Jump to content

Bad image error after running a scan in Malwarebytes


Recommended Posts

Dear Sir, Madame,

 

I scanned my computer with Malwarebytes but after the scan and reboot of windows, i faced the same problem as in this topic: 145506

 

I allready scanned the computer with FRST

 

Can you please help me find a solution to this problem.

 

I first posted this on the wrong forum : 53614 (sorry :-)  )

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:25-07-2014
Ran by pc (administrator) on PC-PC on 26-07-2014 13:18:24
Running from C:\Users\pc\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2ERY49L0
Platform: Microsoft® Windows Vista™ Ultimate  Service Pack 2 (X86) OS Language: Engels (Verenigde Staten)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(SweetIM Technologies Ltd.) C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\Run: [skype] => C:\Program Files\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {0134a68e-a2c6-11e2-bdc1-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {044d8d92-adc2-11e2-937f-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {044d8da5-adc2-11e2-937f-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {0a760afb-dfb9-11e2-898a-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {0cc5b1fb-2ab2-11e2-bca6-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {13ea8ff1-b227-11e2-8eaf-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {18c50d63-1dd7-11e3-acf4-806e6f6e6963} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {27443d2b-72e6-11e2-8f1f-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {2ee305e7-1201-11e3-8f0e-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {2fbea2d9-bbea-11e2-86a5-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {2fbea2e5-bbea-11e2-86a5-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {32cb21be-1fa8-11e2-98ad-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {32cb21bf-1fa8-11e2-98ad-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {32cc88e9-2802-11e3-bb84-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {3507f291-aea8-11e2-83f7-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {3507f29d-aea8-11e2-83f7-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {3866e869-01d6-11e3-bf25-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {39c1ec7f-f6d1-11e2-bfb3-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {3df319bd-8bfe-11e2-9a04-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {4070cd6b-0699-11e3-9399-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {40f013f1-f811-11e2-8119-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {410c4298-aaab-11e2-9189-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {4113efe6-0ca7-11e3-8d78-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {44dfdc3d-2c99-11e2-be0c-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {460c2bc3-8883-11e2-a355-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {460c2bca-8883-11e2-a355-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {477bc2f1-bb21-11e2-8795-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {497d1372-b7fb-11e2-87a0-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {4adcd516-7b81-11e2-beba-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {4adcd518-7b81-11e2-beba-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {4adcd519-7b81-11e2-beba-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {4f170c28-12ac-11e3-b62b-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {51e06098-1bd2-11e3-a4c3-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {58b818f1-b344-11e2-89c9-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {682841b4-f0a9-11e2-8d1b-806e6f6e6963} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {682841ec-f0a9-11e2-8d1b-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {69ce29cd-c2f9-11e2-8e0d-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {6a62057e-d446-11e2-8d41-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {6b281db4-0501-11e3-8189-806e6f6e6963} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {6b281de6-0501-11e3-8189-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {6bd43e8c-bb1f-11e2-8250-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {6e3bb245-284d-11e3-b0b3-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {78748ef2-acfd-11e2-83ac-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {8596e85c-da4a-11e1-aae5-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {8596e86b-da4a-11e1-aae5-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {8596e86c-da4a-11e1-aae5-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {8596e86d-da4a-11e1-aae5-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {8645b17a-c946-11e2-bf4a-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {8fc05e11-7930-11e2-9d0c-806e6f6e6963} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {8fc05e4f-7930-11e2-9d0c-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {91bd03be-a9f1-11e2-a226-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {985b79f7-d57f-11e1-a609-00238b1698a9} - G:\setup.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {9d6dd098-82ae-11e2-96f1-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {a0357b6a-6d65-11e2-8518-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {aa0aa368-0502-11e3-bbfd-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {acb9970b-1192-11e3-a65d-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {ada9d20f-d129-11e2-bbeb-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {b00a2485-c232-11e2-811b-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {b00a248b-c232-11e2-811b-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {bc894772-df6b-11e2-882a-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {be221bed-b4a2-11e2-8e6f-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {c842e67a-28f8-11e2-a764-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {c842e67b-28f8-11e2-a764-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {c8e747eb-d030-11e2-bf08-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {c8e747fe-d030-11e2-bf08-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {cdbb760a-9a94-11e2-b9e5-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {d086873b-a927-11e2-8aac-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {d3cc7c56-1d8b-11e3-bc00-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {ddd9e6b8-a4cd-11e2-a6f8-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {e845a32b-a42f-11e2-9be6-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {e845a32e-a42f-11e2-9be6-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {e845a32f-a42f-11e2-9be6-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {e9ac379d-55c5-11e2-8c1b-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {e9ac379e-55c5-11e2-8c1b-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {e9ac379f-55c5-11e2-8c1b-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {e9ac37a0-55c5-11e2-8c1b-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {e9ac37a1-55c5-11e2-8c1b-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {e9ac37a2-55c5-11e2-8c1b-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {e9ac37a3-55c5-11e2-8c1b-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {e9ac37a4-55c5-11e2-8c1b-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {e9ac37a5-55c5-11e2-8c1b-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {e9ac37a6-55c5-11e2-8c1b-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {e9ac37a7-55c5-11e2-8c1b-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {e9ac37a8-55c5-11e2-8c1b-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {e9ac37a9-55c5-11e2-8c1b-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {e9ac37aa-55c5-11e2-8c1b-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {e9ac37ab-55c5-11e2-8c1b-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {e9ac37ac-55c5-11e2-8c1b-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {e9ac37ad-55c5-11e2-8c1b-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {e9ac37ae-55c5-11e2-8c1b-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {e9ac37af-55c5-11e2-8c1b-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {e9ac37b0-55c5-11e2-8c1b-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {e9ac37b1-55c5-11e2-8c1b-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {e9ac37b2-55c5-11e2-8c1b-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {e9ac37b3-55c5-11e2-8c1b-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {e9ac37b4-55c5-11e2-8c1b-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {e9ac37b5-55c5-11e2-8c1b-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {e9ac37b6-55c5-11e2-8c1b-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {e9ac37b7-55c5-11e2-8c1b-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {e9ac37b8-55c5-11e2-8c1b-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {e9ac37b9-55c5-11e2-8c1b-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {e9ac37ba-55c5-11e2-8c1b-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {e9ac37bb-55c5-11e2-8c1b-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {e9ac37bc-55c5-11e2-8c1b-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {e9ac37bd-55c5-11e2-8c1b-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {e9ac37be-55c5-11e2-8c1b-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {e9ac37bf-55c5-11e2-8c1b-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {e9ac37c0-55c5-11e2-8c1b-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {e9ac37c1-55c5-11e2-8c1b-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {e9ac37c2-55c5-11e2-8c1b-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {e9ac37c3-55c5-11e2-8c1b-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {e9ac37c4-55c5-11e2-8c1b-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {e9ac37c5-55c5-11e2-8c1b-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {e9ac37c6-55c5-11e2-8c1b-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {e9ac37c7-55c5-11e2-8c1b-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {e9ac37c8-55c5-11e2-8c1b-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {e9ac37c9-55c5-11e2-8c1b-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {e9ac37ca-55c5-11e2-8c1b-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {e9ac37cb-55c5-11e2-8c1b-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {e9ac37cc-55c5-11e2-8c1b-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {e9ac37cd-55c5-11e2-8c1b-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {e9ac37ce-55c5-11e2-8c1b-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {e9ac37cf-55c5-11e2-8c1b-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {e9ac37d0-55c5-11e2-8c1b-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {e9ac37d2-55c5-11e2-8c1b-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {e9ac37d3-55c5-11e2-8c1b-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {e9ac37d4-55c5-11e2-8c1b-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {e9ac37d5-55c5-11e2-8c1b-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {e9ac37d6-55c5-11e2-8c1b-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {e9ac37d8-55c5-11e2-8c1b-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {e9ac37d9-55c5-11e2-8c1b-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {e9ac37da-55c5-11e2-8c1b-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {e9ac37db-55c5-11e2-8c1b-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {e9ac37dc-55c5-11e2-8c1b-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {e9ac37dd-55c5-11e2-8c1b-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {e9ac37de-55c5-11e2-8c1b-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {e9ac37df-55c5-11e2-8c1b-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {e9ac37e0-55c5-11e2-8c1b-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {e9ac37e1-55c5-11e2-8c1b-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {e9ac37e2-55c5-11e2-8c1b-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {e9ac37e3-55c5-11e2-8c1b-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {e9ac37e4-55c5-11e2-8c1b-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {e9ac37e5-55c5-11e2-8c1b-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {e9ac37e6-55c5-11e2-8c1b-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {e9ac37e7-55c5-11e2-8c1b-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {e9ac37e8-55c5-11e2-8c1b-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {e9ac37e9-55c5-11e2-8c1b-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {e9ac37ea-55c5-11e2-8c1b-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {e9ac37eb-55c5-11e2-8c1b-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {e9ac37ec-55c5-11e2-8c1b-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {e9ac37ed-55c5-11e2-8c1b-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {e9ac37ee-55c5-11e2-8c1b-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {e9ac37ef-55c5-11e2-8c1b-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {e9ac37f0-55c5-11e2-8c1b-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {e9ac37f1-55c5-11e2-8c1b-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {e9ac37f2-55c5-11e2-8c1b-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {e9ac37f3-55c5-11e2-8c1b-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {e9ac37f4-55c5-11e2-8c1b-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {e9ac37f5-55c5-11e2-8c1b-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {e9ac37f6-55c5-11e2-8c1b-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {e9ac37f7-55c5-11e2-8c1b-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {e9ac37f8-55c5-11e2-8c1b-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {e9ac3800-55c5-11e2-8c1b-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {e9ac3801-55c5-11e2-8c1b-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {e9ac3802-55c5-11e2-8c1b-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {e9ac3803-55c5-11e2-8c1b-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {ed636473-fdd4-11e2-b773-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {ef74e22c-2c3a-11e2-9cd8-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {f0e9600a-bca5-11e2-8d56-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {f0e96010-bca5-11e2-8d56-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {f6c7a0b0-1267-11e3-a7c1-00238b1698a9} - F:\AutoRun.exe
HKU\S-1-5-21-343080616-3524216250-3021145846-1000\...\MountPoints2: {ff089f71-0ce2-11e3-95f4-00238b1698a9} - F:\AutoRun.exe
AppInit_DLLs: c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll => c:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll [2212304 2013-01-16] ()
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\pc\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\pc\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\pc\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\pc\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim....ED-00238B1698A9}
URLSearchHook: HKCU - ToolbarURLSearchHook Class - {CA3EB689-8F09-4026-AA10-B9534C691CE0} -  No File
SearchScopes: HKLM - DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://search.sweeti...ED-00238B1698A9}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.chatzu...?q={searchTerms}
SearchScopes: HKLM - {cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8} URL = http://search.mywebs...or={searchTerms}
SearchScopes: HKLM - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://search.sweeti...ED-00238B1698A9}
SearchScopes: HKCU - bProtectorDefaultScope {EEE6C360-6118-11DC-9C72-001320C79847}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKCU - {EEE6C360-6118-11DC-9C72-001320C79847} URL =
BHO: Babylon toolbar helper -> {2EECD738-5844-4a99-B4B6-146BF802613B} ->  No File
BHO: IB Updater -> {336D0C35-8A85-403A-B9D2-65C292C39087} -> C:\Program Files\IB Updater\Extension32.dll ()
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: TBSB09850 Class -> {FCBCCB87-9224-4B8D-B117-F56D924BEB18} ->  No File
Toolbar: HKLM - Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} -  No File
Toolbar: HKLM - ChatZum Toolbar - {37D48D9C-3F7E-412F-B5BF-611BE7CCFCA1} -  No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - ChatZum Toolbar - {37D48D9C-3F7E-412F-B5BF-611BE7CCFCA1} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 195.130.130.5 195.130.131.5

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\pc\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-07-24]
FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403A-B9D2-65C292C39087}] - C:\Program Files\IB Updater\Firefox
FF Extension: IB Updater - C:\Program Files\IB Updater\Firefox [2014-07-20]

Chrome:
=======
CHR HomePage: hxxp://be.msn.com/default.aspx?pc=UP97&ocid=UP97DHP&dt=071413
CHR RestoreOnStartup: "hxxp://be.msn.com/default.aspx?pc=UP97&ocid=UP97DHP&dt=071413", "hxxp://home.sweetim.com/?st=6&barid={219CD34F-DB2E-11E1-A9ED-00238B1698A9}", "hxxp://www.google.com/"
CHR NewTab: "chrome-extension://ogccgbmabaphcakpiclgcnmcnimhokcj/newtab.html", "chrome-extension://dhkplhfnhceodhffomolpfigojocbpcb/redirect.html"
CHR DefaultSearchKeyword: bing.com
CHR DefaultSearchProvider: Bing
CHR DefaultSearchURL: http://www.bing.com/...rc=IE-SearchBox
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\25.0.1364.97\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\25.0.1364.97\pdf.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\25.0.1364.97\gcswf32.dll No File
CHR Plugin: (Babylon ToolBar) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.7_0\BabylonChromeToolBar.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (YouTube) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-09-15]
CHR Extension: (Google Zoeken) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-09-15]
CHR Extension: (Babylon Toolbar) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb [2012-09-15]
CHR Extension: (IB Updater) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd [2012-12-08]
CHR Extension: (avast! Online Security) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-09-02]
CHR Extension: (SweetIM for Facebook) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn [2012-09-24]
CHR Extension: (Skype Click to Call) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-03-03]
CHR Extension: (Yontoo) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc [2013-03-03]
CHR Extension: (Chrome In-App Payments service) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-02]
CHR Extension: (SweetPacks Chrome Extension) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj [2014-07-20]
CHR Extension: (BrowserProtect) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph [2013-02-09]
CHR Extension: (Gmail) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-09-15]
CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\IB Updater\source.crx [2014-07-20]
CHR HKLM\...\Chrome\Extension: [jcdgjdiieiljkfkdcloehkohchhpekkn] - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetFB.crx [2012-09-24]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]
CHR HKLM\...\Chrome\Extension: [ogccgbmabaphcakpiclgcnmcnimhokcj] - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetNT.crx [2012-09-24]
CHR HKLM\...\Chrome\Extension: [pgafcinpmmpklohkojmllohdhomoefph] - C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.crx [2013-02-09]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-30] (AVAST Software)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-04-30] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-04-30] (AVAST Software)
R1 AswRdr; C:\Windows\system32\drivers\aswRdr.sys [54832 2014-05-15] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-04-30] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [777488 2014-05-15] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [411680 2014-05-15] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57672 2014-04-30] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [180632 2014-04-30] ()
R3 athr; C:\Windows\System32\DRIVERS\athr.sys [917504 2008-06-30] (Atheros Communications, Inc.) [File not signed]
S3 huawei_cdcacm; C:\Windows\System32\DRIVERS\ew_jucdcacm.sys [90368 2011-02-25] (Huawei Technologies Co., Ltd.)
S3 huawei_cdcecm; C:\Windows\System32\DRIVERS\ew_jucdcecm.sys [64384 2011-01-30] (Huawei Technologies Co., Ltd.)
S3 huawei_ext_ctrl; C:\Windows\System32\DRIVERS\ew_juextctrl.sys [26624 2011-01-30] (Huawei Technologies Co., Ltd.)
U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [235392 2010-12-24] (Huawei Technologies Co., Ltd.)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-26 13:18 - 2014-07-26 13:18 - 00000000 ____D () C:\FRST
2014-07-26 13:16 - 2014-07-26 13:17 - 01084416 _____ (Farbar) C:\Users\pc\Desktop\FRST.exe
2014-07-20 11:28 - 2014-07-20 11:28 - 00009808 _____ () C:\Users\pc\AppData\Roaming\BabMaint.exe
2014-07-20 11:28 - 2014-07-20 11:28 - 00001674 _____ () C:\Users\pc\Desktop\dfrgui.lnk
2014-07-20 11:28 - 2014-07-20 11:28 - 00000000 ____D () C:\Users\pc\AppData\Roaming\newnext.me
2014-07-20 11:16 - 2014-07-20 11:16 - 00000971 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-07-20 11:16 - 2014-07-20 11:16 - 00000959 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-07-20 11:16 - 2014-07-20 11:16 - 00000000 ____D () C:\Program Files\TeamViewer
2014-07-20 11:12 - 2014-07-20 11:12 - 00000000 ____D () C:\Windows\pss
2014-07-20 11:05 - 2014-07-20 11:36 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-20 11:05 - 2014-07-20 11:05 - 00000903 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-20 11:05 - 2014-07-20 11:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-20 11:05 - 2014-07-20 11:05 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-20 11:05 - 2014-07-20 11:05 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-07-20 11:05 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-20 11:05 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-20 11:05 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-20 10:52 - 2014-07-20 10:52 - 00000000 ____D () C:\Windows\system32\appmgmt

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-26 13:18 - 2014-07-26 13:18 - 00000000 ____D () C:\FRST
2014-07-26 13:18 - 2012-07-24 12:53 - 00665158 _____ () C:\Windows\system32\perfh013.dat
2014-07-26 13:18 - 2012-07-24 12:53 - 00126364 _____ () C:\Windows\system32\perfc013.dat
2014-07-26 13:18 - 2006-11-02 12:33 - 01471570 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-26 13:17 - 2014-07-26 13:16 - 01084416 _____ (Farbar) C:\Users\pc\Desktop\FRST.exe
2014-07-26 13:17 - 2006-11-02 14:46 - 00003760 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-26 13:17 - 2006-11-02 14:46 - 00003760 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-26 13:14 - 2013-01-16 23:25 - 00000000 ____D () C:\Users\pc\AppData\Roaming\Skype
2014-07-26 13:14 - 2009-04-11 14:38 - 01167630 _____ () C:\Windows\WindowsUpdate.log
2014-07-26 13:12 - 2012-09-15 18:13 - 00001032 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-26 13:11 - 2006-11-02 15:00 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-25 12:00 - 2006-11-02 15:00 - 00032548 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-25 11:47 - 2012-09-15 18:13 - 00001036 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-25 11:23 - 2012-07-24 12:49 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-25 09:13 - 2012-12-15 16:08 - 00000916 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-343080616-3524216250-3021145846-1000UA.job
2014-07-25 07:45 - 2013-10-12 09:57 - 00000515 _____ () C:\Users\pc\Desktop\Telenet Inbox (2).website
2014-07-25 07:17 - 2013-10-12 09:58 - 00000551 _____ () C:\Users\pc\Desktop\Facebook.website
2014-07-20 15:13 - 2012-12-15 16:08 - 00000894 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-343080616-3524216250-3021145846-1000Core.job
2014-07-20 11:37 - 2012-07-24 12:28 - 00055176 _____ () C:\Users\pc\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-20 11:36 - 2014-07-20 11:05 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-20 11:28 - 2014-07-20 11:28 - 00009808 _____ () C:\Users\pc\AppData\Roaming\BabMaint.exe
2014-07-20 11:28 - 2014-07-20 11:28 - 00001674 _____ () C:\Users\pc\Desktop\dfrgui.lnk
2014-07-20 11:28 - 2014-07-20 11:28 - 00000000 ____D () C:\Users\pc\AppData\Roaming\newnext.me
2014-07-20 11:28 - 2014-01-02 22:45 - 00000000 ____D () C:\Users\pc\AppData\Local\genienext
2014-07-20 11:28 - 2012-11-10 23:16 - 00000000 ____D () C:\Windows\system32\ARFC
2014-07-20 11:28 - 2012-11-10 23:16 - 00000000 ____D () C:\Program Files\IB Updater
2014-07-20 11:27 - 2012-11-10 23:16 - 00000000 ____D () C:\Windows\system32\WNLT
2014-07-20 11:19 - 2006-11-02 14:46 - 00255256 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-20 11:18 - 2006-11-02 14:59 - 00294326 _____ () C:\Windows\PFRO.log
2014-07-20 11:16 - 2014-07-20 11:16 - 00000971 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-07-20 11:16 - 2014-07-20 11:16 - 00000959 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-07-20 11:16 - 2014-07-20 11:16 - 00000000 ____D () C:\Program Files\TeamViewer
2014-07-20 11:12 - 2014-07-20 11:12 - 00000000 ____D () C:\Windows\pss
2014-07-20 11:12 - 2012-07-31 18:38 - 00000000 ____D () C:\ProgramData\SweetIM
2014-07-20 11:12 - 2012-07-31 18:38 - 00000000 ____D () C:\Program Files\SweetIM
2014-07-20 11:05 - 2014-07-20 11:05 - 00000903 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-20 11:05 - 2014-07-20 11:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-20 11:05 - 2014-07-20 11:05 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-20 11:05 - 2014-07-20 11:05 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-07-20 11:00 - 2013-09-21 13:24 - 00000000 ____D () C:\Program Files\MyPC Backup
2014-07-20 10:55 - 2013-02-17 22:49 - 00000000 ____D () C:\Users\pc\AppData\Roaming\Systweak
2014-07-20 10:54 - 2014-01-02 22:44 - 00000000 ____D () C:\Program Files\Mobogenie
2014-07-20 10:52 - 2014-07-20 10:52 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-07-08 19:23 - 2012-07-24 12:49 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-07-08 19:23 - 2012-07-24 12:49 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

Some content of TEMP:
====================
C:\Users\pc\AppData\Local\Temp\RtkBtMnt.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-07-26 13:17

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:25-07-2014
Ran by pc at 2014-07-26 13:19:19
Running from C:\Users\pc\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2ERY49L0
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acer Crystal Eye Webcam (HKLM\...\{DD1DED37-2486-4F56-8F89-56AA814003F5}) (Version: 2.0.0.17 - Acer Crystal Eye Webcam)
Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
avast! Free Antivirus (HKLM\...\avast) (Version: 9.0.2018 - Avast Software)
Camera Support Core Library (Version: 7.0.3.20 - Canon) Hidden
Camera Window (Version: 4.6.2 - Canon) Hidden
Canon Camera Support Core Library (HKLM\...\InstallShield_{26BDE7D8-93F0-4A07-AD47-1707DB417941}) (Version: 7.0.3.20 - Canon)
Canon Camera Window for ZoomBrowser EX (HKLM\...\InstallShield_{B34BE30D-A759-4EC2-B58F-19FE2DEBF651}) (Version: 4.6.2 - Canon)
Canon Internet Library for ZoomBrowser EX (HKLM\...\InstallShield_{2F81FBFC-9A37-431F-9050-14B55485DF5A}) (Version: 1.3.3 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (HKLM\...\InstallShield_{DE286975-ACF1-45B8-9EF7-34E162B2C817}) (Version: 1.1.1.41 - Canon)
Canon PhotoRecord (HKLM\...\{BEF56F2D-56ED-4176-BF72-7B68D4A3B98D}) (Version: 02.00.00029 - Cisra)
Canon RAW Image Task for ZoomBrowser EX (HKLM\...\InstallShield_{68E7E8BD-2233-49BE-81D6-1A1FAF1B5196}) (Version: 1.1 - Canon)
Canon RemoteCapture Task for ZoomBrowser EX (HKLM\...\InstallShield_{CF2C1A86-5A98-4862-A3AE-9992E3A6427D}) (Version: 1.0.3 - Canon)
Canon Utilities PhotoStitch 3.1 (HKLM\...\InstallShield_{EF4C7EB0-D71B-43A3-9552-8053DE4B0401}) (Version: 3.1.13 - Canon)
Canon Utilities ZoomBrowser EX (HKLM\...\{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}) (Version: 04.06.01035 - CISRA)
Dropbox (HKCU\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.)
Facebook Video Calling 2.0.0.447 (HKLM\...\{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}) (Version: 2.0.447 - Skype Limited)
Farming Simulator 2013 (HKLM\...\FarmingSimulator2013INT_is1) (Version: 1.0 - GIANTS Software)
Geluidsschema's voor Windows (HKLM\...\UltSounds) (Version:  - Microsoft Corporation)
Google Chrome (HKLM\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
IB Updater 2.0.0.110 (HKLM\...\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1) (Version: 2.0.0.110 - IncrediBar) <==== ATTENTION
IB Updater Service (HKLM\...\WNLT) (Version: 5.0.1.7 - ) <==== ATTENTION
Intel PROSet Wireless (Version:  - ) Hidden
Internet Library (Version: 1.3.3 - Canon Inc.) Hidden
JMicron JMB38X Flash Media Controller (HKLM\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.00.10.04 - JMicron Technology Corp.)
Malwarebytes Anti-Malware versie 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mobile Partner (HKLM\...\Mobile Partner) (Version: 11.002.03.00.304 - Huawei Technologies Co.,Ltd)
MobileWiFi (HKLM\...\MobileWiFi) (Version: TOOL-ConnLaucher_WIN1.09.02.00 - Huawei Technologies Co.,Ltd)
MovieEdit Task (Version: 1.1.1.41 - Canon) Hidden
OpenOffice.org 3.4.1 (HKLM\...\{C169BD5F-00C1-437C-8162-88FA6BE495D5}) (Version: 3.41.9593 - Apache Software Foundation)
PDF Creator (HKLM\...\PDF Creator) (Version:  - )
PDF Creator Packages (HKCU\...\PDF Creator Packages) (Version:  - ) <==== ATTENTION
PhotoStitch (Version: 3.1.13 - Canon) Hidden
RAW Image Task 1.1 (Version: 1.1 - Canon) Hidden
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
RemoteCapture Task 1.0.3 (Version: 1.0.3 - Canon) Hidden
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.13.13771 - Skype Technologies S.A.)
Skype™ 6.6 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.6.106 - Skype Technologies S.A.)
Software van Intel® PROSet/Wireless WiFi (HKLM\...\{26921B2E-3E62-47F9-A514-1FC4A83BD738}) (Version: 12.00.0004 - Intel® Corporation)
TeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.29947 - TeamViewer)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update Manager for SweetPacks 1.1 (HKLM\...\{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}) (Version: 1.1.0008 - SweetIM Technologies Ltd.) <==== ATTENTION
Wireless LAN Adapter (HKLM\...\{62DBA088-A8D2-4FBF-885F-B74B2DEB5691}) (Version: 1.00.0000 - Gerenic)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-343080616-3524216250-3021145846-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\pc\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-343080616-3524216250-3021145846-1000_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 -> C:\Users\pc\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-343080616-3524216250-3021145846-1000_Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}\InprocServer32 -> C:\Users\pc\AppData\Local\Facebook\Update\1.2.205.0\goopdate.dll (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-343080616-3524216250-3021145846-1000_Classes\CLSID\{8B9F5BF4-0407-4BB2-9FED-4C0372DABD00}\localserver32 -> C:\Users\pc\AppData\Local\Facebook\Video\Skype\FacebookVideoCallingProxy.exe (Skype Limited)
CustomCLSID: HKU\S-1-5-21-343080616-3524216250-3021145846-1000_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}\InprocServer32 -> C:\Users\pc\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CustomCLSID: HKU\S-1-5-21-343080616-3524216250-3021145846-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\pc\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-343080616-3524216250-3021145846-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\pc\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-343080616-3524216250-3021145846-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\pc\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-343080616-3524216250-3021145846-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\pc\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)

==================== Restore Points  =========================

Could not list Restore Points. Check "winmgmt" service or repair WMI.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 12:23 - 2006-09-18 23:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {075F7B0C-8858-426A-81EA-5161F4D13E82} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {2EF1A2C3-210D-4AFD-BEB7-E51E7FD69C0C} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {3614510E-96D1-4361-AB15-6C413C5B3535} - System32\Tasks\0 => Iexplore.exe
Task: {3A950610-5351-4CF3-89BD-526A7E64AA8B} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: {400DCDA0-2355-4485-AC8C-D62B4B02D597} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-08] (Adobe Systems Incorporated)
Task: {4618EA90-A4FB-46CE-91D9-34550F721A8C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-09-15] (Google Inc.)
Task: {5A6D9831-D95C-4713-B4E9-F03D1644498F} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {5F347581-3232-43F9-B560-37E7C2EFC982} - System32\Tasks\BrowserProtect => Sc.exe start BrowserProtect
Task: {98801768-EA59-423E-917C-5593A227FBCB} - System32\Tasks\LaunchApp => C:\Program Files\MyPC Backup\MyPC Backup.exe
Task: {9F75B0D7-1F8E-4E48-9B95-B19EF1B0F81B} - System32\Tasks\4392 => Wscript.exe C:\Users\pc\AppData\Local\Temp\launchie.vbs //B
Task: {A84F450A-9635-4502-992B-3D52FAD8B4C6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-09-15] (Google Inc.)
Task: {B25D4244-6254-4542-9A54-D5A933EC915A} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {BFDB1878-D1C2-4125-9299-F7C6AF249813} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-343080616-3524216250-3021145846-1000Core => C:\Users\pc\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-15] (Facebook Inc.)
Task: {D62B022F-FC6F-493B-A2FA-D5255FDA88DC} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-04-30] (AVAST Software)
Task: {D7159F95-121B-4CE4-AB4E-7D3C1A2F4FC3} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => Rundll32.exe %windir%\system32\pla.dll,PlaConvertLogEntries
Task: {E9E664C4-A66A-462A-943C-E54787ADC894} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-343080616-3524216250-3021145846-1000UA => C:\Users\pc\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-15] (Facebook Inc.)
Task: {EE88A8B8-E316-4CD4-A71B-CCC3E6D8444A} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-343080616-3524216250-3021145846-1000Core.job => C:\Users\pc\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-343080616-3524216250-3021145846-1000UA.job => C:\Users\pc\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-07-26 13:14 - 2014-07-26 13:14 - 02795008 _____ () C:\Program Files\AVAST Software\Avast\defs\14072600\algo.dll
2013-02-09 21:56 - 2011-10-04 23:42 - 00086016 _____ () C:\Windows\System32\custmon32i.dll
2014-04-30 18:17 - 2014-04-30 18:17 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^pc^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.4.1.lnk => C:\Windows\pss\OpenOffice.org 3.4.1.lnk.Startup
MSCONFIG\startupreg: ehTray.exe => C:\Windows\ehome\ehTray.exe
MSCONFIG\startupreg: Facebook Update => "C:\Users\pc\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: Mobile Partner => C:\Program Files\MobileWiFi\MobileWiFi
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
MSCONFIG\startupreg: Sweetpacks Communicator => C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe
MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Tun Minipoort-adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunmp
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: SM-buscontroller
Description: SM-buscontroller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (07/26/2014 01:19:19 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Fout in de Volume Shadow Copy-service: onverwachte fout bij het aanroepen van routine CoCreateInstance.  hr = 0x80070422.

Bewerking:
   Instantie van VSS-server maken

Error: (07/26/2014 01:19:19 PM) (Source: VSS) (EventID: 39) (User: )
Description: Fout in de Volume Shadow Copy-service: De Volume Shadow Copy-service is uitgeschakeld. Schakel
de service in en probeer het opnieuw.

Bewerking:
   Instantie van VSS-server maken

Error: (07/25/2014 08:23:08 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Fout in de Volume Shadow Copy-service: onverwachte fout bij het aanroepen van routine CoCreateInstance.  hr = 0x80070422.

Operation:
   Instantiating VSS server

Error: (07/25/2014 08:23:08 AM) (Source: VSS) (EventID: 39) (User: )
Description: Fout in de Volume Shadow Copy-service: De Volume Shadow Copy-service is uitgeschakeld. Schakel
de service in en probeer het opnieuw.

Operation:
   Instantiating VSS server

Error: (07/24/2014 09:49:33 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Fout in de Volume Shadow Copy-service: onverwachte fout bij het aanroepen van routine CoCreateInstance.  hr = 0x80070422.

Operation:
   Instantiating VSS server

Error: (07/24/2014 09:49:33 PM) (Source: VSS) (EventID: 39) (User: )
Description: Fout in de Volume Shadow Copy-service: De Volume Shadow Copy-service is uitgeschakeld. Schakel
de service in en probeer het opnieuw.

Operation:
   Instantiating VSS server

Error: (07/22/2014 10:19:47 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programma iexplore.exe, versie 9.0.8112.16506 reageert niet meer op Windows en is afgesloten. Als u wilt zien of meer informatie over het probleem beschikbaar is, kunt u de probleemgeschiedenis in onderdeel Probleemrapporten en -oplossingen in het Configuratiescherm controleren.
Proces-id: 109c
Starttijd: 01cfa5e84eb9674a
Eindtijd: 156

Error: (07/22/2014 06:14:20 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Fout in de Volume Shadow Copy-service: onverwachte fout bij het aanroepen van routine CoCreateInstance.  hr = 0x80070422.

Operation:
   Instantiating VSS server

Error: (07/22/2014 06:14:20 PM) (Source: VSS) (EventID: 39) (User: )
Description: Fout in de Volume Shadow Copy-service: De Volume Shadow Copy-service is uitgeschakeld. Schakel
de service in en probeer het opnieuw.

Operation:
   Instantiating VSS server

Error: (07/20/2014 01:32:09 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Fout in de Volume Shadow Copy-service: onverwachte fout bij het aanroepen van routine CoCreateInstance.  hr = 0x80070422.

Operation:
   Instantiating VSS server

System errors:
=============
Error: (07/26/2014 01:13:57 PM) (Source: Dhcp) (EventID: 1002) (User: )
Description: De IP-adreslease 0.0.0.0 voor de netwerkkaart met netwerkadres 00234E30791F is geweigerd door de DHCP-server 192.168.0.1. De DHCP-server heeft een DHCPNACK-bericht verzonden.

Error: (07/26/2014 01:11:30 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: C:\Windows\system32\athihvs.dll126

Error: (07/25/2014 00:00:28 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (07/25/2014 07:12:30 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: C:\Windows\system32\athihvs.dll126

Error: (07/24/2014 05:07:45 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: C:\Windows\system32\athihvs.dll126

Error: (07/23/2014 09:31:46 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (07/23/2014 07:22:16 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: C:\Windows\system32\athihvs.dll126

Error: (07/22/2014 09:55:23 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: C:\Windows\system32\athihvs.dll126

Error: (07/22/2014 09:43:48 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (07/22/2014 05:10:39 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: C:\Windows\system32\athihvs.dll126

Microsoft Office Sessions:
=========================
Error: (07/26/2014 01:19:19 PM) (Source: VSS) (EventID: 8193) (User: )
Description: CoCreateInstance0x80070422

Bewerking:
   Instantie van VSS-server maken

Error: (07/26/2014 01:19:19 PM) (Source: VSS) (EventID: 39) (User: )
Description: Bewerking:
   Instantie van VSS-server maken

Error: (07/25/2014 08:23:08 AM) (Source: VSS) (EventID: 8193) (User: )
Description: CoCreateInstance0x80070422

Operation:
   Instantiating VSS server

Error: (07/25/2014 08:23:08 AM) (Source: VSS) (EventID: 39) (User: )
Description: Operation:
   Instantiating VSS server

Error: (07/24/2014 09:49:33 PM) (Source: VSS) (EventID: 8193) (User: )
Description: CoCreateInstance0x80070422

Operation:
   Instantiating VSS server

Error: (07/24/2014 09:49:33 PM) (Source: VSS) (EventID: 39) (User: )
Description: Operation:
   Instantiating VSS server

Error: (07/22/2014 10:19:47 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe9.0.8112.16506109c01cfa5e84eb9674a156

Error: (07/22/2014 06:14:20 PM) (Source: VSS) (EventID: 8193) (User: )
Description: CoCreateInstance0x80070422

Operation:
   Instantiating VSS server

Error: (07/22/2014 06:14:20 PM) (Source: VSS) (EventID: 39) (User: )
Description: Operation:
   Instantiating VSS server

Error: (07/20/2014 01:32:09 PM) (Source: VSS) (EventID: 8193) (User: )
Description: CoCreateInstance0x80070422

Operation:
   Instantiating VSS server

CodeIntegrity Errors:
===================================
  Date: 2014-07-26 13:19:15.116
  Description: De integriteit van de kopie voor het bestand \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys kan niet worden geverifieerd omdat de reeks kopie-hashes per pagina niet is gevonden op het systeem.

  Date: 2014-07-26 13:19:14.913
  Description: De integriteit van de kopie voor het bestand \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys kan niet worden geverifieerd omdat de reeks kopie-hashes per pagina niet is gevonden op het systeem.

  Date: 2014-07-26 13:19:14.601
  Description: De integriteit van de kopie voor het bestand \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys kan niet worden geverifieerd omdat de reeks kopie-hashes per pagina niet is gevonden op het systeem.

  Date: 2014-07-26 13:19:14.351
  Description: De integriteit van de kopie voor het bestand \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys kan niet worden geverifieerd omdat de reeks kopie-hashes per pagina niet is gevonden op het systeem.

  Date: 2014-07-26 13:19:13.961
  Description: De integriteit van de kopie voor het bestand \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys kan niet worden geverifieerd omdat de reeks kopie-hashes per pagina niet is gevonden op het systeem.

  Date: 2014-07-26 13:19:13.743
  Description: De integriteit van de kopie voor het bestand \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys kan niet worden geverifieerd omdat de reeks kopie-hashes per pagina niet is gevonden op het systeem.

  Date: 2014-07-26 13:19:13.540
  Description: De integriteit van de kopie voor het bestand \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys kan niet worden geverifieerd omdat de reeks kopie-hashes per pagina niet is gevonden op het systeem.

  Date: 2014-07-26 13:19:13.306
  Description: De integriteit van de kopie voor het bestand \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys kan niet worden geverifieerd omdat de reeks kopie-hashes per pagina niet is gevonden op het systeem.

  Date: 2014-07-20 11:10:17.908
  Description: De integriteit van de kopie voor het bestand \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys kan niet worden geverifieerd omdat de reeks kopie-hashes per pagina niet is gevonden op het systeem.

  Date: 2014-07-20 11:10:17.703
  Description: De integriteit van de kopie voor het bestand \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys kan niet worden geverifieerd omdat de reeks kopie-hashes per pagina niet is gevonden op het systeem.

==================== Memory info ===========================

Percentage of memory in use: 39%
Total physical RAM: 3000.13 MB
Available physical RAM: 1809.45 MB
Total Pagefile: 6236.57 MB
Available Pagefile: 5134.93 MB
Total Virtual: 2047.88 MB
Available Virtual: 1889.83 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:111.44 GB) (Free:52.75 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:111.44 GB) (Free:111.21 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 233 GB) (Disk ID: 0A654476)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Active) - (Size=111 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=111 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

 

 

Link to post
Share on other sites

  • Staff

Hello,
    

They call me TwinHeadedEagle around here, and I'll be working with you.

    

    
Before we start please read and note the following:
    
Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
Please be patient. I know it is frustrating when your PC isn't working properly, but malware removal takes time.
Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
Do not paste the logs in your posts, attachments make my work easier. There is a Attach Files option below which you can use to attach your reports. Always attach reports from all tools.
Stay with me to the end, the absence of symptoms doesn't mean that your machine is fully operational.
Note that we may live in totally different time zones, what may cause some delays between answers.
Do not ask for help for your business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.
If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
    
I can't foresee everything, so if anything unexpected happens, please stop and inform me!
There are no silly questions. Never be afraid to ask if in doubt!
 
 
 
 
P2P/Piracy Warning:

  • If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.
  • Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

 

 

First, go to Control Panel and uninstall following (skip lines that cannot be uninstalled):
- IB Updater 2.0.0.110
- IB Updater Service
- PDF Creator Packages
- Update Manager for SweetPacks 1.1




FRST.gif Fix with Farbar Recovery Scan Tool







icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif
icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif


Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please post it to your reply.




adwcleaner_new.png Fix with AdwCleaner

Please download AdwCleaner by Xplode and save the file to your desktop.

  • Right-click on adwcleaner_new.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Follow the prompts and click Scan.
  • When finished, please click Clean.
  • Upon completion, click Report. A log (AdwCleaner[s*].txt) will open.
  • Please include the contents of that file in your reply.



    51a46ae42d560-malwarebytes_anti_malware. Scan with Malwarebytes' Anti-Malware

    Please re-run 51a46ae42d560-malwarebytes_anti_malware. Malwarebytes' Anti-Malware.
    • First of all, select update.
    • Once updated, click the Settings tab, in the left panel choose Detctions & protection and tick Scan for rootkits.
    • Click the Scan tab, choose Threat Scan is checked and click Scan Now.
    • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
    • Upon completion of the scan (or after the reboot), click the History tab.
    • Click Application Logs and double-click the newest Scan Log.
    • At the bottom click Export and choose Text file.
    Save the file to your desktop and include its content in your next reply.

fixlist.txt

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.