Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with various Malware and possible virus


  • This topic is locked This topic is locked
15 replies to this topic

#1 Vladdermuis

Vladdermuis

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Schinnen, The Netherlands
  • Local time:07:07 PM

Posted 11 January 2015 - 02:08 PM

Dear,

 

I was following this thread about the Cryptolocker virus (http://www.bleepingcomputer.com/forums/t/561970/new-pclock-cryptolocker-ransomware-discovered/page-20#entry3592849)

And i was trying to regain my files by using the tool from Fabian..now he told me my system supposedly is infected with alot more Malware types and asked me to write it here..

So i hope you can help me..(Attach and DDS.txt are in the attachment)

Also upon opening Fabian's newest tool version i got http://postimg.org/image/kwegxxo7r/ message wich i could not get away

Thanks in Advance (ALOT)

Regards,

Tim

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17207  BrowserJavaVersion: 10.67.2
Run by Stoeperd at 19:37:46 on 2015-01-11
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.4094.2273 [GMT 1:00]
.
AV: Kaspersky Internet Security *Enabled/Updated* {179979E8-273D-D14E-0543-2861940E4886}
SP: Kaspersky Internet Security *Enabled/Updated* {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security *Enabled* {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\EscSvc64.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
C:\Windows\System32\StikyNot.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2wizard.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com
mSearch Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com
mWinlogon: Userinit = userinit.exe,
BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
uRun: [taskkill] "C:\Users\Stoeperd\AppData\Roaming\Microsoft\Windows\IEUpdate\taskkill.exe"
uRun: [Okhrics] C:\Windows\SysWOW64\regsvr32.exe C:\Users\Stoeperd\AppData\Local\Ihnsoft\Wmdrnt5.dll
uRunOnce: [Uninstall C:\Users\Stoeperd\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64] C:\Windows\System32\cmd.exe /q /c rmdir /s /q "C:\Users\Stoeperd\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64"
mRun: [Codec Settings UAC Manager] "C:\Windows\System32\C2MP\CodecUACManager.exe"
mRun: [StartCCC] "C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
mRun: [emsisoft anti-malware] "C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe" /d=60
StartupFolder: C:\Users\Stoeperd\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\taskkill.lnk - C:\Users\Stoeperd\AppData\Roaming\Microsoft\Windows\IEUpdate\taskkill.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CODECP~1.LNK - C:\Windows\SysWOW64\C2MP\UpdateChecker.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\TP-LIN~1.LNK - C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:60
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ie_banner_deny.htm
IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{9D9888D8-D9CB-4BDC-831F-D1218E0B718B} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{AD9CBA25-C1A3-4D51-BE9D-D29ABEB383AA} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{E268E767-4A7E-4D74-AA10-CA13B0113B97} : DHCPNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-mStart Page = hxxp://www.nationzoom.com/?type=hp&ts=1387216613&from=ild&uid=SAMSUNGXHD080HJ_S08EJ10L400307
x64-mSearch Page = hxxp://www.nationzoom.com/web/?type=ds&ts=1387216613&from=ild&uid=SAMSUNGXHD080HJ_S08EJ10L400307&q={searchTerms}
x64-mDefault_Page_URL = hxxp://www.nationzoom.com/?type=hp&ts=1387216613&from=ild&uid=SAMSUNGXHD080HJ_S08EJ10L400307
x64-mDefault_Search_URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1387216613&from=ild&uid=SAMSUNGXHD080HJ_S08EJ10L400307&q={searchTerms}
x64-BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
x64-BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll
x64-BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
x64-IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Stoeperd\AppData\Roaming\Mozilla\Firefox\Profiles\ke4rnwa4.default\
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Nitro\Reader 3\npdf.dll
FF - plugin: C:\Program Files (x86)\Nitro\Reader 3\npnitroie.dll
FF - plugin: C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll
.
============= SERVICES / DRIVERS ===============
.
R1 A2DDA;A2 Direct Disk Access Support Driver;C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [2015-1-11 26176]
R1 a2injectiondriver;a2injectiondriver;C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [2015-1-11 45208]
R1 a2util;a-squared Malware-IDS utility driver;C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [2015-1-11 23088]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-3-8 283200]
R1 JSWPSLWF;JumpStart Wireless Filter Driver;C:\Windows\System32\drivers\jswpslwfx.sys [2014-5-29 26624]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2013-6-10 29792]
R1 klpd;klpd;C:\Windows\System32\drivers\klpd.sys [2013-4-12 15456]
R1 kltdi;kltdi;C:\Windows\System32\drivers\kltdi.sys [2013-5-14 55904]
R1 kneps;kneps;C:\Windows\System32\drivers\kneps.sys [2013-6-6 178272]
R2 a2AntiMalware;Emsisoft Protection Service;C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [2015-1-11 4920104]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2014-11-21 244736]
R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [2013-6-17 214512]
R2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2013-9-30 151648]
R2 EpsonScanSvc;Epson Scanner Service;C:\Windows\System32\escsvc64.exe [2013-9-30 135824]
R2 NitroReaderDriverReadSpool3;NitroPDFReaderDriverCreatorReadSpool3;C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [2013-1-14 230416]
R3 a2acc;a2acc;C:\Program Files (x86)\Emsisoft Anti-Malware\a2accx64.sys [2015-1-11 71472]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2014-6-21 94720]
R3 cleanhlp;cleanhlp;C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [2015-1-11 57024]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\Windows\System32\drivers\klkbdflt.sys [2013-5-5 29280]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2013-5-5 29280]
R3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver;C:\Windows\System32\drivers\Rtnic64.sys [2008-7-22 60416]
R3 RTL8192cu;300Mbps Wireless USB Adapter;C:\Windows\System32\drivers\RTL8192cu.sys [2014-5-29 926824]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 athrusb;Atheros Wireless LAN USB device driver;C:\Windows\System32\drivers\athrxusb.sys [2007-4-20 1037312]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2014-8-12 58056]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2014-3-31 1512640]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-7-22 111616]
S3 ivusb;Initio Driver for USB Default Controller;C:\Windows\System32\drivers\ivusb.sys [2010-7-28 29720]
S3 jswpsapi;JumpStart Wi-Fi Protected Setup;C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\WPS\jswpsapi.exe [2014-5-29 954368]
S3 pwdrvio;pwdrvio;C:\Windows\System32\pwdrvio.sys [2015-1-6 19152]
S3 pwdspio;pwdspio;C:\Windows\System32\pwdspio.sys [2015-1-6 12504]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-1-24 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-1-28 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-1-27 1255736]
S4 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2013-3-3 1038088]
S4 HitmanProScheduler;HitmanPro Scheduler;C:\Program Files\HitmanPro\hmpsched.exe [2014-1-18 127752]
S4 klflt;klflt;C:\Windows\System32\drivers\klflt.sys [2015-1-6 115296]
.
=============== Created Last 30 ================
.
2015-01-11 16:55:21 -------- d-----w- C:\ProgramData\Emsisoft
2015-01-11 16:32:20 77312 ----a-w- C:\Windows\System32\eamclean.exe
2015-01-11 16:08:06 -------- d-----w- C:\Program Files (x86)\Emsisoft Anti-Malware
2015-01-10 14:45:48 11870360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4B17F230-9D35-452F-A2ED-BB4E41CBC847}\mpengine.dll
2015-01-07 01:40:17 -------- d-----w- C:\Log
2015-01-06 21:25:15 74703 ----a-w- C:\Windows\SysWow64\mfc45.dat
2015-01-06 21:06:23 -------- d-----w- C:\Users\Stoeperd\AppData\Local\Wondershare
2015-01-06 21:06:16 -------- d-----w- C:\Program Files (x86)\Common Files\Wondershare
2015-01-06 21:06:05 -------- d-----w- C:\Program Files (x86)\Wondershare
2015-01-06 20:35:05 110176 ----a-w- C:\Windows\System32\klfphc.dll
2015-01-06 20:33:41 -------- d-----w- C:\Windows\ELAMBKUP
2015-01-06 20:33:32 -------- d-----w- C:\Program Files (x86)\Kaspersky Lab
2015-01-06 20:33:17 115296 ----a-w- C:\Windows\System32\drivers\klflt.sys
2015-01-06 19:48:20 290304 ----a-w- C:\Windows\SysWow64\subinacl.exe
2015-01-06 19:48:17 -------- d-----w- C:\Program Files\Common Files\Microsoft
2015-01-06 19:48:17 -------- d-----w- C:\Program Files\Adware-Removal-Tool
2015-01-06 18:54:38 53248 ----a-w- C:\Windows\SysWow64\zlib.dll
2015-01-06 18:54:37 -------- d-----w- C:\ProgramData\Foolish IT
2015-01-06 18:54:36 -------- d-----w- C:\Program Files (x86)\Foolish IT
2015-01-06 18:14:34 3050808 ----a-w- C:\Windows\System32\pwNative.exe
2015-01-06 18:14:33 19152 ------w- C:\Windows\System32\pwdrvio.sys
2015-01-06 18:14:33 12504 ------w- C:\Windows\System32\pwdspio.sys
2015-01-06 18:14:04 -------- d-----w- C:\Program Files (x86)\MiniTool Partition Wizard Home Edition 8.1.1
2015-01-06 04:20:14 -------- d-----w- C:\sh4ldr
2014-12-14 00:37:43 -------- d-----w- C:\AMD
.
==================== Find3M  ====================
.
2015-01-06 21:20:17 29280 ----a-w- C:\Windows\System32\drivers\klmouflt.sys
2015-01-06 21:20:17 178272 ----a-w- C:\Windows\System32\drivers\kneps.sys
2015-01-06 21:20:16 29792 ----a-w- C:\Windows\System32\drivers\klim6.sys
2015-01-06 21:20:16 29280 ----a-w- C:\Windows\System32\drivers\klkbdflt.sys
2015-01-06 21:20:15 458336 ----a-w- C:\Windows\System32\drivers\kl1.sys
2015-01-06 03:36:02 298120 ------w- C:\Windows\System32\MpSigStub.exe
2014-12-09 21:17:30 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-12-09 21:17:29 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-11-21 02:43:56 7558816 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2014-11-21 02:43:50 7077776 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2014-11-21 02:43:42 8379720 ----a-w- C:\Windows\System32\atiumd6a.dll
2014-11-21 02:43:38 8369408 ----a-w- C:\Windows\System32\atiumd64.dll
2014-11-21 02:41:36 294600 ----a-w- C:\Windows\System32\drivers\amdacpksd.sys
2014-11-21 02:40:00 18959360 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2014-11-21 02:33:12 235008 ----a-w- C:\Windows\System32\clinfo.exe
2014-11-21 02:33:06 98816 ----a-w- C:\Windows\System32\OpenVideo64.dll
2014-11-21 02:33:06 83456 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2014-11-21 02:33:04 86528 ----a-w- C:\Windows\System32\OVDecode64.dll
2014-11-21 02:33:02 73216 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2014-11-21 02:33:00 47899136 ----a-w- C:\Windows\System32\amdocl64.dll
2014-11-21 02:32:08 40987136 ----a-w- C:\Windows\SysWow64\amdocl.dll
2014-11-21 02:31:18 65024 ----a-w- C:\Windows\System32\OpenCL.dll
2014-11-21 02:31:16 58880 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2014-11-21 02:24:50 28354560 ----a-w- C:\Windows\System32\atio6axx.dll
2014-11-21 02:19:36 23621632 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2014-11-21 02:19:26 49664 ----a-w- C:\Windows\System32\amdmmcl6.dll
2014-11-21 02:19:22 38912 ----a-w- C:\Windows\SysWow64\amdmmcl.dll
2014-11-21 02:18:46 127488 ----a-w- C:\Windows\System32\mantle64.dll
2014-11-21 02:18:42 113664 ----a-w- C:\Windows\SysWow64\mantle32.dll
2014-11-21 02:18:36 5837312 ----a-w- C:\Windows\System32\amdmantle64.dll
2014-11-21 02:17:04 367104 ----a-w- C:\Windows\System32\atiapfxx.exe
2014-11-21 02:17:02 62464 ----a-w- C:\Windows\System32\aticalrt64.dll
2014-11-21 02:17:02 52224 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2014-11-21 02:16:58 55808 ----a-w- C:\Windows\System32\aticalcl64.dll
2014-11-21 02:16:58 49152 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2014-11-21 02:16:52 15716352 ----a-w- C:\Windows\System32\aticaldd64.dll
2014-11-21 02:16:04 14302208 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2014-11-21 02:15:42 4590592 ----a-w- C:\Windows\SysWow64\amdmantle32.dll
2014-11-21 02:13:12 91648 ----a-w- C:\Windows\System32\mantleaxl64.dll
2014-11-21 02:13:10 85504 ----a-w- C:\Windows\SysWow64\mantleaxl32.dll
2014-11-21 02:12:50 442368 ----a-w- C:\Windows\System32\atidemgy.dll
2014-11-21 02:12:50 31232 ----a-w- C:\Windows\System32\atimuixx.dll
2014-11-21 02:12:48 774656 ----a-w- C:\Windows\System32\atieclxx.exe
2014-11-21 02:12:40 244736 ----a-w- C:\Windows\System32\atiesrxx.exe
2014-11-21 02:12:26 190976 ----a-w- C:\Windows\System32\atitmm64.dll
2014-11-21 02:10:02 843776 ----a-w- C:\Windows\System32\coinst_14.50.dll
2014-11-21 02:09:58 95744 ----a-w- C:\Windows\System32\amdave64.dll
2014-11-21 02:09:56 90112 ----a-w- C:\Windows\SysWow64\amdave32.dll
2014-11-21 02:09:46 89088 ----a-w- C:\Windows\System32\atisamu64.dll
2014-11-21 02:09:44 80896 ----a-w- C:\Windows\SysWow64\atisamu32.dll
2014-11-21 02:09:06 1214976 ----a-w- C:\Windows\System32\atiadlxx.dll
2014-11-21 02:09:04 903168 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2014-11-21 02:09:00 75264 ----a-w- C:\Windows\System32\atig6pxx.dll
2014-11-21 02:09:00 69632 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2014-11-21 02:09:00 69632 ----a-w- C:\Windows\System32\atiglpxx.dll
2014-11-21 02:08:58 146944 ----a-w- C:\Windows\System32\atig6txx.dll
2014-11-21 02:08:56 133632 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2014-11-21 02:08:54 589312 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2014-11-21 02:08:54 43520 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2014-11-20 20:36:32 51200 ----a-w- C:\Windows\System32\kdbsdk64.dll
2014-11-20 20:35:00 38912 ----a-w- C:\Windows\SysWow64\kdbsdk32.dll
.
============= FINISH: 19:41:27.07 ===============

Attached Files


Edited by xXToffeeXx, 11 January 2015 - 02:28 PM.
Posted log in topic~


BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:07 PM

Posted 12 January 2015 - 05:24 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

  • Important: To help me reviewing your logs, please post them in code boxes. You can create them by clicking on the <>-symbol on top of the reply window.

 
 
 
 
HijackThis is not the preferred initial scanning tool in this forum. With today's malware, a more comprehensive set of logs is required to determine the presence of malware.
 
 
  
Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)
 
  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.

 
 
Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.
  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )
  • Leave everything else as it is.
  • Close all other running programs as well as your Browser.
  • Click the Scan button & wait for it to finish.
  • Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop.
  • Please post the content of the ark.txt here.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.zip and extract to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt


Please attach this file to your next reply.
 


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 Vladdermuis

Vladdermuis
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Schinnen, The Netherlands
  • Local time:07:07 PM

Posted 12 January 2015 - 08:35 AM

Dear Marius,

 

First off all thanks a bunch for taking time to help me.

I hope i post things the right way as you wanted..if not, let me know

Here is the first log of FRST FRST.txt;

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-01-2015
Ran by Stoeperd (administrator) on STOEPERD-PC on 12-01-2015 13:43:08
Running from C:\Users\Stoeperd\Downloads
Loaded Profiles: Stoeperd &  (Available profiles: Stoeperd)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English

(United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-

farbar-recovery-scan-tool/

==================== Processes (Whitelisted)

=================

(If an entry is included in the fixlist, the process will be closed. The file will not

be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware

\a2service.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky

Internet Security 14.0.0\avp.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3

SSRP\E_S50RPB.EXE
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader

\3.0\NitroPDFReaderDriverService3x64.exe
(NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\nTune

\nTuneService.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky

Internet Security 14.0.0\avpui.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-

Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static

\CCC.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted)

==================

(If an entry is included in the fixlist, the registry item will be restored to default

or removed. The file will not be moved.)

HKLM\...\Run: [Logitech Download Assistant] => C:\Windows

\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [Codec Settings UAC Manager] => C:\Windows

\SysWOW64\C2MP\CodecUACManager.exe [58648 2014-09-28] ()
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE

\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro

Devices, Inc.)
HKLM-x32\...\Run: [emsisoft anti-malware] => c:\program files

(x86)\emsisoft anti-malware\a2guard.exe [4997872 2014-12-31] (Emsisoft

GmbH)
HKU\S-1-5-21-851193894-3643958169-3096722647-1001\...\Run: [DAEMON

Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3674320

2013-01-08] (DT Soft Ltd)
HKU\S-1-5-21-851193894-3643958169-3096722647-1001\...\Run:

[RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520

2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-851193894-3643958169-3096722647-1001\...\Run: [taskkill]

=> "C:\Users\Stoeperd\AppData\Roaming\Microsoft\Windows\IEUpdate

\taskkill.exe"
HKU\S-1-5-21-851193894-3643958169-3096722647-1001\...\Run: [Okhrics]

=> C:\Windows\SysWOW64\regsvr32.exe C:\Users\Stoeperd\AppData

\Local\Ihnsoft\Wmdrnt5.dll
HKU\S-1-5-21-851193894-3643958169-3096722647-1001\...\RunOnce:

[Uninstall C:\Users\Stoeperd\AppData\Local\Microsoft\SkyDrive

\17.3.1171.0714\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s

/q "C:\Users\Stoeperd\AppData\Local\Microsoft\SkyDrive

\17.3.1171.0714\amd64"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

\CodecPackUpdateChecker.lnk
ShortcutTarget: CodecPackUpdateChecker.lnk -> C:\Windows

\SysWOW64\C2MP\UpdateChecker.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

\TP-LINK Wireless Configuration Utility.lnk
ShortcutTarget: TP-LINK Wireless Configuration Utility.lnk -> C:\Program Files

(x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe ()
Startup: C:\Users\Stoeperd\AppData\Roaming\Microsoft\Windows\Start

Menu\Programs\Startup\taskkill.lnk
ShortcutTarget: taskkill.lnk -> C:\Users\Stoeperd\AppData\Roaming

\Microsoft\Windows\IEUpdate\taskkill.exe (No File)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-

00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [1SecureIconsProvider] -> {FC9D8189-520A-

4417-AED7-9EAC810C6FBA} => C:\ProgramData\Microsoft\Secure\Icons

\SecureIconsProvider.dll ()

==================== Internet (Whitelisted)

====================

(If an item is included in the fixlist, if it is a registry item it will be removed or

restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://www.nationzoom.com/?

type=hp&ts=1387216613&from=ild&uid=SAMSUNGXHD080HJ_S08EJ10L40030

7
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page

= http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://www.nationzoom.com/web/?

type=ds&ts=1387216613&from=ild&uid=SAMSUNGXHD080HJ_S08EJ10L40030

7&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page

= http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://www.nationzoom.com/?

type=hp&ts=1387216613&from=ild&uid=SAMSUNGXHD080HJ_S08EJ10L40030

7
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer

\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://www.nationzoom.com/web/?

type=ds&ts=1387216613&from=ild&uid=SAMSUNGXHD080HJ_S08EJ10L40030

7&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer

\Main,Default_Search_URL = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page

=
StartMenuInternet: IEXPLORE.EXE - C:\program files (x86)\Internet Explorer

\iexplore.exe
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-

49120163DE86} URL = http://www.nationzoom.com/web/?

type=ds&ts=1387216613&from=ild&uid=SAMSUNGXHD080HJ_S08EJ10L40030

7&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =

http://www.nationzoom.com/web/?

type=ds&ts=1387216613&from=ild&uid=SAMSUNGXHD080HJ_S08EJ10L40030

7&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> {0ECDF796-C2DC-4d79-A620-

CCE0C0A66CC9} URL =
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F}

-> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security

14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky

Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455}

-> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security

14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky

Lab ZAO)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-

5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared

\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} ->

C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security

14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} ->

C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security

14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-

5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet

Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll

(Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-

C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet

Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll

(Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-

D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle

Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-

5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared

\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9}

-> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security

14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-

9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle

Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8}

-> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security

14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No

File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:

\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype

Technologies)
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Stoeperd\AppData\Roaming\Mozilla\Firefox

\Profiles\ke4rnwa4.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed

\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files

\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft

Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows

\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files

(x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:

\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files

(x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files

(x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files

(x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program

Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro

\Reader 3\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files

(x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files

(x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Extension: Adblock Plus - C:\Users\Stoeperd\AppData\Roaming\Mozilla

\Firefox\Profiles\ke4rnwa4.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-

2b9879e08c5d}.xpi [2014-06-26]
FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:

\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security

14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Модуль перевірки посилань - C:\Program Files

(x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt

\url_advisor@kaspersky.com [2015-01-06]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:

\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security

14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Віртуальна клавіатура - C:\Program Files (x86)\Kaspersky

Lab\Kaspersky Internet Security 14.0.0\FFExt

\virtual_keyboard@kaspersky.com [2015-01-06]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:

\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security

14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Модуль блокування небезпечних веб-сайтів - C:\Program Files

(x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt

\content_blocker@kaspersky.com [2015-01-06]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:

\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security

14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab

\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com

[2015-01-06]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:

\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security

14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Безпечні платежі - C:\Program Files (x86)\Kaspersky Lab

\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com

[2015-01-06]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] -

https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbep

gkeaa [Not Found]
CHR HKLM\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:

\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security

14.0.0\ChromeExt\virtkbd.crx [2013-06-17]
CHR HKU\S-1-5-21-851193894-3643958169-3096722647-1001\...\Chrome

\Extension: [begbnpffhnpedhocnobliippgejhjpfp] - No Path
CHR HKLM-x32\...\Chrome\Extension: [afahklpdjhcgffmhcbkckmlcamndbecg]

- No Path
CHR HKLM-x32\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa]

-

https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbep

gkeaa [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] -

C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security

14.0.0\ChromeExt\urladvisor.crx [2013-06-17]
CHR HKLM-x32\...\Chrome\Extension: [epkceaeoekapakgkbcmjghghfbmelhog]

- No Path
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:

\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security

14.0.0\ChromeExt\online_banking_chrome.crx [2013-06-17]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] -

C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security

14.0.0\ChromeExt\content_blocker_chrome.crx [2013-06-17]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] -

C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security

14.0.0\ChromeExt\virtkbd.crx [2013-06-17]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] -

C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security

14.0.0\ChromeExt\ab.crx [2013-06-17]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the

registry. The file will not be moved unless listed separately.)

R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware

\a2service.exe [4920104 2014-12-31] (Emsisoft GmbH)
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security

14.0.0\avp.exe [214512 2015-01-06] (Kaspersky Lab ZAO)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-11]

(Seiko Epson Corporation)
S4 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752

2014-04-05] (SurfRight B.V.)
S3 jswpsapi; C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration

Utility\WPS\jswpsapi.exe [954368 2012-10-25] (Wireless) [File not signed]
R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro

\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-01-14]

(Nitro PDF Software)
R2 nTuneService; C:\Program Files (x86)\NVIDIA Corporation\nTune

\nTuneService.exe [180224 2007-09-04] (NVIDIA) [File not signed]
S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:

{02D4B3F1-FD88-11D1-960D-00805FC79235}

==================== Drivers (Whitelisted)

====================

(If an entry is included in the fixlist, the service will be removed from the

registry. The file will not be moved unless listed separately.)

R3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys

[71472 2014-05-12] (Emsisoft GmbH)
R1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys

[26176 2013-03-28] (Emsisoft GmbH)
R1 a2injectiondriver; C:\Program Files (x86)\Emsisoft Anti-Malware

\a2dix64.sys [45208 2013-09-30] (Emsisoft GmbH)
R1 a2util; C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [23088

2014-05-12] (Emsisoft GmbH)
S3 athrusb; C:\Windows\System32\DRIVERS\athrxusb.sys [1037312 2007-04

-20] (Atheros Communications, Inc.)
R3 cleanhlp; C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys

[57024 2013-12-04] (Emsisoft GmbH)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200

2013-03-08] (DT Soft Ltd)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2015-01-06]

(Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2015-01-06]

(Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625248 2015-01-06]

(Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2015-01-06]

(Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2015-01-06]

(Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2015-01-

06] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12]

(Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14]

(Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2015-01-06]

(Kaspersky Lab ZAO)
R3 NVR0Dev; C:\Windows\nvoclk64.sys [39968 2007-09-04] (NVidia Corp.)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
R3 RTL8023x64; C:\Windows\System32\DRIVERS\Rtnic64.sys [60416 2008-

07-22] (Realtek Semiconductor Corporation                           )
R3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [926824 2012

-10-25] (Realtek Semiconductor Corporation                           )
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [867064 2013-03-08]

(Duplex Secure Ltd.)
S3 efavdrv; \??\C:\Windows\system32\drivers\efavdrv.sys [X]
S4 nvlddmkm; system32\DRIVERS\nvlddmkm.sys [X]
S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\Razer\Razer Game Booster

\Driver\WinRing0x64.sys [X]

==================== NetSvcs (Whitelisted)

===================

(If an item is included in the fixlist, it will be removed from the registry. Any

associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders

========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-12 13:43 - 2015-01-12 13:44 - 00018693 _____ () C:\Users

\Stoeperd\Downloads\FRST.txt
2015-01-12 13:42 - 2015-01-12 13:43 - 00000000 ____D () C:\FRST
2015-01-12 13:32 - 2015-01-12 13:32 - 02124288 _____ (Farbar) C:\Users

\Stoeperd\Downloads\FRST64.exe
2015-01-11 21:30 - 2015-01-11 21:32 - 01032872 _____ (Emsisoft Ltd) C:

\Users\Stoeperd\Downloads\decrypt_pclock2(4).exe
2015-01-11 19:43 - 2015-01-11 19:43 - 00020881 _____ () C:\Users

\Stoeperd\Desktop\DDS.txt
2015-01-11 19:41 - 2015-01-11 19:43 - 00017094 _____ () C:\Users

\Stoeperd\Desktop\Attach.txt
2015-01-11 19:36 - 2015-01-11 19:36 - 00688992 ____R (Swearware) C:

\Users\Stoeperd\Downloads\dds.com
2015-01-11 17:55 - 2015-01-11 17:55 - 00000000 ____D () C:\ProgramData

\Emsisoft
2015-01-11 17:32 - 2015-01-11 17:55 - 00077312 _____ (Emsisoft GmbH) C:

\Windows\system32\eamclean.exe
2015-01-11 17:32 - 2015-01-11 17:55 - 00001766 _____ () C:\Windows

\system32\eamclean.dat
2015-01-11 17:31 - 2015-01-11 17:31 - 01032360 _____ (Emsisoft Ltd) C:

\Users\Stoeperd\Downloads\decrypt_pclock2(3).exe
2015-01-11 17:08 - 2015-01-12 13:41 - 00000000 ____D () C:\Program Files

(x86)\Emsisoft Anti-Malware
2015-01-11 17:08 - 2015-01-11 17:08 - 00001101 _____ () C:\Users\Public

\Desktop\Emsisoft Anti-Malware.lnk
2015-01-11 17:08 - 2015-01-11 17:08 - 00000000 ____D () C:\ProgramData

\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2015-01-11 17:02 - 2015-01-11 17:05 - 172536016 _____ (Emsisoft Ltd. ) C:

\Users\Stoeperd\Downloads\EmsisoftAntiMalwareSetup.exe
2015-01-10 22:47 - 2015-01-10 22:47 - 00968512 _____ (Emsisoft Ltd) C:

\Users\Stoeperd\Downloads\decrypt_pclock2(2).exe
2015-01-10 14:36 - 2015-01-10 14:37 - 00965416 _____ (Emsisoft Ltd) C:

\Users\Stoeperd\Downloads\decrypt_pclock2(1).exe
2015-01-10 00:06 - 2015-01-10 00:06 - 00960272 _____ (Emsisoft Ltd) C:

\Users\Stoeperd\Downloads\decrypt_pclock2.exe
2015-01-09 22:16 - 2015-01-09 22:16 - 00380928 _____ (NathanScott Apps.)

C:\Users\Stoeperd\Downloads\CryptolockerVB6_Patcher.exe
2015-01-09 21:01 - 2015-01-09 21:01 - 00736736 _____ (Emsisoft Ltd) C:

\Users\Stoeperd\Downloads\decrypt_pclock.exe
2015-01-07 21:28 - 2015-01-07 21:28 - 02991832 _____ (ESET) C:\Users

\Stoeperd\Downloads\ERARemover_x64.exe
2015-01-07 21:28 - 2015-01-07 21:28 - 00000000 ____D () C:\ProgramData

\ESET
2015-01-07 20:49 - 2015-01-07 20:49 - 00000180 _____ () C:\Users

\Stoeperd\Desktop\cry.txt
2015-01-07 19:32 - 2015-01-07 19:32 - 04446072 _____ () C:\Users

\Stoeperd\Downloads\Decryptolocker.exe
2015-01-07 13:21 - 2015-01-07 21:51 - 00000000 ____D () C:\Program Files

\Recuva
2015-01-07 13:21 - 2015-01-07 13:21 - 00001628 _____ () C:\Users\Public

\Desktop\Recuva.lnk
2015-01-07 13:21 - 2015-01-07 13:21 - 00000000 ____D () C:\ProgramData

\Microsoft\Windows\Start Menu\Programs\Recuva
2015-01-07 13:01 - 2015-01-07 13:20 - 04210920 _____ (Piriform Ltd) C:

\Users\Stoeperd\Downloads\rcsetup151.exe
2015-01-07 02:40 - 2015-01-07 02:40 - 00000000 ____D () C:\Log
2015-01-07 02:39 - 2015-01-07 02:39 - 03895560 _____ (Stellar Information

Technology Pvt Ltd. ) C:\Users\Stoeperd\Downloads

\StellarPhoenixWindowsDataRecoveryHome.exe
2015-01-06 22:25 - 2015-01-06 22:25 - 00074703 _____ () C:\Windows

\SysWOW64\mfc45.dat
2015-01-06 22:06 - 2015-01-07 13:26 - 00000000 ____D () C:\Program Files

(x86)\Wondershare
2015-01-06 22:06 - 2015-01-06 22:06 - 00000000 ____D () C:\Users

\Stoeperd\Documents\My Data Files
2015-01-06 22:06 - 2015-01-06 22:06 - 00000000 ____D () C:\Users

\Stoeperd\AppData\Local\Wondershare
2015-01-06 22:04 - 2015-01-06 22:05 - 00000000 ____D () C:\Users\Public

\Documents\Wondershare
2015-01-06 22:04 - 2015-01-06 22:04 - 00938568 _____ (Wondershare) C:

\Users\Stoeperd\Downloads\data-recovery_setup_full829.exe
2015-01-06 21:38 - 2015-01-06 22:40 - 00002340 _____ () C:\Users

\Stoeperd\Desktop\Safe Money.lnk
2015-01-06 21:35 - 2015-01-06 21:35 - 00001134 _____ () C:\Users\Public

\Desktop\Kaspersky Internet Security.lnk
2015-01-06 21:35 - 2015-01-06 21:35 - 00000000 ____D () C:\ProgramData

\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
2015-01-06 21:35 - 2013-05-06 09:13 - 00110176 _____ (Kaspersky Lab ZAO)

C:\Windows\system32\klfphc.dll
2015-01-06 21:33 - 2015-01-06 22:20 - 00625248 _____ (Kaspersky Lab ZAO)

C:\Windows\system32\Drivers\klif.sys
2015-01-06 21:33 - 2015-01-06 22:20 - 00115296 _____ (Kaspersky Lab ZAO)

C:\Windows\system32\Drivers\klflt.sys
2015-01-06 21:33 - 2015-01-06 21:33 - 00000000 ____D () C:\Windows

\ELAMBKUP
2015-01-06 21:33 - 2015-01-06 21:33 - 00000000 ____D () C:\Program Files

(x86)\Kaspersky Lab
2015-01-06 20:48 - 2015-01-06 20:48 - 00290304 _____ (Microsoft

Corporation) C:\Windows\SysWOW64\subinacl.exe
2015-01-06 20:48 - 2015-01-06 20:48 - 00000000 ____D () C:\Program Files

\Adware-Removal-Tool
2015-01-06 20:47 - 2015-01-06 20:47 - 00753184 _____ () C:\Users

\Stoeperd\Downloads\Adware-Removal-Tool-v3.9.1.exe
2015-01-06 19:54 - 2015-01-06 19:54 - 00053248 _____ () C:\Windows

\SysWOW64\zlib.dll
2015-01-06 19:54 - 2015-01-06 19:54 - 00000000 ____D () C:\ProgramData

\Microsoft\Windows\Start Menu\Programs\Foolish IT
2015-01-06 19:54 - 2015-01-06 19:54 - 00000000 ____D () C:\ProgramData

\Foolish IT
2015-01-06 19:54 - 2015-01-06 19:54 - 00000000 ____D () C:\Program Files

(x86)\Foolish IT
2015-01-06 19:53 - 2015-01-06 19:53 - 00971528 _____ (Foolish IT LLC ) C:

\Users\Stoeperd\Downloads\CryptoPreventSetup.exe
2015-01-06 19:14 - 2015-01-06 22:55 - 00000000 ____D () C:\Program Files

(x86)\MiniTool Partition Wizard Home Edition 8.1.1
2015-01-06 19:14 - 2015-01-06 19:14 - 00001259 _____ () C:\Users\Public

\Desktop\MiniTool Partition Wizard Home Edition.lnk
2015-01-06 19:14 - 2015-01-06 19:14 - 00000000 ____D () C:\ProgramData

\Microsoft\Windows\Start Menu\Programs\MiniTool Partition Wizard Home

Edition 8.1.1
2015-01-06 19:14 - 2013-09-30 16:26 - 03050808 _____ () C:\Windows

\system32\pwNative.exe
2015-01-06 19:14 - 2013-09-30 16:26 - 00019152 ____N () C:\Windows

\system32\pwdrvio.sys
2015-01-06 19:14 - 2013-09-30 16:26 - 00012504 ____N () C:\Windows

\system32\pwdspio.sys
2015-01-06 19:13 - 2015-01-06 19:13 - 20772800 _____ (MiniTool Solution Ltd.

) C:\Users\Stoeperd\Downloads\pwhe8.exe
2015-01-06 05:20 - 2015-01-06 05:20 - 00000000 ____D () C:\sh4ldr
2015-01-06 00:57 - 2015-01-06 00:57 - 01556188 _____ () C:\Users

\Stoeperd\enc_files.txt
2014-12-17 18:02 - 2014-12-17 18:02 - 00000000 ____D () C:\Program Files

(x86)\Mozilla Firefox
2014-12-14 01:44 - 2014-12-14 01:44 - 00053564 _____ () C:\Windows

\SysWOW64\CCCInstall_201412140144251133.log
2014-12-14 01:44 - 2014-12-14 01:44 - 00000000 ____D () C:\ProgramData

\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2014-12-14 01:44 - 2014-12-14 01:44 - 00000000 ____D () C:\ProgramData

\ATI
2014-12-14 01:39 - 2015-01-07 16:51 - 00000000 ____D () C:\ProgramData

\Microsoft\Windows\Start Menu\Programs\Glyph
2014-12-14 01:39 - 2014-12-14 01:39 - 00000749 _____ () C:\Users

\Stoeperd\Desktop\Glyph.lnk
2014-12-14 01:37 - 2014-12-14 01:37 - 00000000 ____D () C:\AMD

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-12 13:31 - 2013-01-25 00:39 - 00000830 _____ () C:\Windows

\Tasks\Adobe Flash Player Updater.job
2015-01-12 13:29 - 2013-01-25 06:02 - 01051180 _____ () C:\Windows

\WindowsUpdate.log
2015-01-12 04:29 - 2013-01-29 13:55 - 00000000 ____D () C:\ProgramData

\Kaspersky Lab
2015-01-11 21:34 - 2009-07-14 05:45 - 00014224 ____H () C:\Windows

\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-

A289-439d-8115-601632D005A0
2015-01-11 21:34 - 2009-07-14 05:45 - 00014224 ____H () C:\Windows

\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-

A289-439d-8115-601632D005A0
2015-01-11 21:24 - 2014-08-17 00:00 - 00002567 _____ () C:\Windows

\setupact.log
2015-01-11 21:24 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows

\Tasks\SA.DAT
2015-01-11 19:15 - 2014-11-22 20:28 - 00000000 ____D () C:\Users

\Stoeperd\AppData\Local\Ihnsoft
2015-01-11 19:13 - 2014-09-09 17:22 - 00710158 _____ () C:\Windows

\PFRO.log
2015-01-11 17:37 - 2013-01-24 21:53 - 00000000 ____D () C:\Users

\Stoeperd\AppData\Roaming\uTorrent
2015-01-11 15:21 - 2013-02-01 22:30 - 00000000 ____D () C:\Users

\Stoeperd\AppData\Roaming\vlc
2015-01-09 21:09 - 2014-04-06 18:39 - 116661595 _____ () C:\Users

\Stoeperd\Downloads\X2_Series_V3.0.2_Feb18.zip
2015-01-09 21:09 - 2014-03-06 14:15 - 178510306 _____ () C:\Users

\Stoeperd\Downloads\wetransfer-daba13.zip
2015-01-09 21:09 - 2013-11-28 18:08 - 00571070 _____ () C:\Users

\Stoeperd\Downloads\xvi32.zip
2015-01-09 21:09 - 2013-11-10 19:00 - 05333983 _____ () C:\Users

\Stoeperd\Downloads\wing_brush_set_31569.zip
2015-01-09 21:08 - 2014-07-26 00:13 - 00021879 _____ () C:\Users

\Stoeperd\Downloads\Verhaal Het volle maan meisje.zip
2015-01-09 21:08 - 2014-04-12 17:56 - 06189550 _____ () C:\Users

\Stoeperd\Downloads\dlls.zip
2015-01-09 21:08 - 2014-04-12 17:47 - 00428268 _____ () C:\Users

\Stoeperd\Downloads\amtlib.zip
2015-01-09 21:08 - 2014-01-03 06:36 - 00080956 _____ () C:\Users

\Stoeperd\Downloads\RiftMeter-v1.1.8.zip
2015-01-09 21:08 - 2014-01-03 06:26 - 00006675 _____ () C:\Users

\Stoeperd\Downloads\ReDAR-r20.zip
2015-01-09 21:08 - 2013-12-24 22:24 - 00172250 _____ () C:\Users

\Stoeperd\Downloads\Super Meter v 2.02.zip
2015-01-09 21:08 - 2013-12-07 23:52 - 00023856 _____ () C:\Users

\Stoeperd\Downloads\Ondertitel.com-26-Constantine.DVDRip.XviD-DoNE

(Ned.DVD).zip
2015-01-09 21:08 - 2013-11-29 16:53 - 04485454 _____ () C:\Users

\Stoeperd\Downloads\RavioliGameTools_v2.7.zip
2015-01-09 21:08 - 2013-11-29 16:44 - 00734870 _____ () C:\Users

\Stoeperd\Downloads\extr25.zip
2015-01-09 21:08 - 2013-11-10 19:01 - 09059933 _____ () C:\Users

\Stoeperd\Downloads\angel_wing_brush_39395.zip
2015-01-09 21:08 - 2013-11-02 15:59 - 08089542 _____ () C:\Users

\Stoeperd\Downloads\PressPackHalloween (1).zip
2015-01-09 21:08 - 2013-10-13 18:58 - 00023063 _____ () C:\Users

\Stoeperd\Downloads

\Jack.the.Giant.Slayer.2013.720p.BluRay.x264.YIFY&1080p.BluRay.x264-

SPARKS.rar
2015-01-09 21:08 - 2013-10-13 13:57 - 08089542 _____ () C:\Users

\Stoeperd\Downloads\PressPackHalloween.zip
2015-01-09 21:08 - 2013-09-28 22:02 - 00040182 _____ () C:\Users

\Stoeperd\Downloads\EzPlayerPortrait.zip
2015-01-09 21:08 - 2013-09-25 20:15 - 00029104 _____ () C:\Users

\Stoeperd\Downloads\Super Meter v 2.40.zip
2015-01-09 21:08 - 2013-09-25 20:13 - 00935437 _____ () C:\Users

\Stoeperd\Downloads\ImhoBags-0.15beta2.zip
2015-01-09 21:08 - 2013-09-15 20:21 - 01058871 _____ () C:\Users

\Stoeperd\Downloads\myui142.zip
2015-01-09 21:08 - 2013-09-11 23:10 - 00034359 _____ () C:\Users

\Stoeperd\Downloads\Noahs.Ark.1999.zip
2015-01-09 21:08 - 2013-09-05 11:36 - 00194885 _____ () C:\Users

\Stoeperd\Downloads\hjsplit.zip
2015-01-09 21:08 - 2013-07-06 17:14 - 00418409 _____ () C:\Users

\Stoeperd\Downloads\AVG_PC_TuneUp_2013_activator.zip
2015-01-09 21:06 - 2013-11-03 13:46 - 168244019 _____ () C:\Users

\Stoeperd\Downloads\AHalloweenHaunting.zip
2015-01-09 21:05 - 2013-10-12 17:37 - 00000000 ____D () C:\Users

\Stoeperd\Documents\Dracula sticker
2015-01-09 21:05 - 2013-04-02 22:01 - 86278108 _____ () C:\Users

\Stoeperd\Documents\sr-ttpsh1002.rar
2015-01-09 21:04 - 2014-08-09 20:48 - 00021057 _____ () C:\Users

\Stoeperd\Documents\Sjtupid.odt
2015-01-09 21:04 - 2014-07-26 17:19 - 00000000 ____D () C:\ProgramData

\BlueStacksSetup
2015-01-09 21:04 - 2014-06-03 00:14 - 00011007 _____ () C:\Users

\Stoeperd\Zodiac.jpeg
2015-01-09 21:04 - 2014-06-03 00:14 - 00005609 _____ () C:\Users

\Stoeperd\varies.jpeg
2015-01-09 21:04 - 2013-11-29 04:45 - 00027901 _____ () C:\Users

\Stoeperd\Documents\ewwewep.odt
2015-01-09 21:04 - 2013-01-24 21:14 - 00000000 ____D () C:\Users\Stoeperd
2015-01-08 00:22 - 2013-06-15 12:46 - 00000000 ____D () C:\Users

\Stoeperd\AppData\Roaming\RIFT
2015-01-07 22:37 - 2014-07-21 06:47 - 00000000 ____D () C:\Users

\Stoeperd\Desktop\New folder
2015-01-07 16:37 - 2013-05-19 18:59 - 00000000 ____D () C:\Program Files

(x86)\GrabIt
2015-01-07 03:04 - 2013-10-07 00:12 - 00000000 ____D () C:\ProgramData

\GlarySoft
2015-01-07 03:04 - 2013-10-06 17:04 - 00000000 ____D () C:\Users

\Stoeperd\AppData\Roaming\Glarysoft
2015-01-06 22:25 - 2014-03-05 15:02 - 00000000 ____D () C:\ProgramData

\iolo
2015-01-06 22:20 - 2013-06-10 12:27 - 00029792 _____ (Kaspersky Lab ZAO)

C:\Windows\system32\Drivers\klim6.sys
2015-01-06 22:20 - 2013-06-06 17:38 - 00178272 _____ (Kaspersky Lab ZAO)

C:\Windows\system32\Drivers\kneps.sys
2015-01-06 22:20 - 2013-05-06 09:22 - 00458336 _____ (Kaspersky Lab ZAO)

C:\Windows\system32\Drivers\kl1.sys
2015-01-06 22:20 - 2013-05-05 22:42 - 00029280 _____ (Kaspersky Lab ZAO)

C:\Windows\system32\Drivers\klmouflt.sys
2015-01-06 22:20 - 2013-05-05 22:42 - 00029280 _____ (Kaspersky Lab ZAO)

C:\Windows\system32\Drivers\klkbdflt.sys
2015-01-06 21:29 - 2014-08-04 13:27 - 00000000 ____D () C:\ProgramData

\AVAST Software
2015-01-06 21:12 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Public

\Libraries
2015-01-06 20:48 - 2013-01-24 21:30 - 00001159 _____ () C:\ProgramData

\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-06 20:48 - 2013-01-24 21:30 - 00001147 _____ () C:\Users\Public

\Desktop\Mozilla Firefox.lnk
2015-01-06 20:48 - 2013-01-24 21:15 - 00001413 _____ () C:\Users

\Stoeperd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs

\Internet Explorer.lnk
2015-01-06 20:47 - 2013-09-28 23:06 - 00000000 ___HD () C:\Program Files

(x86)\InstallShield Installation Information
2015-01-06 20:13 - 2014-06-25 23:30 - 00000000 ____D () C:\Program Files

\Enigma Software Group
2015-01-06 19:45 - 2009-07-14 06:13 - 00782470 _____ () C:\Windows

\system32\PerfStringBackup.INI
2015-01-06 15:43 - 2014-07-18 23:43 - 00000000 ____D () C:\Users

\Stoeperd\AppData\Local\Glyph
2015-01-06 15:43 - 2014-06-25 01:07 - 00000000 ____D () C:\Program Files

(x86)\Malwarebytes Anti-Malware
2015-01-06 15:43 - 2014-05-29 15:32 - 00000000 ____D () C:\Users

\Stoeperd\AppData\Roaming\TP-LINK
2015-01-06 15:43 - 2014-01-18 22:06 - 00000000 ____D () C:\Program Files

\HitmanPro
2015-01-06 15:43 - 2013-01-24 21:30 - 00000000 ____D () C:\Program Files

(x86)\Mozilla Maintenance Service
2015-01-06 15:43 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows

\registration
2015-01-06 15:43 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows

\AppCompat
2015-01-06 04:36 - 2013-01-24 21:32 - 00298120 ____N (Microsoft

Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-06 00:59 - 2014-04-06 18:39 - 116661595 _____ () C:\Users

\Stoeperd\Downloads\X2_Series_V3.0.2_Feb18.zip.decbak
2015-01-06 00:59 - 2014-03-06 14:15 - 178510306 _____ () C:\Users

\Stoeperd\Downloads\wetransfer-daba13.zip.decbak
2015-01-06 00:59 - 2014-01-10 17:13 - 00049915 _____ () C:\Users

\Stoeperd\Downloads\wijngod Bacchus_(painting).jpg.decbak
2015-01-06 00:59 - 2013-11-28 18:08 - 00571070 _____ () C:\Users

\Stoeperd\Downloads\xvi32.zip.decbak
2015-01-06 00:59 - 2013-11-10 19:00 - 05333983 _____ () C:\Users

\Stoeperd\Downloads\wing_brush_set_31569.zip.decbak
2015-01-06 00:58 - 2014-08-09 20:48 - 00021057 _____ () C:\Users

\Stoeperd\Documents\Sjtupid.odt.decbak
2015-01-06 00:58 - 2014-07-26 00:13 - 00021879 _____ () C:\Users

\Stoeperd\Downloads\Verhaal Het volle maan meisje.zip.decbak
2015-01-06 00:58 - 2014-06-20 20:59 - 00002375 _____ () C:\Users

\Stoeperd\Downloads\70x70.jpg.decbak
2015-01-06 00:58 - 2014-06-04 23:57 - 00473032 _____ () C:\Users

\Stoeperd\DSC04759.JPG.decbak
2015-01-06 00:58 - 2014-06-04 23:57 - 00187154 _____ () C:\Users

\Stoeperd\hh.jpg.decbak
2015-01-06 00:58 - 2014-06-04 23:57 - 00086804 _____ () C:\Users

\Stoeperd\DSC04658k.jpg.decbak
2015-01-06 00:58 - 2014-06-04 19:12 - 00239654 _____ () C:\Users

\Stoeperd\Winged Wolf.jpg.decbak
2015-01-06 00:58 - 2014-06-04 19:12 - 00102208 _____ () C:\Users

\Stoeperd\Screenshot_1.jpg.decbak
2015-01-06 00:58 - 2014-06-03 00:14 - 00011932 _____ () C:\Users

\Stoeperd\Neck tattoo.jpg.decbak
2015-01-06 00:58 - 2014-06-03 00:14 - 00011007 _____ () C:\Users

\Stoeperd\Zodiac.jpeg.decbak
2015-01-06 00:58 - 2014-06-03 00:14 - 00005609 _____ () C:\Users

\Stoeperd\varies.jpeg.decbak
2015-01-06 00:58 - 2014-05-19 07:31 - 00435132 _____ () C:\Users

\Stoeperd\Downloads\912.jpg.decbak
2015-01-06 00:58 - 2014-04-12 17:56 - 06189550 _____ () C:\Users

\Stoeperd\Downloads\dlls.zip.decbak
2015-01-06 00:58 - 2014-04-12 17:47 - 00428268 _____ () C:\Users

\Stoeperd\Downloads\amtlib.zip.decbak
2015-01-06 00:58 - 2014-04-06 17:40 - 00464821 _____ () C:\Users

\Stoeperd\Downloads\death_and_despair.mp3.decbak
2015-01-06 00:58 - 2014-03-22 19:46 - 00018896 _____ () C:\Users

\Stoeperd\Downloads\Good_Morning_Let_5304ac0ee7aab.jpg.decbak
2015-01-06 00:58 - 2014-03-12 03:37 - 00026159 _____ () C:\Users

\Stoeperd\Downloads\Start_With_A_Smi_52fb88fadc940.jpg.decbak
2015-01-06 00:58 - 2014-03-11 05:10 - 00052304 _____ () C:\Users

\Stoeperd\Downloads\vampire-art.jpg.decbak
2015-01-06 00:58 - 2014-02-21 13:12 - 00251392 _____ () C:\Users

\Stoeperd\Downloads\Aan+het+werken+bij+Caradon+Stelrad.doc.decbak
2015-01-06 00:58 - 2014-02-19 19:19 - 00011095 _____ () C:\Users

\Stoeperd\Downloads\images.jpg.decbak
2015-01-06 00:58 - 2014-01-03 06:36 - 00080956 _____ () C:\Users

\Stoeperd\Downloads\RiftMeter-v1.1.8.zip.decbak
2015-01-06 00:58 - 2014-01-03 06:26 - 00006675 _____ () C:\Users

\Stoeperd\Downloads\ReDAR-r20.zip.decbak
2015-01-06 00:58 - 2013-12-24 22:24 - 00172250 _____ () C:\Users

\Stoeperd\Downloads\Super Meter v 2.02.zip.decbak
2015-01-06 00:58 - 2013-12-07 23:52 - 00023856 _____ () C:\Users

\Stoeperd\Downloads\Ondertitel.com-26-Constantine.DVDRip.XviD-DoNE

(Ned.DVD).zip.decbak
2015-01-06 00:58 - 2013-11-30 19:39 - 00322892 _____ () C:\Users

\Stoeperd\Downloads\IMG.jpg.decbak
2015-01-06 00:58 - 2013-11-29 16:53 - 04485454 _____ () C:\Users

\Stoeperd\Downloads\RavioliGameTools_v2.7.zip.decbak
2015-01-06 00:58 - 2013-11-29 16:44 - 00734870 _____ () C:\Users

\Stoeperd\Downloads\extr25.zip.decbak
2015-01-06 00:58 - 2013-11-29 04:45 - 00027901 _____ () C:\Users

\Stoeperd\Documents\ewwewep.odt.decbak
2015-01-06 00:58 - 2013-11-10 19:01 - 09059933 _____ () C:\Users

\Stoeperd\Downloads\angel_wing_brush_39395.zip.decbak
2015-01-06 00:58 - 2013-11-03 13:46 - 168244019 _____ () C:\Users

\Stoeperd\Downloads\AHalloweenHaunting.zip.decbak
2015-01-06 00:58 - 2013-11-02 15:59 - 08089542 _____ () C:\Users

\Stoeperd\Downloads\PressPackHalloween (1).zip.decbak
2015-01-06 00:58 - 2013-10-13 18:58 - 00023063 _____ () C:\Users

\Stoeperd\Downloads

\Jack.the.Giant.Slayer.2013.720p.BluRay.x264.YIFY&1080p.BluRay.x264-

SPARKS.rar.decbak
2015-01-06 00:58 - 2013-10-13 13:57 - 08089542 _____ () C:\Users

\Stoeperd\Downloads\PressPackHalloween.zip.decbak
2015-01-06 00:58 - 2013-09-28 22:02 - 00040182 _____ () C:\Users

\Stoeperd\Downloads\EzPlayerPortrait.zip.decbak
2015-01-06 00:58 - 2013-09-25 20:15 - 00029104 _____ () C:\Users

\Stoeperd\Downloads\Super Meter v 2.40.zip.decbak
2015-01-06 00:58 - 2013-09-25 20:13 - 00935437 _____ () C:\Users

\Stoeperd\Downloads\ImhoBags-0.15beta2.zip.decbak
2015-01-06 00:58 - 2013-09-22 00:08 - 04500317 _____ () C:\Users

\Stoeperd\Downloads\DSCF0220.JPG.decbak
2015-01-06 00:58 - 2013-09-15 20:21 - 01058871 _____ () C:\Users

\Stoeperd\Downloads\myui142.zip.decbak
2015-01-06 00:58 - 2013-09-11 23:10 - 00034359 _____ () C:\Users

\Stoeperd\Downloads\Noahs.Ark.1999.zip.decbak
2015-01-06 00:58 - 2013-09-05 11:36 - 00194885 _____ () C:\Users

\Stoeperd\Downloads\hjsplit.zip.decbak
2015-01-06 00:58 - 2013-07-06 17:14 - 00418409 _____ () C:\Users

\Stoeperd\Downloads\AVG_PC_TuneUp_2013_activator.zip.decbak
2015-01-06 00:58 - 2013-06-16 00:55 - 00280099 _____ () C:\Users

\Stoeperd\Desktop\Archangels MdOggiono.jpg.decbak
2015-01-06 00:58 - 2013-06-16 00:51 - 00095195 _____ () C:\Users

\Stoeperd\Desktop\archangels.jpg.decbak
2015-01-06 00:58 - 2013-05-25 17:35 - 00059392 _____ () C:\Users

\Stoeperd\Downloads\medicijnen.doc.decbak
2015-01-06 00:58 - 2013-04-02 22:01 - 86278108 _____ () C:\Users

\Stoeperd\Documents\sr-ttpsh1002.rar.decbak
2014-12-21 22:27 - 2013-06-15 14:37 - 00000000 ____D () C:\Users

\Stoeperd\Documents\RIFT
2014-12-14 01:44 - 2013-08-30 17:40 - 00000000 ____D () C:\ProgramData

\AMD
2014-12-14 01:43 - 2013-10-05 17:04 - 00000000 ____D () C:\Program Files

(x86)\AMD
2014-12-14 01:39 - 2014-01-12 13:03 - 00000000 ____D () C:\Program Files

\AMD

Some content of TEMP:
====================
C:\Users\Stoeperd\AppData\Local\Temp\HitmanPro.exe
C:\Users\Stoeperd\AppData\Local\Temp\Uninstall.exe


==================== Bamital & volsnap Check

=================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-04 14:21

==================== End Of Log

============================

And the Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-01-2015
Ran by Stoeperd at 2015-01-12 13:45:27
Running from C:\Users\Stoeperd\Downloads
Boot Mode: Normal
====================================================

======


==================== Security Center

========================

(If an entry is included in the fixlist, it will be removed.)

AV: Emsisoft Anti-Malware (Enabled - Up to date) {8504DEEF-CC04-1F76-

2137-F1A5F4A659DA}
AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-

D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-

DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-

DA132C1ACF46}
AS: Emsisoft Anti-Malware (Enabled - Up to date) {3E653F0B-EA3E-10F8-

1B87-CAD78F211367}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-

81546ADD0FFD}

==================== Installed Programs

======================

(Only the adware programs with "hidden" flag could be added to the fixlist to

unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-851193894-3643958169-3096722647-1001\...

\uTorrent) (Version: 3.4.2.34944 - BitTorrent Inc.)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
A Halloween Haunting (HKLM-x32\...\A Halloween Haunting_is1) (Version: 1.1

- Darkling Room)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.1.0.5790 - Adobe Systems

Inc.)
Adobe Anchor Service x64 CS4 (Version: 2.0 - Adobe Systems Incorporated)

Hidden
Adobe CMaps x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe CSI CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Drive CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin)

(Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Fonts All x64 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS4 x64 (Version: 4.0.0 - Adobe Systems Incorporated)

Hidden
Adobe Media Player (HKLM-x32\...

\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1)

(Version: 1.1 - Adobe Systems Incorporated)
Adobe PDF Library Files x64 CS4 (Version: 9.0 - Adobe Systems Incorporated)

Hidden
Adobe Photoshop CS4 (64 Bit) (Version: 11.0 - Adobe Systems Incorporated)

Hidden
Adobe Photoshop CS4 (HKLM-x32\...

\Adobe_faf656ef605427ee2f42989c3ad31b8) (Version: 11.0 - Adobe Systems

Incorporated)
Adobe Type Support x64 CS4 (Version: 9.0 - Adobe Systems Incorporated)

Hidden
Adobe WinSoft Linguistics Plugin x64 (Version: 1.1 - Adobe Systems

Incorporated) Hidden
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-

90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Archeage (HKLM-x32\...\Glyph Archeage) (Version:  - Trion Worlds, Inc.)
AVG PC TuneUp Language Pack (en-US) (x32 Version: 12.0.4010.19 - AVG

Technologies) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.28 - Piriform)
Connect (x32 Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden
CryptoPrevent (HKLM-x32\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}

_is1) (Version:  - Foolish IT LLC)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.46.1.0328 -

DT Soft Ltd)
De Sims 2 Gaan het Maken (HKLM-x32\...\{7B3577F5-1D82-4C9B-008B-

69D026FD8BCA}) (Version:  - )
De Sims 2 Glamour - Accessoires (HKLM-x32\...\{9CDBC303-3EED-40b0-8E41

-A7C65AA96C26}) (Version:  - )
De Sims 2 Studentenleven (HKLM-x32\...\{01521746-02A6-4A72-00BD-

A285DF6B80C6}) (Version:  - )
De Sims™ 2 Deluxe (HKLM-x32\...\{9C244239-ED8E-40f1-937F-

51C706CD2160}) (Version:  - )
De Sims™ 2 Familiepret – Accessoires (HKLM-x32\...\{6BDD9CE6-D0A6-

478A-BAD3-BA6945E89EB0}) (Version:  - )
De Sims™ 2 Feest! Accessoires (HKLM-x32\...\{EAA38532-7AD0-4f78-918A-

4F4F02096ECE}) (Version:  - )
De Sims™ 2 Huisdieren (HKLM-x32\...\{4817189D-1785-4627-A33C-

39FD90919300}) (Version:  - )
De Sims™ 2 Op Reis (HKLM-x32\...\{F248ADFA-64E0-4b03-8A83-

059078BED6A0}) (Version:  - Electronic Arts)
De Sims™ 2 Seizoenen (HKLM-x32\...\{DFEF49D9-FC95-4301-99B9-

2FB91C6ABA06}) (Version:  - )
De Sims™ 2 Tiener Accessoires (HKLM-x32\...\{5C648FDB-0138-4619-B66E-

230EF53E8E2C}) (Version:  - Electronic Arts)
Direct Show Ogg Vorbis Filter (remove only) (HKLM-x32\...\OggDS) (Version:  -

)
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.84 - DivX, LLC)
Emsisoft Anti-Malware (HKLM-x32\...\{5502032C-88C1-4303-99FE-

B5CBD7684CEA}_is1) (Version: 9.0 - Emsisoft Ltd.)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson

Corporation)
EPSON XP-302 303 305 306 Series Printer Uninstall (HKLM\...\EPSON XP-302

303 305 306 Series) (Version:  - SEIKO EPSON Corporation)
Glyph (HKLM-x32\...\Glyph) (Version:  - Trion Worlds, Inc.)
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version:  - )
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.216 - SurfRight B.V.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-

2F03217067FF}) (Version: 7.0.670 - Oracle)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation)

Hidden
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{6F6873E3-5C92-

4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 14.0.0.4651 - Kaspersky Lab) Hidden
kuler (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
LibreOffice 4.1.3.2 (HKLM-x32\...\{4F3722AD-197D-4DBB-BDFB-

D2F0D6776354}) (Version: 4.1.3.2 - The Document Foundation)
Media Player Codec Pack 4.3.4 (HKLM-x32\...\Media Player - Codec Pack)

(Version: 4.3.4 - Media Player Codec Pack)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-

CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00})

(Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-

B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft

Corporation)
Microsoft Visual C++ 2005 Redistributable - x86 8.0.61001 (HKLM-x32\...

\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft

Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-

x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version:

9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...

\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 -

Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...

\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 -

Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...

\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 -

Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...

\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 -

Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...

\{01db25f3-1b76-4d97-88c8-1c90634d88fb}) (Version: 11.0.60610.1 -

Корпорация Майкрософт)
MiniTool Partition Wizard Home Edition 8.1.1 (HKLM-x32\...\{05D996FA-

ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version:  - MiniTool Solution Ltd.)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 34.0.5 (x86 nl) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 nl))

(Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService)

(Version: 29.0.1 - Mozilla)
Nitro Reader 3 (HKLM\...\{88E87B9E-A394-460B-8EE9-4E82B481FBE9})

(Version: 3.1.1.12 - Nitro)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.3.3 - Notepad++ Team)
NVIDIA HD Audio Driver 1.3.26.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-

A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.26.4 - NVIDIA Corporation)
NVIDIA nTune (HKLM-x32\...\InstallShield_{7C7F30F4-94E7-4AA8-8941-

90C4A80C68BF}) (Version: 1.00.0000 - NVIDIA Corporation)
PDF Settings CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Photoshop Camera Raw (x32 Version: 5.0 - Adobe Systems Incorporated)

Hidden
Photoshop Camera Raw_x64 (Version: 5.0 - Adobe Systems Incorporated)

Hidden
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
RIFT (HKU\S-1-5-21-851193894-3643958169-3096722647-1001\...\RIFT)

(Version:  - Trion Worlds, Inc.)
RTEQ v4.10 (HKLM-x32\...\RTEQ_is1) (Version: 4.10 - Andrei Grecu)
Sherlock Holmes Crimes and Punishments (HKLM-x32\...\Sherlock Holmes

Crimes and Punishments_is1) (Version:  - )
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D})

(Version: 6.11.102 - Skype Technologies S.A.)
Slender - The Arrival 1.0 (HKLM-x32\...\Slender - The Arrival 1.0) (Version: 1.0

- Blue Isle Studios)
Software Updater (HKLM-x32\...\{7B3A525D-9D3D-4618-AE52-

A31DE98C8AC3}) (Version: 4.1.4 - SEIKO EPSON CORPORATION)
Suite Shared Configuration CS4 (x32 Version: 1.0 - Adobe Systems

Incorporated) Hidden
TeraCopy 2.3 beta 2 (HKLM\...\TeraCopy_is1) (Version:  - Code Sector)
The Evil Within (HKLM-x32\...\VGhlRXZpbFdpdGhpbg==_is1) (Version: 1 - )
Tixati (HKLM-x32\...\tixati) (Version:  - )
TP-LINK 300Mbps Wireless USB Adapter Driver (HKLM-x32\...\{852E893E-

E4FD-45BB-8B17-72ADDF686974}) (Version: 1.3.1 - TP-LINK)
TP-LINK Wireless Configuration Utility (HKLM-x32\...\{319D91C6-3D44-436C-

9F79-36C0D22372DC}) (Version: 1.3.1 - TP-LINK)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 -

VideoLAN)
VueScan x64 (HKLM\...\VueScan x64) (Version:  - )
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version:

16.4.3528.0331 - Microsoft Corporation)
Windows Movie Maker 2.6 (HKLM-x32\...\{B3DAF54F-DB25-4586-9EF1-

96D24BB14088}) (Version: 2.6.4037.0 - Microsoft Corporation)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar

GmbH)

==================== Custom CLSID (selected items):

==========================

(If an entry is included in the fixlist, it will be removed from registry. Any

eventual file will not be moved.)


==================== Restore Points  

=========================

10-01-2015 15:45:10 Windows Update

==================== Scheduled Tasks (whitelisted)

=============

(If an entry is included in the fixlist, it will be removed from registry. Any

associated file could be listed separately to be moved.)

Task: {002F5232-F11E-4E09-B85A-9F429126800A} - System32\Tasks\Adobe

Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash

\FlashPlayerUpdateService.exe [2014-12-09] (Adobe Systems Incorporated)
Task: {05486004-5338-4484-9865-C3FCF8C7AA4B} - System32\Tasks

\Razer_Game_Booster_AutoUpdate => C:\Program Files (x86)\Razer\Razer

Game Booster\AutoUpdate.exe
Task: {2B92A15B-146E-4B63-8FEE-F35B69A00E7B} - \{1A2399E6-2409-

4E76-B821-EF06644F5516} No Task File <==== ATTENTION
Task: {36068C45-0246-419D-A796-4BBA54A98C44} - \{08415766-07FE-

4FFD-9504-CBA07D7C1821} No Task File <==== ATTENTION
Task: {6158DFA5-775F-481B-B775-A81D39F13C33} - System32\Tasks\Desk

365 RunAsStdUser => C:\Program Files (x86)\Desk 365\desk365.exe <====

ATTENTION
Task: {B607D34B-DD56-4C41-9CCB-840DBAE5DBA5} - System32\Tasks\iolo

Process Governor => C:\Program Files (x86)\iolo\System Mechanic

\iologovernor64.exe
Task: {FB8D152A-547F-4727-95F1-E34D2DB1A040} - System32\Tasks

\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-02-19]

(Piriform Ltd)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows

\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted)

=============

2014-11-02 19:56 - 2014-11-02 19:56 - 03507200 _____ () C:\ProgramData

\Microsoft\Secure\Icons\SecureIconsProvider.dll
2013-06-17 12:35 - 2013-06-17 12:35 - 00478400 _____ () C:\Program Files

(x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll
2013-05-08 14:52 - 2013-05-08 14:52 - 01270464 _____ () C:\Program Files

(x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\kpcengine.2.3.dll
2014-12-17 18:02 - 2014-12-17 18:02 - 03758192 _____ () C:\Program Files

(x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted)

=========

(If an entry is included in the fixlist, only the Alternate Data Streams will be

removed.)


==================== Safe Mode (whitelisted)

===================

(If an item is included in the fixlist, it will be removed from the registry. The

"AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp =>

""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys =>

""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp =>

""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys

=> ""="Driver"

==================== EXE Association (whitelisted)

=============

(If an entry is included in the fixlist, the default will be restored. None default

entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items

=========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: BstHdAndroidSvc => 2
MSCONFIG\Services: BstHdLogRotatorSvc => 2
MSCONFIG\Services: BstHdUpdaterSvc => 2
MSCONFIG\Services: FLEXnet Licensing Service => 3
MSCONFIG\Services: FLEXnet Licensing Service 64 => 3
MSCONFIG\Services: ioloSystemService => 2

========================= Accounts:

==========================

Administrator (S-1-5-21-851193894-3643958169-3096722647-500 -

Administrator - Disabled)
Guest (S-1-5-21-851193894-3643958169-3096722647-501 - Limited -

Enabled)
HomeGroupUser$ (S-1-5-21-851193894-3643958169-3096722647-1005 -

Limited - Enabled)
Stoeperd (S-1-5-21-851193894-3643958169-3096722647-1001 -

Administrator - Enabled) => C:\Users\Stoeperd

==================== Faulty Device Manager Devices

=============


==================== Event log errors:

=========================

Application errors:
==================
Error: (01/11/2015 06:50:08 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error

in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value

"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MI

NOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (01/11/2015 06:49:15 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS

\manifests\x86_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manife

st1".Error in manifest or policy file "C:\Windows\WinSxS\manifests

\x86_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manife

st2" on line C:\Windows\WinSxS\manifests

\x86_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manife

st3.
A component version required by the application conflicts with another

component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests

\x86_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manife

st.
Component 2: C:\Windows\WinSxS\manifests

\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manife

st.

Error: (01/11/2015 06:00:55 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error

in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value

"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MI

NOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (01/11/2015 05:59:50 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS

\manifests\x86_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manife

st1".Error in manifest or policy file "C:\Windows\WinSxS\manifests

\x86_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manife

st2" on line C:\Windows\WinSxS\manifests

\x86_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manife

st3.
A component version required by the application conflicts with another

component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests

\x86_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manife

st.
Component 2: C:\Windows\WinSxS\manifests

\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manife

st.

Error: (01/10/2015 03:53:56 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error

in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value

"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MI

NOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (01/10/2015 03:52:34 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS

\manifests\x86_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manife

st1".Error in manifest or policy file "C:\Windows\WinSxS\manifests

\x86_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manife

st2" on line C:\Windows\WinSxS\manifests

\x86_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manife

st3.
A component version required by the application conflicts with another

component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests

\x86_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manife

st.
Component 2: C:\Windows\WinSxS\manifests

\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manife

st.

Error: (01/09/2015 09:06:59 PM) (Source: Application Error) (EventID: 1000)

(User: )
Description: Faulting application name: prevhost.exe, version: 6.1.7601.17562,

time stamp: 0x4d5dee89
Faulting module name: NitroPDFPreviewHandler.dll, version: 3.1.1.12, time

stamp: 0x50f43046
Exception code: 0xc0000005
Fault offset: 0x00002dce
Faulting process id: 0xeb8
Faulting application start time: 0xprevhost.exe0
Faulting application path: prevhost.exe1
Faulting module path: prevhost.exe2
Report Id: prevhost.exe3

Error: (01/09/2015 01:16:07 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error

in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value

"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MI

NOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (01/09/2015 01:14:37 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS

\manifests\x86_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manife

st1".Error in manifest or policy file "C:\Windows\WinSxS\manifests

\x86_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manife

st2" on line C:\Windows\WinSxS\manifests

\x86_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manife

st3.
A component version required by the application conflicts with another

component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests

\x86_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manife

st.
Component 2: C:\Windows\WinSxS\manifests

\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manife

st.

Error: (01/08/2015 02:57:40 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error

in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value

"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MI

NOR" of attribute "version" in element "assemblyIdentity" is invalid.


System errors:
=============
Error: (01/12/2015 01:36:51 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (01/12/2015 01:29:58 PM) (Source: Microsoft-Windows-DNS-Client)

(EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (01/12/2015 01:29:50 PM) (Source: Microsoft-Windows-DNS-Client)

(EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (01/12/2015 01:29:49 PM) (Source: Microsoft-Windows-DNS-Client)

(EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (01/12/2015 01:29:48 PM) (Source: Microsoft-Windows-DNS-Client)

(EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (01/12/2015 01:29:48 PM) (Source: Microsoft-Windows-DNS-Client)

(EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (01/12/2015 01:29:45 PM) (Source: Microsoft-Windows-DNS-Client)

(EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (01/12/2015 01:29:36 PM) (Source: Microsoft-Windows-DNS-Client)

(EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (01/12/2015 04:52:06 AM) (Source: Microsoft-Windows-DNS-Client)

(EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (01/12/2015 04:07:32 AM) (Source: Microsoft-Windows-DNS-Client)

(EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.


Microsoft Office Sessions:
=========================
Error: (01/11/2015 06:50:08 AM) (Source: SideBySide) (EventID: 63) (User: )
Description:

assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MA

JOR.BUILD_NUMBER_MINORC:\Program Files (x86)\Common Files\Adobe AIR

\Versions\1.0\Adobe AIR.dllC:\Program Files (x86)\Common Files\Adobe

AIR\Versions\1.0\Adobe AIR.dll3

Error: (01/11/2015 06:49:15 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests

\x86_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manife

stC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manife

stC:\Program Files (x86)\EPSON Software\Download Navigator\EPSDNAVI.EXE

Error: (01/11/2015 06:00:55 AM) (Source: SideBySide) (EventID: 63) (User: )
Description:

assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MA

JOR.BUILD_NUMBER_MINORC:\Program Files (x86)\Common Files\Adobe AIR

\Versions\1.0\Adobe AIR.dllC:\Program Files (x86)\Common Files\Adobe

AIR\Versions\1.0\Adobe AIR.dll3

Error: (01/11/2015 05:59:50 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests

\x86_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manife

stC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manife

stC:\Program Files (x86)\EPSON Software\Download Navigator\EPSDNAVI.EXE

Error: (01/10/2015 03:53:56 PM) (Source: SideBySide) (EventID: 63) (User: )
Description:

assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MA

JOR.BUILD_NUMBER_MINORC:\Program Files (x86)\Common Files\Adobe AIR

\Versions\1.0\Adobe AIR.dllC:\Program Files (x86)\Common Files\Adobe

AIR\Versions\1.0\Adobe AIR.dll3

Error: (01/10/2015 03:52:34 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests

\x86_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manife

stC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manife

stC:\Program Files (x86)\EPSON Software\Download Navigator\EPSDNAVI.EXE

Error: (01/09/2015 09:06:59 PM) (Source: Application Error) (EventID: 1000)

(User: )
Description:

prevhost.exe6.1.7601.175624d5dee89NitroPDFPreviewHandler.dll3.1.1.1250f4

3046c000000500002dceeb801d02c47ce3db759C:\Windows

\SysWOW64\prevhost.exeC:\Program Files (x86)\Nitro\Reader

3\NitroPDFPreviewHandler.dll10f45f26-983b-11e4-ab93-0040f4b39cd9

Error: (01/09/2015 01:16:07 PM) (Source: SideBySide) (EventID: 63) (User: )
Description:

assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MA

JOR.BUILD_NUMBER_MINORC:\Program Files (x86)\Common Files\Adobe AIR

\Versions\1.0\Adobe AIR.dllC:\Program Files (x86)\Common Files\Adobe

AIR\Versions\1.0\Adobe AIR.dll3

Error: (01/09/2015 01:14:37 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests

\x86_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manife

stC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manife

stC:\Program Files (x86)\EPSON Software\Download Navigator\EPSDNAVI.EXE

Error: (01/08/2015 02:57:40 AM) (Source: SideBySide) (EventID: 63) (User: )
Description:

assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MA

JOR.BUILD_NUMBER_MINORC:\Program Files (x86)\Common Files\Adobe AIR

\Versions\1.0\Adobe AIR.dllC:\Program Files (x86)\Common Files\Adobe

AIR\Versions\1.0\Adobe AIR.dll3


CodeIntegrity Errors:
===================================
  Date: 2015-01-11 06:50:27.227
  Description: Code Integrity is unable to verify the image integrity of the file

\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys because the set

of per-page image hashes could not be found on the system.

  Date: 2015-01-11 06:50:27.225
  Description: Code Integrity is unable to verify the image integrity of the file

\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys because the set

of per-page image hashes could not be found on the system.

  Date: 2015-01-11 06:50:27.223
  Description: Code Integrity is unable to verify the image integrity of the file

\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys because the set

of per-page image hashes could not be found on the system.

  Date: 2015-01-11 06:50:27.193
  Description: Code Integrity is unable to verify the image integrity of the file

\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky

Internet Security 14.0.0\KLELAMX64\klelam.sys because the set of per-page

image hashes could not be found on the system.

  Date: 2015-01-11 06:50:27.191
  Description: Code Integrity is unable to verify the image integrity of the file

\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky

Internet Security 14.0.0\KLELAMX64\klelam.sys because the set of per-page

image hashes could not be found on the system.

  Date: 2015-01-11 06:50:27.171
  Description: Code Integrity is unable to verify the image integrity of the file

\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky

Internet Security 14.0.0\KLELAMX64\klelam.sys because the set of per-page

image hashes could not be found on the system.

  Date: 2015-01-10 15:54:37.515
  Description: Code Integrity is unable to verify the image integrity of the file

\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys because the set

of per-page image hashes could not be found on the system.

  Date: 2015-01-10 15:54:37.514
  Description: Code Integrity is unable to verify the image integrity of the file

\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys because the set

of per-page image hashes could not be found on the system.

  Date: 2015-01-10 15:54:37.512
  Description: Code Integrity is unable to verify the image integrity of the file

\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys because the set

of per-page image hashes could not be found on the system.

  Date: 2015-01-10 15:54:37.489
  Description: Code Integrity is unable to verify the image integrity of the file

\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky

Internet Security 14.0.0\KLELAMX64\klelam.sys because the set of per-page

image hashes could not be found on the system.


==================== Memory info

===========================

Processor: Intel(R) Core(TM)2 Duo CPU E6750 @ 2.66GHz
Percentage of memory in use: 41%
Total physical RAM: 4094.49 MB
Available physical RAM: 2393.26 MB
Total Pagefile: 6111.67 MB
Available Pagefile: 3318.85 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives

================================

Drive c: (Bamischijf) (Fixed) (Total:74.52 GB) (Free:14.84 GB) NTFS ==>[Drive

with boot components (obtained from BCD)]
Drive d: (Sims2EP6) (CDROM) (Total:0.75 GB) (Free:0 GB) UDF
Drive i: (Knieschijf) (Fixed) (Total:465.75 GB) (Free:42.48 GB) NTFS
Drive m: (Nasischijf) (Fixed) (Total:465.76 GB) (Free:259.95 GB) NTFS

==================== MBR & Partition Table

==================

====================================================

====
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 74.5 GB) (Disk ID: 28B028AF)
Partition 1: (Active) - (Size=74.5 GB) - (Type=07 NTFS)

====================================================

====
Disk: 2 (Size: 465.8 GB) (Disk ID: 8D399BC0)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End Of Log

============================


#4 Vladdermuis

Vladdermuis
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Schinnen, The Netherlands
  • Local time:07:07 PM

Posted 12 January 2015 - 08:58 AM

ark.txt

GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2015-01-12 14:48:24
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T1L0-b SAMSUNG_HD080HJ rev.ZH100-41 74.53GB
Running: ki3t31f1.exe; Driver: C:\Users\Stoeperd\AppData\Local\Temp\kglyrkow.sys

---- Processes - GMER 2.1 ----

Library  C:\ProgramData\Microsoft\Secure\Icons\SecureIconsProvider.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [2788] (Secure overlay library/Microsoft)(2014-11-02 18:56:21)  000007fef66a0000

---- Registry - GMER 2.1 ----

Reg      HKLM\SYSTEM\CurrentControlSet\services\KLIF\Parameters@LastProcessedRevision                                                                                                 12045998

---- EOF - GMER 2.1 ----

 

Attached Files



#5 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:07 PM

Posted 13 January 2015 - 09:53 AM

Please attach the frst log files to your next reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#6 Vladdermuis

Vladdermuis
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Schinnen, The Netherlands
  • Local time:07:07 PM

Posted 13 January 2015 - 11:28 AM

Done..and sorry

Attached Files

  • Attached File  FRST.txt   39.56KB   4 downloads


#7 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:07 PM

Posted 14 January 2015 - 02:25 AM

please add the addition.txt


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#8 Vladdermuis

Vladdermuis
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Schinnen, The Netherlands
  • Local time:07:07 PM

Posted 14 January 2015 - 06:29 AM

done :)

Attached Files



#9 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:07 PM

Posted 14 January 2015 - 08:49 AM

Multiple Antivirus Programs installed!

I do not recommend that you have more than one anti-virus product installed and running on your computer at a time.

The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti-virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:

1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.

Therefore please go to add/remove in the control panel and remove either Kaspersky or Emsisoft.

 

 

 

Fix with FRST (normal mode)

WARNING: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • Download the attached fixlist.txt and save it to the location where FRST is saved to.
  • Run FRST.exe (on 64bit, run FRST64.exe) and press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply.

 

 

 

 

Full System Scan with Malwarebytes Antimalware

  • If not existing, please download Malwarebytes Anti-Malware to your desktop.
  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:

    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.

  • Click Finish.


If the program is already installed:
  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.


  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

Attached Files


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#10 Vladdermuis

Vladdermuis
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Schinnen, The Netherlands
  • Local time:07:07 PM

Posted 14 January 2015 - 09:34 AM

MBAM log;

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 14-Jan-15
Scan Time: 3:19:22 PM
Logfile:
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.01.14.06
Rootkit Database: v2015.01.07.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Stoeperd

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 359844
Time Elapsed: 11 min, 9 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 6
PUP.Optional.Babylon.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}, Quarantined, [e76771864643cb6b36aec028bd457b85],
Backdoor.Agent.G, HKU\S-1-5-21-851193894-3643958169-3096722647-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WOW6432NODE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS\{08B0E5JF-4FCB-11CF-AAA5-00401C6XX500}, Quarantined, [b9953cbb8603d660a3206a7d5aa8a65a],
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, Quarantined, [9fafda1dea9fb581bd565c78d034de22],
PUP.Optional.HDVidCndec.A, HKLM\SOFTWARE\WOW6432NODE\HDvid Codec V6.0, Quarantined, [0b43cb2c0782c175b8153b738a79e51b],
PUP.Optional.GoPhoto.A, HKU\S-1-5-21-851193894-3643958169-3096722647-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\gophotoit.com, Quarantined, [83cb5a9d07822115a01be2c9887bf30d],
PUP.Optional.GoPhoto.A, HKU\S-1-5-21-851193894-3643958169-3096722647-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\COOL MIRAGE LTD\gophotoit, Quarantined, [e866d423e3a6cf67a614cedda75c748c],

Registry Values: 0
(No malicious items detected)

Registry Data: 5
PUP.Optional.NationZoom.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.nationzoom.com/?type=hp&ts=1387216613&from=ild&uid=SAMSUNGXHD080HJ_S08EJ10L400307, Good: (www.google.com), Bad: (http://www.nationzoom.com/?type=hp&ts=1387216613&from=ild&uid=SAMSUNGXHD080HJ_S08EJ10L400307),Replaced,[89c515e2e2a764d245b3a3e785803ac6]
PUP.Optional.NationZoom, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, http://www.nationzoom.com/web/?type=ds&ts=1387216613&from=ild&uid=SAMSUNGXHD080HJ_S08EJ10L400307&q={searchTerms}, Good: (www.google.com), Bad: (http://www.nationzoom.com/web/?type=ds&ts=1387216613&from=ild&uid=SAMSUNGXHD080HJ_S08EJ10L400307&q={searchTerms}),Replaced,[67e743b4d4b5f64024ae573d07fe1de3]
PUP.Optional.NationZoom.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://www.nationzoom.com/?type=hp&ts=1387216613&from=ild&uid=SAMSUNGXHD080HJ_S08EJ10L400307, Good: (www.google.com), Bad: (http://www.nationzoom.com/?type=hp&ts=1387216613&from=ild&uid=SAMSUNGXHD080HJ_S08EJ10L400307),Replaced,[0c4240b7f099f343678f0585bf46c43c]
PUP.Optional.NationZoom.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, http://www.nationzoom.com/web/?type=ds&ts=1387216613&from=ild&uid=SAMSUNGXHD080HJ_S08EJ10L400307&q={searchTerms}, Good: (www.google.com), Bad: (http://www.nationzoom.com/web/?type=ds&ts=1387216613&from=ild&uid=SAMSUNGXHD080HJ_S08EJ10L400307&q={searchTerms}),Replaced,[f15d7b7c6b1e5ed8e611a6e4ff065ea2]
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Bad: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Replaced,[bb939265e9a0ce684f437321ad586f91]

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

Attached Files



#11 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:07 PM

Posted 17 January 2015 - 05:46 AM

Scan with ESET Online Scan

Go here to run an online scannner from ESET. Windows Vista/Windows 7/Windows 8 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

  • Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Here's how.
  • Click the blue Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the program to install the "OnlineScanner.cab" activex control by clicking the Install button
  • Once the activex control is installed, on the next screen click on Enable detection of potentially unwanted applications
  • Click on Advanced Settings
  • Make sure that the option Remove found threats is unticked.
  • Ensure these options are ticked
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start
  • Wait for the scan to finish
  • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
  • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
  • Close the ESET online scan, and let me know how things are now.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#12 Vladdermuis

Vladdermuis
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Schinnen, The Netherlands
  • Local time:07:07 PM

Posted 17 January 2015 - 12:29 PM

ESET scan log;

C:\FRST\Quarantine\C\ProgramData\Microsoft\Secure\Icons\SecureIconsProvider.dll.xBAD    a variant of Win64/Sathurbot.E trojan    cleaned by deleting - quarantined
C:\FRST\Quarantine\C\ProgramData\Microsoft\Secure\Icons\temp\tmp3649.exe.xBAD    Win32/Boaxxe.BR trojan    cleaned by deleting - quarantined
C:\Program Files\Adware-Removal-Tool\ARTP3.exe    MSIL/FakeTool.PS trojan    cleaned by deleting - quarantined
C:\Users\Stoeperd\AppData\Local\Oskgics\AppWIDsc16.dll    a variant of Win32/Boaxxe.CI trojan    cleaned by deleting - quarantined
C:\Users\Stoeperd\Downloads\FastPCBoost.exe    a variant of Win32/SpeedingUpMyPC.F application    cleaned by deleting - quarantined
C:\Users\Stoeperd\Downloads\FreeStudio.exe    a variant of Win32/OpenCandy.C potentially unsafe application    deleted - quarantined
C:\Users\Stoeperd\Downloads\FreeVideoEditor.exe    a variant of Win32/OpenCandy.C potentially unsafe application    deleted - quarantined
C:\Users\Stoeperd\Downloads\FreeYouTubeDownload.exe    Win32/OpenCandy potentially unsafe application    deleted - quarantined
C:\Users\Stoeperd\Downloads\rcsetup151.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    deleted - quarantined
C:\Users\Stoeperd\Downloads\windows-movie-maker(1).exe    a variant of Win32/DownloadSponsor.C potentially unwanted application    deleted - quarantined
C:\Users\Stoeperd\Downloads\windows-movie-maker.exe    a variant of Win32/DownloadSponsor.C potentially unwanted application    deleted - quarantined
I:\RegistryReviverSetup.exe    Win32/RegistryReviver potentially unwanted application    deleted - quarantined
I:\Dekstop\SetupImgBurn_2.5.6.0.exe    a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application    deleted - quarantined
I:\Programs\SetupImgBurn_2.5.5.0.exe    a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application    deleted - quarantined
I:\Programs\switchsetup.exe    a variant of Win32/Toolbar.Conduit.J potentially unwanted application    deleted - quarantined
I:\Programs\Extracted\CCleaner Professional and  Business Edition v3.28.1913 Incl Crack + Key [TorDigger]\ccsetup328.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    deleted - quarantined
I:\Programs\Extracted\Kaspersky Internet Security 2014 14.0.0.4651 Final [ChingLiu]\Kaspersky_Reset_Trial_2.1\KRT_2.1.exe    Win32/RiskWare.HackAV.NR application    cleaned by deleting - quarantined
M:\!!Windows Documenten, Firefox etc\Desktop 24-09-11\IMPROVE YOUR PC.LNK    LNK/URL.B trojan    cleaned by deleting - quarantined
M:\Klapdoos\Atmospheric Black Metal\[ UsaBit.com ] - Warlock.Master.of.the.Arcane-RELOADED\rld-wrlock.iso    a variant of Win32/HackTool.Crack.BQ potentially unsafe application    deleted - quarantined
M:\Violetta\Violetta\Application Data\Mozilla\Firefox\Profiles\2pbdkhdy.default\extensions\{bf2664d8-ac71-45fe-bcd5-fa446c6cf4f1}\chrome\rocket_torrents.jar    Win32/Toolbar.Conduit.A potentially unwanted application    deleted - quarantined

 


Awaiting for the next step..(hopefully i will be able to decrypt my files after all this)


Edited by Vladdermuis, 17 January 2015 - 12:30 PM.


#13 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:07 PM

Posted 19 January 2015 - 05:55 AM

Then we can do the cleanup - if you are facing any issues, report that immediately.

Delete junk with adwCleaner


Please download AdwCleaner to your desktop.


  • Run adwcleaner.exe
  • Hit Scan and wait for the scan to finish.
  • Confirm the message but don´t uncheck anything.
  • Hit Clean
  • When the run is finished, it will open up a text file
  • Please post its contents within your next reply
  • You´ll find the log file at C:\AdwCleaner[S1].txt also




Delete junk with JRT

thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.




SecurityCheck

Reboot your system before starting!

Please download SecurityCheck: LINK Mirror (if the link is down)

  • Save it to your desktop, start it and follow the instructions in the window.
  • After the scan finished the (checkup.txt) will open. Copy its content to your thread (Note: Do NOT post this one into a code box!





Are any problems left or may I post the final reply? :)


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#14 Vladdermuis

Vladdermuis
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Schinnen, The Netherlands
  • Local time:07:07 PM

Posted 19 January 2015 - 07:57 AM

ADWCleaner

# AdwCleaner v3.213 - Report created 26/06/2014 at 03:44:16
# Updated 23/06/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Stoeperd - STOEPERD-PC
# Running from : C:\Users\Stoeperd\Downloads\adwcleaner_3.213.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\WPM
Folder Deleted : C:\Program Files (x86)\Mobogenie
Folder Deleted : C:\Program Files (x86)\VideoPlayerV3
Folder Deleted : C:\Program Files (x86)\Common Files\337
Folder Deleted : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Folder Deleted : C:\Users\Stoeperd\AppData\Local\Bundled software uninstaller
Folder Deleted : C:\Users\Stoeperd\AppData\Local\genienext
Folder Deleted : C:\Users\Stoeperd\AppData\Local\Mobogenie
Folder Deleted : C:\Users\Stoeperd\AppData\Local\SwvUpdater
File Deleted : C:\Users\Stoeperd\daemonprocess.txt
File Deleted : C:\Windows\System32\Tasks\Desk 365 RunAsStdUser

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\Users\Public\Desktop\Mozilla Firefox.lnk
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Shortcut Disinfected : C:\Users\Stoeperd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Shortcut Disinfected : C:\Users\Stoeperd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Shortcut Disinfected : C:\Users\Stoeperd\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Shortcut Disinfected : C:\Users\Stoeperd\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox (2).lnk
Shortcut Disinfected : C:\Users\Stoeperd\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox (3).lnk
Shortcut Disinfected : C:\Users\Stoeperd\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox (4).lnk
Shortcut Disinfected : C:\Users\Stoeperd\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox (5).lnk
Shortcut Disinfected : C:\Users\Stoeperd\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox (6).lnk
Shortcut Disinfected : C:\Users\Stoeperd\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox (7).lnk
Shortcut Disinfected : C:\Users\Stoeperd\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox (8).lnk
Shortcut Disinfected : C:\Users\Stoeperd\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox (9).lnk
Shortcut Disinfected : C:\Users\Stoeperd\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\*\shell\filescout
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\bi_client_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\bi_client_RASMANCS
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DeskSvc
Key Deleted : HKCU\Software\526da88b73aeb13
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{462862BE-9A5C-49A5-9CBD-A649EAC63645}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : HKLM\Software\hdcode
Key Deleted : HKLM\Software\supWPM
Key Deleted : [x64] HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16521


-\\ Mozilla Firefox v30.0 (nl)

[ File : C:\Users\Stoeperd\AppData\Roaming\Mozilla\Firefox\Profiles\hmax8htf.default-1403746278069\prefs.js ]


*************************

AdwCleaner[R0].txt - [5360 octets] - [26/06/2014 03:37:06]
AdwCleaner[S0].txt - [4037 octets] - [26/06/2014 03:44:16]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4097 octets] ##########
# AdwCleaner v4.108 - Report created 19/01/2015 at 13:21:58
# Updated 17/01/2015 by Xplode
# Database : 2015-01-18.1 [Live]
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Stoeperd - STOEPERD-PC
# Running from : C:\Users\Stoeperd\Downloads\adwcleaner_4.108.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\*\shell\filescout
Key Deleted : HKCU\Software\526da88b73aeb13
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{462862BE-9A5C-49A5-9CBD-A649EAC63645}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : HKCU\Software\OCS
Key Deleted : HKCU\Software\usyndication.com
Key Deleted : HKCU\Software\USyndication
Key Deleted : HKLM\SOFTWARE\hdcode
Key Deleted : HKLM\SOFTWARE\Webexp Enhanced
Key Deleted : HKLM\SOFTWARE\WebexpEnhancedV1
Key Deleted : HKLM\SOFTWARE\Video Player
Key Deleted : HKLM\SOFTWARE\VideoPlayerV3
Key Deleted : [x64] HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\464AA55239C100F32AF2D438EDDC0F47
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5652BA3D5FB98AE31B337BF0AF939856
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EB95E1AFCBABE3DB9ECCC669B99494

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17207


-\\ Mozilla Firefox v34.0.5 (x86 nl)


-\\ Opera v0.0.0.0


*************************

AdwCleaner[R0].txt - [7598 octets] - [26/06/2014 02:37:06]
AdwCleaner[S0].txt - [6167 octets] - [26/06/2014 02:44:16]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6227 octets] ##########

JRT


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Ultimate x64
Ran by Stoeperd on 19-Jan-15 at 13:30:53.12
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Stoeperd\AppData\Roaming\mozilla\firefox\profiles\ke4rnwa4.default\minidumps [14 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 19-Jan-15 at 13:38:10.66
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

The final reply..i dont know if were done haha, hope you can tell me.

Plus I hope there is a way now to decrypt my files, but many many thanks so far!!(was my system bleeped?)

Attached Files



#15 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:07 PM

Posted 19 January 2015 - 08:02 AM

Your system is free of malware now! :)

 

Please follow the instructions of Fabian for a decrypt attempt.

 

Java runtime Environment out of date

Your Java runtime environment is outdated. We will fix this.

  • Get the actual JRE from here
  • Save jxpiinstall.exe to your desktop
  • Close all running programs, especially your browser(s)
  • Run jxpiinstall.exe. This will download the newest JRE installer and install the software
  • when finished, go to
    Start-->control panel-->add/remove programs and remove all older Java versions. (if existing)
  • When finished, reboot your computer.

After the reboot
  • Open control panel again and click the java symbol.
  • Click Settings under Temporary Internet Files.
    The Temporary Files Settings dialog box appears.
  • Click Delete Files.
    The Delete Temporary Files dialog box appears
  • Click OK on Delete Temporary Files window.
  • Click OK again.

 

 

 

Uninstall our tools using delfix

Please follow these steps in order:

  • In the case we used Defogger to turn off your CD emulation software. You can start it again and use the Enable button.
  • In the case we used Combofix. Deactivate your antivirus software once more, then rename the combofix.exe to uninstall.exe and run it one last time. You shall be noted that Combofix has been removed.
  • In any case please download delfix to your desktop.
    • Close all other programms and start delfix.
    • Please check all the boxes and run the tool.
    • delfix will now delete all found traces of our removal process
  • If there is still something left please delete it manualy.




Delete System Restore Points

To ensure your System Restore Points are free of malware, we will delete all of them but the most recent or create a new one.

On Windows Vista: Please follow these instructions to delete all but the most common System Protection Restore Points.
On Windows 7/8: Please follow these instructions to delete all but the most common System Protection Restore Points.
On Windows XP: Please follow these instructions to delete all but the most common System Protection Restore Points.




Temp File Cleaner

We need to download Temp File Cleaner (TFC) by OldTimer:
  • Please download TFC.exe by Oldtimer at one of the two links: Link 1 Link 2
  • Save and close all running applications
  • Double-click on TFC.exe to run the program
  • Click on Start to begin the cleaning process note: this program may close running applications, make your screen disappear temporarily, or require a reboot of your PC - this is normal and part of the cleanup
  • When the scan is complete, if you were not asked to reboot the computer, please do so now
More Information can be found about the tool here: http://www.geekstogo.com/forum/files/file/187-tfc-temp-file-cleaner-by-oldtimer/

 

 

 

Recommendations: How to protect yourself

  • System Updates
    Please ensure to have automatic updates activated in your control panel.
    For further information and a tutorial, see this Microsoft Support article.
  • Protection
    What you need is one (not more) virus scanner with background protection. Additionally I recommend a special malware scanner to run on demand weekly.
    Personally I am using avast! Antivirus Free Edition and Malwarebytes Anti-Malware. They offer good protection for free.
    • To keep your browser free of advertising, you may install the Adblock Plus browser extension.
      It will filter unwanted advertising out of the website´s content.
    • To protect yourself from accidentally visiting malicious web sites, install the Web of Trust (WOT) browser extension.
      It will display a green (safe), yellow (unknown) or red (potentially dangerous) icon for a visited website within your browser.
      In addition, before accessing a dangerous classified web site, a warning screen is displayed.

  • Up to date Software
    Keep your Windows and your third party software up to date. The easiest way to get infected is an outdated windows, followed by: browser(s) (including add-ons and plug-ins), Adobe Flash Player and Adobe Reader, Java Runtime Environment, your antivirus program and so on. These links may help you to check:

  • Backup
    Hardware issues, malware, fire, lightning strike: There is a long list of different ways to loose all your data. Back up your files regularly. Use the windows internal backup function or a third party tool and save your data onto an external hard drive, cloud storage, optical media like CDs or DVDs or (if available) a professional network backup system.
  • Behaviour
    The commonest error when using a computer is "error 80" - what means that the error is located about 80cm in front of the monitor. This is a common joke between IT support technicians but it shows that all the safety mechanisms won´t help if you aren´t careful enough.
    • While surfing the internet, don´t click on anything you don´t know. In the worst case, it infects your system with malware.
    • Watch your step in social networks! Many cyber criminals use them to spread malware, mine personal pata (to be sold to advertising companies, for example) or simply do damage to other users. Even if a received hyperlink within a message seems to be coming from one of your friends, have a closer look. In addition, don´t click everything.
    • When installing software, have a look to each of the setup windows and uncheck any additional toolbars or free programs that may be offered additionally. Most of today´s setup procedures contain potentially unwanted programs so keep them off your system.
    • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
      They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users