apparent infection

Danaiden · February 15, 2013

After asking whether a blocked ip was a possible f/p i got redirected to this, as it appeared to not be a f/p... Down here are the contents of attach.txt and dds.txt which were requested in the topic 'I'm infected - What do I do now?'. I also added them as an attatchment if needed. Thanks in advance.

PS, some information is in dutch, as it is the default language of my computer. If any clarification is needed just ask for it.

Attatch.txt

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 12-8-2010 9:10:52

System Uptime: 15-2-2013 15:30:50 (1 hours ago)

.

Motherboard: Intel Corporation | | DH55TC

Processor: Intel® Core™ i5 CPU 650 @ 3.20GHz | XU1 | 3193/533mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 75 GiB total, 2,479 GiB free.

D: is FIXED (NTFS) - 856 GiB total, 317,947 GiB free.

E: is CDROM ()

F: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP836: 15-2-2013 15:55:45 - Removed Autodesk MatchMover 2012 64-bit.

.

==== Installed Programs ======================

.

Adobe AIR

Adobe Community Help

Adobe Download Assistant

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Media Player

Adobe Photoshop CS5

Adobe Photoshop Elements 7.0

Adobe Premiere Elements 7.0

Adobe Premiere Elements 7.0 Templates

Adobe Reader X (10.1.5) - Nederlands

Adobe Shockwave Player 11.5

AIWI

AIWI JoyStick

Amnesia - The Dark Descent

Anark Client 1.0

Any Video Converter 3.2.3

APB Reloaded

Apple Application Support

Apple Software Update

applicationupdater

Assassin's Creed Brotherhood

Assassin's Creed Revelations 1.02

Audacity 1.3.12 (Unicode)

Audiosurf

Autodesk Maya 2012 64-bit

AVG 2011

Bonjour

Borderlands 2

Capsule

Composite 2012 64-bit

Conceptronic 300N Wireless Adapter (v3.0)

Cooliris for Internet Explorer

Curse Client

D3DX10

Darksiders II

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Device Simulation Framework 1.0.1

Dishonored

Dota 2

eBook Reader

EPN werkboek-i Numbers and Space/1 havo vwo

F-N

FFmpeg for Audacity on Windows

Firebird SQL Server - MAGIX Edition

Fluency TTS 5.0

Fraps (remove only)

Free Audio CD to MP3 Converter version 1.3.7

Free YouTube to MP3 Converter version 3.11.35.1031

FTL version 1.01

gamelauncher-ps2-live

GameMaker 8.1

GamersFirst LIVE!

GameSpy Arcade

Ghost Control 2.1

Google Chrome

Google Update Helper

Heaven DX11 Benchmark version 3.0

Hi-Rez Studios Authenticate and Update Service

House of Night Screensaver Screensaver

HTML-Kit

ImagXpress

Intel® Management Engine Components

Intel® Network Connections 15.3.68.0

J2SE Runtime Environment 5.0 Update 1

JamGuru 1.0 RC5

Java 7 Update 13

Java 7 Update 13 (64-bit)

Java Auto Updater

Junk Mail filter update

LAME v3.98.2 for Audacity

League of Legends

Loadout

LogMeIn Hamachi

Magic The Gathering - Duels of the Planeswalkers 2013

MagicDisc 2.7.106

Magicka

MAGIX Music Maker 17 Premium Download Version

MAGIX Screenshare

MAGIX Speed burnR (MSI)

Malwarebytes Anti-Malware versie 1.70.0.1100

Matrix-ks

Microsoft .NET Framework 1.1

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Client Profile NLD Language Pack

Microsoft .NET Framework 4 Extended

Microsoft .NET Framework 4 Extended NLD Language Pack

Microsoft .NET Framework 4 Multi-Targeting Pack

Microsoft Antimalware Service NL-NL Language Pack

Microsoft Application Error Reporting

Microsoft Games for Windows - LIVE Redistributable

Microsoft Games for Windows Marketplace

Microsoft Help Viewer 1.0

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (Dutch) 2010

Microsoft Office Excel MUI (Dutch) 2010

Microsoft Office Groove MUI (Dutch) 2010

Microsoft Office InfoPath MUI (Dutch) 2010

Microsoft Office Office 64-bit Components 2010

Microsoft Office OneNote MUI (Dutch) 2010

Microsoft Office Outlook MUI (Dutch) 2010

Microsoft Office PowerPoint MUI (Dutch) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (Dutch) 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (German) 2010

Microsoft Office Proofing (Dutch) 2010

Microsoft Office Publisher MUI (Dutch) 2010

Microsoft Office Shared 64-bit MUI (Dutch) 2010

Microsoft Office Shared MUI (Dutch) 2010

Microsoft Office Word MUI (Dutch) 2010

Microsoft Rise Of Nations

Microsoft Security Client

Microsoft Security Client NL-NL Language Pack

Microsoft Security Essentials

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft SQL Server 2008 R2 Management Objects

Microsoft SQL Server Compact 3.5 SP2 ENU

Microsoft SQL Server Compact 3.5 SP2 x64 ENU

Microsoft SQL Server System CLR Types

Microsoft Visual C# 2010 Express - ENU

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools

Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU

Microsoft XNA Framework Redistributable 3.1

Microsoft XNA Framework Redistributable 4.0

Microsoft XNA Game Studio 4.0

Microsoft XNA Game Studio 4.0 (ARP entry)

Microsoft XNA Game Studio 4.0 (Redists)

Microsoft XNA Game Studio 4.0 (Shared Components)

Microsoft XNA Game Studio 4.0 (Visual Studio)

Microsoft XNA Game Studio 4.0 (XnaLiveProxy)

Microsoft XNA Game Studio 4.0 Documentation

Microsoft XNA Game Studio Platform Tools

Microsoft_VC80_ATL_x86

Microsoft_VC80_ATL_x86_x64

Microsoft_VC80_CRT_x86

Microsoft_VC80_CRT_x86_x64

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFC_x86_x64

Microsoft_VC80_MFCLOC_x86

Microsoft_VC80_MFCLOC_x86_x64

Microsoft_VC90_ATL_x86

Microsoft_VC90_ATL_x86_x64

Microsoft_VC90_CRT_x86

Microsoft_VC90_CRT_x86_x64

Microsoft_VC90_MFC_x86

Microsoft_VC90_MFC_x86_x64

MSI Afterburner 2.2.3

MSI Kombustor 2.3.0

MSVCRT

MSVCRT Redists

MSVCRT_amd64

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP2 Parser and SDK

MSXML4 Parser

MuseScore 0.9.6.3 MuseScore score typesetter

N-F

neroxml

NoteWorthy Composer 2

NVIDIA-configuratiescherm 310.70

NVIDIA 3D Vision controllerstuurprogramma 310.70

NVIDIA 3D Vision stuurprogramma 310.70

NVIDIA Grafisch stuurprogramma 310.70

NVIDIA HD Audio-stuurprogramma 1.3.18.0

NVIDIA Install Application

NVIDIA PhysX

NVIDIA PhysX systeemsoftware 9.12.1031

NVIDIA Stereoscopic 3D Driver

Oblivion

OpenAL

Orcs Must Die 2

Orcs Must Die!

PDF Settings CS5

Perspective 1.0

PlanetSide 2

PlanetSide 2 Beta

Portal 2 version 2.0.0.1

Primal Carnage Beta

PunkBuster Services

QuickTime

Ravaged

Razer Game Booster

Rise of Nations Thrones and Patriots

Roller Coaster World 3D

RollerCoaster Tycoon 3

RuneScape Launcher 1.2.2

Saints Row The Third

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft .NET Framework 4 Extended (KB2736428)

Security Update for Microsoft .NET Framework 4 Extended (KB2742595)

Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2687436) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition

Security Update for Microsoft Visio 2010 (KB2687508) 32-Bit Edition

Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition

Security Update for Microsoft Visual C# 2010 Express - ENU (KB2251489)

Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition

Security Update for Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD (KB2478663)

Security Update for Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD (KB2518870)

Simple Port Forwarding

Skype Click to Call

Skype™ 6.1

Skyrim Dawnguard DLC+Update v1.7706-=AviaRa=- 1.7706

Smite

SnagIt 8

Star Wars: The Old Republic

Steam

Synthesia (remove only)

System Requirements Lab for Intel

Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD

Taalpakket voor Microsoft .NET Framework 4 Extended - NLD

Tabulator

TeamSpeak 3 Client

Text-To-Speech-Runtime

The Lost Watch II NV 3D Screensaver 1.0

The Witcher 2 - Assassins of Kings Enhanced Edition

TI Connect 1.6

Torchlight II © Runic Games version 1

Transcripted Alienware Demo

Trust 5.1 Gaming Headset

Trust Gaming Mouse Driver V1.1

Tunngle beta

TuxGuitar

Ubisoft Game Launcher

Unity Web Player

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553092)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition

Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition

Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition

Vegas Pro 11.0

VirtualCloneDrive

Visual Studio 2008 x64 Redistributables

Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU

vReveal

VST Bridge 1.1

Western Railway NV 3D Screensaver 2.0

Windows Driver Package - Texas Instruments Inc. (SilvrLnk) USB (06/11/2009 1.0.0.0)

Windows Driver Package - Texas Instruments Inc. (TIEHDUSB) USB (09/02/2009 1.0.0.1)

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Sync

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Windows Media Center-gadgets voor Windows SideShow

Windows Media Player Firefox Plugin

Windows SideShow Managed Runtime 1.0

WinISO 5.3

WinRAR

World of Warcraft

World of Warcraft Beta

Zoo Tycoon: Complete Collection

.

==== End Of File ===========================

dds.txt

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16464 BrowserJavaVersion: 10.13.2

Run by McDos at 16:01:04 on 2013-02-15

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3957.1730 [GMT 1:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}

SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe

C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe

D:\Mijn Documenten\Games\HiPatchService.exe

C:\Program Files (x86)\AVG\AVG10\avgnsa.exe

C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Program Files (x86)\Conceptronic\Common\RaRegistry.exe

C:\Program Files (x86)\Conceptronic\Common\RaRegistry64.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Microsoft Security Client\NisSrv.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Windows\System32\StikyNot.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\AVG\AVG10\avgtray.exe

C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

C:\Program Files (x86)\Trust Gaming Mouse\Mouse.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Windows\system32\msiexec.exe

C:\Program Files (x86)\Windows Media Player\wmplayer.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uURLSearchHooks: {ba14329e-9550-4989-b3f2-9732e92d17cc} - <orphaned>

uURLSearchHooks: {87775fdb-6972-41f9-ae51-8326e38cb206} - <orphaned>

mWinlogon: Userinit = userinit.exe,

BHO: HelperObject Class: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\SnagIt 8\SnagItBHO.dll

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Aanmeldhulp voor Windows Live ID: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

BHO: Cooliris Plug-In for Internet Explorer: {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files (x86)\PicLensIE\cooliris.dll

TB: SnagIt: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\SnagIt 8\SnagItIEAddin.dll

uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe

mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin

mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

mRun: [Trust Gaming Mouse] C:\Program Files (x86)\Trust Gaming Mouse\Mouse.exe

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: &Verzenden naar OneNote - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105

IE: E&xporteren naar Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000

IE: Free YouTube to Mp3 Converter - C:\Users\McDos\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {3437D640-C91A-458f-89F5-B9095EA4C28B} - {04F93351-81D2-4484-9982-0D55DEFFFAE6} - C:\Program Files (x86)\PicLensIE\cooliris.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab

DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: Interfaces\{1595706F-7DEE-4E62-A5AA-CF00A0419D29} : DHCPNameServer = 192.168.1.254 195.241.77.55 195.241.77.58

TCP: Interfaces\{3EA217B0-267C-4673-8C20-4C7FF1FE314B} : DHCPNameServer = 192.168.0.1

TCP: Interfaces\{3EA217B0-267C-4673-8C20-4C7FF1FE314B}\A597F507279667164756F595A4432585E4 : DHCPNameServer = 192.168.1.254 195.241.77.55 195.241.77.58

TCP: Interfaces\{3EA217B0-267C-4673-8C20-4C7FF1FE314B}\A597F507279667164756F5E465344343A4 : DHCPNameServer = 192.168.1.254 195.241.77.55 195.241.77.58

TCP: Interfaces\{CC3B6A59-6FEA-419E-A76F-A7BDA7B9749B} : DHCPNameServer = 7.254.254.254

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-BHO: HelperObject Class: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\SnagIt 8\x64\SnagItBHO64.dll

x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll

x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

x64-TB: SnagIt: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\SnagIt 8\x64\SnagItIEAddin64.dll

x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe

x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

x64-Run: [Cm106Sound] C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cm106.dll,CMICtrlWnd

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll

x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-Notify: igfxcui - igfxdev.dll

x64-SSODL: WebCheck - <orphaned>

x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

.

============= SERVICES / DRIVERS ===============

.

P2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;D:\Mijn Documenten\Games\HiPatchService.exe [2012-8-3 8704]

R0 AVGIDSEH;AVGIDSEH;C:\Windows\System32\drivers\AVGIDSEH.sys [2011-2-22 26704]

R0 DSFKSVCS;Kernel Services for DSF;C:\Windows\System32\drivers\dsfksvcs.sys [2010-2-8 676232]

R0 dsfroot;root enumerated bus driver;C:\Windows\System32\drivers\dsfroot.sys [2010-2-8 35832]

R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768]

R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-9-28 52856]

R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2011-4-4 377936]

R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-9-16 169312]

R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2011-2-8 269520]

R2 Fabs;FABS - Helping agent for MAGIX media database;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-8-27 1253376]

R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-12-10 2465712]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-2-13 398184]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-2-13 682344]

R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2010-10-24 128456]

R2 RalinkRegistryWriter;Ralink Registry Writer;C:\Program Files (x86)\Conceptronic\Common\RaRegistry.exe [2010-8-14 185632]

R2 RalinkRegistryWriter64;Ralink Registry Writer 64;C:\Program Files (x86)\Conceptronic\Common\RaRegistry64.exe [2010-8-14 212256]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-11-30 382824]

R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-7-7 2320920]

R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;C:\Windows\System32\drivers\e1k62x64.sys [2010-4-5 301232]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-9-17 56344]

R3 HRMCFGSPC;DSF General Configuration Space Redirection Module;C:\Windows\System32\drivers\hrmcfgspc.sys [2010-2-8 133512]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-2-13 24176]

R3 NisSrv;Microsoft Netwerkinspectie;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]

R3 softehci;Microsoft USB 2.0 Enhanced Host Controller Interface (EHCI) Simulator Driver";C:\Windows\System32\drivers\softehci.sys [2010-2-8 366592]

R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);C:\Windows\System32\drivers\tap0901t.sys [2011-10-10 31232]

R3 trustms;Trust Mouse;C:\Windows\System32\drivers\trustms.sys [2010-11-15 12416]

R3 usbehci_dsf;Microsoft DSF-enabled USB 2.0 Enhanced Host Controller Interface (EHCI) Miniport Driver;C:\Windows\System32\drivers\usbehci_dsf.sys [2010-2-8 52736]

R3 USBMULCD;USB Multi-Channel Audio Device Interface;C:\Windows\System32\drivers\CM10664.sys [2012-12-29 1310720]

S1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2010-12-8 308304]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536]

S3 androidusb;ADB Interface Driver;C:\Windows\System32\drivers\androidusb.sys [2010-4-29 32768]

S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-8-7 3276800]

S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2013-2-1 1431888]

S3 HRMINTS;DSF Interrupt Redirection Module;C:\Windows\System32\drivers\hrmints.sys [2010-2-8 128504]

S3 HRMPORTS;DSF IO Port Redirection Module;C:\Windows\System32\drivers\hrmports.sys [2010-2-8 148360]

S3 IAMTVE;Stuurprogramma voor Intel® Active Management Technology - KCS;C:\Windows\System32\drivers\IAMTVE.sys [2010-7-7 43416]

S3 IAMTXPE;Stuurprogramma voor Intel® Active Management Technology - KCS;C:\Windows\System32\drivers\IAMTXPE.sys [2010-7-7 51096]

S3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-2-3 271872]

S3 ioatdma1;ioatdma1;C:\Windows\System32\drivers\qd162x64.sys [2009-11-16 40144]

S3 ioatdma2;Intel® QuickData Technology device ver.2;C:\Windows\System32\drivers\qd262x64.sys [2009-11-16 42192]

S3 SOFTHIDUSBK;USB HID Layer;C:\Windows\System32\drivers\softhidusbk.sys [2010-2-8 206848]

S3 SOFTUSBK;Generic USB device;C:\Windows\System32\drivers\softusbk.sys [2010-2-8 675328]

S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-26 59392]

S3 TunngleService;TunngleService;C:\Program Files (x86)\Tunngle\TnglCtrl.exe [2012-6-1 745368]

S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-7-7 1255736]

S3 WinRing0_1_2_0;WinRing0_1_2_0;D:\Mijn Documenten\Games\razer\Driver\WinRing0x64.sys [2012-9-17 14544]

.

=============== File Associations ===============

.

FileExt: .inf: inffile=C:\Windows\System32\NOTEPAD.EXE %1 [userChoice]

FileExt: .js: JSFile=C:\Windows\System32\WScript.exe "%1" %* [userChoice]

.

=============== Created Last 30 ================

.

2013-02-15 14:57:38 -------- d-----w- C:\Users\McDos\AppData\Local\Autodesk

2013-02-15 14:55:09 -------- d-----w- C:\Users\McDos\AppData\Local\backburner

2013-02-15 14:42:08 9161176 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9896DB58-1E9C-4E05-9DCC-BA1F3B9AC38B}\mpengine.dll

2013-02-14 10:04:11 -------- d-----w- C:\Users\McDos\AppData\Local\{BE33C8F2-90DA-44B3-AACF-61302F59D330}

2013-02-14 01:08:37 996352 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll

2013-02-14 01:08:37 768000 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll

2013-02-14 00:21:46 5553512 ----a-w- C:\Windows\System32\ntoskrnl.exe

2013-02-14 00:21:44 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2013-02-14 00:21:44 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2013-02-14 00:21:35 3153408 ----a-w- C:\Windows\System32\win32k.sys

2013-02-14 00:21:33 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2013-02-14 00:21:33 215040 ----a-w- C:\Windows\System32\winsrv.dll

2013-02-14 00:21:33 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2013-02-14 00:21:32 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2013-02-14 00:21:32 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2013-02-14 00:21:32 2048 ----a-w- C:\Windows\SysWow64\user.exe

2013-02-14 00:21:25 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS

2013-02-14 00:21:25 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2013-02-13 15:58:14 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-02-13 15:58:14 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-02-13 15:56:02 -------- d-----w- C:\Users\McDos\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant

2013-02-13 15:46:44 -------- d-----w- C:\Program Files (x86)\Adobe Download Assistant

2013-02-13 15:43:05 -------- d-----w- C:\Users\McDos\AppData\Local\{DB1FD5E3-BDBF-4884-A0DA-CCE77F155243}

2013-02-13 14:10:49 9161176 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2013-02-12 22:00:42 -------- d-----w- C:\Users\McDos\AppData\Local\{8C0B7E7C-1B8A-48CF-833E-25F38ED2E306}

2013-02-11 14:01:06 -------- d-----w- C:\Users\McDos\AppData\Roaming\.minecraft

2013-02-11 13:56:53 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2013-02-11 13:32:41 -------- d-----w- C:\Users\McDos\AppData\Roaming\BlackBean

2013-02-11 12:28:31 -------- d-----w- C:\Users\McDos\AppData\Local\{76ABD2BD-B70D-41D0-82A2-627C9C18DF1E}

2013-02-10 00:51:02 -------- d-----w- C:\Users\McDos\AppData\Local\{0F114ABE-AD15-4084-AE49-4F1954F71BA9}

2013-02-09 18:35:37 -------- d-----w- C:\Users\McDos\AppData\Local\Green Man Gaming

2013-02-09 12:33:51 -------- d-----w- C:\Users\McDos\AppData\Local\{C38784D2-3A26-4370-8028-D79E7C37D727}

2013-02-07 22:49:31 -------- d-----w- C:\Users\McDos\AppData\Local\{88524854-8220-445E-8D77-8543CE357118}

2013-02-07 13:05:56 -------- d-----w- C:\Users\McDos\AppData\Local\{3175A617-D512-4A87-AC54-A759084F3DAE}

2013-02-06 15:30:35 -------- d-----w- C:\Users\McDos\AppData\Local\{E3F38BF3-4716-436D-8F4F-E1AE2D9D9FC7}

2013-02-06 13:34:29 -------- d-----w- C:\Users\McDos\AppData\Local\{FA7CFF0C-369B-4711-A6CD-7774EC637654}

2013-02-06 12:26:24 108448 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll

2013-02-05 18:06:55 -------- d-----w- C:\Users\McDos\AppData\Local\{799D16F1-1BCE-4EFD-8980-8383B5AFFE93}

2013-02-04 14:30:26 -------- d-----w- C:\Users\McDos\AppData\Local\{C6DA0895-9E64-4E85-8F37-AEE9B3B7B820}

2013-02-03 14:37:56 -------- d-----w- C:\Users\McDos\AppData\Local\{D3CD0F8C-8F47-4141-851E-4FFB8BCEA2FE}

2013-02-01 16:15:55 -------- d-----w- C:\Users\McDos\AppData\Roaming\Malwarebytes

2013-02-01 16:15:14 -------- d-----w- C:\ProgramData\Malwarebytes

2013-02-01 16:14:59 -------- d-----w- C:\Users\McDos\AppData\Local\Programs

2013-02-01 08:38:48 -------- d-----w- C:\Program Files\Common Files\Macrovision Shared

2013-01-30 21:55:29 -------- d-----w- C:\Users\McDos\AppData\Local\{F747D08C-D86C-4F3C-808C-5CBCF9C69D02}

2013-01-30 15:03:25 -------- d-----w- C:\Users\McDos\AppData\Local\{5C5A1662-ED91-40CA-B0E1-F20EEA6062D7}

2013-01-29 13:50:10 -------- d-----w- C:\Users\McDos\AppData\Local\{3EB20C87-E99B-401A-A1CA-98009913F757}

2013-01-28 12:48:08 -------- d-----w- C:\Users\McDos\AppData\Local\{31BC587D-BFC1-4376-A13C-814CD635C215}

2013-01-26 17:40:24 -------- d-----w- C:\Users\McDos\AppData\Local\{180ED5A0-F463-41B0-B9F3-E31F23C09973}

2013-01-25 12:24:50 -------- d-----w- C:\Users\McDos\AppData\Local\{7FB777CB-57A4-4865-B778-2D62295D26B7}

2013-01-24 10:10:11 -------- d-----w- C:\Users\McDos\AppData\Local\{CE28031B-21FB-43D3-BF2A-D84D5A40D7B4}

2013-01-23 12:33:23 -------- d-----w- C:\Users\McDos\AppData\Local\{D660AA8D-BE91-4220-9F4A-A0F76C3BD004}

2013-01-22 12:07:32 -------- d-----w- C:\Users\McDos\AppData\Local\{FF610585-A544-4545-89EB-E6D50325E074}

2013-01-21 11:50:24 -------- d-----w- C:\Users\McDos\AppData\Local\{4A81DFB9-E522-4940-BAEB-8A510CEE0C65}

2013-01-20 11:58:07 -------- d-----w- C:\Users\McDos\AppData\Local\{A5C9EF33-31D1-4E09-ADB7-56AF596A83E5}

2013-01-19 12:39:00 -------- d-----w- C:\Users\McDos\AppData\Local\{E7722CD4-5CC9-458F-872F-4074970DEC10}

2013-01-17 20:03:44 -------- d-----w- C:\Program Files (x86)\Pando Networks

2013-01-17 18:01:00 -------- d-----w- C:\Users\McDos\AppData\Local\{41BAA6A0-5693-4F59-BA61-1869DA656E8B}

2013-01-16 15:12:03 -------- d-----w- C:\ProgramData\3fa603c2-68ea-4c9d-8934-c6835142108f

.

==================== Find3M ====================

.

2013-02-11 13:56:40 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2013-02-11 13:56:40 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2013-02-09 20:42:57 74096 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-02-09 20:42:57 697712 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-02-06 12:26:18 963488 ----a-w- C:\Windows\System32\deployJava1.dll

2013-02-06 12:26:18 1085344 ----a-w- C:\Windows\System32\npDeployJava1.dll

2013-01-30 10:53:22 273840 ------w- C:\Windows\System32\MpSigStub.exe

2013-01-09 01:19:09 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2013-01-09 01:12:03 1392128 ----a-w- C:\Windows\System32\wininet.dll

2013-01-09 01:11:06 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2013-01-09 01:07:51 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2013-01-09 01:07:47 599040 ----a-w- C:\Windows\System32\vbscript.dll

2013-01-09 01:04:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2013-01-08 22:11:21 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-01-08 22:03:20 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-01-08 22:03:12 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2013-01-08 21:59:02 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2013-01-08 21:58:29 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2013-01-08 21:56:23 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-01-04 04:43:21 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll

2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll

2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll

2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll

2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll

2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll

2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll

2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll

2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs

2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs

2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs

2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs

2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs

2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs

2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs

2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs

2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs

2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs

2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs

2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs

2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs

2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs

2012-12-03 15:47:14 983936 ----a-w- C:\Windows\System32\nvumdshimx.dll

2012-12-01 05:49:26 3663213 ----a-w- C:\Windows\System32\nvcoproc.bin

2012-12-01 05:49:25 63336 ----a-w- C:\Windows\System32\nvshext.dll

2012-12-01 05:49:25 118120 ----a-w- C:\Windows\System32\nvmctray.dll

2012-12-01 05:49:24 890216 ----a-w- C:\Windows\System32\nvvsvc.exe

2012-12-01 05:48:41 6223208 ----a-w- C:\Windows\System32\nvcpl.dll

2012-12-01 05:48:37 3311464 ----a-w- C:\Windows\System32\nvsvc64.dll

2012-11-30 21:43:52 438632 ----a-w- C:\Windows\SysWow64\nvStreaming.exe

2012-11-30 05:45:35 362496 ----a-w- C:\Windows\System32\wow64win.dll

2012-11-30 05:45:35 243200 ----a-w- C:\Windows\System32\wow64.dll

2012-11-30 05:45:35 13312 ----a-w- C:\Windows\System32\wow64cpu.dll

2012-11-30 05:43:12 16384 ----a-w- C:\Windows\System32\ntvdm64.dll

2012-11-30 05:41:07 424448 ----a-w- C:\Windows\System32\KernelBase.dll

2012-11-30 04:53:59 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll

2012-11-30 03:23:48 338432 ----a-w- C:\Windows\System32\conhost.exe

2012-11-30 02:38:59 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2012-11-30 02:38:59 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2012-11-30 02:38:59 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2012-11-30 02:38:59 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

2012-11-23 03:13:57 68608 ----a-w- C:\Windows\System32\taskhost.exe

2012-11-22 05:44:23 800768 ----a-w- C:\Windows\System32\usp10.dll

2012-11-22 04:45:03 626688 ----a-w- C:\Windows\SysWow64\usp10.dll

2012-11-20 05:48:49 307200 ----a-w- C:\Windows\System32\ncrypt.dll

2012-11-20 04:51:09 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll

2012-11-17 17:28:36 466456 ----a-w- C:\Windows\System32\wrap_oal.dll

2012-11-17 17:28:36 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll

2012-11-17 17:28:36 122904 ----a-w- C:\Windows\System32\OpenAL32.dll

2012-11-17 17:28:36 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll

.

============= FINISH: 16:01:15,71 ===============</orphaned></orphaned></orphaned></orphaned></orphaned></orphaned></orphaned>

attach.txt

dds.txt

Maurice Naggar · February 15, 2013

Hello Danaiden,

Before we get going, please advise as to why this system appears to have 2 or more antivirus programs ?

We must trim it down to only 1 real-time monitor antivirus.

This shows MS Security Essentials, plus 1 or two versions of AVG.

Decide on 1 to keep and Uninstall any others. And let me know what you have decided on.

Having more than 1 antivirus monitoring a system will lead to deadlocks & or conflicts and result in less protection, not more.

Danaiden · February 15, 2013

Thanks for your fast response, i decided remove AVG from my computer, and keep MS Security Essentials. Do you need a new DDS scan now?

Maurice Naggar · February 15, 2013

Since most all antivirus do not fully remove themselves, See this topic http://forums.malwar...?showtopic=7368

Get and run the AVG removal tool.

Reminder: If you have PRO MBAM license, you may contact the Consumer Help Desk for free expert help here.

If you are in an organization or a corporate customer, contact Corporate Support for assistance.

If you elect to do that, let me know.

General pointers on website blocking:

See this forum articles about website blocking of malicious sites.

http://helpdesk.malwarebytes.org/entries/22785462-What-does-it-mean-when-I-get-an-IP-alert-about-blocking-a-malicious-site-

Also see and review section G of the FAQ article on MBAM

http://forums.malwarebytes.org/index.php?act=findpost&pid=162100

So that you have an understaing of the basics.

Are the blocks noted as Outgoing?

Do you use any instant messenger programs? if so, which?

You should not be using any peer-to-peer filesharing apps as those are one avenue to facilitate malware.

Close all IM programs, remove any peer-to-peer apps. Close all browsers. There whould not be any IP blocks during that period .....barring an "onboard bad-guy" trying to go "out".

Do a quick scan with MBAM and provide copy of log.

Danaiden · February 15, 2013

Yes the blocks are noted as outgoing, i've pasted the last 5 lines of the last log file underneath. As for im programs... Maybe skype counts, but other than that i use none. I should add that i even get the popups when skype's not working (i have it set to not start together with windows). As for P2P sharing things, i know League of Legends and WoW use it to let you update faster, but it can be disabled if necessary.

2013/02/15 19:01:42 +0100 JASPER McDos IP-BLOCK 88.80.7.57 (Type: outgoing, Port: 49567, Process: chrome.exe)

2013/02/15 19:01:42 +0100 JASPER McDos IP-BLOCK 88.80.7.57 (Type: outgoing, Port: 49568, Process: chrome.exe)

2013/02/15 19:01:42 +0100 JASPER McDos IP-BLOCK 88.80.7.57 (Type: outgoing, Port: 49569, Process: chrome.exe)

2013/02/15 19:01:42 +0100 JASPER McDos IP-BLOCK 88.80.7.57 (Type: outgoing, Port: 49570, Process: chrome.exe)

2013/02/15 19:01:42 +0100 JASPER McDos IP-BLOCK 88.80.7.57 (Type: outgoing, Port: 49571, Process: chrome.exe)

2013/02/15 19:01:42 +0100 JASPER McDos IP-BLOCK 88.80.7.57 (Type: outgoing, Port: 49572, Process: chrome.exe)

Danaiden · February 15, 2013

I'm sorry for the second reply, i forgot about the last part in bold. Yes it's true i don't have any IP blocks when i'm not browsing/using skype or any other programme requiring internet. Also i'm not running a pro version.

Here are the results of the quick scan,

Malwarebytes Anti-Malware (Trial) 1.70.0.1100

www.malwarebytes.org

Database version: v2013.02.15.07

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

McDos :: JASPER [administrator]

Protection: Enabled

15-2-2013 19:52:26

mbam-log-2013-02-15 (19-52-26).txt

Scan type: Quick scan

Scan options disabled:

Objects scanned: 272559

Time elapsed: 5 minute(s), 26 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Maurice Naggar · February 15, 2013

Start Chrome and then .....

Press & hold SHIFT+CTRL+Del keys to get menu for clearing browing data:

Check Empty the cache

Delete cookies and other site and plug-in data

and press Clear browsing data button

Still in Chrome, press ALT+F then Settings

Click Extensions on the left.

Closely review the browser extensions that are listed. Disable any that you are not familiar with or that you do not trust.

Now, Close / exit Chrome so that no Chrome windows are left open.

For the next 30 minutes or so, do you get any "outbound" IP blocks ?

Please download Junkware Removal Tool to your Desktop.

Please close your security software to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click JRT.exe and select Run as administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete, depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
Please post the contents of JRT.txt into your reply. And tell me, How is the system now?
Re-enable your security software.

Download & SAVE to your Desktop >> Tigzy's RogueKillerfrom here << or
>> from here <<
Quit all programs that you may have started.
Please disconnect any USB or external drives from the computer before you run this scan!
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
For Windows XP, double-click to start.
Wait until Prescan has finished ...
Then Click on Scan button at upper right of screen.
Wait until the Status box shows "Scan Finished"
Click on Report and copy/paste the content of the Notepad into your next reply.
The log should be found in RKreport[1].txt on your Desktop
Do NOT press any Fix button.
Exit/Close RogueKiller

Danaiden · February 15, 2013

I did not receive any popups during the 30 minutes chrome was shutdown. The contents of both the scans are underneath here. I didn't have a clue how to shutdown MS Security Essentials, if it did cause a conflict, please let me know.

JRT

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 4.6.3 (02.12.2013:1)

OS: Windows 7 Home Premium x64

Ran by McDos on vr 15-02-2013 at 20:59:07,37

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{87775fdb-6972-41f9-ae51-8326e38cb206}

Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\urlsearchhooks\\{87775fdb-6972-41f9-ae51-8326e38cb206}

Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\urlsearchhooks\\{ba14329e-9550-4989-b3f2-9732e92d17cc}

~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_current_user\software\conduit

Successfully deleted: [Registry Key] hkey_local_machine\software\conduit

Successfully deleted: [Registry Key] hkey_current_user\software\cr_installer

Successfully deleted: [Registry Key] hkey_current_user\software\softonic

Successfully deleted: [Registry Key] hkey_current_user\software\startsearch

Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\pricegong

Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\smartbar

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\bho.dll

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\conduit.engine

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\prod.cap

Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\babylon_rasapi32

Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\babylon_rasmancs

Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\Toolbar.CT2504091

Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\Toolbar.CT2865317

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"

Successfully deleted: [Folder] "C:\Users\McDos\AppData\Roaming\dvdvideosoftiehelpers"

Successfully deleted: [Folder] "C:\Users\McDos\appdata\local\conduit"

Successfully deleted: [Folder] "C:\Users\McDos\appdata\locallow\conduit"

Successfully deleted: [Folder] "C:\Users\McDos\appdata\locallow\pricegong"

Successfully deleted: [Folder] "C:\Program Files (x86)\babylon"

~~~ Chrome

Successfully deleted: [Registry Key] hkey_local_machine\software\google\chrome\extensions\dhkplhfnhceodhffomolpfigojocbpcb

Successfully deleted: [Registry Key] hkey_current_user\software\google\chrome\extensions\ojpijjmpahflnipadmlpgbjmagmjchkk

Successfully deleted: [Registry Key] hkey_local_machine\software\google\chrome\extensions\ojpijjmpahflnipadmlpgbjmagmjchkk

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on vr 15-02-2013 at 21:04:50,07

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

RogueKiller

RogueKiller V8.5.1 [Feb 12 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : McDos [Admin rights]

Mode : Scan -- Date : 02/15/2013 21:09:55

| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 5 ¤¤¤

[RUN][PREVRUN] HKLM\[...]\Run : Cm106Sound (C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cm106.dll,CMICtrlWnd) [7] -> FOUND

[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND

[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

[Tr.Karagany][FOLDER] plugs : C:\Users\McDos\AppData\Roaming\Adobe\plugs --> FOUND

[Tr.Karagany][FOLDER] shed : C:\Users\McDos\AppData\Roaming\Adobe\shed --> FOUND

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD10EARS-00Z5B1 ATA Device +++++

--- User ---

[MBR] a94d4258123ce89ae66ce37ba6a1a59a

[bSP] e3f99f0f1d0a50c4d0ea723c9a6728ac : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 76799 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 157491200 | Size: 876967 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[2]_S_02152013_02d2109.txt >>

RKreport[1]_S_02152013_02d2108.txt ; RKreport[2]_S_02152013_02d2109.txt

Maurice Naggar · February 15, 2013

hopefully these items removed by Junkware Removal tool did "the benefical" fix for your Chrome.

~~~ Chrome
Successfully deleted: [Registry Key] hkey_local_machine\software\google\chrome\extensions\dhkplhfnhceodhffomolpfigojocbpcb
Successfully deleted: [Registry Key] hkey_current_user\software\google\chrome\extensions\ojpijjmpahflnipadmlpgbjmagmjchkk
Successfully deleted: [Registry Key] hkey_local_machine\software\google\chrome\extensions\ojpijjmpahflnipadmlpgbjmagmjchkk

Disable your anti-virus program, How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
Please disconnect any USB or external drives from the computer before you run this scan!
Right-Click RogueKiller and select Run as Administrator.
Wait until Prescan finishes.
On the RogueKiller console, click the Registry tab.
Put a check next to -these- and uncheck the rest: (if found)
[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[Tr.Karagany][FOLDER] plugs : C:\Users\McDos\AppData\Roaming\Adobe\plugs --> FOUND
[Tr.Karagany][FOLDER] shed : C:\Users\McDos\AppData\Roaming\Adobe\shed --> FOUND
Then click on Delete on the right hand column under Options.
When done, logoff & Restart the system.
The log will be found as RKreport
Copy & Paste the contents into next reply.

Step 2

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Please download Rkill by Grinler and save it to your desktop.

Link 2
Link 3
Link 4
Double-click on the Rkill desktop icon to run the tool.
If using Vista or Windows 7, right-click on it and Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
If the tool does not run from any of the links provided, please let me know.
If your antivirus program gives a prompt message, respond positive to allow RKILL to run.
If a malware-rogue gives a message regarding RKILL, proceed forward to running RKILL

IF you still have a problem running RKILL, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.

When all done, rkill.txt log file will be on your desktop. Copy & Paste contents of Rkill.txt into a reply.

More Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html

Step 3

Save and close any work documents, close any apps that you started.

Temporarily turn off (disable) your antivirus program

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Start your MBAM MalwareBytes' Anti-Malware.

Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.

Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.

If you have the PRO license, then do this too: Click the Protection tab. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

If prompted for a Restart, do that.

When done, click the Scanner tab.

Do a Full Scan.

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

When all done, Copy & paste the MBAM scan log into a new reply.

Step 3

Download Dr.Web CureIt to the desktop.

The download is nearly 104.6 MB in size

Turn OFF your antivirus program.
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
Turn off any other add-on security app {if you have them} like MBAM File System Protection.
If this system is Windows 8/7 or VISTA, then Right-click on drweb-cureit.exe and select Run as Administrator.
Otherwise, on Windows XP, doubleclick on drweb-cureit.exe file to start the tool.
You will see a screen similar to this:

Click the checkbox to participate, and then click on Continue button.
Next

Click on Select onjects for scanning
Next

Put a checkmark by clicking on the boxes as shown.
Do not select Temporary files or System Restore points.
Then click on Start scanning button
The scan in progress will be shown like this
IF something is detected, you will see a screen similar to this

For each item "detected", click on the Action column down arrow, like this

Your options will be Cure or Ignore
IF you see an item that you are very sure is ok, then un-check the checkbox for that item.
Typically, you will keep the Cute default.
Then click on the Neutralize button.
When the actions are completed, you will see this
Click on the green Open Report line. It will pop-up the report in NOTEPAD.
Save the report to your desktop. The report will be called Cureit.log
While in NOTEPAD, do a CTRL+A to Copy all to clipboard.
You should be able to get back to your forum topic, start a new reply,
click 1 time in the box
and do a CTRL+V (Paste}
into reply.
Close Dr.Web Cureit.
Reboot your computer to allow files that were in use to be moved/deleted during reboot.
After reboot, post the contents of the log from Cureit.log you saved previously in your next reply.
ONLY if the log is too large, then you may "attach" it.

Re-Enable your antivirus program when all done.

Tell me, How is the system ?

Danaiden · February 16, 2013

Down below are the reports the scans produced. Sadly i made a mistake with the Dr. Web, and didn't save the report. It did remove 4 files from my pc.

MBAM

Malwarebytes Anti-Malware 1.70.0.1100

www.malwarebytes.org

Database version: v2013.02.16.01

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

McDos :: JASPER [administrator]

16-2-2013 2:52:05

mbam-log-2013-02-16 (02-52-05).txt

Scan type: Full scan (C:\|D:\|)

Scan options disabled:

Objects scanned: 665007

Time elapsed: 1 hour(s), 15 minute(s), 11 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

rkill

Rkill 2.4.7 by Lawrence Abrams (Grinler)

http://www.bleepingcomputer.com/

More Information about Rkill can be found at this link:

http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 02/16/2013 02:50:33 AM in x64 mode.

Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 02/16/2013 02:51:11 AM

Execution time: 0 hours(s), 0 minute(s), and 37 seconds(s)

roguekiller

RogueKiller V8.5.1 [Feb 12 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : McDos [Admin rights]

Mode : Remove -- Date : 02/16/2013 02:40:07

| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 5 ¤¤¤

[RUN][PREVRUN] HKLM\[...]\Run : Cm106Sound (C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cm106.dll,CMICtrlWnd) [7] -> NOT SELECTED

[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED

[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NOT SELECTED

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NOT SELECTED

¤¤¤ Particular Files / Folders: ¤¤¤

[Tr.Karagany][FOLDER] ROOT : C:\Users\McDos\AppData\Roaming\Adobe\plugs --> REMOVED

[Tr.Karagany][FOLDER] ROOT : C:\Users\McDos\AppData\Roaming\Adobe\shed --> REMOVED

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD10EARS-00Z5B1 ATA Device +++++

--- User ---

[MBR] a94d4258123ce89ae66ce37ba6a1a59a

[bSP] e3f99f0f1d0a50c4d0ea723c9a6728ac : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 76799 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 157491200 | Size: 876967 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[4]_D_02162013_02d0240.txt >>

RKreport[2]_S_02152013_02d2109.txt ; RKreport[3]_S_02162013_02d0237.txt ; RKreport[4]_D_02162013_02d0240.txt

Maurice Naggar · February 16, 2013

You will want to print out or copy these instructions to Notepad for offline reference!

These steps are for member Danaiden only. If you are a casual viewer, do NOT try this on your system!

If you are not Danaiden and have a similar problem, do NOT post here; start your own topic

Do not run or start any other programs while these utilities and tools are in use!

Do NOT run any other tools on your own or do any fixes other than what is listed here.

If you have questions, please ask before you do something on your own.

But it is important that you get going on these following steps.

=

Close any of your open programs while you run these tools.

On most all of the following programs and tools, you will need to do a right-click on the program link or shortcut or desktop icon (as appropriate) and then select "Run as Administrator". Please remember that as you go along and use these tools, each in turn.

Close all open browsers at this point.

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Start Internet Explorer

Using Internet Explorer browser only, go to BitDefender Quickscan website:

http://quickscan.bitdefender.com

and click "Start Scan".

Observe your browser in case it shows a notice/message bar to allow download and installation of a tool.

Allow the download and install of qsax.cab from BitDefender. Right-click the IE info bar and select Install to install the BitDefender quick scan module.

If prompted, reply yes to allow it to run.

Press the Allow button and follow prompts.

Press the "Start Scan" once more.

You'll see the EULA in a pop-up window. Click the I accept & then the OK button

Note: The FAQ is here --> http://quickscan.bitdefender.com/faq/

and that QuickScan has no removal capability.

The site boasts a 60-second scan. Do have patience as it likely will take longer.

It may seem to stall at moments, but have patience; it will move on.

You'll see a progress bar at top right of window.

Hopefully you will see a No infections found in the bar-winddow. Press the View Log button.

The log report will show in your text editor. Save the log.

Do a Select ALL, Copy. Then paste contents into your next reply.

Step 2

If you have a prior copy of Combofix, delete it now

Download Combofix from any of the links below, and SAVE it to your Desktop.

Link 1

Link 2

**Note: It is important that it is saved directly to your Desktop and not run straight away from download **

Turn OFF your antivirus, otherwise it will interfere. How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Have infinite patience during the run & scan by Combofix. It has many phases: some 50+ stages

It will display it's "stage" within the Command prompt window. Do NOT panic if it seems slow to change ! It has lots of work.

You may notice the desktop icons disappear. Do NOT panic, as that is expected behavior.

Combofix my take as little as 10 minutes and perhaps as much as 30-40 minutes. Time taken will depend on speed of your system and how much there is to scan & how much it needs to clean.

If this is on a notebook system, make sure first the notebook is connected to wall-power (AC power)or a UPS system

Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

Right- click on Combo-Fix.exe on your Desktop and select "Run as Administrator".

A window may open with a warning or prompts. Accept the EULA and follow the prompts during the start phase of Combofix.
When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.

A caution - Do not run Combofix more than once.

Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.

If this occurs, please reboot to restore the desktop.

A file will be created at => C:\Combofix.txt.

Notes:

[1] IF after Combofix reboot you get the message

Illegal operation attempted on registry key that has been marked for deletion

....please reboot the computer, this should resolve the problem. You may have reboot the pc a second time if needed.

[2] Do not mouseclick combofix's window nor run any program while Combofix is running.

That may cause it to stall.

[3]When all done, IF Combofix did not do a Restart...then ... I need for you to Restart the system fresh :excl:

Reply & Copy & Paste contents of the C:\Combofix.txt log and tell me, How is the system now ?

Re-enable your antivirus program.

Danaiden · February 16, 2013

Underneath i pasted the bitdefender and the combofix logs. As for my system, i haven't had any popups yet, so at least something's fixed. I just noticed combofix is partially in dutch, if you need any help translating, ask me.

Bitdefender

QuickScan 32-bit v0.9.9.118

---------------------------

Scan date: Sat Feb 16 16:50:33 2013

Machine ID: 7430CFE3

No infection found.

-------------------

Processes

---------

(unsigned) FABS - file change and backup server 1956 C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe

(unsigned) Gaming Mouse Driver 3856 C:\Program Files (x86)\Trust Gaming Mouse\Mouse.exe

(verified) Adobe Acrobat Update Service 1404 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

(verified) Adobe Photoshop Elements 1832 C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe

(verified) Besturingssysteem Microsoft® Windows® 3484 C:\Windows\SysWOW64\rundll32.exe

(verified) Bonjour 512 C:\Program Files (x86)\Bonjour\mDNSResponder.exe

(verified) Hamachi Client 3416 C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe

(verified) Intel® Active Management Technology L 1280 C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(verified) Intel® Management & Security Applicat 4968 C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

(verified) Java Platform SE Auto Updater 2 0 3360 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(verified) Malwarebytes Anti-Malware 2164 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

(verified) Malwarebytes Anti-Malware 1596 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

(verified) Malwarebytes Anti-Malware 2052 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

(verified) Microsoft® .NET Framework 4680 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

(verified) PnkBstrA.exe 2228 C:\Windows\SysWOW64\PnkBstrA.exe

(verified) Ralink RalinkRegistryWriter 2300 C:\Program Files (x86)\Conceptronic\Common\RaRegistry.exe

(verified) Stereo Vision Control Panel API Server 908 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

(verified) Virtual CloneDrive 3756 C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

(verified) Windows® Internet Explorer 1344 C:\Program Files (x86)\Internet Explorer\iexplore.exe

(verified) Windows® Internet Explorer 1704 C:\Program Files (x86)\Internet Explorer\iexplore.exe

Network activity

----------------

Process iexplore.exe (1344) connected on port 80 (HTTP) --> 173.194.67.102

Process iexplore.exe (1344) connected on port 80 (HTTP) --> 2.18.191.139

Process iexplore.exe (1344) connected on port 80 (HTTP) --> 37.59.67.149

Process iexplore.exe (1344) connected on port 80 (HTTP) --> 66.235.142.58

Process iexplore.exe (1344) connected on port 80 (HTTP) --> 77.67.28.43

Process iexplore.exe (1344) connected on port 80 (HTTP) --> 95.172.94.16

Process LMS.exe (1280) listens on ports: 623, 16992

Autoruns and critical files

---------------------------

(unsigned) Axialis Screen Saver Producer C:\Windows\System32\HouseOfNightScreensaver.scr

(unsigned) Gaming Mouse Driver C:\Program Files (x86)\Trust Gaming Mouse\Mouse.exe

(unsigned) QuickTime C:\Program Files (x86)\QuickTime\QTTask.exe

(verified) Adobe CS5 Service Manager C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe

(verified) Adobe Reader and Acrobat Manager C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

(verified) Adobe® Flash® Player Update Service C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

(verified) Apple Push C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe

(verified) Besturingssysteem Microsoft® Windows® C:\Windows\system32\userinit.exe

(verified) Google Update C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

(verified) Hamachi Client C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe

(verified) Java Platform SE Auto Updater 2 0 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(verified) Microsoft Office 2010 C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe

(verified) Microsoft Office 2010 C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

(verified) SBSV 2010/02/19-11:02:07 C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

(verified) Virtual CloneDrive C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

Browser plugins

---------------

(unsigned) Cooliris for Internet Explorer c:\program files (x86)\piclensie\cooliris.dll

(unsigned) NVIDIA 3D Vision C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

(unsigned) NVIDIA 3D VISION C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

(unsigned) QuickTime Plug-in 7.7.3 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin.dll

(unsigned) QuickTime Plug-in 7.7.3 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin2.dll

(unsigned) QuickTime Plug-in 7.7.3 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin3.dll

(unsigned) QuickTime Plug-in 7.7.3 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin4.dll

(unsigned) QuickTime Plug-in 7.7.3 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin5.dll

(unsigned) QuickTime Plug-in 7.7.3 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin6.dll

(unsigned) QuickTime Plug-in 7.7.3 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin7.dll

(verified) AcroIEHelperShim Library c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll

(verified) Adobe Acrobat C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

(verified) Adobe Acrobat C:\Program Files (x86)\Internet Explorer\plugins\nppdf32.dll

(verified) Besturingssysteem Microsoft® Windows® C:\Windows\system32\mswsock.dll

(verified) Besturingssysteem Microsoft® Windows® C:\Windows\system32\napinsp.dll

(verified) Besturingssysteem Microsoft® Windows® C:\Windows\system32\pnrpnsp.dll

(verified) Bitdefender QuickScan C:\Windows\Downloaded Program Files\qsax.dll

(verified) Bitdefender QuickScan C:\Windows\Downloaded Program Files\qsax64.dll

(verified) Bonjour C:\Program Files (x86)\Bonjour\mdnsNSP.dll

(verified) Bonjour C:\Program Files\Bonjour\mdnsNSP.dll

(verified) Google Update C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll

(verified) Java Deployment Toolkit 7.0.130.20 C:\Windows\SysWOW64\npDeployJava1.dll

(verified) Java Platform SE 7 U13 C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

(verified) Java Platform SE 7 U13 C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

(verified) Java Platform SE 7 U13 C:\Program Files (x86)\Java\jre7\bin\ssv.dll

(verified) Microsoft Office 2010 C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

(verified) Microsoft Office 2010 C:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL

(verified) Microsoft Office 2010 C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL

(verified) Microsoft Office 2010 c:\program files (x86)\microsoft office\office14\urlredir.dll

(verified) Microsoft® CoReXT c:\program files (x86)\common files\microsoft shared\windows live\windowslivelogin.dll

(verified) Microsoft® CoReXT C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

(verified) Microsoft® CoReXT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

(verified) Microsoft® Windows® Operating System C:\Windows\system32\NLAapi.dll

(verified) Microsoft® Windows® Operating System C:\Windows\System32\winrnr.dll

(verified) NPSWF32_11_5_502_149.dll C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll

(verified) Shockwave for Director C:\Windows\system32\Adobe\Director\np32dsw.dll

(verified) Silverlight Plug-In C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll

(verified) Skype Toolbars c:\program files (x86)\skype\toolbars\internet explorer\skypeieplugin.dll

(verified) SnagIt c:\program files (x86)\techsmith\snagit 8\snagitbho.dll

(verified) SnagIt c:\program files (x86)\techsmith\snagit 8\snagitieaddin.dll

(verified) Unity Player C:\Users\McDos\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

(verified) Uplay PC C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll

(verified) Windows Live Photo Gallery C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

(verified) Windows® Internet Explorer c:\windows\syswow64\ieframe.dll

Missing files

-------------

File not found: C:\Windows\system32\Macromed\Flash\FlashUtil64_11_5_502_149_ActiveX.exe -update activex

--> HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\"FlashPlayerUpdate"

Scan

----

MD5: 1355ebe184f9dab1718bc587f8a7e05e C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe

MD5: fff1130f7c9fa01d093a1edfc5cce8fc C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe

MD5: 9fca15cc38f2e2c6f5e722ed0e1a9e7a C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin.dll

MD5: 9fca15cc38f2e2c6f5e722ed0e1a9e7a C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin2.dll

MD5: 9fca15cc38f2e2c6f5e722ed0e1a9e7a C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin3.dll

MD5: 9fca15cc38f2e2c6f5e722ed0e1a9e7a C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin4.dll

MD5: 9fca15cc38f2e2c6f5e722ed0e1a9e7a C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin5.dll

MD5: 9fca15cc38f2e2c6f5e722ed0e1a9e7a C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin6.dll

MD5: 9fca15cc38f2e2c6f5e722ed0e1a9e7a C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin7.dll

MD5: 38466120732c4c35206561da0ad5e2eb C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

MD5: ec97912ec59bf86050e48b4054cd906e C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

MD5: 98e58a72bdef7584201ace3b2906e879 c:\program files (x86)\piclensie\cooliris.dll

MD5: 8dda2b606279753601f9415da503ca63 C:\Program Files (x86)\QuickTime\QTTask.exe

MD5: aaef87641f5b8d07cd4b919886e38780 C:\Program Files (x86)\Trust Gaming Mouse\Mouse.exe

MD5: 5531bada5736f1c34d1a9f30022ac1af C:\Windows\System32\HouseOfNightScreensaver.scr

MD5: 3f636d6791048df1d16b5fdf3af496e4 C:\Windows\Syswow64\cm106.dll

MD5: 5350aef38ca2d8885f47d4455e7ef4ee D:\Mijn Documenten\Games\HiPatchService.exe

No file uploaded.

Scan finished - communication took 0 sec

Total traffic - 0.00 MB sent, 0.08 KB recvd

Scanned 359 files and modules - 4 seconds

==============================================================================

Combofix

ComboFix 13-02-15.01 - McDos 16-02-2013 16:56:25.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3957.2364 [GMT 1:00]

Gestart vanuit: c:\users\McDos\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}

SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\programdata\b3d0e153-181e-4993-8f87-8d487b52110a

c:\programdata\Windows

c:\users\McDos\AppData\Roaming\terraria2.exe

c:\users\McDos\ia_remove.sh4514.tmp

c:\windows\IsUn0413.exe

c:\windows\SysWow64\URTTemp

c:\windows\SysWow64\URTTemp\regtlib.exe

.

(((((((((((((((((((( Bestanden Gemaakt van 2013-01-16 to 2013-02-16 ))))))))))))))))))))))))))))))

.

2013-02-16 16:02 . 2013-02-16 16:02 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2013-02-16 16:02 . 2013-02-16 16:02 -------- d-----w- c:\users\UpdatusUser.JASPER\AppData\Local\temp

2013-02-16 16:02 . 2013-02-16 16:02 -------- d-----w- c:\users\hedev\AppData\Local\temp

2013-02-16 16:02 . 2013-02-16 16:02 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-02-16 15:46 . 2013-02-16 15:50 -------- d-----w- c:\users\McDos\AppData\Roaming\QuickScan

2013-02-16 15:28 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{214EB23E-ECC9-4539-A2CA-0B78BF865E56}\mpengine.dll

2013-02-16 15:23 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2013-02-16 13:12 . 2013-02-16 14:48 -------- d-----w- c:\users\McDos\Doctor Web

2013-02-15 22:02 . 2013-02-15 22:03 -------- d-----w- c:\windows\rescache

2013-02-15 19:59 . 2013-02-15 19:59 -------- d-----w- c:\windows\ERUNT

2013-02-15 19:57 . 2013-02-15 19:58 -------- d-----w- C:\JRT

2013-02-15 19:19 . 2013-02-15 19:19 -------- d-----w- c:\windows\symbols

2013-02-15 19:17 . 2013-02-15 19:17 -------- d-----w- c:\programdata\VS

2013-02-15 19:07 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll

2013-02-15 19:07 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll

2013-02-15 19:07 . 2012-08-24 18:13 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2013-02-15 19:07 . 2012-08-24 18:09 458712 ----a-w- c:\windows\system32\drivers\cng.sys

2013-02-15 19:07 . 2012-08-24 18:05 340992 ----a-w- c:\windows\system32\schannel.dll

2013-02-15 19:07 . 2012-08-24 18:03 1448448 ----a-w- c:\windows\system32\lsasrv.dll

2013-02-15 19:07 . 2012-08-24 16:57 247808 ----a-w- c:\windows\SysWow64\schannel.dll

2013-02-15 19:07 . 2012-08-24 16:57 22016 ----a-w- c:\windows\SysWow64\secur32.dll

2013-02-15 19:07 . 2012-08-24 16:53 96768 ----a-w- c:\windows\SysWow64\sspicli.dll

2013-02-15 18:33 . 2013-02-15 18:33 -------- d-----w- c:\users\McDos\AppData\Local\Avg2013

2013-02-15 14:57 . 2013-02-15 14:57 -------- d-----w- c:\users\McDos\AppData\Local\Autodesk

2013-02-15 14:55 . 2013-02-15 14:55 -------- d-----w- c:\users\McDos\AppData\Local\backburner

2013-02-14 01:08 . 2013-01-09 01:10 996352 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll

2013-02-14 01:08 . 2013-01-08 22:01 768000 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll

2013-02-14 00:21 . 2013-01-05 05:53 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-02-14 00:21 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2013-02-14 00:21 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2013-02-14 00:21 . 2013-01-04 03:26 3153408 ----a-w- c:\windows\system32\win32k.sys

2013-02-14 00:21 . 2013-01-04 05:46 215040 ----a-w- c:\windows\system32\winsrv.dll

2013-02-14 00:21 . 2013-01-04 02:47 25600 ----a-w- c:\windows\SysWow64\setup16.exe

2013-02-14 00:21 . 2013-01-04 02:47 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll

2013-02-14 00:21 . 2013-01-04 04:51 5120 ----a-w- c:\windows\SysWow64\wow32.dll

2013-02-14 00:21 . 2013-01-04 02:47 7680 ----a-w- c:\windows\SysWow64\instnm.exe

2013-02-14 00:21 . 2013-01-04 02:47 2048 ----a-w- c:\windows\SysWow64\user.exe

2013-02-14 00:21 . 2013-01-03 06:00 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys

2013-02-14 00:21 . 2013-01-03 06:00 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS

2013-02-13 15:58 . 2013-02-13 15:58 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2013-02-13 15:58 . 2012-12-14 15:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-02-13 15:56 . 2013-02-13 15:56 -------- d-----w- c:\users\McDos\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant

2013-02-13 15:46 . 2013-02-13 15:46 -------- d-----w- c:\program files (x86)\Adobe Download Assistant

2013-02-11 14:01 . 2013-02-12 15:26 -------- d-----w- c:\users\McDos\AppData\Roaming\.minecraft

2013-02-11 13:56 . 2013-02-11 13:56 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2013-02-11 13:32 . 2013-02-11 13:32 -------- d-----w- c:\users\McDos\AppData\Roaming\BlackBean

2013-02-09 22:20 . 2013-02-09 22:20 -------- d--h--r- c:\users\McDos\AppData\Roaming\SecuROM

2013-02-09 18:35 . 2013-02-09 18:36 -------- d-----w- c:\users\McDos\AppData\Local\Green Man Gaming

2013-02-06 12:26 . 2013-02-06 12:26 310688 ----a-w- c:\windows\system32\javaws.exe

2013-02-06 12:26 . 2013-02-06 12:26 108448 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll

2013-02-06 12:26 . 2013-02-06 12:26 188832 ----a-w- c:\windows\system32\javaw.exe

2013-02-06 12:26 . 2013-02-06 12:26 188320 ----a-w- c:\windows\system32\java.exe

2013-02-06 12:26 . 2013-02-06 12:26 -------- d-----w- c:\program files\Java

2013-02-01 20:52 . 2013-02-01 20:52 -------- d-----w- c:\program files (x86)\Google

2013-02-01 16:15 . 2013-02-01 16:15 -------- d-----w- c:\users\McDos\AppData\Roaming\Malwarebytes

2013-02-01 16:15 . 2013-02-01 16:15 -------- d-----w- c:\programdata\Malwarebytes

2013-02-01 16:14 . 2013-02-01 16:14 -------- d-----w- c:\users\McDos\AppData\Local\Programs

2013-02-01 08:38 . 2013-02-01 08:38 -------- d-----w- c:\program files\Common Files\Macrovision Shared

2013-01-20 15:09 . 2013-01-20 15:09 -------- d-----w- c:\program files (x86)\Common Files\Skype

2013-01-20 14:59 . 2013-01-20 14:59 230320 ----a-w- c:\windows\system32\drivers\MpFilter.sys

2013-01-17 20:03 . 2013-01-17 20:03 -------- d-----w- c:\program files (x86)\Pando Networks

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-02-16 15:29 . 2011-07-28 21:16 190656 ----a-w- c:\programdata\Microsoft\VCSExpress\10.0\1033\ResourceCache.dll

2013-02-14 01:12 . 2010-07-07 09:34 70004024 ----a-w- c:\windows\system32\MRT.exe

2013-02-11 13:56 . 2012-06-08 12:16 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2013-02-11 13:56 . 2010-08-12 13:05 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll

2013-02-09 20:42 . 2012-04-05 13:31 697712 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-02-09 20:42 . 2011-06-20 19:52 74096 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-02-06 12:26 . 2012-08-24 12:40 1085344 ----a-w- c:\windows\system32\npDeployJava1.dll

2013-02-06 12:26 . 2012-03-24 16:58 963488 ----a-w- c:\windows\system32\deployJava1.dll

2013-01-30 10:53 . 2010-07-07 09:30 273840 ------w- c:\windows\system32\MpSigStub.exe

2013-01-20 14:59 . 2010-10-24 20:25 130008 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys

2013-01-04 04:43 . 2013-02-14 00:21 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2012-12-16 17:11 . 2012-12-22 02:35 46080 ----a-w- c:\windows\system32\atmlib.dll

2012-12-16 14:45 . 2012-12-22 02:35 367616 ----a-w- c:\windows\system32\atmfd.dll

2012-12-16 14:13 . 2012-12-22 02:35 295424 ----a-w- c:\windows\SysWow64\atmfd.dll

2012-12-16 14:13 . 2012-12-22 02:35 34304 ----a-w- c:\windows\SysWow64\atmlib.dll

2012-12-07 13:20 . 2013-01-09 14:17 441856 ----a-w- c:\windows\system32\Wpc.dll

2012-12-07 13:15 . 2013-01-09 14:17 2746368 ----a-w- c:\windows\system32\gameux.dll

2012-12-07 12:26 . 2013-01-09 14:17 308736 ----a-w- c:\windows\SysWow64\Wpc.dll

2012-12-07 12:20 . 2013-01-09 14:17 2576384 ----a-w- c:\windows\SysWow64\gameux.dll

2012-12-07 11:20 . 2013-01-09 14:17 30720 ----a-w- c:\windows\system32\usk.rs

2012-12-07 11:20 . 2013-01-09 14:17 43520 ----a-w- c:\windows\system32\csrr.rs

2012-12-07 11:20 . 2013-01-09 14:17 23552 ----a-w- c:\windows\system32\oflc.rs

2012-12-07 11:20 . 2013-01-09 14:17 45568 ----a-w- c:\windows\system32\oflc-nz.rs

2012-12-07 11:20 . 2013-01-09 14:17 44544 ----a-w- c:\windows\system32\pegibbfc.rs

2012-12-07 11:20 . 2013-01-09 14:17 20480 ----a-w- c:\windows\system32\pegi-fi.rs

2012-12-07 11:20 . 2013-01-09 14:17 20480 ----a-w- c:\windows\system32\pegi-pt.rs

2012-12-07 11:19 . 2013-01-09 14:17 20480 ----a-w- c:\windows\system32\pegi.rs

2012-12-07 11:19 . 2013-01-09 14:17 46592 ----a-w- c:\windows\system32\fpb.rs

2012-12-07 11:19 . 2013-01-09 14:17 40960 ----a-w- c:\windows\system32\cob-au.rs

2012-12-07 11:19 . 2013-01-09 14:17 21504 ----a-w- c:\windows\system32\grb.rs

2012-12-07 11:19 . 2013-01-09 14:17 15360 ----a-w- c:\windows\system32\djctq.rs

2012-12-07 11:19 . 2013-01-09 14:17 55296 ----a-w- c:\windows\system32\cero.rs

2012-12-07 11:19 . 2013-01-09 14:17 51712 ----a-w- c:\windows\system32\esrb.rs

2012-12-07 10:46 . 2013-01-09 14:17 43520 ----a-w- c:\windows\SysWow64\csrr.rs

2012-12-07 10:46 . 2013-01-09 14:17 30720 ----a-w- c:\windows\SysWow64\usk.rs

2012-12-07 10:46 . 2013-01-09 14:17 45568 ----a-w- c:\windows\SysWow64\oflc-nz.rs

2012-12-07 10:46 . 2013-01-09 14:17 44544 ----a-w- c:\windows\SysWow64\pegibbfc.rs

2012-12-07 10:46 . 2013-01-09 14:17 20480 ----a-w- c:\windows\SysWow64\pegi-pt.rs

2012-12-07 10:46 . 2013-01-09 14:17 23552 ----a-w- c:\windows\SysWow64\oflc.rs

2012-12-07 10:46 . 2013-01-09 14:17 20480 ----a-w- c:\windows\SysWow64\pegi-fi.rs

2012-12-07 10:46 . 2013-01-09 14:17 46592 ----a-w- c:\windows\SysWow64\fpb.rs

2012-12-07 10:46 . 2013-01-09 14:17 20480 ----a-w- c:\windows\SysWow64\pegi.rs

2012-12-07 10:46 . 2013-01-09 14:17 21504 ----a-w- c:\windows\SysWow64\grb.rs

2012-12-07 10:46 . 2013-01-09 14:17 40960 ----a-w- c:\windows\SysWow64\cob-au.rs

2012-12-07 10:46 . 2013-01-09 14:17 15360 ----a-w- c:\windows\SysWow64\djctq.rs

2012-12-07 10:46 . 2013-01-09 14:17 55296 ----a-w- c:\windows\SysWow64\cero.rs

2012-12-07 10:46 . 2013-01-09 14:17 51712 ----a-w- c:\windows\SysWow64\esrb.rs

2012-12-03 15:47 . 2012-12-18 17:25 983936 ----a-w- c:\windows\system32\nvumdshimx.dll

2012-12-03 15:47 . 2012-12-18 17:25 9271352 ----a-w- c:\windows\system32\nvcuda.dll

2012-12-03 15:47 . 2012-12-18 17:25 841272 ----a-w- c:\windows\SysWow64\nvumdshim.dll

2012-12-03 15:47 . 2012-12-18 17:25 7819016 ----a-w- c:\windows\SysWow64\nvcuda.dll

2012-12-03 15:47 . 2012-12-18 17:25 7446192 ----a-w- c:\windows\system32\nvopencl.dll

2012-12-03 15:47 . 2012-12-18 17:25 6149904 ----a-w- c:\windows\SysWow64\nvopencl.dll

2012-12-03 15:47 . 2012-12-18 17:25 2816824 ----a-w- c:\windows\system32\nvapi64.dll

2012-12-03 15:47 . 2012-12-18 17:25 2784104 ----a-w- c:\windows\system32\nvcuvid.dll

2012-12-03 15:47 . 2012-12-18 17:25 26811240 ----a-w- c:\windows\system32\nvoglv64.dll

2012-12-03 15:47 . 2012-12-18 17:25 2606440 ----a-w- c:\windows\SysWow64\nvcuvid.dll

2012-12-03 15:47 . 2012-12-18 17:25 25256296 ----a-w- c:\windows\system32\nvcompiler.dll

2012-12-03 15:47 . 2012-12-18 17:25 2496976 ----a-w- c:\windows\SysWow64\nvapi.dll

2012-12-03 15:47 . 2012-12-18 17:25 245432 ----a-w- c:\windows\system32\nvinitx.dll

2012-12-03 15:47 . 2012-12-18 17:25 2226024 ----a-w- c:\windows\system32\nvcuvenc.dll

2012-12-03 15:47 . 2012-12-18 17:25 20335976 ----a-w- c:\windows\SysWow64\nvoglv32.dll

2012-12-03 15:47 . 2012-12-18 17:25 201136 ----a-w- c:\windows\SysWow64\nvinit.dll

2012-12-03 15:47 . 2012-12-18 17:25 1874280 ----a-w- c:\windows\SysWow64\nvcuvenc.dll

2012-12-03 15:47 . 2012-12-18 17:25 1805672 ----a-w- c:\windows\system32\nvdispco64.dll

2012-12-03 15:47 . 2012-12-18 17:25 18045968 ----a-w- c:\windows\system32\nvd3dumx.dll

2012-12-03 15:47 . 2012-12-18 17:25 17559912 ----a-w- c:\windows\SysWow64\nvcompiler.dll

2012-12-03 15:47 . 2012-12-18 17:25 15122280 ----a-w- c:\windows\SysWow64\nvd3dum.dll

2012-12-03 15:47 . 2012-12-18 17:25 1504104 ----a-w- c:\windows\system32\nvdispgenco64.dll

2012-12-03 15:47 . 2012-12-18 17:25 15016256 ----a-w- c:\windows\system32\nvwgf2umx.dll

2012-12-03 15:47 . 2012-12-18 17:25 12603960 ----a-w- c:\windows\SysWow64\nvwgf2um.dll

2012-12-03 15:47 . 2012-12-18 17:25 11532648 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys

2012-12-01 05:49 . 2012-12-18 17:26 3663213 ----a-w- c:\windows\system32\nvcoproc.bin

2012-12-01 05:49 . 2012-12-18 17:26 63336 ----a-w- c:\windows\system32\nvshext.dll

2012-12-01 05:49 . 2012-12-18 17:26 118120 ----a-w- c:\windows\system32\nvmctray.dll

2012-12-01 05:49 . 2012-12-18 17:26 890216 ----a-w- c:\windows\system32\nvvsvc.exe

2012-12-01 05:48 . 2012-12-18 17:26 6223208 ----a-w- c:\windows\system32\nvcpl.dll

2012-12-01 05:48 . 2012-12-18 17:26 3311464 ----a-w- c:\windows\system32\nvsvc64.dll

2012-11-30 21:43 . 2012-11-30 21:43 438632 ----a-w- c:\windows\SysWow64\nvStreaming.exe

2012-11-30 05:45 . 2013-01-09 14:15 362496 ----a-w- c:\windows\system32\wow64win.dll

2012-11-30 05:45 . 2013-01-09 14:15 243200 ----a-w- c:\windows\system32\wow64.dll

2012-11-30 05:45 . 2013-01-09 14:15 13312 ----a-w- c:\windows\system32\wow64cpu.dll

2012-11-30 05:43 . 2013-01-09 14:15 16384 ----a-w- c:\windows\system32\ntvdm64.dll

2012-11-30 05:41 . 2013-01-09 14:15 424448 ----a-w- c:\windows\system32\KernelBase.dll

2012-11-30 05:41 . 2013-01-09 14:15 1161216 ----a-w- c:\windows\system32\kernel32.dll

2012-11-30 05:38 . 2013-01-09 14:15 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 14:15 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 14:15 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 14:15 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 14:15 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 14:15 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 14:15 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 14:15 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 14:15 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 14:15 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 14:15 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 14:15 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 14:15 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 14:15 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 14:15 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]

"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]

"Trust Gaming Mouse"="c:\program files (x86)\Trust Gaming Mouse\Mouse.exe" [2011-01-17 2245632]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]

"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-12-10 2254768]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer9"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R1 bqtjzojq;bqtjzojq;c:\windows\system32\drivers\bqtjzojq.sys [x]

R1 kushbwau;kushbwau;c:\windows\system32\drivers\kushbwau.sys [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]

R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys [2010-04-29 32768]

R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]

R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2013-02-01 1431888]

R3 HRMACPI;DSF ACPI Redirection Module;c:\windows\system32\DRIVERS\HRMACPI.SYS [x]

R3 HRMINTS;DSF Interrupt Redirection Module;c:\windows\system32\DRIVERS\HRMINTS.SYS [2010-02-08 128504]

R3 HRMPORTS;DSF IO Port Redirection Module;c:\windows\system32\DRIVERS\HRMPORTS.SYS [2010-02-08 148360]

R3 IAMTVE;Stuurprogramma voor Intel® Active Management Technology - KCS;c:\windows\system32\DRIVERS\IAMTVE.sys [2007-04-11 43416]

R3 IAMTXPE;Stuurprogramma voor Intel® Active Management Technology - KCS;c:\windows\system32\DRIVERS\IAMTXPE.sys [2007-04-11 51096]

R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-03 271872]

R3 ioatdma1;ioatdma1;c:\windows\System32\Drivers\qd162x64.sys [2009-11-16 40144]

R3 ioatdma2;Intel® QuickData Technology device ver.2;c:\windows\System32\Drivers\qd262x64.sys [2009-11-16 42192]

R3 MSICDSetup;MSICDSetup;E:\CDriver64.sys [x]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]

R3 NisSrv;Microsoft Netwerkinspectie;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]

R3 SOFTHIDUSBK;USB HID Layer;c:\windows\system32\DRIVERS\SOFTHIDUSBK.SYS [2010-02-08 206848]

R3 SOFTUSBK;Generic USB device;c:\windows\system32\DRIVERS\SOFTUSBK.SYS [2010-02-08 675328]

R3 SOFTUSBTESTHUB;Generic USB Test Hub;c:\windows\system32\DRIVERS\SOFTUSBTESTHUB.SYS [x]

R3 SOFTWADP;Wireless adapter devices;c:\windows\system32\DRIVERS\SOFTWADP.SYS [x]

R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]

R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe [2012-11-26 745368]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-07 1255736]

R3 WinRing0_1_2_0;WinRing0_1_2_0;d:\mijn documenten\Games\razer\Driver\WinRing0x64.sys [2012-09-17 14544]

R3 WSOFTUSBK;Generic wireless USB device;c:\windows\system32\DRIVERS\WSOFTUSBK.SYS [x]

S0 DSFKSVCS;Kernel Services for DSF;c:\windows\system32\DRIVERS\dsfksvcs.sys [2010-02-08 676232]

S0 dsfroot;root enumerated bus driver;c:\windows\system32\DRIVERS\dsfroot.sys [2010-02-08 35832]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-09-28 52856]

S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]

S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-09-16 169312]

S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]

S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-12-10 2465712]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]

S2 RalinkRegistryWriter64;Ralink Registry Writer 64;c:\program files (x86)\Conceptronic\Common\RaRegistry64.exe [2009-12-10 212256]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-11-30 382824]

S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-12-09 2320920]

S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [2010-04-05 301232]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]

S3 HRMCFGSPC;DSF General Configuration Space Redirection Module;c:\windows\system32\DRIVERS\HRMCFGSPC.SYS [2010-02-08 133512]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]

S3 softehci;Microsoft USB 2.0 Enhanced Host Controller Interface (EHCI) Simulator Driver;c:\windows\system32\DRIVERS\softehci.sys [2010-02-08 366592]

S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-16 31232]

S3 trustms;Trust Mouse;c:\windows\system32\drivers\trustms.sys [2010-11-14 12416]

S3 usbehci_dsf;Microsoft DSF-enabled USB 2.0 Enhanced Host Controller Interface (EHCI) Miniport Driver;c:\windows\system32\DRIVERS\usbehci_dsf.sys [2010-02-08 52736]

S3 USBMULCD;USB Multi-Channel Audio Device Interface;c:\windows\system32\drivers\CM10664.sys [2011-04-28 1310720]

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-02-01 20:52 1607120 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe

.

Inhoud van de 'Gedeelde Taken' map

.

2013-02-16 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 20:42]

.

2013-02-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-01 20:52]

.

2013-02-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-01 20:52]

.

--------- X64 Entries -----------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 162328]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 386584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 417304]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]

"Cm106Sound"="c:\windows\Syswow64\cm106.dll" [2011-04-28 8757248]

.

------- Bijkomende Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: &Verzenden naar OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105

IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000

IE: Free YouTube to Mp3 Converter - c:\users\McDos\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

.

- - - - ORPHANS VERWIJDERD - - - -

.

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

AddRemove-Free Audio CD to MP3 Converter_is1 - c:\program files (x86)\DVDVideoSoft\Free Audio CD to MP3 Converter\unins000.exe

AddRemove-Ghost Control_is1 - c:\program files (x86)\Ghost Control\unins000.exe

AddRemove-JamGuru - c:\program files (x86)\UltimateGuitar\JamGuru\uninst.exe

AddRemove-MagicDisc 2.7.106 - c:\progra~2\MAGICD~1\UNWISE.EXE

AddRemove-Magicka_is1 - d:\mijn documenten\Games\Steam\steamapps\common\Magicka\unins000.exe

AddRemove-MAGIX_MSI_mm17dlx - c:\program files (x86)\MAGIX\Music_Maker_17_Premium_Download_Version\mm17dlx_en-GB_setup.exe

AddRemove-NoteWorthy Composer 2 - c:\program files (x86)\Noteworthy Software\NoteWorthy Composer 2\Uninstall.exe

AddRemove-Skyrim Dawnguard DLC+Update v1.7706-=AviaRa=- 1.7706 - d:\mijn documenten\Games\The Elder Scrolls V Skyrim\Skyrim Dawnguard DLC+Update v1.7706-=AviaRa=-\Uninstall.exe

AddRemove-The Lost Watch II NV 3D Screensaver_is1 - c:\program files (x86)\The Lost Watch II NV 3D Screensaver\unins000.exe

AddRemove-vReveal - c:\program files (x86)\vReveal\Uninstall.exe

AddRemove-Western Railway NV 3D Screensaver_is1 - c:\program files (x86)\Western Railway NV 3D Screensaver\unins000.exe

AddRemove-WinISO_is1 - c:\program files (x86)\WinISO\unins000.exe

AddRemove-{16F0EE77-B2B1-4417-A8CC-07E06C78CCC4} - c:\program files (x86)\KellySoftware\Matrix-ks\Uninstall.exe

AddRemove-SOE-PlanetSide 2 Beta - d:\planetside\Uninstaller.exe

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DSFKSVCS\MofImagePath]

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_USERS\S-1-5-21-3876104778-1600678488-752456974-1000\Software\SecuROM\License information*]

"datasecu"=hex:10,d0,29,c2,dd,37,bc,f5,bf,97,12,f7,c5,2f,28,b9,9f,c3,de,6f,d1,

74,63,99,b0,c8,e7,d3,e2,28,86,1c,fd,6d,2a,a8,40,ec,ae,af,9a,dc,99,41,31,65,\

"rkeysecu"=hex:41,f2,72,e7,97,8d,0f,09,89,ee,81,32,d9,e4,30,b5

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Voltooingstijd: 2013-02-16 17:04:39

ComboFix-quarantined-files.txt 2013-02-16 16:04

.

Pre-Run: 1.769.779.200 bytes beschikbaar

Post-Run: 3.851.087.872 bytes beschikbaar

.

- - End Of File - - 2966D9B9943A7A4F9BB72ED1FE85BC32

Maurice Naggar · February 16, 2013

Please read carefully and follow these steps.

Download TDSSKiller and save it to your Desktop.
Double-Click on TDSSKiller.exe to run the application, then on Start Scan.
If running Vista or Windows 7, do a RIGHT-Click and select Run as Administrator to start TDSSKILLER.exe.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Step 2

You should already have the DDS tool from before. If you do not have, you should download and save it.

I need for you to run it and at end, copy and paste DDS.txt into a new reply.

Download DDS and save it to your desktop from http://download.bleepingcomputer.com/sUBs/dds.com here

or http://download.bleepingcomputer.com/sUBs/dds.scr or

http://www.infospyware.net/sUBs/dds

Disable any script blocker if your antivirus/antimalware has it.

On Vista/ Windows 7/ Windows 8 do a RIGHT-click on dds and select Run As Administrator :excl:

On Windows XP double click dds to run the tool.

DDS will run in a command prompt window and will take 3 to 4 minutes or so.

Follow and answer the prompts as appropriate.

When done, DDS will open two (2) logs:
DDS.txt
Attach.txt
Save both reports to your desktop.

Please Copy & Paste contents of the following logs in your next reply:
DDS.txt
Attach.txt
Step 3
Download Security Check by screen317 from here.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Danaiden · February 16, 2013

I've done the scans and posted the logs below. In step 2 it wasn't clear whether you wanted both DDS.txt and Attach.txt or just DDS.txt so i posted both.

Attach

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 12-8-2010 9:10:52

System Uptime: 16-2-2013 16:31:54 (3 hours ago)

.

Motherboard: Intel Corporation | | DH55TC

Processor: Intel® Core i5 CPU 650 @ 3.20GHz | XU1 | 3193/533mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 75 GiB total, 3,357 GiB free.

D: is FIXED (NTFS) - 856 GiB total, 372,778 GiB free.

E: is CDROM ()

F: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP841: 16-2-2013 18:43:17 - Gepland controlepunt

.

==== Installed Programs ======================

.

Adobe AIR

Adobe Community Help

Adobe Download Assistant

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Media Player

Adobe Photoshop CS5

Adobe Photoshop Elements 7.0

Adobe Premiere Elements 7.0

Adobe Premiere Elements 7.0 Templates

Adobe Reader X (10.1.5) - Nederlands

Adobe Shockwave Player 11.5

AIWI

AIWI JoyStick

Amnesia - The Dark Descent

Anark Client 1.0

Any Video Converter 3.2.3

APB Reloaded

Apple Application Support

Apple Software Update

applicationupdater

Assassin's Creed Brotherhood

Assassin's Creed Revelations 1.02

Audacity 1.3.12 (Unicode)

Audiosurf

Autodesk Maya 2012 64-bit

Bonjour

Borderlands 2

Capsule

Composite 2012 64-bit

Conceptronic 300N Wireless Adapter (v3.0)

Cooliris for Internet Explorer

Curse Client

D3DX10

Darksiders II

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Device Simulation Framework 1.0.1

Dishonored

Dota 2

eBook Reader

EPN werkboek-i Numbers and Space/1 havo vwo

F-N

FFmpeg for Audacity on Windows

Firebird SQL Server - MAGIX Edition

Fluency TTS 5.0

Fraps (remove only)

Free Audio CD to MP3 Converter version 1.3.7

Free YouTube to MP3 Converter version 3.11.35.1031

FTL version 1.01

gamelauncher-ps2-live

GameMaker 8.1

GamersFirst LIVE!

GameSpy Arcade

Ghost Control 2.1

Google Chrome

Google Update Helper

Heaven DX11 Benchmark version 3.0

Hi-Rez Studios Authenticate and Update Service

Hotfix for Microsoft Visual C# 2010 Express - ENU (KB2635973)

House of Night Screensaver Screensaver

HTML-Kit

ImagXpress

Intel® Management Engine Components

Intel® Network Connections 15.3.68.0

J2SE Runtime Environment 5.0 Update 1

JamGuru 1.0 RC5

Java 7 Update 13

Java 7 Update 13 (64-bit)

Java Auto Updater

Junk Mail filter update

LAME v3.98.2 for Audacity

League of Legends

Loadout

LogMeIn Hamachi

Magic The Gathering - Duels of the Planeswalkers 2013

MagicDisc 2.7.106

Magicka

MAGIX Music Maker 17 Premium Download Version

MAGIX Screenshare

MAGIX Speed burnR (MSI)

Malwarebytes Anti-Malware versie 1.70.0.1100

Matrix-ks

Microsoft .NET Framework 1.1

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Client Profile NLD Language Pack

Microsoft .NET Framework 4 Extended

Microsoft .NET Framework 4 Extended NLD Language Pack

Microsoft .NET Framework 4 Multi-Targeting Pack

Microsoft Antimalware Service NL-NL Language Pack

Microsoft Application Error Reporting

Microsoft Games for Windows - LIVE Redistributable

Microsoft Games for Windows Marketplace

Microsoft Help Viewer 1.1

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (Dutch) 2010

Microsoft Office Excel MUI (Dutch) 2010

Microsoft Office Groove MUI (Dutch) 2010

Microsoft Office InfoPath MUI (Dutch) 2010

Microsoft Office Office 64-bit Components 2010

Microsoft Office OneNote MUI (Dutch) 2010

Microsoft Office Outlook MUI (Dutch) 2010

Microsoft Office PowerPoint MUI (Dutch) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (Dutch) 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (German) 2010

Microsoft Office Proofing (Dutch) 2010

Microsoft Office Publisher MUI (Dutch) 2010

Microsoft Office Shared 64-bit MUI (Dutch) 2010

Microsoft Office Shared MUI (Dutch) 2010

Microsoft Office Word MUI (Dutch) 2010

Microsoft Rise Of Nations

Microsoft Security Client

Microsoft Security Client NL-NL Language Pack

Microsoft Security Essentials

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft SQL Server 2008 R2 Management Objects

Microsoft SQL Server Compact 3.5 SP2 ENU

Microsoft SQL Server Compact 3.5 SP2 x64 ENU

Microsoft SQL Server System CLR Types

Microsoft Visual C# 2010 Express - ENU

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219

Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools

Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU

Microsoft Visual Studio 2010 Service Pack 1

Microsoft Visual Studio 2010 Tools for Office Runtime (x64)

Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - NLD