Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Chome odd behavior, reidrect and fake alerts and extra tabs poping up


  • This topic is locked This topic is locked
19 replies to this topic

#1 bvdl75

bvdl75

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:07:00 AM

Posted 06 January 2015 - 11:00 PM

Hi,

I have been trying to remove an unknown infection on a win 7 64 bit box for a few weeks now and have decided I need some help

I have currently scanned with Malwarebytes, ADWCleaner, superantispyware and TDSS killer. and all show a clean result as such I am out of ideas.

 

I have having the same problem as outlined by another user in an unfinished thread

http://www.bleepingcomputer.com/forums/t/552269/getting-unwanted-extra-tabs-that-are-not-in-the-tabs-list-on-startup/

 

Chrome opens 4 blank tabs randomly but never in incognito mode.  The Tabs are:

http://--load-extension%3Dc/Program%20Files/Google/Chrome/Application/Extensions/chrome/app

http://--load-component-extension%3Dc/Program%20Files/Google/Chrome/Application/Extensions/chrome/man

http://--extensions-on-chrome-urls/

http://--test-type/

 

Extensions

Chrome shows "boo you have no extensions installed"

 

 

Also when browsing some web sites i get random warning notices stating that my Flash is out of date and should be updated then it wants to immediately update.

 

IE is behaving the same

 

I do not use firefox

 

 

 

 

DDS.TXT

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 9.0.8112.16599  BrowserJavaVersion: 11.25.2
Run by benvanderlinde at 14:39:59 on 2015-01-07
Microsoft Windows 7 Professional   6.1.7601.1.1252.61.1033.18.12286.8616 [GMT 11:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Enabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\nvwmi64.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Program Files\Tablet\Wacom\Wacom_TouchService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Gemalto\Classic Client\BIN\GslShmSrvc.exe
C:\ProgramData\DatacardService\HWDeviceService64.exe
C:\Program Files\KeyShot4 Network Rendering\keyshot4_network_slave_watchdog.exe
C:\ProgramData\Optus Mobile Broadband\OnlineUpdate\ouc.exe
C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\nvwmi64.exe
C:\ProgramData\Optus Mobile Broadband\OnlineUpdate\LiveUpd.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler64.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\System32\spool\drivers\x64\3\CNAP2LAK.EXE
C:\Program Files\Microsoft LifeChat\LifeChat.exe
C:\Program Files\KeyShot4 Network Rendering\keyshot4_network_slave_tray.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\TechSmith\Snagit 9\Snagit32.exe
C:\Program Files (x86)\Common Files\SolidWorks Installation Manager\BackgroundDownloading\sldBgDwld.exe
C:\Program Files\3Dconnexion\3Dconnexion 3DxSoftware\3DxWare64\3dxsrv.exe
C:\Users\benvanderlinde\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Windows\system32\spool\DRIVERS\x64\3\CNACASWK.EXE
C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
C:\Windows\system32\spool\DRIVERS\x64\3\CNACASWK.EXE
C:\Program Files (x86)\Gemalto\Classic Client\BIN\RegTool.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\spool\DRIVERS\x64\3\CNACASWK.EXE
C:\Program Files (x86)\TechSmith\Snagit 9\TSCHelp.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe
C:\Program Files (x86)\TechSmith\Snagit 9\SnagPriv.exe
C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
C:\Program Files (x86)\TechSmith\Snagit 9\snagiteditor.exe
C:\Windows\splwow64.exe
C:\Users\benvanderlinde\Desktop\AdwCleaner.exe
C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Users\benvanderlinde\Downloads\dfv7ddi3.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\PrintIsolationHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
mWinlogon: Userinit = userinit.exe,
BHO: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitBHO.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitIEAddin.dll
uRun: [CNAP2 Launcher] C:\Windows\System32\spool\DRIVERS\x64\3\CNAP2LAK.EXE
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRunOnce: [Application Restart #3] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe  --extensions-on-chrome-urls --test-type --load-extension="c:\Program Files\Google\Chrome\Application\Extensions\chrome\app" --load-component-extension="c:\Program Files\Google\Chrome\Application\Extensions\chrome\man" --flag-switches-begin --flag-switches-end --restore-last-session
mRun: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun: [Adobe_ID0ENQBO] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [RegTool] C:\Program Files (x86)\Gemalto\Classic Client\BIN\RegTool.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\BENVAN~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\benvanderlinde\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\BENVAN~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SNAGIT~1.LNK - C:\Program Files (x86)\TechSmith\Snagit 9\Snagit32.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SOLIDW~1.LNK - C:\Program Files (x86)\Common Files\SolidWorks Installation Manager\BackgroundDownloading\sldBgDwld.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\START3~1.LNK - C:\Program Files\3Dconnexion\3Dconnexion 3DxSoftware\3DxWare64\3dxsrv.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: NoWelcomeScreen = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
Trusted Zone: anz.com
DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} - hxxp://kitchenplanner.ikea.com/au/Core/Player/2020PlayerAX_IKEA_Win32.cab
DPF: {88DD90B6-C770-4CFF-B7A4-3AFD16BB8824} - hxxps://transtasmanadmin.online.anz.com/client/crystalreportviewers12/ActiveXControls/PrintControl.cab
TCP: NameServer = 192.168.1.5 192.168.1.1
TCP: Interfaces\{7790CD42-5136-4754-8FAD-5E4EDA3E0F3B} : NameServer = 198.142.0.51 211.29.132.12
TCP: Interfaces\{B3465B0D-177C-4651-B5E8-0811A284C738} : NameServer = 192.168.1.5,192.168.1.1
TCP: Interfaces\{B3465B0D-177C-4651-B5E8-0811A284C738} : DHCPNameServer = 192.168.1.5 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 9\DLLx64\SnagitBHO64.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
x64-Run: [CNAP2 Launcher] C:\Windows\System32\spool\DRIVERS\x64\3\CNAP2LAK.EXE
x64-Run: [LifeChat] "C:\Program Files\Microsoft LifeChat\LifeChat.exe"
x64-Run: [Keyshot 4 Network SlaveTray] C:\Program Files\KeyShot4 Network Rendering\keyshot4_network_slave_tray
x64-Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-mASetup: {12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\Windows\System32\ieudinit.exe
Hosts: 192.168.1.253 storage
Hosts: 192.168.1.5 server
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\benvanderlinde\AppData\Roaming\Mozilla\Firefox\Profiles\tt2s1xv8.default\
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npwacom.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll
FF - plugin: C:\Program Files (x86)\Winamp Detect\npwachk.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\Dassault Systemes\3D XML Player\win_b64\code\bin32\NP3DXMLPlugin.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-7-17 269008]
R0 mv91xx;mv91xx;C:\Windows\System32\drivers\mv91xx.sys [2009-12-25 297512]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-7-11 55856]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-23 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-13 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2013-10-11 172344]
R2 GslShmSrvc;GSL Share Memory;C:\Program Files (x86)\Gemalto\Classic Client\BIN\GslShmSrvc.exe [2011-5-12 85504]
R2 HWDeviceService64.exe;HWDeviceService64.exe;C:\ProgramData\DatacardService\HWDeviceService64.exe [2011-3-15 346976]
R2 KeyShot4 Render Slave;KeyShot4 Render Slave;C:\Program Files\KeyShot4 Network Rendering\keyshot4_network_slave_watchdog.exe [2013-6-26 59904]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-3-20 125584]
R2 NVWMI;NVIDIA WMI Provider;C:\Windows\System32\nvwmi64.exe [2013-10-7 1248544]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-9-21 413472]
R2 TabletServiceWacom;TabletServiceWacom;C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe [2012-7-11 8518008]
R2 TouchServiceWacom;Wacom Professional Touch Service;C:\Program Files\Tablet\Wacom\Wacom_TouchService.exe [2012-7-11 567672]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]
R3 huawei_enumerator;huawei_enumerator;C:\Windows\System32\drivers\ew_jubusenum.sys [2013-12-6 90112]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-8-22 368624]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 Optus Mobile Broadband. RunOuc;Optus Mobile Broadband. OUC;C:\Program Files (x86)\Optus Mobile Broadband\UpdateDog\ouc.exe [2013-12-6 655744]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-4-3 315008]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-8-15 284016]
S3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [2012-6-9 89192]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;C:\Windows\System32\drivers\ew_hwusbdev.sys [2013-12-6 117248]
S3 ew_usbenumfilter;huawei_CompositeFilter;C:\Windows\System32\drivers\ew_usbenumfilter.sys [2013-12-6 13952]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-7-11 1431888]
S3 GemCCID;GemCCID;C:\Windows\System32\drivers\GemCCID.sys [2009-8-10 119680]
S3 hidkmdf;KMDF Driver;C:\Windows\System32\drivers\hidkmdf.sys [2012-7-11 13688]
S3 huawei_cdcacm;huawei_cdcacm;C:\Windows\System32\drivers\ew_jucdcacm.sys [2013-12-6 104448]
S3 huawei_ext_ctrl;huawei_ext_ctrl;C:\Windows\System32\drivers\ew_juextctrl.sys [2013-12-6 30720]
S3 huawei_wwanecm;huawei_wwanecm;C:\Windows\System32\drivers\ew_juwwanecm.sys [2013-12-6 238080]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136]
S3 LVUVC64;Logitech QuickCam Pro 9000(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568]
S3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-6-30 129752]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-7-16 59392]
S3 WacHidRouter;Wacom Hid Router;C:\Windows\System32\drivers\wachidrouter.sys [2012-7-11 65912]
S3 wacomrouterfilter;Wacom Router Filter Driver;C:\Windows\System32\drivers\wacomrouterfilter.sys [2012-7-11 15736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-7-11 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
.
=============== Created Last 30 ================
.
2429-08-17 04:55:33 -------- d-----w- C:\products (Cad-5)
2015-01-07 03:16:43 -------- d-----w- C:\FRST
2015-01-05 21:56:51 11870360 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8A082D82-182F-4F39-AA82-816E2C9592C4}\mpengine.dll
2015-01-05 05:55:47 -------- d-----w- C:\ProgramData\HitmanPro
2015-01-04 21:48:17 1188440 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B1C4884C-91EC-4444-AD50-82EE67A805D5}\gapaengine.dll
2015-01-04 21:47:55 11870360 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-12-16 22:58:59 -------- d-----r- C:\Program Files (x86)\Skype
2014-12-12 01:10:53 -------- d-----w- C:\AdwCleaner
2014-12-12 01:10:20 2166272 ----a-w- C:\AdwCleaner.exe
2014-12-11 03:05:53 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-12-11 03:05:53 701616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-12-11 01:49:32 -------- d-----w- C:\Users\benvanderlinde\AppData\Roaming\com.adobe.amp
2014-12-11 01:46:58 -------- d-----w- C:\Users\benvanderlinde\.android
2014-12-10 16:22:28 -------- d-----w- C:\Windows\System32\appraiser
2014-12-10 16:01:37 4121600 ----a-w- C:\Windows\System32\mf.dll
2014-12-10 16:01:37 3209728 ----a-w- C:\Windows\SysWow64\mf.dll
2014-12-10 05:35:19 346624 ----a-w- C:\Windows\System32\WSManMigrationPlugin.dll
2014-12-09 22:20:57 3995648 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npClassicESigner.dll
2014-12-09 22:20:49 -------- d-----w- C:\Windows\SysWow64\gpccard
2014-12-09 22:20:46 -------- d-----w- C:\Program Files\Gemalto
2014-12-09 22:17:48 -------- d--h--w- C:\Users\benvanderlinde\InstallAnywhere
.
==================== Find3M  ====================
.
2015-01-05 22:16:43 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2015-01-05 05:45:42 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-12-04 02:50:55 413184 ----a-w- C:\Windows\System32\generaltel.dll
2014-12-04 02:50:45 741376 ----a-w- C:\Windows\System32\invagent.dll
2014-12-04 02:50:40 396800 ----a-w- C:\Windows\System32\devinv.dll
2014-12-04 02:50:38 830976 ----a-w- C:\Windows\System32\appraiser.dll
2014-12-04 02:50:37 227328 ----a-w- C:\Windows\System32\aepdu.dll
2014-12-04 02:50:37 192000 ----a-w- C:\Windows\System32\aepic.dll
2014-12-04 02:44:48 1083392 ----a-w- C:\Windows\System32\aeinv.dll
2014-12-01 23:28:44 1232040 ----a-w- C:\Windows\System32\aitstatic.exe
2014-12-01 02:01:17 4 ----a-w- C:\Users\benvanderlinde\AppData\Roaming\appdataFr2.bin
2014-11-24 21:59:39 448512 ----a-w- C:\Windows\System32\html.iec
2014-11-24 21:53:14 2339840 ----a-w- C:\Windows\System32\jscript9.dll
2014-11-24 21:47:12 1392128 ----a-w- C:\Windows\System32\wininet.dll
2014-11-24 21:45:49 1494016 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-11-24 21:44:58 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-11-24 21:44:55 599040 ----a-w- C:\Windows\System32\vbscript.dll
2014-11-24 21:43:44 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2014-11-24 21:43:33 12800 ----a-w- C:\Windows\System32\mshta.exe
2014-11-24 20:44:32 367104 ----a-w- C:\Windows\SysWow64\html.iec
2014-11-24 20:40:49 1810944 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-11-24 20:35:25 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-11-24 20:34:40 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-11-24 20:33:56 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-11-24 20:33:47 421376 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-11-24 20:32:47 11776 ----a-w- C:\Windows\SysWow64\mshta.exe
2014-11-24 20:32:36 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-11-20 19:14:22 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-11-20 19:14:12 93400 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-11-20 19:14:08 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-11-18 17:26:34 1614504 ----a-w- C:\Windows\System32\FM20.DLL
2014-11-11 03:09:06 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2014-11-11 03:08:52 241152 ----a-w- C:\Windows\System32\pku2u.dll
2014-11-11 03:08:48 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-11-11 02:44:45 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2014-11-11 02:44:32 186880 ----a-w- C:\Windows\SysWow64\pku2u.dll
2014-11-11 02:44:25 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-11-11 01:46:26 119296 ----a-w- C:\Windows\System32\drivers\tdx.sys
2014-11-08 03:16:08 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-11-08 02:45:09 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-10-30 11:25:26 275080 ------w- C:\Windows\System32\MpSigStub.exe
2014-10-30 02:03:43 165888 ----a-w- C:\Windows\System32\charmap.exe
2014-10-30 01:45:43 155136 ----a-w- C:\Windows\SysWow64\charmap.exe
2014-10-25 01:57:59 77824 ----a-w- C:\Windows\System32\packager.dll
2014-10-25 01:32:37 67584 ----a-w- C:\Windows\SysWow64\packager.dll
2014-10-18 02:05:23 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2014-10-18 01:33:18 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2014-10-14 02:16:37 155064 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2014-10-14 02:13:06 683520 ----a-w- C:\Windows\System32\termsrv.dll
2014-10-14 02:13:00 3241984 ----a-w- C:\Windows\System32\msi.dll
2014-10-14 02:12:57 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-10-14 02:09:31 146432 ----a-w- C:\Windows\System32\msaudite.dll
2014-10-14 02:07:31 681984 ----a-w- C:\Windows\System32\adtschema.dll
2014-10-14 01:50:47 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-10-14 01:50:41 2363904 ----a-w- C:\Windows\SysWow64\msi.dll
2014-10-14 01:49:38 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-10-14 01:47:30 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2014-10-14 01:46:02 681984 ----a-w- C:\Windows\SysWow64\adtschema.dll
2014-10-10 00:57:42 3198976 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 14:40:12.23 ===============

Attached Files


Edited by bvdl75, 06 January 2015 - 11:03 PM.


BC AdBot (Login to Remove)

 


#2 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,045 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:00 PM

Posted 07 January 2015 - 04:35 PM

Hey my friend. :)

Please download FRST (by Farbar) from the link below and save it to your Desktop.

Download Mirror #1

If you are unsure whether you have 32-Bit or 64-Bit Windows, see here
  • Disable all anti-virus and anti-malware software to prevent them inhibiting FRST in any way. If you are unsure how to do this, see THIS.
  • Double-click FRST.exe/FRST64.exe (depending on which version you downloaded) to run it. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • When the disclaimer appears, click Yes.
  • Click Scan to start FRST.
  • When FRST finishes scanning, two logs, FRST.txt and Addition.txt will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of both of these logs into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#3 bvdl75

bvdl75
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:07:00 AM

Posted 07 January 2015 - 06:25 PM

Thanks please see logs below.

 

Edit was to repost as frst was not originally run from the desktop.  (question if you have time to answer is why does the run location make a difference? - Just curios to understand the procedure we are going through)

 

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-01-2015
Ran by benvanderlinde (administrator) on CAD-9 on 08-01-2015 10:28:20
Running from C:\Users\benvanderlinde\Desktop
Loaded Profile: benvanderlinde (Available profiles: Demain & benvanderlinde & Administrator)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvwmi64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchService.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Gemalto) C:\Program Files (x86)\Gemalto\Classic Client\BIN\GslShmSrvc.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
() C:\Program Files\KeyShot4 Network Rendering\keyshot4_network_slave_watchdog.exe
() C:\ProgramData\Optus Mobile Broadband\OnlineUpdate\ouc.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvwmi64.exe
() C:\ProgramData\Optus Mobile Broadband\OnlineUpdate\LiveUpd.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler64.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(CANON INC.) C:\Windows\System32\spool\drivers\x64\3\CNAP2LAK.EXE
(Microsoft Corporation) C:\Program Files\Microsoft LifeChat\LifeChat.exe
() C:\Program Files\KeyShot4 Network Rendering\keyshot4_network_slave_tray.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 9\Snagit32.exe
(Dassault Systèmes SolidWorks Corp.) C:\Program Files (x86)\Common Files\SolidWorks Installation Manager\BackgroundDownloading\sldBgDwld.exe
(3Dconnexion, INC) C:\Program Files\3Dconnexion\3Dconnexion 3DxSoftware\3DxWare64\3dxsrv.exe
(Dropbox, Inc.) C:\Users\benvanderlinde\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
(Analog Devices, Inc.) C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
(CANON INC.) C:\Windows\System32\spool\drivers\x64\3\CNACASWK.EXE
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
(CANON INC.) C:\Windows\System32\spool\drivers\x64\3\CNACASWK.EXE
() C:\Program Files (x86)\Gemalto\Classic Client\BIN\RegTool.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(CANON INC.) C:\Windows\System32\spool\drivers\x64\3\CNACASWK.EXE
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 9\TscHelp.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 9\SnagPriv.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 9\SnagitEditor.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
(Microsoft Corporation) C:\Windows\System32\calc.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSTORDB.EXE
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\prevhost.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10.exe
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Farbar) C:\Users\benvanderlinde\Desktop\FRST64 (1).exe
() C:\Program Files\KeyShot4 Network Rendering\keyshot4_network_slave.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [CNAP2 Launcher] => C:\Windows\system32\spool\DRIVERS\x64\3\CNAP2LAK.EXE [226784 2010-10-15] (CANON INC.)
HKLM\...\Run: [LifeChat] => C:\Program Files\Microsoft LifeChat\LifeChat.exe [371712 2009-09-24] (Microsoft Corporation)
HKLM\...\Run: [Keyshot 4 Network SlaveTray] => C:\Program Files\KeyShot4 Network Rendering\keyshot4_network_slave_tray
HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2747680 2013-09-21] ()
HKLM-x32\...\Run: [SoundMAXPnP] => C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [1314816 2009-04-23] (Analog Devices, Inc.)
HKLM-x32\...\Run: [AdobeCS4ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712 2008-08-14] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [37232 2008-06-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [640376 2008-06-11] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Adobe_ID0ENQBO] => C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe [378224 2008-08-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [RegTool] => C:\Program Files (x86)\Gemalto\Classic Client\BIN\RegTool.exe [943104 2012-07-02] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM\...\Policies\Explorer: [NoWelcomeScreen] 1
HKU\S-1-5-21-384575526-2649865645-2130750055-1145\...\Run: [CNAP2 Launcher] => C:\Windows\system32\spool\DRIVERS\x64\3\CNAP2LAK.EXE [226784 2010-10-15] (CANON INC.)
HKU\S-1-5-21-384575526-2649865645-2130750055-1145\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7780120 2015-01-06] (SUPERAntiSpyware)
HKU\S-1-5-21-384575526-2649865645-2130750055-1145\...\Run: [GoogleDriveSync] => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
HKU\S-1-5-21-384575526-2649865645-2130750055-1145\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22065760 2014-10-01] (Skype Technologies S.A.)
HKU\S-1-5-21-384575526-2649865645-2130750055-1145\...\RunOnce: [Application Restart #3] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [854344 2014-10-01] (Google Inc.)
HKU\S-1-5-21-384575526-2649865645-2130750055-1145\...\MountPoints2: {36b8eb22-5e14-11e3-9eea-00256499a17a} - J:\AutoRun.exe
HKU\S-1-5-21-384575526-2649865645-2130750055-1145\...\MountPoints2: {36b8eb30-5e14-11e3-9eea-00256499a17a} - F:\AutoRun.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snagit 9.lnk
ShortcutTarget: Snagit 9.lnk -> C:\Program Files (x86)\TechSmith\Snagit 9\Snagit32.exe (TechSmith Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SolidWorks Background Downloader.lnk
ShortcutTarget: SolidWorks Background Downloader.lnk -> C:\Program Files (x86)\Common Files\SolidWorks Installation Manager\BackgroundDownloading\sldBgDwld.exe (Dassault Systèmes SolidWorks Corp.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start 3DxWare.lnk
ShortcutTarget: Start 3DxWare.lnk -> C:\Program Files\3Dconnexion\3Dconnexion 3DxSoftware\3DxWare64\3dxsrv.exe (3Dconnexion, INC)
Startup: C:\Users\benvanderlinde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\benvanderlinde\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\benvanderlinde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-384575526-2649865645-2130750055-1145\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/en-au/?ocid=iehp
HKU\S-1-5-21-384575526-2649865645-2130750055-1145\Software\Microsoft\Internet Explorer\Main,Start Page = 
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\Snagit 9\DLLx64\SnagitBHO64.dll (TechSmith Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\Snagit 9\SnagitBHO.dll (TechSmith Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitIEAddin.dll (TechSmith Corporation)
Toolbar: HKU\S-1-5-21-384575526-2649865645-2130750055-1145 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {1ABA5FAC-1417-422B-BA82-45C35E2C908B} http://kitchenplanner.ikea.com/au/Core/Player/2020PlayerAX_IKEA_Win32.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.5 192.168.1.1
Tcpip\..\Interfaces\{7790CD42-5136-4754-8FAD-5E4EDA3E0F3B}: [NameServer] 198.142.0.51 211.29.132.12
Tcpip\..\Interfaces\{B3465B0D-177C-4651-B5E8-0811A284C738}: [NameServer] 192.168.1.5,192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\benvanderlinde\AppData\Roaming\Mozilla\Firefox\Profiles\tt2s1xv8.default
FF Plugin: @3ds.com/3dxml -> C:\Program Files\Dassault Systemes\3D XML Player\win_b64\code\bin\NP3DXMLPlugin.dll ()
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @3ds.com/3dxml -> C:\Program Files\Dassault Systemes\3D XML Player\win_b64\code\bin32\NP3DXMLPlugin.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nullsoft.com/winampDetector;version=1 -> C:\Program Files (x86)\Winamp Detect\npwachk.dll (Nullsoft, Inc.)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.10 -> C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.0.0.6 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Screengrab  (fix version) - C:\Users\benvanderlinde\AppData\Roaming\Mozilla\Firefox\Profiles\tt2s1xv8.default\Extensions\{02450914-cdd9-410f-b1da-db004e18c671}.xpi [2014-09-23]
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\benvanderlinde\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\benvanderlinde\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-02]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\benvanderlinde\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-06]
CHR Extension: (YouTube) - C:\Users\benvanderlinde\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-02]
CHR Extension: (Google Search) - C:\Users\benvanderlinde\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-02]
CHR Extension: (Google Wallet) - C:\Users\benvanderlinde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-02]
CHR Extension: (Gmail) - C:\Users\benvanderlinde\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-02]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-09-08] (SUPERAntiSpyware.com)
S3 Adobe Version Cue CS4; C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [284016 2008-08-15] (Adobe Systems Incorporated)
R2 GslShmSrvc; C:\Program Files (x86)\Gemalto\Classic Client\BIN\GslShmSrvc.exe [85504 2011-05-12] (Gemalto) [File not signed]
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-15] ()
R2 KeyShot4 Render Slave; C:\Program Files\KeyShot4 Network Rendering\keyshot4_network_slave_watchdog.exe [59904 2013-06-26] () [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 NVWMI; C:\Windows\system32\nvwmi64.exe [1248544 2013-09-21] (NVIDIA Corporation)
S2 Optus Mobile Broadband. RunOuc; C:\Program Files (x86)\Optus Mobile Broadband\UpdateDog\ouc.exe [655744 2012-06-28] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2009-10-21] (CACE Technologies, Inc.)
S3 SolidWorks Licensing Service; C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2012-07-11] (SolidWorks) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 GemCCID; C:\Windows\System32\DRIVERS\GemCCID.sys [119680 2009-08-10] (Gemalto)
S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [238080 2012-06-06] (Huawei Technologies Co., Ltd.)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-05] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [47632 2009-10-21] (CACE Technologies, Inc.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-23] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
U3 fxldqpow; \??\C:\Users\BENVAN~1\AppData\Local\Temp\fxldqpow.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2099-08-18 11:58 - 2014-04-29 11:31 - 00000000 ____D () C:\Users\benvanderlinde\Documents\ben
2099-08-17 15:55 - 2013-09-02 15:55 - 00000000 ____D () C:\products (Cad-5)
2099-08-08 11:13 - 2014-12-16 14:02 - 00000000 ____D () C:\Users\benvanderlinde\Documents\Demain
2099-08-08 11:13 - 2013-09-02 15:37 - 00000000 ____D () C:\Users\benvanderlinde\Documents\Snag It! 9
2015-01-08 10:28 - 2015-01-08 10:28 - 00021862 _____ () C:\Users\benvanderlinde\Desktop\FRST.txt
2015-01-08 10:08 - 2015-01-08 10:08 - 02124288 _____ (Farbar) C:\Users\benvanderlinde\Desktop\FRST64 (1).exe
2015-01-07 14:41 - 2015-01-07 14:41 - 00000000 ____D () C:\Users\benvanderlinde\Desktop\Bleeping
2015-01-07 14:40 - 2015-01-07 14:40 - 00025636 _____ () C:\Users\benvanderlinde\Desktop\dds.txt
2015-01-07 14:40 - 2015-01-07 14:40 - 00013272 _____ () C:\Users\benvanderlinde\Desktop\attach.txt
2015-01-07 14:34 - 2015-01-07 14:35 - 00688992 ____R (Swearware) C:\Users\benvanderlinde\Downloads\dds.com
2015-01-07 14:25 - 2015-01-07 14:25 - 00165376 _____ () C:\Users\benvanderlinde\Downloads\SystemLook_x64.exe
2015-01-07 14:24 - 2015-01-07 14:24 - 00380416 _____ () C:\Users\benvanderlinde\Downloads\dfv7ddi3.exe
2015-01-07 14:23 - 2014-12-12 00:46 - 04187592 _____ (Kaspersky Lab ZAO) C:\Users\benvanderlinde\Desktop\TDSSKiller.exe
2015-01-07 14:19 - 2015-01-07 14:19 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\benvanderlinde\Downloads\revosetup.exe
2015-01-07 14:18 - 2015-01-07 14:18 - 04166770 _____ () C:\Users\benvanderlinde\Downloads\tdsskiller.zip
2015-01-07 14:17 - 2015-01-08 10:18 - 00034186 _____ () C:\Users\benvanderlinde\Downloads\Addition.txt
2015-01-07 14:16 - 2015-01-08 10:28 - 00000000 ____D () C:\FRST
2015-01-07 14:16 - 2015-01-08 10:18 - 00040096 _____ () C:\Users\benvanderlinde\Downloads\FRST.txt
2015-01-07 14:16 - 2015-01-07 14:16 - 02123776 _____ (Farbar) C:\Users\benvanderlinde\Downloads\FRST64.exe
2015-01-06 10:29 - 2015-01-06 10:30 - 02173952 _____ () C:\Users\benvanderlinde\Desktop\AdwCleaner.exe
2015-01-05 16:55 - 2015-01-06 08:37 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-01-05 08:47 - 2015-01-05 08:47 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2014-12-17 09:59 - 2014-12-17 09:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-12-17 09:58 - 2014-12-17 09:59 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-12-16 10:56 - 2014-10-15 09:43 - 06468614 _____ () C:\Users\benvanderlinde\Desktop\b046-5001_03_asm.stp
2014-12-12 12:10 - 2015-01-07 14:12 - 00000000 ____D () C:\AdwCleaner
2014-12-12 12:10 - 2014-12-12 12:10 - 02166272 _____ () C:\AdwCleaner.exe
2014-12-12 09:05 - 2014-12-12 09:05 - 00000000 ____D () C:\Users\benvanderlinde\Desktop\New folder
2014-12-11 15:39 - 2014-12-11 15:39 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-11 14:05 - 2015-01-08 10:14 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-11 14:05 - 2014-12-11 14:05 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-11 14:05 - 2014-12-11 14:05 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-11 14:05 - 2014-12-11 14:05 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-11 14:05 - 2014-12-11 14:05 - 00000000 ____D () C:\Windows\system32\Macromed
2014-12-11 12:49 - 2014-12-11 12:49 - 00000000 ____D () C:\Users\benvanderlinde\AppData\Roaming\com.adobe.amp
2014-12-11 12:46 - 2014-12-11 15:48 - 00000000 ____D () C:\Users\benvanderlinde\.android
2014-12-11 03:22 - 2014-12-11 03:22 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-11 03:01 - 2014-10-18 13:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-11 03:01 - 2014-10-18 12:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-10 16:36 - 2014-12-04 13:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-10 16:36 - 2014-12-04 13:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-10 16:36 - 2014-12-04 13:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-10 16:36 - 2014-12-04 13:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-10 16:36 - 2014-12-04 13:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-10 16:36 - 2014-12-04 13:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-10 16:36 - 2014-12-04 13:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-10 16:36 - 2014-12-02 10:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-10 16:36 - 2014-11-25 09:12 - 17874432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-10 16:36 - 2014-11-25 08:59 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-12-10 16:36 - 2014-11-25 08:54 - 10921984 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-10 16:36 - 2014-11-25 08:53 - 02339840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-10 16:36 - 2014-11-25 08:47 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-10 16:36 - 2014-11-25 08:47 - 01388032 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-10 16:36 - 2014-11-25 08:45 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-10 16:36 - 2014-11-25 08:45 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-12-10 16:36 - 2014-11-25 08:45 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-10 16:36 - 2014-11-25 08:44 - 02157056 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-10 16:36 - 2014-11-25 08:44 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-12-10 16:36 - 2014-11-25 08:44 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-10 16:36 - 2014-11-25 08:44 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-10 16:36 - 2014-11-25 08:44 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-10 16:36 - 2014-11-25 08:44 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-10 16:36 - 2014-11-25 08:44 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-10 16:36 - 2014-11-25 08:44 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-12-10 16:36 - 2014-11-25 08:44 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-12-10 16:36 - 2014-11-25 08:43 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-10 16:36 - 2014-11-25 08:43 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-10 16:36 - 2014-11-25 08:43 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-12-10 16:36 - 2014-11-25 08:42 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-10 16:36 - 2014-11-25 07:44 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-12-10 16:36 - 2014-11-25 07:41 - 12369920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-10 16:36 - 2014-11-25 07:40 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-10 16:36 - 2014-11-25 07:37 - 09740800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-10 16:36 - 2014-11-25 07:35 - 01139712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-10 16:36 - 2014-11-25 07:35 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-10 16:36 - 2014-11-25 07:34 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-10 16:36 - 2014-11-25 07:34 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-12-10 16:36 - 2014-11-25 07:33 - 01802752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-10 16:36 - 2014-11-25 07:33 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-12-10 16:36 - 2014-11-25 07:33 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-10 16:36 - 2014-11-25 07:33 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-10 16:36 - 2014-11-25 07:33 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-10 16:36 - 2014-11-25 07:33 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-10 16:36 - 2014-11-25 07:33 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-12-10 16:36 - 2014-11-25 07:32 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-10 16:36 - 2014-11-25 07:32 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-10 16:36 - 2014-11-25 07:32 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-10 16:36 - 2014-11-25 07:32 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-10 16:36 - 2014-11-25 07:32 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-10 16:36 - 2014-11-25 07:32 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-12-10 16:36 - 2014-11-25 07:32 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-12-10 16:36 - 2014-11-11 14:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-10 16:36 - 2014-11-11 13:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-10 16:36 - 2014-11-11 12:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-10 16:35 - 2014-11-08 14:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-10 16:35 - 2014-11-08 13:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-10 16:35 - 2014-10-30 13:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-10 16:35 - 2014-10-30 12:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-10 16:35 - 2014-10-03 13:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-10 16:35 - 2014-10-03 13:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-10 16:35 - 2014-10-03 13:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-10 16:35 - 2014-10-03 13:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-10 16:35 - 2014-10-03 13:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-10 16:35 - 2014-10-03 12:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-10 16:35 - 2014-10-03 12:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-10 16:35 - 2014-10-03 12:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-10 16:35 - 2014-10-03 12:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-10 16:35 - 2014-10-03 12:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2014-12-10 09:21 - 2014-12-10 09:21 - 00000000 ____D () C:\Users\benvanderlinde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gemalto
2014-12-10 09:20 - 2014-12-10 09:20 - 00023680 _____ () C:\Users\benvanderlinde\installer_debug.txt
2014-12-10 09:20 - 2014-12-10 09:20 - 00000000 ____D () C:\Windows\SysWOW64\gpccard
2014-12-10 09:20 - 2014-12-10 09:20 - 00000000 ____D () C:\Program Files\Gemalto
2014-12-10 09:17 - 2014-12-10 09:17 - 00000000 ___HD () C:\Users\benvanderlinde\InstallAnywhere
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-08 10:28 - 2013-07-18 18:20 - 00000000 ____D () C:\Users\Public\Documents\KeyShot 4 Network Resources
2015-01-08 10:27 - 2012-10-17 17:13 - 00000419 _____ () C:\Windows\BRWMARK.INI
2015-01-08 10:27 - 2012-10-17 17:13 - 00000027 _____ () C:\Windows\BRPP2KA.INI
2015-01-08 10:24 - 2013-09-02 12:37 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-08 10:08 - 2009-10-14 16:49 - 00000000 ____D () C:\Users\benvanderlinde\Documents\outlook
2015-01-08 09:58 - 2012-07-11 13:28 - 00000936 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-384575526-2649865645-2130750055-1614UA.job
2015-01-08 09:41 - 2013-09-02 17:19 - 00000000 ____D () C:\Users\benvanderlinde\AppData\Roaming\Skype
2015-01-08 09:28 - 2012-07-11 12:53 - 00000168 _____ () C:\Windows\system32\config\netlogon.ftl
2015-01-08 08:47 - 2012-07-11 11:52 - 01049798 _____ () C:\Windows\WindowsUpdate.log
2015-01-08 08:35 - 2014-01-31 09:34 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-01-08 07:57 - 2012-07-11 13:28 - 00000884 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-384575526-2649865645-2130750055-1614Core.job
2015-01-08 05:24 - 2013-09-02 12:37 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-07 08:35 - 2014-09-03 17:06 - 00000000 ___RD () C:\Users\benvanderlinde\Dropbox
2015-01-07 08:35 - 2014-09-03 16:56 - 00000000 ____D () C:\Users\benvanderlinde\AppData\Roaming\Dropbox
2015-01-06 17:12 - 2009-07-14 15:45 - 00025616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-06 17:12 - 2009-07-14 15:45 - 00025616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-06 17:09 - 2009-07-14 16:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-06 17:05 - 2012-09-10 12:04 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-06 17:05 - 2009-07-14 16:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-06 17:05 - 2009-07-14 15:51 - 00075828 _____ () C:\Windows\setupact.log
2015-01-06 17:04 - 2012-07-11 15:26 - 00199788 _____ () C:\Windows\PFRO.log
2015-01-06 09:17 - 2014-01-17 12:23 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-06 09:16 - 2014-07-22 11:11 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-01-06 09:16 - 2014-07-22 11:11 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-06 09:10 - 2013-02-12 16:41 - 00000000 ____D () C:\wamp
2015-01-05 16:45 - 2014-06-30 14:57 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-17 09:58 - 2012-07-11 14:04 - 00000000 ____D () C:\ProgramData\Skype
2014-12-17 09:44 - 2009-07-14 16:32 - 00000000 ____D () C:\Windows\Performance
2014-12-16 13:24 - 2013-09-02 12:15 - 00000000 ____D () C:\Users\benvanderlinde\AppData\Roaming\SolidWorks
2014-12-16 12:18 - 2013-09-18 14:15 - 00000000 ____D () C:\Users\benvanderlinde\AppData\Local\TempSWBackupDirectory
2014-12-15 11:29 - 2014-02-26 16:46 - 00448512 _____ () C:\Users\benvanderlinde\Desktop\20130904 Demain Patent portfolio May 2013 (Repaired).xls
2014-12-15 09:09 - 2014-09-03 16:58 - 00000000 ____D () C:\Users\benvanderlinde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-12-11 15:49 - 2014-06-30 14:34 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-11 15:49 - 2009-07-14 14:20 - 00000000 ____D () C:\Windows\Resources
2014-12-11 15:35 - 2013-09-02 12:15 - 00000000 ____D () C:\Users\benvanderlinde\AppData\Local\Adobe
2014-12-11 12:46 - 2013-09-02 12:14 - 00000000 ____D () C:\Users\benvanderlinde
2014-12-11 10:16 - 2014-04-15 14:22 - 00000000 ____D () C:\Users\benvanderlinde\AppData\Roaming\vlc
2014-12-11 03:48 - 2009-07-14 14:20 - 00000000 ____D () C:\Windows\rescache
2014-12-11 03:22 - 2014-05-07 04:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-11 03:22 - 2009-07-14 14:20 - 00000000 ____D () C:\Windows\AppCompat
2014-12-11 03:06 - 2013-08-19 16:13 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-11 03:03 - 2012-07-11 16:52 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-11 03:03 - 2012-07-11 14:38 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-10 09:26 - 2013-11-01 18:30 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-10 09:21 - 2013-09-04 11:54 - 00000000 ____D () C:\Program Files (x86)\Gemalto
2014-12-10 09:20 - 2013-09-04 11:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gemalto
 
Some content of TEMP:
====================
C:\Users\benvanderlinde\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp0hirr2.dll
C:\Users\lucaslastman\AppData\Local\Temp\FP_AX_MSI_INSTALLER.exe
C:\Users\lucaslastman\AppData\Local\Temp\FP_PL_MSI_INSTALLER.exe
C:\Users\lucaslastman\AppData\Local\Temp\LMkRstPt.exe
C:\Users\lucaslastman\AppData\Local\Temp\SkypeSetup.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-05 09:58
 
==================== End Of Log ============================
 
 
Additions.txt
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-01-2015
Ran by benvanderlinde at 2015-01-08 10:28:41
Running from C:\Users\benvanderlinde\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Disabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Disabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
3D XML Player (HKLM\...\{C389CF17-2759-4429-B05A-3B99D81D56CC}) (Version: 12.13.12076 - Dassault Systemes)
3Dconnexion 3DxSoftware (x64 Edition) (HKLM-x32\...\{BAFCA6AC-8B37-405B-B57E-C1D45DE70ACC}) (Version: 3.16.3 - 3Dconnexion)
3Dconnexion 3DxWare (x64) (Version: 6.16.0000 - 3Dconnexion) Hidden
3Dconnexion Add-In for AutoCAD 2007 - 2010 (Version: 4.5.1 - 3Dconnexion) Hidden
3Dconnexion Add-In for Inventor 11 - 2014 (Version: 1.12.1 - 3Dconnexion) Hidden
3Dconnexion Add-In for Solid Edge V18 - ST5 (Version: 2.22.1 - 3Dconnexion) Hidden
3Dconnexion Add-In for SolidWorks 2005 - 2013 (Version: 2.23.1 - 3Dconnexion) Hidden
3Dconnexion Add-On for XSI v5.0 - 2014 (Version: 2.11.1 - 3Dconnexion) Hidden
3Dconnexion Collage (x32 Version: 1.3.0 - 3Dconnexion) Hidden
3Dconnexion Extension for SketchUp (x32 Version: 3.1.4 - 3Dconnexion) Hidden
3Dconnexion Plug-In for 3ds Max v9 - 2014 (Version: 5.6.1 - 3Dconnexion) Hidden
3Dconnexion Plug-in for Acrobat 3D (x32 Version: 1.3.0 - 3Dconnexion) Hidden
3Dconnexion Plug-In for Maya v8.5 - 2014 (Version: 4.3.1 - 3Dconnexion) Hidden
3Dconnexion Plug-In for NX v3.0 - v8.5 (Version: 2.13.2 - 3Dconnexion) Hidden
3Dconnexion Plug-In for Photoshop CS3 - CS6 (Version: 2.3.1 - 3Dconnexion) Hidden
3Dconnexion Plug-In for Pro/ENGINEER Wildfire 3.0 - Creo 2.0 (Version: 1.12.2 - 3Dconnexion) Hidden
3Dconnexion Trainer (x32 Version: 3.2.2 - 3Dconnexion) Hidden
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.2.443 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.9.0.1210 - Adobe Systems Incorporated)
Adobe Anchor Service x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe CMaps x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 4 Design Standard (HKLM-x32\...\Adobe_1e3ba55b33b1e8227645fb9c82acca3) (Version: 4.0 - Adobe Systems Incorporated)
Adobe CSI CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Drive CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 10 ActiveX (HKLM-x32\...\{3A6829EF-0791-4FDD-9382-C690DD0821B9}) (Version: 10.0.2.54 - Adobe Systems, Inc.)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Fonts All x64 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe InDesign CS4 Icon Handler x64 (Version: 6.0 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS4 x64 (Version: 4.0.0 - Adobe Systems Incorporated) Hidden
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1 - Adobe Systems Incorporated)
Adobe PDF Library Files x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 (64 Bit) (Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Type Support x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin x64 (Version: 1.1 - Adobe Systems Incorporated) Hidden
ANZ Security Device (HKLM-x32\...\ANZ Security Device) (Version: 6.2.0.1 - ANZ)
Apple Application Support (HKLM-x32\...\{A83279FD-CA4B-4206-9535-90974DE76654}) (Version: 2.1.5 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ares 2.2.6 (HKLM-x32\...\Ares) (Version: 2.2.6-Build#3050 - Seekar Ltd)
Autodesk SketchBookPro 2011 (HKLM-x32\...\{F0B27584-72DD-4CED-A329-57C7F91586C0}) (Version: 5.00.0000 - Autodesk)
Broadcom NetXtreme-I Netlink Driver and Management Installer (HKLM\...\{2E98C5B7-D64C-4D7E-BFC3-A7D078569F28}) (Version: 12.25.02 - Broadcom Corporation)
Brother MFL-Pro Suite MFC-6890CDW (HKLM-x32\...\{F9626826-162E-4EFD-9440-3F3B8317C097}) (Version: 1.0.1.0 - Brother Industries, Ltd.)
Business Series Terminals Desktop Assistant v 1.4 (x32 Version: 1.00.000 - Nortel Networks) Hidden
Calendar Sync V2 (HKLM-x32\...\Calendar Sync V2) (Version:  - )
Canon LBP9100C (HKLM\...\Canon LBP9100C) (Version:  - )
Classic Client 6.2 Patch2 for 64 bits (HKLM\...\{66B35780-9D34-4586-B60A-AEFBFD53976E}) (Version: 6.20.020.001 - Gemalto)
Connect (x32 Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Resource CD (HKLM-x32\...\{42929F0F-CE14-47AF-9FC7-FF297A603021}) (Version: 1.00.0000 - Dell Inc.)
Dropbox (HKU\S-1-5-21-384575526-2649865645-2130750055-1145\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
eSigner 4.0 Corp (HKLM-x32\...\{C96C56FE-03C4-4CE6-AAFF-2642B09BB72B}) (Version: 4.0.7.009 - Gemalto)
FileZilla Client 3.3.4.1 (HKLM-x32\...\FileZilla Client) (Version: 3.3.4.1 - )
GemPcCCID (HKLM\...\{7567A068-2F02-40D1-A34C-16D79ECD35A6}) (Version: 2.0.1 - Gemalto)
Google Apps Migration For Microsoft Outlook® 3.0.19.44 (HKLM\...\{9B832FB8-03F6-4FFB-AA7F-67A733F6BBD7}) (Version: 3.0.19.44 - Google, Inc.)
Google Apps Sync™ for Microsoft Outlook® 3.5.380.1010 (HKLM\...\{AA88BC5C-5507-44B3-80B2-E263A274C1C1}) (Version: 3.5.380.1010 - Google, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.104 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
IDAutomation.com Label Software Pro (HKLM-x32\...\IDAutomation.com Label Software Pro) (Version: 2013 - IDAutomation.com, Inc.)
IDAutomation.com UPCEAN Font Advantage Package DEMO (HKLM-x32\...\IDAutomation.com UPCEAN Font Advantage Package DEMO) (Version:  - )
Image Resizer for Windows (64 bit) (Version: 3.0.4802.35565 - Brice Lambson) Hidden
Image Resizer for Windows (HKLM-x32\...\{69d72156-6582-4556-8637-06f40aa7f85b}) (Version: 3.0.4802.35565 - Brice Lambson)
IP Camera (HKLM-x32\...\IP Camera) (Version:  - )
ISScript (x32 Version: 3.00.185 - InstallShield Software Corp.) Hidden
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217065FF}) (Version: 7.0.650 - Oracle)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
KeyShot 3 SolidWorks Plugin 1.4 (HKLM-x32\...\KeyShot 3 SolidWorks Plugin) (Version: 1.4 - Luxion)
KeyShot Network Rendering 64 bit 4.0 (HKLM\...\KeyShot Network Rendering 64 bit) (Version: 4.0 - Luxion ApS)
kuler (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Linn Download Manager (HKLM-x32\...\com.linnrecords.DownloadManager) (Version: 1.2.1 - Linn Products Ltd)
Linn Download Manager (x32 Version: 1.2.1 - Linn Products Ltd) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
marvell 91xx driver (HKLM-x32\...\MagniDriver) (Version: 1.0.0.1034 - Marvell)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft LifeChat (HKLM\...\{BD198331-FF8A-4DEB-9F30-A0AC56625A3B}) (Version: 1.40.224.0 - Microsoft)
Microsoft Office 2003 Web Components (HKLM-x32\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.6213.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Project Professional 2010 (HKLM\...\Office14.PRJPROR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (HKLM\...\Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Applications - ENU (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Applications - ENU) (Version:  - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 30.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nortel Networks Desktop Assistant v 1.4 (HKLM-x32\...\InstallShield_{71B90506-005A-4F6C-AAAC-AC8F9CEC1F86}) (Version: 1.00.000 - Nortel Networks)
NVIDIA 3D Vision Controller Driver 320.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 320.49 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 320.92 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 320.92 - NVIDIA Corporation)
NVIDIA Graphics Driver 320.92 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 320.92 - NVIDIA Corporation)
NVIDIA nView 140.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 140.75 - NVIDIA Corporation)
NVIDIA WMI 2.12.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVWMI) (Version: 2.12.0 - NVIDIA Corporation)
Openbravo POS (HKLM-x32\...\Openbravo POS 2.30.2) (Version: 2.30.2 - Openbravo)
Optus Mobile Broadband (HKLM-x32\...\Optus Mobile Broadband) (Version: 23.009.05.00.74 - Huawei Technologies Co.,Ltd)
PDF Settings CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Photoshop Camera Raw (x32 Version: 5.0 - Adobe Systems Incorporated) Hidden
Photoshop Camera Raw_x64 (Version: 5.0 - Adobe Systems Incorporated) Hidden
Prezi (HKLM-x32\...\{BD44409B-A691-4B97-B33D-F07E1DE791F3}) (Version: 5.0.12 - Prezi.com)
Quick Pallet Maker (HKLM-x32\...\Quick Pallet Maker) (Version:  - )
QuickTime (HKLM-x32\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)
Roxio Creator DE 10.3 (HKLM-x32\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.3 - Roxio)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{91140000-003B-0000-1000-0000000FF1CE}_Office14.PRJPROR_{DC528101-617D-4E9F-B131-F8F8C52E649B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
SketchUp 2013 (HKLM-x32\...\{B75BC01B-4586-43F8-9349-D250DB98F26F}) (Version: 13.0.4812 - Trimble Navigation Limited)
SketchUp 8 (HKLM-x32\...\{779D8CA1-03DD-4AD4-B21F-3E20BFE7BEDE}) (Version: 3.0.15158 - Trimble Navigation Limited)
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
Snagit 9.1.1 (HKLM-x32\...\{F20A984B-9B30-4A9E-A3AC-918AF0D85A48}) (Version: 9.1.1.261 - TechSmith Corporation)
SolidWorks 2012 x64 Edition SP04 (HKLM-x32\...\SolidWorks Installation Manager 20120-40400-1100-100) (Version: 20.4.0.64 - SolidWorks Corporation)
SolidWorks 2012 x64 Edition SP04 (Version: 20.140.64 - SolidWorks) Hidden
SolidWorks eDrawings 2012 x64 Edition SP04 (Version: 12.4.108 - Dassault Systèmes SolidWorks Corp) Hidden
SolidWorks Explorer 2012 SP04 x64 Edition (Version: 20.40.64 - SolidWorks Corporation) Hidden
SoundMAX (HKLM-x32\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 6.10.2.7250 - Analog Devices)
Suite Shared Configuration CS4 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1018 - SUPERAntiSpyware.com)
TeraCopy 2.27 (HKLM\...\TeraCopy_is1) (Version:  - Code Sector)
URL Helper (HKLM-x32\...\URL Helper_is1) (Version:  - )
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.1w3 - Wacom Technology Corp.)
WebTablet FB Plugin (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.0.0.6 - Wacom Technology Corp.)
WebTablet IE Plugin (HKLM-x32\...\Wacom WebTabletPlugin for IE) (Version: 1.1.0.12 - Wacom Technology Corp.)
WebTablet Netscape Plugin (HKLM-x32\...\Wacom WebTabletPlugin for Netscape) (Version: 1.1.0.10 - Wacom Technology Corp.)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
Winamp Detector Plug-in (HKU\S-1-5-21-384575526-2649865645-2130750055-1145\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
WinPcap 4.1.1 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.1753 - CACE Technologies)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-384575526-2649865645-2130750055-1145_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\benvanderlinde\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-384575526-2649865645-2130750055-1145_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\benvanderlinde\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-384575526-2649865645-2130750055-1145_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\benvanderlinde\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-384575526-2649865645-2130750055-1145_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\benvanderlinde\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-384575526-2649865645-2130750055-1145_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\benvanderlinde\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-384575526-2649865645-2130750055-1145_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\benvanderlinde\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-384575526-2649865645-2130750055-1145_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\benvanderlinde\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-384575526-2649865645-2130750055-1145_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\benvanderlinde\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-384575526-2649865645-2130750055-1145_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\benvanderlinde\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
 
==================== Restore Points  =========================
 
16-12-2014 14:15:51 Windows Update
05-01-2015 08:47:49 Windows Update
06-01-2015 08:31:56 Checkpoint by HitmanPro
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 13:34 - 2014-09-23 10:27 - 00000894 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
192.168.1.253 storage
192.168.1.5 server
 
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {16642CE3-3010-49AE-87D8-0089BA2A8DB8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-02] (Google Inc.)
Task: {3A0F0A69-ADE7-4EFA-A2A9-597505A75A46} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {5C3D5BB1-8654-437F-9123-B2EFF74007BA} - System32\Tasks\3DconnexionCreateProcess_3DxSRV.EXE => C:\Program Files\3Dconnexion\3Dconnexion 3DxSoftware\3DxWare64\3DxSRV.EXE [2013-01-08] (3Dconnexion, INC)
Task: {7706AD12-78BC-4D97-854D-9638BE838580} - System32\Tasks\{6CD9C7BA-A9DB-4AB0-94E2-BF9F759217E1} => pcalua.exe -a "C:\Program Files (x86)\openbravopos-2.30.2\uninstall.exe" -d "C:\Program Files (x86)\openbravopos-2.30.2"
Task: {8C015B76-A2C2-46AC-8E7C-E760D0CA5F99} - System32\Tasks\LifeChatTask => C:\Program Files\Microsoft LifeChat\LifeChat.exe [2009-09-24] (Microsoft Corporation)
Task: {9C485FFD-60CE-40B7-BE04-B243ABFA453B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-11] (Adobe Systems Incorporated)
Task: {A937F655-2A5C-4395-9835-1929A1783047} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {CA9EC497-6753-4DE8-B4E5-801ED90BFCC4} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-384575526-2649865645-2130750055-1614Core => C:\Users\lucaslastman\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-11] (Google Inc.)
Task: {E5BF51FF-7C5B-4049-9FE7-72D35D6D7B60} - System32\Tasks\{B921F5B4-C307-4895-B4F2-40BBF1008284} => pcalua.exe -a E:\setup.exe -d E:\
Task: {F146D130-9041-484E-A0BB-85223754656D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-02] (Google Inc.)
Task: {F16E3085-63B0-4A7A-A9FC-1CC70CEFF9D7} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-384575526-2649865645-2130750055-1614UA => C:\Users\lucaslastman\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-11] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-384575526-2649865645-2130750055-1614Core.job => C:\Users\lucaslastman\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-384575526-2649865645-2130750055-1614UA.job => C:\Users\lucaslastman\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2011-03-15 02:27 - 2011-03-15 02:27 - 00346976 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe
2013-06-26 02:25 - 2013-06-26 02:25 - 00059904 _____ () C:\Program Files\KeyShot4 Network Rendering\keyshot4_network_slave_watchdog.exe
2013-12-06 15:50 - 2012-06-28 13:46 - 00655744 _____ () C:\ProgramData\Optus Mobile Broadband\OnlineUpdate\ouc.exe
2012-07-11 15:22 - 2012-04-18 10:47 - 01184632 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll
2012-09-10 11:48 - 2013-09-21 17:10 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-01-06 08:57 - 2012-06-28 13:45 - 01545088 _____ () C:\ProgramData\Optus Mobile Broadband\OnlineUpdate\LiveUpd.exe
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 16:23 - 2010-10-20 16:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2010-01-03 01:42 - 2010-01-03 01:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2012-07-11 13:59 - 2009-08-16 18:06 - 00166400 _____ () C:\Program Files\WinRAR\rarext.dll
2013-09-02 12:58 - 2011-10-26 18:41 - 00318976 _____ () C:\Program Files\TeraCopy\TeraCopyExt64.dll
2013-09-02 12:58 - 2011-10-26 18:41 - 00126464 _____ () C:\Program Files\TeraCopy\TeraCopy64.dll
2012-09-10 12:04 - 2013-09-21 19:41 - 00518432 _____ () C:\Program Files\NVIDIA Corporation\nview\nvshell.dll
2013-06-26 02:25 - 2013-06-26 02:25 - 01019904 _____ () C:\Program Files\KeyShot4 Network Rendering\keyshot4_network_slave_tray.exe
2013-01-08 15:29 - 2013-01-08 15:29 - 00056832 _____ () C:\Windows\system32\SPWINI.dll
2012-07-02 13:17 - 2012-07-02 13:17 - 00943104 _____ () C:\Program Files (x86)\Gemalto\Classic Client\BIN\RegTool.exe
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf
2013-02-15 03:36 - 2013-02-15 03:36 - 01554496 _____ () C:\Program Files\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
2013-06-26 02:26 - 2013-06-26 02:26 - 00826880 _____ () C:\Program Files\KeyShot4 Network Rendering\keyshot4_network_slave.exe
2013-06-26 02:22 - 2013-06-26 02:22 - 00977920 _____ () C:\Program Files\KeyShot4 Network Rendering\luxrender.so
2013-12-06 15:50 - 2009-01-10 21:32 - 00011362 _____ () C:\ProgramData\Optus Mobile Broadband\OnlineUpdate\mingwm10.dll
2013-12-06 15:50 - 2009-06-23 05:42 - 00043008 _____ () C:\ProgramData\Optus Mobile Broadband\OnlineUpdate\libgcc_s_dw2-1.dll
2013-12-06 15:50 - 2010-07-23 15:58 - 02415104 _____ () C:\ProgramData\Optus Mobile Broadband\OnlineUpdate\QtCore4.dll
2013-12-06 15:50 - 2010-02-11 01:10 - 01148416 _____ () C:\ProgramData\Optus Mobile Broadband\OnlineUpdate\QtNetwork4.dll
2013-12-06 15:50 - 2012-06-28 13:34 - 00843264 _____ () C:\ProgramData\Optus Mobile Broadband\OnlineUpdate\QueryStrategy.dll
2013-12-06 15:50 - 2010-02-11 01:06 - 00398336 _____ () C:\ProgramData\Optus Mobile Broadband\OnlineUpdate\QtXml4.dll
2013-12-06 15:50 - 2010-02-11 01:43 - 09515520 _____ () C:\ProgramData\Optus Mobile Broadband\OnlineUpdate\QtGui4.dll
2014-01-06 08:57 - 2012-06-06 12:21 - 00082944 _____ () C:\ProgramData\Optus Mobile Broadband\OnlineUpdate\plugins\imageformats\qgif4.dll
2014-01-06 08:57 - 2012-06-06 12:21 - 00081920 _____ () C:\ProgramData\Optus Mobile Broadband\OnlineUpdate\plugins\imageformats\qico4.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 16:45 - 2010-10-20 16:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2009-01-22 09:17 - 2009-01-22 09:17 - 04715848 ____R () C:\Program Files (x86)\TechSmith\Snagit 9\PDFNetC.dll
2014-10-22 11:22 - 2014-10-22 11:22 - 00750080 _____ () C:\Users\benvanderlinde\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-01-07 08:35 - 2015-01-07 08:35 - 00043008 _____ () c:\Users\benvanderlinde\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp0hirr2.dll
2014-10-22 11:22 - 2014-10-22 11:22 - 00047616 _____ () C:\Users\benvanderlinde\AppData\Roaming\Dropbox\bin\libEGL.dll
2014-10-22 11:22 - 2014-10-22 11:22 - 00863744 _____ () C:\Users\benvanderlinde\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2014-10-22 11:22 - 2014-10-22 11:22 - 00200704 _____ () C:\Users\benvanderlinde\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2013-11-18 12:21 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2010-08-16 09:08 - 2010-08-16 09:08 - 00094208 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2014-10-09 01:21 - 2014-10-01 16:54 - 01042760 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.101\libglesv2.dll
2014-10-09 01:21 - 2014-10-01 16:54 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.101\libegl.dll
2014-10-09 01:21 - 2014-10-01 16:54 - 08911176 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.101\pdf.dll
2014-10-09 01:21 - 2014-10-01 16:54 - 01681224 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.101\ffmpegsumo.dll
2012-09-23 20:43 - 2012-09-23 20:43 - 00313992 _____ () C:\Program Files (x86)\Adobe\Reader 11.0\Reader\sqlite.dll
2013-09-06 01:04 - 2013-09-06 01:04 - 14588632 _____ () C:\Program Files (x86)\Adobe\Reader 11.0\Reader\NPSWF32.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: RegTool => C:\Program Files (x86)\Gemalto\Classic Client\BIN\RegTool.exe
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-2723083605-2448163746-983768219-500 - Administrator - Disabled)
Demain (S-1-5-21-2723083605-2448163746-983768219-1000 - Administrator - Enabled) => C:\Users\Demain
Guest (S-1-5-21-2723083605-2448163746-983768219-501 - Limited - Disabled)
 
==================== Faulty Device Manager Devices =============
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
 
System errors:
=============
Error: (01/06/2015 05:05:03 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: NT AUTHORITY)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
 
Error: (01/06/2015 05:05:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Optus Mobile Broadband. OUC service failed to start due to the following error: 
%%1053
 
Error: (01/06/2015 05:05:02 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Optus Mobile Broadband. OUC service to connect.
 
Error: (01/06/2015 05:05:01 PM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain DEMAININTERNATI due to the following: 
%%1311
 
This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.
 
 
 
ADDITIONAL INFO
 
If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.
 
Error: (01/06/2015 01:05:31 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1055) (User: NT AUTHORITY)
Description: The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following: 
a) Name Resolution failure on the current domain controller. 
B) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
 
Error: (01/06/2015 11:32:12 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1055) (User: NT AUTHORITY)
Description: The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following: 
a) Name Resolution failure on the current domain controller. 
B) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
 
Error: (01/06/2015 11:31:07 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: NT AUTHORITY)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
 
Error: (01/06/2015 11:31:06 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Optus Mobile Broadband. OUC service failed to start due to the following error: 
%%1053
 
Error: (01/06/2015 11:31:06 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Optus Mobile Broadband. OUC service to connect.
 
Error: (01/06/2015 11:31:05 AM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain DEMAININTERNATI due to the following: 
%%1311
 
This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.
 
 
 
ADDITIONAL INFO
 
If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.
 
 
Microsoft Office Sessions:
=========================
 
==================== Memory info =========================== 
 
Processor: Intel® Xeon® CPU E5540 @ 2.53GHz
Percentage of memory in use: 32%
Total physical RAM: 12285.55 MB
Available physical RAM: 8283.35 MB
Total Pagefile: 36283.73 MB
Available Pagefile: 31396.09 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:223.47 GB) (Free:36.58 GB) NTFS
Drive d: (DATAPART1) (Fixed) (Total:232.81 GB) (Free:86.4 GB) NTFS
Drive i: (MAGICSING) (Removable) (Total:1.86 GB) (Free:1.43 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.8 GB) (Disk ID: 1A052F10)
Partition 1: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 223.6 GB) (Disk ID: CB85EF3C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=223.5 GB) - (Type=07 NTFS)
 
========================================================
Disk: 3 (Size: 1.9 GB) (Disk ID: 00000000)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================
 
- Ben

Edited by bvdl75, 07 January 2015 - 06:37 PM.


#4 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,045 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:00 PM

Posted 08 January 2015 - 10:49 AM

Hey Ben,
 

(question if you have time to answer is why does the run location make a difference? - Just curios to understand the procedure we are going through)

1. It will easier for you to locate it.
2. It may be easier for Delfix to delete FRST some time later.

Step 1: Adwarecleaner

Please download AdwCleaner (by Xplode) from the link below and save it to your Desktop:

Download Mirror #1
  • Right-click on AdwCleaner.exe and select Run as administrator. (If you have Windows XP the just run it)
  • Click Scan and let the scan run.
  • When it finishes, click Clean, following the on screen prompts
  • After your computer reboots, a log will open. Please Copy (Ctrl+C) and Paste (Ctrl+V) this into your next post.
Note: The log can also be found in here: C:\AdwCleaner\

Step 2: Malwarebytes

Please download Malwarebytes Anti-Malware to your desktop Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings.JPG

Go back to the Dashboard and select Scan Now

MBAMScan.JPG

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot.JPG

MBAMLog.JPG

On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop
Attach/Post that log

Step 3: Junkware Removal Tool

thisisujrt.gif  Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 4: FRST Scan
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

Edited by Machiavelli, 08 January 2015 - 10:49 AM.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#5 bvdl75

bvdl75
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:07:00 AM

Posted 08 January 2015 - 08:36 PM

Thanks

AWD Cleaner first

 

# AdwCleaner v4.106 - Report created 09/01/2015 at 12:31:19
# Updated 21/12/2014 by Xplode
# Database : 2015-01-03.1 [Live]
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : benvanderlinde - CAD-9
# Running from : C:\Users\benvanderlinde\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16599
 
 
-\\ Mozilla Firefox v30.0 (en-US)
 
 
-\\ Google Chrome v38.0.2125.104
 
 
*************************
 
AdwCleaner[R0].txt - [4600 octets] - [12/12/2014 12:10:56]
AdwCleaner[R1].txt - [1098 octets] - [15/12/2014 12:26:57]
AdwCleaner[R2].txt - [1010 octets] - [15/12/2014 12:43:47]
AdwCleaner[R3].txt - [2053 octets] - [06/01/2015 10:30:51]
AdwCleaner[R4].txt - [2113 octets] - [06/01/2015 11:12:22]
AdwCleaner[R5].txt - [1339 octets] - [06/01/2015 17:02:49]
AdwCleaner[R6].txt - [1460 octets] - [07/01/2015 14:11:48]
AdwCleaner[R7].txt - [1520 octets] - [09/01/2015 12:30:03]
AdwCleaner[S0].txt - [4553 octets] - [12/12/2014 12:12:35]
AdwCleaner[S1].txt - [1162 octets] - [15/12/2014 12:36:42]
AdwCleaner[S2].txt - [1071 octets] - [15/12/2014 12:44:52]
AdwCleaner[S3].txt - [2190 octets] - [06/01/2015 11:29:54]
AdwCleaner[S4].txt - [1401 octets] - [06/01/2015 17:04:05]
AdwCleaner[S5].txt - [1441 octets] - [09/01/2015 12:31:19]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S5].txt - [1501 octets] ##########


#6 bvdl75

bvdl75
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:07:00 AM

Posted 08 January 2015 - 09:38 PM

Malware bytes

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 9/01/2015
Scan Time: 12:37:05 PM
Logfile: 
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2015.01.08.18
Rootkit Database: v2015.01.07.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: benvanderlinde
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 481990
Time Elapsed: 8 min, 32 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#7 bvdl75

bvdl75
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:07:00 AM

Posted 08 January 2015 - 09:47 PM

JRT

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Professional x64
Ran by benvanderlinde on Fri 09/01/2015 at 13:42:23.59
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 09/01/2015 at 13:45:02.26
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#8 bvdl75

bvdl75
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:07:00 AM

Posted 08 January 2015 - 09:54 PM

FRST log

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-01-2015
Ran by benvanderlinde (administrator) on CAD-9 on 09-01-2015 13:51:22
Running from C:\Users\benvanderlinde\Desktop
Loaded Profile: benvanderlinde (Available profiles: Demain & benvanderlinde & Administrator)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvwmi64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchService.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Gemalto) C:\Program Files (x86)\Gemalto\Classic Client\BIN\GslShmSrvc.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
() C:\Program Files\KeyShot4 Network Rendering\keyshot4_network_slave_watchdog.exe
() C:\ProgramData\Optus Mobile Broadband\OnlineUpdate\ouc.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
() C:\ProgramData\Optus Mobile Broadband\OnlineUpdate\LiveUpd.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvwmi64.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(CANON INC.) C:\Windows\System32\spool\drivers\x64\3\CNAP2LAK.EXE
(Microsoft Corporation) C:\Program Files\Microsoft LifeChat\LifeChat.exe
() C:\Program Files\KeyShot4 Network Rendering\keyshot4_network_slave_tray.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(CANON INC.) C:\Windows\System32\spool\drivers\x64\3\CNACASWK.EXE
(CANON INC.) C:\Windows\System32\spool\drivers\x64\3\CNACASWK.EXE
(CANON INC.) C:\Windows\System32\spool\drivers\x64\3\CNACASWK.EXE
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 9\Snagit32.exe
(Dassault Systèmes SolidWorks Corp.) C:\Program Files (x86)\Common Files\SolidWorks Installation Manager\BackgroundDownloading\sldBgDwld.exe
(Analog Devices, Inc.) C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 9\TscHelp.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe
(Dropbox, Inc.) C:\Users\benvanderlinde\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 9\SnagPriv.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 9\SnagitEditor.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Farbar) C:\Users\benvanderlinde\Desktop\FRST64 (1).exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
(Farbar) C:\Users\benvanderlinde\Desktop\FRST64 (1).exe
() C:\Program Files\KeyShot4 Network Rendering\keyshot4_network_slave.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [CNAP2 Launcher] => C:\Windows\system32\spool\DRIVERS\x64\3\CNAP2LAK.EXE [226784 2010-10-15] (CANON INC.)
HKLM\...\Run: [LifeChat] => C:\Program Files\Microsoft LifeChat\LifeChat.exe [371712 2009-09-24] (Microsoft Corporation)
HKLM\...\Run: [Keyshot 4 Network SlaveTray] => C:\Program Files\KeyShot4 Network Rendering\keyshot4_network_slave_tray
HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2747680 2013-09-21] ()
HKLM-x32\...\Run: [SoundMAXPnP] => C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [1314816 2009-04-23] (Analog Devices, Inc.)
HKLM-x32\...\Run: [AdobeCS4ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712 2008-08-14] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [37232 2008-06-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [640376 2008-06-11] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Adobe_ID0ENQBO] => C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe [378224 2008-08-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [RegTool] => C:\Program Files (x86)\Gemalto\Classic Client\BIN\RegTool.exe [943104 2012-07-02] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM\...\Policies\Explorer: [NoWelcomeScreen] 1
HKU\S-1-5-21-384575526-2649865645-2130750055-1145\...\Run: [CNAP2 Launcher] => C:\Windows\system32\spool\DRIVERS\x64\3\CNAP2LAK.EXE [226784 2010-10-15] (CANON INC.)
HKU\S-1-5-21-384575526-2649865645-2130750055-1145\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7780120 2015-01-06] (SUPERAntiSpyware)
HKU\S-1-5-21-384575526-2649865645-2130750055-1145\...\Run: [GoogleDriveSync] => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
HKU\S-1-5-21-384575526-2649865645-2130750055-1145\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22065760 2014-10-01] (Skype Technologies S.A.)
HKU\S-1-5-21-384575526-2649865645-2130750055-1145\...\RunOnce: [Application Restart #3] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [854344 2014-10-01] (Google Inc.)
HKU\S-1-5-21-384575526-2649865645-2130750055-1145\...\MountPoints2: {36b8eb22-5e14-11e3-9eea-00256499a17a} - J:\AutoRun.exe
HKU\S-1-5-21-384575526-2649865645-2130750055-1145\...\MountPoints2: {36b8eb30-5e14-11e3-9eea-00256499a17a} - F:\AutoRun.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snagit 9.lnk
ShortcutTarget: Snagit 9.lnk -> C:\Program Files (x86)\TechSmith\Snagit 9\Snagit32.exe (TechSmith Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SolidWorks Background Downloader.lnk
ShortcutTarget: SolidWorks Background Downloader.lnk -> C:\Program Files (x86)\Common Files\SolidWorks Installation Manager\BackgroundDownloading\sldBgDwld.exe (Dassault Systèmes SolidWorks Corp.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start 3DxWare.lnk
ShortcutTarget: Start 3DxWare.lnk -> C:\Program Files\3Dconnexion\3Dconnexion 3DxSoftware\3DxWare64\3dxsrv.exe (3Dconnexion, INC)
Startup: C:\Users\benvanderlinde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\benvanderlinde\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\benvanderlinde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-384575526-2649865645-2130750055-1145\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/en-au/?ocid=iehp
HKU\S-1-5-21-384575526-2649865645-2130750055-1145\Software\Microsoft\Internet Explorer\Main,Start Page = 
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\Snagit 9\DLLx64\SnagitBHO64.dll (TechSmith Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\Snagit 9\SnagitBHO.dll (TechSmith Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitIEAddin.dll (TechSmith Corporation)
Toolbar: HKU\S-1-5-21-384575526-2649865645-2130750055-1145 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {1ABA5FAC-1417-422B-BA82-45C35E2C908B} http://kitchenplanner.ikea.com/au/Core/Player/2020PlayerAX_IKEA_Win32.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.5 192.168.1.1
Tcpip\..\Interfaces\{7790CD42-5136-4754-8FAD-5E4EDA3E0F3B}: [NameServer] 198.142.0.51 211.29.132.12
Tcpip\..\Interfaces\{B3465B0D-177C-4651-B5E8-0811A284C738}: [NameServer] 192.168.1.5,192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\benvanderlinde\AppData\Roaming\Mozilla\Firefox\Profiles\tt2s1xv8.default
FF Plugin: @3ds.com/3dxml -> C:\Program Files\Dassault Systemes\3D XML Player\win_b64\code\bin\NP3DXMLPlugin.dll ()
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @3ds.com/3dxml -> C:\Program Files\Dassault Systemes\3D XML Player\win_b64\code\bin32\NP3DXMLPlugin.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nullsoft.com/winampDetector;version=1 -> C:\Program Files (x86)\Winamp Detect\npwachk.dll (Nullsoft, Inc.)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.10 -> C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.0.0.6 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Screengrab  (fix version) - C:\Users\benvanderlinde\AppData\Roaming\Mozilla\Firefox\Profiles\tt2s1xv8.default\Extensions\{02450914-cdd9-410f-b1da-db004e18c671}.xpi [2014-09-23]
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\benvanderlinde\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\benvanderlinde\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-02]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\benvanderlinde\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-06]
CHR Extension: (YouTube) - C:\Users\benvanderlinde\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-02]
CHR Extension: (Google Search) - C:\Users\benvanderlinde\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-02]
CHR Extension: (Google Wallet) - C:\Users\benvanderlinde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-02]
CHR Extension: (Gmail) - C:\Users\benvanderlinde\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-02]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-09-08] (SUPERAntiSpyware.com)
S3 Adobe Version Cue CS4; C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [284016 2008-08-15] (Adobe Systems Incorporated)
R2 GslShmSrvc; C:\Program Files (x86)\Gemalto\Classic Client\BIN\GslShmSrvc.exe [85504 2011-05-12] (Gemalto) [File not signed]
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-15] ()
R2 KeyShot4 Render Slave; C:\Program Files\KeyShot4 Network Rendering\keyshot4_network_slave_watchdog.exe [59904 2013-06-26] () [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 NVWMI; C:\Windows\system32\nvwmi64.exe [1248544 2013-09-21] (NVIDIA Corporation)
S2 Optus Mobile Broadband. RunOuc; C:\Program Files (x86)\Optus Mobile Broadband\UpdateDog\ouc.exe [655744 2012-06-28] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2009-10-21] (CACE Technologies, Inc.)
S3 SolidWorks Licensing Service; C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2012-07-11] (SolidWorks) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 GemCCID; C:\Windows\System32\DRIVERS\GemCCID.sys [119680 2009-08-10] (Gemalto)
S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [238080 2012-06-06] (Huawei Technologies Co., Ltd.)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-09] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [47632 2009-10-21] (CACE Technologies, Inc.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-23] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2099-08-18 11:58 - 2014-04-29 11:31 - 00000000 ____D () C:\Users\benvanderlinde\Documents\ben
2099-08-17 15:55 - 2013-09-02 15:55 - 00000000 ____D () C:\products (Cad-5)
2099-08-08 11:13 - 2014-12-16 14:02 - 00000000 ____D () C:\Users\benvanderlinde\Documents\Demain
2099-08-08 11:13 - 2013-09-02 15:37 - 00000000 ____D () C:\Users\benvanderlinde\Documents\Snag It! 9
2015-01-09 13:45 - 2015-01-09 13:45 - 00000642 _____ () C:\Users\benvanderlinde\Desktop\JRT.txt
2015-01-09 13:42 - 2015-01-09 13:42 - 00000000 ____D () C:\Windows\ERUNT
2015-01-09 13:36 - 2015-01-09 13:36 - 01707939 _____ (Thisisu) C:\Users\benvanderlinde\Desktop\JRT.exe
2015-01-09 12:34 - 2015-01-09 12:34 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\benvanderlinde\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-09 12:29 - 2015-01-09 12:29 - 02191360 _____ () C:\Users\benvanderlinde\Downloads\AdwCleaner.exe
2015-01-08 10:28 - 2015-01-09 13:51 - 00020388 _____ () C:\Users\benvanderlinde\Desktop\FRST.txt
2015-01-08 10:28 - 2015-01-08 10:34 - 00034426 _____ () C:\Users\benvanderlinde\Desktop\Addition.txt
2015-01-08 10:08 - 2015-01-08 10:08 - 02124288 _____ (Farbar) C:\Users\benvanderlinde\Desktop\FRST64 (1).exe
2015-01-07 17:35 - 2015-01-07 17:40 - 00710685 ____H () C:\Users\benvanderlinde\Documents\~WRL1157.tmp
2015-01-07 14:41 - 2015-01-07 14:41 - 00000000 ____D () C:\Users\benvanderlinde\Desktop\Bleeping
2015-01-07 14:40 - 2015-01-07 14:40 - 00025636 _____ () C:\Users\benvanderlinde\Desktop\dds.txt
2015-01-07 14:40 - 2015-01-07 14:40 - 00013272 _____ () C:\Users\benvanderlinde\Desktop\attach.txt
2015-01-07 14:34 - 2015-01-07 14:35 - 00688992 ____R (Swearware) C:\Users\benvanderlinde\Downloads\dds.com
2015-01-07 14:25 - 2015-01-07 14:25 - 00165376 _____ () C:\Users\benvanderlinde\Downloads\SystemLook_x64.exe
2015-01-07 14:24 - 2015-01-07 14:24 - 00380416 _____ () C:\Users\benvanderlinde\Downloads\dfv7ddi3.exe
2015-01-07 14:23 - 2014-12-12 00:46 - 04187592 _____ (Kaspersky Lab ZAO) C:\Users\benvanderlinde\Desktop\TDSSKiller.exe
2015-01-07 14:19 - 2015-01-07 14:19 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\benvanderlinde\Downloads\revosetup.exe
2015-01-07 14:18 - 2015-01-07 14:18 - 04166770 _____ () C:\Users\benvanderlinde\Downloads\tdsskiller.zip
2015-01-07 14:17 - 2015-01-08 10:18 - 00034186 _____ () C:\Users\benvanderlinde\Downloads\Addition.txt
2015-01-07 14:16 - 2015-01-09 13:51 - 00000000 ____D () C:\FRST
2015-01-07 14:16 - 2015-01-08 10:18 - 00040096 _____ () C:\Users\benvanderlinde\Downloads\FRST.txt
2015-01-07 14:16 - 2015-01-07 14:16 - 02123776 _____ (Farbar) C:\Users\benvanderlinde\Downloads\FRST64.exe
2015-01-06 10:29 - 2015-01-06 10:30 - 02173952 _____ () C:\Users\benvanderlinde\Desktop\AdwCleaner.exe
2015-01-05 16:55 - 2015-01-06 08:37 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-01-05 08:47 - 2015-01-05 08:47 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2014-12-17 09:59 - 2014-12-17 09:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-12-17 09:58 - 2014-12-17 09:59 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-12-16 10:56 - 2014-10-15 09:43 - 06468614 _____ () C:\Users\benvanderlinde\Desktop\b046-5001_03_asm.stp
2014-12-12 12:10 - 2015-01-09 12:31 - 00000000 ____D () C:\AdwCleaner
2014-12-12 12:10 - 2014-12-12 12:10 - 02166272 _____ () C:\AdwCleaner.exe
2014-12-12 09:05 - 2014-12-12 09:05 - 00000000 ____D () C:\Users\benvanderlinde\Desktop\New folder
2014-12-11 15:39 - 2015-01-09 12:36 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-11 14:05 - 2015-01-09 13:14 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-11 14:05 - 2014-12-11 14:05 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-11 14:05 - 2014-12-11 14:05 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-11 14:05 - 2014-12-11 14:05 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-11 14:05 - 2014-12-11 14:05 - 00000000 ____D () C:\Windows\system32\Macromed
2014-12-11 12:49 - 2014-12-11 12:49 - 00000000 ____D () C:\Users\benvanderlinde\AppData\Roaming\com.adobe.amp
2014-12-11 12:46 - 2014-12-11 15:48 - 00000000 ____D () C:\Users\benvanderlinde\.android
2014-12-11 03:22 - 2014-12-11 03:22 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-11 03:01 - 2014-10-18 13:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-11 03:01 - 2014-10-18 12:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-10 16:36 - 2014-12-04 13:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-10 16:36 - 2014-12-04 13:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-10 16:36 - 2014-12-04 13:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-10 16:36 - 2014-12-04 13:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-10 16:36 - 2014-12-04 13:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-10 16:36 - 2014-12-04 13:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-10 16:36 - 2014-12-04 13:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-10 16:36 - 2014-12-02 10:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-10 16:36 - 2014-11-25 09:12 - 17874432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-10 16:36 - 2014-11-25 08:59 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-12-10 16:36 - 2014-11-25 08:54 - 10921984 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-10 16:36 - 2014-11-25 08:53 - 02339840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-10 16:36 - 2014-11-25 08:47 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-10 16:36 - 2014-11-25 08:47 - 01388032 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-10 16:36 - 2014-11-25 08:45 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-10 16:36 - 2014-11-25 08:45 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-12-10 16:36 - 2014-11-25 08:45 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-10 16:36 - 2014-11-25 08:44 - 02157056 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-10 16:36 - 2014-11-25 08:44 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-12-10 16:36 - 2014-11-25 08:44 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-10 16:36 - 2014-11-25 08:44 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-10 16:36 - 2014-11-25 08:44 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-10 16:36 - 2014-11-25 08:44 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-10 16:36 - 2014-11-25 08:44 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-10 16:36 - 2014-11-25 08:44 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-12-10 16:36 - 2014-11-25 08:44 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-12-10 16:36 - 2014-11-25 08:43 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-10 16:36 - 2014-11-25 08:43 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-10 16:36 - 2014-11-25 08:43 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-12-10 16:36 - 2014-11-25 08:42 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-10 16:36 - 2014-11-25 07:44 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-12-10 16:36 - 2014-11-25 07:41 - 12369920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-10 16:36 - 2014-11-25 07:40 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-10 16:36 - 2014-11-25 07:37 - 09740800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-10 16:36 - 2014-11-25 07:35 - 01139712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-10 16:36 - 2014-11-25 07:35 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-10 16:36 - 2014-11-25 07:34 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-10 16:36 - 2014-11-25 07:34 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-12-10 16:36 - 2014-11-25 07:33 - 01802752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-10 16:36 - 2014-11-25 07:33 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-12-10 16:36 - 2014-11-25 07:33 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-10 16:36 - 2014-11-25 07:33 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-10 16:36 - 2014-11-25 07:33 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-10 16:36 - 2014-11-25 07:33 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-10 16:36 - 2014-11-25 07:33 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-12-10 16:36 - 2014-11-25 07:32 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-10 16:36 - 2014-11-25 07:32 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-10 16:36 - 2014-11-25 07:32 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-10 16:36 - 2014-11-25 07:32 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-10 16:36 - 2014-11-25 07:32 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-10 16:36 - 2014-11-25 07:32 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-12-10 16:36 - 2014-11-25 07:32 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-12-10 16:36 - 2014-11-11 14:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-10 16:36 - 2014-11-11 13:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-10 16:36 - 2014-11-11 12:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-10 16:35 - 2014-11-08 14:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-10 16:35 - 2014-11-08 13:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-10 16:35 - 2014-10-30 13:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-10 16:35 - 2014-10-30 12:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-10 16:35 - 2014-10-03 13:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-10 16:35 - 2014-10-03 13:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-10 16:35 - 2014-10-03 13:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-10 16:35 - 2014-10-03 13:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-10 16:35 - 2014-10-03 13:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-10 16:35 - 2014-10-03 12:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-10 16:35 - 2014-10-03 12:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-10 16:35 - 2014-10-03 12:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-10 16:35 - 2014-10-03 12:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-10 16:35 - 2014-10-03 12:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2014-12-10 09:21 - 2014-12-10 09:21 - 00000000 ____D () C:\Users\benvanderlinde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gemalto
2014-12-10 09:20 - 2014-12-10 09:20 - 00023680 _____ () C:\Users\benvanderlinde\installer_debug.txt
2014-12-10 09:20 - 2014-12-10 09:20 - 00000000 ____D () C:\Windows\SysWOW64\gpccard
2014-12-10 09:20 - 2014-12-10 09:20 - 00000000 ____D () C:\Program Files\Gemalto
2014-12-10 09:17 - 2014-12-10 09:17 - 00000000 ___HD () C:\Users\benvanderlinde\InstallAnywhere
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-09 13:51 - 2013-07-18 18:20 - 00000000 ____D () C:\Users\Public\Documents\KeyShot 4 Network Resources
2015-01-09 13:50 - 2012-10-17 17:13 - 00000419 _____ () C:\Windows\BRWMARK.INI
2015-01-09 13:50 - 2012-10-17 17:13 - 00000027 _____ () C:\Windows\BRPP2KA.INI
2015-01-09 13:41 - 2013-09-02 17:19 - 00000000 ____D () C:\Users\benvanderlinde\AppData\Roaming\Skype
2015-01-09 13:24 - 2013-09-02 12:37 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-09 12:57 - 2012-07-11 13:28 - 00000936 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-384575526-2649865645-2130750055-1614UA.job
2015-01-09 12:39 - 2009-07-14 15:45 - 00025616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-09 12:39 - 2009-07-14 15:45 - 00025616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-09 12:36 - 2014-06-30 14:57 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-09 12:36 - 2014-06-30 14:34 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-09 12:36 - 2009-07-14 16:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-09 12:35 - 2012-07-11 11:52 - 01130840 _____ () C:\Windows\WindowsUpdate.log
2015-01-09 12:33 - 2014-09-03 17:06 - 00000000 ___RD () C:\Users\benvanderlinde\Dropbox
2015-01-09 12:33 - 2014-09-03 16:56 - 00000000 ____D () C:\Users\benvanderlinde\AppData\Roaming\Dropbox
2015-01-09 12:32 - 2014-01-31 09:34 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-01-09 12:32 - 2013-09-02 12:37 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-09 12:32 - 2012-09-10 12:04 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-09 12:32 - 2012-07-11 15:26 - 00200094 _____ () C:\Windows\PFRO.log
2015-01-09 12:32 - 2012-07-11 12:53 - 00000168 _____ () C:\Windows\system32\config\netlogon.ftl
2015-01-09 12:32 - 2009-07-14 16:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-09 12:32 - 2009-07-14 15:51 - 00077528 _____ () C:\Windows\setupact.log
2015-01-09 12:29 - 2009-10-14 16:49 - 00000000 ____D () C:\Users\benvanderlinde\Documents\outlook
2015-01-09 09:45 - 2013-09-02 12:15 - 00000000 ____D () C:\Users\benvanderlinde\AppData\Roaming\SolidWorks
2015-01-09 07:58 - 2012-07-11 13:28 - 00000884 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-384575526-2649865645-2130750055-1614Core.job
2015-01-06 09:17 - 2014-01-17 12:23 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-06 09:16 - 2014-07-22 11:11 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-01-06 09:16 - 2014-07-22 11:11 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-06 09:10 - 2013-02-12 16:41 - 00000000 ____D () C:\wamp
2014-12-31 22:14 - 2012-07-11 12:09 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-12-17 09:58 - 2012-07-11 14:04 - 00000000 ____D () C:\ProgramData\Skype
2014-12-17 09:44 - 2009-07-14 16:32 - 00000000 ____D () C:\Windows\Performance
2014-12-16 12:18 - 2013-09-18 14:15 - 00000000 ____D () C:\Users\benvanderlinde\AppData\Local\TempSWBackupDirectory
2014-12-15 11:29 - 2014-02-26 16:46 - 00448512 _____ () C:\Users\benvanderlinde\Desktop\20130904 Demain Patent portfolio May 2013 (Repaired).xls
2014-12-15 09:09 - 2014-09-03 16:58 - 00000000 ____D () C:\Users\benvanderlinde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-12-11 15:49 - 2009-07-14 14:20 - 00000000 ____D () C:\Windows\Resources
2014-12-11 15:35 - 2013-09-02 12:15 - 00000000 ____D () C:\Users\benvanderlinde\AppData\Local\Adobe
2014-12-11 12:46 - 2013-09-02 12:14 - 00000000 ____D () C:\Users\benvanderlinde
2014-12-11 10:16 - 2014-04-15 14:22 - 00000000 ____D () C:\Users\benvanderlinde\AppData\Roaming\vlc
2014-12-11 03:48 - 2009-07-14 14:20 - 00000000 ____D () C:\Windows\rescache
2014-12-11 03:22 - 2014-05-07 04:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-11 03:22 - 2009-07-14 14:20 - 00000000 ____D () C:\Windows\AppCompat
2014-12-11 03:06 - 2013-08-19 16:13 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-11 03:03 - 2012-07-11 16:52 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-11 03:03 - 2012-07-11 14:38 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-10 09:26 - 2013-11-01 18:30 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-10 09:21 - 2013-09-04 11:54 - 00000000 ____D () C:\Program Files (x86)\Gemalto
2014-12-10 09:20 - 2013-09-04 11:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gemalto
 
Some content of TEMP:
====================
C:\Users\benvanderlinde\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphp2jvd.dll
C:\Users\benvanderlinde\AppData\Local\Temp\Quarantine.exe
C:\Users\benvanderlinde\AppData\Local\Temp\SkypeSetup.exe
C:\Users\benvanderlinde\AppData\Local\Temp\sqlite3.dll
C:\Users\lucaslastman\AppData\Local\Temp\FP_AX_MSI_INSTALLER.exe
C:\Users\lucaslastman\AppData\Local\Temp\FP_PL_MSI_INSTALLER.exe
C:\Users\lucaslastman\AppData\Local\Temp\LMkRstPt.exe
C:\Users\lucaslastman\AppData\Local\Temp\SkypeSetup.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-05 09:58
 
==================== End Of Log ============================


#9 bvdl75

bvdl75
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:07:00 AM

Posted 08 January 2015 - 09:59 PM

While trying to post to this forum the problem re occurred so I grabbed a screen shot for you, see attachment.

Attached Files

  • Attached File  1.png   319.88KB   0 downloads


#10 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,045 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:00 PM

Posted 09 January 2015 - 08:17 AM

Hey,
please reinstall Chrome. :)

Step 1: FRST Fix
  • Please open Notepad.exe. Make sure that you don't use any other software than Notepad.exe!
  • Copy and Paste the content of the codebox below into the empty textfile:

    HKLM-x32\...\Run: [] => [X]
    HKU\S-1-5-21-384575526-2649865645-2130750055-1145\...\MountPoints2: {36b8eb22-5e14-11e3-9eea-00256499a17a} - J:\AutoRun.exe
    HKU\S-1-5-21-384575526-2649865645-2130750055-1145\...\MountPoints2: {36b8eb30-5e14-11e3-9eea-00256499a17a} - F:\AutoRun.exe
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    Toolbar: HKU\S-1-5-21-384575526-2649865645-2130750055-1145 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    EmptyTemp:
  • Then click on File >> Save as
    • File Name: Fixlist.txt
    • From the Save as type drop down list, choose All Files
  • It is very important that you save this textfile on your Desktop!
Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Run FRST.exe/FRST64.exe (Note: If FRST advises there is a new updated version to be downloaded, allow this.)and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply
Step 2: FRST Scan
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.
Step 3: ESET

Please run a free online scan with the ESET Online Scanner:

IMPORTANT: You MUST use Internet Explorer for this step!
  • Visit the ESET Online Scanner Web Page
  • Select the blue Run ESET Online Scanner button:
    ESET1_zps23a5e840.png
  • Tick the box next to YES, I accept the Terms of Use and click Start
    ESET_EULA2_zps9451f1c3.png
  • When asked, allow the ActiveX control to install.
  • Select Enable detection of potentially unwanted applications and select Advanced Settings:
    ESET2_zpsc701c045.png
  • Make sure to check the options Remove found threats and Enable Anti-Stealth technology are checked:
    ESET4_zps0afafd0d.png
  • Click Start. (This scan can take several hours, so please be patient):
    ESET3_zpsccd1657d.png
  • Once the scan is completed, select List of found threats:
    ESET5_zpsd27be299.png
  • Select Export to text file... and save the file as ESETlog.txt on your Desktop:
    ESET6_zpsc17d154e.png
  • Click the Back button.
  • Click the Finish button:
    ESET9_zps51587217.png
  • Use Notepad to open the saved log file (on your Desktop- ESET.txt)[/b]
  • Copy and paste that log as a reply to this topic.
Step 4: Question

How is your PC running?

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#11 bvdl75

bvdl75
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:07:00 AM

Posted 11 January 2015 - 06:56 PM

Thanks

Fixlog

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-01-2015
Ran by benvanderlinde at 2015-01-12 10:46:41 Run:1
Running from C:\Users\benvanderlinde\Desktop
Loaded Profile: benvanderlinde (Available profiles: Demain & benvanderlinde & Administrator)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-384575526-2649865645-2130750055-1145\...\MountPoints2: {36b8eb22-5e14-11e3-9eea-00256499a17a} - J:\AutoRun.exe
HKU\S-1-5-21-384575526-2649865645-2130750055-1145\...\MountPoints2: {36b8eb30-5e14-11e3-9eea-00256499a17a} - F:\AutoRun.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Toolbar: HKU\S-1-5-21-384575526-2649865645-2130750055-1145 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
EmptyTemp:
*****************
 
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
"HKU\S-1-5-21-384575526-2649865645-2130750055-1145\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{36b8eb22-5e14-11e3-9eea-00256499a17a}" => Key deleted successfully.
HKCR\CLSID\{36b8eb22-5e14-11e3-9eea-00256499a17a} => Key not found. 
"HKU\S-1-5-21-384575526-2649865645-2130750055-1145\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{36b8eb30-5e14-11e3-9eea-00256499a17a}" => Key deleted successfully.
HKCR\CLSID\{36b8eb30-5e14-11e3-9eea-00256499a17a} => Key not found. 
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-21-384575526-2649865645-2130750055-1145\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value deleted successfully.
HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => Key not found. 
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
EmptyTemp: => Removed 4.2 GB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 10:47:09 ====


#12 bvdl75

bvdl75
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:07:00 AM

Posted 11 January 2015 - 06:57 PM

FRST Log

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-01-2015
Ran by benvanderlinde (administrator) on CAD-9 on 12-01-2015 10:55:06
Running from C:\Users\benvanderlinde\Desktop
Loaded Profile: benvanderlinde (Available profiles: Demain & benvanderlinde & Administrator)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvwmi64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchService.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Gemalto) C:\Program Files (x86)\Gemalto\Classic Client\BIN\GslShmSrvc.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
() C:\Program Files\KeyShot4 Network Rendering\keyshot4_network_slave_watchdog.exe
() C:\ProgramData\Optus Mobile Broadband\OnlineUpdate\ouc.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
() C:\ProgramData\Optus Mobile Broadband\OnlineUpdate\LiveUpd.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvwmi64.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(CANON INC.) C:\Windows\System32\spool\drivers\x64\3\CNAP2LAK.EXE
(Microsoft Corporation) C:\Program Files\Microsoft LifeChat\LifeChat.exe
() C:\Program Files\KeyShot4 Network Rendering\keyshot4_network_slave_tray.exe
(CANON INC.) C:\Windows\System32\spool\drivers\x64\3\CNACASWK.EXE
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(CANON INC.) C:\Windows\System32\spool\drivers\x64\3\CNACASWK.EXE
(CANON INC.) C:\Windows\System32\spool\drivers\x64\3\CNACASWK.EXE
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 9\Snagit32.exe
(Dassault Systèmes SolidWorks Corp.) C:\Program Files (x86)\Common Files\SolidWorks Installation Manager\BackgroundDownloading\sldBgDwld.exe
(3Dconnexion, INC) C:\Program Files\3Dconnexion\3Dconnexion 3DxSoftware\3DxWare64\3dxsrv.exe
(Dropbox, Inc.) C:\Users\benvanderlinde\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Analog Devices, Inc.) C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
() C:\Program Files (x86)\Gemalto\Classic Client\BIN\RegTool.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 9\TscHelp.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 9\SnagPriv.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 9\SnagitEditor.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\benvanderlinde\Desktop\FRST64 (1).exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [CNAP2 Launcher] => C:\Windows\system32\spool\DRIVERS\x64\3\CNAP2LAK.EXE [226784 2010-10-15] (CANON INC.)
HKLM\...\Run: [LifeChat] => C:\Program Files\Microsoft LifeChat\LifeChat.exe [371712 2009-09-24] (Microsoft Corporation)
HKLM\...\Run: [Keyshot 4 Network SlaveTray] => C:\Program Files\KeyShot4 Network Rendering\keyshot4_network_slave_tray
HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2747680 2013-09-21] ()
HKLM-x32\...\Run: [SoundMAXPnP] => C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [1314816 2009-04-23] (Analog Devices, Inc.)
HKLM-x32\...\Run: [AdobeCS4ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712 2008-08-14] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [37232 2008-06-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [640376 2008-06-11] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Adobe_ID0ENQBO] => C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe [378224 2008-08-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [RegTool] => C:\Program Files (x86)\Gemalto\Classic Client\BIN\RegTool.exe [943104 2012-07-02] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM\...\Policies\Explorer: [NoWelcomeScreen] 1
HKU\S-1-5-21-384575526-2649865645-2130750055-1145\...\Run: [CNAP2 Launcher] => C:\Windows\system32\spool\DRIVERS\x64\3\CNAP2LAK.EXE [226784 2010-10-15] (CANON INC.)
HKU\S-1-5-21-384575526-2649865645-2130750055-1145\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7780120 2015-01-06] (SUPERAntiSpyware)
HKU\S-1-5-21-384575526-2649865645-2130750055-1145\...\Run: [GoogleDriveSync] => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
HKU\S-1-5-21-384575526-2649865645-2130750055-1145\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22065760 2014-10-01] (Skype Technologies S.A.)
HKU\S-1-5-21-384575526-2649865645-2130750055-1145\...\RunOnce: [Application Restart #3] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [854344 2014-10-01] (Google Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snagit 9.lnk
ShortcutTarget: Snagit 9.lnk -> C:\Program Files (x86)\TechSmith\Snagit 9\Snagit32.exe (TechSmith Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SolidWorks Background Downloader.lnk
ShortcutTarget: SolidWorks Background Downloader.lnk -> C:\Program Files (x86)\Common Files\SolidWorks Installation Manager\BackgroundDownloading\sldBgDwld.exe (Dassault Systèmes SolidWorks Corp.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start 3DxWare.lnk
ShortcutTarget: Start 3DxWare.lnk -> C:\Program Files\3Dconnexion\3Dconnexion 3DxSoftware\3DxWare64\3dxsrv.exe (3Dconnexion, INC)
Startup: C:\Users\benvanderlinde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\benvanderlinde\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\benvanderlinde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-384575526-2649865645-2130750055-1145\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/en-au/?ocid=iehp
HKU\S-1-5-21-384575526-2649865645-2130750055-1145\Software\Microsoft\Internet Explorer\Main,Start Page = 
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\Snagit 9\DLLx64\SnagitBHO64.dll (TechSmith Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\Snagit 9\SnagitBHO.dll (TechSmith Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitIEAddin.dll (TechSmith Corporation)
DPF: HKLM-x32 {1ABA5FAC-1417-422B-BA82-45C35E2C908B} http://kitchenplanner.ikea.com/au/Core/Player/2020PlayerAX_IKEA_Win32.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.5 192.168.1.1
Tcpip\..\Interfaces\{7790CD42-5136-4754-8FAD-5E4EDA3E0F3B}: [NameServer] 198.142.0.51 211.29.132.12
Tcpip\..\Interfaces\{B3465B0D-177C-4651-B5E8-0811A284C738}: [NameServer] 192.168.1.5,192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\benvanderlinde\AppData\Roaming\Mozilla\Firefox\Profiles\tt2s1xv8.default
FF Plugin: @3ds.com/3dxml -> C:\Program Files\Dassault Systemes\3D XML Player\win_b64\code\bin\NP3DXMLPlugin.dll ()
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @3ds.com/3dxml -> C:\Program Files\Dassault Systemes\3D XML Player\win_b64\code\bin32\NP3DXMLPlugin.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nullsoft.com/winampDetector;version=1 -> C:\Program Files (x86)\Winamp Detect\npwachk.dll (Nullsoft, Inc.)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.10 -> C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.0.0.6 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Screengrab  (fix version) - C:\Users\benvanderlinde\AppData\Roaming\Mozilla\Firefox\Profiles\tt2s1xv8.default\Extensions\{02450914-cdd9-410f-b1da-db004e18c671}.xpi [2014-09-23]
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\benvanderlinde\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\benvanderlinde\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-02]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\benvanderlinde\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-06]
CHR Extension: (YouTube) - C:\Users\benvanderlinde\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-02]
CHR Extension: (Google Search) - C:\Users\benvanderlinde\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-02]
CHR Extension: (Google Wallet) - C:\Users\benvanderlinde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-02]
CHR Extension: (Gmail) - C:\Users\benvanderlinde\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-02]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-09-08] (SUPERAntiSpyware.com)
S3 Adobe Version Cue CS4; C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [284016 2008-08-15] (Adobe Systems Incorporated)
R2 GslShmSrvc; C:\Program Files (x86)\Gemalto\Classic Client\BIN\GslShmSrvc.exe [85504 2011-05-12] (Gemalto) [File not signed]
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-15] ()
R2 KeyShot4 Render Slave; C:\Program Files\KeyShot4 Network Rendering\keyshot4_network_slave_watchdog.exe [59904 2013-06-26] () [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 NVWMI; C:\Windows\system32\nvwmi64.exe [1248544 2013-09-21] (NVIDIA Corporation)
S2 Optus Mobile Broadband. RunOuc; C:\Program Files (x86)\Optus Mobile Broadband\UpdateDog\ouc.exe [655744 2012-06-28] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2009-10-21] (CACE Technologies, Inc.)
S3 SolidWorks Licensing Service; C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2012-07-11] (SolidWorks) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 GemCCID; C:\Windows\System32\DRIVERS\GemCCID.sys [119680 2009-08-10] (Gemalto)
S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [238080 2012-06-06] (Huawei Technologies Co., Ltd.)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-09] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [47632 2009-10-21] (CACE Technologies, Inc.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-23] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2099-08-18 11:58 - 2014-04-29 11:31 - 00000000 ____D () C:\Users\benvanderlinde\Documents\ben
2099-08-17 15:55 - 2013-09-02 15:55 - 00000000 ____D () C:\products (Cad-5)
2099-08-08 11:13 - 2014-12-16 14:02 - 00000000 ____D () C:\Users\benvanderlinde\Documents\Demain
2099-08-08 11:13 - 2013-09-02 15:37 - 00000000 ____D () C:\Users\benvanderlinde\Documents\Snag It! 9
2015-01-12 10:55 - 2015-01-12 10:55 - 00019456 _____ () C:\Users\benvanderlinde\Desktop\FRST.txt
2015-01-09 14:58 - 2015-01-09 14:58 - 01078368 _____ () C:\Users\benvanderlinde\Downloads\Setup.exe
2015-01-09 14:18 - 2015-01-09 14:19 - 00000000 ____D () C:\Users\benvanderlinde\Desktop\pdf
2015-01-09 14:18 - 2015-01-09 14:18 - 00000000 ____D () C:\Users\benvanderlinde\Desktop\edraw
2015-01-09 14:16 - 2015-01-09 14:19 - 00000000 ____D () C:\Users\benvanderlinde\Desktop\xls
2015-01-09 14:16 - 2015-01-09 14:19 - 00000000 ____D () C:\Users\benvanderlinde\Desktop\word
2015-01-09 13:42 - 2015-01-09 13:42 - 00000000 ____D () C:\Windows\ERUNT
2015-01-09 13:36 - 2015-01-09 13:36 - 01707939 _____ (Thisisu) C:\Users\benvanderlinde\Desktop\JRT.exe
2015-01-09 12:34 - 2015-01-09 12:34 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\benvanderlinde\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-09 12:29 - 2015-01-09 12:29 - 02191360 _____ () C:\Users\benvanderlinde\Downloads\AdwCleaner.exe
2015-01-08 10:08 - 2015-01-08 10:08 - 02124288 _____ (Farbar) C:\Users\benvanderlinde\Desktop\FRST64 (1).exe
2015-01-07 17:35 - 2015-01-07 17:40 - 00710685 ____H () C:\Users\benvanderlinde\Documents\~WRL1157.tmp
2015-01-07 14:34 - 2015-01-07 14:35 - 00688992 ____R (Swearware) C:\Users\benvanderlinde\Downloads\dds.com
2015-01-07 14:25 - 2015-01-07 14:25 - 00165376 _____ () C:\Users\benvanderlinde\Downloads\SystemLook_x64.exe
2015-01-07 14:24 - 2015-01-07 14:24 - 00380416 _____ () C:\Users\benvanderlinde\Downloads\dfv7ddi3.exe
2015-01-07 14:23 - 2014-12-12 00:46 - 04187592 _____ (Kaspersky Lab ZAO) C:\Users\benvanderlinde\Desktop\TDSSKiller.exe
2015-01-07 14:19 - 2015-01-07 14:19 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\benvanderlinde\Downloads\revosetup.exe
2015-01-07 14:18 - 2015-01-07 14:18 - 04166770 _____ () C:\Users\benvanderlinde\Downloads\tdsskiller.zip
2015-01-07 14:17 - 2015-01-08 10:18 - 00034186 _____ () C:\Users\benvanderlinde\Downloads\Addition.txt
2015-01-07 14:16 - 2015-01-12 10:55 - 00000000 ____D () C:\FRST
2015-01-07 14:16 - 2015-01-08 10:18 - 00040096 _____ () C:\Users\benvanderlinde\Downloads\FRST.txt
2015-01-07 14:16 - 2015-01-07 14:16 - 02123776 _____ (Farbar) C:\Users\benvanderlinde\Downloads\FRST64.exe
2015-01-06 10:29 - 2015-01-06 10:30 - 02173952 _____ () C:\Users\benvanderlinde\Desktop\AdwCleaner.exe
2015-01-05 16:55 - 2015-01-06 08:37 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-01-05 08:47 - 2015-01-05 08:47 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2014-12-17 09:59 - 2014-12-17 09:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-12-17 09:58 - 2014-12-17 09:59 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-12-16 10:56 - 2014-10-15 09:43 - 06468614 _____ () C:\Users\benvanderlinde\Desktop\b046-5001_03_asm.stp
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-12 10:55 - 2013-07-18 18:20 - 00000000 ____D () C:\Users\Public\Documents\KeyShot 4 Network Resources
2015-01-12 10:55 - 2012-10-17 17:13 - 00000419 _____ () C:\Windows\BRWMARK.INI
2015-01-12 10:55 - 2012-10-17 17:13 - 00000027 _____ () C:\Windows\BRPP2KA.INI
2015-01-12 10:54 - 2013-09-02 12:37 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-12 10:52 - 2009-07-14 16:13 - 00786598 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-12 10:50 - 2013-09-02 17:19 - 00000000 ____D () C:\Users\benvanderlinde\AppData\Roaming\Skype
2015-01-12 10:50 - 2013-09-02 12:37 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-01-12 10:50 - 2013-09-02 12:37 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-01-12 10:50 - 2013-09-02 12:37 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-12 10:49 - 2014-09-03 17:06 - 00000000 ___RD () C:\Users\benvanderlinde\Dropbox
2015-01-12 10:49 - 2014-09-03 16:56 - 00000000 ____D () C:\Users\benvanderlinde\AppData\Roaming\Dropbox
2015-01-12 10:49 - 2014-01-31 09:34 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-01-12 10:48 - 2012-09-10 12:04 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-12 10:48 - 2012-07-11 15:26 - 00205994 _____ () C:\Windows\PFRO.log
2015-01-12 10:48 - 2012-07-11 12:53 - 00000168 _____ () C:\Windows\system32\config\netlogon.ftl
2015-01-12 10:48 - 2009-07-14 16:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-12 10:48 - 2009-07-14 15:51 - 00077584 _____ () C:\Windows\setupact.log
2015-01-12 10:47 - 2012-07-11 11:52 - 01315992 _____ () C:\Windows\WindowsUpdate.log
2015-01-12 10:43 - 2009-10-14 16:49 - 00000000 ____D () C:\Users\benvanderlinde\Documents\outlook
2015-01-12 10:14 - 2014-12-11 14:05 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-12 09:57 - 2012-07-11 13:28 - 00000936 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-384575526-2649865645-2130750055-1614UA.job
2015-01-12 07:57 - 2012-07-11 13:28 - 00000884 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-384575526-2649865645-2130750055-1614Core.job
2015-01-09 15:16 - 2013-09-18 14:15 - 00000000 ____D () C:\Users\benvanderlinde\AppData\Local\TempSWBackupDirectory
2015-01-09 15:06 - 2013-09-02 12:15 - 00000000 ____D () C:\Users\benvanderlinde\AppData\Roaming\SolidWorks
2015-01-09 13:59 - 2012-07-11 15:45 - 00000000 ____D () C:\Program Files\Common Files\SolidWorks Shared
2015-01-09 12:39 - 2009-07-14 15:45 - 00025616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-09 12:39 - 2009-07-14 15:45 - 00025616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-09 12:36 - 2014-12-11 15:39 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-09 12:36 - 2014-06-30 14:57 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-09 12:36 - 2014-06-30 14:34 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-09 12:31 - 2014-12-12 12:10 - 00000000 ____D () C:\AdwCleaner
2015-01-06 09:17 - 2014-01-17 12:23 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-06 09:16 - 2014-07-22 11:11 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-01-06 09:16 - 2014-07-22 11:11 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-06 09:10 - 2013-02-12 16:41 - 00000000 ____D () C:\wamp
2014-12-31 22:14 - 2012-07-11 12:09 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-12-17 09:58 - 2012-07-11 14:04 - 00000000 ____D () C:\ProgramData\Skype
2014-12-17 09:44 - 2009-07-14 16:32 - 00000000 ____D () C:\Windows\Performance
2014-12-15 09:09 - 2014-09-03 16:58 - 00000000 ____D () C:\Users\benvanderlinde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
 
Some content of TEMP:
====================
C:\Users\benvanderlinde\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp3s63gv.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-05 09:58
 
==================== End Of Log ============================


#13 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,045 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:00 PM

Posted 11 January 2015 - 07:30 PM

Hey,
I'm waiting for the other logs. :)

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#14 bvdl75

bvdl75
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:07:00 AM

Posted 11 January 2015 - 07:53 PM

ESET Log

 

C:\AdwCleaner\Quarantine\C\Users\benvanderlinde\AppData\Local\Google\Chrome\User Data\Default\Extensions\gemgfmimjojempmloiejhfobjmpfailb\2.0\CH0NdUhVp.js.vir JS/Kryptik.ATB trojan cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\benvanderlinde\AppData\Local\Google\Chrome\User Data\Default\Extensions\gemgfmimjojempmloiejhfobjmpfailb\2.0\lsdb.js.vir JS/Kryptik.ATB trojan cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\benvanderlinde\AppData\Roaming\Mozilla\Firefox\Profiles\tt2s1xv8.default\Extensions\E5vO@Z7.com\content\bg.js.vir JS/Kryptik.ATB trojan cleaned by deleting - quarantined
C:\Users\benvanderlinde\Downloads\Setup.exe a variant of Win32/SoftPulse.U potentially unwanted application deleted - quarantined
 
Note last line is the file that was downloaded when I opened the browser to run ESET. 


#15 bvdl75

bvdl75
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:07:00 AM

Posted 11 January 2015 - 07:56 PM

Ok opened a clean chrome browser went straight to national newspaper to test and instantly got flash message attached.

so same problem is still persisting.  If you have time I would like to understand what the script did.

Thanks

Ben

Attached Files

  • Attached File  bug.png   311.52KB   1 downloads





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users