Jump to content

Slow internet after visit to malicious website

MiekeZ

By MiekeZ
in Resolved Malware Removal Logs

 Share

Recommended Posts

MiekeZ

MiekeZ

Posted
Posted

Hello,

Accidentily I visited a malicious website last Monday (20 Oct). My computer started rattling and I couldn't do anything, the Task Manager wouldn't start, Chrome wouldn't close so I had to shut down the computer using the power button. McAfee is (and was) running, I've scanned the computer; no detections. I've installed Spybot Search&Destroy. After installation it said a file was missing so it couln't run (that's a bad sign), but after downloading updates it did run; no detections. I've run Malwarebytes Anti-Malware, no detections.

But Internet is still abnormally slow, so I suspect my computer is infected.

I've downloaded and run the Farbar tool, logs pasted below. I hope you can help!

 

FRST.log:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-10-2014
Ran by Mieke (administrator) on BLAUWEIJSBEER on 27-10-2014 10:13:45
Running from C:\Users\Mieke\Desktop
Loaded Profiles: UpdatusUser & Mieke (Available profiles: UpdatusUser & Mieke & KidsKalkman)
Platform: Windows 8 (X64) OS Language: Nederlands (Nederland)
Internet Explorer Version 10
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files (x86)\TOSHIBA\PasswordUtility\GFNEXSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
() C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe
() C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
() C:\Program Files\TOSHIBA\Hotkey\Hotkey\TCrdKBB.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(TOSHIBA) C:\Program Files (x86)\TOSHIBA\PasswordUtility\readLM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Sony Corporation) C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\Core\mchost.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17074_none_6233bc1f5106b696\TiWorker.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [] => [X]
HKLM\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe [1549392 2013-03-05] (TOSHIBA Corporation)
HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-04] ()
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [170848 2013-01-29] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2565472 2013-04-22] (TOSHIBA Corporation)
HKLM\...\Run: [ThpSrv] => C:\windows\system32\thpsrv /logon
HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2778864 2014-08-06] (Synaptics Incorporated)
HKLM-x32\...\Run: [intel AppUp® center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [156000 2012-12-18] (Intel Corporation)
HKLM-x32\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [374784 2013-04-19] (Alcor Micro Corp.)
HKLM-x32\...\Run: [1.TPUReg] => C:\Program Files (x86)\TOSHIBA\PasswordUtility\readLM.exe [2216800 2013-03-27] (TOSHIBA)
HKLM-x32\...\Run: [TSVU] => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [467360 2013-03-08] (TOSHIBA)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [642040 2014-08-05] (McAfee, Inc.)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-07-30] (Oracle Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Reader Application Helper] => C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe [899400 2014-05-23] (Sony Corporation)
HKLM-x32\...\Run: [sDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-1312028131-968577250-2244580961-1002\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248176 2014-06-05] (TomTom)
AppInit_DLLs: C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll [245872 2013-03-07] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\windows\SysWOW64\nvinit.dll => C:\windows\SysWOW64\nvinit.dll [201576 2013-03-07] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [MOBK] -> {3c3f3c1a-9153-7c05-f938-622e7003894d} => C:\Program Files (x86)\McAfee Online Backup\MOBKshell.dll (McAfee, Inc.)
ShellIconOverlayIdentifiers: [MOBK2] -> {e6ea1d7d-144e-b977-98c4-84c53c1a69d0} => C:\Program Files (x86)\McAfee Online Backup\MOBKshell.dll (McAfee, Inc.)
ShellIconOverlayIdentifiers: [MOBK3] -> {b4caf489-1eec-c617-49ad-8d7088598c06} => C:\Program Files (x86)\McAfee Online Backup\MOBKshell.dll (McAfee, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean64.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - DefaultScope {53DE328C-772D-4C57-A8B9-9E5A7737E162} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATMJS
SearchScopes: HKLM - {53DE328C-772D-4C57-A8B9-9E5A7737E162} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATMJS
SearchScopes: HKLM-x32 - DefaultScope {53DE328C-772D-4C57-A8B9-9E5A7737E162} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATMJS
SearchScopes: HKLM-x32 - {53DE328C-772D-4C57-A8B9-9E5A7737E162} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATMJS
SearchScopes: HKCU - DefaultScope {53DE328C-772D-4C57-A8B9-9E5A7737E162} URL = 
SearchScopes: HKCU - {53DE328C-772D-4C57-A8B9-9E5A7737E162} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_20\bin\ssv.dll (Oracle Corporation)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_20\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.20.2 -> C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @sony.com/ReaderDesktop -> C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2014-09-06]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-09-06]
 
Chrome: 
=======
CHR Profile: C:\Users\Mieke\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Presentaties) - C:\Users\Mieke\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-09-09]
CHR Extension: (Google Documenten) - C:\Users\Mieke\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-09]
CHR Extension: (Google Drive) - C:\Users\Mieke\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-09]
CHR Extension: (YouTube) - C:\Users\Mieke\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-09]
CHR Extension: (Google Zoeken) - C:\Users\Mieke\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-09]
CHR Extension: (Google Spreadsheets) - C:\Users\Mieke\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-09-09]
CHR Extension: (SiteAdvisor) - C:\Users\Mieke\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2014-09-09]
CHR Extension: (Google Wallet) - C:\Users\Mieke\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-09]
CHR Extension: (Gmail) - C:\Users\Mieke\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-09]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2436280 2014-09-25] (Microsoft Corporation)
R2 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [16720 2013-05-09] ()
R2 GFNEXSrv; C:\Program Files (x86)\TOSHIBA\PasswordUtility\GFNEXSrv.exe [163168 2013-03-27] ()
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
S2 IBG_gds_db; C:\Program Files (x86)\Embarcadero\RAD Studio\12.0\InterBaseXE3\bin\ibguard.exe [632456 2013-08-21] (Embarcadero Technologies, Inc.) [File not signed]
S3 IBS_gds_db; C:\Program Files (x86)\Embarcadero\RAD Studio\12.0\InterBaseXE3\bin\ibserver.exe [5416584 2013-08-21] (Embarcadero Technologies, Inc.) [File not signed]
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-03-12] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation)
R3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [43520 2012-07-26] (Microsoft Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [562200 2014-09-04] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [601864 2014-08-01] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-07-24] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-07-18] (McAfee, Inc.)
R2 mfevtp; C:\windows\system32\mfevtps.exe [189912 2014-07-18] (McAfee, Inc.)
R2 MOBKbackup; C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe [184168 2014-05-20] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] ()
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [634368 2012-07-26] (Microsoft Corporation)
S3 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
S3 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S3 Sony SCSI Helper Service; C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe [73728 2014-04-25] (Sony Corporation) [File not signed]
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [332800 2013-04-25] (IDT, Inc.) [File not signed]
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18432 2012-07-26] (Microsoft Corporation)
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [116240 2013-01-04] (Toshiba Europe GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-07-18] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-07-18] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313800 2014-07-18] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [70600 2014-07-18] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [526352 2014-07-18] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-07-18] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [444720 2014-07-24] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96592 2014-07-24] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-07-18] (McAfee, Inc.)
R1 MOBKFilter; C:\Windows\System32\DRIVERS\MOBK.sys [67808 2014-05-20] (Mozy, Inc.)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-10-08] (Intel Corporation)
R2 PEGAGFN; C:\Program Files (x86)\TOSHIBA\PasswordUtility\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33008 2013-05-02] (Synaptics Incorporated)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [28632 2012-07-31] (Windows ® Win 7 DDK provider)
R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [48024 2013-01-29] (Windows ® Win 7 DDK provider)
R3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [194456 2013-01-29] (Windows ® Win 7 DDK provider)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-27 10:13 - 2014-10-27 10:14 - 00023556 _____ () C:\Users\Mieke\Desktop\FRST.txt
2014-10-27 10:13 - 2014-10-27 10:13 - 00000000 ____D () C:\FRST
2014-10-27 10:11 - 2014-10-27 10:11 - 02113024 ____C (Farbar) C:\Users\Mieke\Desktop\FRST64.exe
2014-10-26 22:18 - 2014-10-26 22:44 - 1184774513 ____C () C:\Users\Mieke\Downloads\Dinner for one.zip
2014-10-25 12:52 - 2014-10-25 12:52 - 01645954 _____ () C:\Users\KidsKalkman\Downloads\the Code.zip
2014-10-25 07:35 - 2014-10-25 07:35 - 00000000 ____H () C:\windows\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf
2014-10-25 07:35 - 2014-10-25 07:35 - 00000000 ____D () C:\windows\LastGood.Tmp
2014-10-24 14:12 - 2014-10-27 09:11 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-24 14:12 - 2014-10-24 14:12 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-24 14:12 - 2014-10-24 14:12 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-24 14:12 - 2014-10-24 14:12 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-24 14:12 - 2014-10-01 10:11 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-10-24 14:12 - 2014-10-01 10:11 - 00064216 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-10-24 14:12 - 2014-10-01 10:11 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-10-24 14:10 - 2014-10-24 14:10 - 19828376 ____C (Malwarebytes Corporation ) C:\Users\Mieke\Downloads\mbam-setup-2.0.3.1025.exe
2014-10-24 13:57 - 2014-10-24 13:57 - 00000000 ____D () C:\Users\Mieke\Documents\MoestuinMaatje-kopie
2014-10-24 13:46 - 2012-07-26 06:26 - 00000824 _____ () C:\windows\system32\Drivers\etc\hosts.20141024-144656.backup
2014-10-24 13:10 - 2014-10-24 13:10 - 00001402 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-10-24 13:10 - 2014-10-24 13:10 - 00001390 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-10-24 13:09 - 2014-10-24 13:45 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-10-24 13:09 - 2014-10-24 13:15 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-10-24 13:09 - 2013-09-20 09:49 - 00021040 _____ (Safer Networking Limited) C:\windows\system32\sdnclean64.exe
2014-10-24 13:07 - 2014-10-24 13:08 - 46525608 ____C (Safer-Networking Ltd. ) C:\Users\Mieke\Downloads\spybot-2.4.exe
2014-10-21 14:02 - 2014-10-24 13:59 - 00000000 ____D () C:\Users\Mieke\Documents\Workspace
2014-10-21 14:02 - 2014-10-21 14:02 - 00008777 _____ () C:\Users\Mieke\Desktop\eclipsepreferences.epf
2014-10-19 20:48 - 2014-10-20 08:28 - 00010662 _____ () C:\Users\Mieke\Documents\Java samenvatting.txt
2014-10-19 07:26 - 2014-10-19 07:26 - 00438144 _____ () C:\windows\system32\FNTCACHE.DAT
2014-10-18 21:32 - 2014-10-18 21:32 - 00756691 _____ () C:\Users\KidsKalkman\Downloads\Simsion, Graeme - Het Rosie Project.epub
2014-10-18 21:31 - 2014-10-18 21:31 - 02839012 _____ () C:\Users\KidsKalkman\Downloads\Robin Cook - Infectie.epub
2014-10-18 10:44 - 2013-09-23 12:49 - 00197704 _____ (McAfee, Inc.) C:\windows\system32\Drivers\HipShieldK.sys
2014-10-17 06:28 - 2014-09-29 23:49 - 00705480 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-10-17 06:28 - 2014-09-29 23:49 - 00104904 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-10-15 14:44 - 2014-10-15 14:44 - 00819631 ____C () C:\Users\Mieke\Downloads\Foer, Joshua - geheugenpaleis, Het.epub
2014-10-15 05:38 - 2014-09-13 06:29 - 00079360 _____ (Microsoft Corporation) C:\windows\system32\packager.dll
2014-10-15 05:38 - 2014-09-13 05:02 - 00068096 _____ (Microsoft Corporation) C:\windows\SysWOW64\packager.dll
2014-10-15 05:38 - 2014-09-03 03:48 - 00510464 _____ (Microsoft Corporation) C:\windows\SysWOW64\rastls.dll
2014-10-15 05:38 - 2014-09-03 03:21 - 00585728 _____ (Microsoft Corporation) C:\windows\system32\rastls.dll
2014-10-15 05:38 - 2014-07-12 05:41 - 00008704 _____ (Microsoft Corporation) C:\windows\system32\KBDRUM.DLL
2014-10-15 05:38 - 2014-07-12 05:41 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDYAK.DLL
2014-10-15 05:38 - 2014-07-12 05:41 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDTAT.DLL
2014-10-15 05:38 - 2014-07-12 05:41 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDRU1.DLL
2014-10-15 05:38 - 2014-07-12 05:41 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\KBDRU.DLL
2014-10-15 05:38 - 2014-07-12 05:41 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\KBDBASH.DLL
2014-10-15 05:38 - 2014-07-12 05:16 - 00008192 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRUM.DLL
2014-10-15 05:38 - 2014-07-12 05:16 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDYAK.DLL
2014-10-15 05:38 - 2014-07-12 05:16 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDTAT.DLL
2014-10-15 05:38 - 2014-07-12 05:16 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRU1.DLL
2014-10-15 05:38 - 2014-07-12 05:16 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRU.DLL
2014-10-15 05:38 - 2014-07-12 05:15 - 00006144 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDBASH.DLL
2014-10-15 05:38 - 2014-07-12 01:02 - 00478352 _____ () C:\windows\SysWOW64\locale.nls
2014-10-15 05:38 - 2014-07-12 01:00 - 00478352 _____ () C:\windows\system32\locale.nls
2014-10-15 05:38 - 2014-07-08 23:33 - 00181248 _____ (Microsoft Corp.) C:\windows\system32\Defrag.exe
2014-10-15 05:38 - 2014-07-08 23:32 - 01539584 _____ (Microsoft Corporation) C:\windows\system32\storagewmi.dll
2014-10-15 05:38 - 2014-07-08 23:32 - 00340480 _____ (Microsoft Corporation) C:\windows\system32\defragsvc.dll
2014-10-15 05:38 - 2014-07-08 23:30 - 01220608 _____ (Microsoft Corporation) C:\windows\SysWOW64\storagewmi.dll
2014-10-15 05:38 - 2014-07-07 06:53 - 01125376 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe
2014-10-15 05:38 - 2014-07-07 06:52 - 03248128 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
2014-10-15 05:38 - 2014-07-07 06:52 - 00724992 _____ (Microsoft Corporation) C:\windows\system32\termsrv.dll
2014-10-15 05:38 - 2014-07-07 06:52 - 00300544 _____ (Microsoft Corporation) C:\windows\system32\winsta.dll
2014-10-15 05:38 - 2014-07-07 06:52 - 00263680 _____ (Microsoft Corporation) C:\windows\system32\wcmsvc.dll
2014-10-15 05:38 - 2014-07-07 06:52 - 00074752 _____ (Microsoft Corporation) C:\windows\system32\wcmcsp.dll
2014-10-15 05:38 - 2014-07-07 06:51 - 05982208 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2014-10-15 05:38 - 2014-07-07 05:01 - 01049600 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstsc.exe
2014-10-15 05:38 - 2014-07-07 05:01 - 00233472 _____ (Microsoft Corporation) C:\windows\SysWOW64\winsta.dll
2014-10-15 05:38 - 2014-07-07 05:00 - 05095424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2014-10-15 05:38 - 2014-07-07 04:59 - 00269312 _____ (Microsoft Corporation) C:\windows\SysWOW64\aaclient.dll
2014-10-15 05:38 - 2014-07-04 11:52 - 00328000 _____ (Microsoft Corporation) C:\windows\system32\Drivers\volsnap.sys
2014-10-15 05:38 - 2014-07-03 02:59 - 01824784 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2014-10-15 05:38 - 2014-07-03 01:30 - 01408952 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2014-10-15 05:38 - 2014-06-28 08:01 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\dwmapi.dll
2014-10-15 05:38 - 2014-06-28 07:57 - 00209920 _____ (Microsoft Corporation) C:\windows\system32\profsvc.dll
2014-10-15 05:38 - 2014-06-28 07:56 - 00117248 _____ (Microsoft Corporation) C:\windows\system32\dwmapi.dll
2014-10-15 05:38 - 2014-06-25 08:09 - 00733184 _____ (Microsoft Corporation) C:\windows\system32\win32spl.dll
2014-10-15 05:38 - 2014-06-25 08:07 - 01023488 _____ (Microsoft Corporation) C:\windows\system32\localspl.dll
2014-10-15 05:38 - 2014-06-18 00:27 - 02032640 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10warp.dll
2014-10-15 05:38 - 2014-06-18 00:23 - 02238464 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll
2014-10-15 05:38 - 2014-06-11 15:47 - 02842112 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL
2014-10-15 05:38 - 2014-06-11 05:40 - 02620928 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVDECOD.DLL
2014-10-15 05:38 - 2014-06-10 23:44 - 01403896 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2014-10-15 05:38 - 2014-05-30 00:31 - 00323072 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2014-10-15 05:38 - 2014-05-30 00:03 - 00419328 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-10-15 05:38 - 2014-02-04 11:57 - 01271664 _____ (Microsoft Corporation) C:\windows\system32\winload.exe
2014-10-15 05:37 - 2014-09-28 05:18 - 04068352 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-10-15 05:37 - 2014-09-20 06:18 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-10-15 05:37 - 2014-09-20 06:17 - 02236928 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-10-15 05:37 - 2014-09-20 06:17 - 01407488 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-10-15 05:37 - 2014-09-20 06:17 - 00915968 _____ (Microsoft Corporation) C:\windows\system32\uxtheme.dll
2014-10-15 05:37 - 2014-09-20 06:17 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\UXInit.dll
2014-10-15 05:37 - 2014-09-20 06:16 - 19280896 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-10-15 05:37 - 2014-09-20 06:16 - 15399424 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-10-15 05:37 - 2014-09-20 06:16 - 03959296 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-10-15 05:37 - 2014-09-20 06:16 - 02655232 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-10-15 05:37 - 2014-09-20 06:16 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2014-10-15 05:37 - 2014-09-20 06:16 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-10-15 05:37 - 2014-09-20 06:16 - 00255488 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-10-15 05:37 - 2014-09-20 06:16 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-10-15 05:37 - 2014-09-20 06:16 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2014-10-15 05:37 - 2014-09-20 06:16 - 00097280 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-10-15 05:37 - 2014-09-20 06:16 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-10-15 05:37 - 2014-09-20 06:16 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-10-15 05:37 - 2014-09-20 06:16 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-10-15 05:37 - 2014-09-20 06:15 - 01508864 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-10-15 05:37 - 2014-09-20 06:15 - 00451584 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-10-15 05:37 - 2014-09-20 06:15 - 00281600 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-10-15 05:37 - 2014-09-20 04:57 - 14368768 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-10-15 05:37 - 2014-09-20 04:57 - 13757952 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-10-15 05:37 - 2014-09-20 04:57 - 02861568 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-10-15 05:37 - 2014-09-20 04:57 - 02055168 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-10-15 05:37 - 2014-09-20 04:57 - 01762816 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-10-15 05:37 - 2014-09-20 04:57 - 01180672 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-10-15 05:37 - 2014-09-20 04:57 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2014-10-15 05:37 - 2014-09-20 04:57 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-10-15 05:37 - 2014-09-20 04:57 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-10-15 05:37 - 2014-09-20 04:57 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-10-15 05:37 - 2014-09-20 04:57 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2014-10-15 05:37 - 2014-09-20 04:57 - 00080384 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-10-15 05:37 - 2014-09-20 04:57 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-10-15 05:37 - 2014-09-20 04:57 - 00044032 _____ (Microsoft Corporation) C:\windows\SysWOW64\UXInit.dll
2014-10-15 05:37 - 2014-09-20 04:57 - 00039936 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-10-15 05:37 - 2014-09-20 04:57 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-10-15 05:37 - 2014-09-20 04:56 - 01440768 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-10-15 05:37 - 2014-09-20 04:56 - 00357888 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-10-15 05:37 - 2014-09-20 04:56 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-10-15 05:37 - 2014-09-20 04:38 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-10-15 05:37 - 2014-09-20 04:33 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-10-15 05:37 - 2014-09-20 02:06 - 00534528 _____ (Microsoft Corporation) C:\windows\SysWOW64\uxtheme.dll
2014-10-15 05:37 - 2014-09-18 00:24 - 02416128 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2014-10-15 05:37 - 2014-09-17 23:56 - 02885120 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2014-10-15 05:37 - 2014-08-30 06:48 - 10115072 _____ (Microsoft Corporation) C:\windows\system32\twinui.dll
2014-10-15 05:37 - 2014-08-30 06:46 - 02306560 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2014-10-15 05:37 - 2014-08-30 05:05 - 08858112 _____ (Microsoft Corporation) C:\windows\SysWOW64\twinui.dll
2014-10-15 05:37 - 2014-08-30 05:03 - 02037760 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2014-10-15 05:37 - 2014-08-01 23:08 - 00388729 _____ () C:\windows\system32\ApnDatabase.xml
2014-10-15 05:37 - 2014-07-24 14:50 - 00447296 _____ (Microsoft Corporation) C:\windows\system32\Drivers\USBHUB3.SYS
2014-10-15 05:37 - 2014-07-17 00:28 - 00027648 _____ (Microsoft Corporation) C:\windows\SysWOW64\sscore.dll
2014-10-15 05:37 - 2014-07-16 23:59 - 00305664 _____ (Microsoft Corporation) C:\windows\system32\srvsvc.dll
2014-10-15 05:37 - 2014-07-16 23:59 - 00035840 _____ (Microsoft Corporation) C:\windows\system32\sscore.dll
2014-10-15 05:37 - 2014-07-12 07:45 - 01549824 _____ (Microsoft Corporation) C:\windows\system32\msdtctm.dll
2014-10-15 05:37 - 2014-07-12 05:36 - 00674304 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv2.sys
2014-10-15 05:37 - 2014-07-12 05:36 - 00211456 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2014-10-15 05:37 - 2014-07-12 05:34 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2014-10-15 05:37 - 2014-07-12 05:34 - 00250368 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srvnet.sys
2014-10-15 05:37 - 2014-06-28 07:57 - 01341952 _____ (Microsoft Corporation) C:\windows\system32\user32.dll
2014-10-15 05:37 - 2014-06-28 03:23 - 01126400 _____ (Microsoft Corporation) C:\windows\SysWOW64\user32.dll
2014-10-15 05:37 - 2014-06-13 00:34 - 00754176 _____ (Microsoft Corporation) C:\windows\SysWOW64\actxprxy.dll
2014-10-15 05:37 - 2014-06-13 00:29 - 02146304 _____ (Microsoft Corporation) C:\windows\system32\actxprxy.dll
2014-10-11 14:45 - 2014-10-11 14:45 - 00057344 _____ () C:\Users\KidsKalkman\Downloads\woordenlijst H11-H15 (1).xls
2014-10-11 14:43 - 2014-10-11 14:43 - 00057344 _____ () C:\Users\KidsKalkman\Downloads\woordenlijst H11-H15.xls
2014-10-10 14:59 - 2014-10-10 15:14 - 00000000 ____D () C:\Users\Mieke\AppData\Roaming\vlc
2014-10-09 19:44 - 2014-10-09 19:44 - 00306067 _____ () C:\Users\KidsKalkman\Downloads\vicarmarches00compgoog.epub
2014-10-09 18:47 - 2014-10-09 18:47 - 00302255 _____ () C:\Users\KidsKalkman\Downloads\Tomorrow 7 - The Other Side Of Dawn - John Marsden.epub
2014-10-09 18:47 - 2014-10-09 18:47 - 00290221 _____ () C:\Users\KidsKalkman\Downloads\Tomorrow 1 - When The War Began - John Marsden.epub
2014-10-09 18:47 - 2014-10-09 18:47 - 00277335 _____ () C:\Users\KidsKalkman\Downloads\Tomorrow 3 - A Killing Frost - John Marsden.epub
2014-10-09 18:47 - 2014-10-09 18:47 - 00276110 _____ () C:\Users\KidsKalkman\Downloads\Tomorrow 2 - The Dead Of The Night - John Marsden.epub
2014-10-09 18:47 - 2014-10-09 18:47 - 00261739 _____ () C:\Users\KidsKalkman\Downloads\Tomorrow 5 - Burning for Revenge - John Marsden.epub
2014-10-09 18:47 - 2014-10-09 18:47 - 00260961 _____ () C:\Users\KidsKalkman\Downloads\Tomorrow 4 - Darkness, Be My Friend - John Marsden.epub
2014-10-09 18:47 - 2014-10-09 18:47 - 00248273 _____ () C:\Users\KidsKalkman\Downloads\Tomorrow 6 - The Night is for Hunting - John Marsden.epub
2014-10-09 08:41 - 2014-10-09 09:00 - 00000000 ____D () C:\Users\KidsKalkman\Documents\Samuel
2014-10-08 21:41 - 2014-10-08 21:41 - 02038525 _____ () C:\Users\KidsKalkman\Downloads\Bluf - Help jezelf van je depressie af!.epub
2014-10-08 21:41 - 2014-10-08 21:41 - 01164671 _____ () C:\Users\KidsKalkman\Downloads\Wildervanck, Cathelijne - ADHD.epub
2014-10-08 21:41 - 2014-10-08 21:41 - 00819631 _____ () C:\Users\KidsKalkman\Downloads\Foer, Joshua - geheugenpaleis, Het.epub
2014-10-08 21:41 - 2014-10-08 21:41 - 00696972 _____ () C:\Users\KidsKalkman\Downloads\Paul Liekens - Emoties en Angsten.epub
2014-10-08 21:41 - 2014-10-08 21:41 - 00449483 _____ () C:\Users\KidsKalkman\Downloads\Ruimte Voor Jezelf - Fred Sterk.epub
2014-10-08 21:41 - 2014-10-08 21:41 - 00318202 _____ () C:\Users\KidsKalkman\Downloads\Hoe ga je een burn-out te lijf - Barbro Bronsberg.epub
2014-10-08 21:41 - 2014-10-08 21:41 - 00130513 _____ () C:\Users\KidsKalkman\Downloads\Broekhuis, Wessel - Alleen met mijn wereld.epub
2014-10-07 14:59 - 2014-10-07 15:00 - 00001082 _____ () C:\Users\KidsKalkman\Downloads\Geometry Dash.zip
2014-10-06 16:37 - 2014-10-06 16:37 - 00000000 ____D () C:\Users\KidsKalkman\AppData\Roaming\Image-Line
2014-10-06 12:28 - 2014-10-09 08:58 - 00047104 __SHC () C:\Users\Mieke\Downloads\Thumbs.db
2014-10-06 11:18 - 2014-10-06 11:18 - 00000000 ____H () C:\windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2014-10-05 17:32 - 2014-10-05 17:32 - 00002067 _____ () C:\Users\KidsKalkman\Desktop\FL Studio 11 (64bit).lnk
2014-10-05 17:32 - 2014-10-05 17:32 - 00002051 _____ () C:\Users\KidsKalkman\Desktop\FL Studio 11.lnk
2014-10-05 17:32 - 2014-10-05 17:32 - 00000000 ____D () C:\Users\KidsKalkman\Documents\Image-Line
2014-10-05 17:32 - 2014-10-05 17:32 - 00000000 ____D () C:\Users\KidsKalkman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
2014-10-05 17:32 - 2014-10-05 17:32 - 00000000 ____D () C:\Program Files\Image-Line
2014-10-05 17:32 - 2014-10-05 17:32 - 00000000 ____D () C:\Program Files\Common Files\VST2
2014-10-05 17:32 - 2014-10-05 17:32 - 00000000 ____D () C:\Program Files\Common Files\Propellerhead Software
2014-10-05 17:32 - 2014-10-05 17:32 - 00000000 ____D () C:\Program Files (x86)\VstPlugins
2014-10-05 17:31 - 2014-10-05 17:31 - 00000000 ____D () C:\Program Files (x86)\DSPRobotics
2014-10-05 17:25 - 2014-10-05 17:32 - 00000000 ____D () C:\Program Files (x86)\Image-Line
2014-10-05 17:12 - 2014-10-05 17:22 - 370000160 _____ (Image-Line) C:\Users\KidsKalkman\Downloads\flstudio_11.1.1.exe
2014-10-01 19:49 - 2014-10-01 19:49 - 01541102 _____ () C:\Users\KidsKalkman\Downloads\quad_racing_2.dcr
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-27 10:12 - 2013-08-11 03:29 - 01988378 _____ () C:\windows\WindowsUpdate.log
2014-10-27 10:00 - 2012-07-26 09:12 - 00000000 ____D () C:\windows\system32\sru
2014-10-27 09:44 - 2014-09-09 07:34 - 00001092 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-27 09:44 - 2014-09-09 07:34 - 00001088 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-27 08:24 - 2014-09-03 13:59 - 00003598 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1312028131-968577250-2244580961-1002
2014-10-26 20:33 - 2014-09-09 08:11 - 00000000 ____D () C:\Users\Public\Documents\Ebooks
2014-10-26 20:09 - 2014-09-06 20:20 - 00780976 _____ () C:\windows\system32\perfh010.dat
2014-10-26 20:09 - 2014-09-06 20:20 - 00741800 _____ () C:\windows\system32\perfh007.dat
2014-10-26 20:09 - 2014-09-06 20:20 - 00155360 _____ () C:\windows\system32\perfc007.dat
2014-10-26 20:09 - 2014-09-06 20:20 - 00152608 _____ () C:\windows\system32\perfc010.dat
2014-10-26 20:09 - 2012-08-01 18:03 - 00796920 _____ () C:\windows\system32\perfh013.dat
2014-10-26 20:09 - 2012-08-01 18:03 - 00159176 _____ () C:\windows\system32\perfc013.dat
2014-10-26 20:09 - 2012-07-26 08:28 - 03623188 _____ () C:\windows\system32\PerfStringBackup.INI
2014-10-26 17:52 - 2012-07-26 09:12 - 00000000 ____D () C:\windows\AUInstallAgent
2014-10-26 08:57 - 2014-09-07 12:21 - 00003598 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1312028131-968577250-2244580961-1005
2014-10-26 08:38 - 2014-09-09 11:50 - 00000000 ____D () C:\ProgramData\Embarcadero
2014-10-26 08:38 - 2012-07-26 08:22 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-10-26 08:37 - 2013-05-30 03:30 - 00035006 _____ () C:\windows\PFRO.log
2014-10-25 17:44 - 2012-07-26 06:26 - 00262144 ___SH () C:\windows\system32\config\ELAM
2014-10-25 14:55 - 2014-09-09 15:18 - 00000000 ____D () C:\Users\KidsKalkman\AppData\Roaming\.minecraft
2014-10-25 07:35 - 2012-07-26 08:21 - 00033599 _____ () C:\windows\setupact.log
2014-10-24 16:02 - 2014-09-07 14:42 - 00000000 ____D () C:\Users\KidsKalkman\Documents\Jonas
2014-10-24 14:36 - 2012-07-26 06:26 - 00786432 ___SH () C:\windows\system32\config\BBI
2014-10-23 13:23 - 2014-09-09 15:17 - 00000000 ____D () C:\Users\KidsKalkman\AppData\Local\Google
2014-10-23 08:56 - 2014-09-03 18:05 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-10-23 08:46 - 2014-09-09 07:35 - 00002214 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-19 07:27 - 2013-08-11 04:00 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-10-18 10:44 - 2014-09-06 21:16 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2014-10-18 10:43 - 2012-07-26 09:12 - 00000000 ___HD () C:\windows\ELAMBKUP
2014-10-18 10:42 - 2013-08-11 04:00 - 00000000 ____D () C:\ProgramData\McAfee
2014-10-18 08:39 - 2014-09-09 07:34 - 00004064 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-18 08:39 - 2014-09-09 07:34 - 00003828 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-17 09:21 - 2012-07-26 09:12 - 00000000 ____D () C:\windows\rescache
2014-10-16 21:32 - 2012-07-26 09:12 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-16 21:31 - 2014-09-07 14:32 - 00000000 ____D () C:\windows\system32\MRT
2014-10-16 21:31 - 2012-07-26 09:12 - 00000000 ___RD () C:\windows\ToastData
2014-10-16 21:16 - 2014-09-07 14:32 - 103265616 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-10-15 21:05 - 2014-09-07 12:12 - 00000000 ____D () C:\Users\KidsKalkman\AppData\Local\Packages
2014-10-15 05:55 - 2012-07-26 08:59 - 00000000 ____D () C:\windows\CbsTemp
2014-10-13 14:55 - 2013-08-11 03:47 - 00000000 ____D () C:\windows\System32\Tasks\TOSHIBA
2014-10-12 14:42 - 2014-09-07 12:15 - 00000000 ____D () C:\Users\KidsKalkman\AppData\Local\Toshiba
2014-10-10 11:25 - 2014-09-09 09:09 - 00000000 ____D () C:\Users\Mieke\workspace
2014-10-09 13:14 - 2014-08-25 20:48 - 00000000 ____D () C:\Users\Mieke\AppData\Local\Packages
2014-10-06 18:57 - 2014-09-09 10:35 - 00000000 ____D () C:\Users\Mieke\Documents\Maatakker
2014-10-06 15:25 - 2014-09-09 09:41 - 00000000 ____D () C:\Users\Mieke\Documents\Geld
2014-10-06 08:23 - 2014-09-09 12:09 - 00000000 ____D () C:\Users\Mieke\AppData\Local\Microsoft Help
2014-09-27 22:16 - 2014-09-26 21:07 - 00000000 ____D () C:\Users\KidsKalkman\AppData\Roaming\vlc
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-10-27 09:32
 
==================== End Of Log ============================

 

Additions.log:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-10-2014
Ran by Mieke at 2014-10-27 10:14:51
Running from C:\Users\Mieke\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: McAfee Antivirus en antispyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Antivirus en antispyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Digital Editions 4.0 (HKLM-x32\...\Adobe Digital Editions 4.0) (Version: 4.0 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 4.7.1245.73473 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 4.7.1245.73473 - Alcor Micro Corp.) Hidden
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BDE_ENT (x32 Version: 5.1.1 - Borland Software Corp.) Hidden
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
calibre (HKLM-x32\...\{4ED40090-5A38-415F-B222-26DD6D3C1AEF}) (Version: 2.2.0 - Kovid Goyal)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
CodeSite Express 5.1.4 (HKLM-x32\...\CodeSite Express 5.1.4) (Version: 5.1.3 - Raize Software, Inc.)
CollabNet Subversion Client 1.7.5 (HKLM-x32\...\CollabNet Subversion Client) (Version: 1.7.5 - CollabNet)
Documentation Insight Express Edition V2.8.8.27 (HKLM-x32\...\{F62B6FC9-BECA-4209-9F8E-09528DC143BE}_is1) (Version:  - DevJet)
DTS Studio Sound (HKLM-x32\...\{F8EB8FFC-C535-49A1-A84D-CC75CB2D6ADA}) (Version: 1.00.0071 - DTS, Inc.)
Embarcadero Delphi and C++Builder XE5 Help System (HKLM-x32\...\Embarcadero Delphi and C++Builder XE5 Help System) (Version: 12.0 - Embarcadero Technologies, Inc.)
Embarcadero Delphi and C++Builder XE5 Help System (x32 Version: 12.0 - Embarcadero Technologies, Inc.) Hidden
Embarcadero InterBase XE3  [instance = gds_db] (HKLM-x32\...\Embarcadero InterBase XE3  [instance = gds_db]) (Version: Embarcadero InterBase XE3 - Embarcadero Technologies, Inc.)
Embarcadero RAD Studio XE5 (HKLM-x32\...\Embarcadero RAD Studio XE5) (Version: 12.0 - Embarcadero Technologies, Inc.)
Embarcadero RAD Studio XE5 (x32 Version: 12.0 - Embarcadero Technologies, Inc.) Hidden
Empress of the Deep - The Darkest Secret (x32 Version: 2.2.0.98 - WildTangent) Hidden
FastReport 4 Embarcadero edition (HKLM-x32\...\{FA3685AB-02AC-4a9c-AEED-9D8F805EB72E}) (Version: Embarcadero Edition - FastReports)
FL Studio 11 (HKLM-x32\...\FL Studio 11) (Version:  - Image-Line)
FlowStone FL 3.0 (HKLM-x32\...\FlowStone) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.104 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
IDT Audio Driver (HKLM\...\{11424B27-C16B-4505-9667-82A10AD1B1DC}) (Version: 6.10.6472.0 - IDT)
Intel AppUp® center (HKLM-x32\...\Intel AppUp® center 41663) (Version: 3.8.0.41663.61 - Intel)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1323 - Intel Corporation)
Intel® PRO/Wireless Driver (Version: 16.01.5000.0577 - Intel Corporation) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3111 - Intel Corporation)
Intel® PROSet/Wireless for Bluetooth® + High Speed (Version: 16.1.1.0084 - Intel Corporation) Hidden
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.0.4.1001 - Intel Corporation)
Intel® Rapid Storage Technology (Version: 12.0.4.1001 - Intel Corporation) Hidden
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.63463 - Intel Corporation)
Intel® Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation)
Intel® WiDi (HKLM\...\{62E7C369-64FF-452C-8F46-6BE9B77FF097}) (Version: 4.0.18.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{c9967fbd-e3c3-4ed0-992a-5b33260f2944}) (Version: 16.1.5 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (Version: 16.01.5000.0269 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client (Version: 1.27.798.1 - Intel Corporation) Hidden
Island Tribe (x32 Version: 2.2.0.98 - WildTangent) Hidden
Java 7 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417025FF}) (Version: 7.0.250 - Oracle)
Java 8 Update 20 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418020F0}) (Version: 8.0.200 - Oracle Corporation)
Java Auto Updater (x32 Version: 2.8.20.26 - Oracle Corporation) Hidden
Java SE Development Kit 7 Update 25 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170250}) (Version: 1.7.0.250 - Oracle)
Java SE Development Kit 8 Update 20 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180200}) (Version: 8.0.200.26 - Oracle Corporation)
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware versie 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
McAfee Internet Security (HKLM-x32\...\MSC) (Version: 13.6.1248 - McAfee, Inc.)
McAfee Online Backup (Version: 2.26.1.386 - McAfee, Inc.) Hidden
McAfee Online Backup (x32 Version:  - McAfee, Inc.) Hidden
McAfee SiteAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.143 - McAfee, Inc.)
Microsoft Document Explorer 2008 (HKLM-x32\...\Microsoft Document Explorer 2008) (Version:  - Microsoft Corporation)
Microsoft Office Professional Plus 2013 - nl-nl (HKLM\...\ProPlusRetail - nl-nl) (Version: 15.0.4659.1001 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package (HKLM-x32\...\Microsoft Visual J# 2.0 Redistributable Package) (Version:  - Microsoft Corporation)
NVIDIA Control Panel 311.41 (Version: 311.41 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 311.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.41 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.109.706 - NVIDIA Corporation) Hidden
NVIDIA Optimus 1.11.3 (Version: 1.11.3 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.12.1031 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4659.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4659.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4659.1001 - Microsoft Corporation) Hidden
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Qualcomm Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.13 - Qualcomm Atheros Communications Inc.)
Reader for PC (HKLM-x32\...\{38FB32F7-5A2A-40E4-B106-4C35F75725CD}) (Version: 2.4.00.05230 - Sony Corporation)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Spotify (HKLM-x32\...\Spotify) (Version: 0.8.5.1333.g822e0de8 - Spotify AB)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.10.51 - Synaptics Incorporated)
TomTom HOME (HKLM-x32\...\{7A2BB1C8-903D-4585-9F3B-CADD67D07D37}) (Version: 2.9.8 - Uw bedrijfsnaam)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.01.02.6405 - Toshiba Corporation)
TOSHIBA Display Utility (HKLM\...\{B6619F14-F766-4000-BC8A-522D4CC4E44F}) (Version: 1.0.4.5 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.0.3.6403 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.00.6630.6403 - Toshiba Corporation)
TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.5.1.2 - Toshiba Corporation)
TOSHIBA Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.10 - TOSHIBA)
TOSHIBA Password Utility (HKLM-x32\...\InstallShield_{78931270-BC9E-441A-A52B-73ECD4ACFAB5}) (Version: 3.00.342 - Toshiba Corporation)
TOSHIBA Password Utility (x32 Version: 3.00.342 - Toshiba Corporation) Hidden
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.9.02.6402 - Toshiba Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.0.01.55004008 - Toshiba Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.2.6.0 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{6499E894-43F8-458B-AE35-724F4732BCDE}) (Version: 2.5.6 - Toshiba Corporation)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0020 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.00.0007.32003 - Toshiba Corporation)
Toshiba TEMPRO (HKLM-x32\...\{F76F5214-83A8-4030-80C9-1EF57391D72A}) (Version: 4.3.3 - Toshiba Europe GmbH)
TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.3.7.63 - Toshiba Corporation)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (Toshiba Games) (x32 Version: 4.0.9.7 - WildTangent) Hidden
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
07-10-2014 15:37:37 Gepland controlepunt
15-10-2014 04:40:07 Windows Update
22-10-2014 08:09:02 Gepland controlepunt
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2012-07-26 06:26 - 2014-10-24 13:46 - 00450713 ____R C:\windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
 
There are 1000 more lines.
 
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0A522983-4B6F-4372-B430-786985969390} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2013-03-19] (TOSHIBA Corporation)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {1C74F93A-517B-43BA-AF5D-5DA2042513E2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-09] (Google Inc.)
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {31285CAA-DC90-498F-A38B-D45BE84EE1AB} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {3ED66C78-D3BF-4A1D-86BF-402F880E4EC6} - System32\Tasks\Toshiba\CommonNotifier => C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe [2013-01-04] (Toshiba Europe GmbH)
Task: {77CE8AA3-CB53-46CC-AA92-46241B168762} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\windows\system32\NotificationUI.exe [2014-04-19] (Microsoft Corporation)
Task: {91979392-2A62-4083-8A4D-4146CC4C022D} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2014-10-16] (Microsoft Corporation)
Task: {95AF584A-C0F8-4125-AC05-6E4AED0D6F45} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-09] (Google Inc.)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {B9C092EE-F8F6-4507-84A4-97B708F20D69} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-08-26] (Microsoft Corporation)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {E434137A-AC54-409E-8A27-F115E6FE0718} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {E838A796-7E7D-4350-A6A1-5DCCC0055D25} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-08-26] (Microsoft Corporation)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {FA639BFA-F565-4650-B78B-71F03ADF4166} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-09-25] (Microsoft Corporation)
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-03-27 22:53 - 2013-03-27 22:53 - 00163168 _____ () C:\Program Files (x86)\TOSHIBA\PasswordUtility\GFNEXSrv.exe
2014-09-06 09:37 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-05-09 17:49 - 2013-05-09 17:49 - 00016720 _____ () C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
2012-08-04 23:01 - 2012-08-04 23:01 - 00213136 _____ () C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe
2012-07-19 02:38 - 2012-07-19 02:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2011-08-12 22:57 - 2011-08-12 22:57 - 00437632 _____ () C:\Program Files\TOSHIBA\Hotkey\Hotkey\TcrdKBB.exe
2013-08-11 03:28 - 2013-03-12 21:19 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2014-05-23 18:13 - 2014-05-23 18:13 - 00880640 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\fsk.dll
2014-05-23 18:15 - 2014-05-23 18:15 - 00040264 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskMediaPlayers.dll
2014-05-23 18:15 - 2014-05-23 18:15 - 00239944 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\Fskin.dll
2014-05-23 18:15 - 2014-05-23 18:15 - 00026952 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskinLocalize.dll
2014-04-25 21:27 - 2014-04-25 21:27 - 00798720 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskSecurity.dll
2014-05-23 18:15 - 2014-05-23 18:15 - 00125256 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskDocumentViewer.dll
2014-05-23 18:15 - 2014-05-23 18:15 - 00016200 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskPower.dll
2014-05-23 18:15 - 2014-05-23 18:15 - 00024904 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskNetInterface.dll
2014-05-23 18:15 - 2014-05-23 18:15 - 00017224 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskMobileMediaDevice.dll
2014-05-23 18:15 - 2014-05-23 18:15 - 00015176 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskTimeHardware.dll
2014-05-23 18:15 - 2014-05-23 18:15 - 00034632 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ticket.dll
2014-05-23 18:15 - 2014-05-23 18:15 - 00018760 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ebookDeviceNotifier.dll
2014-05-23 18:15 - 2014-05-23 18:15 - 00092488 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ebookUsb.dll
2014-05-23 18:15 - 2014-05-23 18:15 - 00149832 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\readerAppHelper.dll
2014-05-23 18:15 - 2014-05-23 18:15 - 00178504 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\USBDetector.dll
2014-10-24 13:09 - 2014-05-13 11:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-10-24 13:09 - 2014-05-13 11:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-10-24 13:09 - 2014-05-13 11:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-10-23 08:46 - 2014-10-10 03:03 - 01042760 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\libglesv2.dll
2014-10-23 08:46 - 2014-10-10 03:03 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\libegl.dll
2014-10-23 08:46 - 2014-10-10 03:04 - 08910664 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\pdf.dll
2014-10-23 08:46 - 2014-10-10 03:03 - 01681224 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-1312028131-968577250-2244580961-500 - Administrator - Disabled)
Gast (S-1-5-21-1312028131-968577250-2244580961-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1312028131-968577250-2244580961-1004 - Limited - Enabled)
KidsKalkman (S-1-5-21-1312028131-968577250-2244580961-1005 - Limited - Enabled) => C:\Users\KidsKalkman
Mieke (S-1-5-21-1312028131-968577250-2244580961-1002 - Administrator - Enabled) => C:\Users\Mieke
UpdatusUser (S-1-5-21-1312028131-968577250-2244580961-1001 - Limited - Enabled) => C:\Users\UpdatusUser
 
==================== Faulty Device Manager Devices =============
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. 
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/26/2014 10:21:16 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Kan activeringscontext voor 'UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1' niet maken. Fout in manifest of beleidsbestand 'UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2 op regel UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Onderdeel-id in manifest komt niet overeen met de id van het gevraagde onderdeel.
Verwijzing is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definitie is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Gebruik sxstrace.exe voor gedetailleerde diagnose.
 
Error: (10/25/2014 07:39:20 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Kan activeringscontext voor 'UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1' niet maken. Fout in manifest of beleidsbestand 'UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2 op regel UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Onderdeel-id in manifest komt niet overeen met de id van het gevraagde onderdeel.
Verwijzing is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definitie is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Gebruik sxstrace.exe voor gedetailleerde diagnose.
 
Error: (10/25/2014 07:34:12 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Kan activeringscontext voor 'UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1' niet maken. Fout in manifest of beleidsbestand 'UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2 op regel UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Onderdeel-id in manifest komt niet overeen met de id van het gevraagde onderdeel.
Verwijzing is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definitie is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Gebruik sxstrace.exe voor gedetailleerde diagnose.
 
Error: (10/24/2014 01:05:20 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Kan activeringscontext voor C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1 niet maken. Fout in manifest of beleidsbestand C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2 op regel C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
Een onderdeelversie die nodig is voor de toepassing, conflicteert met een andere onderdeelversie die reeds actief is.
Conflicterende onderdelen zijn:
Onderdeel 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Onderdeel 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.
 
Error: (10/24/2014 11:10:40 AM) (Source: ESENT) (EventID: 489) (User: )
Description: taskhostex (4720) Een poging het bestand C:\Users\KidsKalkman\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat te openen voor alleen-lezen is mislukt. Systeemfout 32 (0x00000020): Het proces heeft geen toegang tot het bestand omdat het door een ander proces wordt gebruikt. . Tijdens het openen van het bestand treedt fout -1032 (0xfffffbf8) op.
 
Error: (10/24/2014 08:31:05 AM) (Source: Python Service) (EventID: 255) (User: )
Description: Exception : HTTPConnectionPool(host='127.0.0.1', port=35600): Read timed out. (read timeout=60)
 
Error: (10/24/2014 08:30:56 AM) (Source: iumsvc) (EventID: 255) (User: )
Description: Exception : (u'Device Profile Push Failure, Service Error: Service is unavailable at this time. Check with the Administrator for further details.', HTTPError('500 Server Error: Internal Server Error',))
 
Error: (10/22/2014 08:47:03 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Kan activeringscontext voor 'UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1' niet maken. Fout in manifest of beleidsbestand 'UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2 op regel UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Onderdeel-id in manifest komt niet overeen met de id van het gevraagde onderdeel.
Verwijzing is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definitie is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Gebruik sxstrace.exe voor gedetailleerde diagnose.
 
Error: (10/20/2014 04:58:52 PM) (Source: ESENT) (EventID: 489) (User: )
Description: taskhostex (7944) Een poging het bestand C:\Users\KidsKalkman\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat te openen voor alleen-lezen is mislukt. Systeemfout 32 (0x00000020): Het proces heeft geen toegang tot het bestand omdat het door een ander proces wordt gebruikt. . Tijdens het openen van het bestand treedt fout -1032 (0xfffffbf8) op.
 
Error: (10/20/2014 03:19:28 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Het programma chrome.exe, versie 37.0.2062.124 reageert niet meer op Windows en is afgesloten. Als u wilt zien of er meer informatie over het probleem beschikbaar is, raadpleegt u de probleemgeschiedenis in het onderdeel Onderhoudscentrum in het Configuratiescherm.
 
Proces-id: 1880
 
Starttijd: 01cfec70c39b9696
 
Eindtijd: 4294967295
 
Toepassingspad: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
Rapport-id: 197c6dde-5864-11e4-be93-681729acb475
 
Volledige pakketnaam met fout: 
 
Relatieve toepassings-id van pakket met fout:
 
 
System errors:
=============
Error: (10/27/2014 09:39:48 AM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: Er is een beschadiging ontdekt in de bestandssysteemstructuur op het volume TI31128200B.
 
Er is een beschadiging gevonden in de indexstructuur van een bestandssysteem.  Het referentienummer van het bestand is 0x1000000002a54.  De naam van het bestand is "\Windows\System32".  Het kenmerk van de beschadigde index is ":$I30:$INDEX_ALLOCATION".
 
Error: (10/26/2014 11:50:36 PM) (Source: DCOM) (EventID: 10010) (User: BlauweIJsbeer)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
 
Error: (10/26/2014 11:50:36 PM) (Source: DCOM) (EventID: 10010) (User: BlauweIJsbeer)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
 
Error: (10/26/2014 11:50:32 PM) (Source: DCOM) (EventID: 10010) (User: BlauweIJsbeer)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
 
Error: (10/26/2014 11:50:32 PM) (Source: DCOM) (EventID: 10010) (User: BlauweIJsbeer)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
 
Error: (10/26/2014 11:50:32 PM) (Source: DCOM) (EventID: 10010) (User: BlauweIJsbeer)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
 
Error: (10/26/2014 11:50:32 PM) (Source: DCOM) (EventID: 10010) (User: BlauweIJsbeer)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
 
Error: (10/26/2014 11:50:26 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: toepassingsspecifiekLokaalActiveren{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (via LRPC)Niet beschikbaarNiet beschikbaar
 
Error: (10/26/2014 08:19:39 PM) (Source: DCOM) (EventID: 10010) (User: BlauweIJsbeer)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
 
Error: (10/26/2014 08:19:39 PM) (Source: DCOM) (EventID: 10010) (User: BlauweIJsbeer)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
 
 
Microsoft Office Sessions:
=========================
Error: (10/26/2014 10:21:16 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0"C:\Program Files\Microsoft Office 15\root\office15\lync.exe.ManifestC:\Program Files\Microsoft Office 15\root\office15\UccApi.DLL1
 
Error: (10/25/2014 07:39:20 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0"C:\Program Files\Microsoft Office 15\root\office15\lync.exe.ManifestC:\Program Files\Microsoft Office 15\root\office15\UccApi.DLL1
 
Error: (10/25/2014 07:34:12 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0"C:\Program Files\Microsoft Office 15\root\office15\lync.exe.ManifestC:\Program Files\Microsoft Office 15\root\office15\UccApi.DLL1
 
Error: (10/24/2014 01:05:20 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\Mieke\Downloads\SoftonicDownloader_voor_spybot-search-destroy.exe
 
Error: (10/24/2014 11:10:40 AM) (Source: ESENT) (EventID: 489) (User: )
Description: taskhostex4720C:\Users\KidsKalkman\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat-1032 (0xfffffbf8)32 (0x00000020)Het proces heeft geen toegang tot het bestand omdat het door een ander proces wordt gebruikt.
 
Error: (10/24/2014 08:31:05 AM) (Source: Python Service) (EventID: 255) (User: )
Description: Exception : HTTPConnectionPool(host='127.0.0.1', port=35600): Read timed out. (read timeout=60)
 
Error: (10/24/2014 08:30:56 AM) (Source: iumsvc) (EventID: 255) (User: )
Description: Exception : (u'Device Profile Push Failure, Service Error: Service is unavailable at this time. Check with the Administrator for further details.', HTTPError('500 Server Error: Internal Server Error',))
 
Error: (10/22/2014 08:47:03 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0"C:\Program Files\Microsoft Office 15\root\office15\lync.exe.ManifestC:\Program Files\Microsoft Office 15\root\office15\UccApi.DLL1
 
Error: (10/20/2014 04:58:52 PM) (Source: ESENT) (EventID: 489) (User: )
Description: taskhostex7944C:\Users\KidsKalkman\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat-1032 (0xfffffbf8)32 (0x00000020)Het proces heeft geen toegang tot het bestand omdat het door een ander proces wordt gebruikt.
 
Error: (10/20/2014 03:19:28 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: chrome.exe37.0.2062.124188001cfec70c39b96964294967295C:\Program Files (x86)\Google\Chrome\Application\chrome.exe197c6dde-5864-11e4-be93-681729acb475
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core i7-4700MQ CPU @ 2.40GHz
Percentage of memory in use: 57%
Total physical RAM: 4007.88 MB
Available physical RAM: 1692.51 MB
Total Pagefile: 6567.88 MB
Available Pagefile: 3620.38 MB
Total Virtual: 8192 MB
Available Virtual: 8191.77 MB
 
==================== Drives ================================
 
Drive c: (TI31128200B) (Fixed) (Total:918.44 GB) (Free:808.8 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 00000000)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================
Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Hello and post-32477-1261866970.gif

 

P2P/Piracy Warning:

 

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Do not see any obvious malware/infection in FRST logs, we have another look...

 

Next,

 

Uninstall Spybot S&D, this may cause issues for tools we run. Instructions here: http://www.safer-networking.org/faq/how-to-uninstall-2/

 

Next,

 

Scan with Gmer rootkit scanner

 

Please download Gmer from Here by clicking on the "Download EXE" Button.

 

  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
     
            Sections
            IAT/EAT
            Show All ( should be unchecked by default )
     
  • Leave everything else as it is.
  • Close all other running Programs as well as your Browsers.
  • Click the Scan button & wait for it to finish.
  • Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop.

 

Please post the content of the ark.txt here.

 

 

**Caution**

Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

 

**If GMER crashes** Follow the instructions here and disable your security temporarily…

 

Next,

 

Please download RogueKiller and save it to your desktop from the following link: http://www.bleepingcomputer.com/download/roguekiller/

 


Quit all running programs.
For Windows XP, double-click to start.
For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
Read and accept the EULA (End User Licene Agreement)
Click Scan to scan the system.
When the scan completes select "Report", log will open. Close the program > Don't Fix anything!
Post back the report which should also be located here:

 

C:\Programdata\RogueKiller\Logs <-------- W7/8

 

Let me see those logs in your next reply...

 

Kevin...

Link to post
Share on other sites
MiekeZ

MiekeZ

Posted
  • Author
Posted
Gmer gave two error messages before starting a scan, saying that the process couldn't access the files C:\windows\system32\config\system, and C:\Mieke\NTuser.dat (don't know if that's correct) because they were in use by another process. Scan took a splitsecond. After scanning with RogueKiller, I wanted to look up the second filename, but then, after clicking away the first error message again, I pressed the Scan button again and it started scanninng. At the end of the scan, both error messages came up again but this time ark.txt was a lot longer. Here it is:
 
GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-10-30 00:07:04
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\00000043 HGST_HTS541010A9E680 rev.JA0OA560 931,51GB
Running: zvhhfbps.exe; Driver: C:\Users\Mieke\AppData\Local\Temp\kwlyqpoc.sys
 
 
---- User code sections - GMER 2.1 ----
 
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1120] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                       000007fea5f21532 4 bytes [F2, A5, FE, 07]
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1120] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                       000007fea5f2153a 4 bytes [F2, A5, FE, 07]
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1120] C:\windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                     000007fea5f2165a 4 bytes [F2, A5, FE, 07]
.text   C:\windows\system32\nvvsvc.exe[1128] C:\windows\system32\MSIMG32.dll!GradientFill + 690                                                 000007fea5f21532 4 bytes [F2, A5, FE, 07]
.text   C:\windows\system32\nvvsvc.exe[1128] C:\windows\system32\MSIMG32.dll!GradientFill + 698                                                 000007fea5f2153a 4 bytes [F2, A5, FE, 07]
.text   C:\windows\system32\nvvsvc.exe[1128] C:\windows\system32\MSIMG32.dll!TransparentBlt + 246                                               000007fea5f2165a 4 bytes [F2, A5, FE, 07]
.text   C:\windows\system32\nvvsvc.exe[1128] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                       000007feaab5177a 4 bytes [b5, AA, FE, 07]
.text   C:\windows\system32\nvvsvc.exe[1128] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                       000007feaab51782 4 bytes [b5, AA, FE, 07]
.text   C:\windows\system32\WLANExt.exe[1388] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                      000007feaab5177a 4 bytes [b5, AA, FE, 07]
.text   C:\windows\system32\WLANExt.exe[1388] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                      000007feaab51782 4 bytes [b5, AA, FE, 07]
.text   C:\windows\system32\WLANExt.exe[1388] C:\windows\system32\MSIMG32.dll!GradientFill + 690                                                000007fea5f21532 4 bytes [F2, A5, FE, 07]
.text   C:\windows\system32\WLANExt.exe[1388] C:\windows\system32\MSIMG32.dll!GradientFill + 698                                                000007fea5f2153a 4 bytes [F2, A5, FE, 07]
.text   C:\windows\system32\WLANExt.exe[1388] C:\windows\system32\MSIMG32.dll!TransparentBlt + 246                                              000007fea5f2165a 4 bytes [F2, A5, FE, 07]
.text   C:\windows\System32\spoolsv.exe[1708] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                      000007feaab5177a 4 bytes [b5, AA, FE, 07]
.text   C:\windows\System32\spoolsv.exe[1708] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                      000007feaab51782 4 bytes [b5, AA, FE, 07]
.text   C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1956] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306  000007feaab5177a 4 bytes [b5, AA, FE, 07]
.text   C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1956] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314  000007feaab51782 4 bytes [b5, AA, FE, 07]
.text   C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2056] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                     000007fea5f21532 4 bytes [F2, A5, FE, 07]
.text   C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2056] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                                     000007fea5f2153a 4 bytes [F2, A5, FE, 07]
.text   C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2056] C:\windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                   000007fea5f2165a 4 bytes [F2, A5, FE, 07]
.text   C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2056] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                           000007feaab5177a 4 bytes [b5, AA, FE, 07]
.text   C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2056] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                           000007feaab51782 4 bytes [b5, AA, FE, 07]
.text   C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2056] C:\windows\SYSTEM32\WSOCK32.dll!recvfrom + 742                                         000007fe9d781b32 4 bytes [78, 9D, FE, 07]
.text   C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2056] C:\windows\SYSTEM32\WSOCK32.dll!recvfrom + 750                                         000007fe9d781b3a 4 bytes [78, 9D, FE, 07]
.text   C:\windows\system32\mfevtps.exe[2296] C:\windows\system32\psapi.dll!GetProcessImageFileNameA + 306                                      000007feaab5177a 4 bytes [b5, AA, FE, 07]
.text   C:\windows\system32\mfevtps.exe[2296] C:\windows\system32\psapi.dll!GetProcessImageFileNameA + 314                                      000007feaab51782 4 bytes [b5, AA, FE, 07]
.text   C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2396] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306       000007feaab5177a 4 bytes [b5, AA, FE, 07]
.text   C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2396] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314       000007feaab51782 4 bytes [b5, AA, FE, 07]
.text   C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2396] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                 000007fea5f21532 4 bytes [F2, A5, FE, 07]
.text   C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2396] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                 000007fea5f2153a 4 bytes [F2, A5, FE, 07]
.text   C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2396] C:\windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246               000007fea5f2165a 4 bytes [F2, A5, FE, 07]
.text   C:\windows\Explorer.EXE[2832] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                              000007feaab5177a 4 bytes [b5, AA, FE, 07]
.text   C:\windows\Explorer.EXE[2832] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                              000007feaab51782 4 bytes [b5, AA, FE, 07]
.text   C:\windows\Explorer.EXE[2832] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                                        000007fea5f21532 4 bytes [F2, A5, FE, 07]
.text   C:\windows\Explorer.EXE[2832] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                                                        000007fea5f2153a 4 bytes [F2, A5, FE, 07]
.text   C:\windows\Explorer.EXE[2832] C:\windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                                      000007fea5f2165a 4 bytes [F2, A5, FE, 07]
.text   C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[1112] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                          000007fea5f21532 4 bytes [F2, A5, FE, 07]
.text   C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[1112] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                          000007fea5f2153a 4 bytes [F2, A5, FE, 07]
.text   C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[1112] C:\windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                        000007fea5f2165a 4 bytes [F2, A5, FE, 07]
.text   C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[1112] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                000007feaab5177a 4 bytes [b5, AA, FE, 07]
.text   C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[1112] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                000007feaab51782 4 bytes [b5, AA, FE, 07]
.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1340] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                         000007fea5f21532 4 bytes [F2, A5, FE, 07]
.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1340] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                         000007fea5f2153a 4 bytes [F2, A5, FE, 07]
.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1340] C:\windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                       000007fea5f2165a 4 bytes [F2, A5, FE, 07]
.text   C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[460] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306              000007feaab5177a 4 bytes [b5, AA, FE, 07]
.text   C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[460] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314              000007feaab51782 4 bytes [b5, AA, FE, 07]
.text   C:\windows\system32\wbem\wmiprvse.exe[3552] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                000007feaab5177a 4 bytes [b5, AA, FE, 07]
.text   C:\windows\system32\wbem\wmiprvse.exe[3552] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                000007feaab51782 4 bytes [b5, AA, FE, 07]
.text   C:\windows\system32\wbem\wmiprvse.exe[3552] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                          000007fea5f21532 4 bytes [F2, A5, FE, 07]
.text   C:\windows\system32\wbem\wmiprvse.exe[3552] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                                          000007fea5f2153a 4 bytes [F2, A5, FE, 07]
.text   C:\windows\system32\wbem\wmiprvse.exe[3552] C:\windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                        000007fea5f2165a 4 bytes [F2, A5, FE, 07]
.text   C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe[4972] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                              000007fea5f21532 4 bytes [F2, A5, FE, 07]
.text   C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe[4972] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                              000007fea5f2153a 4 bytes [F2, A5, FE, 07]
.text   C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe[4972] C:\windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                            000007fea5f2165a 4 bytes [F2, A5, FE, 07]
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5100] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                        000007feaab5177a 4 bytes [b5, AA, FE, 07]
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5100] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                        000007feaab51782 4 bytes [b5, AA, FE, 07]
.text   C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe[5012] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306            000007feaab5177a 4 bytes [b5, AA, FE, 07]
.text   C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe[5012] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314            000007feaab51782 4 bytes [b5, AA, FE, 07]
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3656] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                     000007feaab5177a 4 bytes [b5, AA, FE, 07]
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3656] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                     000007feaab51782 4 bytes [b5, AA, FE, 07]
.text   C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe[216] C:\windows\system32\psapi.dll!GetProcessImageFileNameA + 306            000007feaab5177a 4 bytes [b5, AA, FE, 07]
.text   C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe[216] C:\windows\system32\psapi.dll!GetProcessImageFileNameA + 314            000007feaab51782 4 bytes [b5, AA, FE, 07]
.text   C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe[6124] C:\windows\system32\psapi.dll!GetProcessImageFileNameA + 306           000007feaab5177a 4 bytes [b5, AA, FE, 07]
.text   C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe[6124] C:\windows\system32\psapi.dll!GetProcessImageFileNameA + 314           000007feaab51782 4 bytes [b5, AA, FE, 07]
.text   C:\Program Files\Windows Media Player\wmpnetwk.exe[5748] C:\windows\SYSTEM32\WSOCK32.dll!recvfrom + 742                                 000007fe9d781b32 4 bytes [78, 9D, FE, 07]
.text   C:\Program Files\Windows Media Player\wmpnetwk.exe[5748] C:\windows\SYSTEM32\WSOCK32.dll!recvfrom + 750                                 000007fe9d781b3a 4 bytes [78, 9D, FE, 07]
 
---- Threads - GMER 2.1 ----
 
Thread  C:\windows\system32\csrss.exe [708:732]                                                                                                 fffff960008495e8
 
---- Disk sectors - GMER 2.1 ----
 
Disk    \Device\Harddisk0\DR0                                                                                                                   unknown MBR code
 
---- EOF - GMER 2.1 ----
 
 
And the RogueKiller log:
 
RogueKiller V10.0.4.0 [Oct 29 2014] by Adlice Software
 
Operating System : Windows 8 (6.2.9200 ) 64 bits version
Started in : Normal mode
User : Mieke [Administrator]
Mode : Scan -- Date : 10/29/2014  23:49:59
 
¤¤¤ Processes : 1 ¤¤¤
[Tr.Zeus] mcshield.exe -- [x] -> ERROR [12]
 
¤¤¤ Registry : 8 ¤¤¤
[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\0278021414592475mcinstcleanup (C:\windows\TEMP\027802~1.EXE -cleanup -nolog) -> Found
[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\kwlyqpoc (\??\C:\Users\Mieke\AppData\Local\Temp\kwlyqpoc.sys) -> Found
[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\0278021414592475mcinstcleanup (C:\windows\TEMP\027802~1.EXE -cleanup -nolog) -> Found
[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kwlyqpoc (\??\C:\Users\Mieke\AppData\Local\Temp\kwlyqpoc.sys) -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> 
 
Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> 
 
Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> 
 
Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> 
 
Found
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 [Too big!] ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: HGST HTS541010A9E680 +++++
--- User ---
[MBR] a84dd93b5b19931ceaddbccc47850486
[bSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097151 MB
User = LL1 ... OK
User = LL2 ... OK
 

 

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Is this the entry you mention ([Tr.Zeus] mcshield.exe -- [x] -> ERROR [12])  mcshield.exe is part of your security system McAfee, I would not expect that to be a problem, Scanners can flag good files as well as bad because of how they work, it does not mean they are malicious.

 

We run another indepth online anti-virus scan to be certain all is ok...

 

We need to run an online AV scan to ensure there are no remnants of any infection left on your system that may have been missed. This scan is very thorough and well worth running, it can take several hours please be patient and let it complete:

 

Run Eset Online Scanner

 

**Note** You will need to use Internet explorer for this scan - Vista and Windows 7/8 right click on IE shortcut and run as admin.

 

(To run ESET Online Scanner in a browser other than Internet Explorer, you'll need to download ESET SMART  Installer during the process)

 

Go to Eset web page http://www.eset.com/us/online-scanner/ to run an online scan from ESET.

 


Turn off the real time scanner of any existing antivirus program while performing the online scan
click on the Run ESET Online Scanner button
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the add/on to be installed
Click Start
Make sure that the option "Remove found threats"  is UNticked
Click on Advanced Settings, ensure the following options are checked:
 
Scan for potentially unsafe applications
Enable Anti-Stealth Technology
 
Click Scan
wait for the virus definitions to be downloaded
Wait for the scan to finish

 

When the scan is complete

 


If no threats were found
put a checkmark in "Uninstall application on close"
close program
report to me that nothing was found

 

If threats were found

 


click on "list of threats found"
click on "export to text file" and save it as ESET SCAN and save to the desktop
Click on back
put a checkmark in "Uninstall application on close"
click on finish

 

close program

 

Copy and paste the report in next reply.

 

Thank you,

 

Kevin...

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

The scans we`ve ran are very comprehensive and very thorough, we still do not find any malware or infection. OpenCandy is advertizing software that often comes bundled with free softwareware, not seen it bundled with paid for software...

 

http://en.wikipedia.org/wiki/OpenCandy

 

Run the following:

 

Download AdwCleaner by Xplode onto your Desktop.


Double click on Adwcleaner.exe to run the tool.
Click on Scan
Once the scan is done, click on the Clean button.
You will get a prompt asking to close all programs. Click OK.
Click OK again to reboot your computer.
A text file will open after the restart. Please post the content of that logfile in your reply.
You can also find the logfile at C:\AdwCleaner[sn].txt. Where n in the scan reference number

 

Next,

 

thisisujrt.gif Please download Junkware Removal Tool to your desktop.


Shut down your protection software now to avoid potential conflicts. (re-enable when done)
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

 

Next,

 

Open Malwarebytes Anti-Malware, from the Dashboard please Check for Updates by clicking the Update Now... link

When the update completes select > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.

 

 

Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.

 

When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.

 

 

In most cases, a restart will be required.

 

 

Wait for the prompt to restart the computer to appear, then click on Yes.

 

 

Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.

 

Show me those logs, also give an update on any remaining issues or concerns....

 

Thanks,

 

Kevin.

Link to post
Share on other sites
MiekeZ

MiekeZ

Posted
  • Author
Posted
AdwCleaner log:
 
# AdwCleaner v3.311 - Rapport aangemaakt 01/11/2014 op 22:09:01
# Laatste Update 30/09/2014 door Xplode
# Besturingssysteem : Windows 8  (64 bits)
# Gebruikersnaam : Mieke - BLAUWEIJSBEER
# Gestart vanuit : C:\Users\Mieke\Downloads\AdwCleaner.exe
# Optie : Verwijderen
 
***** [ Services ] *****
 
 
***** [ Bestanden / Mappen ] *****
 
Map Verwijderd : C:\Users\Mieke\AppData\Local\PackageAware
Bestand Verwijderd : C:\Users\Public\Desktop\eBay.lnk
 
***** [ Taken ] *****
 
 
***** [ Snelkoppelingen ] *****
 
 
***** [ Register ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.17116
 
 
-\\ Google Chrome v38.0.2125.111
 
[ Bestand : C:\Users\KidsKalkman\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ Bestand : C:\Users\Mieke\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [1013 octets] - [01/11/2014 21:56:49]
AdwCleaner[s0].txt - [943 octets] - [01/11/2014 22:09:01]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1002 octets] ##########
 

 

JRT log:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.5 (10.31.2014:1)
OS: Windows 8 x64
Ran by Mieke on za 01-11-2014 at 22:19:37,70
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
Successfully deleted: [File] "C:\windows\wininit.ini"
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on za 01-11-2014 at 22:21:54,98
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

 

 

Malwarebytes Anti-Malware log:

 

Malwarebytes Anti-Malware

www.malwarebytes.org
 
Scan Date: 1-11-2014
Scan Time: 22:25:57
Logfile: 
Administrator: Yes
 
Version: 2.00.3.1025
Malware Database: v2014.11.01.08
Rootkit Database: v2014.11.01.02
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 8
CPU: x64
File System: NTFS
User: Mieke
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 392222
Time Elapsed: 17 min, 47 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Disabled
Rootkits: Enabled
Heuristics: Disabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 1
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\Mindspark, Quarantined, [93084bebf587c076dea5108fa1631be5], 
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 1
PUP.Optional.MindSpark.A, C:\$RECYCLE.BIN\S-1-5-21-1312028131-968577250-2244580961-1005\$RATIULS.exe, Quarantined, [1e7d33035a2251e53afc7962649dfe02], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
In my first post I wrote that Malwarebytes Anti-Malware hadn't detected anything in the first scan after the forced shutdown. But the log from that scan shows that's not true, here's the log of that first scan:
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 24-10-2014
Scan Time: 15:15:24
Logfile: 
Administrator: Yes
 
Version: 2.00.3.1025
Malware Database: v2014.10.24.05
Rootkit Database: v2014.10.22.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 8
CPU: x64
File System: NTFS
User: Mieke
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 388792
Time Elapsed: 18 min, 25 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 3
PUP.Optional.Softonic, C:\$RECYCLE.BIN\S-1-5-21-1312028131-968577250-2244580961-1002\$R258L0E.exe, Quarantined, [562faf69116b0e2835475505ac54fd03], 
PUP.Optional.MindSpark.A, C:\Users\KidsKalkman\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_eliteunzip.dl.tb.ask.com_0.localstorage, Quarantined, [b0d5c0587efe60d6e3bcd96d8f746f91], 
PUP.Optional.MindSpark.A, C:\Users\KidsKalkman\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_eliteunzip.dl.tb.ask.com_0.localstorage-journal, Quarantined, [a9dc7d9bc5b7ef47cfd08eb8cc37ab55], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
The softonic file is one that I deleted without opening it, because I didn't trust it.
My browsers seem to work fine now, just slower than usual. 
Maybe, if the computer is clean, I should reset my modem and see if that helps.
 
Mieke (glad the scan didn't take hours again)
Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Run the following to clean up...

 

Download "Delfix by Xplode" and save it to your desktop.

 

Or use the following if first link is down:

 

"Delfix link mirror"

 

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

 

Make Sure the following items are checked:

 


    Activate UAC
    Remove disinfection tools
    Create registry backup
    Purge System Restore
    Reset system settings

 

Now click on "Run" and wait patiently until the tool has completed.

 

The tool will create a log when it has completed. We don't need you to post this.

 

Part of the routine will be to create a registry back up with ERUNT,  the back up will be created here:

 

C:\Windows\ERUNT

 

When all is known to be well with your system you can delete that back up folder if you consider it as not needed...

 

Any remnant files/logs from tools we have used can be deleted…

 

Next,

 

Read the following link to fully understand PC security and best practices, you may find it useful....

 

http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry2316629

 

let me know if we are ok to close out...

 

Kevin...

Link to post
Share on other sites
  • 3 weeks later...
LDTate

LDTate

Posted
Posted

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.