Unable to remove NCdownloader

[Exchequer]

I am helping a family member with the removal of some spyware. Most stuff could be removed through the control panel but unfortunately the NCsoft uninstall failed (.dat missing). The microsoft fixit did not list ncdownloader.

 

I tried scanning with malware bytes and I did the combofixer.

 

So

1) Malware bytes

2) Combofixer

3) hijackthis log creation

 

Can someone assist me with the removal of NCdownloader?

hijackthis.log

combofixerlog.txt

mbam-log-2013-07-17 (15-09-05).txt

[Maniac]

Hello Exchequer and ! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

• If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
• I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
• Make sure you read all of the instructions and fixes thoroughly before continuing with them.
• Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
• Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
• Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.

Please follow the instructions here and then post the log files in your next reply.

http://forums.malwarebytes.org/index.php?showtopic=9573

About ComboFix: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

[Exchequer]

Hello Borislav:). Alright here are the results:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16611
Run by Gebruiker at 16:10:06 on 2013-07-17
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.31.1043.18.4003.2099 [GMT 2:00]
.
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\windows\system32\IProsetMonitor.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\System32\WUDFHost.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\windows\system32\taskhost.exe
C:\Users\GEBRUI~1\AppData\Local\Temp\TeamViewer\Version8\TeamViewer.exe
C:\Users\GEBRUI~1\AppData\Local\Temp\TeamViewer\Version8\tv_w32.exe
C:\Users\GEBRUI~1\AppData\Local\Temp\TeamViewer\Version8\tv_x64.exe
c:\users\gebrui~1\appdata\local\temp\teamviewer\version8\TeamViewer_Desktop.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.



BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Seyarich-eNeWTTab: {35682AA1-4056-476A-B738-B58E146B0A52} -
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ips\ipsbho.dll
BHO: Aanmeldhulp voor Windows Live ID: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: conytinuetuossave: {B20E78B7-FA05-69B9-2EF9-ADAEB0781778} -
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{31B68BC3-C850-4E9C-A740-F6B522884878} : DHCPNameServer = 192.168.0.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [igfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\windows\System32\drivers\NISx64\1309010.00E\symds64.sys [2013-2-6 451192]
R0 SymEFA;Symantec Extended File Attributes;C:\windows\System32\drivers\NISx64\1309010.00E\symefa64.sys [2013-2-6 1129120]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20130715.001_c6c\BHDrvx64.sys [2013-7-15 1393240]
R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\windows\System32\drivers\NISx64\1309010.00E\ccsetx64.sys [2013-2-6 167072]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20130716.001_ca7\IDSviA64.sys [2013-7-16 513184]
R1 SymIRON;Symantec Iron Driver;C:\windows\System32\drivers\NISx64\1309010.00E\ironx64.sys [2013-2-6 190072]
R1 SymNetS;Symantec Network Security WFP Driver;C:\windows\System32\drivers\NISx64\1309010.00E\symnets.sys [2013-2-6 405624]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\windows\System32\IPROSetMonitor.exe [2011-11-28 165032]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccsvchst.exe [2013-2-6 138272]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-7-5 2655768]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-12-9 138912]
R3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 asmthub3;ASMedia USB3 Hub Service;C:\windows\System32\drivers\asmthub3.sys [2010-10-16 121320]
S3 asmtxhci;ASMEDIA XHCI Service;C:\windows\System32\drivers\asmtxhci.sys [2010-10-16 356328]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-15 183560]
S3 fssfltr;fssfltr;C:\windows\System32\drivers\fssfltr.sys [2012-7-1 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2011-7-5 317440]
S3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2011-3-21 452200]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 WatAdminSvc;Windows Activation Technologies-service;C:\windows\System32\Wat\WatAdminSvc.exe [2011-7-5 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
.
=============== Created Last 30 ================
.
2013-07-17 13:48:28 -------- d-sh--w- C:\$RECYCLE.BIN
2013-07-17 13:32:38 98816 ----a-w- C:\windows\sed.exe
2013-07-17 13:32:38 256000 ----a-w- C:\windows\PEV.exe
2013-07-17 13:32:38 208896 ----a-w- C:\windows\MBR.exe
2013-07-17 13:08:27 -------- d-----w- C:\Users\Gebruiker\AppData\Roaming\Malwarebytes
2013-07-17 13:08:18 -------- d-----w- C:\ProgramData\Malwarebytes
2013-07-17 13:08:17 25928 ----a-w- C:\windows\System32\drivers\mbam.sys
2013-07-17 13:08:17 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-17 13:08:08 -------- d-----w- C:\Users\Gebruiker\AppData\Local\Programs
2013-07-17 13:02:37 -------- d-----w- C:\MATS
2013-07-17 12:50:17 -------- d-----w- C:\Users\Gebruiker\AppData\Roaming\TeamViewer
2013-07-14 21:50:57 -------- d-----w- C:\Program Files (x86)\McAfee Security Scan
2013-07-14 21:48:44 -------- d-----w- C:\Users\Gebruiker\AppData\Roaming\Delta
2013-07-14 21:48:43 -------- d-----w- C:\Users\Gebruiker\AppData\Roaming\BabSolution
2013-07-14 21:48:00 -------- d-----w- C:\ProgramData\Tarma Installer
2013-07-14 21:47:47 -------- d-----w- C:\Program Files (x86)\Media Player Classic - Home Cinema
2013-07-14 20:37:39 -------- d-----w- C:\Program Files\CCleaner
2013-07-14 20:30:18 -------- d-----w- C:\Program Files (x86)\TeamViewer
2013-07-14 20:26:27 -------- d-----w- C:\Users\Gebruiker\AppData\Local\CrashRpt
2013-07-14 20:26:12 -------- d-----w- C:\Users\Gebruiker\AppData\Local\Softonic
2013-07-14 20:25:59 -------- d-----w- C:\ProgramData\Systweak
2013-07-14 20:25:58 -------- d-----w- C:\Program Files (x86)\Advanced System Protector
2013-07-14 20:25:35 -------- d-----w- C:\Users\Gebruiker\AppData\Roaming\Systweak
2013-07-14 20:25:26 -------- d-----w- C:\Program Files (x86)\RegClean Pro
.
==================== Find3M  ====================
.
2013-06-12 20:01:15 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-12 20:01:15 692104 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2013-05-17 01:25:57 1767936 ----a-w- C:\windows\SysWow64\wininet.dll
2013-05-17 01:25:27 2877440 ----a-w- C:\windows\SysWow64\jscript9.dll
2013-05-17 01:25:26 61440 ----a-w- C:\windows\SysWow64\iesetup.dll
2013-05-17 01:25:26 109056 ----a-w- C:\windows\SysWow64\iesysprep.dll
2013-05-17 00:59:03 2241024 ----a-w- C:\windows\System32\wininet.dll
2013-05-17 00:58:10 3958784 ----a-w- C:\windows\System32\jscript9.dll
2013-05-17 00:58:08 67072 ----a-w- C:\windows\System32\iesetup.dll
2013-05-17 00:58:08 136704 ----a-w- C:\windows\System32\iesysprep.dll
2013-05-14 13:14:01 2706432 ----a-w- C:\windows\System32\mshtml.tlb
2013-05-14 12:23:25 89600 ----a-w- C:\windows\System32\RegisterIEPKEYs.exe
2013-05-14 09:23:31 2706432 ----a-w- C:\windows\SysWow64\mshtml.tlb
2013-05-14 08:40:13 71680 ----a-w- C:\windows\SysWow64\RegisterIEPKEYs.exe
2013-05-13 05:51:01 184320 ----a-w- C:\windows\System32\cryptsvc.dll
2013-05-13 05:51:00 1464320 ----a-w- C:\windows\System32\crypt32.dll
2013-05-13 05:51:00 139776 ----a-w- C:\windows\System32\cryptnet.dll
2013-05-13 05:50:40 52224 ----a-w- C:\windows\System32\certenc.dll
2013-05-13 04:45:55 140288 ----a-w- C:\windows\SysWow64\cryptsvc.dll
2013-05-13 04:45:55 1160192 ----a-w- C:\windows\SysWow64\crypt32.dll
2013-05-13 04:45:55 103936 ----a-w- C:\windows\SysWow64\cryptnet.dll
2013-05-13 03:43:55 1192448 ----a-w- C:\windows\System32\certutil.exe
2013-05-13 03:08:10 903168 ----a-w- C:\windows\SysWow64\certutil.exe
2013-05-13 03:08:06 43008 ----a-w- C:\windows\SysWow64\certenc.dll
2013-05-10 05:49:27 30720 ----a-w- C:\windows\System32\cryptdlg.dll
2013-05-10 03:20:54 24576 ----a-w- C:\windows\SysWow64\cryptdlg.dll
2013-05-08 06:39:01 1910632 ----a-w- C:\windows\System32\drivers\tcpip.sys
2013-04-26 05:51:36 751104 ----a-w- C:\windows\System32\win32spl.dll
2013-04-26 04:55:21 492544 ----a-w- C:\windows\SysWow64\win32spl.dll
2013-04-25 23:30:32 1505280 ----a-w- C:\windows\SysWow64\d3d11.dll
.
============= FINISH: 16:10:25,79 ===============

 

(The tool said to zip attach.txt but since you clearly state to copy paste them:)

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 28-11-2011 17:12:03
System Uptime: 17-7-2013 15:47:47 (1 hours ago)
.
Motherboard: Intel Corporation |  | DH61BE
Processor: Intel® Pentium® CPU G620 @ 2.60GHz | LGA1155 CPU 1 | 1586/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 120 GiB total, 76,794 GiB free.
D: is FIXED (NTFS) - 326 GiB total, 325,878 GiB free.
E: is CDROM ()
F: is FIXED (NTFS) - 116 GiB total, 92,92 GiB free.
G: is FIXED (NTFS) - 116 GiB total, 110,23 GiB free.
I: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: USB-controller
Device ID: PCI\VEN_1033&DEV_0194&SUBSYS_200C8086&REV_04\FFFFFFFFFFFFFFFF00
Manufacturer:
Name: USB-controller
PNP Device ID: PCI\VEN_1033&DEV_0194&SUBSYS_200C8086&REV_04\FFFFFFFFFFFFFFFF00
Service:
.
==== System Restore Points ===================
.
RP96: 13-7-2013 18:00:56 - Windows Update
RP97: 14-7-2013 0:34:46 - Windows Update
RP98: 14-7-2013 22:27:27 - RegClean Pro zo, jul 14, 13  22:27
RP99: 17-7-2013 14:28:53 - Herstelbewerking
RP100: 17-7-2013 14:56:35 - Contrôle ActiveX Windows Live Mesh pour connexions à distance is verwijderd
RP101: 17-7-2013 14:57:09 - Quitado Control ActiveX de Windows Live Mesh para conexiones remotas
RP102: 17-7-2013 14:58:28 - Uzak Baglantilar Için Windows Live Mesh ActiveX Denetimi is verwijderd
.
==== Installed Programs ======================
.
Aangifte inkomstenbelasting 2008
Aangifte inkomstenbelasting 2009
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.3) - Nederlands
Asmedia ASM104x USB 3.0 Host Controller Driver
Bing Bar
D3DX10
Galerie de photos Windows Live
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Intel® Management Engine Components
Intel® Network Connections 15.7.176.0
Intel® Processor Graphics
Junk Mail filter update
Malwarebytes Anti-Malware version 1.75.0.1300
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile NLD Language Pack
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Extended NLD Language Pack
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Office Klik-en-Klaar 2010
Microsoft Office Starter 2010 - Nederlands
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
MSVCRT
MSVCRT_amd64
NCDownloader
Norton Internet Security
Realtek Ethernet Controller Driver For Windows 7
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD (KB2518870)
Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD
Taalpakket voor Microsoft .NET Framework 4 Extended - NLD
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Windows Live
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Fotogalerie
Windows Live Fotograf Galerisi
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Temel Parçalar
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== End Of File ===========================

 

[Maniac]

Well done!

Step 1

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

Step 2

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on AdwCleaner.exe to run the tool.
• Click on Delete.
• Confirm each time with Ok.
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the content of that logfile with your next answer.
• You can find the logfile at C:\AdwCleaner[s1].txt as well.

Step 3

• Launch Malwarebytes' Anti-Malware
• Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
• Go to Scanner tab and select Perform Quick Scan, then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

In your next reply, post the following log files:

• Junkware Removal Tool log
• AdwCleaner log
• Malwarebytes' Anti-Malware log
• a new fresh DDS log

[Exchequer]

Copy past or attach?

[Maniac]

Everywhere is mentioned only copy/paste.

[Exchequer]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.1.2 (07.16.2013:1)
OS: Windows 7 Home Premium x64
Ran by Gebruiker on wo 17-07-2013 at 16:21:58,09
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\appid\{09c554c3-109b-483c-a06b-f14172f1a947}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\appid\{bdb69379-802f-4eaf-b541-f8de92dd98db}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{2eecd738-5844-4a99-b4b6-146bf802613b}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{e46c8196-b634-44a1-af6e-957c64278ab1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\interface\{31e3bc75-2a09-4cff-9c92-8d0ed8d1dc0f}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\typelib\{e2343056-cc08-46ac-b898-bfc7acf4e755}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\babylon
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\optimizer pro
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\sprotector
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\windows\currentversion\ext\settings\{2eecd738-5844-4a99-b4b6-146bf802613b}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\windows\currentversion\ext\settings\{98889811-442d-49dd-99d7-dc866be87dbc}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\windows\currentversion\ext\stats\{2eecd738-5844-4a99-b4b6-146bf802613b}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bbylntlbr.bbylntlbrhlpr
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bbylntlbr.bbylntlbrhlpr.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\facemoods_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\facemoods_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\facemoodssrv_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\facemoodssrv_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\mybabylontb_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\mybabylontb_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\sp global
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\sprotector
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}

 

~~~ Files

Successfully deleted: [File] "C:\users\public\desktop\babylon.lnk"

 

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\babylon"
Successfully deleted: [Folder] "C:\ProgramData\systweak"
Successfully deleted: [Folder] "C:\ProgramData\tarma installer"
Successfully deleted: [Folder] "C:\Users\Gebruiker\AppData\Roaming\babsolution"
Successfully deleted: [Folder] "C:\Users\Gebruiker\AppData\Roaming\babylon"
Successfully deleted: [Folder] "C:\Users\Gebruiker\AppData\Roaming\delta"
Successfully deleted: [Folder] "C:\Users\Gebruiker\AppData\Roaming\systweak"
Successfully deleted: [Folder] "C:\Users\Gebruiker\appdata\local\babylon"
Successfully deleted: [Folder] "C:\Users\Gebruiker\appdata\local\softonic"
Successfully deleted: [Folder] "C:\Program Files (x86)\advanced system protector"
Successfully deleted: [Folder] "C:\Program Files (x86)\continuetosave"
Successfully deleted: [Folder] "C:\Program Files (x86)\regclean pro"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\advanced system protector"
Successfully deleted: [Empty Folder] C:\Users\Gebruiker\appdata\local\{0256E8AC-6157-4388-AF2F-0AA438A47931}
Successfully deleted: [Empty Folder] C:\Users\Gebruiker\appdata\local\{0293357E-998B-42FF-93C3-0296DC578CDC}
Successfully deleted: [Empty Folder] C:\Users\Gebruiker\appdata\local\{0A216D1E-3D5C-430C-B028-769BEECFF23A}
Successfully deleted: [Empty Folder] C:\Users\Gebruiker\appdata\local\{13872CEC-9354-4A92-8128-36F1E835A86B}
Successfully deleted: [Empty Folder] C:\Users\Gebruiker\appdata\local\{1B926C03-2EC1-4BF3-B10E-F740A2CC864F}
Successfully deleted: [Empty Folder] C:\Users\Gebruiker\appdata\local\{202C9088-9E99-4EFF-BE4A-E5D7CDB8CCE5}
Successfully deleted: [Empty Folder] C:\Users\Gebruiker\appdata\local\{2C5CD9FB-8963-41F6-885D-AE62510C435D}
Successfully deleted: [Empty Folder] C:\Users\Gebruiker\appdata\local\{2F2EBFC2-3B3B-4F86-B265-74BA1936117B}
Successfully deleted: [Empty Folder] C:\Users\Gebruiker\appdata\local\{337AE531-525E-4AAC-A683-2B5E3E478BEC}
Successfully deleted: [Empty Folder] C:\Users\Gebruiker\appdata\local\{36573C1A-C8AF-4E37-B14F-0615FAC2DB58}
Successfully deleted: [Empty Folder] C:\Users\Gebruiker\appdata\local\{367A9520-C154-4880-B578-E7AD94BD35F7}
Successfully deleted: [Empty Folder] C:\Users\Gebruiker\appdata\local\{37014B9A-1655-4CCD-9720-D55814A06CC7}
Successfully deleted: [Empty Folder] C:\Users\Gebruiker\appdata\local\{45066FC6-9B01-4311-89D5-C2155B37A344}
Successfully deleted: [Empty Folder] C:\Users\Gebruiker\appdata\local\{4512ABCA-FC23-47BE-B606-F236D714AB9B}
Successfully deleted: [Empty Folder] C:\Users\Gebruiker\appdata\local\{5242FE8D-87EA-439A-BE48-10E2E60DD4AF}
Successfully deleted: [Empty Folder] C:\Users\Gebruiker\appdata\local\{59812BE2-AB56-4FCD-963B-5C9871D9285F}
Successfully deleted: [Empty Folder] C:\Users\Gebruiker\appdata\local\{5DD0D2CD-3944-4E3D-B6DD-913CE70FB6BE}
Successfully deleted: [Empty Folder] C:\Users\Gebruiker\appdata\local\{60A6E363-A711-488B-8FBF-4CCD93372714}
Successfully deleted: [Empty Folder] C:\Users\Gebruiker\appdata\local\{62B9D23C-E487-4DD6-BF21-93FB30B8EDB9}
Successfully deleted: [Empty Folder] C:\Users\Gebruiker\appdata\local\{644C0897-EA4D-4522-80BA-DADBDA5164B3}
Successfully deleted: [Empty Folder] C:\Users\Gebruiker\appdata\local\{6529AB45-4397-45B6-A3A1-2108EF392494}
Successfully deleted: [Empty Folder] C:\Users\Gebruiker\appdata\local\{67BD7EEB-A220-4AE5-9595-6F289E3E0502}
Successfully deleted: [Empty Folder] C:\Users\Gebruiker\appdata\local\{69512DE8-BDB1-4756-972C-E637170E9B60}
Successfully deleted: [Empty Folder] C:\Users\Gebruiker\appdata\local\{6AC244F0-C75D-42B7-9BAA-9072E5544AA8}
Successfully deleted: [Empty Folder] C:\Users\Gebruiker\appdata\local\{6FE8A719-DB93-4FC8-A552-3396651B062A}
Successfully deleted: [Empty Folder] C:\Users\Gebruiker\appdata\local\{75639351-6DCE-47E6-BDB4-CEA18ADD5737}
Successfully deleted: [Empty Folder] C:\Users\Gebruiker\appdata\local\{7A069FAB-C01B-4D8B-959D-B30D0DF77D3B}
Successfully deleted: [Empty Folder] C:\Users\Gebruiker\appdata\local\{7CB3BCEF-C576-4ECC-BA94-621B269CCAA0}
Successfully deleted: [Empty Folder] C:\Users\Gebruiker\appdata\local\{7E4BC194-0EA4-44FC-A011-1CF1E10EC40D}
Successfully deleted: [Empty Folder] C:\Users\Gebruiker\appdata\local\{827B59AC-92E7-48AE-9ED9-A60296EEF95D}
Successfully deleted: [Empty Folder] C:\Users\Gebruiker\appdata\local\{878AECF7-7210-4A17-B4B2-C63BD9E52F24}
Successfully deleted: [Empty Folder] C:\Users\Gebruiker\appdata\local\{89036D1A-3279-435E-B678-55AF75285867}
Successfully deleted: [Empty Folder] C:\Users\Gebruiker\appdata\local\{8938C325-DA0A-4741-A2DD-D248577C745B}
Successfully deleted: [Empty Folder] C:\Users\Gebruiker\appdata\local\{8ABCEAA4-4DB4-46D0-A50C-4F2138EA4EFD}
Successfully deleted: [Empty Folder] C:\Users\Gebruiker\appdata\local\{8E9F7E26-C7DD-4DA9-9AF2-55B5FA20003B}
Successfully deleted: [Empty Folder] C:\Users\Gebruiker\appdata\local\{929B7F4B-F9A7-4D7F-861B-52AB89798EF3}
Successfully deleted: [Empty Folder] C:\Users\Gebruiker\appdata\local\{9D38E9A3-B732-4985-95C4-CFEA1E9323B1}
Successfully deleted: [Empty Folder] C:\Users\Gebruiker\appdata\local\{9E79EF7C-8B5A-466B-AEAB-CBFE87DC8106}
Successfully deleted: [Empty Folder] C:\Users\Gebruiker\appdata\local\{A202D7F4-A994-42AD-ADA5-B52B2984F44F}
Successfully deleted: [Empty Folder] C:\Users\Gebruiker\appdata\local\{A6AF1B06-1D94-404C-A91E-BF1F8F1033F0}
Successfully deleted: [Empty Folder] C:\Users\Gebruiker\appdata\local\{A827551C-6520-4C8E-B9C8-59C526C293C8}
Successfully deleted: [Empty Folder] C:\Users\Gebruiker\appdata\local\{A8F21267-A63C-4B4D-9AF0-CA3C24B9EE10}
Successfully deleted: [Empty Folder] C:\Users\Gebruiker\appdata\local\{C2C248B5-F6C9-4BA4-9350-3ED71BA57636}
Successfully deleted: [Empty Folder] C:\Users\Gebruiker\appdata\local\{C8C2128C-E790-4995-A454-920C7F94E261}
Successfully deleted: [Empty Folder] C:\Users\Gebruiker\appdata\local\{CE445FB8-9715-45DA-B59C-F37B373114D8}
Successfully deleted: [Empty Folder] C:\Users\Gebruiker\appdata\local\{CFF26B88-36D7-47BE-B6FF-89C8FCEA5D5F}
Successfully deleted: [Empty Folder] C:\Users\Gebruiker\appdata\local\{D05074E0-E8D7-4D34-B2E2-7462879410AB}
Successfully deleted: [Empty Folder] C:\Users\Gebruiker\appdata\local\{D40FC7D6-1401-404B-88B6-C9D9015A12A4}
Successfully deleted: [Empty Folder] C:\Users\Gebruiker\appdata\local\{DB43725F-8E60-4B7E-B32A-C16EB20BC20A}
Successfully deleted: [Empty Folder] C:\Users\Gebruiker\appdata\local\{DD54AAF8-AAED-44B6-9B87-DEBDA9BE17A2}
Successfully deleted: [Empty Folder] C:\Users\Gebruiker\appdata\local\{DE88445A-65F0-4B09-A5AF-ABD143C36A40}
Successfully deleted: [Empty Folder] C:\Users\Gebruiker\appdata\local\{E07EA659-7FAD-4F4A-97EB-975FB0568288}
Successfully deleted: [Empty Folder] C:\Users\Gebruiker\appdata\local\{E3F0424A-FE30-40B9-80A9-D6EEC3088A08}
Successfully deleted: [Empty Folder] C:\Users\Gebruiker\appdata\local\{E6A46582-E457-44D2-98E1-1BA6CBB33DA6}
Successfully deleted: [Empty Folder] C:\Users\Gebruiker\appdata\local\{E9D185F2-9E04-4A05-915B-AEE969DA5658}
Successfully deleted: [Empty Folder] C:\Users\Gebruiker\appdata\local\{F1DE3986-FB33-4D48-B697-95060862BB72}
Successfully deleted: [Empty Folder] C:\Users\Gebruiker\appdata\local\{F2DD639E-C8C1-4658-8AFD-62408754C340}
Successfully deleted: [Empty Folder] C:\Users\Gebruiker\appdata\local\{F3D8551B-5186-45E2-B735-116C3DED860D}
Successfully deleted: [Empty Folder] C:\Users\Gebruiker\appdata\local\{F56E1971-7CB9-405B-A5E0-D86AF7986AC1}
Successfully deleted: [Empty Folder] C:\Users\Gebruiker\appdata\local\{F996AF76-AFCA-49ED-936F-8A7A664A4EEC}

 

~~~ Chrome

Successfully deleted: [Folder] C:\Users\Gebruiker\appdata\local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Successfully deleted: [Folder] C:\Users\Gebruiker\appdata\local\Google\Chrome\User Data\Default\Extensions\fjoijdanhaiflhibkljeklcghcmmfffh
Successfully deleted: [Folder] C:\Users\Gebruiker\appdata\local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on wo 17-07-2013 at 16:26:00,55
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

# AdwCleaner v2.305 - Verslag gemaakt op 17/07/2013 om 16:27:45
# Geactualiseerd op 11/07/2013 door Xplode
# Besturingssysteem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Gebruiker : Gebruiker - GEBRUIKER-PC
# Opstarten Modus : Normale modus
# Gelanceerd vanaf : C:\Users\Gebruiker\Downloads\AdwCleaner.exe
# Optie [Verwijderen]

***** [Diensten] *****

***** [Files / Mappen] *****

File Verwijderd : C:\Program Files (x86)\Mozilla Firefox\searchplugins\fcmdSrch.xml
File Verwijderd : C:\user.js
Map Verwijderd : C:\ProgramData\InstallMate
Map Verwijderd : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro
Map Verwijderd : C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif
Map Verwijderd : C:\Users\Gebruiker\AppData\Roaming\NCdownloader

***** [Register] *****

Sleutel Verwijderd : HKCU\Software\InstallCore
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\TypeLib\{AC329328-7EC4-4C34-B672-0A2B90CB9B00}
Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{14F35FFC-522A-4DD1-A07E-6B8B65C6891E}
Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1

***** [browsers] *****

-\\ Internet Explorer v10.0.9200.16611

-\\ Google Chrome v27.0.1453.110

File : C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] De file bevat geen enkele ongeoorloofde invoer.

*************************

AdwCleaner[R1].txt - [2396 octets] - [17/07/2013 16:27:26]
AdwCleaner[s1].txt - [2412 octets] - [17/07/2013 16:27:45]

########## EOF - C:\AdwCleaner[s1].txt - [2472 octets] ##########

 

Malware bytes did not find anything (already "fixed" it before i opened the post, but ncsoft was still active)

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.07.17.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16614
Gebruiker :: GEBRUIKER-PC [administrator]

17-7-2013 16:36:49
mbam-log-2013-07-17 (16-36-49).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 214568
Time elapsed: 2 minute(s), 21 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16611
Run by Gebruiker at 16:41:02 on 2013-07-17
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.31.1043.18.4003.2310 [GMT 2:00]
.
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\windows\system32\IProsetMonitor.exe
C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\Dwm.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\windows\Explorer.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\windows\servicing\TrustedInstaller.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\System32\WUDFHost.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Users\GEBRUI~1\AppData\Local\Temp\TeamViewer\Version8\TeamViewer.exe
C:\Users\GEBRUI~1\AppData\Local\Temp\TeamViewer\Version8\tv_w32.exe
C:\Users\GEBRUI~1\AppData\Local\Temp\TeamViewer\Version8\tv_x64.exe
c:\users\gebrui~1\appdata\local\temp\teamviewer\version8\TeamViewer_Desktop.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\windows\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\System32\MsSpellCheckingFacility.exe
C:\windows\system32\igfxsrvc.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.



BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Seyarich-eNeWTTab: {35682AA1-4056-476A-B738-B58E146B0A52} -
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ips\ipsbho.dll
BHO: Aanmeldhulp voor Windows Live ID: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: conytinuetuossave: {B20E78B7-FA05-69B9-2EF9-ADAEB0781778} -
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{31B68BC3-C850-4E9C-A740-F6B522884878} : DHCPNameServer = 192.168.0.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [igfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\windows\System32\drivers\NISx64\1309010.00E\symds64.sys [2013-2-6 451192]
R0 SymEFA;Symantec Extended File Attributes;C:\windows\System32\drivers\NISx64\1309010.00E\symefa64.sys [2013-2-6 1129120]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20130715.001_c6c\BHDrvx64.sys [2013-7-15 1393240]
R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\windows\System32\drivers\NISx64\1309010.00E\ccsetx64.sys [2013-2-6 167072]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20130716.001_ca7\IDSviA64.sys [2013-7-16 513184]
R1 SymIRON;Symantec Iron Driver;C:\windows\System32\drivers\NISx64\1309010.00E\ironx64.sys [2013-2-6 190072]
R1 SymNetS;Symantec Network Security WFP Driver;C:\windows\System32\drivers\NISx64\1309010.00E\symnets.sys [2013-2-6 405624]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\windows\System32\IPROSetMonitor.exe [2011-11-28 165032]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccsvchst.exe [2013-2-6 138272]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-7-5 2655768]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-12-9 138912]
R3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 asmthub3;ASMedia USB3 Hub Service;C:\windows\System32\drivers\asmthub3.sys [2010-10-16 121320]
S3 asmtxhci;ASMEDIA XHCI Service;C:\windows\System32\drivers\asmtxhci.sys [2010-10-16 356328]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-15 183560]
S3 fssfltr;fssfltr;C:\windows\System32\drivers\fssfltr.sys [2012-7-1 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2011-7-5 317440]
S3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2011-3-21 452200]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 WatAdminSvc;Windows Activation Technologies-service;C:\windows\System32\Wat\WatAdminSvc.exe [2011-7-5 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
.
=============== Created Last 30 ================
.
2013-07-17 14:21:55 -------- d-----w- C:\windows\ERUNT
2013-07-17 13:48:28 -------- d-sh--w- C:\$RECYCLE.BIN
2013-07-17 13:32:38 98816 ----a-w- C:\windows\sed.exe
2013-07-17 13:32:38 256000 ----a-w- C:\windows\PEV.exe
2013-07-17 13:32:38 208896 ----a-w- C:\windows\MBR.exe
2013-07-17 13:08:27 -------- d-----w- C:\Users\Gebruiker\AppData\Roaming\Malwarebytes
2013-07-17 13:08:18 -------- d-----w- C:\ProgramData\Malwarebytes
2013-07-17 13:08:17 25928 ----a-w- C:\windows\System32\drivers\mbam.sys
2013-07-17 13:08:17 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-17 13:08:08 -------- d-----w- C:\Users\Gebruiker\AppData\Local\Programs
2013-07-17 13:02:37 -------- d-----w- C:\MATS
2013-07-17 12:50:17 -------- d-----w- C:\Users\Gebruiker\AppData\Roaming\TeamViewer
2013-07-14 21:50:57 -------- d-----w- C:\Program Files (x86)\McAfee Security Scan
2013-07-14 21:47:47 -------- d-----w- C:\Program Files (x86)\Media Player Classic - Home Cinema
2013-07-14 20:37:39 -------- d-----w- C:\Program Files\CCleaner
2013-07-14 20:30:18 -------- d-----w- C:\Program Files (x86)\TeamViewer
2013-07-14 20:26:27 -------- d-----w- C:\Users\Gebruiker\AppData\Local\CrashRpt
.
==================== Find3M  ====================
.
2013-06-12 20:01:15 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-12 20:01:15 692104 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2013-05-17 01:25:57 1767936 ----a-w- C:\windows\SysWow64\wininet.dll
2013-05-17 01:25:27 2877440 ----a-w- C:\windows\SysWow64\jscript9.dll
2013-05-17 01:25:26 61440 ----a-w- C:\windows\SysWow64\iesetup.dll
2013-05-17 01:25:26 109056 ----a-w- C:\windows\SysWow64\iesysprep.dll
2013-05-17 00:59:03 2241024 ----a-w- C:\windows\System32\wininet.dll
2013-05-17 00:58:10 3958784 ----a-w- C:\windows\System32\jscript9.dll
2013-05-17 00:58:08 67072 ----a-w- C:\windows\System32\iesetup.dll
2013-05-17 00:58:08 136704 ----a-w- C:\windows\System32\iesysprep.dll
2013-05-14 13:14:01 2706432 ----a-w- C:\windows\System32\mshtml.tlb
2013-05-14 12:23:25 89600 ----a-w- C:\windows\System32\RegisterIEPKEYs.exe
2013-05-14 09:23:31 2706432 ----a-w- C:\windows\SysWow64\mshtml.tlb
2013-05-14 08:40:13 71680 ----a-w- C:\windows\SysWow64\RegisterIEPKEYs.exe
2013-05-13 05:51:01 184320 ----a-w- C:\windows\System32\cryptsvc.dll
2013-05-13 05:51:00 1464320 ----a-w- C:\windows\System32\crypt32.dll
2013-05-13 05:51:00 139776 ----a-w- C:\windows\System32\cryptnet.dll
2013-05-13 05:50:40 52224 ----a-w- C:\windows\System32\certenc.dll
2013-05-13 04:45:55 140288 ----a-w- C:\windows\SysWow64\cryptsvc.dll
2013-05-13 04:45:55 1160192 ----a-w- C:\windows\SysWow64\crypt32.dll
2013-05-13 04:45:55 103936 ----a-w- C:\windows\SysWow64\cryptnet.dll
2013-05-13 03:43:55 1192448 ----a-w- C:\windows\System32\certutil.exe
2013-05-13 03:08:10 903168 ----a-w- C:\windows\SysWow64\certutil.exe
2013-05-13 03:08:06 43008 ----a-w- C:\windows\SysWow64\certenc.dll
2013-05-10 05:49:27 30720 ----a-w- C:\windows\System32\cryptdlg.dll
2013-05-10 03:20:54 24576 ----a-w- C:\windows\SysWow64\cryptdlg.dll
2013-05-08 06:39:01 1910632 ----a-w- C:\windows\System32\drivers\tcpip.sys
2013-04-26 05:51:36 751104 ----a-w- C:\windows\System32\win32spl.dll
2013-04-26 04:55:21 492544 ----a-w- C:\windows\SysWow64\win32spl.dll
2013-04-25 23:30:32 1505280 ----a-w- C:\windows\SysWow64\d3d11.dll
.
============= FINISH: 16:41:33,47 ===============

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 28-11-2011 17:12:03
System Uptime: 17-7-2013 16:28:53 (0 hours ago)
.
Motherboard: Intel Corporation |  | DH61BE
Processor: Intel® Pentium® CPU G620 @ 2.60GHz | LGA1155 CPU 1 | 1586/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 120 GiB total, 77,02 GiB free.
D: is FIXED (NTFS) - 326 GiB total, 325,878 GiB free.
E: is CDROM ()
F: is FIXED (NTFS) - 116 GiB total, 92,92 GiB free.
G: is FIXED (NTFS) - 116 GiB total, 110,23 GiB free.
I: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: USB-controller
Device ID: PCI\VEN_1033&DEV_0194&SUBSYS_200C8086&REV_04\FFFFFFFFFFFFFFFF00
Manufacturer:
Name: USB-controller
PNP Device ID: PCI\VEN_1033&DEV_0194&SUBSYS_200C8086&REV_04\FFFFFFFFFFFFFFFF00
Service:
.
==== System Restore Points ===================
.
RP96: 13-7-2013 18:00:56 - Windows Update
RP97: 14-7-2013 0:34:46 - Windows Update
RP98: 14-7-2013 22:27:27 - RegClean Pro zo, jul 14, 13  22:27
RP99: 17-7-2013 14:28:53 - Herstelbewerking
RP100: 17-7-2013 14:56:35 - Contrôle ActiveX Windows Live Mesh pour connexions à distance is verwijderd
RP101: 17-7-2013 14:57:09 - Quitado Control ActiveX de Windows Live Mesh para conexiones remotas
RP102: 17-7-2013 14:58:28 - Uzak Baglantilar Için Windows Live Mesh ActiveX Denetimi is verwijderd
.
==== Installed Programs ======================
.
Aangifte inkomstenbelasting 2008
Aangifte inkomstenbelasting 2009
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.3) - Nederlands
Asmedia ASM104x USB 3.0 Host Controller Driver
Bing Bar
D3DX10
Galerie de photos Windows Live
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Intel® Management Engine Components
Intel® Network Connections 15.7.176.0
Intel® Processor Graphics
Junk Mail filter update
Malwarebytes Anti-Malware version 1.75.0.1300
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile NLD Language Pack
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Extended NLD Language Pack
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Office Klik-en-Klaar 2010
Microsoft Office Starter 2010 - Nederlands
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
MSVCRT
MSVCRT_amd64
NCDownloader
Norton Internet Security
Realtek Ethernet Controller Driver For Windows 7
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD (KB2518870)
Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD
Taalpakket voor Microsoft .NET Framework 4 Extended - NLD
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Windows Live
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Fotogalerie
Windows Live Fotograf Galerisi
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Temel Parçalar
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== End Of File ===========================


 

[Maniac]

Please try to uninstall NCDownloader again. Do you see it somewhere else, except in the list of installed applications?

[Exchequer]

Unfortunately uninstall is still failing (Was expecting this because it is missing some files according to windows, I assume this is the result of a "bad" removal attempt by the owner of the pc).

 

Ncdownloader is also registered in msconfig ( I disabled it earlier on).

 

Attached screenshots.

 

[Maniac]

Download OTL to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

[Exchequer]

Thank you Borislav,

 

A question: The default "file age" is setting is set to 30 days. I think the problem has existed longer. Is this option correct in this scenario?

[Maniac]

Yes, click on this number and from the menu choose something more appropriate.

[Exchequer]

^{When I press quickscan it reverts to 30 days. Shall I press "scan"?}

[Exchequer]

Quickscan 30 (Please let me know if I can do the 180 day scan with the "scan now"):

 

OTL logfile created on: 7/17/2013 4:57:23 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Gebruiker\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000409 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy
 
3.91 Gb Total Physical Memory | 2.60 Gb Available Physical Memory | 66.38% Memory free
7.82 Gb Paging File | 6.45 Gb Available in Paging File | 82.46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 120.12 Gb Total Space | 77.02 Gb Free Space | 64.12% Space Free | Partition Type: NTFS
Drive D: | 326.01 Gb Total Space | 325.88 Gb Free Space | 99.96% Space Free | Partition Type: NTFS
Drive F: | 116.41 Gb Total Space | 92.92 Gb Free Space | 79.82% Space Free | Partition Type: NTFS
Drive G: | 116.47 Gb Total Space | 110.23 Gb Free Space | 94.64% Space Free | Partition Type: NTFS
 
Computer Name: GEBRUIKER-PC | User Name: Gebruiker | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/07/17 16:54:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Gebruiker\Desktop\OTL.exe
PRC - [2013/07/08 13:09:11 | 004,317,536 | ---- | M] (TeamViewer GmbH) -- c:\users\gebrui~1\appdata\local\temp\teamviewer\version8\TeamViewer_Desktop.exe
PRC - [2013/07/08 13:09:10 | 011,596,128 | ---- | M] (TeamViewer GmbH) -- C:\Users\GEBRUI~1\AppData\Local\Temp\TeamViewer\Version8\TeamViewer.exe
PRC - [2013/07/08 12:59:02 | 000,195,936 | ---- | M] (TeamViewer GmbH) -- C:\Users\GEBRUI~1\AppData\Local\Temp\TeamViewer\Version8\tv_w32.exe
PRC - [2012/06/16 04:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccsvchst.exe
PRC - [2012/01/03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/02/14 11:30:50 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/10/06 06:04:12 | 002,655,768 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/10/06 06:04:08 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2010/09/23 04:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/09/22 02:05:24 | 000,165,032 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel®
SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/06/12 22:01:17 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/06/16 04:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe -- (NIS)
SRV - [2012/01/03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/02/15 11:59:26 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/14 11:30:50 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/10/06 06:04:12 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/10/06 06:04:08 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012/12/08 13:38:41 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012/07/06 04:17:58 | 000,037,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2012/07/06 04:17:57 | 000,737,952 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2012/06/07 06:43:38 | 000,167,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\ccsetx64.sys -- (ccSet_NIS)
DRV:64bit: - [2012/05/22 03:37:12 | 001,129,120 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symefa64.sys -- (SymEFA)
DRV:64bit: - [2012/04/18 04:13:32 | 000,405,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symnets.sys -- (SymNetS)
DRV:64bit: - [2012/04/18 03:42:14 | 000,190,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\ironx64.sys -- (SymIRON)
DRV:64bit: - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/08/31 20:53:22 | 012,306,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/07/25 20:18:36 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symds64.sys -- (SymDS)
DRV:64bit: - [2011/03/21 22:22:06 | 000,452,200 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/04 06:12:35 | 000,315,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)
DRV:64bit: - [2010/11/21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/20 00:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/16 04:42:48 | 000,356,328 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2010/10/16 04:42:48 | 000,121,320 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2010/08/31 15:07:06 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2013/07/17 14:42:09 | 002,098,776 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20130716.017_c76\ex64.sys -- (NAVEX15)
DRV - [2013/07/17 14:42:09 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20130716.017_c76\eng64.sys -- (NAVENG)
DRV - [2013/07/16 17:27:32 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20130716.001_ca7\IDSviA64.sys -- (IDSVia64)
DRV - [2013/07/15 22:58:54 | 001,393,240 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20130715.001_c6c\BHDrvx64.sys -- (BHDrvx64)
DRV - [2013/01/19 13:22:05 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/12/09 14:39:11 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-1556888292-2836821904-4175385719-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
IE - HKU\S-1-5-21-1556888292-2836821904-4175385719-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = nl-NL
IE - HKU\S-1-5-21-1556888292-2836821904-4175385719-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7A 2D 5D B1 EC 82 CE 01  [binary data]
IE - HKU\S-1-5-21-1556888292-2836821904-4175385719-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1556888292-2836821904-4175385719-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-1556888292-2836821904-4175385719-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" =
IE - HKU\S-1-5-21-1556888292-2836821904-4175385719-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Gebruiker\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Gebruiker\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn\ [2013/07/17 14:37:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\ [2013/07/17 16:30:23 | 000,000,000 | ---D | M]
 
[2013/07/14 23:48:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
 
========== Chrome  ==========
 
CHR - homepage: http://www1.delta-search.com/?babsrc=HP_ss&mntrId=AA133860771BE5B6&affID=119357&tsp=4943
CHR - Extension: No name found = C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: No name found = C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: No name found = C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\edlljmjihffpbijaohnhnhafbkodmbco\1\
CHR - Extension: No name found = C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpokbnnjkacjfpeojkafdnamolgnbcen\1\
CHR - Extension: No name found = C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\imocaenbbdjagfmmaanipomlinlmiebp\1\
CHR - Extension: No name found = C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.13.5_0\
CHR - Extension: No name found = C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhojnignjldjlofldbbfnkoiogkjgpcm\1\
CHR - Extension: No name found = C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2013/07/17 15:41:10 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Seyarich-eNeWTTab) - {35682AA1-4056-476A-B738-B58E146B0A52} - C:\ProgramData\Seyarich-eNeWTTab\51861cb29d1c2.dll File not found
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (conytinuetuossave) - {B20E78B7-FA05-69B9-2EF9-ADAEB0781778} - C:\ProgramData\conytinuetuossave\51861be104773.dll File not found
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKU\S-1-5-21-1556888292-2836821904-4175385719-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-1556888292-2836821904-4175385719-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LiveSafer.lnk =  File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LiveSafer.lnk =  File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1556888292-2836821904-4175385719-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1556888292-2836821904-4175385719-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{31B68BC3-C850-4E9C-A740-F6B522884878}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/10/27 02:31:27 | 000,000,050 | ---- | M] () - F:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/07/17 16:54:53 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Gebruiker\Desktop\OTL.exe
[2013/07/17 16:21:55 | 000,000,000 | ---D | C] -- C:\windows\ERUNT
[2013/07/17 16:08:56 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Gebruiker\Desktop\dds.com
[2013/07/17 16:08:50 | 000,688,992 | ---- | C] (Swearware) -- C:\Users\Gebruiker\Desktop\dds.scr
[2013/07/17 15:48:28 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/07/17 15:42:11 | 000,000,000 | ---D | C] -- C:\windows\temp
[2013/07/17 15:32:38 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2013/07/17 15:32:38 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2013/07/17 15:32:38 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2013/07/17 15:30:27 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/07/17 15:29:50 | 000,000,000 | ---D | C] -- C:\windows\erdnt
[2013/07/17 15:25:32 | 005,484,872 | ---- | C] (TeamViewer GmbH) -- C:\Users\Gebruiker\Desktop\TeamViewer_Setup_nl-ckg.exe
[2013/07/17 15:08:27 | 000,000,000 | ---D | C] -- C:\Users\Gebruiker\AppData\Roaming\Malwarebytes
[2013/07/17 15:08:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/07/17 15:08:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/07/17 15:08:17 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2013/07/17 15:08:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/07/17 15:08:08 | 000,000,000 | ---D | C] -- C:\Users\Gebruiker\AppData\Local\Programs
[2013/07/17 15:02:37 | 000,000,000 | ---D | C] -- C:\MATS
[2013/07/17 14:50:17 | 000,000,000 | ---D | C] -- C:\Users\Gebruiker\AppData\Roaming\TeamViewer
[2013/07/14 23:50:58 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2013/07/14 23:50:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2013/07/14 23:50:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee Security Scan
[2013/07/14 23:47:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Player Classic - Home Cinema
[2013/07/14 23:47:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Media Player Classic - Home Cinema
[2013/07/14 22:37:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013/07/14 22:37:39 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/07/14 22:30:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer
[2013/07/14 22:26:27 | 000,000,000 | ---D | C] -- C:\Users\Gebruiker\AppData\Local\CrashRpt
 
========== Files - Modified Within 30 Days ==========
 
[2013/07/17 16:54:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Gebruiker\Desktop\OTL.exe
[2013/07/17 16:45:01 | 000,001,082 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1556888292-2836821904-4175385719-1000UA.job
[2013/07/17 16:45:01 | 000,001,062 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/17 16:36:29 | 000,021,888 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/17 16:36:29 | 000,021,888 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/17 16:29:15 | 000,001,058 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/07/17 16:29:09 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/07/17 16:29:04 | 3148,382,208 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/17 16:08:57 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Gebruiker\Desktop\dds.com
[2013/07/17 16:08:50 | 000,688,992 | ---- | M] (Swearware) -- C:\Users\Gebruiker\Desktop\dds.scr
[2013/07/17 16:01:00 | 000,000,940 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/07/17 15:41:10 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2013/07/17 15:25:16 | 005,484,872 | ---- | M] (TeamViewer GmbH) -- C:\Users\Gebruiker\Desktop\TeamViewer_Setup_nl-ckg.exe
[2013/07/17 15:08:19 | 000,001,121 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/07/17 14:56:03 | 000,001,225 | ---- | M] () -- C:\prefs.js
[2013/07/17 14:45:35 | 000,001,030 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1556888292-2836821904-4175385719-1000Core.job
[2013/07/14 23:58:48 | 000,000,205 | ---- | M] () -- C:\Users\Gebruiker\Desktop\Google.url
 
========== Files Created - No Company Name ==========
 
[2013/07/17 15:32:38 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2013/07/17 15:32:38 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2013/07/17 15:32:38 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2013/07/17 15:32:38 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2013/07/17 15:32:38 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2013/07/17 15:08:19 | 000,001,121 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/07/14 23:58:48 | 000,000,205 | ---- | C] () -- C:\Users\Gebruiker\Desktop\Google.url
[2013/07/14 22:30:21 | 000,001,186 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk
[2011/12/23 19:12:57 | 000,098,304 | ---- | C] () -- C:\windows\SysWow64\redmonnt.dll
[2011/12/15 00:24:57 | 001,642,712 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/08/31 20:51:16 | 000,963,116 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin
[2011/08/31 20:51:16 | 000,216,000 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin
[2011/08/31 20:46:00 | 000,056,832 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll
[2011/08/31 20:26:20 | 013,903,872 | ---- | C] () -- C:\windows\SysWow64\ig4icd32.dll
 
========== ZeroAccess Check ==========
 
[2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012/09/15 00:25:52 | 000,000,000 | ---D | M] -- C:\Users\Gebruiker\AppData\Roaming\Belastingdienst
[2013/07/17 14:32:53 | 000,000,000 | ---D | M] -- C:\Users\Gebruiker\AppData\Roaming\SoftGrid Client
[2013/07/17 14:50:17 | 000,000,000 | ---D | M] -- C:\Users\Gebruiker\AppData\Roaming\TeamViewer
[2011/12/15 00:25:38 | 000,000,000 | ---D | M] -- C:\Users\Gebruiker\AppData\Roaming\TP
 
========== Purity Check ==========
 
 

< End of report >

OTL Extras logfile created on: 7/17/2013 4:57:23 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Gebruiker\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000409 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy
 
3.91 Gb Total Physical Memory | 2.60 Gb Available Physical Memory | 66.38% Memory free
7.82 Gb Paging File | 6.45 Gb Available in Paging File | 82.46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 120.12 Gb Total Space | 77.02 Gb Free Space | 64.12% Space Free | Partition Type: NTFS
Drive D: | 326.01 Gb Total Space | 325.88 Gb Free Space | 99.96% Space Free | Partition Type: NTFS
Drive F: | 116.41 Gb Total Space | 92.92 Gb Free Space | 79.82% Space Free | Partition Type: NTFS
Drive G: | 116.47 Gb Total Space | 110.23 Gb Free Space | 94.64% Space Free | Partition Type: NTFS
 
Computer Name: GEBRUIKER-PC | User Name: Gebruiker | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{D373C2AB-AC88-4668-8F2E-194B0B09CCC8}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{F325DD4E-A25D-4A01-A1B1-785C163DA023}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2054F23E-0015-4835-B9A9-E153D9F250B0}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{7236EFE8-4C9B-441E-9F52-058CFF85DF0F}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{B15336A8-B455-4926-A977-6788F7699AB3}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{021B6358-4373-3FC0-A0B4-4709B7E0D3E5}" = Microsoft .NET Framework 4 Extended NLD Language Pack
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{02A5BD31-16AC-45DF-BE9F-A3167BC4AFB2}" = Windows Live Family Safety
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{2128559D-BBCD-4744-87F0-7C0CD5CFB464}" = Windows Live Family Safety
"{27B3E5AA-5B75-414A-AC37-F5ADDFA68BDB}" = Windows Live Family Safety
"{4567EA14-6BCA-3EF9-859B-92CE48B1D704}" = Microsoft .NET Framework 4 Client Profile NLD Language Pack
"{48491B19-3759-428B-9560-7AE4697B8FFF}" = Windows Live Family Safety
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6C9D3F1D-DBBE-46F9-96A0-726CC72935AF}" = Windows Live Remote Service Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C9B6B1F-0A8E-402A-A60C-110BBB38D67E}" = Intel® Network Connections 15.7.176.0
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{90140000-006D-0413-1000-0000000FF1CE}" = Microsoft Office Klik-en-Klaar 2010
"{944E73EF-857E-4F71-9DC4-CD059D7ADDEF}" = Windows Live Family Safety
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{BFBE6E95-5724-47EC-85A0-74D436AD938F}" = Windows Live Family Safety
"{C61D639C-3A1B-4654-901F-08927C804321}" = Windows Live Family Safety
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{D1C1556C-7FF3-48A3-A5D6-7126F0FAFB66}" = Windows Live Remote Client Resources
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile NLD Language Pack" = Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended NLD Language Pack" = Taalpakket voor Microsoft .NET Framework 4 Extended - NLD
"PROSetDX" = Intel® Network Connections 15.7.176.0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{066219C8-4BE6-46D7-9E01-60FCFA6B32DC}" = Messenger Companion
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0F44DC3F-6E62-4961-A14B-95323C512F9B}_is1" = NCDownloader
"{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{443B561F-DE1B-4DEF-ADD9-484B684653C7}" = Windows Live Messenger
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{523DF2BB-3A85-4047-9898-29DC8AEB7E69}" = Windows Live UX Platform Language Pack
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail
"{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger
"{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer
"{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}" = Windows Live Mesh
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{8142D25E-028A-4563-86ED-5755783C8029}" = Messenger Companion
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger
"{90140011-0066-0413-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Nederlands
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{939C80FA-96C9-44A6-B318-8E7D8BD8481B}" = Messenger Companion
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{AC76BA86-7AD7-1043-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Nederlands
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C7DAD22D-29D4-438F-B986-03B9ED582EA4}" = Messenger Companion
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{F0839DB3-FBB8-4D14-936F-1D457A088224}" = Bing Bar
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"Aangifte inkomstenbelasting 2008" = Aangifte inkomstenbelasting 2008
"Aangifte inkomstenbelasting 2009" = Aangifte inkomstenbelasting 2009
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"NIS" = Norton Internet Security
"Office14.Click2Run" = Microsoft Office Klik-en-Klaar 2010
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1556888292-2836821904-4175385719-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 7/17/2013 10:30:54 AM | Computer Name = Gebruiker-PC | Source = WinMgmt | ID = 10
Description =
 
 
< End of report >
 

[Maniac]

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following

  :OTL

  CHR - homepage: http://www1.delta-search.com/?babsrc=HP_ss&mntrId=AA133860771BE5B6&affID=119357&tsp=4943

  O2 - BHO: (Seyarich-eNeWTTab) - {35682AA1-4056-476A-B738-B58E146B0A52} - C:\ProgramData\Seyarich-eNeWTTab\51861cb29d1c2.dll File not found

  O2 - BHO: (conytinuetuossave) - {B20E78B7-FA05-69B9-2EF9-ADAEB0781778} - C:\ProgramData\conytinuetuossave\51861be104773.dll File not found

  :files

  C:\ProgramData\Seyarich-eNeWTTab

  C:\ProgramData\conytinuetuossave

  :reg

  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

  "{0F44DC3F-6E62-4961-A14B-95323C512F9B}_is1" =-

  :Commands

  [emptytemp]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Please post the OTL fix log in your next reply.

Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles

[Exchequer]

Before I follow your instructions I would like to share the 180 day result scan. The ncdownloader issue is apprently about 90 days old. For settings see attached image.

 

If this does not change your suggestion please let me know and I will follow the instrucitons.

 

OTL logfile created on: 7/17/2013 5:22:14 PM - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Gebruiker\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000409 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy
 
3.91 Gb Total Physical Memory | 2.40 Gb Available Physical Memory | 61.51% Memory free
7.82 Gb Paging File | 6.37 Gb Available in Paging File | 81.53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 120.12 Gb Total Space | 77.02 Gb Free Space | 64.12% Space Free | Partition Type: NTFS
Drive D: | 326.01 Gb Total Space | 325.88 Gb Free Space | 99.96% Space Free | Partition Type: NTFS
Drive F: | 116.41 Gb Total Space | 92.92 Gb Free Space | 79.82% Space Free | Partition Type: NTFS
Drive G: | 116.47 Gb Total Space | 110.23 Gb Free Space | 94.64% Space Free | Partition Type: NTFS
 
Computer Name: GEBRUIKER-PC | User Name: Gebruiker | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 180 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/07/17 16:54:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Gebruiker\Desktop\OTL.exe
PRC - [2013/07/08 13:09:11 | 004,317,536 | ---- | M] (TeamViewer GmbH) -- c:\users\gebrui~1\appdata\local\temp\teamviewer\version8\TeamViewer_Desktop.exe
PRC - [2013/07/08 13:09:10 | 011,596,128 | ---- | M] (TeamViewer GmbH) -- C:\Users\GEBRUI~1\AppData\Local\Temp\TeamViewer\Version8\TeamViewer.exe
PRC - [2013/07/08 12:59:02 | 000,195,936 | ---- | M] (TeamViewer GmbH) -- C:\Users\GEBRUI~1\AppData\Local\Temp\TeamViewer\Version8\tv_w32.exe
PRC - [2012/06/16 04:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccsvchst.exe
PRC - [2012/01/03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/02/14 11:30:50 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/10/06 06:04:12 | 002,655,768 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/10/06 06:04:08 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2010/09/23 04:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/09/22 02:05:24 | 000,165,032 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel®
SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/06/12 22:01:17 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/06/16 04:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe -- (NIS)
SRV - [2012/01/03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/02/15 11:59:26 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/14 11:30:50 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/10/06 06:04:12 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/10/06 06:04:08 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012/12/08 13:38:41 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012/07/06 04:17:58 | 000,037,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2012/07/06 04:17:57 | 000,737,952 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2012/06/07 06:43:38 | 000,167,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\ccsetx64.sys -- (ccSet_NIS)
DRV:64bit: - [2012/05/22 03:37:12 | 001,129,120 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symefa64.sys -- (SymEFA)
DRV:64bit: - [2012/04/18 04:13:32 | 000,405,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symnets.sys -- (SymNetS)
DRV:64bit: - [2012/04/18 03:42:14 | 000,190,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\ironx64.sys -- (SymIRON)
DRV:64bit: - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/08/31 20:53:22 | 012,306,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/07/25 20:18:36 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symds64.sys -- (SymDS)
DRV:64bit: - [2011/03/21 22:22:06 | 000,452,200 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/04 06:12:35 | 000,315,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)
DRV:64bit: - [2010/11/21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/20 00:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/16 04:42:48 | 000,356,328 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2010/10/16 04:42:48 | 000,121,320 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2010/08/31 15:07:06 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2013/07/17 14:42:09 | 002,098,776 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20130716.017_c76\ex64.sys -- (NAVEX15)
DRV - [2013/07/17 14:42:09 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20130716.017_c76\eng64.sys -- (NAVENG)
DRV - [2013/07/16 17:27:32 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20130716.001_ca7\IDSviA64.sys -- (IDSVia64)
DRV - [2013/07/15 22:58:54 | 001,393,240 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20130715.001_c6c\BHDrvx64.sys -- (BHDrvx64)
DRV - [2013/01/19 13:22:05 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/12/09 14:39:11 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-1556888292-2836821904-4175385719-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
IE - HKU\S-1-5-21-1556888292-2836821904-4175385719-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = nl-NL
IE - HKU\S-1-5-21-1556888292-2836821904-4175385719-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7A 2D 5D B1 EC 82 CE 01  [binary data]
IE - HKU\S-1-5-21-1556888292-2836821904-4175385719-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1556888292-2836821904-4175385719-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-1556888292-2836821904-4175385719-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" =
IE - HKU\S-1-5-21-1556888292-2836821904-4175385719-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Gebruiker\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Gebruiker\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn\ [2013/07/17 14:37:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\ [2013/07/17 16:30:23 | 000,000,000 | ---D | M]
 
[2013/07/14 23:48:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
 
========== Chrome  ==========
 
CHR - homepage: http://www1.delta-search.com/?babsrc=HP_ss&mntrId=AA133860771BE5B6&affID=119357&tsp=4943
CHR - Extension: No name found = C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: No name found = C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: No name found = C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\edlljmjihffpbijaohnhnhafbkodmbco\1\
CHR - Extension: No name found = C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpokbnnjkacjfpeojkafdnamolgnbcen\1\
CHR - Extension: No name found = C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\imocaenbbdjagfmmaanipomlinlmiebp\1\
CHR - Extension: No name found = C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.13.5_0\
CHR - Extension: No name found = C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhojnignjldjlofldbbfnkoiogkjgpcm\1\
CHR - Extension: No name found = C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2013/07/17 15:41:10 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Seyarich-eNeWTTab) - {35682AA1-4056-476A-B738-B58E146B0A52} - C:\ProgramData\Seyarich-eNeWTTab\51861cb29d1c2.dll File not found
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (conytinuetuossave) - {B20E78B7-FA05-69B9-2EF9-ADAEB0781778} - C:\ProgramData\conytinuetuossave\51861be104773.dll File not found
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKU\S-1-5-21-1556888292-2836821904-4175385719-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-1556888292-2836821904-4175385719-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LiveSafer.lnk =  File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LiveSafer.lnk =  File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1556888292-2836821904-4175385719-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1556888292-2836821904-4175385719-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{31B68BC3-C850-4E9C-A740-F6B522884878}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/10/27 02:31:27 | 000,000,050 | ---- | M] () - F:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 180 Days ==========
 
[2013/07/17 16:54:53 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Gebruiker\Desktop\OTL.exe
[2013/07/17 16:21:55 | 000,000,000 | ---D | C] -- C:\windows\ERUNT
[2013/07/17 16:08:56 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Gebruiker\Desktop\dds.com
[2013/07/17 16:08:50 | 000,688,992 | ---- | C] (Swearware) -- C:\Users\Gebruiker\Desktop\dds.scr
[2013/07/17 15:48:28 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/07/17 15:42:11 | 000,000,000 | ---D | C] -- C:\windows\temp
[2013/07/17 15:32:38 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2013/07/17 15:32:38 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2013/07/17 15:32:38 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2013/07/17 15:30:27 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/07/17 15:29:50 | 000,000,000 | ---D | C] -- C:\windows\erdnt
[2013/07/17 15:25:32 | 005,484,872 | ---- | C] (TeamViewer GmbH) -- C:\Users\Gebruiker\Desktop\TeamViewer_Setup_nl-ckg.exe
[2013/07/17 15:08:27 | 000,000,000 | ---D | C] -- C:\Users\Gebruiker\AppData\Roaming\Malwarebytes
[2013/07/17 15:08:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/07/17 15:08:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/07/17 15:08:17 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2013/07/17 15:08:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/07/17 15:08:08 | 000,000,000 | ---D | C] -- C:\Users\Gebruiker\AppData\Local\Programs
[2013/07/17 15:02:37 | 000,000,000 | ---D | C] -- C:\MATS
[2013/07/17 14:50:17 | 000,000,000 | ---D | C] -- C:\Users\Gebruiker\AppData\Roaming\TeamViewer
[2013/07/14 23:50:58 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2013/07/14 23:50:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2013/07/14 23:50:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee Security Scan
[2013/07/14 23:47:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Player Classic - Home Cinema
[2013/07/14 23:47:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Media Player Classic - Home Cinema
[2013/07/14 22:37:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013/07/14 22:37:39 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/07/14 22:30:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer
[2013/07/14 22:26:27 | 000,000,000 | ---D | C] -- C:\Users\Gebruiker\AppData\Local\CrashRpt
[2013/05/05 10:06:53 | 000,000,000 | ---D | C] -- C:\ProgramData\StarApp
[2013/05/05 10:00:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Solibo Ltd
[2013/05/05 10:00:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Solibo Ltd
[2013/03/14 00:33:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013/03/14 00:32:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013/03/14 00:32:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
 
========== Files - Modified Within 180 Days ==========
 
[2013/07/17 17:01:02 | 000,000,940 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/07/17 16:54:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Gebruiker\Desktop\OTL.exe
[2013/07/17 16:45:01 | 000,001,082 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1556888292-2836821904-4175385719-1000UA.job
[2013/07/17 16:45:01 | 000,001,062 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/17 16:36:29 | 000,021,888 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/17 16:36:29 | 000,021,888 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/17 16:29:15 | 000,001,058 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/07/17 16:29:09 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/07/17 16:29:04 | 3148,382,208 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/17 16:08:57 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Gebruiker\Desktop\dds.com
[2013/07/17 16:08:50 | 000,688,992 | ---- | M] (Swearware) -- C:\Users\Gebruiker\Desktop\dds.scr
[2013/07/17 15:41:10 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2013/07/17 15:25:16 | 005,484,872 | ---- | M] (TeamViewer GmbH) -- C:\Users\Gebruiker\Desktop\TeamViewer_Setup_nl-ckg.exe
[2013/07/17 15:13:28 | 001,983,723 | ---- | M] () -- C:\windows\SysNative\drivers\NISx64\1309010.00E\Cat.DB
[2013/07/17 15:08:19 | 000,001,121 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/07/17 14:56:03 | 000,001,225 | ---- | M] () -- C:\prefs.js
[2013/07/17 14:45:35 | 000,001,030 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1556888292-2836821904-4175385719-1000Core.job
[2013/07/14 23:58:48 | 000,000,205 | ---- | M] () -- C:\Users\Gebruiker\Desktop\Google.url
[2013/05/29 21:00:03 | 001,665,488 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/05/29 21:00:03 | 000,743,764 | ---- | M] () -- C:\windows\SysNative\perfh013.dat
[2013/05/29 21:00:03 | 000,652,610 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/05/29 21:00:03 | 000,152,622 | ---- | M] () -- C:\windows\SysNative\perfc013.dat
[2013/05/29 21:00:03 | 000,121,284 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/05/21 11:55:54 | 000,275,944 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013/05/07 23:39:18 | 001,642,712 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2013/03/23 04:01:52 | 000,025,185 | ---- | M] () -- C:\windows\SysWow64\ieuinit.inf
[2013/03/23 04:01:52 | 000,025,185 | ---- | M] () -- C:\windows\SysNative\ieuinit.inf
[2013/02/10 19:56:39 | 000,002,509 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2013/02/10 19:56:09 | 000,014,818 | ---- | M] () -- C:\windows\SysNative\drivers\NISx64\1309010.00E\VT20130115.021
[2013/02/02 08:12:08 | 000,000,172 | ---- | M] () -- C:\windows\SysNative\drivers\NISx64\1309010.00E\isolate.ini
 
========== Files Created - No Company Name ==========
 
[2013/07/17 15:32:38 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2013/07/17 15:32:38 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2013/07/17 15:32:38 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2013/07/17 15:32:38 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2013/07/17 15:32:38 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2013/07/17 15:08:19 | 000,001,121 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/07/14 23:58:48 | 000,000,205 | ---- | C] () -- C:\Users\Gebruiker\Desktop\Google.url
[2013/07/14 22:30:21 | 000,001,186 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk
[2013/03/23 04:01:52 | 000,025,185 | ---- | C] () -- C:\windows\SysWow64\ieuinit.inf
[2013/03/23 04:01:52 | 000,025,185 | ---- | C] () -- C:\windows\SysNative\ieuinit.inf
[2011/12/23 19:12:57 | 000,098,304 | ---- | C] () -- C:\windows\SysWow64\redmonnt.dll
[2011/12/15 00:24:57 | 001,642,712 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/08/31 20:51:16 | 000,963,116 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin
[2011/08/31 20:51:16 | 000,216,000 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin
[2011/08/31 20:46:00 | 000,056,832 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll
[2011/08/31 20:26:20 | 013,903,872 | ---- | C] () -- C:\windows\SysWow64\ig4icd32.dll
 
========== ZeroAccess Check ==========
 
[2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

 

[Maniac]

Please proceed with my last instructions and then post the result from them and a new fresh OTL log file including 180 days ago.

[Exchequer]

Lost connection:). Starting the last scan now. Will post results later.

[Exchequer]

OTL logfile created on: 7/17/2013 8:51:33 PM - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Gebruiker\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000409 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy
 
3.91 Gb Total Physical Memory | 2.49 Gb Available Physical Memory | 63.70% Memory free
7.82 Gb Paging File | 6.30 Gb Available in Paging File | 80.64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 120.12 Gb Total Space | 76.45 Gb Free Space | 63.65% Space Free | Partition Type: NTFS
Drive D: | 326.01 Gb Total Space | 325.88 Gb Free Space | 99.96% Space Free | Partition Type: NTFS
Drive F: | 116.41 Gb Total Space | 92.92 Gb Free Space | 79.82% Space Free | Partition Type: NTFS
Drive G: | 116.47 Gb Total Space | 110.23 Gb Free Space | 94.64% Space Free | Partition Type: NTFS
 
Computer Name: GEBRUIKER-PC | User Name: Gebruiker | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 180 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/07/17 16:54:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Gebruiker\Desktop\OTL.exe
PRC - [2013/07/08 13:09:11 | 004,317,536 | ---- | M] (TeamViewer GmbH) -- c:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Desktop.exe
PRC - [2013/07/08 13:09:10 | 011,596,128 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
PRC - [2013/07/08 13:09:10 | 004,153,184 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
PRC - [2013/07/08 12:59:02 | 000,195,936 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
PRC - [2012/06/16 04:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccsvchst.exe
PRC - [2012/01/03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/02/14 11:30:50 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/10/06 06:04:12 | 002,655,768 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/10/06 06:04:08 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2010/09/23 04:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/09/22 02:05:24 | 000,165,032 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel®
SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/07/08 13:09:10 | 004,153,184 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2013/06/12 22:01:17 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/06/16 04:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe -- (NIS)
SRV - [2012/01/03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/02/15 11:59:26 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/14 11:30:50 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/10/06 06:04:12 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/10/06 06:04:08 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012/12/08 13:38:41 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012/07/06 04:17:58 | 000,037,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2012/07/06 04:17:57 | 000,737,952 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2012/06/07 06:43:38 | 000,167,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\ccsetx64.sys -- (ccSet_NIS)
DRV:64bit: - [2012/05/22 03:37:12 | 001,129,120 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symefa64.sys -- (SymEFA)
DRV:64bit: - [2012/04/18 04:13:32 | 000,405,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symnets.sys -- (SymNetS)
DRV:64bit: - [2012/04/18 03:42:14 | 000,190,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\ironx64.sys -- (SymIRON)
DRV:64bit: - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/08/31 20:53:22 | 012,306,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/07/25 20:18:36 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symds64.sys -- (SymDS)
DRV:64bit: - [2011/03/21 22:22:06 | 000,452,200 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/04 06:12:35 | 000,315,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)
DRV:64bit: - [2010/11/21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/20 00:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/16 04:42:48 | 000,356,328 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2010/10/16 04:42:48 | 000,121,320 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2010/08/31 15:07:06 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2013/07/17 14:42:09 | 002,098,776 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20130716.017_c76\ex64.sys -- (NAVEX15)
DRV - [2013/07/17 14:42:09 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20130716.017_c76\eng64.sys -- (NAVENG)
DRV - [2013/07/16 17:27:32 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20130716.001_ca7\IDSviA64.sys -- (IDSVia64)
DRV - [2013/07/15 22:58:54 | 001,393,240 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20130715.001_c6c\BHDrvx64.sys -- (BHDrvx64)
DRV - [2013/01/19 13:22:05 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/12/09 14:39:11 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-1556888292-2836821904-4175385719-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
IE - HKU\S-1-5-21-1556888292-2836821904-4175385719-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = nl-NL
IE - HKU\S-1-5-21-1556888292-2836821904-4175385719-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7A 2D 5D B1 EC 82 CE 01  [binary data]
IE - HKU\S-1-5-21-1556888292-2836821904-4175385719-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1556888292-2836821904-4175385719-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-1556888292-2836821904-4175385719-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" =
IE - HKU\S-1-5-21-1556888292-2836821904-4175385719-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Gebruiker\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Gebruiker\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn\ [2013/07/17 14:37:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\ [2013/07/17 20:19:29 | 000,000,000 | ---D | M]
 
[2013/07/14 23:48:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
 
========== Chrome  ==========
 
CHR - homepage: http://www1.delta-search.com/?babsrc=HP_ss&mntrId=AA133860771BE5B6&affID=119357&tsp=4943
CHR - Extension: No name found = C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: No name found = C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: No name found = C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\edlljmjihffpbijaohnhnhafbkodmbco\1\
CHR - Extension: No name found = C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpokbnnjkacjfpeojkafdnamolgnbcen\1\
CHR - Extension: No name found = C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\imocaenbbdjagfmmaanipomlinlmiebp\1\
CHR - Extension: No name found = C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.13.5_0\
CHR - Extension: No name found = C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhojnignjldjlofldbbfnkoiogkjgpcm\1\
CHR - Extension: No name found = C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2013/07/17 15:41:10 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKU\S-1-5-21-1556888292-2836821904-4175385719-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-1556888292-2836821904-4175385719-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LiveSafer.lnk =  File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LiveSafer.lnk =  File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1556888292-2836821904-4175385719-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1556888292-2836821904-4175385719-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{31B68BC3-C850-4E9C-A740-F6B522884878}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/10/27 02:31:27 | 000,000,050 | ---- | M] () - F:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 180 Days ==========
 
[2013/07/17 17:53:05 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/07/17 16:54:53 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Gebruiker\Desktop\OTL.exe
[2013/07/17 16:21:55 | 000,000,000 | ---D | C] -- C:\windows\ERUNT
[2013/07/17 16:08:56 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Gebruiker\Desktop\dds.com
[2013/07/17 16:08:50 | 000,688,992 | ---- | C] (Swearware) -- C:\Users\Gebruiker\Desktop\dds.scr
[2013/07/17 15:48:28 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/07/17 15:42:11 | 000,000,000 | ---D | C] -- C:\windows\temp
[2013/07/17 15:32:38 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2013/07/17 15:32:38 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2013/07/17 15:32:38 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2013/07/17 15:30:27 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/07/17 15:29:50 | 000,000,000 | ---D | C] -- C:\windows\erdnt
[2013/07/17 15:25:32 | 005,484,872 | ---- | C] (TeamViewer GmbH) -- C:\Users\Gebruiker\Desktop\TeamViewer_Setup_nl-ckg.exe
[2013/07/17 15:08:27 | 000,000,000 | ---D | C] -- C:\Users\Gebruiker\AppData\Roaming\Malwarebytes
[2013/07/17 15:08:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/07/17 15:08:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/07/17 15:08:17 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2013/07/17 15:08:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/07/17 15:08:08 | 000,000,000 | ---D | C] -- C:\Users\Gebruiker\AppData\Local\Programs
[2013/07/17 15:02:37 | 000,000,000 | ---D | C] -- C:\MATS
[2013/07/17 14:50:17 | 000,000,000 | ---D | C] -- C:\Users\Gebruiker\AppData\Roaming\TeamViewer
[2013/07/14 23:50:58 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2013/07/14 23:50:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2013/07/14 23:50:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee Security Scan
[2013/07/14 23:47:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Player Classic - Home Cinema
[2013/07/14 23:47:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Media Player Classic - Home Cinema
[2013/07/14 22:37:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013/07/14 22:37:39 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/07/14 22:30:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer
[2013/07/14 22:26:27 | 000,000,000 | ---D | C] -- C:\Users\Gebruiker\AppData\Local\CrashRpt
[2013/05/05 10:06:53 | 000,000,000 | ---D | C] -- C:\ProgramData\StarApp
[2013/05/05 10:00:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Solibo Ltd
[2013/05/05 10:00:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Solibo Ltd
[2013/03/14 00:33:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013/03/14 00:32:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013/03/14 00:32:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
 
========== Files - Modified Within 180 Days ==========
 
[2013/07/17 20:45:00 | 000,001,082 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1556888292-2836821904-4175385719-1000UA.job
[2013/07/17 20:45:00 | 000,001,062 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/17 20:31:44 | 000,001,174 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 8.lnk
[2013/07/17 20:25:26 | 000,021,888 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/17 20:25:26 | 000,021,888 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/17 20:18:15 | 000,001,058 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/07/17 20:18:09 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/07/17 20:18:05 | 3148,382,208 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/17 20:01:00 | 000,000,940 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/07/17 16:54:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Gebruiker\Desktop\OTL.exe
[2013/07/17 16:08:57 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Gebruiker\Desktop\dds.com
[2013/07/17 16:08:50 | 000,688,992 | ---- | M] (Swearware) -- C:\Users\Gebruiker\Desktop\dds.scr
[2013/07/17 15:41:10 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2013/07/17 15:25:16 | 005,484,872 | ---- | M] (TeamViewer GmbH) -- C:\Users\Gebruiker\Desktop\TeamViewer_Setup_nl-ckg.exe
[2013/07/17 15:13:28 | 001,983,723 | ---- | M] () -- C:\windows\SysNative\drivers\NISx64\1309010.00E\Cat.DB
[2013/07/17 15:08:19 | 000,001,121 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/07/17 14:56:03 | 000,001,225 | ---- | M] () -- C:\prefs.js
[2013/07/17 14:45:35 | 000,001,030 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1556888292-2836821904-4175385719-1000Core.job
[2013/07/14 23:58:48 | 000,000,205 | ---- | M] () -- C:\Users\Gebruiker\Desktop\Google.url
[2013/05/29 21:00:03 | 001,665,488 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/05/29 21:00:03 | 000,743,764 | ---- | M] () -- C:\windows\SysNative\perfh013.dat
[2013/05/29 21:00:03 | 000,652,610 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/05/29 21:00:03 | 000,152,622 | ---- | M] () -- C:\windows\SysNative\perfc013.dat
[2013/05/29 21:00:03 | 000,121,284 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/05/21 11:55:54 | 000,275,944 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013/05/07 23:39:18 | 001,642,712 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2013/03/23 04:01:52 | 000,025,185 | ---- | M] () -- C:\windows\SysWow64\ieuinit.inf
[2013/03/23 04:01:52 | 000,025,185 | ---- | M] () -- C:\windows\SysNative\ieuinit.inf
[2013/02/10 19:56:39 | 000,002,509 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2013/02/10 19:56:09 | 000,014,818 | ---- | M] () -- C:\windows\SysNative\drivers\NISx64\1309010.00E\VT20130115.021
[2013/02/02 08:12:08 | 000,000,172 | ---- | M] () -- C:\windows\SysNative\drivers\NISx64\1309010.00E\isolate.ini
 
========== Files Created - No Company Name ==========
 
[2013/07/17 20:30:05 | 000,001,174 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 8.lnk
[2013/07/17 15:32:38 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2013/07/17 15:32:38 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2013/07/17 15:32:38 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2013/07/17 15:32:38 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2013/07/17 15:32:38 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2013/07/17 15:08:19 | 000,001,121 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/07/14 23:58:48 | 000,000,205 | ---- | C] () -- C:\Users\Gebruiker\Desktop\Google.url
[2013/07/14 22:30:21 | 000,001,186 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk
[2013/03/23 04:01:52 | 000,025,185 | ---- | C] () -- C:\windows\SysWow64\ieuinit.inf
[2013/03/23 04:01:52 | 000,025,185 | ---- | C] () -- C:\windows\SysNative\ieuinit.inf
[2011/12/23 19:12:57 | 000,098,304 | ---- | C] () -- C:\windows\SysWow64\redmonnt.dll
[2011/12/15 00:24:57 | 001,642,712 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/08/31 20:51:16 | 000,963,116 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin
[2011/08/31 20:51:16 | 000,216,000 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin
[2011/08/31 20:46:00 | 000,056,832 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll
[2011/08/31 20:26:20 | 013,903,872 | ---- | C] () -- C:\windows\SysWow64\ig4icd32.dll
 
========== ZeroAccess Check ==========
 
[2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

[Maniac]

What about your OTL fix log?

[Exchequer]

I believe this was otl.txt , after the mandatory reboot. Which file are you referring too?

 

regards.

[Maniac]

My last instructions were:

Please proceed with my last instructions and then post the result from them and a new fresh OTL log file including 180 days ago.

So I'm waiting for a new fresh OTL.txt content (including 180 days ago) and OTL fix log.

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Please post the OTL fix log in your next reply.

Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles

[Exchequer]

Aha I see what happened here. I read this "Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles"  as "Note: A copy of an old fix log is saved in a text file at C:\_OTL\MovedFiles".

 

Made sense since I have been running OTL 4x now. Hence I assumed the displayed log file was the fix log.

 

Will try to find the fix log and do a new scan tommorow. I am doing this through teamviewer so sometimes it takes a while.

[Maniac]

Thanks for letting me know!

[Exchequer]

Fix log:

                                                                                                                                                                                                                                                            All processes killed========== OTL ==========Use Chrome's Settings page to change the HomePage.Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35682AA1-4056-476A-B738-B58E146B0A52}\ deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{35682AA1-4056-476A-B738-B58E146B0A52}\ deleted successfully.Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B20E78B7-FA05-69B9-2EF9-ADAEB0781778}\ deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B20E78B7-FA05-69B9-2EF9-ADAEB0781778}\ deleted successfully.========== FILES ==========File\Folder C:\ProgramData\Seyarich-eNeWTTab not found.File\Folder C:\ProgramData\conytinuetuossave not found.========== REGISTRY ==========Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\{0F44DC3F-6E62-4961-A14B-95323C512F9B}_is1 not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F44DC3F-6E62-4961-A14B-95323C512F9B}_is1\ not found.========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytes User: Default User->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytes User: Gebruiker->Temp folder emptied: 32361439 bytes->Temporary Internet Files folder emptied: 37899142 bytes->Google Chrome cache emptied: 7685791 bytes->Flash cache emptied: 1896 bytes User: Public->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes%systemroot% .tmp files removed: 0 bytes%systemroot%\System32 .tmp files removed: 0 bytes%systemroot%\System32 (64bit) .tmp files removed: 0 bytes%systemroot%\System32\drivers .tmp files removed: 0 bytesWindows Temp folder emptied: 5376 bytes%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 1207672 bytes%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 78134 bytesRecycleBin emptied: 0 bytes Total Files Cleaned = 76.00 mb  OTL by OldTimer - Version 3.2.69.0 log created on 07172013_175305Files\Folders moved on Reboot...C:\Users\Gebruiker\AppData\Local\Temp\TeamViewer\Version8\tv_x64.dll moved successfully.File move failed. C:\Users\Gebruiker\AppData\Local\Temp\FXSAPIDebugLogFile.txt scheduled to be moved on reboot.C:\Users\Gebruiker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VLW2AL4J\index[2].htm moved successfully.C:\Users\Gebruiker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TVL0E4B2\xd_arbiter[1].htm moved successfully.C:\Users\Gebruiker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5VK04701\fastbutton[1].htm moved successfully.C:\Users\Gebruiker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5VK04701\like[1].htm moved successfully.C:\Users\Gebruiker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5VK04701\xd_arbiter[1].htm moved successfully.File move failed. C:\Users\Gebruiker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\7A7E08C8-3FF5-45F2-873D-A84D669DC82F.dat scheduled to be moved on reboot.C:\Users\Gebruiker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.File move failed. C:\Users\Gebruiker\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.PendingFileRenameOperations files...Registry entries deleted on Reboot...

OTL log: (did not start this myself, should be OK I gave clear instructions):

                                                                                                                                                                                                                                                            OTL logfile created on: 7/20/2013 11:28:46 AM - Run 6OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Gebruiker\Desktop64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstationInternet Explorer (Version = 9.10.9200.16635)Locale: 00000409 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy 3.91 Gb Total Physical Memory | 2.46 Gb Available Physical Memory | 62.84% Memory free7.82 Gb Paging File | 6.53 Gb Available in Paging File | 83.52% Paging File freePaging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)Drive C: | 120.12 Gb Total Space | 81.11 Gb Free Space | 67.52% Space Free | Partition Type: NTFSDrive D: | 326.01 Gb Total Space | 325.88 Gb Free Space | 99.96% Space Free | Partition Type: NTFSDrive F: | 116.41 Gb Total Space | 92.92 Gb Free Space | 79.82% Space Free | Partition Type: NTFSDrive G: | 116.47 Gb Total Space | 110.23 Gb Free Space | 94.64% Space Free | Partition Type: NTFS Computer Name: GEBRUIKER-PC | User Name: Gebruiker | Logged in as Administrator.Boot Mode: Normal | Scan Mode: All users | Include 64bit ScansCompany Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 180 Days ========== Processes (SafeList) ========== PRC - [2013/07/17 16:54:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Gebruiker\Desktop\OTL.exePRC - [2013/07/08 13:09:10 | 011,596,128 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exePRC - [2013/07/08 13:09:10 | 004,153,184 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exePRC - [2013/07/08 12:59:02 | 000,195,936 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exePRC - [2012/06/16 04:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccsvchst.exePRC - [2012/01/03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exePRC - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exePRC - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exePRC - [2011/02/14 11:30:50 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXEPRC - [2010/10/06 06:04:12 | 002,655,768 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exePRC - [2010/10/06 06:04:08 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exePRC - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe  ========== Modules (No Company Name) ==========  ========== Services (SafeList) ========== SRV:64bit: - [2013/05/27 07:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)SRV:64bit: - [2010/09/23 04:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)SRV:64bit: - [2010/09/22 02:05:24 | 000,165,032 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel(R)SRV - [2013/07/08 13:09:10 | 004,153,184 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)SRV - [2013/06/12 22:01:17 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)SRV - [2012/06/16 04:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe -- (NIS)SRV - [2012/01/03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)SRV - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)SRV - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)SRV - [2011/02/15 11:59:26 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)SRV - [2011/02/14 11:30:50 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)SRV - [2010/10/06 06:04:12 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)SRV - [2010/10/06 06:04:08 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)  ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/12/08 13:38:41 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)DRV:64bit: - [2012/07/06 04:17:58 | 000,037,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\srtspx64.sys -- (SRTSPX)DRV:64bit: - [2012/07/06 04:17:57 | 000,737,952 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\srtsp64.sys -- (SRTSP)DRV:64bit: - [2012/06/07 06:43:38 | 000,167,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\ccsetx64.sys -- (ccSet_NIS)DRV:64bit: - [2012/05/22 03:37:12 | 001,129,120 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symefa64.sys -- (SymEFA)DRV:64bit: - [2012/04/18 04:13:32 | 000,405,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symnets.sys -- (SymNetS)DRV:64bit: - [2012/04/18 03:42:14 | 000,190,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\ironx64.sys -- (SymIRON)DRV:64bit: - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)DRV:64bit: - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)DRV:64bit: - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)DRV:64bit: - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)DRV:64bit: - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)DRV:64bit: - [2011/08/31 20:53:22 | 012,306,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)DRV:64bit: - [2011/07/25 20:18:36 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symds64.sys -- (SymDS)DRV:64bit: - [2011/03/21 22:22:06 | 000,452,200 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)DRV:64bit: - [2011/01/04 06:12:35 | 000,315,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)DRV:64bit: - [2010/11/21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)DRV:64bit: - [2010/11/21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)DRV:64bit: - [2010/11/21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)DRV:64bit: - [2010/10/20 00:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)DRV:64bit: - [2010/10/16 04:42:48 | 000,356,328 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)DRV:64bit: - [2010/10/16 04:42:48 | 000,121,320 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)DRV:64bit: - [2010/08/31 15:07:06 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)DRV - [2013/07/17 14:42:09 | 002,098,776 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20130719.020\ex64.sys -- (NAVEX15)DRV - [2013/07/17 14:42:09 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20130719.020\eng64.sys -- (NAVENG)DRV - [2013/07/16 17:27:32 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20130719.002\IDSviA64.sys -- (IDSVia64)DRV - [2013/07/15 22:58:54 | 001,393,240 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20130715.001_c6c\BHDrvx64.sys -- (BHDrvx64)DRV - [2013/01/19 13:22:05 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)DRV - [2012/12/09 14:39:11 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)  ========== Standard Registry (SafeList) ==========  ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRCIE:64bit:'>http://www.bing.com/search?q={searchTerms}&FORM=IE8SRCIE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7IE'>http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htmIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.comIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.comIE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRCIE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7  IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =  IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =  IE - HKU\S-1-5-21-1556888292-2836821904-4175385719-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/IE - HKU\S-1-5-21-1556888292-2836821904-4175385719-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = nl-NLIE - HKU\S-1-5-21-1556888292-2836821904-4175385719-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7A 2D 5D B1 EC 82 CE 01  [binary data]IE - HKU\S-1-5-21-1556888292-2836821904-4175385719-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE - HKU\S-1-5-21-1556888292-2836821904-4175385719-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SRIE - HKU\S-1-5-21-1556888292-2836821904-4175385719-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = IE - HKU\S-1-5-21-1556888292-2836821904-4175385719-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0  ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Gebruiker\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Gebruiker\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn\ [2013/07/17 14:37:02 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\ [2013/07/20 10:47:00 | 000,000,000 | ---D | M] [2013/07/14 23:48:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions ========== Chrome  ========== CHR - homepage: http://www1.delta-search.com/?babsrc=HP_ss&mntrId=AA133860771BE5B6&affID=119357&tsp=4943CHR - Extension: No name found = C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\CHR - Extension: No name found = C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\CHR - Extension: No name found = C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\edlljmjihffpbijaohnhnhafbkodmbco\1\CHR - Extension: No name found = C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpokbnnjkacjfpeojkafdnamolgnbcen\1\CHR - Extension: No name found = C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\imocaenbbdjagfmmaanipomlinlmiebp\1\CHR - Extension: No name found = C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.13.5_0\CHR - Extension: No name found = C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhojnignjldjlofldbbfnkoiogkjgpcm\1\CHR - Extension: No name found = C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2013/07/17 15:41:10 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hostsO1 - Hosts: 127.0.0.1       localhostO2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll (Symantec Corporation)O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ips\ipsbho.dll (Symantec Corporation)O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll (Symantec Corporation)O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)O3:64bit: - HKU\S-1-5-21-1556888292-2836821904-4175385719-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)O3 - HKU\S-1-5-21-1556888292-2836821904-4175385719-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll (Symantec Corporation)O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LiveSafer.lnk =  File not foundO4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LiveSafer.lnk =  File not foundO6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions presentO6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-21-1556888292-2836821904-4175385719-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-21-1556888292-2836821904-4175385719-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O13 - gopher Prefix: missingO17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{31B68BC3-C850-4E9C-A740-F6B522884878}: DhcpNameServer = 192.168.0.1O18:64bit: - Protocol\Handler\livecall - No CLSID value foundO18:64bit: - Protocol\Handler\msnim - No CLSID value foundO18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value foundO18:64bit: - Protocol\Handler\wlpg - No CLSID value foundO20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O32 - HKLM CDRom: AutoRun - 1O32 - AutoRun File - [2005/10/27 02:31:27 | 000,000,050 | ---- | M] () - F:\AUTOEXEC.BAT -- [ NTFS ]O34 - HKLM BootExecute: (autocheck autochk *)O35:64bit: - HKLM\..comfile [open] -- "%1" %*O35:64bit: - HKLM\..exefile [open] -- "%1" %*O35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*O37 - HKLM\...com [@ = ComFile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %*O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 180 Days ========== [2013/07/17 23:04:22 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll[2013/07/17 23:04:22 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll[2013/07/17 23:04:21 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesysprep.dll[2013/07/17 23:04:21 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesysprep.dll[2013/07/17 23:04:21 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\RegisterIEPKEYs.exe[2013/07/17 23:04:21 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\RegisterIEPKEYs.exe[2013/07/17 23:04:21 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll[2013/07/17 23:04:21 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll[2013/07/17 23:04:21 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe[2013/07/17 23:04:21 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll[2013/07/17 23:04:21 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll[2013/07/17 23:04:20 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll[2013/07/17 23:04:20 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll[2013/07/17 23:04:20 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll[2013/07/17 23:04:19 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll[2013/07/17 17:53:05 | 000,000,000 | ---D | C] -- C:\_OTL[2013/07/17 16:54:53 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Gebruiker\Desktop\OTL.exe[2013/07/17 16:21:55 | 000,000,000 | ---D | C] -- C:\windows\ERUNT[2013/07/17 16:08:56 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Gebruiker\Desktop\dds.com[2013/07/17 16:08:50 | 000,688,992 | ---- | C] (Swearware) -- C:\Users\Gebruiker\Desktop\dds.scr[2013/07/17 15:48:28 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN[2013/07/17 15:42:11 | 000,000,000 | ---D | C] -- C:\windows\temp[2013/07/17 15:32:38 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe[2013/07/17 15:32:38 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe[2013/07/17 15:32:38 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe[2013/07/17 15:30:27 | 000,000,000 | ---D | C] -- C:\Qoobox[2013/07/17 15:29:50 | 000,000,000 | ---D | C] -- C:\windows\erdnt[2013/07/17 15:25:32 | 005,484,872 | ---- | C] (TeamViewer GmbH) -- C:\Users\Gebruiker\Desktop\TeamViewer_Setup_nl-ckg.exe[2013/07/17 15:08:27 | 000,000,000 | ---D | C] -- C:\Users\Gebruiker\AppData\Roaming\Malwarebytes[2013/07/17 15:08:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware[2013/07/17 15:08:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes[2013/07/17 15:08:17 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys[2013/07/17 15:08:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware[2013/07/17 15:08:08 | 000,000,000 | ---D | C] -- C:\Users\Gebruiker\AppData\Local\Programs[2013/07/17 15:02:37 | 000,000,000 | ---D | C] -- C:\MATS[2013/07/17 14:50:17 | 000,000,000 | ---D | C] -- C:\Users\Gebruiker\AppData\Roaming\TeamViewer[2013/07/17 14:47:14 | 000,624,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\qedit.dll[2013/07/17 14:47:14 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\qedit.dll[2013/07/17 14:47:13 | 001,887,744 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WMVDECOD.DLL[2013/07/17 14:47:13 | 001,620,480 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WMVDECOD.DLL[2013/07/17 14:45:06 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\DWrite.dll[2013/07/14 23:50:58 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee[2013/07/14 23:50:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus[2013/07/14 23:50:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee Security Scan[2013/07/14 23:47:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Player Classic - Home Cinema[2013/07/14 23:47:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Media Player Classic - Home Cinema[2013/07/14 22:37:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner[2013/07/14 22:37:39 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner[2013/07/14 22:30:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer[2013/07/14 22:26:27 | 000,000,000 | ---D | C] -- C:\Users\Gebruiker\AppData\Local\CrashRpt[2013/06/13 22:47:54 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\win32spl.dll[2013/06/13 22:47:54 | 000,492,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\win32spl.dll[2013/06/13 22:47:50 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cryptdlg.dll[2013/06/13 22:47:50 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\cryptdlg.dll[2013/06/13 22:47:40 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WindowsCodecs.dll[2013/06/13 22:47:12 | 001,192,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\certutil.exe[2013/06/13 22:47:11 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\crypt32.dll[2013/06/13 22:47:11 | 000,903,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\certutil.exe[2013/06/13 22:47:11 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cryptnet.dll[2013/06/13 22:47:11 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\certenc.dll[2013/06/13 22:47:11 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\certenc.dll[2013/06/13 22:47:03 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3d11.dll[2013/06/13 22:47:03 | 001,505,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3d11.dll[2013/05/20 12:46:19 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\dxgmms1.sys[2013/05/20 12:46:18 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cdd.dll[2013/05/20 12:46:06 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\authui.dll[2013/05/20 12:46:06 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\authui.dll[2013/05/20 12:46:06 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\shdocvw.dll[2013/05/20 12:46:06 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\consent.exe[2013/05/20 12:46:03 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wwanprotdim.dll[2013/05/05 10:06:53 | 000,000,000 | ---D | C] -- C:\ProgramData\StarApp[2013/05/05 10:00:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Solibo Ltd[2013/05/05 10:00:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Solibo Ltd[2013/04/10 11:58:24 | 003,717,632 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mstscax.dll[2013/04/10 11:58:23 | 003,217,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mstscax.dll[2013/04/10 11:58:23 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\aaclient.dll[2013/04/10 11:58:23 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\aaclient.dll[2013/04/10 11:58:23 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\tsgqec.dll[2013/04/10 11:58:23 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\tsgqec.dll[2013/04/10 11:58:16 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe[2013/04/10 11:58:15 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe[2013/04/10 11:58:15 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe[2013/04/10 11:58:15 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\smss.exe[2013/04/10 11:58:15 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\csrsrv.dll[2013/04/10 11:58:15 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\apisetschema.dll[2013/03/23 04:01:52 | 001,509,376 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl[2013/03/23 04:01:52 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl[2013/03/23 04:01:52 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dat[2013/03/23 04:01:52 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dat[2013/03/23 04:01:52 | 001,054,720 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MsSpellCheckingFacility.exe[2013/03/23 04:01:52 | 000,905,728 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmlmedia.dll[2013/03/23 04:01:52 | 000,762,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dll[2013/03/23 04:01:52 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmlmedia.dll[2013/03/23 04:01:52 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dll[2013/03/23 04:01:52 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll[2013/03/23 04:01:52 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dxtmsft.dll[2013/03/23 04:01:52 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\html.iec[2013/03/23 04:01:52 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\html.iec[2013/03/23 04:01:52 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dxtrans.dll[2013/03/23 04:01:52 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll[2013/03/23 04:01:52 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll[2013/03/23 04:01:52 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\elshyph.dll[2013/03/23 04:01:52 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msls31.dll[2013/03/23 04:01:52 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msrating.dll[2013/03/23 04:01:52 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\elshyph.dll[2013/03/23 04:01:52 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe[2013/03/23 04:01:52 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iexpress.exe[2013/03/23 04:01:52 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msrating.dll[2013/03/23 04:01:52 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iexpress.exe[2013/03/23 04:01:52 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\occache.dll[2013/03/23 04:01:52 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wextract.exe[2013/03/23 04:01:52 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wextract.exe[2013/03/23 04:01:52 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe[2013/03/23 04:01:52 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iepeers.dll[2013/03/23 04:01:52 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\IEAdvpack.dll[2013/03/23 04:01:52 | 000,125,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\occache.dll[2013/03/23 04:01:52 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iepeers.dll[2013/03/23 04:01:52 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\IEAdvpack.dll[2013/03/23 04:01:52 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inseng.dll[2013/03/23 04:01:52 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll[2013/03/23 04:01:52 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\SetIEInstalledDate.exe[2013/03/23 04:01:52 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inseng.dll[2013/03/23 04:01:52 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\icardie.dll[2013/03/23 04:01:52 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll[2013/03/23 04:01:52 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\tdc.ocx[2013/03/23 04:01:52 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\SetIEInstalledDate.exe[2013/03/23 04:01:52 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\icardie.dll[2013/03/23 04:01:52 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\pngfilt.dll[2013/03/23 04:01:52 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\tdc.ocx[2013/03/23 04:01:52 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\pngfilt.dll[2013/03/23 04:01:52 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\imgutil.dll[2013/03/23 04:01:52 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmler.dll[2013/03/23 04:01:52 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmler.dll[2013/03/23 04:01:52 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\licmgr10.dll[2013/03/23 04:01:52 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\licmgr10.dll[2013/03/23 04:01:52 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshta.exe[2013/03/23 04:01:52 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeedssync.exe[2013/03/23 04:01:52 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msfeedssync.exe[2013/03/20 22:37:23 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\usb8023.sys[2013/03/14 00:33:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight[2013/03/14 00:32:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight[2013/03/14 00:32:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight[2013/02/27 23:46:00 | 002,776,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msmpeg2vdec.dll[2013/02/27 23:46:00 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msmpeg2vdec.dll[2013/02/27 23:46:00 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\UIAnimation.dll[2013/02/27 23:46:00 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\UIAnimation.dll[2013/02/27 23:45:52 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WMPhoto.dll[2013/02/27 23:45:52 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WMPhoto.dll[2013/02/27 23:45:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll[2013/02/27 23:45:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll[2013/02/27 23:45:50 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3d10warp.dll[2013/02/27 23:45:50 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XpsGdiConverter.dll[2013/02/27 23:45:50 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3d10_1.dll[2013/02/27 23:45:50 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll[2013/02/27 23:45:50 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll[2013/02/27 23:45:50 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll[2013/02/27 23:45:50 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll[2013/02/27 23:45:50 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll[2013/02/27 23:45:50 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll[2013/02/27 23:45:49 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XpsGdiConverter.dll[2013/02/27 23:45:49 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll[2013/02/27 23:45:49 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll[2013/02/27 23:45:49 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll[2013/02/27 23:45:49 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll[2013/02/27 23:45:49 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll[2013/02/27 23:45:49 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll[2013/02/27 23:45:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll[2013/02/27 23:45:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll[2013/02/27 23:45:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll[2013/02/27 23:45:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll[2013/02/27 23:45:48 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XpsPrint.dll[2013/02/27 23:45:48 | 001,238,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3d10.dll[2013/02/27 23:45:48 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XpsPrint.dll[2013/02/27 23:45:48 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3d10level9.dll[2013/02/27 23:45:48 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dxgi.dll[2013/02/27 23:45:48 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3d10_1core.dll[2013/02/27 23:45:48 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3d10core.dll[2013/02/27 23:45:48 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WindowsCodecsExt.dll[2013/02/27 23:45:47 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d2d1.dll[2013/02/13 22:33:06 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winsrv.dll[2013/02/13 22:33:05 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\setup16.exe[2013/02/13 22:33:05 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntvdm64.dll[2013/02/13 22:33:05 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\instnm.exe[2013/02/13 22:33:05 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wow32.dll[2013/02/13 22:33:05 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\user.exe[2013/02/13 22:33:04 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\FWPKCLNT.SYS ========== Files - Modified Within 180 Days ========== [2013/07/20 11:01:00 | 000,000,940 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job[2013/07/20 10:53:34 | 000,021,888 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0[2013/07/20 10:53:34 | 000,021,888 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0[2013/07/20 10:45:42 | 000,001,058 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job[2013/07/20 10:45:25 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat[2013/07/20 10:44:58 | 3148,382,208 | -HS- | M] () -- C:\hiberfil.sys[2013/07/20 10:43:28 | 000,277,056 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT[2013/07/20 10:42:16 | 001,990,171 | ---- | M] () -- C:\windows\SysNative\drivers\NISx64\1309010.00E\Cat.DB[2013/07/17 23:07:55 | 001,687,192 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI[2013/07/17 23:07:55 | 000,743,764 | ---- | M] () -- C:\windows\SysNative\perfh013.dat[2013/07/17 23:07:55 | 000,652,610 | ---- | M] () -- C:\windows\SysNative\perfh009.dat[2013/07/17 23:07:55 | 000,152,622 | ---- | M] () -- C:\windows\SysNative\perfc013.dat[2013/07/17 23:07:55 | 000,121,284 | ---- | M] () -- C:\windows\SysNative\perfc009.dat[2013/07/17 22:45:00 | 000,001,082 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1556888292-2836821904-4175385719-1000UA.job[2013/07/17 22:45:00 | 000,001,062 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job[2013/07/17 20:31:44 | 000,001,174 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 8.lnk[2013/07/17 16:54:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Gebruiker\Desktop\OTL.exe[2013/07/17 16:08:57 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Gebruiker\Desktop\dds.com[2013/07/17 16:08:50 | 000,688,992 | ---- | M] (Swearware) -- C:\Users\Gebruiker\Desktop\dds.scr[2013/07/17 15:41:10 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts[2013/07/17 15:25:16 | 005,484,872 | ---- | M] (TeamViewer GmbH) -- C:\Users\Gebruiker\Desktop\TeamViewer_Setup_nl-ckg.exe[2013/07/17 15:08:19 | 000,001,121 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk[2013/07/17 14:56:03 | 000,001,225 | ---- | M] () -- C:\prefs.js[2013/07/17 14:45:35 | 000,001,030 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1556888292-2836821904-4175385719-1000Core.job[2013/07/14 23:58:48 | 000,000,205 | ---- | M] () -- C:\Users\Gebruiker\Desktop\Google.url[2013/06/12 22:01:15 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe[2013/06/12 22:01:15 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl[2013/06/12 01:43:00 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll[2013/06/12 01:42:58 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll[2013/06/12 01:42:58 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iesysprep.dll[2013/06/12 01:42:58 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll[2013/06/12 01:42:58 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll[2013/06/12 01:26:36 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe[2013/06/12 01:25:29 | 000,603,136 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll[2013/06/12 01:25:16 | 003,958,784 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll[2013/06/12 01:25:16 | 000,855,552 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll[2013/06/12 01:25:13 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll[2013/06/12 01:25:13 | 000,136,704 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iesysprep.dll[2013/06/12 01:25:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll[2013/06/12 01:25:13 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll[2013/06/12 00:51:45 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\RegisterIEPKEYs.exe[2013/06/12 00:50:58 | 000,089,600 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\RegisterIEPKEYs.exe[2013/06/04 08:00:13 | 000,624,128 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\qedit.dll[2013/06/04 06:53:07 | 000,509,440 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\qedit.dll[2013/05/13 07:51:00 | 001,464,320 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\crypt32.dll[2013/05/13 07:51:00 | 000,139,776 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\cryptnet.dll[2013/05/13 07:50:40 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\certenc.dll[2013/05/13 05:43:55 | 001,192,448 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\certutil.exe[2013/05/13 05:08:10 | 000,903,168 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\certutil.exe[2013/05/13 05:08:06 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\certenc.dll[2013/05/10 07:49:27 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\cryptdlg.dll[2013/05/10 05:20:54 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\cryptdlg.dll[2013/05/07 23:39:18 | 001,642,712 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI[2013/05/06 08:03:49 | 001,887,744 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\WMVDECOD.DLL[2013/05/06 06:56:35 | 001,620,480 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\WMVDECOD.DLL[2013/04/26 07:51:36 | 000,751,104 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\win32spl.dll[2013/04/26 06:55:21 | 000,492,544 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\win32spl.dll[2013/04/26 01:30:32 | 001,505,280 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\d3d11.dll[2013/04/17 08:24:46 | 001,424,384 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\WindowsCodecs.dll[2013/04/10 08:01:54 | 000,265,064 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\drivers\dxgmms1.sys[2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys[2013/04/03 00:51:57 | 001,643,520 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\DWrite.dll[2013/04/01 00:52:16 | 001,887,232 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\d3d11.dll[2013/03/23 04:01:52 | 001,509,376 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl[2013/03/23 04:01:52 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl[2013/03/23 04:01:52 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dat[2013/03/23 04:01:52 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dat[2013/03/23 04:01:52 | 001,054,720 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\MsSpellCheckingFacility.exe[2013/03/23 04:01:52 | 000,905,728 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mshtmlmedia.dll[2013/03/23 04:01:52 | 000,762,368 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dll[2013/03/23 04:01:52 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmlmedia.dll[2013/03/23 04:01:52 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dll[2013/03/23 04:01:52 | 000,599,552 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll[2013/03/23 04:01:52 | 000,452,096 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\dxtmsft.dll[2013/03/23 04:01:52 | 000,441,856 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\html.iec[2013/03/23 04:01:52 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\html.iec[2013/03/23 04:01:52 | 000,281,600 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\dxtrans.dll[2013/03/23 04:01:52 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\url.dll[2013/03/23 04:01:52 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll[2013/03/23 04:01:52 | 000,226,304 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\elshyph.dll[2013/03/23 04:01:52 | 000,216,064 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msls31.dll[2013/03/23 04:01:52 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msrating.dll[2013/03/23 04:01:52 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\elshyph.dll[2013/03/23 04:01:52 | 000,173,568 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe[2013/03/23 04:01:52 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iexpress.exe[2013/03/23 04:01:52 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\msrating.dll[2013/03/23 04:01:52 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iexpress.exe[2013/03/23 04:01:52 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\occache.dll[2013/03/23 04:01:52 | 000,144,896 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wextract.exe[2013/03/23 04:01:52 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\wextract.exe[2013/03/23 04:01:52 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe[2013/03/23 04:01:52 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iepeers.dll[2013/03/23 04:01:52 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\IEAdvpack.dll[2013/03/23 04:01:52 | 000,125,440 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\occache.dll[2013/03/23 04:01:52 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iepeers.dll[2013/03/23 04:01:52 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\IEAdvpack.dll[2013/03/23 04:01:52 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\inseng.dll[2013/03/23 04:01:52 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll[2013/03/23 04:01:52 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\SetIEInstalledDate.exe[2013/03/23 04:01:52 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\inseng.dll[2013/03/23 04:01:52 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\icardie.dll[2013/03/23 04:01:52 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll[2013/03/23 04:01:52 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\tdc.ocx[2013/03/23 04:01:52 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\SetIEInstalledDate.exe[2013/03/23 04:01:52 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\icardie.dll[2013/03/23 04:01:52 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\pngfilt.dll[2013/03/23 04:01:52 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\tdc.ocx[2013/03/23 04:01:52 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\pngfilt.dll[2013/03/23 04:01:52 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\imgutil.dll[2013/03/23 04:01:52 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmler.dll[2013/03/23 04:01:52 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mshtmler.dll[2013/03/23 04:01:52 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\licmgr10.dll[2013/03/23 04:01:52 | 000,025,185 | ---- | M] () -- C:\windows\SysWow64\ieuinit.inf[2013/03/23 04:01:52 | 000,025,185 | ---- | M] () -- C:\windows\SysNative\ieuinit.inf[2013/03/23 04:01:52 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\licmgr10.dll[2013/03/23 04:01:52 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mshta.exe[2013/03/23 04:01:52 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msfeedssync.exe[2013/03/23 04:01:52 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\msfeedssync.exe[2013/03/19 08:04:06 | 005,550,424 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe[2013/03/19 07:53:58 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wwanprotdim.dll[2013/03/19 07:46:56 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\csrsrv.dll[2013/03/19 07:04:13 | 003,968,856 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe[2013/03/19 07:04:10 | 003,913,560 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe[2013/03/19 06:47:50 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\apisetschema.dll[2013/03/19 05:06:33 | 000,112,640 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\smss.exe[2013/02/27 08:02:44 | 000,111,448 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\consent.exe[2013/02/27 07:52:55 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\shdocvw.dll[2013/02/27 07:48:00 | 001,930,752 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\authui.dll[2013/02/27 06:49:24 | 001,796,096 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\authui.dll[2013/02/15 08:08:40 | 000,044,032 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\tsgqec.dll[2013/02/15 08:06:11 | 003,717,632 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mstscax.dll[2013/02/15 08:02:26 | 000,158,720 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\aaclient.dll[2013/02/15 06:37:10 | 003,217,408 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\mstscax.dll[2013/02/15 06:34:10 | 000,131,584 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\aaclient.dll[2013/02/15 05:25:51 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\tsgqec.dll[2013/02/12 06:12:05 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\drivers\usb8023.sys[2013/02/10 19:56:39 | 000,002,509 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk[2013/02/10 19:56:09 | 000,014,818 | ---- | M] () -- C:\windows\SysNative\drivers\NISx64\1309010.00E\VT20130115.021[2013/02/02 08:12:08 | 000,000,172 | ---- | M] () -- C:\windows\SysNative\drivers\NISx64\1309010.00E\isolate.ini ========== Files Created - No Company Name ========== [2013/07/17 20:30:05 | 000,001,174 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 8.lnk[2013/07/17 15:32:38 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe[2013/07/17 15:32:38 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe[2013/07/17 15:32:38 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe[2013/07/17 15:32:38 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe[2013/07/17 15:32:38 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe[2013/07/17 15:08:19 | 000,001,121 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk[2013/07/14 23:58:48 | 000,000,205 | ---- | C] () -- C:\Users\Gebruiker\Desktop\Google.url[2013/07/14 22:30:21 | 000,001,186 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk[2013/03/23 04:01:52 | 000,025,185 | ---- | C] () -- C:\windows\SysWow64\ieuinit.inf[2013/03/23 04:01:52 | 000,025,185 | ---- | C] () -- C:\windows\SysNative\ieuinit.inf[2011/12/23 19:12:57 | 000,098,304 | ---- | C] () -- C:\windows\SysWow64\redmonnt.dll[2011/12/15 00:24:57 | 001,642,712 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI[2011/08/31 20:51:16 | 000,963,116 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin[2011/08/31 20:51:16 | 000,216,000 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin[2011/08/31 20:46:00 | 000,056,832 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll[2011/08/31 20:26:20 | 013,903,872 | ---- | C] () -- C:\windows\SysWow64\ig4icd32.dll ========== ZeroAccess Check ========== [2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]< End of report >