Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Virus blocks all anti virus/malware programs [Closed]

Started by 1mperator , Jan 11 2015 03:13 PM

  • This topic is locked This topic is locked

#1
1mperator
Posted 11 January 2015 - 03:13 PM

1mperator

    New Member

  • Member
  • Pip
  • 2 posts

I am redirected from Hackforums to this forum, because they were not able to help me out. I will try to give you guys an update as good as possible

Started with:
Does anyone have some advice to delete / clean a virus which blocks all virus scanners and malwarebytes? 

 

- Chamelon (version of Malwarebytes) does not work

- Malwarebytes does not work

- AVG 2013 does not work

 

Used an online scanner which used a loop to scan files which were not up to date / deleted.

 

Edit: scan online found "Win32/agent.rqd.gen trojan"


Windows security center:
Edit: Once I want to start, It says "couldn't start". 
Maybe a good detail: I did turn off the windows virus scanner earlier on because I do prefer AVG & Malwarebytes.
Edit2: Could it be because Im in safe modus?

I did run: Farbar Recovery Scan Tool 

First it crashed, second as well. The program did make some files I just found out. 

Not sure if it's incomplete because of the crash.
 
FRST: 
 
Addition:
 
Gonna try that windows repair program
Edit: does not work. Same problem as other programs, crashes..

On these files I did get this advice:

1. Upload C:\Users\FRANK&~1\AppData\Local\Temp\mfe_rr.sys to http://virustotal.com and post the link here
2. Upload C:\Users\frank&jose\ghost.exe to http://virustotal.com and post the link here
3. Upload C:\Users\frank&jose\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WIKEWBEL\SwSaniNet_11 (1).exe to http://virustotal.com and post the link here
4. Remove the following service: COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
5. Disconnect from the internet, rename roguekiller.exe to something random (like 1328476safgwq.exe) and run it as administrator.
 
1.  Can 't find the file anymore , even when I am in the exact map and I do typ the exact name.
2. 0/56 detection rate (but I will still remove it).
3. Can't find this file as well, and I could only open the map while using the right mouse button (not with enter). 
4. I canonly find the dllhost.exe , not the processid. Scanned the dllhost.exe on virus total and it has a detection of 0/56.
 
I will do number 5. right now, will update when I do have more information
WHen I rename the file it does not show, when I open the map once again it does show the change.

all maps are visible, also the hidden and the system maps. 
 
Used roguekiller, changed the .exe name and still did not open.
Even without internet connection.
 
I hope you guys could help me out, Thanks for reading! 
 

 


  • 0

Advertisements

#2
ruggie_uk
Posted 12 January 2015 - 06:14 AM

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

Greetings 1mperator and :welcome:

My nickname is Ruggie and I will be assisting you in cleaning your computer.
Please be aware I am currently in the final stages of training right now and all my work will be checked by an instructor so there may be a slight delay between posts. The added benefit to this is that you will have 2 sets of eyes looking at your problem so you can be assured you will get the best possible help.

  • Malware removal can be a long process and will at times get complicated with multiple steps to perform to ensure that your system is no longer infected.
  • When we start the process, the list of instructions must be followed closely, it may seem difficult at times but it is important that you stay with me until your computer is declared clean.
  • If you are receiving help elsewhere, please let me know so we can close this thread and help someone else.

stop32.png Before going any further, I recommend that you print out (or save to a file) these guidelines and also the instructions when I post them, as part of the repair process may involve going into safe mode and therefore you will not have internet access.

The following guidelines are important but the ones highlighted in RED are of the highest importance and must not be skipped.

right-grn.pngPlease save all tools to the desktop,. Our tools are updated very regularly, sometimes several times per day so always download the latest version from the links I provide.

right-grn.pngPlease be aware, the fixes we perform are specific to this machine, at this moment in time. They must not be used on another computer or unsupervised at another time. This can render your computer unbootable.

right-grn.pngIf at all possible, Make backups of all your important files, whilst we will do our best to ensure that no files are lost or damaged, sometimes things can go wrong.

right-grn.png I will do everything in my power to ensure that this clean is successful, but occasionally failure hits us all. In this event, please have your original installation disks to hand and be prepared to have to format and reinstall your computer.

right-grn.png Refrain from using any tool that hasn't been instructed as it could alter the process that we are working through and cause further problems. Also only use the tools I instruct in the manner provided as they are very powerful and if not used properly can cause even more problems. It is best if you can avoid using the computer at all, apart from to perform the cleaning steps to ensure that any infections aren't spread.

right-grn.pngPlease stick with me until the end. malware removal is difficult and time consuming. We have to analyse hundreds of lines in log files. This takes time which we give freely so I ask that you do us the courtesy of seeing it through.

right-grn.png Only paste the contents of log files into your reply, DO NOT attach any log files unless requested to do so.

right-grn.png If you have any questions or get stuck, stop and ask....I am here to help you make this go as smoothly as possible.

right-grn.png If you do not reply within 3 days, your topic will be closed. It can be reopened if you ask. But if you plan on being gone for a longer period, just let me know and I will hold it open for you.

Ready? Now lets get to work

 

I am currently reviewing your logs and will be responding again in due course.


  • 0

#3
ruggie_uk
Posted 12 January 2015 - 06:23 AM

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-01-2015
Ran by frank&jose (administrator) on QUAD on 11-01-2015 21:19:20
Running from C:\Users\frank&jose\Downloads
Loaded Profile: frank&jose (Available profiles: frank&jose & Rachel & Jochem & Tessa & Spel)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Nederlands (Nederland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\HelpPane.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411952 2014-11-04] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-02-02] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Reader Application Helper] => F:\Programs\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe [899400 2014-05-23] (Sony Corporation)
HKLM-x32\...\Run: [QuickTime Task] => F:\Programs\QuickTime\QTTask.exe [417792 2009-11-10] (Apple Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [KiesTrayAgent] => F:\ProgramFiles\samsungkies\Kies\KiesTrayAgent.exe [310064 2014-06-14] (Samsung Electronics Co., Ltd.)
HKU\S-1-5-21-158038807-2111473649-2187484589-1001\...\Run: [DAEMON Tools Lite] => F:\Programs\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd)
HKU\S-1-5-21-158038807-2111473649-2187484589-1001\...\Run: [KiesPreload] => F:\ProgramFiles\samsungkies\Kies\Kies.exe [1563440 2014-06-14] (Samsung)
HKU\S-1-5-21-158038807-2111473649-2187484589-1001\...\Run: [KiesAirMessage] => F:\ProgramFiles\samsungkies\Kies\KiesAirMessage.exe -startup
HKU\S-1-5-21-158038807-2111473649-2187484589-1001\...\Run: [] => F:\ProgramFiles\samsungkies\Kies\External\FirmwareUpdate\KiesPDLR.exe [843568 2014-06-14] (Samsung)
HKU\S-1-5-21-158038807-2111473649-2187484589-1001\...\RunOnce: [Shockwave Updater] => C:\Windows\SysWOW64\Adobe\Shockwave 11\SwHelper_1103471.exe [460216 2008-11-24] (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ComproRemote.lnk
ShortcutTarget: ComproRemote.lnk -> C:\Program Files (x86)\Common Files\VideoMate\ComproRemote.exe (Compro Technology, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ComproSchedulerDTV.lnk
ShortcutTarget: ComproSchedulerDTV.lnk -> C:\Program Files (x86)\Common Files\VideoMate\ComproSchedulerDTV.exe (Compro Technology, Inc.)
Startup: C:\Users\frank&jose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Karen's Replicator.lnk
ShortcutTarget: Karen's Replicator.lnk -> C:\Program Files (x86)\Karen's Power Tools\Replicator\PTReplicator.exe (Karen Kenworthy)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-158038807-2111473649-2187484589-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.nl/
BHO: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> F:\ProgramFiles\TechSmith\SnagIt 9\DLLx64\SnagItBHO64.dll (TechSmith Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> F:\ProgramFiles\TechSmith\SnagIt 9\SnagItBHO.dll (TechSmith Corporation)
BHO-x32: Aanmeldhulp voor Microsoft-account -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
Toolbar: HKLM-x32 - SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - F:\ProgramFiles\TechSmith\SnagIt 9\SnagItIEAddin.dll (TechSmith Corporation)
DPF: HKLM-x32 {6E718D87-6909-4FCE-92D4-EDCB2F725727} http://www.navigram.com/engine/v1140/Navigram.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {8AD9C840-044E-11D1-B3E9-00805F499D93} http://javadl-esd.sun.com/update/1.4.2/jinstall-1_4-windows-i586.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\..\Interfaces\{D15AE699-8E0A-42B2-839E-0696B0D4FFEF}: [NameServer] 192.168.2.254,195.121.1.34

FireFox:
========
FF ProfilePath: C:\Users\frank&jose\AppData\Roaming\Mozilla\Firefox\Profiles\ohauw4kk.default
FF Homepage: https://www.google.nl/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @sony.com/ReaderDesktop -> F:\Programs\Sony\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> F:\ProgramFiles\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Extension: DownloadHelper - C:\Users\frank&jose\AppData\Roaming\Mozilla\Firefox\Profiles\ohauw4kk.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-06]

Chrome: 
=======
CHR StartupUrls: Default -> "https://www.google.nl/?gfe_rd=cr&ei=NEryU8WpG8XO-gbWroCYCQ"
CHR Profile: C:\Users\frank&jose\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Documenten) - C:\Users\frank&jose\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-18]
CHR Extension: (Google Drive) - C:\Users\frank&jose\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-18]
CHR Extension: (YouTube) - C:\Users\frank&jose\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-18]
CHR Extension: (Google Zoeken) - C:\Users\frank&jose\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-18]
CHR Extension: (Google Wallet) - C:\Users\frank&jose\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-18]
CHR Extension: (Bitdefender QuickScan) - C:\Users\frank&jose\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie [2015-01-11]
CHR Extension: (Gmail) - C:\Users\frank&jose\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-18]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4942384 2014-10-17] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-11-20] (AVG Technologies CZ, s.r.o.)
S3 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [24576 2013-11-03] (The OpenVPN Project) [File not signed]
S3 Sony SCSI Helper Service; C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe [73728 2014-04-25] (Sony Corporation) [File not signed]
S2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2005-01-31] (Ulead Systems, Inc.) [File not signed]
S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [209720 2014-11-04] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-10-23] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2014-10-17] (AVG Technologies CZ, s.r.o.)
R3 ComproHID; C:\Windows\System32\DRIVERS\ComproHID64.sys [9088 2007-10-01] (Compro Tech., Inc.)
R3 ComproHID; C:\Windows\SysWOW64\DRIVERS\ComproHID64.sys [9088 2007-10-01] (Compro Tech., Inc.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-02-09] (Disc Soft Ltd)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-11] (Malwarebytes Corporation)
S3 Ph3xIB64; C:\Windows\System32\DRIVERS\Ph3xIB64.sys [1627520 2009-06-10] (NXP Semiconductors)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
S3 ULCDRHlp; C:\Windows\SysWOW64\Drivers\ULCDRHlp.sys [27392 2004-12-23] (Ulead Systems, Inc.) [File not signed]
S3 VMHybrid64; C:\Windows\System32\DRIVERS\VMHybr64.sys [1403648 2011-05-06] (Compro Technology, Inc.)
S3 VMHybrid64; C:\Windows\SysWOW64\DRIVERS\VMHybr64.sys [1410048 2011-03-14] (Compro Technology, Inc.)
S3 MFE_RR; \??\C:\Users\FRANK&~1\AppData\Local\Temp\mfe_rr.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-11 21:15 - 2015-01-11 21:15 - 00024075 _____ () C:\Users\frank&jose\Downloads\Addition.txt
2015-01-11 21:14 - 2015-01-11 21:19 - 00011604 _____ () C:\Users\frank&jose\Downloads\FRST.txt
2015-01-11 21:14 - 2015-01-11 21:19 - 00000000 ____D () C:\FRST
2015-01-11 21:14 - 2015-01-11 21:14 - 02124288 _____ (Farbar) C:\Users\frank&jose\Downloads\FRST64.exe
2015-01-11 21:10 - 2015-01-11 21:10 - 01059840 _____ () C:\Users\frank&jose\Downloads\MicrosoftFixit50981.msi
2015-01-11 21:10 - 2015-01-11 21:10 - 01059840 _____ () C:\Users\frank&jose\Downloads\MicrosoftFixit50981 (1).msi
2015-01-11 21:00 - 2015-01-11 21:00 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\frank&jose\Downloads\rkill.exe
2015-01-11 21:00 - 2015-01-11 21:00 - 00002956 _____ () C:\Users\frank&jose\Desktop\Rkill.txt
2015-01-11 20:35 - 2015-01-11 21:05 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-11 20:11 - 2015-01-11 20:11 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-01-11 20:09 - 2015-01-11 20:09 - 00184704 _____ () C:\Users\frank&jose\Downloads\qsinstaller.exe
2015-01-11 20:01 - 2015-01-11 20:04 - 00000490 _____ () C:\delrepwv.log
2015-01-11 20:00 - 2015-01-11 20:00 - 00103792 _____ () C:\Users\frank&jose\Downloads\delrepwv_en.exe
2015-01-11 20:00 - 2015-01-11 20:00 - 00000000 ____D () C:\AVGTemp
2015-01-11 19:43 - 2015-01-11 19:43 - 00495712 _____ (Kaspersky Lab) C:\Users\frank&jose\Downloads\setup.exe
2015-01-11 19:28 - 2015-01-11 21:05 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-11 19:19 - 2015-01-11 20:45 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-11 19:19 - 2015-01-11 20:42 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-11 19:19 - 2015-01-11 20:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-11 19:19 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-11 19:19 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-11 19:17 - 2015-01-11 19:17 - 00000000 ____D () C:\Nieuwe map
2015-01-11 19:02 - 2015-01-11 19:02 - 00000000 ____D () C:\Users\frank&jose\Downloads\mbam-chameleon-3.1.7.0
2015-01-11 19:01 - 2015-01-11 19:01 - 04909382 _____ () C:\Users\frank&jose\Downloads\mbam-chameleon-3.1.7.0.zip
2015-01-11 13:32 - 2015-01-11 13:32 - 02494560 _____ (Trend Micro Inc.) C:\Users\frank&jose\Downloads\HousecallLauncher64 (1).exe
2015-01-11 13:26 - 2015-01-11 13:26 - 02494560 _____ (Trend Micro Inc.) C:\Users\frank&jose\Downloads\HousecallLauncher64.exe
2015-01-11 13:26 - 2015-01-11 13:26 - 00000036 _____ () C:\Users\frank&jose\AppData\Local\housecall.guid.cache
2015-01-11 13:23 - 2015-01-11 21:02 - 00000178 _____ () C:\Windows\system32\avgrep.txt
2015-01-10 16:28 - 2015-01-10 16:29 - 09532388 _____ () C:\Users\frank&jose\Downloads\oPlayer.zip
2015-01-10 16:26 - 2015-01-10 16:26 - 03028178 _____ () C:\Users\frank&jose\Downloads\Search_tool.rar
2015-01-10 16:17 - 2015-01-11 13:03 - 00000000 ____D () C:\Program Files\VideoActiveX
2015-01-10 16:17 - 2015-01-10 16:17 - 00000000 ____D () C:\Program Files\wanscam
2015-01-08 19:29 - 2015-01-11 19:17 - 00000000 ____D () C:\temp
2014-12-26 11:55 - 2015-01-11 20:50 - 00000168 _____ () C:\Windows\setupact.log
2014-12-26 11:55 - 2014-12-26 11:55 - 00000000 _____ () C:\Windows\setuperr.log
2014-12-24 10:10 - 2014-12-24 10:10 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2014-12-21 14:58 - 2014-12-21 14:58 - 00000000 ____D () C:\Users\Tessa\AppData\Local\Apple
2014-12-18 21:44 - 2014-12-13 06:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-18 21:44 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-12 13:26 - 2014-12-12 13:26 - 00000000 ____D () C:\Windows\system32\appraiser

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-11 21:09 - 2014-01-25 20:56 - 00745424 _____ () C:\Windows\system32\perfh013.dat
2015-01-11 21:09 - 2014-01-25 20:56 - 00153376 _____ () C:\Windows\system32\perfc013.dat
2015-01-11 21:09 - 2009-07-14 06:13 - 01669560 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-11 20:57 - 2014-01-25 12:03 - 01483182 _____ () C:\Windows\WindowsUpdate.log
2015-01-11 20:57 - 2009-07-14 05:45 - 00035504 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-11 20:57 - 2009-07-14 05:45 - 00035504 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-11 20:50 - 2014-08-18 15:27 - 00001052 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-11 20:50 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-11 20:02 - 2010-11-21 04:47 - 00045488 _____ () C:\Windows\PFRO.log
2015-01-11 13:25 - 2014-11-20 21:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-01-11 13:23 - 2014-01-25 12:17 - 00000000 ____D () C:\Users\frank&jose\AppData\Local\Avg2013
2015-01-11 13:21 - 2014-01-26 14:48 - 00000000 ____D () C:\Users\frank&jose\AppData\Roaming\Malwarebytes
2015-01-11 13:14 - 2014-01-25 12:03 - 00000000 ____D () C:\Users\frank&jose
2015-01-11 13:13 - 2014-01-26 14:48 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-11 13:13 - 2014-01-25 22:47 - 00000000 ____D () C:\Users\frank&jose\AppData\Local\Spotnet
2015-01-11 13:13 - 2014-01-25 22:36 - 00000000 ____D () C:\Users\frank&jose\AppData\Local\sabnzbd
2015-01-11 13:13 - 2014-01-25 22:34 - 00000000 ____D () C:\Users\frank&jose\AppData\Roaming\vlc
2015-01-11 13:13 - 2014-01-25 18:49 - 00000000 ____D () C:\Users\Tessa
2015-01-11 13:13 - 2014-01-25 18:31 - 00000000 ____D () C:\Users\Spel
2015-01-11 13:13 - 2014-01-25 18:24 - 00000000 ____D () C:\Users\Rachel
2015-01-11 13:13 - 2014-01-25 18:18 - 00000000 ____D () C:\Users\Jochem
2015-01-11 13:13 - 2014-01-25 12:17 - 00000000 ____D () C:\ProgramData\MFAData
2015-01-11 13:13 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2015-01-11 13:13 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat
2015-01-10 17:40 - 2014-01-25 17:51 - 00000000 ____D () C:\Users\frank&jose\Documents\frank
2014-12-30 23:34 - 2014-01-26 22:27 - 00000000 ____D () C:\Users\frank&jose\Documents\Volleybal_2014
2014-12-26 14:43 - 2014-08-18 15:27 - 00001056 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-25 15:31 - 2014-01-28 22:36 - 00003978 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{C80EC599-400D-4F30-A69C-96ACC30A0A73}
2014-12-24 16:43 - 2014-07-29 20:23 - 00000000 ____D () C:\Users\frank&jose\AppData\Roaming\DVD Flick
2014-12-24 16:21 - 2014-07-30 18:57 - 00000000 ____D () C:\ProgramData\DVD Shrink
2014-12-23 16:37 - 2014-11-02 21:33 - 00000000 ____D () C:\Users\frank&jose\AppData\Roaming\Kodi
2014-12-17 21:43 - 2014-02-04 15:51 - 00000000 ____D () C:\Users\frank&jose\Documents\tessa
2014-12-16 22:31 - 2014-01-25 17:51 - 00000000 ____D () C:\Users\frank&jose\Documents\adressen
2014-12-14 18:50 - 2014-01-27 21:38 - 00038478 _____ () C:\Users\frank&jose\AppData\Roaming\Door lijstscheidingstekens gescheiden waarden (Windows).ADR
2014-12-14 12:50 - 2014-03-19 17:03 - 00000000 ____D () C:\Users\Tessa\Documents\inge
2014-12-12 16:04 - 2014-01-25 21:39 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-12 13:52 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-12-12 13:43 - 2014-08-18 15:27 - 00002207 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-12 13:26 - 2014-05-06 22:08 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-12 13:26 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions

Files to move or delete:
====================
C:\Users\frank&jose\ghost.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

  • 0

#4
ruggie_uk
Posted 12 January 2015 - 06:23 AM

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-01-2015
Ran by frank&jose at 2015-01-11 21:19:52
Running from C:\Users\frank&jose\Downloads
Boot Mode: Safe Mode (with Networking)
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition 2013 (Disabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2013 (Disabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Aangifte inkomstenbelasting 2013 (HKLM-x32\...\Aangifte inkomstenbelasting 2013) (Version:  - Belastingdienst)
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.182 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Nederlands (HKLM-x32\...\{AC76BA86-7AD7-1043-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 11 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11 - Adobe Systems, Inc.)
Apple Application Support (HKLM-x32\...\{3FA365DF-2D68-45ED-8F83-8C8A33E65143}) (Version: 1.1.0 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}) (Version: 2.1.1.116 - Apple Inc.)
Astroburn Lite (HKLM-x32\...\Astroburn Lite) (Version: 1.8.0.0182 - Disc Soft Ltd)
ATI AVIVO64 Codecs (Version: 10.12.0.00202 - ATI Technologies Inc.) Hidden
ATI Catalyst Install Manager (HKLM\...\{ED49426D-A15D-D7E0-DF56-3AC844CEDF8E}) (Version: 3.0.762.0 - ATI Technologies, Inc.)
AVG 2013 (HKLM\...\AVG) (Version: 2013.0.3495 - AVG Technologies)
AVG 2013 (Version: 13.0.3495 - AVG Technologies) Hidden
AVG 2013 (Version: 13.0.4253 - AVG Technologies) Hidden
ccc-core-static (x32 Version: 2010.0202.2335.42270 - Uw bedrijfsnaam) Hidden
ComproDTV 4 (HKLM-x32\...\{8CA8415F-8D77-44A4-9D59-C258D6FB5155}) (Version: 4.57.740 - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.48.1.0347 - Disc Soft Ltd)
De Sims 2 (HKLM-x32\...\{6E7DD182-9FC6-4651-0095-2E666CC6AF35}) (Version:  - )
De Sims 2 Gaan het Maken (HKLM-x32\...\{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}) (Version:  - )
De Sims 2 Glamour - Accessoires (HKLM-x32\...\{9CDBC303-3EED-40b0-8E41-A7C65AA96C26}) (Version:  - )
De Sims 2 Nachtleven (HKLM-x32\...\{F7529650-B9DB-481B-0089-A2AC3C2821C1}) (Version:  - )
De Sims 2 Studentenleven (HKLM-x32\...\{01521746-02A6-4A72-00BD-A285DF6B80C6}) (Version:  - )
De Simsâ„¢ 2 Appartementsleven (HKLM-x32\...\{B6F5B704-06D3-4687-90F3-6195304AD755}) (Version:  - Electronic Arts)
De Sims™ 2 Familiepret – Accessoires (HKLM-x32\...\{6BDD9CE6-D0A6-478A-BAD3-BA6945E89EB0}) (Version:  - )
De Simsâ„¢ 2 Feest! Accessoires (HKLM-x32\...\{EAA38532-7AD0-4f78-918A-4F4F02096ECE}) (Version:  - )
De Sims™ 2 H&M® Fashion - Accessoires (HKLM-x32\...\{84DDE556-43EF-43ed-B2DF-37AF9E5DDD75}) (Version:  - )
De Simsâ„¢ 2 Huisdieren (HKLM-x32\...\{4817189D-1785-4627-A33C-39FD90919300}) (Version:  - )
De Sims™ 2 IKEA® Woon Accessoires (HKLM-x32\...\{6E17F9751-F056-4335-B718-8AF1B1092AFB}) (Version:  - Electronic Arts)
De Simsâ„¢ 2 Keuken & Bad Accessoires (HKLM-x32\...\{6522C636-B04C-4333-9BEB-9E0C0B6350D6}) (Version:  - Electronic Arts)
De Simsâ„¢ 2 Op Reis (HKLM-x32\...\{F248ADFA-64E0-4b03-8A83-059078BED6A0}) (Version:  - Electronic Arts)
De Simsâ„¢ 2 Seizoenen (HKLM-x32\...\{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}) (Version:  - )
De Simsâ„¢ 2 Tiener Accessoires (HKLM-x32\...\{5C648FDB-0138-4619-B66E-230EF53E8E2C}) (Version:  - Electronic Arts)
De Simsâ„¢ 2 Villa en Tuin Accessoires (HKLM-x32\...\{1A2A15C2-6780-49c1-B296-503230E9DE00}) (Version:  - Electronic Arts)
De Simsâ„¢ 2 Vrije Tijd (HKLM-x32\...\{87F6C83D-F949-4d14-B5CB-DC8C75F8932D}) (Version:  - Electronic Arts)
DVD Flick 1.3.0.7 (HKLM-x32\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen)
DVD Shrink 3.1.6 (HKLM-x32\...\DVD Shrink_is1) (Version:  - DVD Shrink)
DVDStyler v2.7.2 (HKLM-x32\...\DVDStyler_is1) (Version:  - )
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
FUJIFILM MyFinePix Studio 3.1 (HKLM-x32\...\MyFinePix Studio_is1) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
HydraVision (x32 Version: 4.2.142.0 - ATI Technologies Inc.) Hidden
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.4.3.0 - LIGHTNING UK!)
Karen's Replicator (HKLM-x32\...\Karen's Replicator) (Version: 3.6.0.9 - Karen Kenworthy)
Knoll Light Factory EZ Studio (HKLM-x32\...\Knoll Light Factory EZ Studio) (Version:  - )
Kodi (HKU\S-1-5-21-158038807-2111473649-2187484589-1001\...\Kodi) (Version:  - Team-Kodi)
Kruidvat fotoservice (HKLM-x32\...\Kruidvat fotoservice) (Version: 5.1.6 - CEWE Stiftung u Co. KGaA)
Magic Bullet Looks Studio (HKLM-x32\...\Magic Bullet Looks Studio) (Version:  - )
Magical Jelly Bean KeyFinder (HKLM-x32\...\KeyFinder_is1) (Version: 2.0.10.9 - Magical Jelly Bean)
Malwarebytes Anti-Malware versie 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Nederlands) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1043) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
MiniTool Partition Wizard Home Edition 8.1.1 (HKLM-x32\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version:  - MiniTool Solution Ltd.)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 34.0.5 (x86 nl) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 nl)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 8 Lite (HKLM-x32\...\Nero8Lite_is1) (Version: 8.3.13.0 - UpdatePack.nl)
OpenVPN 2.3.2-I200 (uac/max_config build) (HKLM-x32\...\OpenVPN) (Version: 2.3.2-I200 - )
Pinnacle Studio 14 (HKLM-x32\...\{AADD1C8F-D59F-4D55-A726-768C71A205A8}) (Version: 14.0.0.7255 - Pinnacle Systems)
Pinnacle Studio Ultimate Collection Plugins (HKLM-x32\...\{F5C372A1-40F3-49DA-A049-F75CDE9177DC}) (Version: 14.0.0.7255 - Pinnacle Systems)
Pinnacle videodriver (HKLM\...\{6DE721A5-5E89-4D74-994C-652BB3C0672E}) (Version: 12.1.0.030 - Pinnacle Systems)
QuickPar 0.9 (HKLM-x32\...\QuickPar) (Version: 0.9 - Peter B. Clements)
QuickTime (HKLM-x32\...\{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}) (Version: 7.65.17.80 - Apple Inc.)
Reader for PC (HKLM-x32\...\{38FB32F7-5A2A-40E4-B106-4C35F75725CD}) (Version: 2.4.00.05230 - Sony Corporation)
Red Giant ToonIt Studio (HKLM-x32\...\Red Giant ToonIt Studio) (Version:  - )
SABnzbd 0.7.16 (HKLM-x32\...\SABnzbd) (Version: 0.7.16 - The SABnzbd Team)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.3.13043_14 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.5.3.13043_14 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.43.0 - SAMSUNG Electronics Co., Ltd.)
SnagIt 9 (HKLM-x32\...\{2FADA80A-5D89-4CC8-9ED7-445527754A83}) (Version: 9.0.1 - TechSmith Corporation)
Spotnet (HKLM-x32\...\{12947715-B6F0-4597-816F-5E13FB647921}_is1) (Version: 1.8.1 - Spotnet)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
Trapcode 3DStroke Studio (HKLM-x32\...\Trapcode 3DStroke Studio) (Version:  - )
Trapcode Particular Studio (HKLM-x32\...\Trapcode Particular Studio) (Version:  - )
Trapcode Shine Studio (HKLM-x32\...\Trapcode Shine Studio) (Version:  - )
Ulead Straight-to-Disc SDK (HKLM-x32\...\{07224AA9-2F2F-46A2-9A56-3B7B603B5E6C}) (Version: 3.5 - )
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update voor Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0413-0000-0000000FF1CE}_PROPLUS_{5CF7002F-6F49-4482-9564-5614FBE560FA}) (Version:  - Microsoft)
Update voor Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0413-0000-0000000FF1CE}_PROPLUS_{15D84E79-1ED7-42C5-B2FD-745C3FBDDDC5}) (Version:  - Microsoft)
Update voor Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0413-0000-0000000FF1CE}_PROPLUS_{A66AE6A1-8D8C-4102-BC18-38CBDE40F809}) (Version:  - Microsoft)
VideoMate T, M, S Series  Driver (HKLM-x32\...\{41E340F0-0BD6-4A87-AF29-E9E584471756}) (Version: 1.39.200 - )
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
VLC media player 2.1.2 (HKLM-x32\...\VLC media player) (Version: 2.1.2 - VideoLAN)
WBFS Manager 3.0 (HKLM-x32\...\WBFS Manager 3.0) (Version: 3.0 - AlexDP)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

18-12-2014 22:53:52 Windows Update
26-12-2014 14:48:19 Gepland controlepunt
03-01-2015 13:02:26 Gepland controlepunt
08-01-2015 19:24:06 Installed HiNetRecorder
08-01-2015 19:42:06 Removed HiNetRecorder
11-01-2015 12:46:38 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {201F578A-AFEC-4F61-B45A-D895EAA883DC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-18] (Google Inc.)
Task: {460C83DE-270B-454B-AB6B-CBE6DF967BF6} - System32\Tasks\{0C415EB2-9CC5-4DCE-AA4D-EE313631FF41} => pcalua.exe -a "C:\Users\frank&jose\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WIKEWBEL\SwSaniNet_11 (1).exe" -d C:\Users\frank&jose\Desktop
Task: {6E18B373-9CB3-40D3-8FD2-3DE4B5582825} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2008-07-30] (Apple Inc.)
Task: {7066B872-0AF3-4D74-86FB-838518DE9751} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {E03DED85-9583-4635-81FB-AB89B32C316C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-18] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============


==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\67700528.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\67700528.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: mobilegeni daemon => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe

========================= Accounts: ==========================

Administrator (S-1-5-21-158038807-2111473649-2187484589-500 - Administrator - Disabled)
frank&jose (S-1-5-21-158038807-2111473649-2187484589-1001 - Administrator - Enabled) => C:\Users\frank&jose
Gast (S-1-5-21-158038807-2111473649-2187484589-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-158038807-2111473649-2187484589-1002 - Limited - Enabled)
Jochem (S-1-5-21-158038807-2111473649-2187484589-1004 - Administrator - Enabled) => C:\Users\Jochem
Rachel (S-1-5-21-158038807-2111473649-2187484589-1003 - Administrator - Enabled) => C:\Users\Rachel
share (S-1-5-21-158038807-2111473649-2187484589-1007 - Limited - Enabled)
Spel (S-1-5-21-158038807-2111473649-2187484589-1006 - Limited - Enabled) => C:\Users\Spel
Tessa (S-1-5-21-158038807-2111473649-2187484589-1005 - Limited - Enabled) => C:\Users\Tessa

==================== Faulty Device Manager Devices =============

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/11/2015 09:06:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/11/2015 09:00:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/11/2015 08:51:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/11/2015 08:47:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/11/2015 08:42:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/11/2015 08:09:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Naam van toepassing met fout: qsinstaller.exe, versie: 0.0.0.0, tijdstempel: 0x5491af1c
Naam van module met fout: qsinstaller.exe, versie: 0.0.0.0, tijdstempel: 0x5491af1c
Uitzonderingscode: 0xc0000417
Foutoffset: 0x00001ec9
Id van proces met fout: 0x7e4
Starttijd van toepassing met fout: 0xqsinstaller.exe0
Pad naar toepassing met fout: qsinstaller.exe1
Pad naar module met fout: qsinstaller.exe2
Rapport-id: qsinstaller.exe3

Error: (01/11/2015 08:04:20 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/11/2015 07:59:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/11/2015 07:32:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/11/2015 07:28:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (01/11/2015 09:18:35 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: De HomeGroup Provider-service is afhankelijk van de Function Discovery Provider Host-service, die vanwege de volgende fout niet kan worden gestart: 
%%1068

Error: (01/11/2015 09:18:35 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: De Computer Browser-service is afhankelijk van de Server-service, die vanwege de volgende fout niet kan worden gestart: 
%%1068

Error: (01/11/2015 09:18:35 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: De Computer Browser-service is afhankelijk van de Server-service, die vanwege de volgende fout niet kan worden gestart: 
%%1068

Error: (01/11/2015 09:18:35 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: De Computer Browser-service is afhankelijk van de Server-service, die vanwege de volgende fout niet kan worden gestart: 
%%1068

Error: (01/11/2015 09:18:35 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (01/11/2015 09:18:34 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: De Computer Browser-service is afhankelijk van de Server-service, die vanwege de volgende fout niet kan worden gestart: 
%%1068

Error: (01/11/2015 09:18:34 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: De Computer Browser-service is afhankelijk van de Server-service, die vanwege de volgende fout niet kan worden gestart: 
%%1068

Error: (01/11/2015 09:18:34 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: De Computer Browser-service is afhankelijk van de Server-service, die vanwege de volgende fout niet kan worden gestart: 
%%1068

Error: (01/11/2015 09:18:34 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: De Computer Browser-service is afhankelijk van de Server-service, die vanwege de volgende fout niet kan worden gestart: 
%%1068

Error: (01/11/2015 09:18:34 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: De Computer Browser-service is afhankelijk van de Server-service, die vanwege de volgende fout niet kan worden gestart: 
%%1068


Microsoft Office Sessions:
=========================

==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Quad CPU Q8200 @ 2.33GHz
Percentage of memory in use: 14%
Total physical RAM: 4094.49 MB
Available physical RAM: 3495.05 MB
Total Pagefile: 8187.16 MB
Available Pagefile: 7608 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (boot) (Fixed) (Total:111.69 GB) (Free:70.7 GB) NTFS
Drive f: (Programs) (Fixed) (Total:488.28 GB) (Free:445.14 GB) NTFS
Drive g: (Data) (Fixed) (Total:333.87 GB) (Free:174.48 GB) NTFS
Drive h: (Ghost) (Fixed) (Total:109.36 GB) (Free:26.4 GB) NTFS

  • 0

#5
ruggie_uk
Posted 12 January 2015 - 09:29 AM

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

Hi

Not a lot showing in the logs, but i do think there may be something very nasty lurking. i know you have had some problems with FRST but let's try it anyway. If it doesn't work - then proceed to Step 2 for now.

For future reference could you please paste your logs directly onto this thread please as it makes it easier for us to read them.

Let's try a couple of things first.

Step 1

FRST Fix

If FRST.exe/FRST64.exe is not on your desktop, please download Farbar Recovery Scan Tool and save it to your desktop.

  • Download the attached Attached File  fixlist.txt   140bytes   319 downloads and save it to your desktop <<< very important - it must be in the same location as FRST.exe/FRST64.exe
  • Right click frst.png and run as administrator. When the tool opens click Yes to the disclaimer.[/*]
    [*]Press the Fix button.[/*]
    [*]It will produce a log called fixlog.txt on your Desktop.[/*]
    [*]Please copy and paste the contents of that log back here.

    NOTICE: This script was written specifically for this user, for use on that particular machine, at this point in time. Running this on another machine may cause damage to your operating system.[/*]
    [/list]Step 2

    TDSSKiller_Kaspersky.png Scan with TDSSKiller

    Please download TDSSKiller by Kaspersky and save it to your desktop.

    [LIST]
    [*]Right-click on [imghttps://sites.google...r_Kaspersky.png
  • icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Click on Change parameters and put a checkmark beside Loaded modules. A reboot will be needed to apply the changes, allow it to do so.
  • Your machine may appear very slow and unusable after that - it's normal.
  • TDSSKiller will run automaticaly. Click on Change parameters and click OK.
  • Click the Start Scan button and wait patiently.
  • If anything will be found follow this guidelines:
    • If a suspicious object is detected, the default action will be Skip, click on Continue.
    • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
      Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
      If Cure is not available, please choose Skip instead.
    • Do not choose Delete unless instructed!
    A report will be created in your root directory, (usually C:\ drive) in the form of TDSSKiller.[Version]_[Date]_[Time]_log.txt. Please include the contents of that file in your next post.



    Items I need to see in your next post:
    • FRST Fixlog
    • TDSSkiller log

  • 0

#6
Essexboy
Posted 16 January 2015 - 06:45 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP