Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Self creating SVCHost.exe in Windows/temp folder, Claymore CryptoNote CPU Miner


  • This topic is locked This topic is locked
10 replies to this topic

#1 Rombbb

Rombbb

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:02 PM

Posted 18 January 2015 - 07:24 AM

Hello,

 

Thanks in advance for any assistance, greatly appreciate it and find it remarkable and commendable that people give their professional knowledge and time to assist others without asking anything in return (I will donate of course).

 

When starting PC (Win7 64 bit) a svchost.exe file is created in the Windows Temp folder that eats up 75% of CPU resources.

 

I am pretty sure I have the exact same problem as the guy in the following post but am creating my own request topic given that the fixes are tailormade for each PC (registry keys in fixlist.txt etc).

 

http://www.bleepingcomputer.com/forums/t/562026/svchostexe-creates-itself-in-cwindowstemp/

 

Stopping the process frees up the CPU, but removing the file doesn't help as it auto re-creates after new boot up (Malwarebytes quarantine also doesn't help, it re-creates anyway). Clicking services at the process in task manager doesn't give any identifiable culprits, however, same as guy in other post, also with me several logs are created in temp folder besides the svchost file that indicate it concerns a maliciously installed Claymore CryptoNote CPU Miner v3.4 Beta (attached).

 

Any help with removing this will be really appreciated !

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.7601.18667
Run by Romb at 13:00:03 on 2015-01-18
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1043.18.8152.5866 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Enabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe
C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Thrustmaster\T500 RS Racing wheel\drivers\amd64\tmInstall.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Giraffic\Veoh_Giraffic.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Core Temp\Core Temp.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\SysWOW64\Ctxfihlp.exe
C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
C:\Windows\SysWOW64\CTXFISPI.EXE
C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\taskmgr.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Romb\Desktop\Nieuwe map\FRST64.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.parttiming.nl/
mWinlogon: Userinit = userinit.exe,
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: SimpleAdblock Class: {FFCB3198-32F3-4E8B-9539-4324694ED664} -
uRun: [ASRockXTU] <no file>
uRunOnce: [Adobe Speed Launcher] 1421577530
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [StartCCC] "C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
Trusted Zone: skyrimnexus.com
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.3.0.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
TCP: NameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{36F132E5-4EC6-4A43-B358-042398CDFB97} : DHCPNameServer = 192.168.1.1 192.168.1.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
AppInit_DLLs= prio32.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_20\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_20\bin\jp2ssv.dll
x64-BHO: SimpleAdblock Class: {FFCB3198-32F3-4E8B-9539-4324694ED664} -
x64-Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Romb\AppData\Roaming\Mozilla\Firefox\Profiles\k0y08dge.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.parttiming.nl/
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-7-17 269008]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2011-12-18 279616]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2014-11-21 244736]
R2 amdacpksd;ACP Kernel Service Driver;C:\Windows\System32\drivers\amdacpksd.sys [2014-11-21 294600]
R2 amdacpusrsvc;ACP User Service;C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe [2014-11-20 116224]
R2 Giraffic;Veoh Giraffic Video Accelerator;C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe --service --> C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe --service [?]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-9-27 125584]
R2 tmInstall;Thrustmaster Device Driver Installer;C:\Program Files\Thrustmaster\T500 RS Racing wheel\drivers\amd64\tmInstall.exe [2013-12-7 28160]
R3 CT20XUT.SYS;CT20XUT.SYS;C:\Windows\System32\drivers\CT20XUT.sys [2014-3-1 205080]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\Windows\System32\drivers\CTEXFIFX.sys [2014-3-1 1419544]
R3 CTHWIUT.SYS;CTHWIUT.SYS;C:\Windows\System32\drivers\CTHWIUT.sys [2014-3-1 97048]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\System32\drivers\EtronHub3.sys [2011-2-8 39936]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\System32\drivers\EtronXHCI.sys [2011-2-8 64512]
R3 NisSrv;Microsoft Netwerkinspectie;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-8-22 368624]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-12-18 471144]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-4-11 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-4-11 124088]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-12-19 94720]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2014-5-28 79360]
S3 Creative Dolby Digital Live Pack Licensing Service;Creative Dolby Digital Live Pack Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\DDLLicensing.exe [2011-12-18 79360]
S3 CT20XUT;CT20XUT;C:\Windows\System32\drivers\CT20XUT.sys [2014-3-1 205080]
S3 CTEXFIFX;CTEXFIFX;C:\Windows\System32\drivers\CTEXFIFX.sys [2014-3-1 1419544]
S3 CTHWIUT;CTHWIUT;C:\Windows\System32\drivers\CTHWIUT.sys [2014-3-1 97048]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2014-5-29 137488]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-1-3 19456]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 tmbulk;Thrustmaster Series Bulk Driver (tmbulk);C:\Windows\System32\drivers\tmbulk.sys [2013-12-7 88368]
S3 tmhidusb;Thrustmaster HID USB Driver;C:\Windows\System32\drivers\tmhidusb.sys [2013-12-7 149296]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-2-16 56832]
S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-12-18 1255736]
.
=============== Created Last 30 ================
.
2015-01-18 11:26:47    --------    d-----w-    C:\FRST
2015-01-18 10:45:40    11870360    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4E58E7E1-0ED1-4719-8391-F3B1164ED606}\mpengine.dll
2015-01-17 02:48:42    1188440    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F2A689D6-EED8-4A88-ADBE-8AA8C3D68BB4}\gapaengine.dll
2015-01-17 02:48:18    11870360    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-01-15 19:13:33    73840    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\wow_helper.exe
2015-01-09 18:56:16    62292    ----a-w-    C:\Windows\temp023423.vbe
.
==================== Find3M  ====================
.
2015-01-17 23:07:08    65536    ----a-w-    C:\Windows\System32\spu_storage.bin
2015-01-17 22:27:26    129752    ----a-w-    C:\Windows\System32\drivers\MBAMSwissArmy.sys
2015-01-13 20:30:12    71344    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-01-13 20:30:12    701616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-12-31 11:14:31    298120    ------w-    C:\Windows\System32\MpSigStub.exe
2014-12-19 03:06:55    210432    ----a-w-    C:\Windows\System32\profsvc.dll
2014-12-19 01:46:45    141312    ----a-w-    C:\Windows\System32\drivers\mrxdav.sys
2014-12-12 05:35:10    5553592    ----a-w-    C:\Windows\System32\ntoskrnl.exe
2014-12-12 05:31:49    503808    ----a-w-    C:\Windows\System32\srcore.dll
2014-12-12 05:31:49    50176    ----a-w-    C:\Windows\System32\srclient.dll
2014-12-12 05:31:22    296960    ----a-w-    C:\Windows\System32\rstrui.exe
2014-12-12 05:11:44    3971512    ----a-w-    C:\Windows\SysWow64\ntkrnlpa.exe
2014-12-12 05:11:43    3916728    ----a-w-    C:\Windows\SysWow64\ntoskrnl.exe
2014-12-12 05:07:44    43008    ----a-w-    C:\Windows\SysWow64\srclient.dll
2014-12-11 17:47:17    87040    ----a-w-    C:\Windows\System32\TSWbPrxy.exe
2014-12-06 04:17:27    303616    ----a-w-    C:\Windows\System32\nlasvc.dll
2014-12-06 03:50:19    52224    ----a-w-    C:\Windows\SysWow64\nlaapi.dll
2014-12-06 03:50:18    156672    ----a-w-    C:\Windows\SysWow64\ncsi.dll
2014-11-21 11:35:05    1188864    ----a-w-    C:\Windows\System32\wininet.dll
2014-11-21 11:33:09    47616    ----a-w-    C:\Windows\System32\mshta.exe
2014-11-21 11:33:00    174592    ----a-w-    C:\Windows\System32\ieUnatt.exe
2014-11-21 11:32:30    1538048    ----a-w-    C:\Windows\System32\inetcpl.cpl
2014-11-21 10:44:15    981504    ----a-w-    C:\Windows\SysWow64\wininet.dll
2014-11-21 10:41:56    50176    ----a-w-    C:\Windows\SysWow64\mshta.exe
2014-11-21 10:41:48    142848    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2014-11-21 10:41:26    1466368    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2014-11-21 10:23:36    482816    ----a-w-    C:\Windows\System32\html.iec
2014-11-21 09:28:34    386048    ----a-w-    C:\Windows\SysWow64\html.iec
2014-11-21 08:55:35    1638912    ----a-w-    C:\Windows\System32\mshtml.tlb
2014-11-21 07:53:56    1638912    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2014-11-21 05:14:22    63704    ----a-w-    C:\Windows\System32\drivers\mwac.sys
2014-11-21 05:14:12    93400    ----a-w-    C:\Windows\System32\drivers\mbamchameleon.sys
2014-11-21 05:14:08    25816    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2014-11-21 02:43:56    7558816    ----a-w-    C:\Windows\SysWow64\atiumdva.dll
2014-11-21 02:43:50    7077776    ----a-w-    C:\Windows\SysWow64\atiumdag.dll
2014-11-21 02:43:42    8379720    ----a-w-    C:\Windows\System32\atiumd6a.dll
2014-11-21 02:43:38    8369408    ----a-w-    C:\Windows\System32\atiumd64.dll
2014-11-21 02:41:36    294600    ----a-w-    C:\Windows\System32\drivers\amdacpksd.sys
2014-11-21 02:40:00    18959360    ----a-w-    C:\Windows\System32\drivers\atikmdag.sys
2014-11-21 02:33:12    235008    ----a-w-    C:\Windows\System32\clinfo.exe
2014-11-21 02:33:06    98816    ----a-w-    C:\Windows\System32\OpenVideo64.dll
2014-11-21 02:33:06    83456    ----a-w-    C:\Windows\SysWow64\OpenVideo.dll
2014-11-21 02:33:04    86528    ----a-w-    C:\Windows\System32\OVDecode64.dll
2014-11-21 02:33:02    73216    ----a-w-    C:\Windows\SysWow64\OVDecode.dll
2014-11-21 02:33:00    47899136    ----a-w-    C:\Windows\System32\amdocl64.dll
2014-11-21 02:32:08    40987136    ----a-w-    C:\Windows\SysWow64\amdocl.dll
2014-11-21 02:31:18    65024    ----a-w-    C:\Windows\System32\OpenCL.dll
2014-11-21 02:31:16    58880    ----a-w-    C:\Windows\SysWow64\OpenCL.dll
2014-11-21 02:29:56    7915520    ----a-w-    C:\Windows\System32\amdhsasc64.dll
2014-11-21 02:29:54    6375936    ----a-w-    C:\Windows\SysWow64\amdhsasc.dll
2014-11-21 02:24:50    28354560    ----a-w-    C:\Windows\System32\atio6axx.dll
2014-11-21 02:19:36    23621632    ----a-w-    C:\Windows\SysWow64\atioglxx.dll
2014-11-21 02:19:26    49664    ----a-w-    C:\Windows\System32\amdmmcl6.dll
2014-11-21 02:19:22    38912    ----a-w-    C:\Windows\SysWow64\amdmmcl.dll
2014-11-21 02:18:46    127488    ----a-w-    C:\Windows\System32\mantle64.dll
2014-11-21 02:18:42    113664    ----a-w-    C:\Windows\SysWow64\mantle32.dll
2014-11-21 02:18:36    5837312    ----a-w-    C:\Windows\System32\amdmantle64.dll
2014-11-21 02:17:04    367104    ----a-w-    C:\Windows\System32\atiapfxx.exe
2014-11-21 02:17:02    62464    ----a-w-    C:\Windows\System32\aticalrt64.dll
2014-11-21 02:17:02    52224    ----a-w-    C:\Windows\SysWow64\aticalrt.dll
2014-11-21 02:16:58    55808    ----a-w-    C:\Windows\System32\aticalcl64.dll
2014-11-21 02:16:58    49152    ----a-w-    C:\Windows\SysWow64\aticalcl.dll
2014-11-21 02:16:52    15716352    ----a-w-    C:\Windows\System32\aticaldd64.dll
2014-11-21 02:16:04    14302208    ----a-w-    C:\Windows\SysWow64\aticaldd.dll
2014-11-21 02:15:42    4590592    ----a-w-    C:\Windows\SysWow64\amdmantle32.dll
2014-11-21 02:13:12    91648    ----a-w-    C:\Windows\System32\mantleaxl64.dll
2014-11-21 02:13:10    85504    ----a-w-    C:\Windows\SysWow64\mantleaxl32.dll
2014-11-21 02:12:50    442368    ----a-w-    C:\Windows\System32\atidemgy.dll
2014-11-21 02:12:50    31232    ----a-w-    C:\Windows\System32\atimuixx.dll
2014-11-21 02:12:48    774656    ----a-w-    C:\Windows\System32\atieclxx.exe
2014-11-21 02:12:40    244736    ----a-w-    C:\Windows\System32\atiesrxx.exe
2014-11-21 02:12:26    190976    ----a-w-    C:\Windows\System32\atitmm64.dll
2014-11-21 02:10:02    843776    ----a-w-    C:\Windows\System32\coinst_14.50.dll
2014-11-21 02:09:58    95744    ----a-w-    C:\Windows\System32\amdave64.dll
2014-11-21 02:09:56    90112    ----a-w-    C:\Windows\SysWow64\amdave32.dll
2014-11-21 02:09:46    89088    ----a-w-    C:\Windows\System32\atisamu64.dll
2014-11-21 02:09:44    80896    ----a-w-    C:\Windows\SysWow64\atisamu32.dll
2014-11-21 02:09:06    1214976    ----a-w-    C:\Windows\System32\atiadlxx.dll
2014-11-21 02:09:04    903168    ----a-w-    C:\Windows\SysWow64\atiadlxy.dll
2014-11-21 02:09:00    75264    ----a-w-    C:\Windows\System32\atig6pxx.dll
2014-11-21 02:09:00    69632    ----a-w-    C:\Windows\SysWow64\atiglpxx.dll
2014-11-21 02:09:00    69632    ----a-w-    C:\Windows\System32\atiglpxx.dll
2014-11-21 02:08:58    146944    ----a-w-    C:\Windows\System32\atig6txx.dll
2014-11-21 02:08:56    133632    ----a-w-    C:\Windows\SysWow64\atigktxx.dll
2014-11-21 02:08:54    589312    ----a-w-    C:\Windows\System32\drivers\atikmpag.sys
2014-11-21 02:08:54    43520    ----a-w-    C:\Windows\System32\drivers\ati2erec.dll
2014-11-20 20:36:32    51200    ----a-w-    C:\Windows\System32\kdbsdk64.dll
2014-11-20 20:35:00    38912    ----a-w-    C:\Windows\SysWow64\kdbsdk32.dll
2014-11-20 20:18:22    362496    ----a-w-    C:\Windows\System32\amdacpusl.dll
2014-11-20 20:18:20    247296    ----a-w-    C:\Windows\SysWow64\amdacpusl.dll
2014-11-17 19:57:14    995342    ----a-w-    C:\Windows\SysWow64\amdocl_as32.exe
2014-11-17 19:57:14    798734    ----a-w-    C:\Windows\SysWow64\amdocl_ld32.exe
2014-11-17 19:57:14    1187342    ----a-w-    C:\Windows\System32\amdocl_as64.exe
2014-11-17 19:57:14    1061902    ----a-w-    C:\Windows\System32\amdocl_ld64.exe
2014-11-11 03:09:06    1424384    ----a-w-    C:\Windows\System32\WindowsCodecs.dll
2014-11-11 03:08:52    241152    ----a-w-    C:\Windows\System32\pku2u.dll
2014-11-11 03:08:48    728064    ----a-w-    C:\Windows\System32\kerberos.dll
2014-11-11 02:44:45    1230336    ----a-w-    C:\Windows\SysWow64\WindowsCodecs.dll
2014-11-11 02:44:32    186880    ----a-w-    C:\Windows\SysWow64\pku2u.dll
2014-11-11 02:44:25    550912    ----a-w-    C:\Windows\SysWow64\kerberos.dll
.
============= FINISH: 13:00:25,63 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,133 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:02 AM

Posted 18 January 2015 - 09:26 AM

Hey, :)

Please download FRST (by Farbar) from the link below and save it to your Desktop.

Download Mirror #1

If you are unsure whether you have 32-Bit or 64-Bit Windows, see here
  • Disable all anti-virus and anti-malware software to prevent them inhibiting FRST in any way. If you are unsure how to do this, see THIS.
  • Double-click FRST.exe/FRST64.exe (depending on which version you downloaded) to run it. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • When the disclaimer appears, click Yes.
  • Click Scan to start FRST.
  • When FRST finishes scanning, two logs, FRST.txt and Addition.txt will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of both of these logs into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#3 Rombbb

Rombbb
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:02 PM

Posted 18 January 2015 - 09:33 AM

Thanks for quick response. Here they are :

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-01-2015
Ran by Romb (administrator) on ROMB-PC on 18-01-2015 15:32:00
Running from C:\Users\Romb\Desktop
Loaded Profiles: Romb (Available profiles: Romb)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Nederlands (Nederland)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices) C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe
(Giraffic) C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe
(Thrustmaster®) C:\Program Files\Thrustmaster\T500 RS Racing wheel\drivers\amd64\tmInstall.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Giraffic) C:\Program Files (x86)\Giraffic\Veoh_Giraffic.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
() C:\Program Files\Core Temp\Core Temp.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\Ctxfihlp.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CTxfispi.exe
(ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [402432 2010-07-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [CTxfiHlp] => CTXFIHLP.EXE
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-2637803303-1931993293-1815589246-1000\...\Run: [ASRockXTU] => [X]
HKU\S-1-5-21-2637803303-1931993293-1815589246-1000\...\RunOnce: [Adobe Speed Launcher] => 1421577530
HKU\S-1-5-21-2637803303-1931993293-1815589246-1000\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-2637803303-1931993293-1815589246-1000\...\MountPoints2: G - G:\BlacklistAutoRun.exe
HKU\S-1-5-21-2637803303-1931993293-1815589246-1000\...\MountPoints2: {47cb64b9-b98c-11e2-b7a2-002522dd71cf} - H:\HTC_Sync_Manager_PC.exe
AppInit_DLLs: prio.dll => prio.dll File Not Found
AppInit_DLLs-x32: prio32.dll => "prio32.dll" File Not Found

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2637803303-1931993293-1815589246-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.parttiming.nl/
HKU\S-1-5-21-2637803303-1931993293-1815589246-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://nl.msn.com/?ocid=iehp
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2637803303-1931993293-1815589246-1000 -> DefaultScope {951F37BD-D47F-4D7F-A770-BD307394C318} URL = http://www.google.nl/search?hl=nl&q={searchTerms}&rlz=1I7MXGB_nlNL509
SearchScopes: HKU\S-1-5-21-2637803303-1931993293-1815589246-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-2637803303-1931993293-1815589246-1000 -> {951F37BD-D47F-4D7F-A770-BD307394C318} URL = http://www.google.nl/search?hl=nl&q={searchTerms}&rlz=1I7MXGB_nlNL509
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_20\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_20\bin\jp2ssv.dll (Oracle Corporation)
BHO: SimpleAdblock Class -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblockx64.dll No File
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: SimpleAdblock Class -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblock.dll No File
Toolbar: HKU\S-1-5-21-2637803303-1931993293-1815589246-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.3.0.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Romb\AppData\Roaming\Mozilla\Firefox\Profiles\k0y08dge.default
FF Homepage: hxxp://www.parttiming.nl/
FF NetworkProxy: "autoconfig_url", "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('youtube.com%2Fvideoplayback')%20!%3D%20-1%20%26%26%20url.indexOf('%26gcr%3Dus')%20!%3D%20-1%20%26%26%20url.indexOf('%26ptchn')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fext.last.fm*')%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.daisuki.net*')%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fpiki.fm*')%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fdsc.discovery.com%2F*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.crunchyroll.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fhtml5.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Flisten.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpreview.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Faccount.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fsecure.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.rdio.com*')%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20host%20%3D%3D%20's.hulu.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fnew.songza.com*'))%20%7B%20return%20'PROXY%20us01.sq.proxmate.me%3A8000%3B%20PROXY%20us09.sq.proxmate.me%3A8000%3B%20PROXY%20us08.sq.proxmate.me%3A8000%3B%20PROXY%20us02.sq.proxmate.me%3A8000%3B%20PROXY%20us05.sq.proxmate.me%3A8000%3B%20PROXY%20us03.sq.proxmate.me%3A8000%3B%20PROXY%20us04.sq.proxmate.me%3A8000%3B%20PROXY%20us10.sq.proxmate.me%3A8000%3B%20PROXY%20us11.sq.proxmate.me%3A8000%3B%20PROXY%20us07.sq.proxmate.me%3A8000%3B%20PROXY%20us06.sq.proxmate.me%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D"
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll ()
FF Plugin: @java.com/DTPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2637803303-1931993293-1815589246-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Extension: Modify Headers - C:\Users\Romb\AppData\Roaming\Mozilla\Firefox\Profiles\k0y08dge.default\Extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe}.xpi [2012-03-16]
FF Extension: Adblock Plus - C:\Users\Romb\AppData\Roaming\Mozilla\Firefox\Profiles\k0y08dge.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-04-14]
FF Extension: Theme Font &amp; Size Changer - C:\Users\Romb\AppData\Roaming\Mozilla\Firefox\Profiles\k0y08dge.default\Extensions\{f69e22c7-bc50-414a-9269-0f5c344cd94c}.xpi [2014-08-14]

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 amdacpusrsvc; C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe [116224 2014-11-20] (Advanced Micro Devices) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2014-05-28] (Creative Labs) [File not signed]
S3 Creative Dolby Digital Live Pack Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\DDLLicensing.exe [79360 2014-05-28] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [286720 2010-02-12] (Creative Technology Ltd) [File not signed]
R2 Giraffic; C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe [2245232 2013-05-13] (Giraffic)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 tmInstall; C:\Program Files\Thrustmaster\T500 RS Racing wheel\drivers\amd64\tmInstall.EXE [28160 2013-08-22] (Thrustmaster®)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 amdacpksd; C:\Windows\system32\drivers\amdacpksd.sys [294600 2014-11-21] (Advanced Micro Devices)
S3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdW76.sys [94720 2013-12-19] (Advanced Micro Devices) [File not signed]
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [279616 2011-12-18] (DT Soft Ltd)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S3 tmbulk; C:\Windows\System32\Drivers\tmbulk.sys [88368 2013-06-12] (© Guillemot R&D, 2011. All rights reserved.)
S3 tmhidusb; C:\Windows\System32\DRIVERS\tmhidusb.sys [149296 2013-08-27] (Thrustmaster)
R3 ALSysIO; \??\C:\Users\Romb\AppData\Local\Temp\ALSysIO64.sys [X]
S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-18 15:32 - 2015-01-18 15:32 - 00015369 _____ () C:\Users\Romb\Desktop\FRST.txt
2015-01-18 12:31 - 2015-01-18 12:31 - 00000540 _____ () C:\Users\Romb\Desktop\defogger_disable.log
2015-01-18 12:31 - 2015-01-18 12:31 - 00000168 _____ () C:\Users\Romb\defogger_reenable
2015-01-18 12:30 - 2015-01-18 12:30 - 00050477 _____ () C:\Users\Romb\Desktop\Defogger.exe
2015-01-18 12:26 - 2015-01-18 15:32 - 00000000 ____D () C:\FRST
2015-01-18 12:26 - 2015-01-18 12:26 - 02126336 _____ (Farbar) C:\Users\Romb\Desktop\FRST64.exe
2015-01-18 12:25 - 2015-01-18 15:30 - 00000000 ____D () C:\Users\Romb\Desktop\Nieuwe map
2015-01-17 23:22 - 2015-01-18 11:34 - 00000958 _____ () C:\Windows\PFRO.log
2015-01-16 00:40 - 2015-01-18 11:34 - 00000336 _____ () C:\Windows\setupact.log
2015-01-16 00:40 - 2015-01-16 00:40 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-16 00:35 - 2015-01-16 00:35 - 00002770 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-01-15 23:28 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-15 23:28 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-15 23:28 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-15 23:28 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-15 23:28 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-15 23:28 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-15 23:28 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-15 23:28 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-15 23:28 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-15 23:28 - 2014-12-11 18:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-15 23:28 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-15 23:28 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-15 23:28 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-15 20:13 - 2015-01-15 20:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-09 19:56 - 2015-01-15 19:18 - 00062292 _____ () C:\Windows\temp023423.vbe
2014-12-29 20:23 - 2014-12-29 20:42 - 00000000 ____D () C:\Users\Romb\Documents\Assassin's Creed Unity
2014-12-29 20:20 - 2014-12-29 20:20 - 00001021 _____ () C:\Users\Romb\Desktop\Lego Marvel.lnk
2014-12-29 19:53 - 2014-12-29 19:53 - 00000548 _____ () C:\Users\Romb\Desktop\ACU.lnk
2014-12-28 20:09 - 2015-01-18 11:39 - 00003090 _____ () C:\Windows\System32\Tasks\Origin
2014-12-26 11:46 - 2014-12-26 11:46 - 00000685 _____ () C:\Users\Romb\Desktop\MGSV.lnk
2014-12-26 11:46 - 2014-12-26 11:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Metal Gear Solid V Ground Zeroes

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-18 15:30 - 2012-10-10 17:20 - 00000940 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-18 15:04 - 2012-01-30 01:25 - 00000000 ____D () C:\Program Files (x86)\Giraffic
2015-01-18 13:54 - 2014-05-24 20:52 - 00000733 _____ () C:\Users\Romb\Desktop\Wolfenstein.lnk
2015-01-18 12:59 - 2014-05-30 10:57 - 00000000 ____D () C:\Users\Romb\Desktop\Games To Do
2015-01-18 12:31 - 2011-12-18 13:01 - 00000000 ____D () C:\Users\Romb
2015-01-18 11:45 - 2013-11-03 09:22 - 01751520 _____ () C:\Windows\WindowsUpdate.log
2015-01-18 11:41 - 2009-07-14 05:45 - 00015360 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-18 11:41 - 2009-07-14 05:45 - 00015360 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-18 11:40 - 2009-07-14 10:16 - 00745674 _____ () C:\Windows\system32\perfh013.dat
2015-01-18 11:40 - 2009-07-14 10:16 - 00153702 _____ () C:\Windows\system32\perfc013.dat
2015-01-18 11:40 - 2009-07-14 06:13 - 01671088 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-18 11:35 - 2012-01-30 01:25 - 00000000 ____D () C:\ProgramData\Giraffic
2015-01-18 11:34 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-18 11:32 - 2011-12-18 15:59 - 00000000 ____D () C:\Users\Romb\AppData\Roaming\uTorrent
2015-01-18 01:11 - 2012-04-01 19:58 - 00000000 ____D () C:\Users\Romb\AppData\Roaming\vlc
2015-01-18 00:07 - 2014-05-27 23:10 - 00065536 _____ () C:\Windows\system32\spu_storage.bin
2015-01-18 00:07 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system
2015-01-17 23:27 - 2014-08-09 12:13 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-17 23:26 - 2014-08-09 12:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-17 23:26 - 2014-08-09 12:13 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-17 23:21 - 2014-10-18 18:14 - 00000585 _____ () C:\Users\Romb\Desktop\TEW.lnk
2015-01-17 23:21 - 2014-08-09 12:57 - 00000000 ____D () C:\AdwCleaner
2015-01-16 00:37 - 2011-12-18 16:36 - 00000000 ____D () C:\Users\Romb\AppData\Roaming\DAEMON Tools Lite
2015-01-16 00:36 - 2011-12-24 13:59 - 00000000 ____D () C:\Windows\Minidump
2015-01-16 00:35 - 2014-01-03 23:27 - 00000000 ____D () C:\Program Files\CCleaner
2015-01-15 23:36 - 2012-11-25 11:28 - 01655440 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-01-15 23:32 - 2013-08-01 01:22 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-15 23:29 - 2011-12-18 14:17 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-15 22:27 - 2012-10-06 18:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-15 19:18 - 2013-06-23 15:02 - 00000000 ____D () C:\ProgramData\Origin
2015-01-13 21:30 - 2012-10-10 17:20 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-13 21:30 - 2012-10-10 17:20 - 00003878 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-13 21:30 - 2011-12-18 13:59 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-04 17:14 - 2011-12-28 21:21 - 00000328 _____ () C:\Users\Romb\d3d_antilag.log
2015-01-04 15:36 - 2011-12-25 12:26 - 00000000 ____D () C:\Users\Romb\Documents\My Games
2015-01-03 01:55 - 2014-08-09 11:15 - 00007618 _____ () C:\Users\Romb\AppData\Local\Resmon.ResmonCfg
2014-12-31 12:14 - 2011-12-18 14:06 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-12-29 20:23 - 2012-12-16 17:52 - 00000000 ____D () C:\ProgramData\Orbit
2014-12-29 18:59 - 2013-10-27 23:27 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-12-28 20:09 - 2014-01-20 22:56 - 00000000 ___HD () C:\Users\Romb\AppData\Roaming\Origin

==================== Files in the root of some directories =======
2013-01-20 23:55 - 2013-11-11 22:54 - 0000141 _____ () C:\Users\Romb\AppData\Roaming\prio.ini
2013-09-08 12:22 - 2013-09-08 17:51 - 0001456 _____ () C:\Users\Romb\AppData\Local\Adobe Save for Web 12.0 Prefs
2011-12-18 17:35 - 2011-12-18 18:51 - 0000079 _____ () C:\Users\Romb\AppData\Local\CrystalDiskMark30.ini
2012-11-29 19:50 - 2012-11-29 19:50 - 0027520 _____ () C:\Users\Romb\AppData\Local\dt.dat
2014-08-09 11:15 - 2015-01-03 01:55 - 0007618 _____ () C:\Users\Romb\AppData\Local\Resmon.ResmonCfg

Files to move or delete:
====================
C:\Users\Romb\AppData\Roaming\Origin\update.vbe


Some content of TEMP:
====================
C:\Users\Romb\AppData\Local\Temp\Quarantine.exe
C:\Users\Romb\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-18 02:07

==================== End Of Log ============================

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-01-2015
Ran by Romb at 2015-01-18 15:32:11
Running from C:\Users\Romb\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Disabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Disabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2637803303-1931993293-1815589246-1000\...\uTorrent) (Version: 3.4.2.37754 - BitTorrent Inc.)
007 Legends (HKLM-x32\...\007 Legends_is1) (Version:  - )
3DMark (HKLM-x32\...\{F1A6C690-C12C-4E7A-B4BD-958678215418}) (Version: 1.0 - Futuremark)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Aangifte inkomstenbelasting 2011 (HKLM-x32\...\Aangifte inkomstenbelasting 2011) (Version:  - Belastingdienst)
Aangifte inkomstenbelasting 2012 (HKLM-x32\...\Aangifte inkomstenbelasting 2012) (Version:  - Belastingdienst)
ACP Application (Version: 2.15.10.0003 - Advanced Micro Devices, Inc.) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Photoshop CS5 (HKLM-x32\...\{15FEDA5F-141C-4127-8D7E-B962D1742728}) (Version: 12.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Aliens - Colonial Marines Complete (HKLM-x32\...\Aliens - Colonial Marines Complete_is1) (Version:  - )
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Amnesia - The Dark Descent  (HKLM-x32\...\{54B7A3C7-0940-4C16-A509-FC3C3758D22A}_is1) (Version: 1.0.0 - Frictional Games)
ASRock eXtreme Tuner v0.1.210 (HKLM-x32\...\ASRock eXtreme Tuner_is1) (Version:  - )
Assassins Creed Unity v.1.4.0 (HKLM-x32\...\Assassins Creed Unity_is1) (Version:  - )
Batman Arkham Origins, âåðñèÿ 1.0.0.0 (HKLM-x32\...\Batman Arkham Origins_is1) (Version: 1.0.0.0 - )
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.0 - EA Digital Illusions CE AB)
Borderlands 2 - Game Of The Year Edition (HKLM-x32\...\Borderlands 2 - Game Of The Year Edition_is1) (Version: Borderlands 2 - Game Of The Year Edition - )
Call of Duty Advanced Warfare Update 2 (HKLM-x32\...\Q2FsbG9mRHV0eUFkdmFuY2VkV2FyZmFyZQ==_is1) (Version: 1 - )
Call of Duty Advanced Warfare v1.2.0.4107 (HKLM-x32\...\Call of Duty Advanced Warfare_is1) (Version: 1.2.0.4107 - Scorp1oN)
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
Core Temp 1.0 RC6 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu)
CPUID CPU-Z 1.70 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
CPUID HWMonitor 1.25 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
Creative Audio Control Panel (HKLM-x32\...\AudioCS) (Version: 3.00 - Creative Technology Limited)
Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.41 - Creative Technology Limited)
Creative Sound Blaster Properties x64 Edition (HKLM-x32\...\Creative Sound Blaster Properties x64 Edition) (Version: 1.03 - Creative Technology Limited)
Crysis®3 (HKLM-x32\...\{4198AE83-A3C6-4C41-85C8-EC63E990696E}) (Version: 1.1.0.0 - Electronic Arts)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.45.1.0236 - DT Soft Ltd)
Dark Souls 2 (HKLM-x32\...\RGFya1NvdWxzMg==_is1) (Version: 1 - )
Dark Souls Prepare to Die Edition (HKLM-x32\...\GFWL_{4E4D0FA1-F880-4CCB-999A-501000008200}) (Version: 1.0.0000.130 - NAMCO BANDAI Games Europe S.A.S.)
Dark Souls Prepare to Die Edition (x32 Version: 1.0.0000.130 - NAMCO BANDAI Games Europe S.A.S.) Hidden
Dark Souls PTDE *UPDATE 1.02* version 0.0.0.9 (HKLM-x32\...\Dark Souls PTDE *UPDATE 1.02*_is1) (Version: 0.0.0.9 - WaLMaRT)
DDL and DTS Connect License Activation (HKLM-x32\...\AcMgrDDL) (Version:  - )
Dead Space™ 3 (HKLM-x32\...\{D4329609-4102-4F8C-B83F-7FE024EEA314}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
Dolby Digital Live Pack (HKLM-x32\...\Dolby Digital Live Pack) (Version: 3.00 - Creative Technology Limited)
DTS Connect Pack (HKLM-x32\...\DTS Connect Pack) (Version: 1.00 - Creative Technology Limited)
Etron USB3.0 Host Controller (HKLM-x32\...\InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.96 - Etron Technology)
Etron USB3.0 Host Controller (x32 Version: 0.96 - Etron Technology) Hidden
Far Cry 4 Update v1.6 (HKLM-x32\...\RmFyQ3J5NA==_is1) (Version: 1 - )
Fraps (HKLM-x32\...\Fraps) (Version:  - )
Futuremark SystemInfo (HKLM-x32\...\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}) (Version: 4.15.0 - Futuremark Corporation)
Geeks3D FurMark 1.13.0 (HKLM-x32\...\{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1) (Version:  - Geeks3D)
Hitman Absolution (HKLM-x32\...\{95030349-3623-4920-89BF-8BEC5EF311C5}_is1) (Version: 1.0433.1 - Square Enix)
HxD Hex Editor version 1.7.7.0 (HKLM-x32\...\HxD Hex Editor_is1) (Version: 1.7.7.0 - Maël Hörz)
Java 8 Update 20 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418020F0}) (Version: 8.0.200 - Oracle Corporation)
LEGO MARVEL Super Heroes (HKLM-x32\...\LEGO MARVEL Super Heroes_is1) (Version:  - Warner Bros. Games)
LOOT (HKLM-x32\...\LOOT) (Version: 0.6.0 - LOOT Development Team)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Metal Gear Solid V Ground Zeroes (HKLM-x32\...\Metal Gear Solid V Ground Zeroes_is1) (Version:  - )
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{F2508213-9989-4E85-A078-72BE483917EF}) (Version: 3.5.88.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Mozilla Firefox 35.0 (x86 nl) (HKLM-x32\...\Mozilla Firefox 35.0 (x86 nl)) (Version: 35.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
Murdered Soul Suspect (HKLM-x32\...\Murdered Soul Suspect_is1) (Version:  - )
Need for Speed Rivals Update v1.4 (HKLM-x32\...\TmVlZGZvclNwZWVkUml2YWxz_is1) (Version: 1 - )
Need for Speed™ Rivals (HKLM-x32\...\{E0A32336-AA27-4053-99B2-C3380B7B95AC}) (Version: 1.3.0.0 - Electronic Arts)
NifSkope (remove only) (HKLM-x32\...\NifSkope) (Version:  - )
NVIDIA Photoshop Plug-ins 64 bit (HKLM-x32\...\{5E386C5B-CDE7-435A-B5C9-EC73A1B0553A}) (Version: 8.50 - )
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Outlast (HKLM-x32\...\T3V0bGFzdA==_is1) (Version: 1 - )
Outlast: Whistleblower (HKLM-x32\...\T3V0bGFzdFdoaXN0bGVibG93ZXI=_is1) (Version: 1 - )
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Quantum Conundrum (HKLM-x32\...\Quantum Conundrum_is1) (Version:  - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.44.421.2011 - Realtek)
Resident Evil 6 version 1 (HKLM-x32\...\UmVzaWRlbnQgRXZpbCA2_is1) (Version: 1 - )
Setup - Call of Duty Advanced Warfare Update 2 © Activision ... (HKLM-x32\...\Setup - Call of Duty Advanced Warfare Update 2 © Activision ...) (Version: ... - Sledgehammer Games & High Moon Studios)
Simple Adblock (HKLM-x32\...\{B4920103-09F6-4AD2-B150-CFC4474D2DDC}) (Version: 1.1.5 - Simple Adblock)
Sleeping Dogs (HKLM-x32\...\{87CDCA80-54EE-4497-89DB-6E079AFBF4EF}_is1) (Version: 2.1.437044 - Square Enix)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
System Requirements Lab for Intel (64-bit) (HKLM\...\{67D8297A-A990-4511-AEC5-5652DAAFC2D6}) (Version: 4.5.3.0 - Husdawg, LLC)
System Requirements Lab for Intel (HKLM-x32\...\{EFE3D683-903C-4B58-AB8F-C68C69F33758}) (Version: 4.5.3.0 - Husdawg, LLC)
T500 RS racing wheel drivers (HKLM-x32\...\{28B758EA-5C83-48B1-B352-C70F12C73F5A}) (Version: 2.TTRS.2013 - Thrustmaster)
Taalpakket voor Microsoft .NET Framework 4.5 - NLD (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1043) (Version: 4.5.50709 - Microsoft Corporation)
The Evil Within (HKLM-x32\...\VGhlRXZpbFdpdGhpbg==_is1) (Version: 1 - )
Thief Update v1.5 (HKLM-x32\...\VGhpZWY=_is1) (Version: 1 - )
Tom Clancy's Ghost Recon Future Soldier (HKLM-x32\...\{6D87CAD9-9B94-4421-A439-B25F8DE14575}) (Version: 1.5 - Ubisoft)
Tom Clancy's Splinter Cell® Blacklist™ (HKLM-x32\...\{A6356F2F-D3E1-4D83-9AA2-72871DD0C298}) (Version: 1.02 - Ubisoft)
TriDef 3D 6.3 (HKLM-x32\...\essentials-bundle) (Version: 6.3 - Dynamic Digital Depth Australia Pty Ltd)
Uplay (HKLM-x32\...\Uplay) (Version: 4.3 - Ubisoft)
Veoh Giraffic Video Accelerator (HKLM-x32\...\Giraffic) (Version: 0.86.412.230 - Giraffic)
Veoh Web Player (HKLM-x32\...\Veoh Web Player Beta) (Version: 1.1.2.0000 - Veoh Networks, Inc.)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WATCH_DOGS (HKLM-x32\...\Uplay Install 274) (Version:  - Ubisoft)
Watch_Dogs Bad Blood DLC (HKLM-x32\...\V2F0Y2hfRG9ncw==_is1) (Version: 1 - )
WATCH_DOGS Update v1.04.497 (HKLM-x32\...\V0FUQ0hfRE9HUw==_is1) (Version: 1 - )
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
Wolfenstein: The New Order Update 1 (HKLM-x32\...\V29sZmVuc3RlaW5UaGVOZXdPcmRlcg==_is1) (Version: 1 - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

15-12-2014 19:12:29 Windows Update
19-12-2014 20:24:12 Windows Update
23-12-2014 21:30:21 Windows Update
27-12-2014 05:25:51 Windows Update
30-12-2014 19:13:34 Windows Update
03-01-2015 05:22:58 Windows Update
06-01-2015 22:32:52 Windows Update
10-01-2015 04:46:29 Windows Update
13-01-2015 19:25:35 Windows Update
15-01-2015 23:29:00 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0794B0F9-8680-4164-A673-0AF8A9583696} - System32\Tasks\Origin => C:\ProgramData\Origin\update.vbe [2015-01-15] () <==== ATTENTION
Task: {81A5B0D2-9FB3-4512-A27B-BF0C3D4AD044} - System32\Tasks\MSIAfterburner => C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
Task: {8D786C9C-11E1-4151-9C52-90A07915D551} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: {BD64757F-A377-46DF-8B95-C77EA79349DB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-13] (Adobe Systems Incorporated)
Task: {EAF625A0-1297-46D5-99F5-F6B9AACDEF1D} - System32\Tasks\Core Temp Autostart Romb => C:\Program Files\Core Temp\Core Temp.exe [2013-10-08] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2013-10-27 20:47 - 2013-10-08 13:23 - 00890016 _____ () C:\Program Files\Core Temp\Core Temp.exe
2014-03-01 00:20 - 2014-03-01 00:20 - 00002560 _____ () C:\Windows\system32\CTXFIRES.DLL
2011-12-18 15:27 - 2009-03-26 13:46 - 00148480 _____ () C:\Windows\SysWOW64\APOMngr.DLL
2015-01-15 20:13 - 2015-01-15 20:13 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-2637803303-1931993293-1815589246-500 - Administrator - Disabled)
Gast (S-1-5-21-2637803303-1931993293-1815589246-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2637803303-1931993293-1815589246-1002 - Limited - Enabled)
Romb (S-1-5-21-2637803303-1931993293-1815589246-1000 - Administrator - Enabled) => C:\Users\Romb

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Unknown Device
Description: Unknown Device
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standaard USB Host Controller)
Service:
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/18/2015 02:09:51 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Kan activeringscontext voor 'assemblyIdentity1' niet maken. Fout in manifest of beleidsbestand 'assemblyIdentity2' op regel assemblyIdentity3.
De waarde *  van kenmerk language in element assemblyIdentity is ongeldig.

Error: (01/18/2015 02:08:26 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Kan activeringscontext voor 'assemblyIdentity1' niet maken. Fout in manifest of beleidsbestand 'assemblyIdentity2' op regel assemblyIdentity3.
De waarde MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR  van kenmerk version in element assemblyIdentity is ongeldig.

Error: (01/18/2015 02:07:42 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Kan activeringscontext voor C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1 niet maken. Fout in manifest of beleidsbestand C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2 op regel C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
Een onderdeelversie die nodig is voor de toepassing conflicteert met een andere onderdeelversie die reeds actief is.
Conflicterende onderdelen zijn:
Onderdeel 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Onderdeel 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (01/16/2015 00:41:10 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: De index kan niet worden geïnitialiseerd.


Details:
    De catalogus met de inhoudsindex is beschadigd.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (01/16/2015 00:41:10 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: De toepassing kan niet worden geïnitialiseerd.

Context: toepassing Windows


Details:
    De catalogus met de inhoudsindex is beschadigd.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (01/16/2015 00:41:10 AM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Het object van de gegevensverzamelaar kan niet worden geïnitialiseerd.

Context: toepassing Windows, catalogus SystemIndex


Details:
    De catalogus met de inhoudsindex is beschadigd.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (01/16/2015 00:41:10 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: De invoegtoepassing in <Search.TripoliIndexer> kan niet worden geïnitialiseerd.

Context: toepassing Windows, catalogus SystemIndex


Details:
    Kan element niet vinden.  (HRESULT : 0x80070490) (0x80070490)

Error: (01/16/2015 00:41:06 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: De invoegtoepassing in <Search.JetPropStore> kan niet worden geïnitialiseerd.

Context: toepassing Windows, catalogus SystemIndex


Details:
    De catalogus met de inhoudsindex is beschadigd.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (01/16/2015 00:41:06 AM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: De Windows Search-service kan de gegevens van het eigenschappenarchief niet laden.

Context: toepassing Windows, catalogus SystemIndex


Details:
    De database met de inhoudsindex is beschadigd.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (01/16/2015 00:41:06 AM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: De Windows Search-service wordt gestopt vanwege een probleem met de indexeerfunctie, The catalog is corrupt.


Details:
    De catalogus met de inhoudsindex is beschadigd.  (HRESULT : 0xc0041801) (0xc0041801)


System errors:
=============
Error: (01/18/2015 11:34:08 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: De vorige afsluiting van het systeem om 11:32:36 op ‎18-‎1-‎2015 is onverwacht gebeurd.

Error: (01/17/2015 09:33:13 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: De vorige afsluiting van het systeem om 9:29:27 op ‎17-‎1-‎2015 is onverwacht gebeurd.

Error: (01/16/2015 00:41:40 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Servicebesturingsbeheer heeft na het onverwachte afsluiten van de Windows Search-service geprobeerd een herstelactie (Service opnieuw starten) uit te voeren, maar deze actie is met de volgende fout mislukt:
%%1056

Error: (01/16/2015 00:41:10 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: De Windows Search-service is onverwacht gestopt. Dit is 1 keer gebeurd. De volgende herstelbewerking zal over 30000 milliseconden worden uitgevoerd: Service opnieuw starten.

Error: (01/16/2015 00:41:10 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: De Windows Search-service is gestopt met de specifieke servicefout %%-1073473535.

Error: (01/15/2015 07:40:43 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: De vorige afsluiting van het systeem om 19:39:30 op ‎15-‎1-‎2015 is onverwacht gebeurd.

Error: (01/11/2015 06:51:05 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: De vorige afsluiting van het systeem om 6:48:16 op ‎11-‎1-‎2015 is onverwacht gebeurd.

Error: (01/11/2015 06:38:15 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: De vorige afsluiting van het systeem om 6:35:58 op ‎11-‎1-‎2015 is onverwacht gebeurd.

Error: (01/08/2015 08:49:48 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: De vorige afsluiting van het systeem om 20:47:41 op ‎8-‎1-‎2015 is onverwacht gebeurd.

Error: (01/06/2015 10:21:12 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: De vorige afsluiting van het systeem om 22:20:00 op ‎6-‎1-‎2015 is onverwacht gebeurd.


Microsoft Office Sessions:
=========================
Error: (01/18/2015 02:09:51 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentitylanguage*c:\program files (x86)\spybot - search & destroy\DelZip179.dllc:\program files (x86)\spybot - search & destroy\DelZip179.dll8

Error: (01/18/2015 02:08:26 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (01/18/2015 02:07:42 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestc:\program files\CCleaner\CCleaner.exe

Error: (01/16/2015 00:41:10 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description:
Details:
    De catalogus met de inhoudsindex is beschadigd.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (01/16/2015 00:41:10 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Context: toepassing Windows


Details:
    De catalogus met de inhoudsindex is beschadigd.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (01/16/2015 00:41:10 AM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Context: toepassing Windows, catalogus SystemIndex


Details:
    De catalogus met de inhoudsindex is beschadigd.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (01/16/2015 00:41:10 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Context: toepassing Windows, catalogus SystemIndex


Details:
    Kan element niet vinden.  (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer

Error: (01/16/2015 00:41:06 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Context: toepassing Windows, catalogus SystemIndex


Details:
    De catalogus met de inhoudsindex is beschadigd.  (HRESULT : 0xc0041801) (0xc0041801)
Search.JetPropStore

Error: (01/16/2015 00:41:06 AM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: Context: toepassing Windows, catalogus SystemIndex


Details:
    De database met de inhoudsindex is beschadigd.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (01/16/2015 00:41:06 AM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description:
Details:
    De catalogus met de inhoudsindex is beschadigd.  (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt


==================== Memory info ===========================

Processor: Intel® Core™ i5-2500K CPU @ 3.30GHz
Percentage of memory in use: 25%
Total physical RAM: 8151.52 MB
Available physical RAM: 6101.43 MB
Total Pagefile: 16301.22 MB
Available Pagefile: 14224.62 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (Door systeem gereserveerd) (Fixed) (Total:244.14 GB) (Free:161.14 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:687.37 GB) (Free:129.47 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: E2023B14)
Partition 1: (Active) - (Size=244.1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=687.4 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#4 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,133 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:02 AM

Posted 18 January 2015 - 10:55 AM

Hey, :)

Step 1: Adwarecleaner

Please download AdwCleaner (by Xplode) from the link below and save it to your Desktop:

Download Mirror #1
  • Right-click on AdwCleaner.exe and select Run as administrator. (If you have Windows XP the just run it)
  • Click Scan and let the scan run.
  • When it finishes, click Clean, following the on screen prompts
  • After your computer reboots, a log will open. Please Copy (Ctrl+C) and Paste (Ctrl+V) this into your next post.
Note: The log can also be found in here: C:\AdwCleaner\

Step 2: Malwarebytes

Please download Malwarebytes Anti-Malware to your desktop Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings.JPG

Go back to the Dashboard and select Scan Now

MBAMScan.JPG

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot.JPG

MBAMLog.JPG

On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop
Attach/Post that log

Step 3: Junkware Removal Tool

thisisujrt.gif  Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 4: FRST Scan
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#5 Rombbb

Rombbb
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:02 PM

Posted 18 January 2015 - 01:52 PM

Hi, here are the logs. MBAM again found the svchost file and quarantined it but after restart the file re-created and immediately started using up 75% of the CPU, after which I ended its process in task manager (note that I've run all these anti malware progs with the bad svchost process halted)

 

# AdwCleaner v4.108 - Rapport aangemaakt 18/01/2015 op 18:57:49
# Laatste Update 17/01/2015 door Xplode
# Database : 2015-01-13.2 [Live]
# Besturingssysteem : Windows 7 Professional Service Pack 1 (64 bits)
# Gebruikersnaam : Romb - ROMB-PC
# Gestart vanuit : D:\PC apps\adwcleaner_4.108.exe
# Optie : Verwijderen

***** [ Services ] *****


***** [ Bestanden / Mappen ] *****


***** [ Taken ] *****


***** [ Snelkoppelingen ] *****

Snelkoppeling Gedesinfecteerd : C:\Users\Romb\Desktop\Wolfenstein.lnk

***** [ Register ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v8.0.7601.18667


-\\ Mozilla Firefox v35.0 (x86 nl)


-\\ Chromium v


*************************

AdwCleaner[R0].txt - [1518 octets] - [09/08/2014 13:04:03]
AdwCleaner[R1].txt - [1041 octets] - [17/01/2015 23:16:58]
AdwCleaner[R2].txt - [1021 octets] - [18/01/2015 18:56:46]
AdwCleaner[S0].txt - [1526 octets] - [09/08/2014 13:07:21]
AdwCleaner[S1].txt - [1245 octets] - [17/01/2015 23:21:47]
AdwCleaner[S2].txt - [1018 octets] - [18/01/2015 18:57:49]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1078 octets] ##########

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 18-1-2015
Scan Time: 19:04:04
Logfile: MBAM1.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.01.18.06
Rootkit Database: v2015.01.14.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Romb

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 329422
Time Elapsed: 10 min, 38 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
Trojan.Agent.Gen, C:\Windows\Temp\svchost.exe, Quarantined, [321f7681f792f145fc28f4ad54b0df21],

Physical Sectors: 0
(No malicious items detected)


(end)

 

Malwarebytes Anti-Malware
www.malwarebytes.org


Scan, 18-1-2015 0:06:54, SYSTEM, ROMB-PC, Manual, Start:17-1-2015 23:27:30, Duration:10 min 36 sec, Threat Scan, Completed, 1 Malware Detection, 0 Non-Malware Detections,
Update, 18-1-2015 19:02:22, SYSTEM, ROMB-PC, Manual, Malware Database, 2015.1.17.7, 2015.1.18.6,
Scan, 18-1-2015 19:21:20, SYSTEM, ROMB-PC, Manual, Start:18-1-2015 19:04:04, Duration:10 min 38 sec, Threat Scan, Completed, 1 Malware Detection, 0 Non-Malware Detections,

(end)

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Professional x64
Ran by Romb on zo 18-01-2015 at 19:42:04,26
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Romb\AppData\Roaming\mozilla\firefox\profiles\k0y08dge.default\minidumps [130 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on zo 18-01-2015 at 19:43:29,60
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-01-2015 01
Ran by Romb (administrator) on ROMB-PC on 18-01-2015 19:46:47
Running from C:\Users\Romb\Desktop
Loaded Profiles: Romb (Available profiles: Romb)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Nederlands (Nederland)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices) C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe
(Giraffic) C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe
(Thrustmaster®) C:\Program Files\Thrustmaster\T500 RS Racing wheel\drivers\amd64\tmInstall.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Giraffic) C:\Program Files (x86)\Giraffic\Veoh_Giraffic.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
() C:\Program Files\Core Temp\Core Temp.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\Ctxfihlp.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CTxfispi.exe
(ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [402432 2010-07-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [CTxfiHlp] => CTXFIHLP.EXE
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-2637803303-1931993293-1815589246-1000\...\Run: [ASRockXTU] => [X]
HKU\S-1-5-21-2637803303-1931993293-1815589246-1000\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-2637803303-1931993293-1815589246-1000\...\MountPoints2: G - G:\BlacklistAutoRun.exe
HKU\S-1-5-21-2637803303-1931993293-1815589246-1000\...\MountPoints2: {47cb64b9-b98c-11e2-b7a2-002522dd71cf} - H:\HTC_Sync_Manager_PC.exe
AppInit_DLLs: prio.dll => prio.dll File Not Found
AppInit_DLLs-x32: prio32.dll => "prio32.dll" File Not Found

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2637803303-1931993293-1815589246-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.parttiming.nl/
HKU\S-1-5-21-2637803303-1931993293-1815589246-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://nl.msn.com/?ocid=iehp
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2637803303-1931993293-1815589246-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-2637803303-1931993293-1815589246-1000 -> {951F37BD-D47F-4D7F-A770-BD307394C318} URL = http://www.google.nl/search?hl=nl&q={searchTerms}&rlz=1I7MXGB_nlNL509
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_20\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_20\bin\jp2ssv.dll (Oracle Corporation)
BHO: SimpleAdblock Class -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblockx64.dll No File
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: SimpleAdblock Class -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblock.dll No File
Toolbar: HKU\S-1-5-21-2637803303-1931993293-1815589246-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.3.0.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Romb\AppData\Roaming\Mozilla\Firefox\Profiles\k0y08dge.default
FF Homepage: hxxp://www.parttiming.nl/
FF NetworkProxy: "autoconfig_url", "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('youtube.com%2Fvideoplayback')%20!%3D%20-1%20%26%26%20url.indexOf('%26gcr%3Dus')%20!%3D%20-1%20%26%26%20url.indexOf('%26ptchn')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fext.last.fm*')%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.daisuki.net*')%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fpiki.fm*')%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fdsc.discovery.com%2F*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.crunchyroll.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fhtml5.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Flisten.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpreview.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Faccount.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fsecure.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.rdio.com*')%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20host%20%3D%3D%20's.hulu.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fnew.songza.com*'))%20%7B%20return%20'PROXY%20us01.sq.proxmate.me%3A8000%3B%20PROXY%20us09.sq.proxmate.me%3A8000%3B%20PROXY%20us08.sq.proxmate.me%3A8000%3B%20PROXY%20us02.sq.proxmate.me%3A8000%3B%20PROXY%20us05.sq.proxmate.me%3A8000%3B%20PROXY%20us03.sq.proxmate.me%3A8000%3B%20PROXY%20us04.sq.proxmate.me%3A8000%3B%20PROXY%20us10.sq.proxmate.me%3A8000%3B%20PROXY%20us11.sq.proxmate.me%3A8000%3B%20PROXY%20us07.sq.proxmate.me%3A8000%3B%20PROXY%20us06.sq.proxmate.me%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D"
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll ()
FF Plugin: @java.com/DTPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2637803303-1931993293-1815589246-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Extension: Modify Headers - C:\Users\Romb\AppData\Roaming\Mozilla\Firefox\Profiles\k0y08dge.default\Extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe}.xpi [2012-03-16]
FF Extension: Adblock Plus - C:\Users\Romb\AppData\Roaming\Mozilla\Firefox\Profiles\k0y08dge.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-04-14]
FF Extension: Theme Font &amp; Size Changer - C:\Users\Romb\AppData\Roaming\Mozilla\Firefox\Profiles\k0y08dge.default\Extensions\{f69e22c7-bc50-414a-9269-0f5c344cd94c}.xpi [2014-08-14]

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 amdacpusrsvc; C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe [116224 2014-11-20] (Advanced Micro Devices) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2014-05-28] (Creative Labs) [File not signed]
S3 Creative Dolby Digital Live Pack Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\DDLLicensing.exe [79360 2014-05-28] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [286720 2010-02-12] (Creative Technology Ltd) [File not signed]
R2 Giraffic; C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe [2245232 2013-05-13] (Giraffic)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 tmInstall; C:\Program Files\Thrustmaster\T500 RS Racing wheel\drivers\amd64\tmInstall.EXE [28160 2013-08-22] (Thrustmaster®)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 amdacpksd; C:\Windows\system32\drivers\amdacpksd.sys [294600 2014-11-21] (Advanced Micro Devices)
S3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdW76.sys [94720 2013-12-19] (Advanced Micro Devices) [File not signed]
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [279616 2011-12-18] (DT Soft Ltd)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S3 tmbulk; C:\Windows\System32\Drivers\tmbulk.sys [88368 2013-06-12] (© Guillemot R&D, 2011. All rights reserved.)
S3 tmhidusb; C:\Windows\System32\DRIVERS\tmhidusb.sys [149296 2013-08-27] (Thrustmaster)
R3 ALSysIO; \??\C:\Users\Romb\AppData\Local\Temp\ALSysIO64.sys [X]
S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-18 19:46 - 2015-01-18 19:46 - 00015130 _____ () C:\Users\Romb\Desktop\FRST.txt
2015-01-18 19:45 - 2015-01-18 19:45 - 00000000 ____D () C:\Users\Romb\Desktop\FRST-OlderVersion
2015-01-18 19:42 - 2015-01-18 19:42 - 00000000 ____D () C:\Windows\ERUNT
2015-01-18 19:40 - 2015-01-18 19:40 - 01707939 _____ (Thisisu) C:\Users\Romb\Desktop\JRT.exe
2015-01-18 15:32 - 2015-01-18 15:32 - 00027936 _____ () C:\Users\Romb\Desktop\Addition.txt
2015-01-18 12:31 - 2015-01-18 12:31 - 00000540 _____ () C:\Users\Romb\Desktop\defogger_disable.log
2015-01-18 12:31 - 2015-01-18 12:31 - 00000168 _____ () C:\Users\Romb\defogger_reenable
2015-01-18 12:30 - 2015-01-18 12:30 - 00050477 _____ () C:\Users\Romb\Desktop\Defogger.exe
2015-01-18 12:26 - 2015-01-18 19:46 - 00000000 ____D () C:\FRST
2015-01-18 12:26 - 2015-01-18 19:45 - 02126848 _____ (Farbar) C:\Users\Romb\Desktop\FRST64.exe
2015-01-18 12:25 - 2015-01-18 19:45 - 00000000 ____D () C:\Users\Romb\Desktop\Nieuwe map
2015-01-17 23:22 - 2015-01-18 19:21 - 00001574 _____ () C:\Windows\PFRO.log
2015-01-16 00:40 - 2015-01-18 19:22 - 00000448 _____ () C:\Windows\setupact.log
2015-01-16 00:40 - 2015-01-16 00:40 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-16 00:35 - 2015-01-16 00:35 - 00002770 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-01-15 23:28 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-15 23:28 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-15 23:28 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-15 23:28 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-15 23:28 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-15 23:28 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-15 23:28 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-15 23:28 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-15 23:28 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-15 23:28 - 2014-12-11 18:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-15 23:28 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-15 23:28 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-15 23:28 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-15 20:13 - 2015-01-15 20:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-09 19:56 - 2015-01-15 19:18 - 00062292 _____ () C:\Windows\temp023423.vbe
2014-12-29 20:23 - 2014-12-29 20:42 - 00000000 ____D () C:\Users\Romb\Documents\Assassin's Creed Unity
2014-12-29 20:20 - 2014-12-29 20:20 - 00001021 _____ () C:\Users\Romb\Desktop\Lego Marvel.lnk
2014-12-29 19:53 - 2014-12-29 19:53 - 00000548 _____ () C:\Users\Romb\Desktop\ACU.lnk
2014-12-28 20:09 - 2015-01-18 19:32 - 00003090 _____ () C:\Windows\System32\Tasks\Origin
2014-12-26 11:46 - 2014-12-26 11:46 - 00000685 _____ () C:\Users\Romb\Desktop\MGSV.lnk
2014-12-26 11:46 - 2014-12-26 11:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Metal Gear Solid V Ground Zeroes

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-18 19:37 - 2014-08-09 12:13 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-18 19:30 - 2012-10-10 17:20 - 00000940 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-18 19:29 - 2009-07-14 05:45 - 00015360 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-18 19:29 - 2009-07-14 05:45 - 00015360 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-18 19:27 - 2009-07-14 10:16 - 00745674 _____ () C:\Windows\system32\perfh013.dat
2015-01-18 19:27 - 2009-07-14 10:16 - 00153702 _____ () C:\Windows\system32\perfc013.dat
2015-01-18 19:27 - 2009-07-14 06:13 - 01671088 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-18 19:25 - 2013-11-03 09:22 - 01781508 _____ () C:\Windows\WindowsUpdate.log
2015-01-18 19:22 - 2012-01-30 01:25 - 00000000 ____D () C:\ProgramData\Giraffic
2015-01-18 19:22 - 2012-01-30 01:25 - 00000000 ____D () C:\Program Files (x86)\Giraffic
2015-01-18 19:22 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-18 19:21 - 2014-05-27 23:10 - 00065536 _____ () C:\Windows\system32\spu_storage.bin
2015-01-18 19:21 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Speech
2015-01-18 18:57 - 2014-08-09 12:57 - 00000000 ____D () C:\AdwCleaner
2015-01-18 18:57 - 2014-05-24 20:52 - 00000653 _____ () C:\Users\Romb\Desktop\Wolfenstein.lnk
2015-01-18 12:59 - 2014-05-30 10:57 - 00000000 ____D () C:\Users\Romb\Desktop\Games To Do
2015-01-18 12:31 - 2011-12-18 13:01 - 00000000 ____D () C:\Users\Romb
2015-01-18 11:32 - 2011-12-18 15:59 - 00000000 ____D () C:\Users\Romb\AppData\Roaming\uTorrent
2015-01-18 01:11 - 2012-04-01 19:58 - 00000000 ____D () C:\Users\Romb\AppData\Roaming\vlc
2015-01-18 00:07 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system
2015-01-17 23:26 - 2014-08-09 12:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-17 23:26 - 2014-08-09 12:13 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-17 23:21 - 2014-10-18 18:14 - 00000585 _____ () C:\Users\Romb\Desktop\TEW.lnk
2015-01-16 00:37 - 2011-12-18 16:36 - 00000000 ____D () C:\Users\Romb\AppData\Roaming\DAEMON Tools Lite
2015-01-16 00:36 - 2011-12-24 13:59 - 00000000 ____D () C:\Windows\Minidump
2015-01-16 00:35 - 2014-01-03 23:27 - 00000000 ____D () C:\Program Files\CCleaner
2015-01-15 23:36 - 2012-11-25 11:28 - 01655440 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-01-15 23:32 - 2013-08-01 01:22 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-15 23:29 - 2011-12-18 14:17 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-15 22:27 - 2012-10-06 18:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-15 19:18 - 2013-06-23 15:02 - 00000000 ____D () C:\ProgramData\Origin
2015-01-13 21:30 - 2012-10-10 17:20 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-13 21:30 - 2012-10-10 17:20 - 00003878 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-13 21:30 - 2011-12-18 13:59 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-04 17:14 - 2011-12-28 21:21 - 00000328 _____ () C:\Users\Romb\d3d_antilag.log
2015-01-04 15:36 - 2011-12-25 12:26 - 00000000 ____D () C:\Users\Romb\Documents\My Games
2015-01-03 01:55 - 2014-08-09 11:15 - 00007618 _____ () C:\Users\Romb\AppData\Local\Resmon.ResmonCfg
2014-12-31 12:14 - 2011-12-18 14:06 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-12-29 20:23 - 2012-12-16 17:52 - 00000000 ____D () C:\ProgramData\Orbit
2014-12-29 18:59 - 2013-10-27 23:27 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-12-28 20:09 - 2014-01-20 22:56 - 00000000 ___HD () C:\Users\Romb\AppData\Roaming\Origin

==================== Files in the root of some directories =======
2013-01-20 23:55 - 2013-11-11 22:54 - 0000141 _____ () C:\Users\Romb\AppData\Roaming\prio.ini
2013-09-08 12:22 - 2013-09-08 17:51 - 0001456 _____ () C:\Users\Romb\AppData\Local\Adobe Save for Web 12.0 Prefs
2011-12-18 17:35 - 2011-12-18 18:51 - 0000079 _____ () C:\Users\Romb\AppData\Local\CrystalDiskMark30.ini
2012-11-29 19:50 - 2012-11-29 19:50 - 0027520 _____ () C:\Users\Romb\AppData\Local\dt.dat
2014-08-09 11:15 - 2015-01-03 01:55 - 0007618 _____ () C:\Users\Romb\AppData\Local\Resmon.ResmonCfg

Files to move or delete:
====================
C:\Users\Romb\AppData\Roaming\Origin\update.vbe


Some content of TEMP:
====================
C:\Users\Romb\AppData\Local\Temp\Quarantine.exe
C:\Users\Romb\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-18 02:07

==================== End Of Log ============================



#6 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,133 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:02 AM

Posted 18 January 2015 - 04:45 PM

Hey, :)

Step 1: FRST Fix
  • Please open Notepad.exe. Make sure that you don't use any other software than Notepad.exe!
  • Copy and Paste the content of the codebox below into the empty textfile:

    HKU\S-1-5-21-2637803303-1931993293-1815589246-1000\...\Run: [ASRockXTU] => [X]
    HKU\S-1-5-21-2637803303-1931993293-1815589246-1000\...\MountPoints2: G - G:\BlacklistAutoRun.exe
    HKU\S-1-5-21-2637803303-1931993293-1815589246-1000\...\MountPoints2: {47cb64b9-b98c-11e2-b7a2-002522dd71cf} - H:\HTC_Sync_Manager_PC.exe
    AppInit_DLLs: prio.dll => prio.dll File Not Found
    AppInit_DLLs-x32: prio32.dll => "prio32.dll" File Not Found
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-2637803303-1931993293-1815589246-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
    BHO: SimpleAdblock Class -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblockx64.dll No File
    BHO-x32: SimpleAdblock Class -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblock.dll No File
    Toolbar: HKU\S-1-5-21-2637803303-1931993293-1815589246-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
    FF Homepage: hxxp://www.parttiming.nl/
    FF NetworkProxy: "autoconfig_url", "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('youtube.com%2Fvideoplayback')%20!%3D%20-1%20%26%26%20url.indexOf('%26gcr%3Dus')%20!%3D%20-1%20%26%26%20url.indexOf('%26ptchn')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fext.last.fm*')%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.daisuki.net*')%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fpiki.fm*')%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fdsc.discovery.com%2F*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.crunchyroll.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fhtml5.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Flisten.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpreview.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Faccount.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fsecure.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.rdio.com*')%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20host%20%3D%3D%20's.hulu.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fnew.songza.com*'))%20%7B%20return%20'PROXY%20us01.sq.proxmate.me%3A8000%3B%20PROXY%20us09.sq.proxmate.me%3A8000%3B%20PROXY%20us08.sq.proxmate.me%3A8000%3B%20PROXY%20us02.sq.proxmate.me%3A8000%3B%20PROXY%20us05.sq.proxmate.me%3A8000%3B%20PROXY%20us03.sq.proxmate.me%3A8000%3B%20PROXY%20us04.sq.proxmate.me%3A8000%3B%20PROXY%20us10.sq.proxmate.me%3A8000%3B%20PROXY%20us11.sq.proxmate.me%3A8000%3B%20PROXY%20us07.sq.proxmate.me%3A8000%3B%20PROXY%20us06.sq.proxmate.me%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D"
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    2012-11-29 19:50 - 2012-11-29 19:50 - 0027520 _____ () C:\Users\Romb\AppData\Local\dt.dat
    C:\Users\Romb\AppData\Roaming\Origin\update.vbe
    EmptyTemp:
  • Then click on File >> Save as
    • File Name: Fixlist.txt
    • From the Save as type drop down list, choose All Files
  • It is very important that you save this textfile on your Desktop!
Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Run FRST.exe/FRST64.exe (Note: If FRST advises there is a new updated version to be downloaded, allow this.)and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply
Step 2: FRST Scan
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.
Step 3: ESET

Please run a free online scan with the ESET Online Scanner:

IMPORTANT: You MUST use Internet Explorer for this step!
  • Visit the ESET Online Scanner Web Page
  • Select the blue Run ESET Online Scanner button:
    ESET1_zps23a5e840.png
  • Tick the box next to YES, I accept the Terms of Use and click Start
    ESET_EULA2_zps9451f1c3.png
  • When asked, allow the ActiveX control to install.
  • Select Enable detection of potentially unwanted applications and select Advanced Settings:
    ESET2_zpsc701c045.png
  • Make sure to check the options Remove found threats and Enable Anti-Stealth technology are checked:
    ESET4_zps0afafd0d.png
  • Click Start. (This scan can take several hours, so please be patient):
    ESET3_zpsccd1657d.png
  • Once the scan is completed, select List of found threats:
    ESET5_zpsd27be299.png
  • Select Export to text file... and save the file as ESETlog.txt on your Desktop:
    ESET6_zpsc17d154e.png
  • Click the Back button.
  • Click the Finish button:
    ESET9_zps51587217.png
  • Use Notepad to open the saved log file (on your Desktop- ESET.txt)[/b]
  • Copy and paste that log as a reply to this topic.
Step 4: Question

How is your PC running?

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#7 Rombbb

Rombbb
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:02 PM

Posted 19 January 2015 - 03:25 PM

Great, it's gone ! Thanks sooo much !! I will donate this weekend (seriously). After FRST fix and scan reboot it was still there but EST did the job and found several trojan/miner entries. There were some cracked game exe's on my compu so probably there were some false positives but surely the right one was there too. I suspect that MGS.exe and/or those Origin entries.

 

I did restore two ESET quarantines (Skyrim and Darksouls dll's) as I really don't suspect those (they are already on my system for ages and didn;t had any problems in the past). If they do seem to be the culprit I will re-do all steps.

 

Regarding the cause, is it malicious software that I downloaded and installed (torrents) or can a miner like this also spread simply via opening websites ? (hardly ever click banners and do think to know how to recognize suspicious sites, but still).

 

Anyways, really really appreciated and think you guys are doing a hell of a good job. Donation will be in Saturday.

 

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 18-01-2015 01
Ran by Romb at 2015-01-19 19:39:03 Run:1
Running from C:\Users\Romb\Desktop
Loaded Profiles: Romb (Available profiles: Romb)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-2637803303-1931993293-1815589246-1000\...\Run: [ASRockXTU] => [X]
HKU\S-1-5-21-2637803303-1931993293-1815589246-1000\...\MountPoints2: G - G:\BlacklistAutoRun.exe
HKU\S-1-5-21-2637803303-1931993293-1815589246-1000\...\MountPoints2: {47cb64b9-b98c-11e2-b7a2-002522dd71cf} - H:\HTC_Sync_Manager_PC.exe
AppInit_DLLs: prio.dll => prio.dll File Not Found
AppInit_DLLs-x32: prio32.dll => "prio32.dll" File Not Found
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2637803303-1931993293-1815589246-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: SimpleAdblock Class -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblockx64.dll No File
BHO-x32: SimpleAdblock Class -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblock.dll No File
Toolbar: HKU\S-1-5-21-2637803303-1931993293-1815589246-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
FF Homepage: hxxp://www.parttiming.nl/
FF NetworkProxy: "autoconfig_url", "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('youtube.com%2Fvideoplayback')%20!%3D%20-1%20%26%26%20url.indexOf('%26gcr%3Dus')%20!%3D%20-1%20%26%26%20url.indexOf('%26ptchn')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fext.last.fm*')%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.daisuki.net*')%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fpiki.fm*')%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fdsc.discovery.com%2F*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.crunchyroll.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fhtml5.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Flisten.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpreview.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Faccount.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fsecure.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.rdio.com*')%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20host%20%3D%3D%20's.hulu.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fnew.songza.com*'))%20%7B%20return%20'PROXY%20us01.sq.proxmate.me%3A8000%3B%20PROXY%20us09.sq.proxmate.me%3A8000%3B%20PROXY%20us08.sq.proxmate.me%3A8000%3B%20PROXY%20us02.sq.proxmate.me%3A8000%3B%20PROXY%20us05.sq.proxmate.me%3A8000%3B%20PROXY%20us03.sq.proxmate.me%3A8000%3B%20PROXY%20us04.sq.proxmate.me%3A8000%3B%20PROXY%20us10.sq.proxmate.me%3A8000%3B%20PROXY%20us11.sq.proxmate.me%3A8000%3B%20PROXY%20us07.sq.proxmate.me%3A8000%3B%20PROXY%20us06.sq.proxmate.me%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D"
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
2012-11-29 19:50 - 2012-11-29 19:50 - 0027520 _____ () C:\Users\Romb\AppData\Local\dt.dat
C:\Users\Romb\AppData\Roaming\Origin\update.vbe
EmptyTemp:
*****************

HKU\S-1-5-21-2637803303-1931993293-1815589246-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ASRockXTU => value deleted successfully.
"HKU\S-1-5-21-2637803303-1931993293-1815589246-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G" => Key deleted successfully.
"HKU\S-1-5-21-2637803303-1931993293-1815589246-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{47cb64b9-b98c-11e2-b7a2-002522dd71cf}" => Key deleted successfully.
HKCR\CLSID\{47cb64b9-b98c-11e2-b7a2-002522dd71cf} => Key not found.
"prio.dll" => Value Data removed successfully.
"prio32.dll" => Value Data removed successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-2637803303-1931993293-1815589246-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key deleted successfully.
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFCB3198-32F3-4E8B-9539-4324694ED664}" => Key deleted successfully.
"HKCR\CLSID\{FFCB3198-32F3-4E8B-9539-4324694ED664}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFCB3198-32F3-4E8B-9539-4324694ED664}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{FFCB3198-32F3-4E8B-9539-4324694ED664}" => Key deleted successfully.
HKU\S-1-5-21-2637803303-1931993293-1815589246-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
"HKCR\PROTOCOLS\Handler\linkscanner" => Key deleted successfully.
HKCR\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} => Key not found.
Firefox homepage deleted successfully.
Firefox Proxy settings were reset.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
C:\Users\Romb\AppData\Local\dt.dat => Moved successfully.
C:\Users\Romb\AppData\Roaming\Origin\update.vbe => Moved successfully.
EmptyTemp: => Removed 510.1 MB temporary data.


The system needed a reboot.

==== End of Fixlog 19:39:28 ====

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-01-2015 01
Ran by Romb (administrator) on ROMB-PC on 19-01-2015 19:46:27
Running from C:\Users\Romb\Desktop
Loaded Profiles: Romb (Available profiles: Romb)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Nederlands (Nederland)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices) C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe
(Giraffic) C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe
(Thrustmaster®) C:\Program Files\Thrustmaster\T500 RS Racing wheel\drivers\amd64\tmInstall.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Giraffic) C:\Program Files (x86)\Giraffic\Veoh_Giraffic.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
() C:\Program Files\Core Temp\Core Temp.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\Ctxfihlp.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CTxfispi.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [402432 2010-07-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [CTxfiHlp] => CTXFIHLP.EXE
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-2637803303-1931993293-1815589246-1000\...\RunOnce: [Adobe Speed Launcher] => 1421692851
HKU\S-1-5-21-2637803303-1931993293-1815589246-1000\...\Policies\system: [DisableLockWorkstation] 0

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2637803303-1931993293-1815589246-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.parttiming.nl/
HKU\S-1-5-21-2637803303-1931993293-1815589246-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://nl.msn.com/?ocid=iehp
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\S-1-5-21-2637803303-1931993293-1815589246-1000 -> {951F37BD-D47F-4D7F-A770-BD307394C318} URL = http://www.google.nl/search?hl=nl&q={searchTerms}&rlz=1I7MXGB_nlNL509
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_20\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_20\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.3.0.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Romb\AppData\Roaming\Mozilla\Firefox\Profiles\k0y08dge.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll ()
FF Plugin: @java.com/DTPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2637803303-1931993293-1815589246-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Extension: Modify Headers - C:\Users\Romb\AppData\Roaming\Mozilla\Firefox\Profiles\k0y08dge.default\Extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe}.xpi [2012-03-16]
FF Extension: Adblock Plus - C:\Users\Romb\AppData\Roaming\Mozilla\Firefox\Profiles\k0y08dge.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-04-14]
FF Extension: Theme Font &amp; Size Changer - C:\Users\Romb\AppData\Roaming\Mozilla\Firefox\Profiles\k0y08dge.default\Extensions\{f69e22c7-bc50-414a-9269-0f5c344cd94c}.xpi [2014-08-14]

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 amdacpusrsvc; C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe [116224 2014-11-20] (Advanced Micro Devices) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2014-05-28] (Creative Labs) [File not signed]
S3 Creative Dolby Digital Live Pack Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\DDLLicensing.exe [79360 2014-05-28] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [286720 2010-02-12] (Creative Technology Ltd) [File not signed]
R2 Giraffic; C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe [2245232 2013-05-13] (Giraffic)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 tmInstall; C:\Program Files\Thrustmaster\T500 RS Racing wheel\drivers\amd64\tmInstall.EXE [28160 2013-08-22] (Thrustmaster®)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 amdacpksd; C:\Windows\system32\drivers\amdacpksd.sys [294600 2014-11-21] (Advanced Micro Devices)
S3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdW76.sys [94720 2013-12-19] (Advanced Micro Devices) [File not signed]
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [279616 2011-12-18] (DT Soft Ltd)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S3 tmbulk; C:\Windows\System32\Drivers\tmbulk.sys [88368 2013-06-12] (© Guillemot R&D, 2011. All rights reserved.)
S3 tmhidusb; C:\Windows\System32\DRIVERS\tmhidusb.sys [149296 2013-08-27] (Thrustmaster)
R3 ALSysIO; \??\C:\Users\Romb\AppData\Local\Temp\ALSysIO64.sys [X]
S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-19 19:46 - 2015-01-19 19:46 - 00010841 _____ () C:\Users\Romb\Desktop\FRST.txt
2015-01-18 19:45 - 2015-01-18 19:45 - 00000000 ____D () C:\Users\Romb\Desktop\FRST-OlderVersion
2015-01-18 19:42 - 2015-01-18 19:42 - 00000000 ____D () C:\Windows\ERUNT
2015-01-18 19:40 - 2015-01-18 19:40 - 01707939 _____ (Thisisu) C:\Users\Romb\Desktop\JRT.exe
2015-01-18 12:31 - 2015-01-18 12:31 - 00000540 _____ () C:\Users\Romb\Desktop\defogger_disable.log
2015-01-18 12:31 - 2015-01-18 12:31 - 00000168 _____ () C:\Users\Romb\defogger_reenable
2015-01-18 12:30 - 2015-01-18 12:30 - 00050477 _____ () C:\Users\Romb\Desktop\Defogger.exe
2015-01-18 12:26 - 2015-01-19 19:46 - 00000000 ____D () C:\FRST
2015-01-18 12:26 - 2015-01-18 19:45 - 02126848 _____ (Farbar) C:\Users\Romb\Desktop\FRST64.exe
2015-01-18 12:25 - 2015-01-19 19:46 - 00000000 ____D () C:\Users\Romb\Desktop\Nieuwe map
2015-01-17 23:22 - 2015-01-19 18:35 - 00001928 _____ () C:\Windows\PFRO.log
2015-01-16 00:40 - 2015-01-19 19:40 - 00000560 _____ () C:\Windows\setupact.log
2015-01-16 00:40 - 2015-01-16 00:40 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-16 00:35 - 2015-01-16 00:35 - 00002770 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-01-15 23:28 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-15 23:28 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-15 23:28 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-15 23:28 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-15 23:28 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-15 23:28 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-15 23:28 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-15 23:28 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-15 23:28 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-15 23:28 - 2014-12-11 18:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-15 23:28 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-15 23:28 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-15 23:28 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-15 20:13 - 2015-01-15 20:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-09 19:56 - 2015-01-15 19:18 - 00062292 _____ () C:\Windows\temp023423.vbe
2014-12-29 20:23 - 2014-12-29 20:42 - 00000000 ____D () C:\Users\Romb\Documents\Assassin's Creed Unity
2014-12-29 20:20 - 2014-12-29 20:20 - 00001021 _____ () C:\Users\Romb\Desktop\Lego Marvel.lnk
2014-12-29 19:53 - 2014-12-29 19:53 - 00000548 _____ () C:\Users\Romb\Desktop\ACU.lnk
2014-12-28 20:09 - 2015-01-19 19:41 - 00003090 _____ () C:\Windows\System32\Tasks\Origin
2014-12-26 11:46 - 2014-12-26 11:46 - 00000685 _____ () C:\Users\Romb\Desktop\MGSV.lnk
2014-12-26 11:46 - 2014-12-26 11:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Metal Gear Solid V Ground Zeroes

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-19 19:46 - 2009-07-14 10:16 - 00745674 _____ () C:\Windows\system32\perfh013.dat
2015-01-19 19:46 - 2009-07-14 10:16 - 00153702 _____ () C:\Windows\system32\perfc013.dat
2015-01-19 19:46 - 2009-07-14 06:13 - 01671088 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-19 19:43 - 2013-11-03 09:22 - 01840611 _____ () C:\Windows\WindowsUpdate.log
2015-01-19 19:41 - 2012-01-30 01:25 - 00000000 ____D () C:\ProgramData\Giraffic
2015-01-19 19:41 - 2012-01-30 01:25 - 00000000 ____D () C:\Program Files (x86)\Giraffic
2015-01-19 19:40 - 2014-05-27 23:10 - 00065536 _____ () C:\Windows\system32\spu_storage.bin
2015-01-19 19:40 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-19 19:39 - 2014-01-20 22:56 - 00000000 ___HD () C:\Users\Romb\AppData\Roaming\Origin
2015-01-19 19:30 - 2012-10-10 17:20 - 00000940 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-19 18:42 - 2009-07-14 05:45 - 00015360 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-19 18:42 - 2009-07-14 05:45 - 00015360 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-18 19:59 - 2014-05-24 20:52 - 00000773 _____ () C:\Users\Romb\Desktop\Wolfenstein.lnk
2015-01-18 19:37 - 2014-08-09 12:13 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-18 19:21 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Speech
2015-01-18 18:57 - 2014-08-09 12:57 - 00000000 ____D () C:\AdwCleaner
2015-01-18 12:59 - 2014-05-30 10:57 - 00000000 ____D () C:\Users\Romb\Desktop\Games To Do
2015-01-18 12:31 - 2011-12-18 13:01 - 00000000 ____D () C:\Users\Romb
2015-01-18 11:32 - 2011-12-18 15:59 - 00000000 ____D () C:\Users\Romb\AppData\Roaming\uTorrent
2015-01-18 01:11 - 2012-04-01 19:58 - 00000000 ____D () C:\Users\Romb\AppData\Roaming\vlc
2015-01-18 00:07 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system
2015-01-17 23:26 - 2014-08-09 12:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-17 23:26 - 2014-08-09 12:13 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-17 23:21 - 2014-10-18 18:14 - 00000585 _____ () C:\Users\Romb\Desktop\TEW.lnk
2015-01-16 00:37 - 2011-12-18 16:36 - 00000000 ____D () C:\Users\Romb\AppData\Roaming\DAEMON Tools Lite
2015-01-16 00:36 - 2011-12-24 13:59 - 00000000 ____D () C:\Windows\Minidump
2015-01-16 00:35 - 2014-01-03 23:27 - 00000000 ____D () C:\Program Files\CCleaner
2015-01-15 23:36 - 2012-11-25 11:28 - 01655440 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-01-15 23:32 - 2013-08-01 01:22 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-15 23:29 - 2011-12-18 14:17 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-15 22:27 - 2012-10-06 18:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-15 19:18 - 2013-06-23 15:02 - 00000000 ____D () C:\ProgramData\Origin
2015-01-13 21:30 - 2012-10-10 17:20 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-13 21:30 - 2012-10-10 17:20 - 00003878 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-13 21:30 - 2011-12-18 13:59 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-04 17:14 - 2011-12-28 21:21 - 00000328 _____ () C:\Users\Romb\d3d_antilag.log
2015-01-04 15:36 - 2011-12-25 12:26 - 00000000 ____D () C:\Users\Romb\Documents\My Games
2015-01-03 01:55 - 2014-08-09 11:15 - 00007618 _____ () C:\Users\Romb\AppData\Local\Resmon.ResmonCfg
2014-12-31 12:14 - 2011-12-18 14:06 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-12-29 20:23 - 2012-12-16 17:52 - 00000000 ____D () C:\ProgramData\Orbit
2014-12-29 18:59 - 2013-10-27 23:27 - 00000000 ____D () C:\Windows\SysWOW64\directx

==================== Files in the root of some directories =======
2013-01-20 23:55 - 2013-11-11 22:54 - 0000141 _____ () C:\Users\Romb\AppData\Roaming\prio.ini
2013-09-08 12:22 - 2013-09-08 17:51 - 0001456 _____ () C:\Users\Romb\AppData\Local\Adobe Save for Web 12.0 Prefs
2011-12-18 17:35 - 2011-12-18 18:51 - 0000079 _____ () C:\Users\Romb\AppData\Local\CrystalDiskMark30.ini
2014-08-09 11:15 - 2015-01-03 01:55 - 0007618 _____ () C:\Users\Romb\AppData\Local\Resmon.ResmonCfg

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-18 02:07

==================== End Of Log ============================

 

 

C:\Users\All Users\Origin\update.vbe    VBS/Kryptik.DC trojan    
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Origin\update.vbe    VBS/Kryptik.DC trojan    
C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\ConduitInstaller_veoh.exe    Win32/Toolbar.Conduit potentially unwanted application    deleted - quarantined
C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\qlps-qlipso-sntb.exe    Win32/Toolbar.Zugo potentially unwanted application    deleted - quarantined
C:\ProgramData\Origin\update.vbe    VBS/Kryptik.DC trojan    cleaned by deleting - quarantined
C:\Windows\temp023423.vbe    VBS/Kryptik.DC trojan    cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\Roaming\Origin\update.vbe    VBS/Kryptik.DC trojan    cleaned by deleting - quarantined
C:\Windows\Temp\svchost.exe    Win64/CoinMiner.J trojan    cleaned by deleting - quarantined
D:\DarkSouls\xlive.dll    a variant of Win32/Packed.VMProtect.ABD trojan    cleaned by deleting - quarantined
D:\Metal Gear Solid V Ground Zeroes\MgsGroundZeroes.exe    a variant of Win32/Packed.VMProtect.ABO trojan    cleaned by deleting - quarantined
D:\Murdered Soul Suspect\Binaries\Win64\steamclient64.dll    a variant of Win32/Packed.VMProtect.ABD trojan    cleaned by deleting - quarantined
D:\Murdered Soul Suspect\Binaries\Win64\steam_api64.dll    a variant of Win32/Packed.VMProtect.ABD trojan    cleaned by deleting - quarantined
D:\Resident Evil 6\steam_api.dll    a variant of Win32/Packed.VMProtect.AAH trojan    cleaned by deleting - quarantined
D:\Skyrim\steam_api.dll    a variant of Win32/Packed.VMProtect.AAH trojan    cleaned by deleting - quarantined



#8 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,133 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:02 AM

Posted 20 January 2015 - 11:29 AM

Hey, :)

Thanks for the donation!

Regarding the cause, is it malicious software that I downloaded and installed (torrents) or can a miner like this also spread simply via opening websites ?

You can get infected on both ways.

 

Hello,
in my opinion your PC is clean. :)


We need to remove the tools we've used during cleaning your machine.
  • Download Delfix from here and run it (If you have Windows Vista / Windows 7 / Windows 8 please do a Right click on the Delfix icon and select Run as Administrator).
  • Ensure Remove disinfection tools is ticked
    Also tick:
    • Create registry backup
    • Purge system restore
    delfix.jpg
  • Click Run
The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply

 

Exercise common sense

Having security programs installed is very helpful to you, but none of them have the gift of human thought. The best way to make sure you don't get infected is to look before you leap. Be careful of what websites you visit - if a site looks suspicious, trust your instincts and get out of there. Be careful of what attachments you open in emails and files you download from websites - check them over carefully and look at the file extensions to make sure that you know what you're getting. Using peer-to-peer file sharing programs or downloading cracks and keygens is something else to avoid - the files you will be downloading are infected in the vast majority of cases, and the benefits simply aren't worth the risk to your computer.

Keep up on Windows updates

Along with keeping all of the security programs that you choose to use updated, it is also important to keep up on system updates from Microsoft, as these patch critical security vulnerabilities and help to keep you safe. Typically the windows update icon will appear in your taskbar when new updates are available, whenever you see it you should open the menu up and install the updates that are available. Although it may be an annoyance, that little bit of extra time it takes to stay updated is very well worth it instead of getting infected from an exploit and having to clean your PC again.

Slow computer?

If your computer begins to slow down again in the future for no particular reason, your first step should not be to come back to the malware forum. As your computer ages and is used, its parts wear, files and programs accumulate, and its performance speed can decrease. To restore your computer's performance to its best possible level, follow the steps in this guide written by tech expert Artellos.

Keep Safe! :thumbsup:

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#9 Rombbb

Rombbb
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:02 PM

Posted 21 January 2015 - 02:17 PM

Thanks, will donate straight after this post. See you laters !  (hopefully not too soon :))

 

# DelFix v10.8 - Logfile created 21/01/2015 at 20:16:07
# Updated 29/07/2014 by Xplode
# Username : Romb - ROMB-PC
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : HKLM\SOFTWARE\AdwCleaner

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #442 [Windows Update | 12/23/2014 20:30:21]
Deleted : RP #443 [Windows Update | 12/27/2014 04:25:51]
Deleted : RP #444 [Windows Update | 12/30/2014 18:13:34]
Deleted : RP #445 [Windows Update | 01/03/2015 04:22:58]
Deleted : RP #446 [Windows Update | 01/06/2015 21:32:52]
Deleted : RP #447 [Windows Update | 01/10/2015 03:46:29]
Deleted : RP #448 [Windows Update | 01/13/2015 18:25:35]
Deleted : RP #449 [Windows Update | 01/15/2015 22:29:00]
Deleted : RP #450 [Windows Update | 01/19/2015 17:46:28]

New restore point created !

########## - EOF - ##########



#10 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,133 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:02 AM

Posted 21 January 2015 - 03:45 PM

Thanks! :)

Any further questions before I close this topic as solved?

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#11 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,133 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:02 AM

Posted 25 January 2015 - 06:22 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users