31 20:25 - 00000197 _____ () C:\Windows\system32\2014-12-31-19-25-02.044-AvastVBoxSVC.exe-1684.log
2014-12-31 20:20 - 2014-12-31 20:20 - 00204496 _____ (Malwarebytes) C:\Users\Colin\Downloads\startuplite-setup-1.07.exe
2014-12-31 20:19 - 2014-12-31 20:19 - 00000247 _____ () C:\Windows\system32\2014-12-31-19-19-51.054-aswFe.exe-2384.log
2014-12-31 20:17 - 2014-12-31 20:17 - 00000247 _____ () C:\Windows\system32\2014-12-31-19-17-40.028-aswFe.exe-5856.log
2014-12-31 20:17 - 2014-12-31 20:17 - 00000197 _____ () C:\Windows\system32\2014-12-31-19-17-37.074-AvastVBoxSVC.exe-5608.log
2014-12-31 20:12 - 2014-12-31 20:59 - 00000000 ____D () C:\Windows\SysWOW64\vbox
2014-12-31 20:12 - 2014-12-31 20:59 - 00000000 ____D () C:\Windows\system32\vbox
2014-12-31 20:11 - 2015-01-06 15:35 - 00001964 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2014-12-31 20:11 - 2015-01-06 15:34 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-12-31 20:11 - 2015-01-06 15:34 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-12-31 20:11 - 2015-01-06 15:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2014-12-31 20:11 - 2014-12-31 20:11 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-12-31 20:11 - 2014-12-31 20:11 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-12-31 20:11 - 2014-12-31 20:11 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-12-31 20:11 - 2014-12-31 20:11 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-12-31 20:11 - 2014-12-31 20:11 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-12-31 20:11 - 2014-12-31 20:11 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-12-31 20:11 - 2014-12-31 20:11 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-12-31 20:11 - 2014-12-31 20:11 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-12-31 20:09 - 2015-01-06 15:15 - 00000000 ____D () C:\Program Files\AVAST Software
2014-12-31 20:08 - 2015-01-06 15:15 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-12-31 20:08 - 2014-12-31 20:08 - 05006864 _____ (AVAST Software) C:\Users\Colin\Downloads\avast_free_antivirus_setup_online.exe
2014-12-31 09:59 - 2015-01-06 15:15 - 00000000 ____D () C:\Users\Colin\Desktop\mbar
2014-12-31 09:59 - 2015-01-06 06:07 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-12-31 09:58 - 2014-12-31 09:58 - 16448208 _____ (Malwarebytes Corp.) C:\Users\Colin\Downloads\mbar-1.08.2.1001.exe
2014-12-31 08:12 - 2014-12-31 08:12 - 00065232 _____ (Malwarebytes) C:\Users\Colin\Downloads\regassassin-setup-1.03.exe
2014-12-31 08:10 - 2015-01-06 15:15 - 00000000 ____D () C:\Users\Colin\Documents\opschonen
2014-12-31 08:10 - 2015-01-06 15:15 - 00000000 ____D () C:\Users\Colin\Desktop\opschonen
2014-12-31 07:09 - 2015-01-06 15:15 - 00000000 ____D () C:\Program Files (x86)\System Ninja
2014-12-31 06:57 - 2014-12-28 09:01 - 01707939 _____ (Thisisu) C:\Users\Colin\Desktop\JRT_NEW.exe
2014-12-31 04:15 - 2014-12-31 04:15 - 00003326 _____ () C:\Windows\System32\Tasks\SpyHunter4Startup
2014-12-31 00:58 - 2014-12-31 00:58 - 00000000 ____D () C:\Users\Colin\Documents\Snagit
2014-12-31 00:57 - 2014-12-31 20:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Snagit 9
2014-12-31 00:57 - 2014-12-31 20:58 - 00000000 ____D () C:\Users\Colin\AppData\Local\TechSmith
2014-12-31 00:57 - 2014-12-31 20:58 - 00000000 ____D () C:\ProgramData\TechSmith
2014-12-31 00:57 - 2014-12-31 20:56 - 00000000 ____D () C:\Program Files (x86)\TechSmith
2014-12-31 00:57 - 2014-12-31 00:57 - 00002037 _____ () C:\Users\Public\Desktop\Snagit 9 Editor.lnk
2014-12-31 00:57 - 2014-12-31 00:57 - 00002017 _____ () C:\Users\Public\Desktop\Snagit 9.lnk
2014-12-31 00:14 - 2014-12-31 20:58 - 00000000 ____D () C:\Users\Colin\AppData\Local\Logitech® Webcam Software
2014-12-31 00:07 - 2014-12-31 20:58 - 00000000 ____D () C:\ProgramData\LogiShrd
2014-12-31 00:06 - 2015-01-06 15:36 - 00009465 _____ () C:\Windows\system32\lvcoinst.log
2014-12-31 00:06 - 2015-01-06 15:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2014-12-31 00:06 - 2015-01-06 15:15 - 00000000 ____D () C:\Program Files\Common Files\logishrd
2014-12-31 00:06 - 2015-01-06 15:15 - 00000000 ____D () C:\Program Files (x86)\Logitech
2014-12-31 00:06 - 2014-12-31 00:06 - 00003859 _____ () C:\Windows\LDPINST.LOG
2014-12-31 00:06 - 2014-12-31 00:06 - 00001624 _____ () C:\Users\Public\Desktop\Logitech Webcam Software  .lnk
2014-12-31 00:06 - 2014-12-31 00:06 - 00000000 ____D () C:\Users\Colin\AppData\Roaming\Leadertech
2014-12-31 00:02 - 2014-12-31 00:03 - 74637872 _____ (Logitech, Inc.) C:\Users\Colin\Downloads\lws251.exe
2014-12-30 13:16 - 2015-01-06 02:26 - 00000000 ____D () C:\Users\Colin\Documents\helen
2014-12-30 03:06 - 2014-12-30 03:06 - 00000849 _____ () C:\Users\Colin\AppData\Local\recently-used.xbel
2014-12-30 02:58 - 2014-12-30 03:06 - 00000000 ____D () C:\Users\Colin\AppData\Local\gtk-2.0
2014-12-22 17:07 - 2014-12-30 13:11 - 00000000 ___HD () C:\ProgramData\CanonIJMIG
2014-12-22 17:07 - 2014-12-22 17:07 - 00000000 ___HD () C:\ProgramData\CanonIJScan
2014-12-21 22:40 - 2014-12-21 22:40 - 00000000 ____D () C:\Users\Colin\AppData\Roaming\PowerISO
2014-12-21 16:15 - 2014-12-21 16:15 - 00000230 _____ () C:\Users\Colin\Downloads\Dienstrooster, 15-12-2014 tm 12-1-2015.zip
2014-12-19 15:08 - 2015-01-06 15:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Gaming Evolved
2014-12-19 15:08 - 2014-12-19 15:08 - 00000000 ____D () C:\Users\Colin\AppData\Roaming\library_dir
2014-12-19 15:07 - 2015-01-06 15:15 - 00000000 ____D () C:\Users\Colin\AppData\Roaming\Raptr
2014-12-19 15:07 - 2015-01-06 15:15 - 00000000 ____D () C:\Program Files (x86)\Raptr
2014-12-19 15:01 - 2014-12-19 15:04 - 302470552 _____ (AMD Inc.) C:\Users\Colin\Downloads\amd-catalyst-omega-14.12-with-dotnet45-win7-64bit.exe
2014-12-18 04:50 - 2014-12-13 06:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-18 04:50 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-14 13:38 - 2014-12-14 13:38 - 10848608 _____ (Microsoft Corporation) C:\Users\Colin\Downloads\Install_MSN_Messenger.EXE
2014-12-10 18:48 - 2014-12-10 18:48 - 00000000 ____D () C:\ProgramData\ATI
2014-12-10 18:45 - 2014-12-10 18:45 - 00058826 _____ () C:\Windows\SysWOW64\CCCInstall_201412101845268024.log
2014-12-10 18:45 - 2014-12-10 18:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2014-12-10 18:45 - 2014-12-10 18:45 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-12-10 18:42 - 2014-12-10 18:42 - 00000000 ____D () C:\Program Files (x86)\AMD
2014-12-10 18:32 - 2014-12-10 18:32 - 05451464 _____ (Advanced Micro Devices, Inc.) C:\Users\Colin\Downloads\autodetectutility.exe
2014-12-10 03:01 - 2014-10-18 03:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-10 03:01 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-10 03:01 - 2014-07-07 03:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-12-10 03:01 - 2014-07-07 03:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-12-10 03:01 - 2014-07-07 03:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-12-10 03:01 - 2014-07-07 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-12-10 03:01 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-12-10 03:01 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-12-10 03:01 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-12-10 03:01 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-12-09 22:43 - 2014-11-27 02:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-09 22:43 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-09 22:43 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-09 22:43 - 2014-11-22 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-09 22:43 - 2014-11-22 04:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-09 22:43 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-09 22:43 - 2014-11-22 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-09 22:43 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-09 22:43 - 2014-11-22 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-09 22:43 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-09 22:43 - 2014-11-22 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-09 22:43 - 2014-11-22 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-09 22:43 - 2014-11-22 03:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-09 22:43 - 2014-11-22 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-09 22:43 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-09 22:43 - 2014-11-22 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-09 22:43 - 2014-11-22 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-09 22:43 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-09 22:43 - 2014-11-22 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-09 22:43 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-09 22:43 - 2014-11-22 03:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-09 22:43 - 2014-11-22 03:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-09 22:43 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-09 22:43 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-09 22:43 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-09 22:43 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-09 22:43 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-09 22:43 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-09 22:43 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-09 22:43 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-09 22:43 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-09 22:43 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-09 22:43 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-09 22:43 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-09 22:43 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-09 22:43 - 2014-11-22 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-09 22:43 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-09 22:43 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-09 22:43 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-09 22:43 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-09 22:43 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-09 22:43 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-09 22:43 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-09 22:43 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-09 22:43 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-09 22:43 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-09 22:43 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-09 22:43 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-09 22:43 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-09 22:43 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-09 22:43 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-09 22:43 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-09 22:43 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-09 22:43 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-09 22:43 - 2014-11-11 04:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-09 22:43 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-09 22:43 - 2014-11-11 02:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-09 22:42 - 2014-11-08 04:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-09 22:42 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-09 22:42 - 2014-10-30 03:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-09 22:42 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-09 22:42 - 2014-10-03 03:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-09 22:42 - 2014-10-03 03:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-09 22:42 - 2014-10-03 03:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-09 22:42 - 2014-10-03 03:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-09 22:42 - 2014-10-03 03:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-09 22:42 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-09 22:42 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-09 22:42 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-09 22:42 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-09 22:42 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2014-12-08 22:38 - 2015-01-06 15:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO
2014-12-08 22:38 - 2015-01-06 15:15 - 00000000 ____D () C:\Program Files\PowerISO
2014-12-08 22:38 - 2014-12-08 22:38 - 00000812 _____ () C:\Users\Public\Desktop\PowerISO.lnk
2014-12-08 22:38 - 2014-10-08 14:13 - 00127760 _____ (Power Software Ltd) C:\Windows\system32\Drivers\scdemu.sys
2014-12-08 22:16 - 2014-12-08 22:20 - 00000000 ____D () C:\Users\Colin\Downloads\amdoom
2014-12-08 22:16 - 2005-01-11 00:28 - 00003607 _____ () C:\Users\Colin\Downloads\NLRIP.nfo
2014-12-08 22:15 - 2014-12-08 22:15 - 43003334 _____ () C:\Users\Colin\Downloads\amdoom.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-06 15:39 - 2014-11-12 22:02 - 01086025 _____ () C:\Windows\WindowsUpdate.log
2015-01-06 15:34 - 2009-07-14 10:16 - 00745424 _____ () C:\Windows\system32\perfh013.dat
2015-01-06 15:34 - 2009-07-14 10:16 - 00153376 _____ () C:\Windows\system32\perfc013.dat
2015-01-06 15:34 - 2009-07-14 06:13 - 01669560 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-06 15:34 - 2009-07-14 05:45 - 00021024 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-06 15:34 - 2009-07-14 05:45 - 00021024 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-06 15:32 - 2014-11-24 18:05 - 00005497 _____ () C:\Windows\setupact.log
2015-01-06 15:30 - 2014-11-24 15:38 - 00001050 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-06 15:30 - 2014-11-12 22:00 - 00000000 ____D () C:\Users\Colin
2015-01-06 15:30 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-06 15:15 - 2014-11-27 02:22 - 00000000 ____D () C:\Windows\ERUNT
2015-01-06 15:15 - 2014-11-27 01:51 - 00000000 ____D () C:\Windows\erdnt
2015-01-06 15:15 - 2014-11-24 16:57 - 00000000 ____D () C:\Windows\pss
2015-01-06 15:15 - 2014-11-24 15:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2015-01-06 15:15 - 2014-11-24 15:07 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Exploit
2015-01-06 15:15 - 2014-11-24 13:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
2015-01-06 15:15 - 2014-11-12 22:37 - 00000000 ____D () C:\Users\Colin\AppData\Roaming\uTorrent
2015-01-06 15:15 - 2014-11-12 22:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-06 15:15 - 2014-11-12 22:34 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-06 15:15 - 2014-11-12 22:31 - 00000000 ____D () C:\Windows\SysWOW64\Adobe
2015-01-06 15:15 - 2014-11-12 22:30 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2015-01-06 15:15 - 2014-11-12 22:30 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2015-01-06 15:15 - 2014-11-12 22:30 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-01-06 15:15 - 2014-11-12 22:00 - 00000000 ___RD () C:\Users\Colin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-01-06 15:15 - 2014-11-12 22:00 - 00000000 ___RD () C:\Users\Colin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-06 15:15 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-01-06 15:15 - 2009-07-14 04:20 - 00000000 __RSD () C:\Windows\Media
2015-01-06 15:15 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Public\Libraries
2015-01-06 15:15 - 2009-07-14 04:20 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-01-06 15:15 - 2009-07-14 04:20 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-06 15:15 - 2009-07-14 04:20 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-01-06 15:15 - 2009-07-14 04:20 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-06 15:15 - 2009-07-14 04:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-01-06 15:15 - 2009-07-14 04:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-06 15:14 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2015-01-06 15:14 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-01-06 15:13 - 2014-11-27 01:51 - 00000000 ____D () C:\Qoobox
2015-01-06 15:13 - 2014-11-12 22:34 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-06 15:13 - 2014-11-12 22:30 - 00000000 ____D () C:\Users\Colin\AppData\Roaming\Macromedia
2015-01-06 15:11 - 2014-11-24 13:19 - 00000000 ____D () C:\Program Files (x86)\Panda Security
2015-01-06 06:14 - 2014-11-12 21:53 - 00000000 ____D () C:\Windows\Panther
2015-01-06 06:02 - 2009-07-14 03:34 - 54263808 _____ () C:\Windows\system32\config\software.BAK
2015-01-06 06:02 - 2009-07-14 03:34 - 18350080 _____ () C:\Windows\system32\config\system.BAK
2015-01-06 06:02 - 2009-07-14 03:34 - 00151552 _____ () C:\Windows\system32\config\default.BAK
2015-01-06 06:02 - 2009-07-14 03:34 - 00028672 _____ () C:\Windows\system32\config\sam.BAK
2015-01-06 06:02 - 2009-07-14 03:34 - 00024576 _____ () C:\Windows\system32\config\security.BAK
2015-01-06 01:35 - 2014-11-12 22:00 - 01572864 ___SH () C:\Users\Colin\ntuser.bak
2015-01-06 01:30 - 2014-11-20 15:28 - 00000000 ____D () C:\Users\Colin\AppData\Roaming\GlarySoft
2015-01-06 00:48 - 2014-11-24 14:15 - 00007639 _____ () C:\Users\Colin\AppData\Local\Resmon.ResmonCfg
2015-01-05 18:43 - 2014-11-24 15:38 - 00001054 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-05 18:03 - 2014-11-12 22:35 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-05 15:29 - 2014-11-12 22:05 - 00003958 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{3189F0FD-A30E-44ED-BBAA-C9E381E90648}
2015-01-05 14:06 - 2014-11-24 15:07 - 00000000 ____D () C:\ProgramData\Malwarebytes Anti-Exploit
2015-01-03 20:56 - 2014-11-12 22:32 - 00000000 ____D () C:\Users\Colin\AppData\Roaming\Spotify
2014-12-31 20:59 - 2014-11-12 22:42 - 00000000 ____D () C:\Users\Colin\AppData\Roaming\Skype
2014-12-31 20:59 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat
2014-12-31 20:56 - 2014-11-12 22:06 - 00000000 ____D () C:\AMD
2014-12-31 20:50 - 2014-11-12 23:31 - 00000000 ____D () C:\Users\Colin\AppData\Local\Downloaded Installations
2014-12-31 10:05 - 2014-11-12 22:00 - 00001401 _____ () C:\Users\Colin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-12-31 10:04 - 2014-11-24 15:34 - 00000000 ____D () C:\Users\Colin\AppData\Local\Apps\2.0
2014-12-31 09:59 - 2014-11-12 22:34 - 00096472 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-31 09:54 - 2014-11-14 07:14 - 00000000 ____D () C:\Users\Colin\AppData\Local\Spotify
2014-12-31 09:36 - 2014-11-24 18:05 - 00031462 _____ () C:\Windows\PFRO.log
2014-12-31 09:07 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2014-12-31 02:37 - 2014-11-27 01:31 - 00000000 ____D () C:\Users\Colin\AppData\Roaming\Registry_Alert
2014-12-31 02:04 - 2009-07-14 05:45 - 00000000 ____D () C:\Windows\Setup
2014-12-30 13:11 - 2014-12-04 14:16 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-12-30 12:24 - 2014-11-24 15:39 - 00002203 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-30 03:18 - 2014-11-13 00:24 - 00000000 ____D () C:\Users\Colin\.gimp-2.8
2014-12-30 03:01 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\Performance
2014-12-22 17:07 - 2014-12-04 14:16 - 00000000 ____D () C:\Users\Colin\AppData\Roaming\Canon
2014-12-19 15:16 - 2014-11-12 22:22 - 00000000 ____D () C:\Program Files\AMD
2014-12-19 14:57 - 2014-11-12 23:34 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-12-16 14:29 - 2014-11-13 14:09 - 00000000 ____D () C:\Users\Colin\AppData\Roaming\vlc
2014-12-13 04:18 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-12-10 18:45 - 2014-11-12 22:23 - 00000000 ____D () C:\ProgramData\AMD
2014-12-10 18:43 - 2014-11-12 22:06 - 00000000 ____D () C:\Program Files\ATI Technologies
2014-12-10 03:04 - 2014-11-24 16:15 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-10 03:02 - 2014-11-24 16:15 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-04 13:06
 
==================== End Of Log ============================
 
 
 
 
 
 
ADDITION TXT :


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-01-2015
Ran by Colin at 2015-01-06 15:41:45
Running from C:\Users\Colin\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-3666549355-1969835559-904239995-1000\...\uTorrent) (Version: 3.4.2.35702 - BitTorrent Inc.)
3DP Chip v14.07 (HKLM-x32\...\3DP Chip) (Version: v14.07 - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Nederlands (HKLM-x32\...\{AC76BA86-7AD7-1043-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.4.154 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: 4.5.0 - Canon Inc.)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.5.0.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 4.1.0 - Canon Inc.)
Canon MG2500 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2500_series) (Version: 1.02 - Canon Inc.)
Canon MG2500 series On-screen Manual (HKLM-x32\...\Canon MG2500 series On-screen Manual) (Version: 7.6.1 - Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 3.0.1 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 3.0.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.2.1 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.4.1 - Canon Inc.)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Gebruikersregistratie voor Canon MG2500 series (HKLM-x32\...\Gebruikersregistratie voor Canon MG2500 series) (Version:  - ‭Canon Inc.)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Logitech-webcamsoftware (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
Malwarebytes Anti-Exploit version 1.05.1.1016 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.05.1.1016 - Malwarebytes)
Malwarebytes Anti-Malware versie 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Nederlands) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1043) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Panda Cloud Cleaner (HKLM-x32\...\{92B2B132-C7F0-43DC-921A-4493C04F78A4}_is1) (Version: 1.0.104 - Panda Security)
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.1 - Power Software Ltd)
Raptr (HKLM-x32\...\Raptr) (Version:  - )
Skype™ 6.21 (HKLM-x32\...\{1845470B-EB14-4ABC-835B-E36C693DC07D}) (Version: 6.21.104 - Skype Technologies S.A.)
Snagit 9.1 (HKLM-x32\...\{0E6ED660-498C-42F7-9EF4-FB0C96DFC01A}) (Version: 9.1.0.206 - TechSmith Corporation)
Spotify (HKU\S-1-5-21-3666549355-1969835559-904239995-1000\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
Yamaha Steinberg USB Driver (HKLM-x32\...\InstallShield_{905A4D64-E752-4BC1-9D18-F7747F4C7D87}) (Version: 1.9.0 - Yamaha Corporation)
Yamaha Steinberg USB Driver (Version: 1.9.0 - Yamaha Corporation) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
19-12-2014 15:48:48 Installed ASUS MultiFrame
23-12-2014 07:25:47 Windows Update
23-12-2014 12:46:26 Removed Microsoft Baseline Security Analyzer 2.3
26-12-2014 18:50:21 Windows Update
30-12-2014 15:12:23 Windows Update
31-12-2014 00:56:15 Installed Snagit 9.1
31-12-2014 02:35:59 Installed Registry Alerts
31-12-2014 20:09:40 avast! antivirus system restore point
31-12-2014 20:25:25 Removed Registry Alerts
01-01-2015 13:03:48 Removed Java 8 Update 25
02-01-2015 15:52:44 Windows Update
05-01-2015 15:54:14 Removed Registry Alerts
05-01-2015 15:55:07 Removed MSN Messenger 7.5
05-01-2015 15:56:44 Removed ASUS MultiFrame
05-01-2015 18:44:56 Windows Update
05-01-2015 19:36:43 avast! antivirus system restore point
05-01-2015 21:37:47 Installatie van apparaatstuurprogramma: Elaborate Bytes AG Opslagcontrollers
06-01-2015 03:00:17 Windows Update
06-01-2015 03:38:57 Installed ASUS MultiFrame
06-01-2015 04:18:51 Installed Platform
06-01-2015 15:31:23 avast! antivirus system restore point
06-01-2015 15:35:45 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {26E6ECAC-D4FF-4474-AF2A-D87EACF96D7D} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe
Task: {3125CD02-69CD-4DA2-B59A-BFABBBD60388} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-24] (Google Inc.)
Task: {46B0D712-3AB9-4BD8-8C15-EDB797E6CBE5} - \SUPERAntiSpyware Scheduled Task ce15ca78-4374-4588-89aa-25d27daf2137 No Task File <==== ATTENTION
Task: {495F8F8D-1C59-42F5-8BD6-0E34A8EE90DA} - \SUPERAntiSpyware Scheduled Task a615bdee-22ba-4515-b02d-0f6b77732914 No Task File <==== ATTENTION
Task: {4AD62201-EE92-450F-8EEA-6E8EC44ED9FC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-24] (Google Inc.)
Task: {B2F54B1A-7080-4C81-A22D-5C4F41413052} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-12-31] (AVAST Software)
Task: {F281FDBE-5ABA-4C61-92A5-690DE412C4F0} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-12-04 14:16 - 2013-05-14 18:50 - 00140936 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2014-12-31 20:11 - 2014-12-31 20:11 - 05851328 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll
2014-12-31 20:11 - 2014-12-31 20:11 - 00388208 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll
2015-01-05 12:39 - 2015-01-05 12:39 - 02909696 _____ () C:\Program Files\AVAST Software\Avast\defs\15010500\algo.dll
2014-12-31 20:11 - 2014-12-31 20:11 - 04495336 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\x86\VBoxRT-x86.dll
2015-01-06 15:35 - 2015-01-06 15:35 - 02909696 _____ () C:\Program Files\AVAST Software\Avast\defs\15010600\algo.dll
2014-12-09 20:45 - 2014-12-06 02:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-09 20:45 - 2014-12-06 02:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: !SASCORE => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: SpyHunter 4 Service => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Dual Smart Solution.lnk => C:\Windows\pss\Dual Smart Solution.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Colin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Productregistratie.lnk => C:\Windows\pss\Logitech . Productregistratie.lnk.Startup
MSCONFIG\startupreg: CanonQuickMenu => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: KSS => "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" /autorun
MSCONFIG\startupreg: LWS => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
MSCONFIG\startupreg: MsnMsgr => "C:\Program Files (x86)\MSN Messenger\MsnMsgr.Exe" /background
MSCONFIG\startupreg: PWRISOVM.EXE => C:\Program Files\PowerISO\PWRISOVM.EXE -startup
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Spotify => "C:\Users\Colin\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Colin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-3666549355-1969835559-904239995-500 - Administrator - Disabled)
Colin (S-1-5-21-3666549355-1969835559-904239995-1000 - Administrator - Enabled) => C:\Users\Colin
Gast (S-1-5-21-3666549355-1969835559-904239995-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3666549355-1969835559-904239995-1003 - Limited - Enabled)
 
==================== Faulty Device Manager Devices =============
 
Name: WD SES Device USB Device
Description: WD SES Device USB Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/06/2015 03:31:47 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: De Windows Search-service wordt gestopt vanwege een probleem met de indexeerfunctie, The catalog is corrupt.
 
 
Details:
De catalogus met de inhoudsindex is beschadigd.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (01/06/2015 03:31:47 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: De index kan niet worden geïnitialiseerd.
 
 
Details:
De catalogus met de inhoudsindex is beschadigd.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (01/06/2015 03:31:47 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: De toepassing kan niet worden geïnitialiseerd.
 
Context: toepassing Windows
 
 
Details:
De catalogus met de inhoudsindex is beschadigd.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (01/06/2015 03:31:47 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Het object van de gegevensverzamelaar kan niet worden geïnitialiseerd.
 
Context: toepassing Windows, catalogus SystemIndex
 
 
Details:
De catalogus met de inhoudsindex is beschadigd.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (01/06/2015 03:31:47 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: De invoegtoepassing in <Search.TripoliIndexer> kan niet worden geïnitialiseerd.
 
Context: toepassing Windows, catalogus SystemIndex
 
 
Details:
Kan element niet vinden.  (HRESULT : 0x80070490) (0x80070490)
 
Error: (01/06/2015 03:31:46 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: De invoegtoepassing in <Search.JetPropStore> kan niet worden geïnitialiseerd.
 
Context: toepassing Windows, catalogus SystemIndex
 
 
Details:
De catalogus met de inhoudsindex is beschadigd.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (01/06/2015 03:31:46 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: De Windows Search-service kan de gegevens van het eigenschappenarchief niet laden.
 
Context: toepassing Windows, catalogus SystemIndex
 
 
Details:
Vanwege een databasefout kan de server met de inhoudsindex niet worden bijgewerkt of geopend. Stop de zoekservice en start deze opnieuw. Als het probleem zich blijft voordoen, stelt u de inhoudsindex opnieuw in en verkent u deze opnieuw. In sommige gevallen kan het nodig zijn om de inhoudsindex te verwijderen en opnieuw te maken.  (HRESULT : 0x8004117f) (0x8004117f)
 
Error: (01/06/2015 03:31:46 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: De zoekservice heeft beschadigde gegevensbestanden ontdekt in de index {id=1100}. De service probeert dit probleem automatisch te verhelpen door de index opnieuw samen te stellen.
 
 
Details:
De catalogus met de inhoudsindex is beschadigd.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (01/06/2015 03:31:43 PM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description: Het Jet-eigenschappenarchief kan niet worden geopend door de Windows Search-service.
 
 
Details:
0x%08x (0x8004117f - Vanwege een databasefout kan de server met de inhoudsindex niet worden bijgewerkt of geopend. Stop de zoekservice en start deze opnieuw. Als het probleem zich blijft voordoen, stelt u de inhoudsindex opnieuw in en verkent u deze opnieuw. In sommige gevallen kan het nodig zijn om de inhoudsindex te verwijderen en opnieuw te maken.  (HRESULT : 0x8004117f))
 
Error: (01/06/2015 02:49:52 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Fout in de Volume Shadow Copy-service: onverwachte fout bij het aanroepen van routine CoCreateInstance.  hr = 0x80070422, Kan de service niet starten omdat deze is uitgeschakeld of omdat
het geen ingeschakelde apparaten met zich heeft verbonden.
.
 
 
Bewerking:
   Abonnementschrijver
 
Context:
   Klasse-id van schrijver: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Naam van schrijver: Shadow Copy Optimization Writer
   Instantie-id van schrijver: {d2214182-9ee3-4433-9311-3e2afb629092}
 
 
System errors:
=============
Error: (01/06/2015 03:38:48 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installatiefout: de volgende update kan niet worden geïnstalleerd, foutcode 0x80070103: Logitech - Communication Device, Other hardware, Streaming Media and Broadcast - Logitech HD Webcam C270.
 
Error: (01/06/2015 03:31:47 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: De Windows Search-service is onverwacht gestopt. Dit is 1 keer gebeurd. De volgende herstelbewerking zal over 30000 milliseconden worden uitgevoerd: Service opnieuw starten.
 
Error: (01/06/2015 03:31:47 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: De Windows Search-service is gestopt met de specifieke servicefout %%-1073473535.
 
Error: (01/06/2015 03:31:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: De MBAMScheduler-service kan vanwege de volgende fout niet worden gestart: 
%%1053
 
Error: (01/06/2015 03:31:02 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Time-out (30000 seconden) tijdens het wachten op het verbinden van deze service: MBAMScheduler.
 
Error: (01/06/2015 02:32:06 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: De WinHTTP Web Proxy Auto-Discovery Service-service is afhankelijk van de DHCP-client-service, die vanwege de volgende fout niet kan worden gestart: 
%%1058
 
Error: (01/06/2015 02:26:02 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: De WinHTTP Web Proxy Auto-Discovery Service-service is afhankelijk van de DHCP-client-service, die vanwege de volgende fout niet kan worden gestart: 
%%1058
 
Error: (01/06/2015 02:26:02 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: De WinHTTP Web Proxy Auto-Discovery Service-service is afhankelijk van de DHCP-client-service, die vanwege de volgende fout niet kan worden gestart: 
%%1058
 
Error: (01/06/2015 02:22:28 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: De WinHTTP Web Proxy Auto-Discovery Service-service is afhankelijk van de DHCP-client-service, die vanwege de volgende fout niet kan worden gestart: 
%%1058
 
Error: (01/06/2015 02:22:28 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: De WinHTTP Web Proxy Auto-Discovery Service-service is afhankelijk van de DHCP-client-service, die vanwege de volgende fout niet kan worden gestart: 
%%1058
 
 
Microsoft Office Sessions:
=========================
Error: (01/06/2015 03:31:47 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: 
Details:
De catalogus met de inhoudsindex is beschadigd.  (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt
 
Error: (01/06/2015 03:31:47 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: 
Details:
De catalogus met de inhoudsindex is beschadigd.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (01/06/2015 03:31:47 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Context: toepassing Windows
 
 
Details:
De catalogus met de inhoudsindex is beschadigd.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (01/06/2015 03:31:47 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Context: toepassing Windows, catalogus SystemIndex
 
 
Details:
De catalogus met de inhoudsindex is beschadigd.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (01/06/2015 03:31:47 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Context: toepassing Windows, catalogus SystemIndex
 
 
Details:
Kan element niet vinden.  (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer
 
Error: (01/06/2015 03:31:46 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Context: toepassing Windows, catalogus SystemIndex
 
 
Details:
De catalogus met de inhoudsindex is beschadigd.  (HRESULT : 0xc0041801) (0xc0041801)
Search.JetPropStore
 
Error: (01/06/2015 03:31:46 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: Context: toepassing Windows, catalogus SystemIndex
 
 
Details:
Vanwege een databasefout kan de server met de inhoudsindex niet worden bijgewerkt of geopend. Stop de zoekservice en start deze opnieuw. Als het probleem zich blijft voordoen, stelt u de inhoudsindex opnieuw in en verkent u deze opnieuw. In sommige gevallen kan het nodig zijn om de inhoudsindex te verwijderen en opnieuw te maken.  (HRESULT : 0x8004117f) (0x8004117f)
 
Error: (01/06/2015 03:31:46 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: 
Details:
De catalogus met de inhoudsindex is beschadigd.  (HRESULT : 0xc0041801) (0xc0041801)
1100
 
Error: (01/06/2015 03:31:43 PM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description: 
Details:
0x%08x (0x8004117f - Vanwege een databasefout kan de server met de inhoudsindex niet worden bijgewerkt of geopend. Stop de zoekservice en start deze opnieuw. Als het probleem zich blijft voordoen, stelt u de inhoudsindex opnieuw in en verkent u deze opnieuw. In sommige gevallen kan het nodig zijn om de inhoudsindex te verwijderen en opnieuw te maken.  (HRESULT : 0x8004117f))
 
Error: (01/06/2015 02:49:52 PM) (Source: VSS) (EventID: 8193) (User: )
Description: CoCreateInstance0x80070422, Kan de service niet starten omdat deze is uitgeschakeld of omdat
het geen ingeschakelde apparaten met zich heeft verbonden.
 
 
Bewerking:
   Abonnementschrijver
 
Context:
   Klasse-id van schrijver: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Naam van schrijver: Shadow Copy Optimization Writer
   Instantie-id van schrijver: {d2214182-9ee3-4433-9311-3e2afb629092}
 
 
==================== Memory info =========================== 
 
Processor: AMD Athlon™ II X4 640 Processor
Percentage of memory in use: 35%
Total physical RAM: 7935.18 MB
Available physical RAM: 5083.47 MB
Total Pagefile: 15868.54 MB
Available Pagefile: 12773.76 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:931.41 GB) (Free:836.88 GB) NTFS
Drive d: () (Removable) (Total:3.75 GB) (Free:3.73 GB) FAT32
Drive e: (WD SmartWare) (CDROM) (Total:0.43 GB) (Free:0 GB) UDF
Drive f: (My Book) (Fixed) (Total:930.86 GB) (Free:383.71 GB) NTFS
Drive g: (KOALA SCHYF) (Fixed) (Total:153.35 GB) (Free:58.25 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 36E8992A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 3.8 GB) (Disk ID: 3F866DB3)
Partition 1: (Not Active) - (Size=3.8 GB) - (Type=0B)
 
========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 930.9 GB) (Disk ID: 0002AE3F)
Partition 1: (Not Active) - (Size=930.9 GB) - (Type=07 NTFS)
 
========================================================
Disk: 3 (MBR Code: Windows XP) (Size: 153.4 GB) (Disk ID: 854F1F15)
Partition 1: (Active) - (Size=153.4 GB) - (Type=0C)
 
==================== End Of Log ============================
 
 
 
 
 
 
GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2015-01-06 15:53:52
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST31000524AS rev.JC45 931,51GB
Running: g1diuk63.exe; Driver: C:\Users\Colin\AppData\Local\Temp\agloqpod.sys
 
 
---- Threads - GMER 2.1 ----
 
Thread  C:\Windows\System32\svchost.exe [2088:3632]  000007feec859688
 
---- EOF - GMER 2.1 ----
 
 
 

TDSSKILLER log attached.

Thanks

 

 



#4 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:36 PM

Posted 06 January 2015 - 10:25 AM

I think you forgot to attach the log file ;)


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#5 HardCoreHolland

HardCoreHolland
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:36 PM

Posted 06 January 2015 - 10:28 AM

Here is the TDSSKILLER log....
Don't mind the weird name : hoppeta.txt....

Something wouldn't let me upload the original

Attached Files


Edited by HardCoreHolland, 06 January 2015 - 10:29 AM.


#6 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:36 PM

Posted 06 January 2015 - 10:47 AM

Fix with FRST (normal mode)

WARNING: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
 

  • Download the attached fixlist.txt and save it to the location where FRST is saved to.
  • Run FRST.exe (on 64bit, run FRST64.exe) and press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply.

 

 

 

 

Full System Scan with Malwarebytes Antimalware
 

  • If not existing, please download Malwarebytes Anti-Malware to your desktop.
  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

Attached Files


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#7 HardCoreHolland

HardCoreHolland
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:36 PM

Posted 06 January 2015 - 11:15 AM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 06-01-2015
Ran by Colin at 2015-01-06 16:51:13 Run:1
Running from C:\Users\Colin\Desktop\frst
Loaded Profile: Colin (Available profiles: Colin)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
Task: {46B0D712-3AB9-4BD8-8C15-EDB797E6CBE5} - \SUPERAntiSpyware Scheduled Task ce15ca78-4374-4588-89aa-25d27daf2137 No Task File <==== ATTENTION
Task: {495F8F8D-1C59-42F5-8BD6-0E34A8EE90DA} - \SUPERAntiSpyware Scheduled Task a615bdee-22ba-4515-b02d-0f6b77732914 No Task File <==== ATTENTION
HKU\S-1-5-21-3666549355-1969835559-904239995-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:65473;https=127.0.0.1:65473
CHR HomePage: Default -> hxxp://search.conduit.com/?ctid=CT3312375&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP33A27EC6-0572-43B1-8C9F-C391466AB759
BootExecute: autocheck autochk * PCloudBroom64.exe \systemroot\system32\BroomData.bitPCloudBroom64.exe \systemroot\system32\BroomData.bitPCloudBroom64.exe \systemroot\system32\BroomData.bitPCloudBroom64.exe \systemroot\system32\BroomData.bit
 
EmptyTemp:
*****************
 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{46B0D712-3AB9-4BD8-8C15-EDB797E6CBE5}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{46B0D712-3AB9-4BD8-8C15-EDB797E6CBE5}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SUPERAntiSpyware Scheduled Task ce15ca78-4374-4588-89aa-25d27daf2137" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{495F8F8D-1C59-42F5-8BD6-0E34A8EE90DA}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{495F8F8D-1C59-42F5-8BD6-0E34A8EE90DA}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SUPERAntiSpyware Scheduled Task a615bdee-22ba-4515-b02d-0f6b77732914" => Key deleted successfully.
"HKU\S-1-5-21-3666549355-1969835559-904239995-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
Chrome HomePage deleted successfully.
HKLM\System\CurrentControlSet\Control\Session Manager\\BootExecute => Value was restored successfully.
EmptyTemp: => Removed 107.2 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 16:51:19 ====
 
 
 
Unable to open Malwarebytes Anti Malware, even not Chameleon

Attached Files



#8 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:36 PM

Posted 08 January 2015 - 04:17 AM

Scan with ESET Online Scan

Go here to run an online scannner from ESET. Windows Vista/Windows 7/Windows 8 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

  • Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Here's how.
  • Click the blue Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the program to install the "OnlineScanner.cab" activex control by clicking the Install button
  • Once the activex control is installed, on the next screen click on Enable detection of potentially unwanted applications
  • Click on Advanced Settings
  • Make sure that the option Remove found threats is unticked.
  • Ensure these options are ticked
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start
  • Wait for the scan to finish
  • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
  • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
  • Close the ESET online scan, and let me know how things are now.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#9 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:36 PM

Posted 21 January 2015 - 06:50 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users