Jump to content

Mbam found a Backdoor.Bot


Recommended Posts

Hi,

 

My latest scan with mbam found a backdoor bot and quarantined it.

 

I want to be sure that (in the end) I have a clean pc so I hope u can help me with that.

First question: Is a reinstall of windows necessary? And second question: Can it affect external drives?

 

Here is the log:

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scandatum: 4-8-2014
Scantijd: 1:44:43
Logbestand: backdoorbot.txt
Beheerder: Ja

Versie: 2.00.2.1012
Malwaredatabase: v2014.08.03.08
Rootkitdatabase: v2014.08.01.01
Licentie: Gratis
Malwarebescherming: Uitgeschakeld
Kwaadaardige Website Bescherming: Uitgeschakeld
Self-protection: Uitgeschakeld

Besturingssysteem: Windows Vista Service Pack 2
Processor: x86
Bestandssysteem: NTFS
Gebruiker: Bekker

Scantype: Bedreigingsscan
Resultaat: Voltooid
Objecten Gescand: 377423
Verstreken Tijd: 24 m, 10 s

Geheugen: Ingeschakeld
Opstarten: Ingeschakeld
Bestandssysteem: Ingeschakeld
Archieven: Ingeschakeld
Rootkits: Ingeschakeld
Diepgewortelde-Rootkit Scan: Ingeschakeld
Heuristics: Ingeschakeld
POP: Waarschuwen
POA: Ingeschakeld

Processen: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registersleutels: 0
(No malicious items detected)

Registerwaardes: 0
(No malicious items detected)

Registerdata: 0
(No malicious items detected)

Mappen: 0
(No malicious items detected)

Bestanden: 1
Backdoor.Bot, C:\$RECYCLE.BIN\S-1-5-21-2418620012-3055082709-3329518089-1000\$RTLJEOZ.zip, In Quarantaine, [9cceb60b5c1fbb7bcf64fd583fc38a76],

Fysieke Sectoren: 0
(No malicious items detected)


(end)

 

B-Daan

Link to post
Share on other sites

Hi & :welcome:

My name is Jürgen and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully. :excl:

  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
P2P/Piracy Warning:
  • If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.
  • Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now and read the policy on Piracy.
Step 1

Please run a FRST scan. This will help us diagnose your problem and I can give you answers to your questions. :)

frst.pngfrstscan.png

Please download Farbar Recovery Scan Tool and save it to your Desktop.

(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)

  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.
Link to post
Share on other sites

Thanks for the quick response.

 

FRST.txt:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:5-08-2014
Ran by Bekker (administrator) on PC_VAN_BEKKER on 06-08-2014 19:56:51
Running from C:\Users\Bekker\Downloads
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: Nederlands (Nederland)
Internet Explorer Version 9
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
(Portrait Displays, Inc.) C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE
(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Portrait Displays, Inc.) C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(CyberGhost S.R.L) C:\Program Files\CyberGhost 5\Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Sony) C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe
(MyCity) C:\Program Files\MCShield\MCShieldRTM.exe
(Spotify Ltd) C:\Users\Bekker\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Portrait Displays Inc.) C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
() C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(Microsoft Corporation) C:\Windows\System32\sdclt.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Google Inc.) C:\Users\Bekker\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Bekker\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Bekker\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Bekker\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Bekker\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office\EXCEL.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office\WINWORD.EXE
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\McChHost.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\saUI.exe
(Microsoft Corporation) C:\Windows\MSAgent\AgentSvr.exe
(Google Inc.) C:\Users\Bekker\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Bekker\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Bekker\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Bekker\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Bekker\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Bekker\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Bekker\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Bekker\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Bekker\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Bekker\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Bekker\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Bekker\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Bekker\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Bekker\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Bekker\AppData\Local\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-2418620012-3055082709-3329518089-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-2418620012-3055082709-3329518089-1000\...\Run: [sony PC Companion] => C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe [466656 2014-05-23] (Sony)
HKU\S-1-5-21-2418620012-3055082709-3329518089-1000\...\Run: [DriverMax_RESTART] => [X]
HKU\S-1-5-21-2418620012-3055082709-3329518089-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-2418620012-3055082709-3329518089-1000\...\Run: [MCShield Monitor] => C:\Program Files\MCShield\mcshieldrtm.exe [650816 2014-04-11] (MyCity)
HKU\S-1-5-21-2418620012-3055082709-3329518089-1000\...\Run: [spotify Web Helper] => C:\Users\Bekker\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1178168 2014-07-25] (Spotify Ltd)
HKU\S-1-5-21-2418620012-3055082709-3329518089-1000\...\MountPoints2: J - J:\Autorun.exe
HKU\S-1-5-21-2418620012-3055082709-3329518089-1000\...\MountPoints2: {05aa1590-baf7-11dc-b656-001aa09f57c4} - K:\Autorun.exe
HKU\S-1-5-21-2418620012-3055082709-3329518089-1000\...\MountPoints2: {b2d03046-f446-11dc-a576-001aa09f57c4} - P:\Autorun.exe
HKU\S-1-5-21-2418620012-3055082709-3329518089-1000\...\MountPoints2: {d78981b8-0f02-11e2-b661-001aa09f57c4} - L:\Startme.exe
HKU\S-1-5-21-2418620012-3055082709-3329518089-1000\...0c966feabec1\InprocServer32: [Default-shell32]  ATTENTION! ====> ZeroAccess?
IFEO\Acrobat.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\acrodist.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\formdesigner.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\isuspm.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\mydvd9.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\videowave9.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
BootExecute: autocheck autochk * sdnclean.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://igoogle.com/
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO: CBrowserHelperObject Object -> {CA6319C0-31B7-401E-A518-A07C3DB8F777} -> C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {4E7BD74F-2B8D-469E-9FA5-A33DE8DBE931} -  No File
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail.com/mail/w2/resources/VistaMSNPUpldnl-nl.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} http://www.opentopia.com/support/activex/AxisCamControl.cab
DPF: {DC8B04D7-DFBE-46B4-BAB6-61981E896C64} http://www.virtuocity.eu/download/v223/virtuocity.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.254
 
FireFox:
========
FF ProfilePath: C:\Users\Bekker\AppData\Roaming\Mozilla\Firefox\Profiles\idsqbua3.default-1365275137464
FF Homepage: igoogle.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll No File
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @mcafee.com/MVT -> C:\Program Files\McAfee\Supportability\MVT\NPMVTPlugin.dll (McAfee, Inc.)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @3dmapview.myvr-software.com/myvrnpapi,version=1.007 - C:\Users\Bekker\AppData\Local\myVRnpapi\npmyvr.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Bekker\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Bekker\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npOggX.dll (ESKA)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPTURNMED.dll (CNN)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\bolcom-nl.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\marktplaats-nl.xml
FF Extension: DownloadHelper - C:\Users\Bekker\AppData\Roaming\Mozilla\Firefox\Profiles\idsqbua3.default-1365275137464\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-28]
FF Extension: Flash and Video Download - C:\Users\Bekker\AppData\Roaming\Mozilla\Firefox\Profiles\idsqbua3.default-1365275137464\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}(104) [2013-04-11]
FF Extension: Gmail Notifier (restartless) - C:\Users\Bekker\AppData\Roaming\Mozilla\Firefox\Profiles\idsqbua3.default-1365275137464\Extensions\jid0-GjwrPchS3Ugt7xydvqVK4DQk8Ls@jetpack.xpi [2013-04-06]
FF Extension: NotAwesome - C:\Users\Bekker\AppData\Roaming\Mozilla\Firefox\Profiles\idsqbua3.default-1365275137464\Extensions\notawesome@sidstamm.com.xpi [2013-04-06]
FF Extension: FastestFox - C:\Users\Bekker\AppData\Roaming\Mozilla\Firefox\Profiles\idsqbua3.default-1365275137464\Extensions\smarterwiki@wikiatic.com.xpi [2013-04-06]
FF Extension: Turn Off the Lights - C:\Users\Bekker\AppData\Roaming\Mozilla\Firefox\Profiles\idsqbua3.default-1365275137464\Extensions\stefanvandamme@stefanvd.net.xpi [2013-10-13]
FF Extension: Test Pilot - C:\Users\Bekker\AppData\Roaming\Mozilla\Firefox\Profiles\idsqbua3.default-1365275137464\Extensions\testpilot@labs.mozilla.com.xpi [2013-04-06]
FF Extension: Troubleshooter - C:\Users\Bekker\AppData\Roaming\Mozilla\Firefox\Profiles\idsqbua3.default-1365275137464\Extensions\troubleshooter@mozilla.org.xpi [2013-04-06]
FF Extension: Session Manager - C:\Users\Bekker\AppData\Roaming\Mozilla\Firefox\Profiles\idsqbua3.default-1365275137464\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2013-04-06]
FF Extension: AVG PrivacyFix - C:\Users\Bekker\AppData\Roaming\Mozilla\Firefox\Profiles\idsqbua3.default-1365275137464\Extensions\{7CA9CF31-1C73-46CD-8377-85AB71EA771F}.xpi [2013-04-06]
FF Extension: Adblock Plus - C:\Users\Bekker\AppData\Roaming\Mozilla\Firefox\Profiles\idsqbua3.default-1365275137464\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-04-06]
FF Extension: ParentalControl Bar - C:\Program Files\Mozilla Firefox\extensions\{B56F37F8-7023-4c2b-B27E-815594CA64E7} [2013-08-17]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-02-07]
FF HKLM\...\Firefox\Extensions: [fmconverter@gmail.com] - C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox
FF Extension: Freemake Video Converter Plugin - C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox [2012-10-06]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files\McAfee\SiteAdvisor [2014-02-08]
 
Chrome: 
=======
CHR HomePage: hxxp://www.netvibes.com/
CHR StartupUrls: "hxxp://igoogle.com/"
CHR Plugin: (Shockwave Flash) - C:\Users\Bekker\AppData\Local\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Bekker\AppData\Local\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Bekker\AppData\Local\Google\Chrome\Application\36.0.1985.125\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (DivX Player Netscape Plugin) - C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)
CHR Plugin: (Ogg Player Gecko Plugin) - C:\Program Files\Mozilla Firefox\plugins\npOggX.dll (ESKA)
CHR Plugin: (Turner Media Plugin 1.0.0.10) - C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll (CNN)
CHR Plugin: (thriXXX WebLaunch) - C:\Program Files\Mozilla Firefox\plugins\npWebLaunch.dll No File
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll No File
CHR Plugin: (Picasa) - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java Platform SE 7 U17) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (myVR 3D Framework) - C:\Users\Bekker\AppData\Local\myVRnpapi\npmyvr.dll ()
CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.170.2) - C:\Windows\system32\npDeployJava1.dll No File
CHR Plugin: (McAfee SecurityCenter) - c:\progra~1\mcafee\msc\npmcsn~1.dll ()
CHR Extension: (TooManyTabs for Chrome) - C:\Users\Bekker\AppData\Local\Google\Chrome\User Data\Default\Extensions\amigcgbheognjmfkaieeeadojiibgbdp [2012-04-03]
CHR Extension: (Turn Off the Lights) - C:\Users\Bekker\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn [2013-10-13]
CHR Extension: (YouTube) - C:\Users\Bekker\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-02]
CHR Extension: (Chrome YouTube Downloader) - C:\Users\Bekker\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbdjiinahkdjdcdlgfimlcolkjpbooja [2014-06-07]
CHR Extension: (Adblock Plus) - C:\Users\Bekker\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-02-14]
CHR Extension: (Google Zoeken) - C:\Users\Bekker\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-03]
CHR Extension: (Disable Youtube™ HTML5 Player) - C:\Users\Bekker\AppData\Local\Google\Chrome\User Data\Default\Extensions\enmofgaijnbjpblfljopnpdogpldapoc [2014-06-13]
CHR Extension: (SiteAdvisor) - C:\Users\Bekker\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2014-02-09]
CHR Extension: (Hola Beter Internet) - C:\Users\Bekker\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2014-06-13]
CHR Extension: (Tate Art Slideshow) - C:\Users\Bekker\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgfbniacchiboaeoaoaejhggfepbbmkj [2011-09-25]
CHR Extension: (Allow Right-Click) - C:\Users\Bekker\AppData\Local\Google\Chrome\User Data\Default\Extensions\hompjdfbfmmmgflfjdlnkohcplmboaeo [2013-11-17]
CHR Extension: (Google Maps) - C:\Users\Bekker\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2013-11-02]
CHR Extension: (Into The Mist) - C:\Users\Bekker\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgihmkgobaljfehcadcckdggpeojaadh [2013-12-22]
CHR Extension: (Google Mail Checker) - C:\Users\Bekker\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2013-11-02]
CHR Extension: (Google Play Books) - C:\Users\Bekker\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmimngoggfoobjdlefbcabngfnmieonb [2011-09-25]
CHR Extension: (Google Wallet) - C:\Users\Bekker\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Gmail) - C:\Users\Bekker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-27]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx [2014-02-08]
CHR StartMenuInternet: Google Chrome - C:\Users\Bekker\AppData\Local\Google\Chrome\Application\chrome.exe
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2008-05-29] (Adobe Systems) [File not signed]
R2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [64112 2014-01-16] (CyberGhost S.R.L)
R2 DTSRVC; C:\Program Files\Common Files\Portrait Displays\Shared\dtsrvc.exe [137112 2012-09-18] (Portrait Displays, Inc.)
R2 EPSON_EB_RPCV4_04; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE [153600 2009-09-14] (SEIKO EPSON CORPORATION) [File not signed]
R2 EPSON_PM_RPCV4_04; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE [121856 2009-09-14] (SEIKO EPSON CORPORATION) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2007-12-20] (Macrovision Europe Ltd.) [File not signed]
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [101888 2013-09-26] (Freemake) [File not signed]
R2 HomeNetSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [145568 2014-04-25] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [472072 2014-06-12] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [655936 2014-06-18] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [169800 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [179600 2014-06-20] (McAfee, Inc.)
R2 PdiService; C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe [117552 2012-04-16] (Portrait Displays, Inc.)
S4 RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [880640 2006-11-05] (Sonic Solutions) [File not signed]
S4 RoxWatch9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [159744 2006-11-05] (Sonic Solutions) [File not signed]
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software)
S3 stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [73728 2006-09-14] (MicroVision Development, Inc.) [File not signed]
S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [237056 2010-09-08] (WDC) [File not signed]
S3 WDFME; C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [1034752 2010-09-08] () [File not signed]
S3 WDSC; C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [484352 2010-09-08] () [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [62832 2014-06-20] (McAfee, Inc.)
R2 cpuz132; C:\Windows\system32\drivers\cpuz132_x32.sys [12672 2009-03-27] (Windows ® Codename Longhorn DDK provider) [File not signed]
R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] () [File not signed]
S3 hwdatacard; C:\Windows\System32\DRIVERS\hwusbmdm.sys [88960 2006-04-07] (Huawei Technologies Co., Ltd.)
S3 LTXMD_VAC; C:\Windows\System32\drivers\lmvac.sys [18912 2008-06-30] (Windows ® Codename Longhorn DDK provider)
R3 LVPr2Mon; C:\Windows\System32\Drivers\LVPr2Mon.sys [25752 2009-10-07] ()
R3 LVUSBSta; C:\Windows\System32\drivers\LVUSBSta.sys [41504 2007-02-03] (Logitech Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [135968 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [238176 2014-06-20] (McAfee, Inc.)
S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [67816 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [369248 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [576048 2014-06-20] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [349192 2014-06-18] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [81296 2014-06-18] (McAfee, Inc.)
S3 mferkdk; C:\Windows\System32\drivers\mferkdk.sys [34248 2009-09-16] (McAfee, Inc.)
S3 mfesmfk; C:\Windows\System32\drivers\mfesmfk.sys [40552 2009-11-04] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [217224 2014-06-20] (McAfee, Inc.)
R2 npf; C:\Windows\System32\drivers\npf.sys [50704 2010-01-27] (CACE Technologies, Inc.)
S3 PCAudi; C:\Windows\System32\drivers\pcaudi.sys [48640 2012-07-09] (Windows ® Win 7 DDK provider) [File not signed]
R3 PdiPorts; C:\Windows\System32\Drivers\PdiPorts.sys [17328 2012-04-16] (Portrait Displays, Inc.)
R3 pepifilter; C:\Windows\System32\DRIVERS\lv302af.sys [13976 2009-04-30] (Logitech Inc.)
R3 PID_PEPI; C:\Windows\System32\DRIVERS\LV302V32.SYS [2687512 2009-04-30] (Logitech Inc.)
S3 PSSDK42; C:\Windows\system32\Drivers\pssdk42.sys [38976 2013-03-19] (microOLAP Technologies LTD)
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [45968 2011-11-03] (Rovi Corporation)
R1 SCDEmu; C:\Windows\system32\Drivers\SCDEmu.sys [33052 2007-08-07] (PowerISO Computing, Inc.) [File not signed]
R0 speedfan; C:\Windows\System32\speedfan.sys [25240 2011-03-18] (Almico Software)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [443448 2011-08-08] () [File not signed]
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project)
U3 a3m08kgp; C:\Windows\system32\Drivers\a3m08kgp.sys [0 ] (Microsoft Corporation)
S1 ASPI32; No ImagePath
S0 bdwfx; System32\drivers\vfgj.sys [X]
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 PCDSRVC{E9D79540-57D5953E-06020200}_0; \??\c:\program files\dell support center\pcdsrvc.pkms [X]
S3 TuneUpUtilitiesDrv; \??\C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys [X]
U3 amwmtxfz; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-06 19:56 - 2014-08-06 19:59 - 00031489 _____ () C:\Users\Bekker\Downloads\FRST.txt
2014-08-06 19:35 - 2014-08-06 19:36 - 00143208 _____ () C:\Windows\Minidump\Mini080614-01.dmp
2014-08-06 19:35 - 2014-08-06 19:35 - 283180701 _____ () C:\Windows\MEMORY.DMP
2014-08-06 17:10 - 2014-08-06 19:57 - 00000000 ____D () C:\FRST
2014-08-06 17:09 - 2014-08-06 17:10 - 01084928 _____ (Farbar) C:\Users\Bekker\Downloads\FRST.exe
2014-08-04 18:07 - 2014-08-04 18:07 - 02319191 _____ () C:\Users\Bekker\Desktop\bookmarks04-08-2014.html
2014-08-04 17:00 - 2014-08-04 17:01 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Bekker\Downloads\mbar-1.07.0.1012.exe
2014-08-04 16:51 - 2014-08-04 16:51 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Bekker\Downloads\TDSSKiller.exe
2014-08-04 16:45 - 2014-08-04 16:47 - 01361309 _____ () C:\Users\Bekker\Downloads\adwcleaner_3.302.exe
2014-08-04 14:48 - 2014-08-04 14:48 - 00029160 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-08-04 14:47 - 2014-08-04 14:48 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-08-04 14:45 - 2014-08-04 14:45 - 04806744 _____ () C:\Users\Bekker\Downloads\RogueKiller.exe
2014-08-04 14:04 - 2014-08-04 14:04 - 00035752 _____ (Symantec Corporation) C:\Windows\system32\Drivers\FixZeroAccess.sys
2014-08-04 14:04 - 2014-08-04 14:04 - 00000000 ____D () C:\Users\Bekker\AppData\Roaming\FixZeroAccess
2014-08-03 21:50 - 2014-08-04 18:13 - 00001546 _____ () C:\Windows\PFRO.log
2014-08-03 20:13 - 2014-08-03 20:16 - 00000000 ____D () C:\Users\Bekker\AppData\Roaming\FlashStreamHunter
2014-07-25 22:14 - 2014-07-25 22:15 - 00000000 ____D () C:\Users\Bekker\AppData\Roaming\Equalify
2014-07-25 22:04 - 2014-08-04 01:13 - 00000000 ____D () C:\Users\Bekker\AppData\Roaming\Spotify
2014-07-25 22:04 - 2014-08-01 17:57 - 00000000 ____D () C:\Users\Bekker\AppData\Local\Spotify
2014-07-25 22:04 - 2014-07-25 22:04 - 00001718 _____ () C:\Users\Bekker\Desktop\Spotify.lnk
2014-07-25 22:04 - 2014-07-25 22:04 - 00001704 _____ () C:\Users\Bekker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2014-07-23 21:12 - 2014-07-26 00:27 - 00000000 ____D () C:\Users\Bekker\Desktop\23-07-2014
2014-07-20 18:12 - 2014-07-20 18:12 - 00000000 ____D () C:\Users\Bekker\AppData\Roaming\McAfee
2014-07-20 18:08 - 2014-07-20 18:09 - 00541592 _____ (McAfee, Inc.) C:\Users\Bekker\Downloads\MVTInstaller.exe
2014-07-20 17:15 - 2014-08-06 19:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-07-19 22:21 - 2014-07-19 22:21 - 00000830 _____ () C:\Users\Public\Desktop\PDFCreator.lnk
2014-07-19 22:21 - 2014-07-19 22:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
2014-07-19 22:21 - 2014-04-25 17:44 - 00137000 _____ (Microsoft Corporation) C:\Windows\system32\MSMAPI32.OCX
2014-07-19 22:20 - 2014-04-25 17:44 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\MSMPIDE.DLL
2014-07-19 21:46 - 2014-07-19 21:45 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-07-19 21:45 - 2014-07-19 21:45 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-07-19 21:45 - 2014-07-19 21:45 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-07-19 21:45 - 2014-07-19 21:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-16 17:53 - 2014-07-16 17:55 - 29420456 _____ (Oracle Corporation) C:\Users\Bekker\Downloads\jre-7u65-windows-i586.exe
2014-07-16 17:52 - 2014-07-19 21:45 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-07-10 10:16 - 2014-06-07 02:19 - 02051072 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-10 10:16 - 2014-06-07 02:05 - 12353024 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-10 10:16 - 2014-06-07 01:25 - 09711616 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-10 10:16 - 2014-06-07 01:12 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-10 10:16 - 2014-06-07 01:04 - 01106432 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-10 10:16 - 2014-06-07 01:03 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-10 10:16 - 2014-06-07 01:02 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-10 10:16 - 2014-06-07 01:00 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-07-10 10:16 - 2014-06-07 00:58 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-10 10:16 - 2014-06-07 00:57 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-10 10:16 - 2014-06-07 00:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-07-10 10:16 - 2014-06-07 00:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-10 10:16 - 2014-06-07 00:54 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-10 10:16 - 2014-06-07 00:54 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-10 10:16 - 2014-06-07 00:54 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-10 10:16 - 2014-06-07 00:54 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-07-10 10:16 - 2014-06-07 00:53 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-10 10:16 - 2014-06-07 00:53 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-10 10:16 - 2014-06-07 00:53 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-07-10 10:16 - 2014-06-07 00:52 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-10 10:16 - 2014-06-07 00:51 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-07-10 10:16 - 2014-06-07 00:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-10 10:16 - 2014-06-06 10:59 - 00506880 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-10 10:16 - 2014-05-30 08:53 - 00273408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-07 16:16 - 2014-07-07 16:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MCShield
2014-07-07 16:14 - 2014-08-06 19:39 - 00000000 ____D () C:\ProgramData\MCShield
2014-07-07 16:14 - 2014-07-07 16:16 - 00000000 ____D () C:\Program Files\MCShield
2014-07-07 16:05 - 2014-07-07 16:05 - 02856736 _____ (MyCity) C:\Users\Bekker\Downloads\MCShield-Setup.exe
2014-07-07 14:35 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-07-07 14:22 - 2014-03-06 23:53 - 02925760 _____ (Sysinternals - www.sysinternals.com) C:\Users\Bekker\Downloads\procexp.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-06 19:59 - 2014-08-06 19:56 - 00031489 _____ () C:\Users\Bekker\Downloads\FRST.txt
2014-08-06 19:57 - 2014-08-06 17:10 - 00000000 ____D () C:\FRST
2014-08-06 19:54 - 2014-06-20 17:49 - 00001070 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2418620012-3055082709-3329518089-1000UA1cf8c9f3d2ae526.job
2014-08-06 19:47 - 2014-05-09 14:34 - 00001046 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf6b82f6ad609a.job
2014-08-06 19:42 - 2014-07-20 17:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-08-06 19:42 - 2014-02-08 19:11 - 00001709 _____ () C:\Users\Public\Desktop\McAfee AntiVirus Plus.lnk
2014-08-06 19:41 - 2010-03-01 21:10 - 02086280 _____ () C:\Windows\WindowsUpdate.log
2014-08-06 19:39 - 2014-07-07 16:14 - 00000000 ____D () C:\ProgramData\MCShield
2014-08-06 19:38 - 2012-09-28 22:52 - 00001609 _____ () C:\Users\Bekker\Desktop\SmartControl.lnk
2014-08-06 19:36 - 2014-08-06 19:35 - 00143208 _____ () C:\Windows\Minidump\Mini080614-01.dmp
2014-08-06 19:36 - 2014-03-21 23:15 - 00000644 _____ () C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2014-08-06 19:36 - 2013-05-19 16:48 - 00001042 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1ce549fea675415.job
2014-08-06 19:36 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-06 19:36 - 2006-11-02 14:47 - 00003568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-06 19:36 - 2006-11-02 14:47 - 00003568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-06 19:35 - 2014-08-06 19:35 - 283180701 _____ () C:\Windows\MEMORY.DMP
2014-08-06 19:35 - 2008-06-29 01:30 - 00000000 ____D () C:\Windows\Minidump
2014-08-06 19:22 - 2012-05-09 16:10 - 00000940 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-06 17:54 - 2011-09-25 01:05 - 00001018 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2418620012-3055082709-3329518089-1000Core.job
2014-08-06 17:10 - 2014-08-06 17:09 - 01084928 _____ (Farbar) C:\Users\Bekker\Downloads\FRST.exe
2014-08-04 18:16 - 2007-12-06 01:40 - 00000012 _____ () C:\Windows\bthservsdp.dat
2014-08-04 18:16 - 2006-11-02 15:01 - 00032614 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-04 18:13 - 2014-08-03 21:50 - 00001546 _____ () C:\Windows\PFRO.log
2014-08-04 18:13 - 2012-03-18 15:47 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-08-04 18:10 - 2014-03-15 18:25 - 00000000 ____D () C:\AdwCleaner
2014-08-04 18:07 - 2014-08-04 18:07 - 02319191 _____ () C:\Users\Bekker\Desktop\bookmarks04-08-2014.html
2014-08-04 18:01 - 2014-03-16 18:14 - 00000000 ____D () C:\Users\Bekker\Desktop\mbar
2014-08-04 18:01 - 2014-03-15 16:19 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-08-04 17:07 - 2014-06-28 14:28 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-04 17:03 - 2014-06-28 14:23 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-04 17:01 - 2014-08-04 17:00 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Bekker\Downloads\mbar-1.07.0.1012.exe
2014-08-04 16:51 - 2014-08-04 16:51 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Bekker\Downloads\TDSSKiller.exe
2014-08-04 16:47 - 2014-08-04 16:45 - 01361309 _____ () C:\Users\Bekker\Downloads\adwcleaner_3.302.exe
2014-08-04 14:48 - 2014-08-04 14:48 - 00029160 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-08-04 14:48 - 2014-08-04 14:47 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-08-04 14:45 - 2014-08-04 14:45 - 04806744 _____ () C:\Users\Bekker\Downloads\RogueKiller.exe
2014-08-04 14:37 - 2013-08-17 18:51 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-08-04 14:04 - 2014-08-04 14:04 - 00035752 _____ (Symantec Corporation) C:\Windows\system32\Drivers\FixZeroAccess.sys
2014-08-04 14:04 - 2014-08-04 14:04 - 00000000 ____D () C:\Users\Bekker\AppData\Roaming\FixZeroAccess
2014-08-04 01:13 - 2014-07-25 22:04 - 00000000 ____D () C:\Users\Bekker\AppData\Roaming\Spotify
2014-08-03 21:28 - 2011-08-31 20:06 - 00000000 ____D () C:\Program Files\PDFCreator
2014-08-03 21:27 - 2013-04-15 20:15 - 00000000 ____D () C:\Users\Bekker\dwhelper
2014-08-03 21:17 - 2010-11-06 18:58 - 00000806 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-08-03 21:17 - 2007-12-27 23:34 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-03 20:36 - 2014-01-24 21:02 - 00000000 ____D () C:\Program Files\rtmpdump-2.4
2014-08-03 20:16 - 2014-08-03 20:13 - 00000000 ____D () C:\Users\Bekker\AppData\Roaming\FlashStreamHunter
2014-08-01 17:57 - 2014-07-25 22:04 - 00000000 ____D () C:\Users\Bekker\AppData\Local\Spotify
2014-08-01 17:32 - 2014-03-29 23:13 - 00000000 ____D () C:\Users\Bekker\Documents\MassTube
2014-07-28 16:08 - 2007-12-19 16:47 - 00002611 _____ () C:\Users\Bekker\Desktop\Microsoft Word.lnk
2014-07-27 17:05 - 2010-02-08 22:52 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2014-07-26 00:27 - 2014-07-23 21:12 - 00000000 ____D () C:\Users\Bekker\Desktop\23-07-2014
2014-07-25 22:15 - 2014-07-25 22:14 - 00000000 ____D () C:\Users\Bekker\AppData\Roaming\Equalify
2014-07-25 22:04 - 2014-07-25 22:04 - 00001718 _____ () C:\Users\Bekker\Desktop\Spotify.lnk
2014-07-25 22:04 - 2014-07-25 22:04 - 00001704 _____ () C:\Users\Bekker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2014-07-25 21:04 - 2008-01-20 22:07 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-23 21:48 - 2010-06-04 15:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-21 16:56 - 2011-05-20 20:40 - 00135680 _____ () C:\Users\Bekker\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-07-20 18:12 - 2014-07-20 18:12 - 00000000 ____D () C:\Users\Bekker\AppData\Roaming\McAfee
2014-07-20 18:10 - 2010-02-08 22:52 - 00000000 ____D () C:\Program Files\McAfee
2014-07-20 18:10 - 2007-12-06 01:48 - 00000000 ____D () C:\ProgramData\McAfee
2014-07-20 18:09 - 2014-07-20 18:08 - 00541592 _____ (McAfee, Inc.) C:\Users\Bekker\Downloads\MVTInstaller.exe
2014-07-20 18:07 - 2011-09-25 01:06 - 00002069 _____ () C:\Users\Bekker\Desktop\Google Chrome.lnk
2014-07-19 22:21 - 2014-07-19 22:21 - 00000830 _____ () C:\Users\Public\Desktop\PDFCreator.lnk
2014-07-19 22:21 - 2014-07-19 22:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
2014-07-19 21:47 - 2013-10-06 22:08 - 00000000 ____D () C:\ProgramData\Oracle
2014-07-19 21:45 - 2014-07-19 21:46 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-07-19 21:45 - 2014-07-19 21:45 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-07-19 21:45 - 2014-07-19 21:45 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-07-19 21:45 - 2014-07-19 21:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-19 21:45 - 2014-07-16 17:52 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-07-19 14:56 - 2013-04-06 19:03 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-07-16 17:55 - 2014-07-16 17:53 - 29420456 _____ (Oracle Corporation) C:\Users\Bekker\Downloads\jre-7u65-windows-i586.exe
2014-07-16 17:52 - 2007-12-06 01:41 - 00000000 ____D () C:\Program Files\Java
2014-07-13 17:55 - 2010-11-06 18:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-07-13 17:55 - 2007-12-27 23:34 - 00000000 ____D () C:\Users\Bekker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-07-11 10:26 - 2013-01-20 15:32 - 00000236 _____ () C:\Users\Bekker\datacrow.properties
2014-07-10 18:23 - 2006-11-02 14:47 - 04021816 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-10 18:21 - 2006-11-02 14:37 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-10 11:44 - 2013-08-15 23:52 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-10 11:40 - 2006-11-02 12:24 - 93585272 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-07-09 09:22 - 2012-05-09 16:10 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-07-09 09:22 - 2012-05-09 16:10 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-07-09 09:16 - 2008-02-07 17:38 - 01618956 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-09 09:16 - 2006-11-02 18:11 - 00721388 _____ () C:\Windows\system32\perfh013.dat
2014-07-09 09:16 - 2006-11-02 18:11 - 00150338 _____ () C:\Windows\system32\perfc013.dat
2014-07-07 16:16 - 2014-07-07 16:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MCShield
2014-07-07 16:16 - 2014-07-07 16:14 - 00000000 ____D () C:\Program Files\MCShield
2014-07-07 16:05 - 2014-07-07 16:05 - 02856736 _____ (MyCity) C:\Users\Bekker\Downloads\MCShield-Setup.exe
 
Some content of TEMP:
====================
C:\Users\Annemieke\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\Annemieke\AppData\Local\Temp\FlashPlayerUpdate01.exe
C:\Users\Bekker\AppData\Local\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-08-06 19:42
 
==================== End Of Log ============================
Link to post
Share on other sites

Addition.txt:

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:5-08-2014
Ran by Bekker at 2014-08-06 20:01:05
Running from C:\Users\Bekker\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: McAfee Antivirus en antispyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AS: McAfee Antivirus en antispyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
 Sansa Media Converter (HKLM\...\{FC053571-8507-44E4-8B6D-AACEAB8CA57C}) (Version: 1.0-B4.256 - )
3D Sound Back Beta0.1 (HKLM\...\{39DB116F-E088-486F-B13C-8925ECE7A6E5}) (Version: 0.1 - Realtek Semiconductor Corp.)
7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
Aan de slag met Dell (HKLM\...\{2C086D06-187A-4050-ADD4-2F9D033651B4}) (Version: 1.00.0000 - Dell Inc.)
AChat 1.12 (HKLM\...\AChat_is1) (Version:  - AChat Animation Studios)
Adobe Creative Suite 6 Master Collection (HKLM\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)
Adobe Digital Editions 3.0 (HKLM\...\Adobe Digital Editions 3.0) (Version: 3.0 - Adobe Systems Incorporated)
Adobe ExtendScript Toolkit 2 (HKLM\...\Adobe_3e054d2218e7aa282c2369d939e58ff) (Version: 2.0.2 - Adobe Systems Incorporated)
Adobe ExtendScript Toolkit 2 (Version: 2.0.2 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Help Manager (Version: 4.0.244 - Adobe Systems Incorporated) Hidden
Adobe Reader X (10.1.10) - Nederlands (HKLM\...\{AC76BA86-7AD7-1043-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Adobe Setup (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe SVG Viewer 3.0 (HKLM\...\Adobe SVG Viewer) (Version:  3.0 - )
Adobe Widget Browser (HKLM\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.)
Adobe Widget Browser (Version: 2.0.348 - Adobe Systems Incorporated.) Hidden
Amazon Kindle (HKCU\...\Amazon Kindle) (Version:  - Amazon)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Astrospiegel Win (HKLM\...\ST5UNST #1) (Version:  - )
ATI Catalyst Control Center (HKLM\...\{055EE59D-217B-43A7-ABFF-507B966405D8}) (Version: 2.007.0731.2233 - )
ATI Catalyst Install Manager (HKLM\...\{5968F27A-66E6-171E-5311-0A74D74AAD9B}) (Version: 3.0.812.0 - ATI Technologies, Inc.)
Audacity 1.3.5 (Unicode) (HKLM\...\Audacity 1.3 Beta (Unicode)_is1) (Version:  - Audacity Team)
Avi2Dvd 0.4.5 beta (HKLM\...\Avi2Dvd) (Version: 0.4.5 beta - TrustFm)
AviSynth 2.5 (HKLM\...\AviSynth) (Version:  - )
bl (Version: 1.0.0 - Your Company Name) Hidden
Browser Address Error Redirector (HKLM\...\{62230596-37E5-4618-A329-0D21F529A86F}) (Version: 1.00.0000 - Dell)
BSC Cleanitol TM (HKCU\...\BSC Cleanitol TM) (Version:  - )
Canon RAW Image Task for ZoomBrowser EX (HKLM\...\RAW Image Task) (Version: 3.1.0.22 - )
Canon Utilities CameraWindow (HKLM\...\CameraWindowLauncher) (Version: 7.0.0.8 - )
Canon Utilities CameraWindow DC (HKLM\...\CameraWindowDC) (Version: 7.0.1.16 - )
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX (HKLM\...\CameraWindowDVC6) (Version: 6.4.1.15 - )
Canon Utilities MyCamera (HKLM\...\MyCamera) (Version: 6.4.0.5 - )
Canon Utilities MyCamera DC (HKLM\...\MyCameraDC) (Version: 7.0.0.5 - )
Canon Utilities RAW Image Converter (HKLM\...\Canon Utilities RAW Image Converter) (Version:  - )
Canon Utilities RemoteCapture 1.4 (HKLM\...\RemoteCapture) (Version:  - )
Canon Utilities RemoteCapture DC (HKLM\...\RemoteCaptureDC) (Version: 3.0.1.8 - )
Canon Utilities RemoteCapture Task for ZoomBrowser EX (HKLM\...\RemoteCaptureTask) (Version: 1.7.1.9 - )
Canon ZoomBrowser EX Memory Card Utility (HKLM\...\ZoomBrowser EX Memory Card Utility) (Version: 1.0.0.19 - )
Catalyst Control Center Core Implementation (Version: 2007.0731.2234.38497 - ATI) Hidden
Catalyst Control Center Core Implementation (Version: 2007.1220.2143.38732 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (Version: 2007.0731.2234.38497 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (Version: 2007.1220.2143.38732 - ATI) Hidden
Catalyst Control Center Graphics Full New (Version: 2007.0731.2234.38497 - ATI) Hidden
Catalyst Control Center Graphics Full New (Version: 2007.1220.2143.38732 - ATI) Hidden
Catalyst Control Center Graphics Light (Version: 2007.0731.2234.38497 - ATI) Hidden
Catalyst Control Center Graphics Light (Version: 2007.1220.2143.38732 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (Version: 2007.0731.2234.38497 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (Version: 2007.1220.2143.38732 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (Version: 2007.0731.2234.38497 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (Version: 2007.1220.2143.38732 - ATI) Hidden
Catalyst Control Center InstallProxy (Version: 2011.0126.1749.31909 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization Chinese Standard (Version: 2007.0731.2234.38497 - ATI) Hidden
Catalyst Control Center Localization Chinese Traditional (Version: 2007.0731.2234.38497 - ATI) Hidden
Catalyst Control Center Localization French (Version: 2007.0731.2234.38497 - ATI) Hidden
Catalyst Control Center Localization German (Version: 2007.0731.2234.38497 - ATI) Hidden
Catalyst Control Center Localization Hungarian (Version: 2007.0731.2234.38497 - ATI) Hidden
Catalyst Control Center Localization Italian (Version: 2007.0731.2234.38497 - ATI) Hidden
Catalyst Control Center Localization Japanese (Version: 2007.0731.2234.38497 - ATI) Hidden
Catalyst Control Center Localization Korean (Version: 2007.0731.2234.38497 - ATI) Hidden
Catalyst Control Center Localization Polish (Version: 2007.0731.2234.38497 - ATI) Hidden
Catalyst Control Center Localization Portuguese (Version: 2007.0731.2234.38497 - ATI) Hidden
Catalyst Control Center Localization Spanish (Version: 2007.0731.2234.38497 - ATI) Hidden
Catalyst Control Center Localization Thai (Version: 2007.0731.2234.38497 - ATI) Hidden
Catalyst Control Center Localization Turkish (Version: 2007.0731.2234.38497 - ATI) Hidden
CCC Help Chinese Standard (Version: 2007.0731.2233.38497 - ATI) Hidden
CCC Help Chinese Traditional (Version: 2007.0731.2233.38497 - ATI) Hidden
CCC Help English (Version: 2007.0731.2233.38497 - ATI) Hidden
CCC Help French (Version: 2007.0731.2233.38497 - ATI) Hidden
CCC Help German (Version: 2007.0731.2233.38497 - ATI) Hidden
CCC Help Hungarian (Version: 2007.0731.2233.38497 - ATI) Hidden
CCC Help Italian (Version: 2007.0731.2233.38497 - ATI) Hidden
CCC Help Japanese (Version: 2007.0731.2233.38497 - ATI) Hidden
CCC Help Korean (Version: 2007.0731.2233.38497 - ATI) Hidden
CCC Help Polish (Version: 2007.0731.2233.38497 - ATI) Hidden
CCC Help Portuguese (Version: 2007.0731.2233.38497 - ATI) Hidden
CCC Help Spanish (Version: 2007.0731.2233.38497 - ATI) Hidden
CCC Help Thai (Version: 2007.0731.2233.38497 - ATI) Hidden
CCC Help Turkish (Version: 2007.0731.2233.38497 - ATI) Hidden
ccc-core-static (Version: 2007.0731.2234.38497 - ATI) Hidden
ccc-core-static (Version: 2007.1220.2143.38732 - Uw bedrijfsnaam) Hidden
ccc-utility (Version: 2007.0731.2234.38497 - ATI) Hidden
ccc-utility (Version: 2007.1220.2143.38732 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform)
Coca-Cola Zero  Screen Saver (HKLM\...\Coca-Cola Zero) (Version:  - )
Compatibiliteitspakket voor het 2007 Microsoft Office system (HKLM\...\{90120000-0020-0413-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CPUID HWMonitor 1.15 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
Creevity Mp3 Cover Downloader (HKLM\...\Mp3 Cover Downloader_is1) (Version: 1.4.0 - Diego Alicata)
CutePDF Writer 2.8 (HKLM\...\CutePDF Writer Installation) (Version:  - )
CyberGhost 5 (HKLM\...\CyberGhost VPN 5_is1) (Version:  - CyberGhost S.R.L.)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.41.3.0173 - DT Soft Ltd)
Dell Support Center (HKLM\...\PC-Doctor for Windows) (Version: 3.2.6032.125 - PC-Doctor, Inc.)
Dell System Detect (HKCU\...\9204f5692a8faf3b) (Version: 4.0.5.6 - Dell)
DivX Converter (HKLM\...\{B13A7C41581B411290FBC0395694E2A9}) (Version: 7.0.0 - DivX, Inc.)
DivX Plus DirectShow Filters (HKLM\...\DivX Plus DirectShow Filters) (Version:  - DivX, Inc.)
DivX Setup (HKLM\...\DivX Setup) (Version: 2.6.1.90 - DivX, LLC)
DriverMax 7 (HKLM\...\DMX5_is1) (Version: 7.16.0.120 - Innovative Solutions)
Empire: Total War Demo (HKLM\...\Steam App 10620) (Version:  - The Creative Assembly)
EPSON SX420W Series Printer Uninstall (HKLM\...\EPSON SX420W Series) (Version:  - SEIKO EPSON Corporation)
Equalify v2.5.3 (Stable) (HKLM\...\{33EC4F70-9F4B-406F-BB2A-F75A285E927D}) (Version: 2.5.3.0 - Equalify)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
Eusing Free Registry Cleaner (HKLM\...\Eusing Free Registry Cleaner) (Version:  - )
Express Burn (HKLM\...\ExpressBurn) (Version:  - NCH Software)
Express Rip (HKLM\...\ExpressRip) (Version:  - NCH Swift Sound)
FileHippo.com Update Checker (HKLM\...\FileHippo.com) (Version:  - )
Folder Lock (HKCU\...\FolderLock6) (Version:  - New Sofware.net Inc.)
Free WebM to AVI Converter 1.0 (HKLM\...\{38B50CEC-C683-404D-BAD7-48CBCBFF981B}_is1) (Version:  - PolySoft Solutions)
Free YouTube Download version 3.0.18.1123 (HKLM\...\Free YouTube Download_is1) (Version:  - DVDVideoSoft Ltd.)
Freemake Video Converter versie 4.0.4 (HKLM\...\Freemake Video Converter_is1) (Version: 4.0.4 - Ellora Assets Corporation)
gmax (HKLM\...\{3FA7A919-87DA-42B1-814B-86DE8DCA17C2}) (Version: 4.4.0.125 - Discreet)
GOM Audio (HKLM\...\GomAudio) (Version: 2.0.5.0138 - Gretech Corporation)
GOM Player (HKLM\...\GOM Player) (Version: 2.2.57.5189 - Gretech Corporation)
Google Chrome (HKCU\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Earth (HKLM\...\{96AD3B61-EAE2-11E2-9E72-B8AC6F98CCE3}) (Version: 7.1.1.1888 - Google)
Google SketchUp 6 (HKLM\...\{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}) (Version: 6.0.01313 - Google)
Google SketchUp 6 (Version: 6.4.112 - Google) Hidden
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Google Video Uploader (HKLM\...\Google Video Uploader) (Version:  - )
ImagXpress (Version: 7.0.74.0 - Nero AG) Hidden
Intel® PRO Network Connections 12.1.11.0 (HKLM\...\PROSetDX) (Version:  - Intel)
Intel® PRO Network Connections 12.1.11.0 (Version:  - Intel) Hidden
Java 7 Update 65 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217065FF}) (Version: 7.0.650 - Oracle)
Java Auto Updater (Version: 2.1.65.20 - Oracle, Inc.) Hidden
Jetcast 1.1.1 (HKLM\...\Jetcast) (Version: 1.1.1 - )
JPGAvi 1.07.0.68 (HKLM\...\JPGAvi_is1) (Version:  - NDW Ltd)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LockHunter 2.0 beta 2, 32 bit (HKLM\...\LockHunter_is1) (Version:  - Crystal Rich, Ltd)
Logitech Legacy USB Camera-stuurprogrammapakket (HKLM\...\legacyqcam_10.51) (Version: 10.51.2023 - )
Logitech Webcam Software (HKLM\...\{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}) (Version: 12.10.1113 - Logitech Inc.)
Logitech Webcam Software-stuurprogrammapakket (HKLM\...\lvdrivers_12.10) (Version: 12.10.1110 - Logitech Inc.)
Malwarebytes Anti-Malware versie 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MassTube 12.0.0.280 Beta 9 (HKLM\...\{622A0A32-9711-43D3-A6F1-B0FC78F1A68A}_is1) (Version: 12.0.0.280 Beta 9 - Havy Alegria)
McAfee AntiVirus Plus (HKLM\...\MSC) (Version: 12.8.958 - McAfee, Inc.)
McAfee Virtual Technician (HKLM\...\McAfee Virtual Technician) (Version: 7.5.0.3093 - McAfee, Inc.)
MCShield ::Anti-Malware Tool:: (HKLM\...\MCShield) (Version: 3.0.5.28 - MyCity)
Microsoft .NET Framework 3.5 Language Pack SP1 - nld (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Nederlands) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1043) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (NLD) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Fix it Center (HKLM\...\{B7588D45-AFDC-4C93-9E2E-A100F3554B64}) (Version: 1.0.0100 - Microsoft Corporation)
Microsoft Office 2000 Professional (HKLM\...\{00010413-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{A2A0A82F-025F-458d-A0CD-9BB2320804B5}) (Version: 08.05.0822 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86 (Version: 1.00.0000 - Adobe) Hidden
MixVibes STANDARD 6 uninstall (HKLM\...\MixVibes.exe) (Version:  - )
Mozilla Firefox 31.0 (x86 nl) (HKLM\...\Mozilla Firefox 31.0 (x86 nl)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MPEG2 Codec(libmpeg2/mad) (HKLM\...\MPEG2 Codec(libmpeg2/mad)) (Version:  - )
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyFonts Order M1384822 (HKLM\...\{F564454D-DEBE-0CCE-93C3-FD8DEB975100}) (Version: 1.0 - MyFonts.com, Inc.)
MyFonts Order M1491040 (HKLM\...\{3DB2C412-5A5C-157D-C753-FF762B37710C}) (Version: 1.0 - MyFonts.com, Inc.)
Nero 9 (HKLM\...\{654844a8-3c8b-4bb7-a858-eaa223f36d5f}) (Version:  - Nero AG)
Nero Installer (Version: 2.0.0.1 - Nero AG) Hidden
neroxml (Version: 1.0.0 - Nero AG) Hidden
Nokia Connectivity Cable Driver (HKLM\...\{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}) (Version: 7.1.32.69 - )
Octoshape add-in for Adobe Flash Player (HKCU\...\Octoshape add-in for Adobe Flash Player) (Version:  - )
Ogg Codecs 0.81.15562 (HKLM\...\Ogg Codecs) (Version: 0.81.15562 - Xiph.Org)
Paint.NET v3.36 (HKLM\...\{43602F34-1AA3-44FB-AEB2-D08C2C73743F}) (Version: 3.36.0 - dotPDN LLC)
Pazera Free MP4 to AVI Converter 1.6 (HKLM\...\{42442BC6-5A92-4BC2-9E0C-3D359D548A21}_is1) (Version: 1.6 - Jacek Pazera)
PDF Settings CS6 (Version: 11.0 - Adobe Systems Incorporated) Hidden
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge)
ph (Version: 1.0.0 - Your Company Name) Hidden
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Pivot Pro Plugin (Version: 9.50.110 - Portrait Displays, Inc.) Hidden
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version:  - )
PowerISO (HKLM\...\PowerISO) (Version:  - )
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.43 - Piriform)
Roxio Creator Audio (HKLM\...\{83FFCFC7-88C6-41c6-8752-958A45325C82}) (Version: 3.3.0 - Roxio)
Roxio Creator BDAV Plugin (HKLM\...\{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}) (Version: 3.3.0 - Roxio)
Roxio Creator Copy (HKLM\...\{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}) (Version: 3.3.0 - Roxio)
Roxio Creator Data (HKLM\...\{0D397393-9B50-4c52-84D5-77E344289F87}) (Version: 3.3.0 - Roxio)
Roxio Creator DE (HKLM\...\{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}) (Version: 3.3.0 - Roxio)
Roxio Creator Tools (HKLM\...\{0394CDC8-FABD-4ed8-B104-03393876DFDF}) (Version: 3.3.0 - Roxio)
Roxio Express Labeler (HKLM\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 2.1.0 - Roxio)
Roxio MyDVD DE (HKLM\...\{D639085F-4B6E-4105-9F37-A0DBB023E2FB}) (Version: 9.0.116 - Roxio, Inc.)
Roxio Update Manager (HKLM\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 3.0.0 - Roxio)
Sansa Updater (HKCU\...\Sansa Updater) (Version: 1.313 - SanDisk Corporation)
SDK (Version: 2.31.009 - Portrait Displays, Inc.) Hidden
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
SequoiaView (HKLM\...\SequoiaView) (Version:  - )
Serif DrawPlus 4.0 (HKLM\...\SerifDrawPlus40) (Version:  - )
Sesam Kart 3D NPAPI Viewer (HKCU\...\myVRnpapi) (Version:  - )
Shared C Run-time for x86 (Version: 10.0.0 - McAfee) Hidden
SimCity 4 Rush Hour (HKLM\...\{01339AE5-04D4-43F8-008E-13AD788DC4F7}) (Version:  - )
SIW version 2011.10.29 (HKLM\...\{AB67580-257C-45FF-B8F4-C8C30682091A}_is1) (Version: 2011.10.29 - Topala Software Solutions)
Skins (Version: 2007.0731.2234.38497 - ATI) Hidden
Skins (Version: 2007.1220.2143.38732 - ATI) Hidden
Skype™ 6.14 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
SmartControl (HKLM\...\{F4EF231A-7218-41B1-AB84-F5B48B74C50A}) (Version: 2.20.026 - Portrait Displays, Inc.)
Sonic Activation Module (Version: 1.0 - Sonic Solutions) Hidden
Sony Ericsson Update Engine (HKLM\...\Update Engine) (Version: 2.13.9.201308081522 - Sony Ericsson Communications AB)
Sony Mobile Update Service (HKLM\...\Update Service) (Version: 2.13.5.201304180917 - Sony Mobile Communications AB)
Sony PC Companion 2.10.211 (HKLM\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.211 - Sony)
SpeedFan (remove only) (HKLM\...\SpeedFan) (Version:  - )
Spelling Dictionaries Support For Adobe Reader 8 (HKLM\...\{AC76BA86-7AD7-5464-3428-800000000003}) (Version: 8.0.0 - Adobe Systems)
Spotify (HKCU\...\Spotify) (Version: 0.9.11.27.g2b1a638c - Spotify AB)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.)
Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve)
SubSync (HKLM\...\ST6UNST #1) (Version:  - )
SWF to MP3 Converter 2.3 build 149 (HKLM\...\SWF to MP3 Converter) (Version: 2.3 build 149 - Hoo Technologies)
Taalpakket voor Microsoft .NET Framework 3.5 SP1 - NL (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - nld) (Version:  - Microsoft Corporation)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
TBS WMP Plug-in (HKLM\...\InstallShield_{13515135-48BB-4184-8C1F-2FAE0138E200}) (Version: 1.00.676 - CNN)
TBS WMP Plug-in (Version: 1.00.676 - CNN) Hidden
TrueCrypt (HKLM\...\TrueCrypt) (Version: 7.0 - TrueCrypt Foundation)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update voor het stuurprogramma voor Windows Mobile Apparaatcentrum (HKLM\...\{E7044E25-3038-4A76-9064-344AC038043E}) (Version: 6.1.6965.0 - Microsoft Corporation)
User's Guides (HKLM\...\{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}) (Version:  - )
V710 PC Assistant V1.4.2 (HKLM\...\V710 PC Assistant_is1) (Version:  - MobTime, Inc.)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
VirtuoCity (HKCU\...\VirtuoCity) (Version:  - )
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729 - Microsoft Corporation) Hidden
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WD SmartWare (HKLM\...\{98D451C4-4ACA-4273-BB47-57CFE46B048E}) (Version: 1.4.1.1 - Western Digital)
Winamp (HKLM\...\Winamp) (Version: 5.56  - Nullsoft, Inc)
Winamp Remote (HKLM\...\Orb) (Version: 2.2008.0508.1530 - Orb Networks)
Windows Installer Clean Up (HKLM\...\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}) (Version: 3.00.00.0000 - Microsoft Corporation)
Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows Media Tools 4.0 (HKLM\...\Microsoft NetShow Tools 2.0) (Version:  - )
Windows Mobile Apparaatcentrum (HKLM\...\{904CCF62-818D-4675-BC76-D37EB399F917}) (Version: 6.1.6965.0 - Microsoft Corporation)
WinPcap 4.1.1 (HKLM\...\WinPcapInst) (Version: 4.1.0.1753 - CACE Technologies)
WinRAR (HKLM\...\WinRAR archiver) (Version:  - )
Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version:  - )
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-2418620012-3055082709-3329518089-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Bekker\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2418620012-3055082709-3329518089-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Bekker\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2418620012-3055082709-3329518089-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Bekker\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2418620012-3055082709-3329518089-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Bekker\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2418620012-3055082709-3329518089-1000_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Users\Bekker\AppData\Local\Google\Chrome\Application\36.0.1985.125\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2418620012-3055082709-3329518089-1000_Classes\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\InprocServer32 -> C:\Windows\system32\urlmon.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2418620012-3055082709-3329518089-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Bekker\AppData\Local\Google\Update\1.3.24.15\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2418620012-3055082709-3329518089-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Bekker\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2418620012-3055082709-3329518089-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Bekker\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2418620012-3055082709-3329518089-1000_Classes\CLSID\{C90250F3-4D7D-4991-9B69-A5C5BC1C2AE6}\InprocServer32 -> C:\Windows\system32\actxprxy.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2418620012-3055082709-3329518089-1000_Classes\CLSID\{D98E820F-6ACD-4dc0-921E-9841E3D8B4A7}\InprocServer32 -> K:\.\player\WMMP.EXE No File
CustomCLSID: HKU\S-1-5-21-2418620012-3055082709-3329518089-1000_Classes\CLSID\{DF2FCE13-25EC-45BB-9D4C-CECD47C2430C}\InprocServer32 -> C:\Windows\system32\urlmon.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2418620012-3055082709-3329518089-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Bekker\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2418620012-3055082709-3329518089-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Bekker\AppData\Local\Google\Update\1.3.24.15\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2418620012-3055082709-3329518089-1000_Classes\CLSID\{F4C6D6E0-A8FB-4281-BE24-1662D646FE2B}\InprocServer32 -> K:\.\player\WMMP.EXE No File
CustomCLSID: HKU\S-1-5-21-2418620012-3055082709-3329518089-1000_Classes\CLSID\{FBE840E5-13A5-4cff-B2A9-4D1E64A17FF2}\InprocServer32 -> K:\.\player\WMMP.EXE No File
 
==================== Restore Points  =========================
 
16-07-2014 15:49:14 Installed Java 7 Update 65
16-07-2014 15:59:59 Windows Update
18-07-2014 15:13:25 Gepland herstelpunt
19-07-2014 12:17:33 Gepland herstelpunt
19-07-2014 19:43:05 Installed Java 7 Update 65
20-07-2014 18:18:05 Gepland herstelpunt
23-07-2014 18:52:27 Windows Update
23-07-2014 19:46:47 Windows Update
25-07-2014 20:12:27 Installed Equalify v2.5.3 (Stable)
30-07-2014 10:16:49 Windows Update
02-08-2014 08:19:32 Gepland herstelpunt
03-08-2014 13:19:51 Gepland herstelpunt
06-08-2014 14:45:41 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2006-11-02 12:23 - 2009-09-06 14:07 - 00328618 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.123topsearch.com
127.0.0.1 123topsearch.com
127.0.0.1 www.132.com
127.0.0.1 132.com
127.0.0.1 www.136136.net
127.0.0.1 136136.net
127.0.0.1 www.163ns.com
127.0.0.1 163ns.com
127.0.0.1 171203.com
127.0.0.1 17-plus.com
127.0.0.1 www.1800searchonline.com
127.0.0.1 1800searchonline.com
 
There are 1000 more lines.
 
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {147C35EA-FC79-4C74-9908-4394F1FEB45B} - System32\Tasks\GoogleUpdateTaskMachineUA1cf6b82f6ad609a => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-07] (Google Inc.)
Task: {17133D10-2AC8-4093-B5A7-A5FBBC1BA5F2} - System32\Tasks\DivX-online actualiseringsprogramma => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2013-11-15] ()
Task: {17F082FB-956D-4678-AF53-EE970A356922} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {1D47FE82-697D-4B68-9DE4-FE9C090CEE50} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2418620012-3055082709-3329518089-1000UA1cf8c9f3d2ae526 => C:\Users\Bekker\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-25] (Google Inc.)
Task: {2867449F-C1D9-45CF-826E-FEE0BC420EC9} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2014-07-11] (Oracle Corporation)
Task: {3AF30E58-AAB7-4A97-920E-C2C9A0279ECE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation)
Task: {5A63FCA9-185F-4681-A2B6-CFFD0DC57E8A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2418620012-3055082709-3329518089-1000UA1cf6c48c3d25d74 => C:\Users\Bekker\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-25] (Google Inc.)
Task: {623EDFA3-94E1-43ED-82D4-340131132BC4} - System32\Tasks\wp_update => C:\Users\Bekker\AppData\Roaming\~wbnvowq.exe
Task: {64A18718-BFED-4DDE-A98E-C1C0130D34D5} - System32\Tasks\Refresh immunization (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {6FF950BE-C9FF-4A94-97C7-5B40B6ACFCDB} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {83717B20-5ABA-4326-AE8E-5F206DCC8A82} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files\TuneUp Utilities 2013\OneClick.exe
Task: {86C6E958-311D-493D-8EE9-79E939387ACD} - System32\Tasks\Check for updates (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {8737E8BC-AF39-460C-A6EB-A5623D7835D6} - System32\Tasks\GoogleUpdateTaskMachineCore1ce549fea675415 => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-07] (Google Inc.)
Task: {89AC14E7-990A-404A-B3C8-BE5629A62FC9} - System32\Tasks\PCDEventLauncher => C:\Program Files\Dell Support Center\sessionchecker.exe [2013-02-05] (PC-Doctor, Inc.)
Task: {B5E986A1-B887-4EC8-A184-148697B9F08C} - \Microsoft\Windows Defender\MP Scheduled Scan No Task File <==== ATTENTION
Task: {C8CDD8AF-9485-484E-A931-6E3DA20F712F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd)
Task: {CA50539E-FD11-4FD9-80FD-01CAEF36DB50} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2418620012-3055082709-3329518089-1000Core => C:\Users\Bekker\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-25] (Google Inc.)
Task: {CD372113-9F36-4350-BDE0-3150E864A2A5} - System32\Tasks\Google Updater and Installer => C:\Users\Bekker\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-25] (Google Inc.)
Task: {CDB63164-2991-40A7-9A54-8EAFA6457CBD} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {D83F4E57-0ED2-4ACD-87D0-C7111DAADF66} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-07] (Google Inc.)
Task: {DE3AA403-7208-4DC1-8EEF-6346E31F57BE} - System32\Tasks\Sansa Dispatch => C:\Users\Bekker\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe [2012-08-04] (SanDisk Corporation)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-05] ()
Task: {E57652C0-7046-46AA-9A4F-08F551BEA136} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {EB06F4CC-E6D8-46E2-8E68-C7154EC463CD} - System32\Tasks\Adobe-online actualiseringsprogramma => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1ce549fea675415.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf6b82f6ad609a.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2418620012-3055082709-3329518089-1000Core.job => C:\Users\Bekker\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2418620012-3055082709-3329518089-1000UA1cf8c9f3d2ae526.job => C:\Users\Bekker\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
 
==================== Loaded Modules (whitelisted) =============
 
2010-08-06 17:48 - 2009-11-05 08:39 - 00087552 _____ () C:\Windows\System32\cpwmon2k.dll
2012-09-28 22:22 - 2012-09-18 14:19 - 00243608 _____ () C:\Program Files\Common Files\Portrait Displays\Shared\dthook.dll
2011-01-27 00:11 - 2011-01-27 00:11 - 00023040 _____ () C:\Windows\system32\atitmpxx.dll
2014-03-21 23:13 - 2012-08-23 11:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2014-03-21 23:13 - 2013-05-16 11:55 - 00113496 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-03-21 23:13 - 2013-05-16 11:55 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2014-03-21 23:13 - 2013-05-16 11:55 - 00161112 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-03-21 23:13 - 2012-04-03 18:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2013-02-11 21:11 - 2012-04-30 11:57 - 00039936 _____ () C:\Program Files\Sony\Sony PC Companion\TMonitorAPI.dll
2013-02-11 21:10 - 2013-09-13 11:02 - 00208896 _____ () C:\Program Files\Sony\Sony PC Companion\MExplorer.dll
2011-07-07 14:54 - 2011-07-07 14:54 - 00233984 _____ () C:\Program Files\Sony\Sony PC Companion\Report.dll
2013-04-22 13:40 - 2013-05-20 12:58 - 00620718 _____ () C:\Program Files\Sony\Sony PC Companion\sqlite3.dll
2013-05-14 09:38 - 2013-05-14 09:38 - 00607744 _____ () C:\Program Files\Sony\Sony PC Companion\PhoneUpdate.dll
2013-02-11 21:10 - 2013-10-31 12:35 - 00070880 _____ () C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe
2007-12-13 13:35 - 2006-09-14 01:20 - 00126464 _____ () C:\Program Files\WinRAR\rarext.dll
2014-07-20 18:07 - 2014-07-15 11:24 - 08537928 _____ () C:\Users\Bekker\AppData\Local\Google\Chrome\Application\36.0.1985.125\pdf.dll
2014-07-20 18:07 - 2014-07-15 11:24 - 00353096 _____ () C:\Users\Bekker\AppData\Local\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll
2014-07-20 18:06 - 2014-07-15 11:24 - 01732936 _____ () C:\Users\Bekker\AppData\Local\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll
1999-02-01 21:10 - 1999-02-01 21:10 - 00057403 _____ () C:\Program Files\Microsoft Office\Office\BLNMGRPS.DLL
1999-02-02 00:39 - 1999-02-02 00:39 - 00073785 _____ () C:\Program Files\Microsoft Office\Office\BLNMGR.DLL
2014-07-20 18:07 - 2014-07-15 11:24 - 14664008 _____ () C:\Users\Bekker\AppData\Local\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll
2003-08-19 09:20 - 2003-08-19 09:20 - 00180224 _____ () C:\Program Files\Avi2Dvd\Programs\Filters\ac3filter.ax
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:88050731
AlternateDataStreams: C:\ProgramData\TEMP:C39E55C5
AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2
AlternateDataStreams: C:\Users\Annemieke\Desktop\modem:Roxio EMC Stream
AlternateDataStreams: C:\Users\Bekker\Downloads\00030.mp4:TOC.WMV
AlternateDataStreams: C:\Users\Bekker\Downloads\00031.mp4:TOC.WMV
AlternateDataStreams: C:\Users\Bekker\Downloads\6307628.jpg:Roxio EMC Stream
AlternateDataStreams: C:\Users\Bekker\Downloads\Hillbilly Bears (Dutch).mp4:TOC.WMV
AlternateDataStreams: C:\Users\Bekker\Downloads\Netherworld - Paris Catacombs (720p).mp4:TOC.WMV
AlternateDataStreams: C:\Users\Bekker\Documents\Adobe:Roxio EMC Stream
AlternateDataStreams: C:\Users\Bekker\Documents\adobe bestanden:Roxio EMC Stream
AlternateDataStreams: C:\Users\Bekker\Documents\Adobe Scripts:Roxio EMC Stream
AlternateDataStreams: C:\Users\Bekker\Documents\Downloaded Installations:Roxio EMC Stream
AlternateDataStreams: C:\Users\Bekker\Documents\Downloads:Roxio EMC Stream
AlternateDataStreams: C:\Users\Bekker\Documents\GomPlayer:Roxio EMC Stream
AlternateDataStreams: C:\Users\Bekker\Documents\Mijn ontvangen bestanden:Roxio EMC Stream
AlternateDataStreams: C:\Users\Bekker\Documents\Remote Assistance Logs:Roxio EMC Stream
AlternateDataStreams: C:\Users\Bekker\Documents\Shareaza Downloads:Roxio EMC Stream
AlternateDataStreams: C:\Users\Bekker\Documents\SimCity 4:Roxio EMC Stream
AlternateDataStreams: C:\Users\Bekker\Documents\torrents:Roxio EMC Stream
AlternateDataStreams: C:\Users\Bekker\Documents\Version Cue:Roxio EMC Stream
AlternateDataStreams: C:\Users\Bekker\Documents\werk peter:Roxio EMC Stream
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: Adobe Version Cue CS3 => 3
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: TuneUp.UtilitiesSvc => 2
MSCONFIG\Services: YahooAUService => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Secunia PSI Tray.lnk => C:\Windows\pss\Secunia PSI Tray.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Bekker^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk => C:\Windows\pss\Adobe Gamma.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Bekker^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Need for Speed™ Undercover Registration.lnk => C:\Windows\pss\Need for Speed™ Undercover Registration.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => 
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: Adobe_ID0EYTHM => C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
MSCONFIG\startupreg: CyberGhost => "C:\Program Files\CyberGhost 5\CyberGhost.EXE" /autostart /min
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: DivXMediaServer => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: DriverMax => "C:\Program Files\Innovative Solutions\DriverMax\drivermax.exe" -agent
MSCONFIG\startupreg: DriverMax_RESTART => "C:\Program Files\Innovative Solutions\DriverMax\drivermax.exe" -RESTART
MSCONFIG\startupreg: Google Update => "C:\Users\Bekker\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: ISUSScheduler => "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
MSCONFIG\startupreg: LogitechQuickCamRibbon => "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: Orb => "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
MSCONFIG\startupreg: PivotSoftware => "C:\Program Files\Portrait Displays\Pivot Pro Plugin\Pivot_startup.exe" -delay=10
MSCONFIG\startupreg: SDTray => "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: Spotify => "C:\Users\Bekker\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Bekker\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: SpybotSD TeaTimer => C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
MSCONFIG\startupreg: StartCCC => "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
MSCONFIG\startupreg: Steam => "c:\program files\steam\steam.exe" -silent
MSCONFIG\startupreg: WinampAgent => "C:\Program Files\Winamp\winampa.exe"
 
==================== Faulty Device Manager Devices =============
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Tun Minipoort-adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunmp
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: AQNOMJ78 IDE Controller
Description: AQNOMJ78 IDE Controller
Class Guid: {4D36E97B-E325-11CE-BFC1-08002BE10318}
Manufacturer: 
Service: amwmtxfz
Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.
Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.
 
Name: TAP-Windows Adapter V9
Description: TAP-Windows Adapter V9
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Windows Provider V9
Service: tap0901
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/04/2014 02:12:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Toepassing met fout Explorer.EXE, versie 6.0.6002.18005, tijdstempel 0x49e01da5, module met fout SHLWAPI.dll, versie 6.0.6002.18738, tijdstempel 0x50ada1fd, uitzonderingscode 0xc0000005, foutmarge 0x00020f29,
proces-id 0x930, starttijd van toepassing 0xExplorer.EXE0.
 
Error: (08/04/2014 01:26:27 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
 
Error: (08/04/2014 01:44:18 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Toepassing met fout Explorer.exe, versie 6.0.6002.18005, tijdstempel 0x49e01da5, module met fout unknown, versie 0.0.0.0, tijdstempel 0x00000000, uitzonderingscode 0xc0000005, foutmarge 0x03990fef,
proces-id 0x56c, starttijd van toepassing 0xExplorer.exe0.
 
Error: (08/03/2014 08:09:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Toepassing met fout StreamTransport.exe, versie 1.1.6.1, tijdstempel 0x2a425e19, module met fout ntdll.dll, versie 6.0.6002.18881, tijdstempel 0x51da3e27, uitzonderingscode 0xc0000005, foutmarge 0x00067f0d,
proces-id 0x1944, starttijd van toepassing 0xStreamTransport.exe0.
 
Error: (08/03/2014 08:04:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Toepassing met fout StreamTransport.exe, versie 1.1.6.1, tijdstempel 0x2a425e19, module met fout ntdll.dll, versie 6.0.6002.18881, tijdstempel 0x51da3e27, uitzonderingscode 0xc0000005, foutmarge 0x000674cf,
proces-id 0x1f34, starttijd van toepassing 0xStreamTransport.exe0.
 
Error: (08/03/2014 08:03:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Toepassing met fout StreamTransport.exe, versie 1.1.6.1, tijdstempel 0x2a425e19, module met fout ntdll.dll, versie 6.0.6002.18881, tijdstempel 0x51da3e27, uitzonderingscode 0xc0000005, foutmarge 0x00067f0d,
proces-id 0x1e38, starttijd van toepassing 0xStreamTransport.exe0.
 
Error: (08/03/2014 08:02:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Toepassing met fout StreamTransport.exe, versie 1.1.6.1, tijdstempel 0x2a425e19, module met fout ntdll.dll, versie 6.0.6002.18881, tijdstempel 0x51da3e27, uitzonderingscode 0xc0000005, foutmarge 0x00067f0d,
proces-id 0xa20, starttijd van toepassing 0xStreamTransport.exe0.
 
Error: (08/03/2014 08:02:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Toepassing met fout StreamTransport.exe, versie 1.1.6.1, tijdstempel 0x2a425e19, module met fout ntdll.dll, versie 6.0.6002.18881, tijdstempel 0x51da3e27, uitzonderingscode 0xc0000005, foutmarge 0x000674cf,
proces-id 0x9b8, starttijd van toepassing 0xStreamTransport.exe0.
 
Error: (08/03/2014 08:02:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Toepassing met fout StreamTransport.exe, versie 1.1.6.1, tijdstempel 0x2a425e19, module met fout ntdll.dll, versie 6.0.6002.18881, tijdstempel 0x51da3e27, uitzonderingscode 0xc0000005, foutmarge 0x00067f0d,
proces-id 0x99c, starttijd van toepassing 0xStreamTransport.exe0.
 
Error: (08/03/2014 06:00:33 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: De vermelding <C:\USERS\BEKKER\DOWNLOADS\NERDESIN_A_K_M_-_NETD.MP2T> in de hash-toewijzing kan niet worden bijgewerkt.
 
Context: toepassing , catalogus SystemIndex
 
 
Details:
Een apparaat dat op het systeem is aangesloten, werkt niet.   (0x8007001f)
 
 
System errors:
=============
Error: (08/06/2014 07:38:34 PM) (Source: bowser) (EventID: 8003) (User: )
Description: De masterbrowser heeft een servermelding ontvangen van computer EXPERIA
die meent de masterbrowser voor het domein te zijn op transport NetBT_Tcpip_{677AEE2D-8769-429A-BE7D-FE6BD7FB03. 
De masterbrowser wordt gestopt of er wordt een verkiezing afgedwongen.
 
Error: (08/06/2014 07:37:28 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: toepassingsspecifiekLokaalStarten{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (via LRPC)
 
Error: (08/06/2014 07:37:22 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: toepassingsspecifiekLokaalStarten{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYSYSTEEMS-1-5-18LocalHost (via LRPC)
 
Error: (08/06/2014 07:36:32 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: ASPI32
bdwfx
 
Error: (08/06/2014 07:35:59 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: De vorige afsluiting van het systeem om 19:34:11 op 6-8-2014 is onverwacht gebeurd.
 
Error: (08/06/2014 04:43:28 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {209500FC-6B45-4693-8871-6296C4843751}
 
Error: (08/06/2014 04:41:18 PM) (Source: bowser) (EventID: 8003) (User: )
Description: De masterbrowser heeft een servermelding ontvangen van computer EXPERIA
die meent de masterbrowser voor het domein te zijn op transport NetBT_Tcpip_{677AEE2D-8769-429A-BE7D-FE6BD7FB03. 
De masterbrowser wordt gestopt of er wordt een verkiezing afgedwongen.
 
Error: (08/06/2014 04:39:33 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: toepassingsspecifiekLokaalStarten{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (via LRPC)
 
Error: (08/06/2014 04:39:29 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: toepassingsspecifiekLokaalStarten{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYSYSTEEMS-1-5-18LocalHost (via LRPC)
 
Error: (08/06/2014 04:38:36 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: ASPI32
bdwfx
 
 
Microsoft Office Sessions:
=========================
Error: (08/04/2014 02:12:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.0.6002.1800549e01da5SHLWAPI.dll6.0.6002.1873850ada1fdc000000500020f2993001cfafdc8306e2d2
 
Error: (08/04/2014 01:26:27 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
 
Error: (08/04/2014 01:44:18 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.exe6.0.6002.1800549e01da5unknown0.0.0.000000000c000000503990fef56c01cfaf562e3a0286
 
Error: (08/03/2014 08:09:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: StreamTransport.exe1.1.6.12a425e19ntdll.dll6.0.6002.1888151da3e27c000000500067f0d194401cfaf45fa885427
 
Error: (08/03/2014 08:04:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: StreamTransport.exe1.1.6.12a425e19ntdll.dll6.0.6002.1888151da3e27c0000005000674cf1f3401cfaf45566e70e7
 
Error: (08/03/2014 08:03:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: StreamTransport.exe1.1.6.12a425e19ntdll.dll6.0.6002.1888151da3e27c000000500067f0d1e3801cfaf4527c232e7
 
Error: (08/03/2014 08:02:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: StreamTransport.exe1.1.6.12a425e19ntdll.dll6.0.6002.1888151da3e27c000000500067f0da2001cfaf451ce289b7
 
Error: (08/03/2014 08:02:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: StreamTransport.exe1.1.6.12a425e19ntdll.dll6.0.6002.1888151da3e27c0000005000674cf9b801cfaf450ded5847
 
Error: (08/03/2014 08:02:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: StreamTransport.exe1.1.6.12a425e19ntdll.dll6.0.6002.1888151da3e27c000000500067f0d99c01cfaf449316f6d7
 
Error: (08/03/2014 06:00:33 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Context: toepassing , catalogus SystemIndex
 
 
Details:
Een apparaat dat op het systeem is aangesloten, werkt niet.   (0x8007001f)
C:\USERS\BEKKER\DOWNLOADS\NERDESIN_A_K_M_-_NETD.MP2T
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-08-06 20:00:14.028
  Description: De integriteit van de kopie voor het bestand \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys kan niet worden geverifieerd omdat de reeks kopie-hashes per pagina niet is gevonden op het systeem.
 
  Date: 2014-08-06 20:00:13.288
  Description: De integriteit van de kopie voor het bestand \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys kan niet worden geverifieerd omdat de reeks kopie-hashes per pagina niet is gevonden op het systeem.
 
  Date: 2014-08-06 20:00:12.552
  Description: De integriteit van de kopie voor het bestand \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys kan niet worden geverifieerd omdat de reeks kopie-hashes per pagina niet is gevonden op het systeem.
 
  Date: 2014-08-06 20:00:11.856
  Description: De integriteit van de kopie voor het bestand \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys kan niet worden geverifieerd omdat de reeks kopie-hashes per pagina niet is gevonden op het systeem.
 
  Date: 2014-08-06 19:37:23.703
  Description: De integriteit van de kopie voor het bestand \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys kan niet worden geverifieerd omdat de reeks kopie-hashes per pagina niet is gevonden op het systeem.
 
  Date: 2014-08-06 19:37:23.423
  Description: De integriteit van de kopie voor het bestand \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys kan niet worden geverifieerd omdat de reeks kopie-hashes per pagina niet is gevonden op het systeem.
 
  Date: 2014-08-06 19:37:23.095
  Description: De integriteit van de kopie voor het bestand \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys kan niet worden geverifieerd omdat de reeks kopie-hashes per pagina niet is gevonden op het systeem.
 
  Date: 2014-08-06 19:37:22.783
  Description: De integriteit van de kopie voor het bestand \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys kan niet worden geverifieerd omdat de reeks kopie-hashes per pagina niet is gevonden op het systeem.
 
  Date: 2014-08-06 19:37:19.647
  Description: De integriteit van de kopie voor het bestand \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys kan niet worden geverifieerd omdat de reeks kopie-hashes per pagina niet is gevonden op het systeem.
 
  Date: 2014-08-06 19:37:19.335
  Description: De integriteit van de kopie voor het bestand \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys kan niet worden geverifieerd omdat de reeks kopie-hashes per pagina niet is gevonden op het systeem.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 80%
Total physical RAM: 3325.45 MB
Available physical RAM: 644.19 MB
Total Pagefile: 6843.88 MB
Available Pagefile: 3406.36 MB
Total Virtual: 2047.88 MB
Available Virtual: 1912.01 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:288.04 GB) (Free:38.23 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:6.2 GB) NTFS
Drive m: (My Passport) (Fixed) (Total:465.73 GB) (Free:50.01 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298 GB) (Disk ID: 40000000)
Partition 1: (Not Active) - (Size=55 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=288 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 466 GB) (Disk ID: 0007526A)
Partition 1: (Not Active) - (Size=466 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
Link to post
Share on other sites

Hi,

you know that your computer was infected with ZeroAccess. All passwords should be changed to include those used for banking, email, eBay, paypal and online forums from a CLEAN COMPUTER. Banking and credit card institutions should be notified of the possible security breach.

Please download combofix.pngCombofix (by sUBs) and save it to your Desktop.

  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start Combofix.exe and follow its instructions.
  • Do not use the computer while the scan is running. This may cause the program to stall.
  • When finished, a log file will be displayed (that can also be found at C:\Combofix.txt).

    Please copy and paste the contents of this file into your next post.

Note: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." after the scan, just restart the computer.

(You can find more detailed instructions in this guide on using Combofix.)

Link to post
Share on other sites

log file Combofix:

 

ComboFix 14-08-06.02 - Bekker 06-08-2014  22:01:45.1.2 - x86

Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.31.1043.18.3325.1852 [GMT 2:00]
Gestart vanuit: c:\users\Bekker\Downloads\ComboFix.exe
AV: McAfee Antivirus en antispyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee Antivirus en antispyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((   Andere Verwijderingen   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\sleep.exe
c:\users\Bekker\AppData\Local\assembly\tmp
c:\users\Bekker\AppData\Roaming\.#
c:\users\Bekker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Videos.url
c:\users\Bekker\Documents\~WRL0005.tmp
c:\users\Bekker\Documents\~WRL1380.tmp
c:\users\Bekker\Documents\~WRL1637.tmp
c:\users\Bekker\Documents\~WRL2569.tmp
c:\users\Bekker\Favorites\bookmarks.html
c:\windows\system32\drivers\etc\hosts.txt
c:\windows\system32\windrv.sys
c:\windows\wininit.ini
M:\install.exe
.
.
((((((((((((((((((((   Bestanden Gemaakt van 2014-07-06 to 2014-08-06  ))))))))))))))))))))))))))))))
.
.
2014-08-06 20:12 . 2014-08-06 20:12 -------- d-----w- c:\users\Bekker\AppData\Local\temp
2014-08-06 15:10 . 2014-08-06 18:21 -------- d-----w- C:\FRST
2014-08-06 14:46 . 2014-07-14 02:12 8217224 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{05E03334-C2E6-40A3-A60F-E9384A294BE4}\mpengine.dll
2014-08-04 16:12 . 2014-08-04 16:12 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\CrashDumps
2014-08-04 12:48 . 2014-08-04 12:48 29160 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2014-08-04 12:47 . 2014-08-04 12:48 -------- d-----w- c:\programdata\RogueKiller
2014-08-04 12:04 . 2014-08-04 12:04 -------- d-----w- c:\users\Bekker\AppData\Roaming\FixZeroAccess
2014-08-04 12:04 . 2014-08-04 12:04 35752 ----a-w- c:\windows\system32\drivers\FixZeroAccess.sys
2014-07-25 20:14 . 2014-07-25 20:15 -------- d-----w- c:\users\Bekker\AppData\Roaming\Equalify
2014-07-25 20:04 . 2014-08-01 15:57 -------- d-----w- c:\users\Bekker\AppData\Local\Spotify
2014-07-25 20:04 . 2014-08-03 23:13 -------- d-----w- c:\users\Bekker\AppData\Roaming\Spotify
2014-07-20 16:12 . 2014-07-20 16:12 -------- d-----w- c:\users\Bekker\AppData\Roaming\McAfee
2014-07-19 20:21 . 2014-04-25 15:44 137000 ----a-w- c:\windows\system32\MSMAPI32.OCX
2014-07-19 20:20 . 2014-04-25 15:44 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
2014-07-16 15:52 . 2014-07-19 19:45 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((   Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-04 15:07 . 2014-06-28 12:28 113880 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-08-04 15:03 . 2014-06-28 12:23 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-07-09 07:22 . 2012-05-09 14:10 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-07-09 07:22 . 2012-05-09 14:10 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-06-20 09:21 . 2014-02-08 17:09 62832 ----a-w- c:\windows\system32\drivers\cfwids.sys
2014-06-20 09:13 . 2012-05-03 08:27 217224 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2014-06-20 09:13 . 2011-03-17 08:39 179600 ----a-w- c:\windows\system32\mfevtps.exe
2014-06-20 09:07 . 2007-12-16 19:19 576048 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2014-06-20 09:05 . 2014-06-20 09:05 369248 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2014-06-20 09:04 . 2014-02-08 17:09 67816 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2014-06-20 09:03 . 2014-02-08 17:09 238176 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2014-06-20 09:02 . 2011-03-17 08:39 135968 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2014-06-18 01:11 . 2014-06-18 01:11 10600 ----a-w- c:\windows\system32\drivers\mfeclnrk.sys
2014-06-18 01:10 . 2014-06-18 01:10 81296 ----a-w- c:\windows\system32\drivers\mfencrk.sys
2014-06-18 01:10 . 2014-06-18 01:10 349192 ----a-w- c:\windows\system32\drivers\mfencbdc.sys
2014-05-12 05:26 . 2014-06-28 12:23 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-05-12 05:25 . 2014-06-28 12:23 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Opstartpunten   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Sony PC Companion"="c:\program files\Sony\Sony PC Companion\PCCompanion.exe" [2014-05-23 466656]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"MCShield Monitor"="c:\program files\MCShield\mcshieldrtm.exe" [2014-04-11 650816]
"Spotify Web Helper"="c:\users\Bekker\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-07-25 1178168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184]
"DT PLP"="c:\program files\Common Files\Portrait Displays\Shared\DT_startup.exe" [2012-09-18 120728]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2012-06-11 10996368]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2014-04-25 517392]
"mcpltui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2014-04-25 517392]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-07-11 256896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ   autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Secunia PSI Tray.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
backup=c:\windows\pss\Secunia PSI Tray.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Bekker^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk]
backup=c:\windows\pss\Adobe Gamma.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Bekker^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Need for Speed™ Undercover Registration.lnk]
backup=c:\windows\pss\Need for Speed™ Undercover Registration.lnk.Startup
backupExtension=.Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-11-21 16:57 959904 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2012-04-04 05:09 446392 ----a-w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS6ServiceManager]
2012-03-09 15:26 1073312 ----a-w- c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CyberGhost]
2014-01-16 16:03 358000 ----a-w- c:\program files\CyberGhost 5\CyberGhost.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-08-02 07:33 4910912 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXMediaServer]
2013-12-23 04:16 450560 ----a-w- c:\program files\DivX\DivX Media Server\DivXMediaServer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2013-11-15 00:48 1861968 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverMax]
2013-08-12 11:39 7292416 ----a-w- c:\program files\Innovative Solutions\DriverMax\drivermax.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverMax_RESTART]
2013-08-12 11:39 7292416 ----a-w- c:\program files\Innovative Solutions\DriverMax\drivermax.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-09-24 23:05 136176 ----atw- c:\users\Bekker\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2006-10-03 11:37 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2009-10-14 11:36 2793304 ----a-w- c:\program files\Logitech\Logitech WebCam Software\LWS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2011-06-16 05:55 6276408 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
2008-04-01 01:54 507904 ----a-w- c:\program files\Winamp Remote\bin\OrbTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PivotSoftware]
2010-05-13 15:34 110192 ----a-w- c:\program files\Portrait Displays\Pivot Pro Plugin\pivot_Startup.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify]
2014-07-25 20:04 6162488 ----a-w- c:\users\Bekker\AppData\Roaming\Spotify\spotify.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper]
2014-07-25 20:04 1178168 ----a-w- c:\users\Bekker\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2006-11-10 12:35 90112 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2012-10-07 13:15 1353080 ----a-w- c:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2009-07-01 16:37 37888 ----a-w- c:\program files\Winamp\winampa.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\users\Bekker\AppData\Local\Google\Update\GoogleUpdate.exe" /c
"SansaDispatch"=c:\users\Bekker\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
"EPSON SX420W Series"=c:\windows\system32\spool\DRIVERS\W32X86\3\E_FATIGCE.EXE /FU "c:\windows\TEMP\E_S4E40.tmp" /EF "HKCU"
"EPSON2E7622 (Epson Stylus SX420W)"=c:\windows\system32\spool\DRIVERS\W32X86\3\E_FATIGCE.EXE /FU "c:\windows\TEMP\E_S60D6.tmp" /EF "HKCU"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSrv.exe [2009-11-17 87968]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ   BthServ
WindowsMobile REG_MULTI_SZ   wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ   WcesComm RapiMgr
LocalServiceAndNoImpersonation REG_MULTI_SZ   FontCache
.
Inhoud van de 'Gedeelde Taken' map
.
2014-08-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-09 07:22]
.
2014-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore1ce549fea675415.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-07 07:57]
.
2014-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cf6b82f6ad609a.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-07 07:57]
.
2014-08-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2418620012-3055082709-3329518089-1000Core.job
- c:\users\Bekker\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-24 23:05]
.
2014-08-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2418620012-3055082709-3329518089-1000UA1cf8c9f3d2ae526.job
- c:\users\Bekker\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-24 23:05]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://igoogle.com/
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Free YouTube Download - c:\users\Bekker\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
Trusted Zone: dell.com
TCP: DhcpNameServer = 192.168.2.254
DPF: {DC8B04D7-DFBE-46B4-BAB6-61981E896C64} - hxxp://www.virtuocity.eu/download/v223/virtuocity.cab
FF - ProfilePath - c:\users\Bekker\AppData\Roaming\Mozilla\Firefox\Profiles\idsqbua3.default-1365275137464\
FF - prefs.js: browser.startup.homepage - igoogle.com
.
- - - - ORPHANS VERWIJDERD - - - -
.
HKCU-Run-DriverMax_RESTART - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-Adobe_ID0EYTHM - c:\progra~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
MSConfigStartUp-SDTray - c:\program files\Spybot - Search & Destroy 2\SDTray.exe
MSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe
AddRemove-ESET Online Scanner - c:\program files\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
AddRemove-Streamripper - c:\program files\Streamripper\Uninstall.exe
AddRemove-Octoshape add-in for Adobe Flash Player - c:\users\Bekker\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-08-06 22:12
Windows 6.0.6002 Service Pack 2 NTFS
.
scannen van verborgen processen ... 
.
scannen van verborgen autostart items ... 
.
scannen van verborgen bestanden ... 
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCDSRVC{E9D79540-57D5953E-06020200}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc.pkms"
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Voltooingstijd: 2014-08-06  22:16:39
ComboFix-quarantined-files.txt  2014-08-06 20:16
.
Pre-Run: 40.982.188.032 bytes beschikbaar
Post-Run: 41.330.077.696 bytes beschikbaar
.
- - End Of File - - 13D8FA102E99E2DB8DA7E68D43E225A3
5C616939100B85E558DA92B899A0FC36
Link to post
Share on other sites

Hi,

Let's do a final check up:

Step 1

Scan with  mbam.png Malwarebytes Anti-Malware.

  • Please open Malwarebytes Anti-Malware.
  • Please update the database by clicking on the "Update Now" button.
  • Following the update and click "Settings" and go to "Detection and Protection"
  • Make sure "Scan for Rootkits" is checked.
  • Click on Dashboard, then click on Scan Now to start the scan.
    (If Malware or Potentially Unwanted Programs [PUPs] are found, you will receive a prompt so that you can decide what you want to do. I suggest "Quarantine". Click the button: Apply All Actions.)
  • A window with an option to view the detailed log will appear. Click on "View Detailed Log".
  • After viewing the results, please click on the "Copy to Clipboard" button and then OK.
  • Return to our forum. Paste your log into your next reply.

Step 2


Please download the eset.pngESET Online Scanner and save it to your Desktop.

  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start esetsmartinstaller_enu.exe with administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log file is created at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
    Copy and paste the content of this log file in your next reply.

Note: Do not forget to re-enable your antivirus application after running the above scan!

Step 3

frst.pngfrstscan.png

Start FRST with administator privileges.

  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.

Step 4
Please download fss.pngFarbar Service Scanner and run it on the computer with the issue.

  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.
Link to post
Share on other sites

The mbam log file:

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scandatum: 8-8-2014
Scantijd: 16:03:44
Logbestand: mbam-log-2014-08-08.txt
Beheerder: Ja
 
Versie: 2.00.2.1012
Malwaredatabase: v2014.08.08.02
Rootkitdatabase: v2014.08.04.01
Licentie: Gratis
Malwarebescherming: Uitgeschakeld
Kwaadaardige Website Bescherming: Uitgeschakeld
Self-protection: Uitgeschakeld
 
Besturingssysteem: Windows Vista Service Pack 2
Processor: x86
Bestandssysteem: NTFS
Gebruiker: Bekker
 
Scantype: Bedreigingsscan
Resultaat: Voltooid
Objecten Gescand: 424943
Verstreken Tijd: 25 m, 15 s
 
Geheugen: Ingeschakeld
Opstarten: Ingeschakeld
Bestandssysteem: Ingeschakeld
Archieven: Ingeschakeld
Rootkits: Ingeschakeld
Diepgewortelde-Rootkit Scan: Ingeschakeld
Heuristics: Ingeschakeld
POP: Waarschuwen
POA: Ingeschakeld
 
Processen: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registersleutels: 0
(No malicious items detected)
 
Registerwaardes: 0
(No malicious items detected)
 
Registerdata: 0
(No malicious items detected)
 
Mappen: 0
(No malicious items detected)
 
Bestanden: 0
(No malicious items detected)
 
Fysieke Sectoren: 0
(No malicious items detected)
 
 
(end)
 
Eset and the others will follow later.
Link to post
Share on other sites

The ESET log file:

 

ESETSmartInstaller@High as downloader log:

all ok

# product=EOS

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.7623

# api_version=3.0.2

# EOSSerial=76f565039610c144ab18f23069462042

# engine=19572

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2014-08-09 04:58:18

# local_time=2014-08-09 06:58:18 (+0100, West-Europa (zomertijd))

# country="Netherlands"

# lang=1033

# osver=6.0.6002 NT Service Pack 2

# compatibility_mode_1='McAfee Anti-Virus and Anti-Spyware'

# compatibility_mode=5123 16777214 100 100 1014034 93978914 0 0

# compatibility_mode_1=''

# compatibility_mode=5892 16776573 100 100 55521 245093026 0 0

# scanned=465344

# found=2

# cleaned=0

# scan_time=16085

sh=F90B3223684DEAAE59E0D371CCA318834695FEBE ft=1 fh=e2bb850c8e277c01 vn="a variant of Win32/RemoteAdmin.RemoteExec.AA potentially unsafe application" ac=I fn="C:\Program Files\SIW\siw.exe"

sh=38AC47BDF9BAE0169E707BBF8855088CF3E25C77 ft=1 fh=63abf06912167df6 vn="a variant of Win32/RemoteAdmin.RemoteExec.AA potentially unsafe application" ac=I fn="C:\Users\Bekker\Downloads\siw.exe"

Link to post
Share on other sites

FRST.txt:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:5-08-2014

Ran by Bekker (administrator) on PC_VAN_BEKKER on 09-08-2014 15:03:04
Running from C:\Users\Bekker\Downloads
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: Nederlands (Nederland)
Internet Explorer Version 9
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
(Portrait Displays, Inc.) C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE
(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Portrait Displays, Inc.) C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(CyberGhost S.R.L) C:\Program Files\CyberGhost 5\Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Sony) C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe
(MyCity) C:\Program Files\MCShield\MCShieldRTM.exe
(Spotify Ltd) C:\Users\Bekker\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Portrait Displays, Inc) C:\Program Files\Philips Display\SmartControl\dthtml.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
() C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe
(Portrait Displays Inc.) C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
() C:\Program Files\Common Files\Portrait Displays\Plugins\DP\DPHelper.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Microsoft Corporation) C:\Windows\System32\sdclt.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Google Inc.) C:\Users\Bekker\AppData\Local\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Google Inc.) C:\Users\Bekker\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Bekker\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Bekker\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Bekker\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Bekker\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Bekker\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Bekker\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Bekker\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Bekker\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Bekker\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Bekker\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Bekker\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Bekker\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Bekker\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Bekker\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\McChHost.exe
(McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\saUI.exe
(Google Inc.) C:\Users\Bekker\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Bekker\AppData\Local\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKU\S-1-5-21-2418620012-3055082709-3329518089-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-2418620012-3055082709-3329518089-1000\...\Run: [sony PC Companion] => C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe [466656 2014-05-23] (Sony)
HKU\S-1-5-21-2418620012-3055082709-3329518089-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-2418620012-3055082709-3329518089-1000\...\Run: [MCShield Monitor] => C:\Program Files\MCShield\mcshieldrtm.exe [650816 2014-04-11] (MyCity)
HKU\S-1-5-21-2418620012-3055082709-3329518089-1000\...\Run: [spotify Web Helper] => C:\Users\Bekker\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1178168 2014-07-25] (Spotify Ltd)
BootExecute: autocheck autochk * sdnclean.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://igoogle.com/
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO: CBrowserHelperObject Object -> {CA6319C0-31B7-401E-A518-A07C3DB8F777} -> C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {4E7BD74F-2B8D-469E-9FA5-A33DE8DBE931} -  No File
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail.com/mail/w2/resources/VistaMSNPUpldnl-nl.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} http://www.opentopia.com/support/activex/AxisCamControl.cab
DPF: {DC8B04D7-DFBE-46B4-BAB6-61981E896C64} http://www.virtuocity.eu/download/v223/virtuocity.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.254
 
FireFox:
========
FF ProfilePath: C:\Users\Bekker\AppData\Roaming\Mozilla\Firefox\Profiles\idsqbua3.default-1365275137464
FF Homepage: igoogle.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll No File
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @mcafee.com/MVT -> C:\Program Files\McAfee\Supportability\MVT\NPMVTPlugin.dll (McAfee, Inc.)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @3dmapview.myvr-software.com/myvrnpapi,version=1.007 - C:\Users\Bekker\AppData\Local\myVRnpapi\npmyvr.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Bekker\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Bekker\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npOggX.dll (ESKA)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPTURNMED.dll (CNN)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\bolcom-nl.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\marktplaats-nl.xml
FF Extension: No Name - C:\Users\Bekker\AppData\Roaming\Mozilla\Firefox\Profiles\idsqbua3.default-1365275137464\Extensions\staged [2014-08-06]
FF Extension: DownloadHelper - C:\Users\Bekker\AppData\Roaming\Mozilla\Firefox\Profiles\idsqbua3.default-1365275137464\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-28]
FF Extension: Flash and Video Download - C:\Users\Bekker\AppData\Roaming\Mozilla\Firefox\Profiles\idsqbua3.default-1365275137464\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}(104) [2013-04-11]
FF Extension: Gmail Notifier (restartless) - C:\Users\Bekker\AppData\Roaming\Mozilla\Firefox\Profiles\idsqbua3.default-1365275137464\Extensions\jid0-GjwrPchS3Ugt7xydvqVK4DQk8Ls@jetpack.xpi [2013-04-06]
FF Extension: NotAwesome - C:\Users\Bekker\AppData\Roaming\Mozilla\Firefox\Profiles\idsqbua3.default-1365275137464\Extensions\notawesome@sidstamm.com.xpi [2013-04-06]
FF Extension: FastestFox - C:\Users\Bekker\AppData\Roaming\Mozilla\Firefox\Profiles\idsqbua3.default-1365275137464\Extensions\smarterwiki@wikiatic.com.xpi [2013-04-06]
FF Extension: Turn Off the Lights - C:\Users\Bekker\AppData\Roaming\Mozilla\Firefox\Profiles\idsqbua3.default-1365275137464\Extensions\stefanvandamme@stefanvd.net.xpi [2013-10-13]
FF Extension: Test Pilot - C:\Users\Bekker\AppData\Roaming\Mozilla\Firefox\Profiles\idsqbua3.default-1365275137464\Extensions\testpilot@labs.mozilla.com.xpi [2013-04-06]
FF Extension: Troubleshooter - C:\Users\Bekker\AppData\Roaming\Mozilla\Firefox\Profiles\idsqbua3.default-1365275137464\Extensions\troubleshooter@mozilla.org.xpi [2013-04-06]
FF Extension: Session Manager - C:\Users\Bekker\AppData\Roaming\Mozilla\Firefox\Profiles\idsqbua3.default-1365275137464\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2013-04-06]
FF Extension: AVG PrivacyFix - C:\Users\Bekker\AppData\Roaming\Mozilla\Firefox\Profiles\idsqbua3.default-1365275137464\Extensions\{7CA9CF31-1C73-46CD-8377-85AB71EA771F}.xpi [2013-04-06]
FF Extension: Adblock Plus - C:\Users\Bekker\AppData\Roaming\Mozilla\Firefox\Profiles\idsqbua3.default-1365275137464\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-04-06]
FF Extension: ParentalControl Bar - C:\Program Files\Mozilla Firefox\extensions\{B56F37F8-7023-4c2b-B27E-815594CA64E7} [2013-08-17]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-02-07]
FF HKLM\...\Firefox\Extensions: [fmconverter@gmail.com] - C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox
FF Extension: Freemake Video Converter Plugin - C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox [2012-10-06]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files\McAfee\SiteAdvisor [2014-02-08]
 
Chrome: 
=======
CHR HomePage: hxxp://www.netvibes.com/
CHR StartupUrls: "hxxp://igoogle.com/"
CHR Plugin: (Shockwave Flash) - C:\Users\Bekker\AppData\Local\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Bekker\AppData\Local\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Bekker\AppData\Local\Google\Chrome\Application\36.0.1985.125\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (DivX Player Netscape Plugin) - C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)
CHR Plugin: (Ogg Player Gecko Plugin) - C:\Program Files\Mozilla Firefox\plugins\npOggX.dll (ESKA)
CHR Plugin: (Turner Media Plugin 1.0.0.10) - C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll (CNN)
CHR Plugin: (thriXXX WebLaunch) - C:\Program Files\Mozilla Firefox\plugins\npWebLaunch.dll No File
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll No File
CHR Plugin: (Picasa) - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java Platform SE 7 U17) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (myVR 3D Framework) - C:\Users\Bekker\AppData\Local\myVRnpapi\npmyvr.dll ()
CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.170.2) - C:\Windows\system32\npDeployJava1.dll No File
CHR Plugin: (McAfee SecurityCenter) - c:\progra~1\mcafee\msc\npmcsn~1.dll ()
CHR Extension: (TooManyTabs for Chrome) - C:\Users\Bekker\AppData\Local\Google\Chrome\User Data\Default\Extensions\amigcgbheognjmfkaieeeadojiibgbdp [2012-04-03]
CHR Extension: (Turn Off the Lights) - C:\Users\Bekker\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn [2013-10-13]
CHR Extension: (YouTube) - C:\Users\Bekker\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-02]
CHR Extension: (Chrome YouTube Downloader) - C:\Users\Bekker\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbdjiinahkdjdcdlgfimlcolkjpbooja [2014-06-07]
CHR Extension: (Adblock Plus) - C:\Users\Bekker\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-02-14]
CHR Extension: (Google Zoeken) - C:\Users\Bekker\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-03]
CHR Extension: (Disable Youtube™ HTML5 Player) - C:\Users\Bekker\AppData\Local\Google\Chrome\User Data\Default\Extensions\enmofgaijnbjpblfljopnpdogpldapoc [2014-06-13]
CHR Extension: (SiteAdvisor) - C:\Users\Bekker\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2014-02-09]
CHR Extension: (Hola Beter Internet) - C:\Users\Bekker\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2014-06-13]
CHR Extension: (Tate Art Slideshow) - C:\Users\Bekker\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgfbniacchiboaeoaoaejhggfepbbmkj [2011-09-25]
CHR Extension: (Allow Right-Click) - C:\Users\Bekker\AppData\Local\Google\Chrome\User Data\Default\Extensions\hompjdfbfmmmgflfjdlnkohcplmboaeo [2013-11-17]
CHR Extension: (Google Maps) - C:\Users\Bekker\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2013-11-02]
CHR Extension: (Into The Mist) - C:\Users\Bekker\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgihmkgobaljfehcadcckdggpeojaadh [2013-12-22]
CHR Extension: (Google Mail Checker) - C:\Users\Bekker\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2013-11-02]
CHR Extension: (Google Play Books) - C:\Users\Bekker\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmimngoggfoobjdlefbcabngfnmieonb [2011-09-25]
CHR Extension: (Google Wallet) - C:\Users\Bekker\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Gmail) - C:\Users\Bekker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-27]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx [2014-02-08]
CHR StartMenuInternet: Google Chrome - C:\Users\Bekker\AppData\Local\Google\Chrome\Application\chrome.exe
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2008-05-29] (Adobe Systems) [File not signed]
R2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [64112 2014-01-16] (CyberGhost S.R.L)
R2 DTSRVC; C:\Program Files\Common Files\Portrait Displays\Shared\dtsrvc.exe [137112 2012-09-18] (Portrait Displays, Inc.)
R2 EPSON_EB_RPCV4_04; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE [153600 2009-09-14] (SEIKO EPSON CORPORATION) [File not signed]
R2 EPSON_PM_RPCV4_04; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE [121856 2009-09-14] (SEIKO EPSON CORPORATION) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2007-12-20] (Macrovision Europe Ltd.) [File not signed]
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [101888 2013-09-26] (Freemake) [File not signed]
R2 HomeNetSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [145568 2014-04-25] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [472072 2014-06-12] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [655936 2014-06-18] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [169800 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [179600 2014-06-20] (McAfee, Inc.)
R2 PdiService; C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe [117552 2012-04-16] (Portrait Displays, Inc.)
S4 RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [880640 2006-11-05] (Sonic Solutions) [File not signed]
S4 RoxWatch9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [159744 2006-11-05] (Sonic Solutions) [File not signed]
S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software)
S3 stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [73728 2006-09-14] (MicroVision Development, Inc.) [File not signed]
S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [237056 2010-09-08] (WDC) [File not signed]
S3 WDFME; C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [1034752 2010-09-08] () [File not signed]
S3 WDSC; C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [484352 2010-09-08] () [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [62832 2014-06-20] (McAfee, Inc.)
R2 cpuz132; C:\Windows\system32\drivers\cpuz132_x32.sys [12672 2009-03-27] (Windows ® Codename Longhorn DDK provider) [File not signed]
R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] () [File not signed]
S3 hwdatacard; C:\Windows\System32\DRIVERS\hwusbmdm.sys [88960 2006-04-07] (Huawei Technologies Co., Ltd.)
S3 LTXMD_VAC; C:\Windows\System32\drivers\lmvac.sys [18912 2008-06-30] (Windows ® Codename Longhorn DDK provider)
R3 LVPr2Mon; C:\Windows\System32\Drivers\LVPr2Mon.sys [25752 2009-10-07] ()
R3 LVUSBSta; C:\Windows\System32\drivers\LVUSBSta.sys [41504 2007-02-03] (Logitech Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [135968 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [238176 2014-06-20] (McAfee, Inc.)
S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [67816 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [369248 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [576048 2014-06-20] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [349192 2014-06-18] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [81296 2014-06-18] (McAfee, Inc.)
S3 mferkdk; C:\Windows\System32\drivers\mferkdk.sys [34248 2009-09-16] (McAfee, Inc.)
S3 mfesmfk; C:\Windows\System32\drivers\mfesmfk.sys [40552 2009-11-04] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [217224 2014-06-20] (McAfee, Inc.)
R2 npf; C:\Windows\System32\drivers\npf.sys [50704 2010-01-27] (CACE Technologies, Inc.)
S3 PCAudi; C:\Windows\System32\drivers\pcaudi.sys [48640 2012-07-09] (Windows ® Win 7 DDK provider) [File not signed]
R3 PdiPorts; C:\Windows\System32\Drivers\PdiPorts.sys [17328 2012-04-16] (Portrait Displays, Inc.)
R3 pepifilter; C:\Windows\System32\DRIVERS\lv302af.sys [13976 2009-04-30] (Logitech Inc.)
R3 PID_PEPI; C:\Windows\System32\DRIVERS\LV302V32.SYS [2687512 2009-04-30] (Logitech Inc.)
S3 PSSDK42; C:\Windows\system32\Drivers\pssdk42.sys [38976 2013-03-19] (microOLAP Technologies LTD)
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [45968 2011-11-03] (Rovi Corporation)
R1 SCDEmu; C:\Windows\system32\Drivers\SCDEmu.sys [33052 2007-08-07] (PowerISO Computing, Inc.) [File not signed]
R0 speedfan; C:\Windows\System32\speedfan.sys [25240 2011-03-18] (Almico Software)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [443448 2011-08-08] () [File not signed]
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project)
U3 aoqzpgyc; C:\Windows\system32\Drivers\aoqzpgyc.sys [0 ] (Microsoft Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)
S1 ASPI32; No ImagePath
S0 bdwfx; System32\drivers\vfgj.sys [X]
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 catchme; \??\C:\Users\Bekker\AppData\Local\Temp\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 PCDSRVC{E9D79540-57D5953E-06020200}_0; \??\c:\program files\dell support center\pcdsrvc.pkms [X]
S3 TuneUpUtilitiesDrv; \??\C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys [X]
U3 ay7c64jx; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-09 15:03 - 2014-08-09 15:05 - 00029331 _____ () C:\Users\Bekker\Downloads\FRST.txt
2014-08-09 01:32 - 2014-08-09 01:33 - 02347384 _____ (ESET) C:\Users\Bekker\Downloads\esetsmartinstaller_enu (1).exe
2014-08-09 00:23 - 2014-08-09 01:14 - 00000072 _____ () C:\Users\Bekker\Desktop\Nieuw tekstdocument.txt
2014-08-06 22:16 - 2014-08-06 22:16 - 00019081 _____ () C:\ComboFix.txt
2014-08-06 21:58 - 2014-08-06 22:16 - 00000000 ____D () C:\ComboFix
2014-08-06 21:58 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-08-06 21:58 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-08-06 21:58 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-08-06 21:58 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-08-06 21:58 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-08-06 21:58 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-08-06 21:58 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-08-06 21:58 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-08-06 21:55 - 2014-08-06 22:16 - 00000000 ____D () C:\Qoobox
2014-08-06 21:54 - 2014-08-06 22:14 - 00000000 ____D () C:\Windows\erdnt
2014-08-06 21:39 - 2014-08-06 21:39 - 05568206 ____R (Swearware) C:\Users\Bekker\Downloads\ComboFix.exe
2014-08-06 19:35 - 2014-08-06 19:36 - 00143208 _____ () C:\Windows\Minidump\Mini080614-01.dmp
2014-08-06 19:35 - 2014-08-06 19:35 - 283180701 _____ () C:\Windows\MEMORY.DMP
2014-08-06 17:10 - 2014-08-09 15:03 - 00000000 ____D () C:\FRST
2014-08-06 17:09 - 2014-08-06 17:10 - 01084928 _____ (Farbar) C:\Users\Bekker\Downloads\FRST.exe
2014-08-04 18:07 - 2014-08-04 18:07 - 02319191 _____ () C:\Users\Bekker\Desktop\bookmarks04-08-2014.html
2014-08-04 17:00 - 2014-08-04 17:01 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Bekker\Downloads\mbar-1.07.0.1012.exe
2014-08-04 16:51 - 2014-08-04 16:51 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Bekker\Downloads\TDSSKiller.exe
2014-08-04 16:45 - 2014-08-04 16:47 - 01361309 _____ () C:\Users\Bekker\Downloads\adwcleaner_3.302.exe
2014-08-04 14:48 - 2014-08-04 14:48 - 00029160 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-08-04 14:47 - 2014-08-04 14:48 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-08-04 14:45 - 2014-08-04 14:45 - 04806744 _____ () C:\Users\Bekker\Downloads\RogueKiller.exe
2014-08-04 14:04 - 2014-08-04 14:04 - 00035752 _____ (Symantec Corporation) C:\Windows\system32\Drivers\FixZeroAccess.sys
2014-08-04 14:04 - 2014-08-04 14:04 - 00000000 ____D () C:\Users\Bekker\AppData\Roaming\FixZeroAccess
2014-08-03 21:50 - 2014-08-08 15:20 - 00005068 _____ () C:\Windows\PFRO.log
2014-08-03 20:13 - 2014-08-03 20:16 - 00000000 ____D () C:\Users\Bekker\AppData\Roaming\FlashStreamHunter
2014-07-25 22:14 - 2014-07-25 22:15 - 00000000 ____D () C:\Users\Bekker\AppData\Roaming\Equalify
2014-07-25 22:04 - 2014-08-04 01:13 - 00000000 ____D () C:\Users\Bekker\AppData\Roaming\Spotify
2014-07-25 22:04 - 2014-08-01 17:57 - 00000000 ____D () C:\Users\Bekker\AppData\Local\Spotify
2014-07-25 22:04 - 2014-07-25 22:04 - 00001718 _____ () C:\Users\Bekker\Desktop\Spotify.lnk
2014-07-25 22:04 - 2014-07-25 22:04 - 00001704 _____ () C:\Users\Bekker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2014-07-23 21:12 - 2014-07-26 00:27 - 00000000 ____D () C:\Users\Bekker\Desktop\23-07-2014
2014-07-20 18:12 - 2014-07-20 18:12 - 00000000 ____D () C:\Users\Bekker\AppData\Roaming\McAfee
2014-07-20 18:08 - 2014-07-20 18:09 - 00541592 _____ (McAfee, Inc.) C:\Users\Bekker\Downloads\MVTInstaller.exe
2014-07-20 17:15 - 2014-08-08 22:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-07-19 22:21 - 2014-07-19 22:21 - 00000830 _____ () C:\Users\Public\Desktop\PDFCreator.lnk
2014-07-19 22:21 - 2014-07-19 22:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
2014-07-19 22:21 - 2014-04-25 17:44 - 00137000 _____ (Microsoft Corporation) C:\Windows\system32\MSMAPI32.OCX
2014-07-19 22:20 - 2014-04-25 17:44 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\MSMPIDE.DLL
2014-07-19 21:46 - 2014-07-19 21:45 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-07-19 21:45 - 2014-07-19 21:45 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-07-19 21:45 - 2014-07-19 21:45 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-07-19 21:45 - 2014-07-19 21:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-16 17:53 - 2014-07-16 17:55 - 29420456 _____ (Oracle Corporation) C:\Users\Bekker\Downloads\jre-7u65-windows-i586.exe
2014-07-16 17:52 - 2014-07-19 21:45 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-07-10 10:16 - 2014-06-07 02:19 - 02051072 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-10 10:16 - 2014-06-07 02:05 - 12353024 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-10 10:16 - 2014-06-07 01:25 - 09711616 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-10 10:16 - 2014-06-07 01:12 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-10 10:16 - 2014-06-07 01:04 - 01106432 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-10 10:16 - 2014-06-07 01:03 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-10 10:16 - 2014-06-07 01:02 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-10 10:16 - 2014-06-07 01:00 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-07-10 10:16 - 2014-06-07 00:58 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-10 10:16 - 2014-06-07 00:57 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-10 10:16 - 2014-06-07 00:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-07-10 10:16 - 2014-06-07 00:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-10 10:16 - 2014-06-07 00:54 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-10 10:16 - 2014-06-07 00:54 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-10 10:16 - 2014-06-07 00:54 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-10 10:16 - 2014-06-07 00:54 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-07-10 10:16 - 2014-06-07 00:53 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-10 10:16 - 2014-06-07 00:53 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-10 10:16 - 2014-06-07 00:53 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-07-10 10:16 - 2014-06-07 00:52 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-10 10:16 - 2014-06-07 00:51 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-07-10 10:16 - 2014-06-07 00:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-10 10:16 - 2014-06-06 10:59 - 00506880 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-10 10:16 - 2014-05-30 08:53 - 00273408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-09 15:05 - 2014-08-09 15:03 - 00029331 _____ () C:\Users\Bekker\Downloads\FRST.txt
2014-08-09 15:03 - 2014-08-06 17:10 - 00000000 ____D () C:\FRST
2014-08-09 14:54 - 2014-06-20 17:49 - 00001070 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2418620012-3055082709-3329518089-1000UA1cf8c9f3d2ae526.job
2014-08-09 14:47 - 2014-05-09 14:34 - 00001046 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf6b82f6ad609a.job
2014-08-09 14:22 - 2012-05-09 16:10 - 00000940 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-09 13:21 - 2006-11-02 14:47 - 00003568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-09 13:21 - 2006-11-02 14:47 - 00003568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-09 12:07 - 2010-03-01 21:10 - 01073765 _____ () C:\Windows\WindowsUpdate.log
2014-08-09 01:33 - 2014-08-09 01:32 - 02347384 _____ (ESET) C:\Users\Bekker\Downloads\esetsmartinstaller_enu (1).exe
2014-08-09 01:33 - 2014-06-28 14:28 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-09 01:14 - 2014-08-09 00:23 - 00000072 _____ () C:\Users\Bekker\Desktop\Nieuw tekstdocument.txt
2014-08-08 23:47 - 2013-05-19 16:48 - 00001042 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1ce549fea675415.job
2014-08-08 22:32 - 2014-07-20 17:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-08-08 22:32 - 2014-02-08 19:11 - 00001709 _____ () C:\Users\Public\Desktop\McAfee AntiVirus Plus.lnk
2014-08-08 17:54 - 2011-09-25 01:05 - 00001018 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2418620012-3055082709-3329518089-1000Core.job
2014-08-08 15:55 - 2014-07-07 16:14 - 00000000 ____D () C:\ProgramData\MCShield
2014-08-08 15:24 - 2012-09-28 22:52 - 00001609 _____ () C:\Users\Bekker\Desktop\SmartControl.lnk
2014-08-08 15:20 - 2014-08-03 21:50 - 00005068 _____ () C:\Windows\PFRO.log
2014-08-08 15:20 - 2014-03-21 23:12 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-08-08 15:20 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-06 22:41 - 2007-12-06 01:40 - 00000012 _____ () C:\Windows\bthservsdp.dat
2014-08-06 22:41 - 2006-11-02 15:01 - 00032614 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-06 22:16 - 2014-08-06 22:16 - 00019081 _____ () C:\ComboFix.txt
2014-08-06 22:16 - 2014-08-06 21:58 - 00000000 ____D () C:\ComboFix
2014-08-06 22:16 - 2014-08-06 21:55 - 00000000 ____D () C:\Qoobox
2014-08-06 22:16 - 2006-11-02 13:18 - 00000000 __RHD () C:\Users\Default
2014-08-06 22:16 - 2006-11-02 13:18 - 00000000 ___RD () C:\Users\Public
2014-08-06 22:14 - 2014-08-06 21:54 - 00000000 ____D () C:\Windows\erdnt
2014-08-06 22:12 - 2006-11-02 12:23 - 00000215 _____ () C:\Windows\system.ini
2014-08-06 21:58 - 2008-02-27 12:48 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-08-06 21:39 - 2014-08-06 21:39 - 05568206 ____R (Swearware) C:\Users\Bekker\Downloads\ComboFix.exe
2014-08-06 19:36 - 2014-08-06 19:35 - 00143208 _____ () C:\Windows\Minidump\Mini080614-01.dmp
2014-08-06 19:35 - 2014-08-06 19:35 - 283180701 _____ () C:\Windows\MEMORY.DMP
2014-08-06 19:35 - 2008-06-29 01:30 - 00000000 ____D () C:\Windows\Minidump
2014-08-06 17:10 - 2014-08-06 17:09 - 01084928 _____ (Farbar) C:\Users\Bekker\Downloads\FRST.exe
2014-08-04 18:13 - 2012-03-18 15:47 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-08-04 18:10 - 2014-03-15 18:25 - 00000000 ____D () C:\AdwCleaner
2014-08-04 18:07 - 2014-08-04 18:07 - 02319191 _____ () C:\Users\Bekker\Desktop\bookmarks04-08-2014.html
2014-08-04 18:01 - 2014-03-16 18:14 - 00000000 ____D () C:\Users\Bekker\Desktop\mbar
2014-08-04 18:01 - 2014-03-15 16:19 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-08-04 17:03 - 2014-06-28 14:23 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-04 17:01 - 2014-08-04 17:00 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Bekker\Downloads\mbar-1.07.0.1012.exe
2014-08-04 16:51 - 2014-08-04 16:51 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Bekker\Downloads\TDSSKiller.exe
2014-08-04 16:47 - 2014-08-04 16:45 - 01361309 _____ () C:\Users\Bekker\Downloads\adwcleaner_3.302.exe
2014-08-04 14:48 - 2014-08-04 14:48 - 00029160 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-08-04 14:48 - 2014-08-04 14:47 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-08-04 14:45 - 2014-08-04 14:45 - 04806744 _____ () C:\Users\Bekker\Downloads\RogueKiller.exe
2014-08-04 14:37 - 2013-08-17 18:51 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-08-04 14:04 - 2014-08-04 14:04 - 00035752 _____ (Symantec Corporation) C:\Windows\system32\Drivers\FixZeroAccess.sys
2014-08-04 14:04 - 2014-08-04 14:04 - 00000000 ____D () C:\Users\Bekker\AppData\Roaming\FixZeroAccess
2014-08-04 01:13 - 2014-07-25 22:04 - 00000000 ____D () C:\Users\Bekker\AppData\Roaming\Spotify
2014-08-03 21:28 - 2011-08-31 20:06 - 00000000 ____D () C:\Program Files\PDFCreator
2014-08-03 21:27 - 2013-04-15 20:15 - 00000000 ____D () C:\Users\Bekker\dwhelper
2014-08-03 21:17 - 2010-11-06 18:58 - 00000806 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-08-03 21:17 - 2007-12-27 23:34 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-03 20:36 - 2014-01-24 21:02 - 00000000 ____D () C:\Program Files\rtmpdump-2.4
2014-08-03 20:16 - 2014-08-03 20:13 - 00000000 ____D () C:\Users\Bekker\AppData\Roaming\FlashStreamHunter
2014-08-01 17:57 - 2014-07-25 22:04 - 00000000 ____D () C:\Users\Bekker\AppData\Local\Spotify
2014-08-01 17:32 - 2014-03-29 23:13 - 00000000 ____D () C:\Users\Bekker\Documents\MassTube
2014-07-28 16:08 - 2007-12-19 16:47 - 00002611 _____ () C:\Users\Bekker\Desktop\Microsoft Word.lnk
2014-07-27 17:05 - 2010-02-08 22:52 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2014-07-26 00:27 - 2014-07-23 21:12 - 00000000 ____D () C:\Users\Bekker\Desktop\23-07-2014
2014-07-25 22:15 - 2014-07-25 22:14 - 00000000 ____D () C:\Users\Bekker\AppData\Roaming\Equalify
2014-07-25 22:04 - 2014-07-25 22:04 - 00001718 _____ () C:\Users\Bekker\Desktop\Spotify.lnk
2014-07-25 22:04 - 2014-07-25 22:04 - 00001704 _____ () C:\Users\Bekker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2014-07-25 21:04 - 2008-01-20 22:07 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-23 21:48 - 2010-06-04 15:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-21 16:56 - 2011-05-20 20:40 - 00135680 _____ () C:\Users\Bekker\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-07-20 18:12 - 2014-07-20 18:12 - 00000000 ____D () C:\Users\Bekker\AppData\Roaming\McAfee
2014-07-20 18:10 - 2010-02-08 22:52 - 00000000 ____D () C:\Program Files\McAfee
2014-07-20 18:10 - 2007-12-06 01:48 - 00000000 ____D () C:\ProgramData\McAfee
2014-07-20 18:09 - 2014-07-20 18:08 - 00541592 _____ (McAfee, Inc.) C:\Users\Bekker\Downloads\MVTInstaller.exe
2014-07-20 18:07 - 2011-09-25 01:06 - 00002069 _____ () C:\Users\Bekker\Desktop\Google Chrome.lnk
2014-07-19 22:21 - 2014-07-19 22:21 - 00000830 _____ () C:\Users\Public\Desktop\PDFCreator.lnk
2014-07-19 22:21 - 2014-07-19 22:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
2014-07-19 21:47 - 2013-10-06 22:08 - 00000000 ____D () C:\ProgramData\Oracle
2014-07-19 21:45 - 2014-07-19 21:46 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-07-19 21:45 - 2014-07-19 21:45 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-07-19 21:45 - 2014-07-19 21:45 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-07-19 21:45 - 2014-07-19 21:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-19 21:45 - 2014-07-16 17:52 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-07-19 14:56 - 2013-04-06 19:03 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-07-16 17:55 - 2014-07-16 17:53 - 29420456 _____ (Oracle Corporation) C:\Users\Bekker\Downloads\jre-7u65-windows-i586.exe
2014-07-16 17:52 - 2007-12-06 01:41 - 00000000 ____D () C:\Program Files\Java
2014-07-13 17:55 - 2010-11-06 18:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-07-13 17:55 - 2007-12-27 23:34 - 00000000 ____D () C:\Users\Bekker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-07-11 10:26 - 2013-01-20 15:32 - 00000236 _____ () C:\Users\Bekker\datacrow.properties
2014-07-10 18:23 - 2006-11-02 14:47 - 04021816 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-10 18:21 - 2006-11-02 14:37 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-10 11:44 - 2013-08-15 23:52 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-10 11:40 - 2006-11-02 12:24 - 93585272 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-08-09 03:29
 
==================== End Of Log ============================
Link to post
Share on other sites

Addition.txt:

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:5-08-2014

Ran by Bekker at 2014-08-09 15:08:51

Running from C:\Users\Bekker\Downloads

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: McAfee Antivirus en antispyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}

AS: McAfee Antivirus en antispyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

==================== Installed Programs ======================

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

 Sansa Media Converter (HKLM\...\{FC053571-8507-44E4-8B6D-AACEAB8CA57C}) (Version: 1.0-B4.256 - )

3D Sound Back Beta0.1 (HKLM\...\{39DB116F-E088-486F-B13C-8925ECE7A6E5}) (Version: 0.1 - Realtek Semiconductor Corp.)

7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )

Aan de slag met Dell (HKLM\...\{2C086D06-187A-4050-ADD4-2F9D033651B4}) (Version: 1.00.0000 - Dell Inc.)

AChat 1.12 (HKLM\...\AChat_is1) (Version:  - AChat Animation Studios)

Adobe Creative Suite 6 Master Collection (HKLM\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)

Adobe Digital Editions 3.0 (HKLM\...\Adobe Digital Editions 3.0) (Version: 3.0 - Adobe Systems Incorporated)

Adobe ExtendScript Toolkit 2 (HKLM\...\Adobe_3e054d2218e7aa282c2369d939e58ff) (Version: 2.0.2 - Adobe Systems Incorporated)

Adobe ExtendScript Toolkit 2 (Version: 2.0.2 - Adobe Systems Incorporated) Hidden

Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)

Adobe Help Manager (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)

Adobe Help Manager (Version: 4.0.244 - Adobe Systems Incorporated) Hidden

Adobe Reader X (10.1.10) - Nederlands (HKLM\...\{AC76BA86-7AD7-1043-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)

Adobe Setup (Version: 1.0 - Adobe Systems Incorporated) Hidden

Adobe SVG Viewer 3.0 (HKLM\...\Adobe SVG Viewer) (Version:  3.0 - )

Adobe Widget Browser (HKLM\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.)

Adobe Widget Browser (Version: 2.0.348 - Adobe Systems Incorporated.) Hidden

Amazon Kindle (HKCU\...\Amazon Kindle) (Version:  - Amazon)

Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

Astrospiegel Win (HKLM\...\ST5UNST #1) (Version:  - )

ATI Catalyst Control Center (HKLM\...\{055EE59D-217B-43A7-ABFF-507B966405D8}) (Version: 2.007.0731.2233 - )

ATI Catalyst Install Manager (HKLM\...\{5968F27A-66E6-171E-5311-0A74D74AAD9B}) (Version: 3.0.812.0 - ATI Technologies, Inc.)

Audacity 1.3.5 (Unicode) (HKLM\...\Audacity 1.3 Beta (Unicode)_is1) (Version:  - Audacity Team)

Avi2Dvd 0.4.5 beta (HKLM\...\Avi2Dvd) (Version: 0.4.5 beta - TrustFm)

AviSynth 2.5 (HKLM\...\AviSynth) (Version:  - )

bl (Version: 1.0.0 - Your Company Name) Hidden

Browser Address Error Redirector (HKLM\...\{62230596-37E5-4618-A329-0D21F529A86F}) (Version: 1.00.0000 - Dell)

BSC Cleanitol TM (HKCU\...\BSC Cleanitol TM) (Version:  - )

Canon RAW Image Task for ZoomBrowser EX (HKLM\...\RAW Image Task) (Version: 3.1.0.22 - )

Canon Utilities CameraWindow (HKLM\...\CameraWindowLauncher) (Version: 7.0.0.8 - )

Canon Utilities CameraWindow DC (HKLM\...\CameraWindowDC) (Version: 7.0.1.16 - )

Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX (HKLM\...\CameraWindowDVC6) (Version: 6.4.1.15 - )

Canon Utilities MyCamera (HKLM\...\MyCamera) (Version: 6.4.0.5 - )

Canon Utilities MyCamera DC (HKLM\...\MyCameraDC) (Version: 7.0.0.5 - )

Canon Utilities RAW Image Converter (HKLM\...\Canon Utilities RAW Image Converter) (Version:  - )

Canon Utilities RemoteCapture 1.4 (HKLM\...\RemoteCapture) (Version:  - )

Canon Utilities RemoteCapture DC (HKLM\...\RemoteCaptureDC) (Version: 3.0.1.8 - )

Canon Utilities RemoteCapture Task for ZoomBrowser EX (HKLM\...\RemoteCaptureTask) (Version: 1.7.1.9 - )

Canon ZoomBrowser EX Memory Card Utility (HKLM\...\ZoomBrowser EX Memory Card Utility) (Version: 1.0.0.19 - )

Catalyst Control Center Core Implementation (Version: 2007.0731.2234.38497 - ATI) Hidden

Catalyst Control Center Core Implementation (Version: 2007.1220.2143.38732 - ATI) Hidden

Catalyst Control Center Graphics Full Existing (Version: 2007.0731.2234.38497 - ATI) Hidden

Catalyst Control Center Graphics Full Existing (Version: 2007.1220.2143.38732 - ATI) Hidden

Catalyst Control Center Graphics Full New (Version: 2007.0731.2234.38497 - ATI) Hidden

Catalyst Control Center Graphics Full New (Version: 2007.1220.2143.38732 - ATI) Hidden

Catalyst Control Center Graphics Light (Version: 2007.0731.2234.38497 - ATI) Hidden

Catalyst Control Center Graphics Light (Version: 2007.1220.2143.38732 - ATI) Hidden

Catalyst Control Center Graphics Previews Common (Version: 2007.0731.2234.38497 - ATI) Hidden

Catalyst Control Center Graphics Previews Common (Version: 2007.1220.2143.38732 - ATI) Hidden

Catalyst Control Center Graphics Previews Vista (Version: 2007.0731.2234.38497 - ATI) Hidden

Catalyst Control Center Graphics Previews Vista (Version: 2007.1220.2143.38732 - ATI) Hidden

Catalyst Control Center InstallProxy (Version: 2011.0126.1749.31909 - ATI Technologies, Inc.) Hidden

Catalyst Control Center Localization Chinese Standard (Version: 2007.0731.2234.38497 - ATI) Hidden

Catalyst Control Center Localization Chinese Traditional (Version: 2007.0731.2234.38497 - ATI) Hidden

Catalyst Control Center Localization French (Version: 2007.0731.2234.38497 - ATI) Hidden

Catalyst Control Center Localization German (Version: 2007.0731.2234.38497 - ATI) Hidden

Catalyst Control Center Localization Hungarian (Version: 2007.0731.2234.38497 - ATI) Hidden

Catalyst Control Center Localization Italian (Version: 2007.0731.2234.38497 - ATI) Hidden

Catalyst Control Center Localization Japanese (Version: 2007.0731.2234.38497 - ATI) Hidden

Catalyst Control Center Localization Korean (Version: 2007.0731.2234.38497 - ATI) Hidden

Catalyst Control Center Localization Polish (Version: 2007.0731.2234.38497 - ATI) Hidden

Catalyst Control Center Localization Portuguese (Version: 2007.0731.2234.38497 - ATI) Hidden

Catalyst Control Center Localization Spanish (Version: 2007.0731.2234.38497 - ATI) Hidden

Catalyst Control Center Localization Thai (Version: 2007.0731.2234.38497 - ATI) Hidden

Catalyst Control Center Localization Turkish (Version: 2007.0731.2234.38497 - ATI) Hidden

CCC Help Chinese Standard (Version: 2007.0731.2233.38497 - ATI) Hidden

CCC Help Chinese Traditional (Version: 2007.0731.2233.38497 - ATI) Hidden

CCC Help English (Version: 2007.0731.2233.38497 - ATI) Hidden

CCC Help French (Version: 2007.0731.2233.38497 - ATI) Hidden

CCC Help German (Version: 2007.0731.2233.38497 - ATI) Hidden

CCC Help Hungarian (Version: 2007.0731.2233.38497 - ATI) Hidden

CCC Help Italian (Version: 2007.0731.2233.38497 - ATI) Hidden

CCC Help Japanese (Version: 2007.0731.2233.38497 - ATI) Hidden

CCC Help Korean (Version: 2007.0731.2233.38497 - ATI) Hidden

CCC Help Polish (Version: 2007.0731.2233.38497 - ATI) Hidden

CCC Help Portuguese (Version: 2007.0731.2233.38497 - ATI) Hidden

CCC Help Spanish (Version: 2007.0731.2233.38497 - ATI) Hidden

CCC Help Thai (Version: 2007.0731.2233.38497 - ATI) Hidden

CCC Help Turkish (Version: 2007.0731.2233.38497 - ATI) Hidden

ccc-core-static (Version: 2007.0731.2234.38497 - ATI) Hidden

ccc-core-static (Version: 2007.1220.2143.38732 - Uw bedrijfsnaam) Hidden

ccc-utility (Version: 2007.0731.2234.38497 - ATI) Hidden

ccc-utility (Version: 2007.1220.2143.38732 - ATI) Hidden

CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform)

Coca-Cola Zero  Screen Saver (HKLM\...\Coca-Cola Zero) (Version:  - )

Compatibiliteitspakket voor het 2007 Microsoft Office system (HKLM\...\{90120000-0020-0413-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)

CPUID HWMonitor 1.15 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )

Creevity Mp3 Cover Downloader (HKLM\...\Mp3 Cover Downloader_is1) (Version: 1.4.0 - Diego Alicata)

CutePDF Writer 2.8 (HKLM\...\CutePDF Writer Installation) (Version:  - )

CyberGhost 5 (HKLM\...\CyberGhost VPN 5_is1) (Version:  - CyberGhost S.R.L.)

D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden

DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.41.3.0173 - DT Soft Ltd)

Dell Support Center (HKLM\...\PC-Doctor for Windows) (Version: 3.2.6032.125 - PC-Doctor, Inc.)

Dell System Detect (HKCU\...\9204f5692a8faf3b) (Version: 4.0.5.6 - Dell)

DivX Converter (HKLM\...\{B13A7C41581B411290FBC0395694E2A9}) (Version: 7.0.0 - DivX, Inc.)

DivX Plus DirectShow Filters (HKLM\...\DivX Plus DirectShow Filters) (Version:  - DivX, Inc.)

DivX Setup (HKLM\...\DivX Setup) (Version: 2.6.1.90 - DivX, LLC)

DriverMax 7 (HKLM\...\DMX5_is1) (Version: 7.16.0.120 - Innovative Solutions)

Empire: Total War Demo (HKLM\...\Steam App 10620) (Version:  - The Creative Assembly)

EPSON SX420W Series Printer Uninstall (HKLM\...\EPSON SX420W Series) (Version:  - SEIKO EPSON Corporation)

Equalify v2.5.3 (Stable) (HKLM\...\{33EC4F70-9F4B-406F-BB2A-F75A285E927D}) (Version: 2.5.3.0 - Equalify)

ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )

Eusing Free Registry Cleaner (HKLM\...\Eusing Free Registry Cleaner) (Version:  - )

Express Burn (HKLM\...\ExpressBurn) (Version:  - NCH Software)

Express Rip (HKLM\...\ExpressRip) (Version:  - NCH Swift Sound)

FileHippo.com Update Checker (HKLM\...\FileHippo.com) (Version:  - )

Folder Lock (HKCU\...\FolderLock6) (Version:  - New Sofware.net Inc.)

Free WebM to AVI Converter 1.0 (HKLM\...\{38B50CEC-C683-404D-BAD7-48CBCBFF981B}_is1) (Version:  - PolySoft Solutions)

Free YouTube Download version 3.0.18.1123 (HKLM\...\Free YouTube Download_is1) (Version:  - DVDVideoSoft Ltd.)

Freemake Video Converter versie 4.0.4 (HKLM\...\Freemake Video Converter_is1) (Version: 4.0.4 - Ellora Assets Corporation)

gmax (HKLM\...\{3FA7A919-87DA-42B1-814B-86DE8DCA17C2}) (Version: 4.4.0.125 - Discreet)

GOM Audio (HKLM\...\GomAudio) (Version: 2.0.5.0138 - Gretech Corporation)

GOM Player (HKLM\...\GOM Player) (Version: 2.2.57.5189 - Gretech Corporation)

Google Chrome (HKCU\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)

Google Earth (HKLM\...\{96AD3B61-EAE2-11E2-9E72-B8AC6F98CCE3}) (Version: 7.1.1.1888 - Google)

Google SketchUp 6 (HKLM\...\{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}) (Version: 6.0.01313 - Google)

Google SketchUp 6 (Version: 6.4.112 - Google) Hidden

Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden

Google Video Uploader (HKLM\...\Google Video Uploader) (Version:  - )

ImagXpress (Version: 7.0.74.0 - Nero AG) Hidden

Intel® PRO Network Connections 12.1.11.0 (HKLM\...\PROSetDX) (Version:  - Intel)

Intel® PRO Network Connections 12.1.11.0 (Version:  - Intel) Hidden

Java 7 Update 65 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217065FF}) (Version: 7.0.650 - Oracle)

Java Auto Updater (Version: 2.1.65.20 - Oracle, Inc.) Hidden

Jetcast 1.1.1 (HKLM\...\Jetcast) (Version: 1.1.1 - )

JPGAvi 1.07.0.68 (HKLM\...\JPGAvi_is1) (Version:  - NDW Ltd)

Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

LockHunter 2.0 beta 2, 32 bit (HKLM\...\LockHunter_is1) (Version:  - Crystal Rich, Ltd)

Logitech Legacy USB Camera-stuurprogrammapakket (HKLM\...\legacyqcam_10.51) (Version: 10.51.2023 - )

Logitech Webcam Software (HKLM\...\{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}) (Version: 12.10.1113 - Logitech Inc.)

Logitech Webcam Software-stuurprogrammapakket (HKLM\...\lvdrivers_12.10) (Version: 12.10.1110 - Logitech Inc.)

Malwarebytes Anti-Malware versie 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)

MassTube 12.0.0.280 Beta 9 (HKLM\...\{622A0A32-9711-43D3-A6F1-B0FC78F1A68A}_is1) (Version: 12.0.0.280 Beta 9 - Havy Alegria)

McAfee AntiVirus Plus (HKLM\...\MSC) (Version: 12.8.958 - McAfee, Inc.)

McAfee Virtual Technician (HKLM\...\McAfee Virtual Technician) (Version: 7.5.0.3093 - McAfee, Inc.)

MCShield ::Anti-Malware Tool:: (HKLM\...\MCShield) (Version: 3.0.5.28 - MyCity)

Microsoft .NET Framework 3.5 Language Pack SP1 - nld (Version: 3.5.30729 - Microsoft Corporation) Hidden

Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)

Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (Nederlands) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1043) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (NLD) (Version: 4.5.50938 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden

Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden

Microsoft Fix it Center (HKLM\...\{B7588D45-AFDC-4C93-9E2E-A100F3554B64}) (Version: 1.0.0100 - Microsoft Corporation)

Microsoft Office 2000 Professional (HKLM\...\{00010413-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Works (HKLM\...\{A2A0A82F-025F-458d-A0CD-9BB2320804B5}) (Version: 08.05.0822 - Microsoft Corporation)

Microsoft WSE 3.0 Runtime (HKLM\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)

Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053 - Adobe) Hidden

Microsoft_VC90_CRT_x86 (Version: 1.00.0000 - Adobe) Hidden

Microsoft_VC90_MFC_x86 (Version: 1.00.0000 - Adobe) Hidden

Microsoft_VC90_MFCLOC_x86 (Version: 1.00.0000 - Adobe) Hidden

MixVibes STANDARD 6 uninstall (HKLM\...\MixVibes.exe) (Version:  - )

Mozilla Firefox 31.0 (x86 nl) (HKLM\...\Mozilla Firefox 31.0 (x86 nl)) (Version: 31.0 - Mozilla)

Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)

MPEG2 Codec(libmpeg2/mad) (HKLM\...\MPEG2 Codec(libmpeg2/mad)) (Version:  - )

MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden

MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

MyFonts Order M1384822 (HKLM\...\{F564454D-DEBE-0CCE-93C3-FD8DEB975100}) (Version: 1.0 - MyFonts.com, Inc.)

MyFonts Order M1491040 (HKLM\...\{3DB2C412-5A5C-157D-C753-FF762B37710C}) (Version: 1.0 - MyFonts.com, Inc.)

Nero 9 (HKLM\...\{654844a8-3c8b-4bb7-a858-eaa223f36d5f}) (Version:  - Nero AG)

Nero Installer (Version: 2.0.0.1 - Nero AG) Hidden

neroxml (Version: 1.0.0 - Nero AG) Hidden

Nokia Connectivity Cable Driver (HKLM\...\{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}) (Version: 7.1.32.69 - )

Ogg Codecs 0.81.15562 (HKLM\...\Ogg Codecs) (Version: 0.81.15562 - Xiph.Org)

Paint.NET v3.36 (HKLM\...\{43602F34-1AA3-44FB-AEB2-D08C2C73743F}) (Version: 3.36.0 - dotPDN LLC)

Pazera Free MP4 to AVI Converter 1.6 (HKLM\...\{42442BC6-5A92-4BC2-9E0C-3D359D548A21}_is1) (Version: 1.6 - Jacek Pazera)

PDF Settings CS6 (Version: 11.0 - Adobe Systems Incorporated) Hidden

PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge)

ph (Version: 1.0.0 - Your Company Name) Hidden

Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)

Pivot Pro Plugin (Version: 9.50.110 - Portrait Displays, Inc.) Hidden

PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version:  - )

PowerISO (HKLM\...\PowerISO) (Version:  - )

Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)

Recuva (HKLM\...\Recuva) (Version: 1.43 - Piriform)

Roxio Creator Audio (HKLM\...\{83FFCFC7-88C6-41c6-8752-958A45325C82}) (Version: 3.3.0 - Roxio)

Roxio Creator BDAV Plugin (HKLM\...\{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}) (Version: 3.3.0 - Roxio)

Roxio Creator Copy (HKLM\...\{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}) (Version: 3.3.0 - Roxio)

Roxio Creator Data (HKLM\...\{0D397393-9B50-4c52-84D5-77E344289F87}) (Version: 3.3.0 - Roxio)

Roxio Creator DE (HKLM\...\{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}) (Version: 3.3.0 - Roxio)

Roxio Creator Tools (HKLM\...\{0394CDC8-FABD-4ed8-B104-03393876DFDF}) (Version: 3.3.0 - Roxio)

Roxio Express Labeler (HKLM\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 2.1.0 - Roxio)

Roxio MyDVD DE (HKLM\...\{D639085F-4B6E-4105-9F37-A0DBB023E2FB}) (Version: 9.0.116 - Roxio, Inc.)

Roxio Update Manager (HKLM\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 3.0.0 - Roxio)

Sansa Updater (HKCU\...\Sansa Updater) (Version: 1.313 - SanDisk Corporation)

SDK (Version: 2.31.009 - Portrait Displays, Inc.) Hidden

Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden

SequoiaView (HKLM\...\SequoiaView) (Version:  - )

Serif DrawPlus 4.0 (HKLM\...\SerifDrawPlus40) (Version:  - )

Sesam Kart 3D NPAPI Viewer (HKCU\...\myVRnpapi) (Version:  - )

Shared C Run-time for x86 (Version: 10.0.0 - McAfee) Hidden

SimCity 4 Rush Hour (HKLM\...\{01339AE5-04D4-43F8-008E-13AD788DC4F7}) (Version:  - )

SIW version 2011.10.29 (HKLM\...\{AB67580-257C-45FF-B8F4-C8C30682091A}_is1) (Version: 2011.10.29 - Topala Software Solutions)

Skins (Version: 2007.0731.2234.38497 - ATI) Hidden

Skins (Version: 2007.1220.2143.38732 - ATI) Hidden

Skype™ 6.14 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)

SmartControl (HKLM\...\{F4EF231A-7218-41B1-AB84-F5B48B74C50A}) (Version: 2.20.026 - Portrait Displays, Inc.)

Sonic Activation Module (Version: 1.0 - Sonic Solutions) Hidden

Sony Ericsson Update Engine (HKLM\...\Update Engine) (Version: 2.13.9.201308081522 - Sony Ericsson Communications AB)

Sony Mobile Update Service (HKLM\...\Update Service) (Version: 2.13.5.201304180917 - Sony Mobile Communications AB)

Sony PC Companion 2.10.211 (HKLM\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.211 - Sony)

SpeedFan (remove only) (HKLM\...\SpeedFan) (Version:  - )

Spelling Dictionaries Support For Adobe Reader 8 (HKLM\...\{AC76BA86-7AD7-5464-3428-800000000003}) (Version: 8.0.0 - Adobe Systems)

Spotify (HKCU\...\Spotify) (Version: 0.9.11.27.g2b1a638c - Spotify AB)

Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve)

SubSync (HKLM\...\ST6UNST #1) (Version:  - )

SWF to MP3 Converter 2.3 build 149 (HKLM\...\SWF to MP3 Converter) (Version: 2.3 build 149 - Hoo Technologies)

Taalpakket voor Microsoft .NET Framework 3.5 SP1 - NL (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - nld) (Version:  - Microsoft Corporation)

TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )

TBS WMP Plug-in (HKLM\...\InstallShield_{13515135-48BB-4184-8C1F-2FAE0138E200}) (Version: 1.00.676 - CNN)

TBS WMP Plug-in (Version: 1.00.676 - CNN) Hidden

TrueCrypt (HKLM\...\TrueCrypt) (Version: 7.0 - TrueCrypt Foundation)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)

Update voor het stuurprogramma voor Windows Mobile Apparaatcentrum (HKLM\...\{E7044E25-3038-4A76-9064-344AC038043E}) (Version: 6.1.6965.0 - Microsoft Corporation)

User's Guides (HKLM\...\{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}) (Version:  - )

V710 PC Assistant V1.4.2 (HKLM\...\V710 PC Assistant_is1) (Version:  - MobTime, Inc.)

VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden

VirtuoCity (HKCU\...\VirtuoCity) (Version:  - )

Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729 - Microsoft Corporation) Hidden

Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)

VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)

WD SmartWare (HKLM\...\{98D451C4-4ACA-4273-BB47-57CFE46B048E}) (Version: 1.4.1.1 - Western Digital)

Winamp (HKLM\...\Winamp) (Version: 5.56  - Nullsoft, Inc)

Winamp Remote (HKLM\...\Orb) (Version: 2.2008.0508.1530 - Orb Networks)

Windows Installer Clean Up (HKLM\...\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}) (Version: 3.00.00.0000 - Microsoft Corporation)

Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)

Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden

Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Mail (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Messenger (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden

Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live PIMT Platform (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden

Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden

Windows Live Writer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Writer Resources (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)

Windows Media Tools 4.0 (HKLM\...\Microsoft NetShow Tools 2.0) (Version:  - )

Windows Mobile Apparaatcentrum (HKLM\...\{904CCF62-818D-4675-BC76-D37EB399F917}) (Version: 6.1.6965.0 - Microsoft Corporation)

WinPcap 4.1.1 (HKLM\...\WinPcapInst) (Version: 4.1.0.1753 - CACE Technologies)

WinRAR (HKLM\...\WinRAR archiver) (Version:  - )

Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)

Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version:  - )

 

==================== Custom CLSID (selected items): ==========================

 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

 

CustomCLSID: HKU\S-1-5-21-2418620012-3055082709-3329518089-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Bekker\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)

CustomCLSID: HKU\S-1-5-21-2418620012-3055082709-3329518089-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Bekker\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)

CustomCLSID: HKU\S-1-5-21-2418620012-3055082709-3329518089-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Bekker\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)

CustomCLSID: HKU\S-1-5-21-2418620012-3055082709-3329518089-1000_Classes\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\InprocServer32 -> C:\Windows\system32\shell32.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-2418620012-3055082709-3329518089-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Bekker\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)

CustomCLSID: HKU\S-1-5-21-2418620012-3055082709-3329518089-1000_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Users\Bekker\AppData\Local\Google\Chrome\Application\36.0.1985.125\delegate_execute.exe (Google Inc.)

CustomCLSID: HKU\S-1-5-21-2418620012-3055082709-3329518089-1000_Classes\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\InprocServer32 -> C:\Windows\system32\urlmon.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-2418620012-3055082709-3329518089-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Bekker\AppData\Local\Google\Update\1.3.24.15\psuser.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-2418620012-3055082709-3329518089-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Bekker\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-2418620012-3055082709-3329518089-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Bekker\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-2418620012-3055082709-3329518089-1000_Classes\CLSID\{C90250F3-4D7D-4991-9B69-A5C5BC1C2AE6}\InprocServer32 -> C:\Windows\system32\actxprxy.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-2418620012-3055082709-3329518089-1000_Classes\CLSID\{D98E820F-6ACD-4dc0-921E-9841E3D8B4A7}\InprocServer32 -> K:\.\player\WMMP.EXE No File

CustomCLSID: HKU\S-1-5-21-2418620012-3055082709-3329518089-1000_Classes\CLSID\{DF2FCE13-25EC-45BB-9D4C-CECD47C2430C}\InprocServer32 -> C:\Windows\system32\urlmon.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-2418620012-3055082709-3329518089-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Bekker\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)

CustomCLSID: HKU\S-1-5-21-2418620012-3055082709-3329518089-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Bekker\AppData\Local\Google\Update\1.3.24.15\psuser.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-2418620012-3055082709-3329518089-1000_Classes\CLSID\{F4C6D6E0-A8FB-4281-BE24-1662D646FE2B}\InprocServer32 -> K:\.\player\WMMP.EXE No File

CustomCLSID: HKU\S-1-5-21-2418620012-3055082709-3329518089-1000_Classes\CLSID\{FBE840E5-13A5-4cff-B2A9-4D1E64A17FF2}\InprocServer32 -> K:\.\player\WMMP.EXE No File

 

==================== Restore Points  =========================

 

16-07-2014 15:49:14 Installed Java 7 Update 65

16-07-2014 15:59:59 Windows Update

18-07-2014 15:13:25 Gepland herstelpunt

19-07-2014 12:17:33 Gepland herstelpunt

19-07-2014 19:43:05 Installed Java 7 Update 65

20-07-2014 18:18:05 Gepland herstelpunt

23-07-2014 18:52:27 Windows Update

23-07-2014 19:46:47 Windows Update

25-07-2014 20:12:27 Installed Equalify v2.5.3 (Stable)

30-07-2014 10:16:49 Windows Update

02-08-2014 08:19:32 Gepland herstelpunt

03-08-2014 13:19:51 Gepland herstelpunt

06-08-2014 14:45:41 Windows Update

08-08-2014 16:35:26 Gepland herstelpunt

 

==================== Hosts content: ==========================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2006-11-02 12:23 - 2014-08-06 22:12 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

 

==================== Scheduled Tasks (whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

 

Task: {147C35EA-FC79-4C74-9908-4394F1FEB45B} - System32\Tasks\GoogleUpdateTaskMachineUA1cf6b82f6ad609a => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-07] (Google Inc.)

Task: {17133D10-2AC8-4093-B5A7-A5FBBC1BA5F2} - System32\Tasks\DivX-online actualiseringsprogramma => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2013-11-15] ()

Task: {17F082FB-956D-4678-AF53-EE970A356922} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM

Task: {1D47FE82-697D-4B68-9DE4-FE9C090CEE50} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2418620012-3055082709-3329518089-1000UA1cf8c9f3d2ae526 => C:\Users\Bekker\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-25] (Google Inc.)

Task: {2867449F-C1D9-45CF-826E-FEE0BC420EC9} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2014-07-11] (Oracle Corporation)

Task: {3AF30E58-AAB7-4A97-920E-C2C9A0279ECE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)

Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages

Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation)

Task: {5A63FCA9-185F-4681-A2B6-CFFD0DC57E8A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2418620012-3055082709-3329518089-1000UA1cf6c48c3d25d74 => C:\Users\Bekker\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-25] (Google Inc.)

Task: {623EDFA3-94E1-43ED-82D4-340131132BC4} - System32\Tasks\wp_update => C:\Users\Bekker\AppData\Roaming\~wbnvowq.exe

Task: {6FF950BE-C9FF-4A94-97C7-5B40B6ACFCDB} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI

Task: {83717B20-5ABA-4326-AE8E-5F206DCC8A82} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files\TuneUp Utilities 2013\OneClick.exe

Task: {8737E8BC-AF39-460C-A6EB-A5623D7835D6} - System32\Tasks\GoogleUpdateTaskMachineCore1ce549fea675415 => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-07] (Google Inc.)

Task: {89AC14E7-990A-404A-B3C8-BE5629A62FC9} - System32\Tasks\PCDEventLauncher => C:\Program Files\Dell Support Center\sessionchecker.exe [2013-02-05] (PC-Doctor, Inc.)

Task: {B5E986A1-B887-4EC8-A184-148697B9F08C} - \Microsoft\Windows Defender\MP Scheduled Scan No Task File <==== ATTENTION

Task: {C8CDD8AF-9485-484E-A931-6E3DA20F712F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd)

Task: {CA50539E-FD11-4FD9-80FD-01CAEF36DB50} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2418620012-3055082709-3329518089-1000Core => C:\Users\Bekker\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-25] (Google Inc.)

Task: {CD372113-9F36-4350-BDE0-3150E864A2A5} - System32\Tasks\Google Updater and Installer => C:\Users\Bekker\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-25] (Google Inc.)

Task: {CDB63164-2991-40A7-9A54-8EAFA6457CBD} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup

Task: {D83F4E57-0ED2-4ACD-87D0-C7111DAADF66} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-07] (Google Inc.)

Task: {DE3AA403-7208-4DC1-8EEF-6346E31F57BE} - System32\Tasks\Sansa Dispatch => C:\Users\Bekker\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe [2012-08-04] (SanDisk Corporation)

Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-05] ()

Task: {E57652C0-7046-46AA-9A4F-08F551BEA136} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)

Task: {EB06F4CC-E6D8-46E2-8E68-C7154EC463CD} - System32\Tasks\Adobe-online actualiseringsprogramma => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated)

 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

 

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1ce549fea675415.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf6b82f6ad609a.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2418620012-3055082709-3329518089-1000Core.job => C:\Users\Bekker\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2418620012-3055082709-3329518089-1000UA1cf8c9f3d2ae526.job => C:\Users\Bekker\AppData\Local\Google\Update\GoogleUpdate.exe

 

==================== Loaded Modules (whitelisted) =============

 

2012-09-28 22:28 - 2012-09-18 14:20 - 00083864 _____ () C:\Program Files\Common Files\Portrait Displays\Plugins\DP\msgHook.dll

2010-08-06 17:48 - 2009-11-05 08:39 - 00087552 _____ () C:\Windows\System32\cpwmon2k.dll

2011-01-27 00:11 - 2011-01-27 00:11 - 00023040 _____ () C:\Windows\system32\atitmpxx.dll

2012-09-28 22:22 - 2012-09-18 14:19 - 00243608 _____ () C:\Program Files\Common Files\Portrait Displays\Shared\dthook.dll

2007-03-02 13:44 - 2007-03-02 13:44 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll

2007-12-13 13:35 - 2006-09-14 01:20 - 00126464 _____ () C:\Program Files\WinRAR\rarext.dll

2013-02-11 21:11 - 2012-04-30 11:57 - 00039936 _____ () C:\Program Files\Sony\Sony PC Companion\TMonitorAPI.dll

2013-02-11 21:10 - 2013-09-13 11:02 - 00208896 _____ () C:\Program Files\Sony\Sony PC Companion\MExplorer.dll

2011-07-07 14:54 - 2011-07-07 14:54 - 00233984 _____ () C:\Program Files\Sony\Sony PC Companion\Report.dll

2013-04-22 13:40 - 2013-05-20 12:58 - 00620718 _____ () C:\Program Files\Sony\Sony PC Companion\sqlite3.dll

2013-05-14 09:38 - 2013-05-14 09:38 - 00607744 _____ () C:\Program Files\Sony\Sony PC Companion\PhoneUpdate.dll

2012-09-28 22:21 - 2012-09-18 14:19 - 00186264 _____ () C:\Program Files\Common Files\Portrait Displays\Shared\PresetsCOM.dll

2012-09-28 22:25 - 2012-09-18 14:19 - 00120728 _____ () C:\Program Files\Common Files\Portrait Displays\Plugins\CC\gui.dll

2013-02-11 21:10 - 2013-10-31 12:35 - 00070880 _____ () C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe

2012-09-28 22:28 - 2012-09-18 14:20 - 00161688 _____ () C:\Program Files\Common Files\Portrait Displays\Plugins\DP\DPHelper.exe

2014-07-20 18:07 - 2014-07-15 11:24 - 08537928 _____ () C:\Users\Bekker\AppData\Local\Google\Chrome\Application\36.0.1985.125\pdf.dll

2014-07-20 18:07 - 2014-07-15 11:24 - 00353096 _____ () C:\Users\Bekker\AppData\Local\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll

2014-07-20 18:06 - 2014-07-15 11:24 - 01732936 _____ () C:\Users\Bekker\AppData\Local\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll

2003-08-19 09:20 - 2003-08-19 09:20 - 00180224 _____ () C:\Program Files\Avi2Dvd\Programs\Filters\ac3filter.ax

2014-07-20 18:07 - 2014-07-15 11:24 - 14664008 _____ () C:\Users\Bekker\AppData\Local\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

 

AlternateDataStreams: C:\ProgramData\TEMP:88050731

AlternateDataStreams: C:\ProgramData\TEMP:C39E55C5

AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2

AlternateDataStreams: C:\Users\Annemieke\Desktop\modem:Roxio EMC Stream

AlternateDataStreams: C:\Users\Bekker\Downloads\00030.mp4:TOC.WMV

AlternateDataStreams: C:\Users\Bekker\Downloads\00031.mp4:TOC.WMV

AlternateDataStreams: C:\Users\Bekker\Downloads\6307628.jpg:Roxio EMC Stream

AlternateDataStreams: C:\Users\Bekker\Downloads\Hillbilly Bears (Dutch).mp4:TOC.WMV

AlternateDataStreams: C:\Users\Bekker\Downloads\Netherworld - Paris Catacombs (720p).mp4:TOC.WMV

AlternateDataStreams: C:\Users\Bekker\Documents\Adobe:Roxio EMC Stream

AlternateDataStreams: C:\Users\Bekker\Documents\adobe bestanden:Roxio EMC Stream

AlternateDataStreams: C:\Users\Bekker\Documents\Adobe Scripts:Roxio EMC Stream

AlternateDataStreams: C:\Users\Bekker\Documents\Downloaded Installations:Roxio EMC Stream

AlternateDataStreams: C:\Users\Bekker\Documents\Downloads:Roxio EMC Stream

AlternateDataStreams: C:\Users\Bekker\Documents\GomPlayer:Roxio EMC Stream

AlternateDataStreams: C:\Users\Bekker\Documents\Mijn ontvangen bestanden:Roxio EMC Stream

AlternateDataStreams: C:\Users\Bekker\Documents\Remote Assistance Logs:Roxio EMC Stream

AlternateDataStreams: C:\Users\Bekker\Documents\Shareaza Downloads:Roxio EMC Stream

AlternateDataStreams: C:\Users\Bekker\Documents\SimCity 4:Roxio EMC Stream

AlternateDataStreams: C:\Users\Bekker\Documents\torrents:Roxio EMC Stream

AlternateDataStreams: C:\Users\Bekker\Documents\Version Cue:Roxio EMC Stream

AlternateDataStreams: C:\Users\Bekker\Documents\werk peter:Roxio EMC Stream

 

==================== Safe Mode (whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

 

==================== EXE Association (whitelisted) =============

 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

 

 

==================== MSCONFIG/TASK MANAGER disabled items =========

 

(Currently there is no automatic fix for this section.)

 

MSCONFIG\Services: Adobe Version Cue CS3 => 3

MSCONFIG\Services: Bonjour Service => 2

MSCONFIG\Services: TuneUp.UtilitiesSvc => 2

MSCONFIG\Services: YahooAUService => 2

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Secunia PSI Tray.lnk => C:\Windows\pss\Secunia PSI Tray.lnk.CommonStartup

MSCONFIG\startupfolder: C:^Users^Bekker^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk => C:\Windows\pss\Adobe Gamma.lnk.Startup

MSCONFIG\startupfolder: C:^Users^Bekker^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Need for Speed™ Undercover Registration.lnk => C:\Windows\pss\Need for Speed™ Undercover Registration.lnk.Startup

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin

MSCONFIG\startupreg: CyberGhost => "C:\Program Files\CyberGhost 5\CyberGhost.EXE" /autostart /min

MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun

MSCONFIG\startupreg: DivXMediaServer => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe

MSCONFIG\startupreg: DivXUpdate => "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

MSCONFIG\startupreg: DriverMax => "C:\Program Files\Innovative Solutions\DriverMax\drivermax.exe" -agent

MSCONFIG\startupreg: DriverMax_RESTART => "C:\Program Files\Innovative Solutions\DriverMax\drivermax.exe" -RESTART

MSCONFIG\startupreg: Google Update => "C:\Users\Bekker\AppData\Local\Google\Update\GoogleUpdate.exe" /c

MSCONFIG\startupreg: ISUSScheduler => "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

MSCONFIG\startupreg: LogitechQuickCamRibbon => "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide

MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet

MSCONFIG\startupreg: Orb => "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background

MSCONFIG\startupreg: PivotSoftware => "C:\Program Files\Portrait Displays\Pivot Pro Plugin\Pivot_startup.exe" -delay=10

MSCONFIG\startupreg: Spotify => "C:\Users\Bekker\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart

MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Bekker\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

MSCONFIG\startupreg: StartCCC => "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"

MSCONFIG\startupreg: Steam => "c:\program files\steam\steam.exe" -silent

MSCONFIG\startupreg: WinampAgent => "C:\Program Files\Winamp\winampa.exe"

 

==================== Faulty Device Manager Devices =============

 

Name: Teredo Tunneling Pseudo-Interface

Description: Microsoft Tun Minipoort-adapter

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: tunmp

Problem: : This device cannot start. (Code10)

Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.

On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

 

Name: AQNOMJ78 IDE Controller

Description: AQNOMJ78 IDE Controller

Class Guid: {4D36E97B-E325-11CE-BFC1-08002BE10318}

Manufacturer: 

Service: ay7c64jx

Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)

Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.

Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.

 

Name: TAP-Windows Adapter V9

Description: TAP-Windows Adapter V9

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: TAP-Windows Provider V9

Service: tap0901

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (08/04/2014 02:12:37 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Toepassing met fout Explorer.EXE, versie 6.0.6002.18005, tijdstempel 0x49e01da5, module met fout SHLWAPI.dll, versie 6.0.6002.18738, tijdstempel 0x50ada1fd, uitzonderingscode 0xc0000005, foutmarge 0x00020f29,

proces-id 0x930, starttijd van toepassing 0xExplorer.EXE0.

 

Error: (08/04/2014 01:26:27 PM) (Source: EventSystem) (EventID: 4609) (User: )

Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

 

Error: (08/04/2014 01:44:18 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Toepassing met fout Explorer.exe, versie 6.0.6002.18005, tijdstempel 0x49e01da5, module met fout unknown, versie 0.0.0.0, tijdstempel 0x00000000, uitzonderingscode 0xc0000005, foutmarge 0x03990fef,

proces-id 0x56c, starttijd van toepassing 0xExplorer.exe0.

 

Error: (08/03/2014 08:09:02 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Toepassing met fout StreamTransport.exe, versie 1.1.6.1, tijdstempel 0x2a425e19, module met fout ntdll.dll, versie 6.0.6002.18881, tijdstempel 0x51da3e27, uitzonderingscode 0xc0000005, foutmarge 0x00067f0d,

proces-id 0x1944, starttijd van toepassing 0xStreamTransport.exe0.

 

Error: (08/03/2014 08:04:28 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Toepassing met fout StreamTransport.exe, versie 1.1.6.1, tijdstempel 0x2a425e19, module met fout ntdll.dll, versie 6.0.6002.18881, tijdstempel 0x51da3e27, uitzonderingscode 0xc0000005, foutmarge 0x000674cf,

proces-id 0x1f34, starttijd van toepassing 0xStreamTransport.exe0.

 

Error: (08/03/2014 08:03:47 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Toepassing met fout StreamTransport.exe, versie 1.1.6.1, tijdstempel 0x2a425e19, module met fout ntdll.dll, versie 6.0.6002.18881, tijdstempel 0x51da3e27, uitzonderingscode 0xc0000005, foutmarge 0x00067f0d,

proces-id 0x1e38, starttijd van toepassing 0xStreamTransport.exe0.

 

Error: (08/03/2014 08:02:49 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Toepassing met fout StreamTransport.exe, versie 1.1.6.1, tijdstempel 0x2a425e19, module met fout ntdll.dll, versie 6.0.6002.18881, tijdstempel 0x51da3e27, uitzonderingscode 0xc0000005, foutmarge 0x00067f0d,

proces-id 0xa20, starttijd van toepassing 0xStreamTransport.exe0.

 

Error: (08/03/2014 08:02:26 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Toepassing met fout StreamTransport.exe, versie 1.1.6.1, tijdstempel 0x2a425e19, module met fout ntdll.dll, versie 6.0.6002.18881, tijdstempel 0x51da3e27, uitzonderingscode 0xc0000005, foutmarge 0x000674cf,

proces-id 0x9b8, starttijd van toepassing 0xStreamTransport.exe0.

 

Error: (08/03/2014 08:02:02 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Toepassing met fout StreamTransport.exe, versie 1.1.6.1, tijdstempel 0x2a425e19, module met fout ntdll.dll, versie 6.0.6002.18881, tijdstempel 0x51da3e27, uitzonderingscode 0xc0000005, foutmarge 0x00067f0d,

proces-id 0x99c, starttijd van toepassing 0xStreamTransport.exe0.

 

Error: (08/03/2014 06:00:33 PM) (Source: Windows Search Service) (EventID: 3013) (User: )

Description: De vermelding <C:\USERS\BEKKER\DOWNLOADS\NERDESIN_A_K_M_-_NETD.MP2T> in de hash-toewijzing kan niet worden bijgewerkt.

 

Context: toepassing , catalogus SystemIndex

 

 

Details:

Een apparaat dat op het systeem is aangesloten, werkt niet.   (0x8007001f)

 

 

System errors:

=============

Error: (08/08/2014 10:06:27 PM) (Source: DCOM) (EventID: 10010) (User: )

Description: {209500FC-6B45-4693-8871-6296C4843751}

 

Error: (08/08/2014 03:25:50 PM) (Source: DCOM) (EventID: 10010) (User: )

Description: {209500FC-6B45-4693-8871-6296C4843751}

 

Error: (08/08/2014 03:22:10 PM) (Source: Service Control Manager) (EventID: 7026) (User: )

Description: ASPI32

bdwfx

 

Error: (08/08/2014 03:21:51 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: toepassingsspecifiekLokaalStarten{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (via LRPC)

 

Error: (08/08/2014 03:21:46 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: toepassingsspecifiekLokaalStarten{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYSYSTEEMS-1-5-18LocalHost (via LRPC)

 

Error: (08/08/2014 03:21:35 PM) (Source: bowser) (EventID: 8003) (User: )

Description: De masterbrowser heeft een servermelding ontvangen van computer EXPERIA

die meent de masterbrowser voor het domein te zijn op transport NetBT_Tcpip_{677AEE2D-8769-429A-BE7D-FE6BD7FB03. 

De masterbrowser wordt gestopt of er wordt een verkiezing afgedwongen.

 

Error: (08/08/2014 03:20:46 PM) (Source: Print) (EventID: 19) (User: NT AUTHORITY)

Description: Printer PDFCreator met gedeelde bronnaam PDFCreator kan niet door de afdrukspooler worden gedeeld. Fout 2114. De printer kan niet door anderen in het netwerk worden gebruikt.

 

Error: (08/06/2014 10:12:40 PM) (Source: Service Control Manager) (EventID: 7030) (User: )

Description: PEVSystemStart

 

Error: (08/06/2014 10:07:11 PM) (Source: Service Control Manager) (EventID: 7030) (User: )

Description: PEVSystemStart

 

Error: (08/06/2014 10:01:10 PM) (Source: Service Control Manager) (EventID: 7030) (User: )

Description: PEVSystemStart

 

 

Microsoft Office Sessions:

=========================

Error: (08/04/2014 02:12:37 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Explorer.EXE6.0.6002.1800549e01da5SHLWAPI.dll6.0.6002.1873850ada1fdc000000500020f2993001cfafdc8306e2d2

 

Error: (08/04/2014 01:26:27 PM) (Source: EventSystem) (EventID: 4609) (User: )

Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

 

Error: (08/04/2014 01:44:18 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Explorer.exe6.0.6002.1800549e01da5unknown0.0.0.000000000c000000503990fef56c01cfaf562e3a0286

 

Error: (08/03/2014 08:09:02 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: StreamTransport.exe1.1.6.12a425e19ntdll.dll6.0.6002.1888151da3e27c000000500067f0d194401cfaf45fa885427

 

Error: (08/03/2014 08:04:28 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: StreamTransport.exe1.1.6.12a425e19ntdll.dll6.0.6002.1888151da3e27c0000005000674cf1f3401cfaf45566e70e7

 

Error: (08/03/2014 08:03:47 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: StreamTransport.exe1.1.6.12a425e19ntdll.dll6.0.6002.1888151da3e27c000000500067f0d1e3801cfaf4527c232e7

 

Error: (08/03/2014 08:02:49 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: StreamTransport.exe1.1.6.12a425e19ntdll.dll6.0.6002.1888151da3e27c000000500067f0da2001cfaf451ce289b7

 

Error: (08/03/2014 08:02:26 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: StreamTransport.exe1.1.6.12a425e19ntdll.dll6.0.6002.1888151da3e27c0000005000674cf9b801cfaf450ded5847

 

Error: (08/03/2014 08:02:02 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: StreamTransport.exe1.1.6.12a425e19ntdll.dll6.0.6002.1888151da3e27c000000500067f0d99c01cfaf449316f6d7

 

Error: (08/03/2014 06:00:33 PM) (Source: Windows Search Service) (EventID: 3013) (User: )

Description: Context: toepassing , catalogus SystemIndex

 

 

Details:

Een apparaat dat op het systeem is aangesloten, werkt niet.   (0x8007001f)

C:\USERS\BEKKER\DOWNLOADS\NERDESIN_A_K_M_-_NETD.MP2T

 

 

CodeIntegrity Errors:

===================================

  Date: 2014-08-09 15:07:22.766

  Description: De integriteit van de kopie voor het bestand \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys kan niet worden geverifieerd omdat de reeks kopie-hashes per pagina niet is gevonden op het systeem.

 

  Date: 2014-08-09 15:07:22.207

  Description: De integriteit van de kopie voor het bestand \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys kan niet worden geverifieerd omdat de reeks kopie-hashes per pagina niet is gevonden op het systeem.

 

  Date: 2014-08-09 15:07:21.633

  Description: De integriteit van de kopie voor het bestand \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys kan niet worden geverifieerd omdat de reeks kopie-hashes per pagina niet is gevonden op het systeem.

 

  Date: 2014-08-09 15:07:20.874

  Description: De integriteit van de kopie voor het bestand \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys kan niet worden geverifieerd omdat de reeks kopie-hashes per pagina niet is gevonden op het systeem.

 

  Date: 2014-08-09 01:53:25.388

  Description: De integriteit van de kopie voor het bestand \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys kan niet worden geverifieerd omdat de reeks kopie-hashes per pagina niet is gevonden op het systeem.

 

  Date: 2014-08-09 01:53:25.021

  Description: De integriteit van de kopie voor het bestand \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys kan niet worden geverifieerd omdat de reeks kopie-hashes per pagina niet is gevonden op het systeem.

 

  Date: 2014-08-09 01:53:24.664

  Description: De integriteit van de kopie voor het bestand \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys kan niet worden geverifieerd omdat de reeks kopie-hashes per pagina niet is gevonden op het systeem.

 

  Date: 2014-08-09 01:53:24.335

  Description: De integriteit van de kopie voor het bestand \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys kan niet worden geverifieerd omdat de reeks kopie-hashes per pagina niet is gevonden op het systeem.

 

  Date: 2014-08-09 01:53:23.260

  Description: De integriteit van de kopie voor het bestand \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys kan niet worden geverifieerd omdat de reeks kopie-hashes per pagina niet is gevonden op het systeem.

 

  Date: 2014-08-09 01:53:22.943

  Description: De integriteit van de kopie voor het bestand \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys kan niet worden geverifieerd omdat de reeks kopie-hashes per pagina niet is gevonden op het systeem.

 

 

==================== Memory info =========================== 

 

Percentage of memory in use: 73%

Total physical RAM: 3325.45 MB

Available physical RAM: 892.5 MB

Total Pagefile: 6843.88 MB

Available Pagefile: 3415.16 MB

Total Virtual: 2047.88 MB

Available Virtual: 1903.22 MB

 

==================== Drives ================================

 

Drive c: (OS) (Fixed) (Total:288.04 GB) (Free:35.07 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:6.2 GB) NTFS

Drive m: (My Passport) (Fixed) (Total:465.73 GB) (Free:53.2 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298 GB) (Disk ID: 40000000)

Partition 1: (Not Active) - (Size=55 MB) - (Type=DE)

Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)

Partition 3: (Active) - (Size=288 GB) - (Type=07 NTFS)

 

========================================================

Disk: 5 (MBR Code: Windows XP) (Size: 466 GB) (Disk ID: 0007526A)

Partition 1: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

 

==================== End Of Log ============================

Link to post
Share on other sites

And the Farbar Service Scanner results:

 

Farbar Service Scanner Version: 21-07-2014

Ran by Bekker (administrator) on 09-08-2014 at 15:43:30

Running from "C:\Users\Bekker\Downloads"

Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86)

Boot Mode: Normal

****************************************************************

 

Internet Services:

============

 

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Google.com is accessible.

Yahoo.com is accessible.

 

 

Windows Firewall:

=============

 

Firewall Disabled Policy: 

==================

 

 

System Restore:

============

 

System Restore Disabled Policy: 

========================

 

 

Security Center:

============

 

 

Windows Update:

============

 

Windows Autoupdate Disabled Policy: 

============================

 

 

Windows Defender:

==============

 

Other Services:

==============

 

 

File Check:

========

C:\Windows\system32\nsisvc.dll => File is digitally signed

C:\Windows\system32\Drivers\nsiproxy.sys => File is digitally signed

C:\Windows\system32\dhcpcsvc.dll => File is digitally signed

C:\Windows\system32\Drivers\afd.sys => File is digitally signed

C:\Windows\system32\Drivers\tdx.sys => File is digitally signed

C:\Windows\system32\Drivers\tcpip.sys => File is digitally signed

C:\Windows\system32\dnsrslvr.dll => File is digitally signed

C:\Windows\system32\mpssvc.dll => File is digitally signed

C:\Windows\system32\bfe.dll => File is digitally signed

C:\Windows\system32\Drivers\mpsdrv.sys => File is digitally signed

C:\Windows\system32\SDRSVC.dll => File is digitally signed

C:\Windows\system32\vssvc.exe => File is digitally signed

C:\Windows\system32\wscsvc.dll => File is digitally signed

C:\Windows\system32\wbem\WMIsvc.dll => File is digitally signed

C:\Windows\system32\wuaueng.dll => File is digitally signed

C:\Windows\system32\qmgr.dll => File is digitally signed

C:\Windows\system32\es.dll => File is digitally signed

C:\Windows\system32\cryptsvc.dll => File is digitally signed

C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

 

 

**** End of log ****

Link to post
Share on other sites

Hi,

Step 1

frst.pngfrstfix.png

Please download the attached fixlist txt.gif and save it in the same directory as FRST.

  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.

    Please copy and paste its contents in your next reply.

fixlist.txt

That's it! abklatsch.gif

Your logs look clean to me at the moment. icon_thumb.gif

We're gonna clean up everything now, close security holes on your computer and in the end I'll provide you with a list of security tips so you hopefully will not need our help anymore in the future.

My help is free for everybody.

If you want to support me fighting against malware or buy me a beer for the assistance you received, then you can consider a donation: btn_donate_SM.gif

Thank you!

Uninstall Combofix:

Type "combofix /uninstall" in the run box (w7.png+R) and hit enter.

3w7i5uxa.png

Clean Upcleanupm.PNG

Now we remove all the tools we used (including their logs and quarantine folders), restore your settings and delete old and infected system restorepoints:

  • You can uninstall programs that you had to install (e.g. MBAM or ESET Onlinescanner) in the control panel if you so wish.
  • Download delfix.pngDelFix (by Xplode) and save it to your Desktop.
    • Close all running programs and start delfix.exe.
    • Make sure that all available options are checked.
    • Click on Run
    • DelFix should remove all our tools and delete itself afterwards. I don't need the log file.
  • If there is still something left you can delete it manually.
Closing security holes

Many infections happen via drive-by downloads that run unnoticed in the background while the user visits an infected website. To achieve this malware exploits security holes in installed software (e.g. browser or its plugins). Older versions of such software often have lots of known exploitable holes. Therefor it's very important to always keep your software up-to-date.

The following software is outdated. Make sure you remove all old versions and install the current one instead if you need the program:

Adobe Reader X (10.1.10)

Mozilla Firefox 31.0

Tips

I recommend to read and follow the "16 simple and easy ways to keep your computer safe and secure on the Internet" (Link) by Lawrence Abrams.

Link to post
Share on other sites

Hi deeprybka,

 

Here is the fixlog from FRST. I have one more question. Can you explain to me what it fixes? For example it says it removed "TOC.WMV" ADS from wmv files. 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:5-08-2014
Ran by Bekker at 2014-08-09 20:20:56 Run:1
Running from C:\Users\Bekker\Downloads
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
AlternateDataStreams: C:\ProgramData\TEMP:88050731
AlternateDataStreams: C:\ProgramData\TEMP:C39E55C5
AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2
AlternateDataStreams: C:\Users\Annemieke\Desktop\modem:Roxio EMC Stream
AlternateDataStreams: C:\Users\Bekker\Downloads\00030.mp4:TOC.WMV
AlternateDataStreams: C:\Users\Bekker\Downloads\00031.mp4:TOC.WMV
AlternateDataStreams: C:\Users\Bekker\Downloads\6307628.jpg:Roxio EMC Stream
AlternateDataStreams: C:\Users\Bekker\Downloads\Hillbilly Bears (Dutch).mp4:TOC.WMV
AlternateDataStreams: C:\Users\Bekker\Downloads\Netherworld - Paris Catacombs (720p).mp4:TOC.WMV
AlternateDataStreams: C:\Users\Bekker\Documents\Adobe:Roxio EMC Stream
AlternateDataStreams: C:\Users\Bekker\Documents\adobe bestanden:Roxio EMC Stream
AlternateDataStreams: C:\Users\Bekker\Documents\Adobe Scripts:Roxio EMC Stream
AlternateDataStreams: C:\Users\Bekker\Documents\Downloaded Installations:Roxio EMC Stream
AlternateDataStreams: C:\Users\Bekker\Documents\Downloads:Roxio EMC Stream
AlternateDataStreams: C:\Users\Bekker\Documents\GomPlayer:Roxio EMC Stream
AlternateDataStreams: C:\Users\Bekker\Documents\Mijn ontvangen bestanden:Roxio EMC Stream
AlternateDataStreams: C:\Users\Bekker\Documents\Remote Assistance Logs:Roxio EMC Stream
AlternateDataStreams: C:\Users\Bekker\Documents\Shareaza Downloads:Roxio EMC Stream
AlternateDataStreams: C:\Users\Bekker\Documents\SimCity 4:Roxio EMC Stream
AlternateDataStreams: C:\Users\Bekker\Documents\torrents:Roxio EMC Stream
AlternateDataStreams: C:\Users\Bekker\Documents\Version Cue:Roxio EMC Stream
AlternateDataStreams: C:\Users\Bekker\Documents\werk peter:Roxio EMC Stream
FF Extension: No Name - C:\Users\Bekker\AppData\Roaming\Mozilla\Firefox\Profiles\idsqbua3.default-1365275137464\Extensions\staged [2014-08-06]
 
*****************
 
C:\ProgramData\TEMP => ":88050731" ADS removed successfully.
C:\ProgramData\TEMP => ":C39E55C5" ADS removed successfully.
C:\ProgramData\TEMP => ":DFC5A2B2" ADS removed successfully.
C:\Users\Annemieke\Desktop\modem => ":Roxio EMC Stream" ADS removed successfully.
C:\Users\Bekker\Downloads\00030.mp4 => ":TOC.WMV" ADS removed successfully.
C:\Users\Bekker\Downloads\00031.mp4 => ":TOC.WMV" ADS removed successfully.
C:\Users\Bekker\Downloads\6307628.jpg => ":Roxio EMC Stream" ADS removed successfully.
C:\Users\Bekker\Downloads\Hillbilly Bears (Dutch).mp4 => ":TOC.WMV" ADS removed successfully.
C:\Users\Bekker\Downloads\Netherworld - Paris Catacombs (720p).mp4 => ":TOC.WMV" ADS removed successfully.
C:\Users\Bekker\Documents\Adobe => ":Roxio EMC Stream" ADS removed successfully.
C:\Users\Bekker\Documents\adobe bestanden => ":Roxio EMC Stream" ADS removed successfully.
C:\Users\Bekker\Documents\Adobe Scripts => ":Roxio EMC Stream" ADS removed successfully.
C:\Users\Bekker\Documents\Downloaded Installations => ":Roxio EMC Stream" ADS removed successfully.
C:\Users\Bekker\Documents\Downloads => ":Roxio EMC Stream" ADS removed successfully.
C:\Users\Bekker\Documents\GomPlayer => ":Roxio EMC Stream" ADS removed successfully.
C:\Users\Bekker\Documents\Mijn ontvangen bestanden => ":Roxio EMC Stream" ADS removed successfully.
C:\Users\Bekker\Documents\Remote Assistance Logs => ":Roxio EMC Stream" ADS removed successfully.
"C:\Users\Bekker\Documents\Shareaza Downloads" => ":Roxio EMC Stream" ADS not found.
C:\Users\Bekker\Documents\SimCity 4 => ":Roxio EMC Stream" ADS removed successfully.
C:\Users\Bekker\Documents\torrents => ":Roxio EMC Stream" ADS removed successfully.
C:\Users\Bekker\Documents\Version Cue => ":Roxio EMC Stream" ADS removed successfully.
C:\Users\Bekker\Documents\werk peter => ":Roxio EMC Stream" ADS removed successfully.
C:\Users\Bekker\AppData\Roaming\Mozilla\Firefox\Profiles\idsqbua3.default-1365275137464\Extensions\staged => Moved successfully.
 
==== End of Fixlog ====
Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.