Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Fake scvhost processes taking up 99% of CPU, but no performance loss [


  • This topic is locked This topic is locked

#16
DeZiekeNon

DeZiekeNon

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 134 posts
I had already removed flstudio_9.0.exe.
 
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-01-2015
Ran by GD at 2015-01-20 12:35:21 Run:2
Running from C:\Users\GerrytDouwe\Desktop
Loaded Profiles: GD (Available profiles: GD)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
C:\Windows\temp023423.vbe
C:\ProgramData\Origin\update.vbe
C:\Users\All Users\Origin\update.vbe
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Origin\update.vbe
G:\Downloads\cdbxp_setup_4.3.7.2356.exe
G:\Downloads\dream-mkv-to-avi-converter.exe
G:\Downloads\drivermax.exe
G:\Downloads\drivermax_7_35_cnet.exe
G:\Downloads\drivermax_7_38_cnet.exe
G:\Downloads\DTLite4491-0356.exe
G:\Downloads\maxkeylogger_setup.zip
G:\Downloads\Setup_FLVConverter.exe
G:\Downloads\TVersitySetup_1_9_3.exe
G:\Downloads\undeleteplus_setup_ask.exe
G:\Downloads\Windows Loader v2.1.7.zip
G:\Downloads\Windows.7.Loader.v2.2.1.rar
G:\Downloads\Adobe Photoshop CS5.1 Extended\keygen.exe
G:\Downloads\Adobe.After.Effects.CS5.v10.0.x64.Incl.Keymaker-EMBRACE.nfo\keygen.exe
G:\Downloads\Producer Pack\Producer Pack\Fruity Loops 9\flstudio_9.0.exe
emptytemp:
end
 
 
*****************
 
C:\Windows\temp023423.vbe => Moved successfully.
C:\ProgramData\Origin\update.vbe => Moved successfully.
"C:\Users\All Users\Origin\update.vbe" => File/Directory not found.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Origin\update.vbe => Moved successfully.
G:\Downloads\cdbxp_setup_4.3.7.2356.exe => Moved successfully.
G:\Downloads\dream-mkv-to-avi-converter.exe => Moved successfully.
G:\Downloads\drivermax.exe => Moved successfully.
G:\Downloads\drivermax_7_35_cnet.exe => Moved successfully.
G:\Downloads\drivermax_7_38_cnet.exe => Moved successfully.
G:\Downloads\DTLite4491-0356.exe => Moved successfully.
G:\Downloads\maxkeylogger_setup.zip => Moved successfully.
G:\Downloads\Setup_FLVConverter.exe => Moved successfully.
G:\Downloads\TVersitySetup_1_9_3.exe => Moved successfully.
G:\Downloads\undeleteplus_setup_ask.exe => Moved successfully.
G:\Downloads\Windows Loader v2.1.7.zip => Moved successfully.
G:\Downloads\Windows.7.Loader.v2.2.1.rar => Moved successfully.
G:\Downloads\Adobe Photoshop CS5.1 Extended\keygen.exe => Moved successfully.
G:\Downloads\Adobe.After.Effects.CS5.v10.0.x64.Incl.Keymaker-EMBRACE.nfo\keygen.exe => Moved successfully.
"G:\Downloads\Producer Pack\Producer Pack\Fruity Loops 9\flstudio_9.0.exe" => File/Directory not found.
EmptyTemp: => Removed 497.8 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 12:35:54 ====
 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015
Ran by GD (administrator) on PC-VAN-GD on 20-01-2015 12:43:04
Running from C:\Users\GerrytDouwe\Desktop
Loaded Profiles: GD (Available profiles: GD)
Platform: Windows 8.1 Pro (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(Blue Coat Systems, Inc.) C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Malwarebytes Corporation) F:\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) F:\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Malwarebytes Corporation) F:\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Innovative Solutions) F:\DriverMax\innostp.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Razer USA Ltd) F:\Drivers\Razer Mamba\RazerMambaSysTray.exe
(Dropbox, Inc.) C:\Users\GerrytDouwe\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [Razer Mamba Elite Driver] => F:\Drivers\Razer Mamba\RazerMambaSysTray.exe [974864 2012-12-21] (Razer USA Ltd)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKU\S-1-5-21-2567469324-3570782199-4075575107-1001\...\Run: [DAEMON Tools Lite] => F:\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-2567469324-3570782199-4075575107-1001\...\Run: [Spotify Web Helper] => C:\Users\GerrytDouwe\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1245752 2014-09-18] (Spotify Ltd)
HKU\S-1-5-21-2567469324-3570782199-4075575107-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-2567469324-3570782199-4075575107-1001\...\MountPoints2: {33929889-1a83-11e4-be9e-002618783dfc} - "H:\setup.exe" 
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Network Server.lnk
ShortcutTarget: Network Server.lnk -> F:\WibuKey\Server\WkSvMgr.exe (WIBU-SYSTEMS AG)
Startup: C:\Users\GerrytDouwe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\GerrytDouwe\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\GerrytDouwe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> F:\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => F:\Office Pro 2010 EN\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => F:\Office Pro 2010 EN\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => F:\Office Pro 2010 EN\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => F:\Office Pro 2010 EN\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => F:\Office Pro 2010 EN\Office14\GROOVEEX.DLL (Microsoft Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-2567469324-3570782199-4075575107-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.nl.msn.com/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> F:\Office Pro 2010 EN\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> F:\Java\bin\ssv.dll (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> F:\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> F:\Office Pro 2010 EN\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> F:\Java\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - F:\Visio 2013 Pro\Office15\MSOSB.DLL (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> F:\Java\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> F:\Java\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> F:\Office Pro 2010 EN\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> F:\Visio 2013 Pro\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> F:\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF HKLM\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.nl/
CHR StartupUrls: Default -> "hxxp://www.gomtv.net/2013wcs3/vod/80857", "https://mail.google....mail/u/0/#inbox", "hxxp://www.pathe.nl/bioscoop/groningen/agenda/6-9-2013", "hxxp://www.nzbindex.nl/search/?q=pacific+rim&age=&max=25&minage=&sort=agedesc&minsize=2000&maxsize=&dq=&poster=&nfo=&hidespam=0&hidespam=1&more=1", "hxxp://forum.dutchbodybuilding.com/", "https://mail.google.com/mail/u/0/", "https://www.google.nl/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\GerrytDouwe\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (QR Code) - C:\Users\GerrytDouwe\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaephdgbinagkeepamlbkhkfbiaedabm [2014-07-22]
CHR Extension: (Media Hint) - C:\Users\GerrytDouwe\AppData\Local\Google\Chrome\User Data\Default\Extensions\akipcefbjlmpbcejgdaopmmidpnjlhnb [2014-11-28]
CHR Extension: (Google Documenten) - C:\Users\GerrytDouwe\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-22]
CHR Extension: (Google Drive) - C:\Users\GerrytDouwe\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-22]
CHR Extension: (YouTube) - C:\Users\GerrytDouwe\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-22]
CHR Extension: (Netflix Rate) - C:\Users\GerrytDouwe\AppData\Local\Google\Chrome\User Data\Default\Extensions\cofjbfnpecflopfknbpnhhpnegbflfph [2014-12-14]
CHR Extension: (Google Zoeken) - C:\Users\GerrytDouwe\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-22]
CHR Extension: (Mailto: for Gmail™) - C:\Users\GerrytDouwe\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgkkmcknielgdhebimdnfahpipajcpjn [2014-07-22]
CHR Extension: (witte ruis) - C:\Users\GerrytDouwe\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejkjpdnomgodmagfmhojepjlajpoicip [2014-07-22]
CHR Extension: (AdBlock) - C:\Users\GerrytDouwe\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-07-22]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\GerrytDouwe\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2014-12-27]
CHR Extension: (Rekenmachine) - C:\Users\GerrytDouwe\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdkgihpbaofhkiliohfepioflkkbapao [2014-07-22]
CHR Extension: (Google Maps) - C:\Users\GerrytDouwe\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2014-07-22]
CHR Extension: (Google Wallet) - C:\Users\GerrytDouwe\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-22]
CHR Extension: (Greyscale) - C:\Users\GerrytDouwe\AppData\Local\Google\Chrome\User Data\Default\Extensions\penkfbldfkaelnnhblmfmajlggdielfm [2014-07-22]
CHR Extension: (Evernote Web Clipper) - C:\Users\GerrytDouwe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2014-07-22]
CHR Extension: (Gmail) - C:\Users\GerrytDouwe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-22]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 bckwfs; C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe [2647256 2014-01-24] (Blue Coat Systems, Inc.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 MBAMScheduler; F:\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; F:\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 Microsoft SharePoint Workspace Audit Service; F:\Office Pro 2010 EN\Office14\GROOVE.EXE [30814400 2013-12-18] (Microsoft Corporation)
S3 OpenVPNService; F:\OpenVPN\bin\openvpnserv.exe [37176 2014-08-07] (The OpenVPN Project)
S3 Origin Client Service; F:\Origin\OriginClientService.exe [1903472 2014-12-27] (Electronic Arts)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2014-10-31] ()
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [671000 2014-11-04] (Wacom Technology, Corp.)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2014-03-11] (Advanced Micro Devices)
R2 bckd; C:\Windows\System32\drivers\bckd.sys [126168 2014-01-24] (Blue Coat Systems, Inc.)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-08-02] (Disc Soft Ltd)
R3 mamba2; C:\Windows\System32\drivers\mamba2.sys [11776 2012-12-10] (Razer USA Ltd)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-20] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\system32\DRIVERS\ASACPI.sys [17280 2013-05-17] ()
R0 TPkd; C:\Windows\SysWow64\Drivers\TPkd.sys [93336 2012-05-16] (PACE Anti-Piracy, Inc.)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
R2 WIBUKEY; C:\Windows\System32\DRIVERS\WibuKey64.sys [103224 2009-12-03] (WIBU-SYSTEMS AG)
S3 Wibukey2_64; C:\Windows\system32\drivers\wibukey2_64.sys [16896 2009-08-07] (WIBU-SYSTEMS AG)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2014-07-21] (Microsoft Corporation)
S2 AODDriver4.2.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
S1 Capsax64Drv0; System32\Drivers\Capsax64Drv0.sys [X]
S1 CSN5PDTS82; System32\Drivers\CSN5PDTS82.sys [X]
S1 CSN5PDTS82x64; System32\Drivers\CSN5PDTS82x64.sys [X]
S1 CsNdisLWF; System32\Drivers\CsNdisLWF.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-20 12:35 - 2015-01-20 12:35 - 00000000 ____D () C:\Users\GerrytDouwe\Desktop\FRST-OlderVersion
2015-01-19 20:43 - 2015-01-19 20:43 - 00000000 ____D () C:\Program Files (x86)\AIR Music Technology
2015-01-19 16:23 - 2015-01-19 16:23 - 00000000 ____D () C:\Users\GerrytDouwe\AppData\Roaming\PACE Anti-Piracy
2015-01-19 16:23 - 2015-01-19 16:23 - 00000000 ____D () C:\Users\GerrytDouwe\AppData\Local\PACE Anti-Piracy
2015-01-19 16:23 - 2015-01-19 16:23 - 00000000 ____D () C:\ProgramData\PACE Anti-Piracy
2015-01-19 16:19 - 2015-01-19 16:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SONiVOX
2015-01-19 16:18 - 2015-01-19 20:44 - 00000000 ____D () C:\Program Files\Common Files\SONiVOX
2015-01-19 16:18 - 2015-01-19 16:18 - 00000000 ____D () C:\Program Files\Common Files\Avid
2015-01-19 16:18 - 2012-05-16 11:13 - 00105624 _____ (PACE Anti-Piracy, Inc.) C:\WINDOWS\system32\Drivers\Tpkd.sys
2015-01-19 16:18 - 2012-05-16 11:13 - 00093336 _____ (PACE Anti-Piracy, Inc.) C:\WINDOWS\SysWOW64\Drivers\Tpkd.sys
2015-01-19 16:18 - 2011-08-19 14:36 - 00232960 _____ () C:\WINDOWS\system32\libpng15.dll
2015-01-19 16:18 - 2011-08-19 14:36 - 00119296 _____ () C:\WINDOWS\system32\zlib1.dll
2015-01-19 16:18 - 2011-06-28 16:42 - 00630784 _____ (PACE Anti-Piracy) C:\WINDOWS\SysWOW64\ilinet.dll
2015-01-19 16:18 - 2011-06-28 16:32 - 00839680 _____ (PACE Anti-Piracy) C:\WINDOWS\system32\ilinet.dll
2015-01-19 16:17 - 2015-01-19 16:17 - 00000000 ____D () C:\ProgramData\SONiVOX
2015-01-19 16:17 - 2015-01-19 16:17 - 00000000 ____D () C:\Program Files (x86)\SONiVOX
2015-01-18 14:07 - 2015-01-18 14:29 - 00000000 ____D () C:\Users\GerrytDouwe\AppData\Local\Western Digital
2015-01-16 23:52 - 2015-01-16 23:52 - 02347384 _____ (ESET) C:\Users\GerrytDouwe\Desktop\esetsmartinstaller_enu.exe
2015-01-16 23:52 - 2015-01-16 23:52 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-01-16 23:09 - 2015-01-20 12:38 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-01-16 23:08 - 2015-01-16 23:08 - 00000645 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-16 23:08 - 2015-01-16 23:08 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-16 23:08 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-01-16 23:08 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-01-16 23:08 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-01-16 23:07 - 2015-01-16 23:07 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\GerrytDouwe\Desktop\mbam-setup-2.0.4.1028.exe
2015-01-16 21:56 - 2015-01-16 23:01 - 00000000 ____D () C:\AdwCleaner
2015-01-16 21:54 - 2015-01-16 21:54 - 02191360 _____ () C:\Users\GerrytDouwe\Desktop\adwcleaner_4.107.exe
2015-01-16 21:43 - 2015-01-16 21:43 - 00000907 _____ () C:\Users\GerrytDouwe\Desktop\JRT.txt
2015-01-16 21:41 - 2015-01-16 21:41 - 00000000 ____D () C:\WINDOWS\ERUNT
2015-01-16 21:38 - 2015-01-16 21:39 - 01707939 _____ (Thisisu) C:\Users\GerrytDouwe\Desktop\JRT.exe
2015-01-16 19:44 - 2015-01-16 19:44 - 00045100 _____ () C:\Users\GerrytDouwe\Desktop\Shortcut.txt
2015-01-16 19:43 - 2015-01-16 19:44 - 00034944 _____ () C:\Users\GerrytDouwe\Desktop\Addition.txt
2015-01-16 19:42 - 2015-01-20 12:43 - 00018903 _____ () C:\Users\GerrytDouwe\Desktop\FRST.txt
2015-01-16 19:41 - 2015-01-20 12:43 - 00000000 ____D () C:\FRST
2015-01-16 19:41 - 2015-01-20 12:35 - 02126848 _____ (Farbar) C:\Users\GerrytDouwe\Desktop\FRST64.exe
2015-01-14 13:06 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2015-01-14 13:06 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-01-14 13:06 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-01-14 13:06 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-01-14 13:06 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-01-14 13:06 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-01-14 13:06 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2015-01-14 13:06 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-01-14 13:06 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2015-01-14 13:06 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-01-14 13:06 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-01-14 13:06 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-01-14 13:06 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-01-14 13:06 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-01-14 13:06 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-01-14 13:06 - 2014-10-29 05:00 - 00465320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2015-01-14 13:06 - 2014-10-29 05:00 - 00139984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2015-01-14 13:06 - 2014-10-29 04:52 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-01-14 13:06 - 2014-10-29 04:52 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-01-14 13:06 - 2014-10-29 04:52 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2015-01-14 13:06 - 2014-10-29 04:52 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2015-01-14 13:06 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2015-01-14 13:06 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2015-01-14 13:06 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-01-14 13:06 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-01-14 13:06 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2015-01-14 13:06 - 2014-10-29 03:44 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-01-14 13:06 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2015-01-14 13:06 - 2014-10-29 02:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2015-01-14 13:06 - 2014-10-29 02:02 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-01-14 13:06 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll
2015-01-07 23:04 - 2015-01-07 23:05 - 00000000 ____D () C:\tmp
2015-01-07 23:03 - 2015-01-07 23:03 - 00000000 ____D () C:\Users\GerrytDouwe\.thumbnails
2015-01-07 16:22 - 2015-01-07 16:22 - 00000000 ____D () C:\Users\GerrytDouwe\AppData\Roaming\WTablet
2015-01-07 16:19 - 2015-01-07 16:19 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wacom Tablet
2015-01-07 16:19 - 2015-01-07 16:19 - 00000000 ____D () C:\Program Files\TabletPlugins
2015-01-07 16:19 - 2015-01-07 16:19 - 00000000 ____D () C:\Program Files\Tablet
2015-01-07 16:19 - 2015-01-07 16:19 - 00000000 ____D () C:\Program Files (x86)\TabletPlugins
2015-01-07 16:19 - 2014-11-04 19:49 - 02029336 _____ (Wacom Technology, Corp.) C:\WINDOWS\system32\WacomMT.dll
2015-01-07 16:19 - 2014-11-04 19:49 - 01995544 _____ (Wacom Technology, Corp.) C:\WINDOWS\system32\Wacom_Tablet.dll
2015-01-07 16:19 - 2014-11-04 19:49 - 01988888 _____ (Wacom Technology, Corp.) C:\WINDOWS\system32\Wacom_Touch_Tablet.dll
2015-01-07 16:19 - 2014-11-04 19:49 - 01863448 _____ (Wacom Technology, Corp.) C:\WINDOWS\system32\Wintab32.dll
2015-01-07 16:19 - 2014-11-04 19:49 - 01626392 _____ (Wacom Technology, Corp.) C:\WINDOWS\SysWOW64\WacomMT.dll
2015-01-07 16:19 - 2014-11-04 19:49 - 01617176 _____ (Wacom Technology, Corp.) C:\WINDOWS\SysWOW64\Wacom_Tablet.dll
2015-01-07 16:19 - 2014-11-04 19:49 - 01610008 _____ (Wacom Technology, Corp.) C:\WINDOWS\SysWOW64\Wacom_Touch_Tablet.dll
2015-01-07 16:19 - 2014-11-04 19:49 - 01497368 _____ (Wacom Technology, Corp.) C:\WINDOWS\SysWOW64\Wintab32.dll
2015-01-07 16:19 - 2014-10-07 00:54 - 00100664 _____ (Wacom Technology) C:\WINDOWS\system32\Drivers\wachidrouter.sys
2015-01-07 16:19 - 2014-10-07 00:54 - 00015160 _____ (Wacom Technology) C:\WINDOWS\system32\Drivers\wacomrouterfilter.sys
2015-01-07 16:19 - 2014-10-07 00:54 - 00014136 _____ (Windows ® Win 7 DDK provider) C:\WINDOWS\system32\Drivers\hidkmdf.sys
2015-01-07 16:19 - 2012-12-11 23:12 - 01721576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wdfcoinstaller01009.dll
2015-01-02 00:42 - 2015-01-02 00:42 - 00000000 ____D () C:\Users\GerrytDouwe\AppData\Roaming\Mozilla
2014-12-30 19:01 - 2014-12-30 19:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
2014-12-29 00:06 - 2014-12-29 00:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Sims 4 Update 6 - RELOADED + 17 Languages
2014-12-28 16:02 - 2014-12-28 16:02 - 464553862 _____ () C:\WINDOWS\MEMORY.DMP
2014-12-28 16:02 - 2014-12-28 16:02 - 00280328 _____ () C:\WINDOWS\Minidump\122814-17812-01.dmp
2014-12-26 23:16 - 2014-12-26 23:16 - 00280328 _____ () C:\WINDOWS\Minidump\122614-14812-01.dmp
2014-12-26 22:46 - 2014-12-26 22:46 - 00280328 _____ () C:\WINDOWS\Minidump\122614-15218-01.dmp
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-20 12:38 - 2014-07-20 14:10 - 00000000 ____D () C:\Users\GerrytDouwe\AppData\Roaming\Dropbox
2015-01-20 12:37 - 2014-09-02 12:15 - 00000236 _____ () C:\WINDOWS\Tasks\Application Starter - e59f1e4b45dd829c4c6703b808149960.job
2015-01-20 12:37 - 2014-07-22 11:05 - 00001080 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-20 12:37 - 2014-07-20 17:24 - 00000000 __RDO () C:\Users\GerrytDouwe\OneDrive
2015-01-20 12:37 - 2014-07-20 15:35 - 00000000 ____D () C:\Users\GerrytDouwe\AppData\Roaming\Skype
2015-01-20 12:37 - 2013-08-22 15:46 - 00315464 _____ () C:\WINDOWS\setupact.log
2015-01-20 12:37 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-01-20 12:36 - 2014-07-20 17:18 - 01804042 _____ () C:\WINDOWS\WindowsUpdate.log
2015-01-20 12:36 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-01-20 12:35 - 2014-08-14 14:39 - 00000000 ____D () C:\ProgramData\Origin
2015-01-20 12:20 - 2014-07-22 11:05 - 00001084 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-20 12:12 - 2014-03-18 11:04 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-01-20 01:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-01-19 20:44 - 2014-07-20 14:21 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-19 16:38 - 2014-07-20 12:52 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2567469324-3570782199-4075575107-1001
2015-01-19 16:26 - 2014-07-20 14:26 - 00000000 ___RD () C:\Users\GerrytDouwe\Desktop\Software
2015-01-19 16:23 - 2014-07-20 12:45 - 00000000 ____D () C:\Users\GerrytDouwe\AppData\Local\VirtualStore
2015-01-19 00:28 - 2014-07-20 14:57 - 00000000 ____D () C:\Users\GerrytDouwe\AppData\Local\Battle.net
2015-01-18 15:42 - 2014-07-20 15:35 - 00000000 ____D () C:\Users\GerrytDouwe\AppData\Roaming\vlc
2015-01-18 12:45 - 2014-03-18 10:54 - 00046392 _____ () C:\WINDOWS\PFRO.log
2015-01-17 06:52 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-01-16 23:44 - 2013-08-22 16:36 - 00000000 __RSD () C:\WINDOWS\Media
2015-01-16 20:04 - 2014-07-25 14:29 - 00000000 ____D () C:\ProgramData\Adobe
2015-01-16 20:04 - 2014-07-25 14:29 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-01-14 13:33 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-01-14 13:32 - 2014-07-20 13:35 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-01-14 13:28 - 2014-07-20 13:35 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-01-10 00:38 - 2014-07-20 17:13 - 00000000 ____D () C:\Users\GerrytDouwe
2015-01-06 01:08 - 2013-08-22 16:38 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-01-06 01:08 - 2013-08-22 16:38 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-04 01:47 - 2014-07-27 20:47 - 00000000 ____D () C:\Users\GerrytDouwe\AppData\Roaming\BitTorrent
2015-01-03 21:46 - 2014-10-21 20:22 - 00000000 ____D () C:\Users\GerrytDouwe\Documents\Telltale Games
2015-01-03 19:44 - 2014-07-25 14:19 - 01628672 ___SH () C:\Users\GerrytDouwe\Desktop\Thumbs.db
2014-12-31 12:14 - 2014-07-20 13:22 - 00298120 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2014-12-28 19:24 - 2014-07-20 14:26 - 00000000 ___RD () C:\Users\GerrytDouwe\Desktop\Games
2014-12-28 16:02 - 2014-08-02 21:23 - 00000000 ____D () C:\WINDOWS\Minidump
2014-12-28 01:37 - 2014-08-14 14:39 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-12-27 22:45 - 2014-08-14 15:12 - 00000000 ____D () C:\Users\GerrytDouwe\Documents\Electronic Arts
2014-12-27 12:46 - 2014-08-14 14:41 - 00000000 ___HD () C:\Users\GerrytDouwe\AppData\Roaming\Origin
2014-12-26 14:47 - 2014-07-20 17:09 - 00000426 _____ () C:\WINDOWS\BRWMARK.INI
2014-12-23 11:21 - 2014-07-20 15:35 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-12-23 11:21 - 2014-07-20 15:35 - 00000000 ____D () C:\ProgramData\Skype
2014-12-22 20:37 - 2014-07-20 15:08 - 00000000 ____D () C:\Users\GerrytDouwe\AppData\Local\Microsoft Help
 
==================== Files in the root of some directories =======
2014-09-11 14:50 - 2014-11-05 16:00 - 0001456 _____ () C:\Users\GerrytDouwe\AppData\Local\Adobe Opslaan voor web 12.0 Prefs
2014-07-27 13:15 - 2014-12-09 23:49 - 0007597 _____ () C:\Users\GerrytDouwe\AppData\Local\Resmon.ResmonCfg
 
Files to move or delete:
====================
C:\Users\GerrytDouwe\AppData\Roaming\Origin\update.vbe
 
 
Some content of TEMP:
====================
C:\Users\GerrytDouwe\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmph7deei.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-15 12:04
 
==================== End Of Log ============================
 

 Results of screen317's Security Check version 0.99.93  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Windows Defender   
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Java 7 Update 51  
 Java version 32-bit out of Date!
 Adobe Flash Player 16.0.0.235  
 Adobe Reader XI  
 Google Chrome (39.0.2171.95) 
 Google Chrome (39.0.2171.99) 
````````Process Check: objlist.exe by Laurent````````
 Windows Defender MSMpEng.exe 
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 mbamscheduler.exe    
 Windows Defender MpCmdRun.exe   
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 17-1-2015
Scan Time: 03:33:54
Logfile: MB scan log.txt
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2015.01.16.14
Rootkit Database: v2015.01.14.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: GD
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 338743
Time Elapsed: 6 min, 45 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 

Edited by DeZiekeNon, 20 January 2015 - 05:50 AM.

  • 0

Advertisements


#17
DeZiekeNon

DeZiekeNon

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 134 posts

Done. Malwarebytes log also included.


  • 0

#18
ruggie_uk

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

All good. There are a couple of stray files to remove and then we are all done and can clean up.

 

Please pay attention to the Java advice further down as your Java is out of date.
 
Use this new Attached File  fixlist.txt   330bytes   75 downloads with FRST like before and paste the log.
 
Followed by:
 
Good news, it looks like your system is now clean. A good workman cleans up after himself so let's now attend to that :D

Tool Removal

We need to remove the tools we've used during cleaning your machine

  • Download Delfix from here
  • Ensure Remove disinfection tools is ticked
    Also tick:
    • Activate UAC
    • Create registry backup
    • Purge system restore
    • Reset System Settings
    delfix-select.png
  • Click Run
  • The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply

    We need to uninstall a program
    Open Programs and Features by clicking the Start button, clicking Control Panel, clicking Programs, and then clicking Programs and Features.
    Select the following programs from the list below, one at a time and click Uninstall.
    • ESET Online Scanner
    Delete the following Files and Folders (If Present):
    C:\Program Files (x86)\ESET
    Delete any other .bat, .log, .reg, .txt, and any other files created during this process, and left on the desktop and empty the Recycle Bin.



    Keep your machine updated

    Due to the ever-present tide of malware, it is important to ensure your computer is kept up-to-date to minimize the risk of future infection. An important step is to ensure that automatic updates are enabled.


    To enable automatic updates:

    Windows 8
    To turn on Automatic Updates yourself, follow these steps:
    • Open Windows Update by swiping in from the right edge of the screen (or, if you're using a mouse, pointing to the bottom-right corner of the screen and moving the mouse pointer up), tapping or clicking Settings, tapping or clicking Change PC settings, then tapping or clicking Update and recovery.
    • Tap or click Choose how updates are installed.
    • Select the option that you want.
    • Under Recommended updates, select the Give me recommended updates the same way I receive important updates or Include recommended updates when downloading, installing, or notifying me about updates check box, and then click OK.
    It is recommended to install an anti-malware to help prevent reinfection.
    Below are some free ones that can help keep you clean.

    Malwarebytes AntiMalware

    As you have installed Malwarebytes, I recommend that you keep this program and use it to help you stay clean.

    The free version will scan your computer and fix the problems it finds but will not provide real-time protection. You must scan regularly to find any threats.
    Consider purchasing the full version for active monitoring of threats.
    JAVA Advice
    WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
    See this article and this article.
    I would recommend that you completely uninstall Java unless you need it to run an important software or need it to play games on-line.
    In that instance I would recommend that you only use Firefox or Chrome to visit those sites and do the following:
    • For Firefox, install the NoScript add-on.
    • For Chrome, install the ScriptSafe add-on.
      -->IMPORTANT<--: After installing the add-ons you will need to tell them that the site you are visiting is allowed to run Javascript. If you don't, the sites won't work properly. Or not at all. You can go to the NoScript home page here to learn how to use the add-on.
    • Disable Java in your browsers until you need it for that software and then enable it. (See How to disable Java in your web browser or How to unplug Java from the browser)
    If you still want to update your Java, follow the instructions below:

    A.
    Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older versions of Java components and update:
    • Download the latest version of the Java Runtime Environment (JRE) Version from Here and save it to your desktop.
    • Look for "Java Platform, Standard Edition". You will see the current Java version and update number under listed under the heading. Example: The newest update is Java SE 8u25
    • Click the "Download button under "JRE".
    • On the Java SE Runtime Environment page, click the button to "Accept License Agreement".
    • Under the Java SE Runtime Environment 8u25 heading:
      To install the version for your system:
      • For Windows 64bit systems, look for Windows x64 - 88.37MB, click the jre-8u25-windows-64.exe file and save it to your desktop. Do Not run it from the Java site.
    • Close any programs you may have running - especially your web browser.
    B.
    Uninstall all versions of Java
    • Click Start > Control Panel > Add/Remove Programs. The list of installed programs will populate.
    • Click the Start Orb, then Control Panel. Under the Programs or Programs and Features section click Uninstall a program. The list of installed programs will populate.
    • Remove all older versions of Java. These may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE or J2SE
      The versions I see on the computer are:
      • Java 7 Update
      • Java 8 (64-bit)
      • Java SE Development Kit 8
    • Right click each program and click Uninstall and follow the on screen instructions for the Java uninstaller.
    • Repeat as many times as necessary to remove each Java version.
    • Reboot your computer once all Java components are removed.
    C.
    Install the latest JAVA

    Back on your desktop:
    • Right click the  jre-8u25-windows-x64.exe file, click Run as Administrator and OK the UAC prompt to install the newest version.
    • When the Java Setup - Welcome window opens, click the Install > button.
    • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
    [Note:] The Java Quick Starter (JQS.exe) adds a service to improve the initial start up time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > You will have to be in Classic View to see Java(It looks like a coffee cup). Double-click on Java click the Advanced Tab click Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.

    Update Adobe Flash Player

    NOTE: Depending on your settings, you may have to temporarily disable your antivirus software and firewall.
    • Please click here to go to the FlashPlayer Installation page.
    • In the first column, Adobe Flash Player, make sure the system version (64bit) and the browser are correct.
      • Note: If you use IE and other browsers you will need to install both Flash Player for IE and Flash Player for Other Browsers.
    • In the middle column, Optional offer:, UNCHECK the box next to Yes, install free McAfee Security Scan Plus
    • Click the Install now button. A download window for the install_flashplayer15x64_mssd_aaa_aih.exe file will open. Save it to the desktop.
    • Close the browser and all open windows.
    • Back on the desktop, right click the install_flashplayer15x64_mssd_aaa_aih.exe file and click Run as Administrator to install Flash Player.
    Cryptolocker Warning
    Go here for information about CryptoLocker Ransomeware.
    The main thing with this infection is ~ Backup.
    If you're using an external hard drive, keep it unplugged from the computer when you're not backing up files or using it. This will prevent the infection from getting to your backed up files if you ever do come across it.

    Recommended Programs
    Unchecky is a small service that runs in the background to help keep those "extra toolbars" and tag along search engines from automatically installing. By automatically directing you to a custom install with all the options unchecked, only what you manually choose and confirm gets installed.
    CryptoPrevent is a free program that prevents CryptoLocker / ransomware from infecting your PC by locking down the OS so the malware can not get a grip on your system.
    Web Of Trust is a browser add-on designed to alert the user before interacting with a potentially malicious website. It will highlight green if a site is known to be safe.

    Adblock is a firefox browser add-on that blocks annoying banners, pop-ups and video ads.

    General Advice
    • When browsing the internet, look closely at the links you click on. Some aren't always what they seem
    • Avoid Peer to Peer file sharing utilities, these are a minefield of malware infections.
    • Don't open email attachments unless you are expecting them. Even an email from your best friend can be infected, they might not have sent it.
    • Pay attention when installing a program to your computer, particularly to any check boxes that may appear during installation, it is common for unwanted software to be installed in this way.

  • 0

#19
DeZiekeNon

DeZiekeNon

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 134 posts
I will execute the steps from Java and below at a later time. Question. Do you recommend for me to renew my NOD32 Antivirus license? My license has expired a few weeks ago. I didn't renew it and relied on Windows Defender solely, which might not have been sufficient.
 
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-01-2015
Ran by GD at 2015-01-20 18:26:49 Run:3
Running from C:\Users\GerrytDouwe\Desktop
Loaded Profiles: GD (Available profiles: GD)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
C:\Users\GerrytDouwe\AppData\Roaming\Origin\update.vbe
HKU\S-1-5-21-2567469324-3570782199-4075575107-1001\...\MountPoints2: {33929889-1a83-11e4-be9e-002618783dfc} - "H:\setup.exe" 
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
(Innovative Solutions) F:\DriverMax\innostp.exe
F:\DriverMax
end
*****************
 
C:\Users\GerrytDouwe\AppData\Roaming\Origin\update.vbe => Moved successfully.
"HKU\S-1-5-21-2567469324-3570782199-4075575107-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{33929889-1a83-11e4-be9e-002618783dfc}" => Key deleted successfully.
HKCR\CLSID\{33929889-1a83-11e4-be9e-002618783dfc} => Key not found. 
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
[2908] F:\DriverMax\innostp.exe => Process closed successfully.
F:\DriverMax => Moved successfully.
 
==== End of Fixlog 18:26:52 ====
 
# DelFix v10.8 - Logfile created 20/01/2015 at 18:28:23
# Updated 29/07/2014 by Xplode
# Username : GD - PC-VAN-GD
# Operating System : Windows 8.1 Pro  (64 bits)
 
~ Activating UAC ... OK
 
~ Removing disinfection tools ...
 
Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\GerrytDouwe\Desktop\FRST-OlderVersion
Deleted : C:\Users\GerrytDouwe\Desktop\Addition.txt
Deleted : C:\Users\GerrytDouwe\Desktop\adwcleaner_4.107.exe
Deleted : C:\Users\GerrytDouwe\Desktop\esetsmartinstaller_enu.exe
Deleted : C:\Users\GerrytDouwe\Desktop\Fixlog.txt
Deleted : C:\Users\GerrytDouwe\Desktop\FRST.txt
Deleted : C:\Users\GerrytDouwe\Desktop\FRST64.exe
Deleted : C:\Users\GerrytDouwe\Desktop\JRT.exe
Deleted : C:\Users\GerrytDouwe\Desktop\JRT.txt
Deleted : C:\Users\GerrytDouwe\Desktop\SecurityCheck.exe
Deleted : C:\Users\GerrytDouwe\Desktop\Shortcut.txt
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\AdwCleaner
 
~ Creating registry backup ... OK
 
~ Cleaning system restore ...
 
Deleted : RP #47 [Restore Point Created by FRST | 01/16/2015 20:27:37]
Deleted : RP #48 [Installed Microsoft Visual C++ 2005 Redistributable | 01/19/2015 15:17:43]
 
New restore point created !
 
~ Resetting system settings ... OK
 
########## - EOF - ##########
 

Edited by DeZiekeNon, 20 January 2015 - 11:36 AM.

  • 0

#20
ruggie_uk

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

ESET is excellent software but a good free alternative to consider is Avast.

 

Your choice really what you prefer.

 

As you have no current subscription, you could try Avast and see how you like it - nothing to lose.

 

http://files.avast.c...virus_setup.exe


  • 0

#21
DeZiekeNon

DeZiekeNon

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 134 posts
So Windows Defender is not adequate?
  • 0

#22
ruggie_uk

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

It is good, I just prefer the others, it is a matter of preference really.


  • 0

#23
DeZiekeNon

DeZiekeNon

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 134 posts
Ok. I've worked through all of your instructions. Is that it?
  • 0

#24
ruggie_uk

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

That's it so if you have no problems I will close the thread

 

Safe surfing :D


  • 0

#25
DeZiekeNon

DeZiekeNon

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 134 posts

No problems. I much appreciated your help. The quality of the service on this forum is excellent. I think it's very admirable that you and the other G2G guys do this voluntarily and free of charge. Many thanks!


  • 0

Advertisements


#26
ruggie_uk

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

Thanks for your appreciation :D makes it worthwhile.


  • 0

#27
ruggie_uk

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP