Jump to content

Malicious Website Protection disabled; none of the listed fixes work


Recommended Posts

I'm running MBAM premium (runs but indicates that Malicious Website Protection is disabled)

Did try a re-install.

Did try Chameleon.

Did try FixDamage.exe.

 

 

Help would be greatly appreciated.

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:04-07-2015

Ran by Familie (administrator) on BOREALIS on 04-07-2015 23:03:47

Running from C:\Users\Familie\Downloads

Loaded Profiles: Familie (Available Profiles: Familie)

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal


 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(AMD) C:\Windows\System32\atiesrxx.exe

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe

(AMD) C:\Windows\System32\atieclxx.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe

(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE

(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE

(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe

(Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe

(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe

(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

(Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\CaptureGenUSB.exe

(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe

(McAfee, Inc.) C:\Windows\System32\mfevtps.exe

(Mirics Semiconductor) C:\Program Files\MiricsFlexiTV\Driver\msi2500scan.exe

(Mirics Ltd.) C:\Program Files\MiricsFlexiTV\DVBT\DVBservice.exe

(Microsoft Corporation) C:\Windows\System32\msiexec.exe

(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe

(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe

(Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(McAfee, Inc.) C:\Windows\System32\mfevtps.exe

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

(Mirics Semiconductor) C:\Program Files\MiricsFlexiTV\Driver\MSiBdaDemodWrapper.exe

(Hewlett-Packard ) C:\Program Files\IDT\WDM\beats64.exe

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe

(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe

(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIEJE.EXE

(Hauppauge Computer Works) C:\Program Files (x86)\WinTV\Ir.exe

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe

(Hauppauge Computer Works, Inc.) C:\Program Files (x86)\WinTV\WinTV7\WinTVTray.exe

(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Portrait Displays, Inc) C:\Program Files (x86)\Hewlett-Packard\HP My Display\OSDManager.exe

(Portrait Displays, Inc) C:\Program Files (x86)\Hewlett-Packard\HP My Display\dthtml.exe

(Portrait Displays Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Shared\HookManager.exe

(CyberLink) C:\Program Files (x86)\Cyberlink\YouCam\YCMMirage.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe

(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe

(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe

(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe

(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe

(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [beatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [37888 2011-08-24] (Hewlett-Packard )

HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)

HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1424896 2011-09-26] (IDT, Inc.)

HKLM-x32\...\Run: [startCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-11-24] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)

HKLM-x32\...\Run: [] => [X]

HKLM-x32\...\Run: [HP Remote Solution] => C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe [656896 2009-08-25] (Hewlett-Packard)

HKLM-x32\...\Run: [Easybits Recovery] => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2011-09-27] (EasyBits Software AS)

HKLM-x32\...\Run: [DT HPO] => C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe [121648 2011-09-15] (Portrait Displays, Inc.)

HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [658424 2011-08-12] (PDF Complete Inc)

HKLM-x32\...\Run: [beid] => "C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe" /startup

HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-04-10] (Oracle Corporation)

HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1

HKLM\...\Policies\Explorer: [NoFolderOptions] 0

HKLM\...\Policies\Explorer: [NoControlPanel] 0

HKU\S-1-5-21-3461864485-847432099-1787404142-1000\...\Run: [EPSON BX300F Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEJE.EXE [221696 2008-01-22] (SEIKO EPSON CORPORATION)

HKU\S-1-5-21-3461864485-847432099-1787404142-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-09-15] (Apple Inc.)

HKU\S-1-5-21-3461864485-847432099-1787404142-1000\...\Run: [DevidAgent] => C:\Program Files (x86)\DevID Agent\DevIDagent.exe /autorun

HKU\S-1-5-21-3461864485-847432099-1787404142-1000\...\Policies\system: [DisableLockWorkstation] 0

HKU\S-1-5-21-3461864485-847432099-1787404142-1000\...\Policies\system: [DisableChangePassword] 0

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutoStart IR.lnk [2013-02-16]

ShortcutTarget: AutoStart IR.lnk -> C:\Program Files (x86)\WinTV\Ir.exe (Hauppauge Computer Works)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2012-03-30]

ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-07-04]

ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinTV Recording Status.lnk [2013-02-16]

ShortcutTarget: WinTV Recording Status.lnk -> C:\Program Files (x86)\WinTV\WinTV7\WinTVTray.exe (Hauppauge Computer Works, Inc.)

Startup: C:\Users\Familie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Schermopname en Snel starten.lnk [2014-03-22]

ShortcutTarget: OneNote 2010 Schermopname en Snel starten.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKU\S-1-5-21-3461864485-847432099-1787404142-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKU\S-1-5-21-3461864485-847432099-1787404142-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=HPDTDF

URLSearchHook: HKU\S-1-5-21-3461864485-847432099-1787404142-1000 - SearchHook Class - {D8278076-BC68-4484-9233-6E7F1628B56C} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\searchhook.dll" No File

SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox

SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox

SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDF

SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = 


SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF

SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}


SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox

SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox

SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDF

SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = 


SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF

SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}


SearchScopes: HKU\S-1-5-21-3461864485-847432099-1787404142-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox

SearchScopes: HKU\S-1-5-21-3461864485-847432099-1787404142-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox

SearchScopes: HKU\S-1-5-21-3461864485-847432099-1787404142-1000 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDF

SearchScopes: HKU\S-1-5-21-3461864485-847432099-1787404142-1000 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = 

SearchScopes: HKU\S-1-5-21-3461864485-847432099-1787404142-1000 -> {B647DBF3-089F-481D-964D-6433692BD14A} URL = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

SearchScopes: HKU\S-1-5-21-3461864485-847432099-1787404142-1000 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF

SearchScopes: HKU\S-1-5-21-3461864485-847432099-1787404142-1000 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}

SearchScopes: HKU\S-1-5-21-3461864485-847432099-1787404142-1000 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/1553-111073-34115-6?mpre=http://www.befr.ebay.be/sch/i.html?_nkw={searchTerms}

BHO: Ask Toolbar -> {4F524A2D-5637-006A-76A7-7A786E7484D7} -> "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7\Passport_x64.dll" No File

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)

BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-01] (Google Inc.)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)

BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)

BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)

BHO-x32: Ask Toolbar -> {4F524A2D-5637-006A-76A7-7A786E7484D7} -> "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7\Passport.dll" No File

BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-01] (Oracle Corporation)

BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)

BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-01] (Google Inc.)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)

BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-01] (Oracle Corporation)

BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)

Toolbar: HKLM - Ask Toolbar - {4F524A2D-5637-006A-76A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7\Passport_x64.dll" No File

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-01] (Google Inc.)

Toolbar: HKLM-x32 - Ask Toolbar - {4F524A2D-5637-006A-76A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7\Passport.dll" No File

Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-01] (Google Inc.)

Toolbar: HKU\S-1-5-21-3461864485-847432099-1787404142-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-06-04] (McAfee, Inc.)

Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-06-04] (McAfee, Inc.)

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-06-04] (McAfee, Inc.)

Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-06-04] (McAfee, Inc.)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2015-05-13] (McAfee, Inc.)

Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2015-05-13] (McAfee, Inc.)

ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2012-03-30] (EasyBits Software Corp.)

Tcpip\Parameters: [DhcpNameServer] 195.130.130.129 195.130.131.129

Tcpip\..\Interfaces\{D8256797-477F-488E-B869-89D38CC1026C}: [DhcpNameServer] 195.130.130.129 195.130.131.129

 

FireFox:

========

FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-05-13] ()

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)

FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-01] (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-01] (Oracle Corporation)

FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-05-13] ()

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)

FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)

FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)

FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)

FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\12\NP_wtapp.dll [2015-06-21] ()

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)

FF Plugin HKU\S-1-5-21-3461864485-847432099-1787404142-1000: vasco.com/VascoCardReaderPlugin -> C:\Users\Familie\AppData\Roaming\VASCO\VascoCardReaderPlugin\3.2.3.2\npVascoCardReaderPlugin.dll [2013-10-28] (VASCO Data Security)

FF Plugin HKU\S-1-5-21-3461864485-847432099-1787404142-1000: vasco.com/VascoCardReaderPlugin64 -> C:\Users\Familie\AppData\Roaming\VASCO\VascoCardReaderPlugin\3.2.3.2\npVascoCardReaderPlugin64.dll [2013-10-28] (VASCO Data Security)

FF Extension: Belgium eID - C:\Program Files (x86)\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be [2013-07-14]

FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor

FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2013-02-16]

FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor

FF HKLM-x32\...\Firefox\Extensions: [belgiumeid@eid.belgium.be] - C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be

FF HKLM-x32\...\Firefox\Extensions: [VIP5X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client

FF Extension: No Name - C:\Program Files (x86)\Symantec\VIP Access Client [2012-03-30]

 

Chrome: 

=======

CHR Profile: C:\Users\Familie\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Docs) - C:\Users\Familie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-04]

CHR Extension: (Google Drive) - C:\Users\Familie\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-04]

CHR Extension: (YouTube) - C:\Users\Familie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-04]

CHR Extension: (Google Search) - C:\Users\Familie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-04]

CHR Extension: (SiteAdvisor) - C:\Users\Familie\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-01-29]

CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Familie\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-12]

CHR Extension: (Google Wallet) - C:\Users\Familie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-04]

CHR Extension: (Gmail) - C:\Users\Familie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-04]

CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-06-23]

CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - http://clients2.google.com/service/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-06-23]

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 CalendarSynchService; C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [16384 2011-08-16] (Hewlett-Packard) [File not signed]

S2 CLKMSVC10_38F51D56; c:\Program Files (x86)\Cyberlink\PowerDVD10\NavFilter\kmsvc.exe [241648 2011-02-25] (CyberLink)

R2 DTSRVC; C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe [133936 2011-09-15] (Portrait Displays, Inc.)

R2 ezSharedSvc; C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232 2010-04-23] (EasyBits Software AS) [File not signed]

S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [349728 2015-06-21] (WildTangent)

R2 HauppaugeTVServer; C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe [577536 2012-08-24] (Hauppauge Computer Works) [File not signed]

R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-05-06] (McAfee, Inc.)

R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2375168 2011-03-08] (Realsil Microelectronics Inc.) [File not signed]

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)

R2 McAfee SiteAdvisor Service; c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [155368 2015-06-04] (McAfee, Inc.)

S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)

S2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-05-06] (McAfee, Inc.)

R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-05-06] (McAfee, Inc.)

S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [609592 2015-05-05] (McAfee, Inc.)

R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-05-06] (McAfee, Inc.)

R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-05-06] (McAfee, Inc.)

R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232656 2015-04-08] (McAfee, Inc.)

R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [373704 2015-05-14] (McAfee, Inc.)

R2 mfevtp; C:\Windows\system32\mfevtps.exe [250672 2015-04-08] (McAfee, Inc.)

R2 msi2500scan; c:\Program Files\MiricsFlexiTV\Driver\msi2500scan.exe [229376 2011-12-17] (Mirics Semiconductor)

R2 MSiDVBT; c:\Program Files\MiricsFlexiTV\DVBT\DVBService.exe [2715648 2011-12-17] (Mirics Ltd.)

R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-08-12] (PDF Complete Inc)

R2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [75336 2014-07-14] (Symantec Corporation)

S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

S2 AdobeARMservice; No ImagePath

S2 gupdate; No ImagePath

S3 gupdatem; No ImagePath

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [68784 2015-04-08] (McAfee, Inc.)

R3 hcw10bda; C:\Windows\System32\drivers\hcw10bda.sys [649360 2012-05-01] (Hauppauge Computer Works, Inc.)

R2 hcw10cir; C:\Windows\System32\drivers\hcw10cir.sys [46080 2010-05-10] (Hauppauge Computer Works, Inc.)

S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [198448 2015-04-27] (McAfee, Inc.)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-07-04] (Malwarebytes Corporation)

S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)

R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [402888 2015-04-08] (McAfee, Inc.)

R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [338272 2015-04-08] (McAfee, Inc.)

R0 mfedisk; C:\Windows\System32\DRIVERS\mfedisk.sys [101872 2015-04-08] (McAfee, Inc.)

R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [488000 2015-04-08] (McAfee, Inc.)

R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [864200 2015-04-08] (McAfee, Inc.)

R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [483240 2015-03-26] (McAfee, Inc.)

S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [100720 2015-03-26] (McAfee, Inc.)

R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [335944 2015-04-08] (McAfee, Inc.)

R3 MSi2500BDA; C:\Windows\System32\DRIVERS\AVerMsiBDA.sys [228352 2011-12-17] (AVerMedia TECHNOLOGIES, Inc.)

S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2012-03-30] ()

 

==================== NetSvcs (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== One Month Created files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2015-07-04 23:03 - 2015-07-04 23:04 - 00030207 _____ C:\Users\Familie\Downloads\FRST.txt

2015-07-04 23:02 - 2015-07-04 23:03 - 00000000 ____D C:\FRST

2015-07-04 23:02 - 2015-07-04 23:02 - 02112512 _____ (Farbar) C:\Users\Familie\Downloads\FRST64.exe

2015-07-04 22:32 - 2015-07-04 22:32 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Familie\Downloads\mbam-setup-2.1.8.1057.exe

2015-07-04 22:32 - 2015-07-04 22:32 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Familie\Downloads\mbam-setup-2.1.8.1057 (1).exe

2015-07-04 22:25 - 2015-07-04 22:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus

2015-07-04 22:25 - 2015-07-04 22:25 - 00000000 ____D C:\Program Files\McAfee Security Scan

2015-07-04 16:45 - 2015-07-04 16:45 - 01010176 _____ C:\Users\Familie\Downloads\MicrosoftFixit50884.msi

2015-07-04 16:45 - 2015-07-04 16:45 - 01010176 _____ C:\Users\Familie\Downloads\MicrosoftFixit50884 (1).msi

2015-07-04 09:24 - 2015-07-04 22:25 - 00001933 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk

2015-07-04 09:24 - 2015-07-04 22:25 - 00000000 ____D C:\ProgramData\McAfee Security Scan

2015-07-04 02:59 - 2015-07-04 02:59 - 00287087 _____ C:\Users\Familie\Downloads\Windows6.1-KB981129-x86 (1).msu

2015-07-04 02:58 - 2015-07-04 02:58 - 00287087 _____ C:\Users\Familie\Downloads\Windows6.1-KB981129-x86.msu

2015-07-04 01:45 - 2015-07-04 01:45 - 20046278 _____ C:\Users\Familie\Downloads\SCI_Agent_Setup (1).exe

2015-07-04 01:44 - 2015-07-04 09:12 - 00000000 ____D C:\Users\Familie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DevID Agent

2015-07-04 01:44 - 2015-07-04 01:44 - 00456800 _____ C:\Users\Familie\Downloads\dbf8423c02173cca574c9b36a990ca30-877f30d593edbbc7de681c4360d63612.zip

2015-07-04 01:43 - 2015-07-04 01:44 - 20046278 _____ C:\Users\Familie\Downloads\SCI_Agent_Setup.exe

2015-07-04 01:39 - 2015-07-04 01:39 - 02448688 _____ (Megaify Software ) C:\Users\Familie\Downloads\DriverToolkitInstaller (1).exe

2015-07-04 01:37 - 2015-07-04 01:48 - 00000000 ____D C:\Program Files (x86)\DriverToolkit

2015-07-04 01:37 - 2015-07-04 01:37 - 00000000 ____D C:\Users\Familie\AppData\Local\DriverToolkit

2015-07-04 01:34 - 2015-07-04 01:35 - 02448688 _____ (Megaify Software ) C:\Users\Familie\Downloads\DriverToolkitInstaller.exe

2015-07-03 23:32 - 2015-07-03 23:32 - 00003288 ____N C:\bootsqm.dat

2015-07-01 16:26 - 2015-07-01 17:02 - 00000000 ____D C:\Users\Familie\Desktop\astrid

2015-06-24 15:55 - 2015-06-24 15:55 - 00000000 ____D C:\Users\Familie\AppData\Local\{CC87D6E2-A0F5-416D-AC3E-E1BE6A35402A}

2015-06-21 10:35 - 2015-06-21 10:35 - 01206594 _____ C:\Users\Familie\Downloads\2015 PE 2 eten en drinken quiz.pptx

2015-06-20 23:34 - 2015-06-27 07:49 - 00018851 _____ C:\Users\Familie\Documents\Beerzel_huwelijken.xlsx

2015-06-19 07:56 - 2015-04-27 08:02 - 00198448 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys

2015-06-19 07:55 - 2015-06-19 07:55 - 00003064 _____ C:\Windows\System32\Tasks\McAfeeLogon

2015-06-18 15:25 - 2015-06-18 15:25 - 00036352 _____ C:\Users\Familie\Downloads\Irregulars verbs list 2011 2012.xls

2015-06-14 14:57 - 2015-06-14 14:57 - 00000000 ____D C:\Users\Familie\AppData\Local\{721503D9-98FB-40C9-9503-66F941256110}

 

==================== One Month Modified files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2015-07-04 23:01 - 2009-07-14 07:13 - 00791118 _____ C:\Windows\system32\PerfStringBackup.INI

2015-07-04 23:00 - 2012-09-08 13:31 - 01572357 _____ C:\Windows\WindowsUpdate.log

2015-07-04 22:57 - 2014-06-13 22:24 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2015-07-04 22:57 - 2013-12-04 23:42 - 00001052 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-07-04 22:57 - 2012-03-30 10:15 - 00000000 ____D C:\ProgramData\PDFC

2015-07-04 22:57 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2015-07-04 22:57 - 2009-07-14 06:51 - 00164397 _____ C:\Windows\setupact.log

2015-07-04 22:41 - 2014-06-13 22:24 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2015-07-04 22:36 - 2013-02-16 10:55 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2015-07-04 22:33 - 2014-06-13 22:24 - 00001104 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2015-07-04 22:33 - 2014-06-13 22:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-07-04 22:33 - 2014-06-13 22:24 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware

2015-07-04 22:26 - 2014-06-19 12:58 - 00001056 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf8bad6452d6b5.job

2015-07-04 22:25 - 2009-07-14 06:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-07-04 22:25 - 2009-07-14 06:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-07-04 22:17 - 2015-04-05 09:27 - 00000000 ___SD C:\Windows\system32\GWX

2015-07-04 22:17 - 2014-07-16 06:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee

2015-07-04 22:17 - 2013-02-17 04:26 - 00000000 ____D C:\Windows\Minidump

2015-07-04 22:17 - 2012-09-08 13:32 - 00000000 ___RD C:\Users\Familie

2015-07-04 22:17 - 2012-03-30 09:52 - 00000000 ____D C:\Program Files\MiricsFlexiTV

2015-07-04 22:17 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\security

2015-07-04 22:17 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration

2015-07-04 19:59 - 2013-12-14 09:29 - 00003934 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{C7C3454D-74F5-44A2-9E3B-6F274E3D946F}

2015-07-04 16:49 - 2015-02-14 08:54 - 00362996 ____N C:\Windows\Minidump\070415-14492-01.dmp

2015-07-04 09:24 - 2013-12-04 23:41 - 00000000 ____D C:\Users\Familie\AppData\Local\Adobe

2015-07-04 02:29 - 2012-03-30 09:52 - 00000000 ____D C:\ProgramData\SonicFocus

2015-07-03 23:26 - 2013-11-03 13:03 - 00000000 ____D C:\ProgramData\TorchCrashHandler

2015-07-03 19:45 - 2010-11-21 09:16 - 00000000 ___RD C:\Users\Public\Recorded TV

2015-07-03 07:00 - 2013-04-12 14:33 - 00000000 ____D C:\Users\Familie\AppData\Local\CrashDumps

2015-07-01 08:02 - 2013-07-14 17:10 - 00003198 _____ C:\Windows\System32\Tasks\HPCeeScheduleForFamilie

2015-07-01 08:02 - 2013-07-14 17:10 - 00000340 _____ C:\Windows\Tasks\HPCeeScheduleForFamilie.job

2015-06-27 23:08 - 2015-05-24 22:30 - 00015901 _____ C:\Users\Familie\Documents\Beerzel_overlijdens.xlsx

2015-06-27 11:58 - 2014-12-14 14:48 - 00047774 _____ C:\Users\Familie\Documents\Koningshooikt_huwelijken.xlsx

2015-06-24 16:36 - 2013-02-16 10:55 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2015-06-24 16:36 - 2013-02-16 10:55 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater

2015-06-24 16:36 - 2012-03-30 10:04 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2015-06-24 06:34 - 2014-12-25 09:40 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task

2015-06-23 21:58 - 2013-02-16 11:32 - 00000000 ____D C:\Program Files (x86)\McAfee

2015-06-23 21:58 - 2010-11-21 05:47 - 00753582 _____ C:\Windows\PFRO.log

2015-06-23 02:28 - 2013-12-04 23:42 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2015-06-21 16:20 - 2012-09-08 13:37 - 00000000 ____D C:\Users\Familie\AppData\Roaming\Skype

2015-06-21 14:36 - 2012-03-30 10:06 - 00000000 ____D C:\Program Files (x86)\WildTangent Games

2015-06-21 14:22 - 2013-06-10 18:22 - 00000000 ____D C:\Users\Familie\AppData\Local\Microsoft Games

2015-06-20 10:21 - 2013-12-26 12:04 - 00143573 _____ C:\Users\Familie\Desktop\Afbetaling.xlsx

2015-06-19 07:56 - 2013-02-16 11:27 - 00000000 ____D C:\Program Files\Common Files\McAfee

2015-06-18 08:41 - 2014-06-13 22:24 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2015-06-18 08:41 - 2014-06-13 22:24 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2015-06-14 17:07 - 2013-02-24 18:55 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log

2015-06-14 15:02 - 2015-02-24 18:01 - 00012853 _____ C:\Users\Familie\Documents\emmastrid.wlmp

2015-06-14 15:00 - 2013-04-27 20:05 - 00000000 ____D C:\Users\Familie\Documents\Youcam

2015-06-12 17:28 - 2012-03-30 10:04 - 00000000 ____D C:\ProgramData\Skype

 

==================== Files in the root of some directories =======

 

2013-03-20 20:03 - 2015-01-28 17:39 - 0006144 _____ () C:\Users\Familie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2014-08-09 19:48 - 2014-08-09 19:48 - 0000000 _____ () C:\Users\Familie\AppData\Local\{AECB0852-BCA4-4631-9CEA-37C6C9CC01AB}

 

Some files in TEMP:

====================

C:\Users\Familie\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe

C:\Users\Familie\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe

C:\Users\Familie\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe

C:\Users\Familie\AppData\Local\Temp\jre-8u40-windows-au.exe

C:\Users\Familie\AppData\Local\Temp\k4cugmxu.dll

C:\Users\Familie\AppData\Local\Temp\ose00000.exe

C:\Users\Familie\AppData\Local\Temp\SkypeSetup.exe

 

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2015-07-03 11:00

 

==================== End of log ============================

 


Additional scan result of Farbar Recovery Scan Tool (x64) Version:04-07-2015

Ran by Familie at 2015-07-04 23:04:27

Running from C:\Users\Familie\Downloads

Boot Mode: Normal

==========================================================

 

 

==================== Accounts: =============================

 

Administrator (S-1-5-21-3461864485-847432099-1787404142-500 - Administrator - Disabled)

Familie (S-1-5-21-3461864485-847432099-1787404142-1000 - Administrator - Enabled) => C:\Users\Familie

Guest (S-1-5-21-3461864485-847432099-1787404142-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-3461864485-847432099-1787404142-1002 - Limited - Enabled)

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}

FW: McAfee Firewall (Disabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}

 

==================== Installed Programs ======================

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

ABBYY FineReader 6.0 Sprint (HKLM-x32\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1395.4512 - ABBYY Software House)

Adobe Acrobat Reader DC - Nederlands (HKLM-x32\...\{AC76BA86-7AD7-1043-7B44-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)

Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.194 - Adobe Systems Incorporated)

AMD Catalyst Install Manager (HKLM\...\{B0F2FA5B-E266-651A-F88C-05409A1F8CC1}) (Version: 3.0.842.0 - Advanced Micro Devices, Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden

Belgium e-ID middleware 4.0.7 (build 7466) (HKLM\...\{824563DE-75AD-4166-9DC0-B6482F207466}) (Version: 4.0.7466 - Belgian Government)

Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden

Bluetooth by hp (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.8200 - Broadcom Corporation)

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

Cisco Connect (HKLM-x32\...\Cisco Connect) (Version: 1.3.11006.1 - Cisco Consumer Products LLC)

Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)

Cradle of Egypt Premium Edition (HKLM-x32\...\12d8f2e1af370aadb690c2ecdaa1a347) (Version:  - Zylom)

Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden

CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.1.3226 - CyberLink Corp.)

CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.0.4417 - CyberLink Corp.)

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden

Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden

EPSON BX300F Series Printer Uninstall (HKLM\...\EPSON BX300F Series) (Version:  - SEIKO EPSON Corporation)

Epson Easy Photo Print 2 (HKLM-x32\...\{DEDB47A3-C988-4A43-A645-E2CEA571E680}) (Version: 2.0.0.0 - SEIKO EPSON CORPORATION)

EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - )

EPSON Stylus Office BX300F_TX300F Handboek (HKLM-x32\...\EPSON Stylus Office BX300F_TX300F Gebruikershandleiding) (Version:  - )

Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden

Farmscapes (x32 Version: 2.2.0.98 - WildTangent) Hidden

FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden

Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden

Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

GeoGebra 5 (HKLM-x32\...\GeoGebra 5) (Version: 5.0.18.0 - International GeoGebra Institute)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.130 - Google Inc.)

Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)

Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden

Hauppauge WinTV 7 (HKLM-x32\...\Hauppauge WinTV 7) (Version: v7.0.30237 (CD 2.6) - Hauppauge Computer Works)

HEMA fotoalbum be-nl (HKU\S-1-5-21-3461864485-847432099-1787404142-1000\...\{7530DFEF-DCB8-4231-99C9-AE9062CBE425}_is1) (Version:  - Hema)

Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden

Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden

HP Calendar (HKLM-x32\...\{2B38E0FA-D8A5-4EBF-A018-E3C1C8E7A2E2}) (Version: 5.1.4245.23508 - Hewlett-Packard)

HP Clock (HKLM-x32\...\{0EEC4E49-D4C2-4E23-87F2-B5641F1A09E4}) (Version: 5.1.4244.16367 - Hewlett-Packard)

HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)

HP LinkUp (HKLM-x32\...\{7E750542-55BC-4300-8B7B-AC2A762FB435}) (Version: 2.01.029 - Hewlett-Packard)

HP Magic Canvas (HKLM-x32\...\{DDFDC9D6-4220-41F8-BF9A-8E7512C4EF52}) (Version: 5.1.15.0 - Hewlett-Packard)

HP Magic Canvas Tutorials (HKLM-x32\...\{858FCB65-7C6D-4BA4-AD80-A3CB3744CE09}_is1) (Version: 5.0.0.3 - Hewlett-Packard)

HP My Display (HKLM-x32\...\{1F4DDC90-5923-4E49-A4C7-F3CCC954DCA0}) (Version: 1.07.003 - Portrait Displays, Inc.)

HP Notes (HKLM-x32\...\{86BAB08A-5E66-4C53-82E3-C1E91673C7CA}) (Version: 5.1.4274.30382 - Hewlett-Packard)

HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)

HP Remote Solution (HKLM-x32\...\HP Remote Solution) (Version: 1.1.14.0 - Hewlett-Packard)

HP RSS (HKLM-x32\...\{A35E58D6-2A0F-4051-983B-79342081338E}) (Version: 5.1.4301.21494 - Hewlett-Packard)

HP Setup (HKLM-x32\...\{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}) (Version: 9.0.15130.3904 - Hewlett-Packard Company)

HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.2.15145.3905 - Hewlett-Packard Company)

HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)

HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 11.00.0001 - Hewlett-Packard)

HP TouchSmart Background - Beats (HKLM-x32\...\{6A6F8D36-04BA-41E9-9004-1789BD545874}) (Version: 1.0.1.0 - Hewlett-Packard)

HP TouchSmart RecipeBox (HKLM-x32\...\{20714B53-FC73-4F9C-9687-49EB237D6FD7}) (Version: 3.0.3830.27730 - Hewlett-Packard)

HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)

HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.12.1.0 - Hewlett-Packard)

HydraVision (x32 Version: 4.2.212.0 - Advanced Micro Devices, Inc.) Hidden

iCloud (HKLM\...\{EAFB2AD8-D92B-464C-8D97-B9CB94703C4A}) (Version: 3.0.2.163 - Apple Inc.)

IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.11052.0 - IDT)

iMesh (HKU\S-1-5-21-3461864485-847432099-1787404142-1000\...\iMesh) (Version: 12.0.0.133955 - iMesh Inc) <==== ATTENTION

Intel® Identity Protection Technology 1.1.2.0 (HKLM-x32\...\{C01A86F5-56E7-101F-9BC9-E3F1025EB779}) (Version: 1.1.2.0 - Intel Corporation)

Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)

Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)

Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)

Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)

Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)

Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden

Jewel Quest Mysteries: The Seventh Gate Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden

John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden

Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.4507 - CyberLink Corp.)

LabelPrint (x32 Version: 2.5.4507 - CyberLink Corp.) Hidden

Letters from Nowhere 2 (x32 Version: 2.2.0.97 - WildTangent) Hidden

Luxor HD (x32 Version: 2.2.0.98 - WildTangent) Hidden

Magic Desktop (HKLM-x32\...\EasyBits Magic Desktop) (Version: 3.0 - EasyBits Software AS)

Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden

Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)

McAfee AntiVirus Plus (HKLM-x32\...\MSC) (Version: 14.0.1076 - McAfee, Inc.)

McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)

McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.316 - McAfee, Inc.)

Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)

Microsoft Mathematics (HKLM-x32\...\{4D090F70-6F08-4B60-9357-A1DFD4458F09}) (Version: 4.0 - Microsoft Corporation)

Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)

Microsoft Office Live Meeting 2007 (HKLM-x32\...\{389F8A7A-8611-42E8-8169-20D2BAF0C595}) (Version: 8.0.6362.215 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)

Online Games Manager v1.30 (HKLM-x32\...\Online Games Manager) (Version: 1.30.14 - Real Networks, Inc.)

opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden

PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.65 - PDF Complete, Inc)

Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden

Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden

PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)

Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden

Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden

Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden

Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.5705 - CyberLink Corp.)

Power2Go (x32 Version: 6.1.5705 - CyberLink Corp.) Hidden

Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.82 - Realtek Semiconductor Corp.)

Recovery Manager (x32 Version: 5.5.0.4424 - CyberLink Corp.) Hidden

Remote Graphics Receiver (HKLM-x32\...\{16FC3056-90C0-4757-8A68-64D8DA846ADA}) (Version: 5.4.5 - Hewlett-Packard)

RollerCoaster Tycoon 3: Platinum (x32 Version: 2.2.0.98 - WildTangent) Hidden

SDK (x32 Version: 2.28.007 - Portrait Displays, Inc.) Hidden

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)

Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)

Skype™ 7.5 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.5.102 - Skype Technologies S.A.)

The Treasures of Mystery Island: The Ghost Ship (x32 Version: 2.2.0.98 - WildTangent) Hidden

Torch (HKU\S-1-5-21-3461864485-847432099-1787404142-1000\...\Torch) (Version: 39.0.0.9037 - Torch Media, Inc)

Torchlight (x32 Version: 2.2.0.98 - WildTangent) Hidden

TSHostedAppLauncher (x32 Version: 5.1.15.0 - Hewlett-Packard) Hidden

Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden

VASCO Card Reader Plug-In (64-Bit) (Version: 3.2.3.2 - VASCO Data Security) Hidden

VASCO Smart Card Reader Plug-In (User) (HKU\S-1-5-21-3461864485-847432099-1787404142-1000\...\{8bc0c044-0d13-4fe6-90c1-af39c36cb927}) (Version: 3.2.3.2 - VASCO Data Security)

VIP Access (HKLM-x32\...\{7EB5B9B6-E7BF-4E8F-B478-1266A78CF231}) (Version: 2.2.1.13 - Symantec Corporation)

VIP Access SDK (1.0.1.4)  (HKLM-x32\...\VIP Access SDK) (Version: 1.0.1.4 - Symantec Inc.)

Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden

VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)

WildTangent Games App for HP (x32 Version: 4.0.11.2 - WildTangent) Hidden

Windows Driver Package - Fedict SmartCard  (04/30/2014 4.0.7.5) (HKLM\...\C5357B4AD7C02B3F6EF45765A07E5B725E50BBF7) (Version: 04/30/2014 4.0.7.5 - Fedict)

Windows Live (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)

Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation)

Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)

Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

 

==================== Custom CLSID (Whitelisted): ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== Restore Points =========================

 

12-06-2015 17:27:02 McAfee Vulnerability Scanner

20-06-2015 08:42:07 Scheduled Checkpoint

27-06-2015 19:37:08 Scheduled Checkpoint

03-07-2015 23:44:50 Device Driver Package Install: Microsoft Network adapters

04-07-2015 16:45:56 Installed Microsoft Fix it 50884

04-07-2015 22:09:02 Restore Operation

 

==================== Hosts content: ===============================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

 

==================== Scheduled Tasks (Whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

Task: {1A055B74-FEC2-4920-B29D-8FE6486BA297} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-08-18] (CyberLink)

Task: {1CF08073-D7C0-4C19-9879-CFFE35221A6A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-06-08] (Hewlett-Packard)

Task: {269B7E94-5F33-4029-AFF3-02F7EDE180E8} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {2DFEF1F3-AC55-4C19-80FE-23E81CE0AD50} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-04] (Google Inc.)

Task: {60FFEF3E-168D-4760-8F37-9CC040483859} - System32\Tasks\GoogleUpdateTaskMachineUA1cf8bad6452d6b5 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-04] (Google Inc.)

Task: {8145D184-A085-4722-BD18-1FAF4B61B84A} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [2015-05-06] (McAfee, Inc.)

Task: {A0AAF568-EDDD-4DC3-8EE1-B37DBDB98D9E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-06-12] (Adobe Systems Incorporated)

Task: {A1736DE6-A1D3-4618-B2EE-714A1C50953C} - System32\Tasks\RMCreator => C:\Program Files (x86)\Hewlett-Packard\Recovery\Reminder.exe [2011-08-24] (CyberLink)

Task: {C67B33CD-C4D0-46D1-AF27-A213525DF822} - System32\Tasks\HPCeeScheduleForFamilie => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)

Task: {DA9F5E13-A1C5-4A33-87CF-6859787AB75A} - System32\Tasks\{6A21E899-1007-4C7D-95B6-AE7C6132B42F} => Chrome.exe http://ui.skype.com/ui/0/7.3.0.101/nl/abandoninstall?page=tsProgressBar

Task: {DB506010-8CCF-49D9-AAB0-3B7F897D6722} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)

Task: {E13E282F-F0E0-4DEF-8A80-C221DD5628DC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-06-08] (Hewlett-Packard)

Task: {EA842E2E-4527-4A71-B53F-5270FDA55308} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)

Task: {EC767745-664A-44F7-AFFF-57FFD97DF0CB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-24] (Adobe Systems Incorporated)

Task: {F6B1C5C0-7624-4842-AFF6-90B11D04EF28} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf8bad6452d6b5.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\HPCeeScheduleForFamilie.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

 

==================== Loaded Modules (Whitelisted) ==============

 

2012-03-30 10:09 - 2011-09-15 22:36 - 00268592 _____ () C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dthook.dll

2011-11-24 08:50 - 2011-11-24 08:50 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll

2011-11-02 23:03 - 2011-11-02 23:03 - 00098304 _____ () c:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll

2011-11-02 23:03 - 2011-11-02 23:03 - 00028672 _____ () c:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\BrandingResources.dll

2013-02-16 11:10 - 2011-08-23 11:04 - 00057344 _____ () C:\Program Files (x86)\WinTV\TVServer\libhdhomerun.dll

2013-02-16 11:10 - 2012-01-16 18:12 - 00018944 _____ () C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServerps.dll

2012-03-30 10:09 - 2011-02-15 20:59 - 00015624 _____ () C:\Program Files (x86)\Hewlett-Packard\HP My Display\ACPIDll.dll

2012-03-30 10:09 - 2011-09-15 22:21 - 00180224 _____ () C:\Program Files (x86)\Common Files\Portrait Displays\Shared\PresetsCOM.dll

2015-06-23 02:28 - 2015-06-20 07:46 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\libglesv2.dll

2015-06-23 02:28 - 2015-06-20 07:46 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\libegl.dll

 

==================== Alternate Data Streams (Whitelisted) =========

 

(If an entry is included in the fixlist, only the ADS will be removed.)

 

 

==================== Safe Mode (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"

 

==================== EXE Association (Whitelisted) ===============

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

 

 

==================== Internet Explorer trusted/restricted ===============

 

(If an entry is included in the fixlist, it will be removed from the registry.)

 

 

==================== Other Areas ============================

 

(Currently there is no automatic fix for this section.)

 

HKU\S-1-5-21-3461864485-847432099-1787404142-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Familie\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

DNS Servers: 195.130.130.129 - 195.130.131.129

 

==================== MSCONFIG/TASK MANAGER disabled items ==

 

(Currently there is no automatic fix for this section.)

 

 

==================== FirewallRules (Whitelisted) ===============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

FirewallRules: [{E76B8787-F74E-493A-B262-F52FB26668FF}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe

FirewallRules: [{359ACF9A-B77C-43DF-B033-2779AAE42A8D}] => (Allow) C:\Windows\system32\ezSharedSvcHost.exe

FirewallRules: [{7ECD5022-BF58-493E-8AF7-17DF6916368E}] => (Allow) C:\Program Files (x86)\EasyBits For Kids\ezDesktop.exe

FirewallRules: [{FA17799F-79A7-479A-AC96-6FF0C0E635FD}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Remote Graphics Receiver\rgreceiver.exe

FirewallRules: [{0C3642D2-DBDB-4551-BFD4-B09B5BC12D24}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Remote Graphics Receiver\rgreceiver.exe

FirewallRules: [{10BF2C9C-5538-4705-8701-AD214F0AF4AF}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP LinkUp\HP LinkUp Viewer.exe

FirewallRules: [{B7CD2CC3-C6EE-4172-A8D4-5854960A8E3B}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP LinkUp\HP LinkUp Viewer.exe

FirewallRules: [{727A0F0B-D913-45BE-B3A8-AB2621DAFCFF}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe

FirewallRules: [{1276C118-D515-4CF1-8199-7F8E4895ABE6}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE

FirewallRules: [{AA70BB42-B0FB-4CFE-A5A8-2A8D3FB588A0}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

FirewallRules: [{7172EBDD-CE08-4F16-A31C-53ACF90BBF21}] => (Allow) LPort=2869

FirewallRules: [{480A7452-A176-43D1-B882-C0AFE5AD1D0F}] => (Allow) LPort=1900

FirewallRules: [{F49CEEFE-280C-4E85-8CB1-973479816238}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

FirewallRules: [{31D1BFB0-428D-4821-AB37-35C8AF733668}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe

FirewallRules: [{A9FF5025-55DF-400A-A683-EF217D7E5A22}] => (Allow) C:\Program Files (x86)\WinTV\WinTV7\WinTV7.exe

FirewallRules: [{FA928928-6269-450E-A82B-9CD8B8908C3E}] => (Allow) C:\Program Files (x86)\WinTV\WinTV7\WinTV7.exe

FirewallRules: [{0E3DC926-14E6-49CF-8847-882E5A359560}] => (Allow) C:\Program Files (x86)\WinTV\WinTV7\WinTV7.exe

FirewallRules: [{7B7EF185-ADAA-412E-AB42-8E90D4E5A4D0}] => (Allow) C:\Program Files (x86)\WinTV\WinTV7\WinTV7.exe

FirewallRules: [{68B06611-14B6-427E-9C07-5853F0D46BAC}] => (Allow) C:\Program Files (x86)\Microsoft Office\Live Meeting 8\Console\PWConsole.exe

FirewallRules: [{1D2E57B0-C644-4DD3-873E-97A963540005}] => (Allow) C:\Program Files (x86)\Microsoft Office\Live Meeting 8\Console\PWConsole.exe

FirewallRules: [{AB6C566F-B41D-48EA-B873-0F007803BAE4}] => (Allow) C:\Program Files (x86)\Microsoft Office\Live Meeting 8\Console\PWConsole.exe

FirewallRules: [{3635929C-A337-4D84-A4E2-6A882BED99A8}] => (Allow) C:\Program Files (x86)\Microsoft Office\Live Meeting 8\Console\PWConsole.exe

FirewallRules: [{27B0FA0C-3C3C-483B-9592-09BD7F3D1ECF}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe

FirewallRules: [{A62693AD-9815-4094-81AC-33820029270E}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe

FirewallRules: [{A6D55E4D-7170-424B-8A41-C1D61D16C006}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{1A82B444-C4ED-4AEF-917B-68DE33A3EC4A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{92FCB3E3-9C23-4972-9FA4-318CC957D528}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{370D4D0A-7564-4B17-B896-32D003E3A997}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (07/04/2015 11:02:33 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)

Description: Windows cannot load classes registry file.

 DETAIL - The system has attempted to load or restore a file into the registry, but the specified file is not in a registry file format.

 

Error: (07/04/2015 11:02:33 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)

Description: Windows was unable to load the registry. This problem is often caused by insufficient memory or insufficient security rights. 

 

 DETAIL - The system has attempted to load or restore a file into the registry, but the specified file is not in a registry file format.

 for C:\Users\Familie\AppData\Local\Microsoft\Windows\\UsrClass.dat

 

Error: (07/04/2015 11:02:33 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)

Description: Windows cannot load classes registry file.

 DETAIL - The system has attempted to load or restore a file into the registry, but the specified file is not in a registry file format.

 

Error: (07/04/2015 11:02:33 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)

Description: Windows was unable to load the registry. This problem is often caused by insufficient memory or insufficient security rights. 

 

 DETAIL - The system has attempted to load or restore a file into the registry, but the specified file is not in a registry file format.

 for C:\Users\Familie\AppData\Local\Microsoft\Windows\\UsrClass.dat

 

Error: (07/04/2015 11:00:06 PM) (Source: ESENT) (EventID: 454) (User: )

Description: wuaueng.dll (764) SUS20ClientDataStore: Database recovery/restore failed with unexpected error -1011.

 

Error: (07/04/2015 11:00:06 PM) (Source: ESENT) (EventID: 454) (User: )

Description: wuaueng.dll (764) SUS20ClientDataStore: Database recovery/restore failed with unexpected error -1011.

 

Error: (07/04/2015 11:00:06 PM) (Source: ESENT) (EventID: 454) (User: )

Description: wuaueng.dll (764) SUS20ClientDataStore: Database recovery/restore failed with unexpected error -1011.

 

Error: (07/04/2015 11:00:05 PM) (Source: ESENT) (EventID: 454) (User: )

Description: wuaueng.dll (764) SUS20ClientDataStore: Database recovery/restore failed with unexpected error -1011.

 

Error: (07/04/2015 11:00:05 PM) (Source: ESENT) (EventID: 454) (User: )

Description: wuaueng.dll (764) SUS20ClientDataStore: Database recovery/restore failed with unexpected error -1011.

 

Error: (07/04/2015 11:00:05 PM) (Source: ESENT) (EventID: 454) (User: )

Description: wuaueng.dll (764) SUS20ClientDataStore: Database recovery/restore failed with unexpected error -1011.

 

 

System errors:

=============

Error: (07/04/2015 11:04:16 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The McMPFSvc service depends on the Windows Firewall service which failed to start because of the following error: 

%%1068

 

Error: (07/04/2015 11:04:16 PM) (Source: Service Control Manager) (EventID: 7023) (User: )

Description: The Base Filtering Engine service terminated with the following error: 

%%5

 

Error: (07/04/2015 11:04:16 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Windows Firewall service depends on the Base Filtering Engine service which failed to start because of the following error: 

%%5

 

Error: (07/04/2015 11:04:16 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The McMPFSvc service depends on the Windows Firewall service which failed to start because of the following error: 

%%1068

 

Error: (07/04/2015 11:04:16 PM) (Source: Service Control Manager) (EventID: 7023) (User: )

Description: The Base Filtering Engine service terminated with the following error: 

%%5

 

Error: (07/04/2015 11:04:16 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Windows Firewall service depends on the Base Filtering Engine service which failed to start because of the following error: 

%%5

 

Error: (07/04/2015 11:01:18 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The McMPFSvc service depends on the Windows Firewall service which failed to start because of the following error: 

%%1068

 

Error: (07/04/2015 11:01:18 PM) (Source: Service Control Manager) (EventID: 7023) (User: )

Description: The Base Filtering Engine service terminated with the following error: 

%%5

 

Error: (07/04/2015 11:01:18 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Windows Firewall service depends on the Base Filtering Engine service which failed to start because of the following error: 

%%5

 

Error: (07/04/2015 10:59:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Google Update-service (gupdate) service failed to start due to the following error: 

%%3

 

 

Microsoft Office:

=========================

Error: (07/04/2015 11:02:33 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)

Description: The system has attempted to load or restore a file into the registry, but the specified file is not in a registry file format.

 

Error: (07/04/2015 11:02:33 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)

Description: The system has attempted to load or restore a file into the registry, but the specified file is not in a registry file format.

C:\Users\Familie\AppData\Local\Microsoft\Windows\\UsrClass.dat

 

Error: (07/04/2015 11:02:33 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)

Description: The system has attempted to load or restore a file into the registry, but the specified file is not in a registry file format.

 

Error: (07/04/2015 11:02:33 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)

Description: The system has attempted to load or restore a file into the registry, but the specified file is not in a registry file format.

C:\Users\Familie\AppData\Local\Microsoft\Windows\\UsrClass.dat

 

Error: (07/04/2015 11:00:06 PM) (Source: ESENT) (EventID: 454) (User: )

Description: wuaueng.dll764SUS20ClientDataStore: -1011

 

Error: (07/04/2015 11:00:06 PM) (Source: ESENT) (EventID: 454) (User: )

Description: wuaueng.dll764SUS20ClientDataStore: -1011

 

Error: (07/04/2015 11:00:06 PM) (Source: ESENT) (EventID: 454) (User: )

Description: wuaueng.dll764SUS20ClientDataStore: -1011

 

Error: (07/04/2015 11:00:05 PM) (Source: ESENT) (EventID: 454) (User: )

Description: wuaueng.dll764SUS20ClientDataStore: -1011

 

Error: (07/04/2015 11:00:05 PM) (Source: ESENT) (EventID: 454) (User: )

Description: wuaueng.dll764SUS20ClientDataStore: -1011

 

Error: (07/04/2015 11:00:05 PM) (Source: ESENT) (EventID: 454) (User: )

Description: wuaueng.dll764SUS20ClientDataStore: -1011

 

 

==================== Memory info =========================== 

 

Processor: Intel® Core i7-2600S CPU @ 2.80GHz

Percentage of memory in use: 42%

Total physical RAM: 6124.31 MB

Available physical RAM: 3531.48 MB

Total Virtual: 12246.81 MB

Available Virtual: 9179.69 MB

 

==================== Drives ================================

 

Drive c: (OS) (Fixed) (Total:910.53 GB) (Free:682.18 GB) NTFS

Drive d: (HP_RECOVERY) (Fixed) (Total:20.88 GB) (Free:2.63 GB) NTFS ==>[system with boot components (obtained from reading drive)]

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: EED37A81)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=910.5 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=20.9 GB) - (Type=07 NTFS)

 

==================== End of log ============================


 

 

Link to post
Share on other sites

  • Staff

Hello,
    
 
They call me TwinHeadedEagle around here, and I'll try to help your with your issue.
 
     
    
Before we start please read and note the following:

  • We're primarily oriented on malware removal here, so you must know that some issues just cannot be solved and you must be prepared for this. Some tools we use here will remove your browser search history, so backup your important links and all the files whose loss is unacceptable.
  • Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
  • Please be patient. I know it is frustrating when your PC isn't working properly, but malware removal takes time. Keep in mind that private life gets in the way too. Note that we may live in totally different time zones, what may cause some delays between answers.
  • Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
  • Do not paste the logs in your posts, attachments make my work easier. There is a More reply options button, that gives you Upload Files option below which you can use to attach your reports. Always attach reports from all tools.
  • Always execute my instructions in given order. If for some reason you cannot completely follow one instruction, inform me about that.
  • I volunteer to help you, so please, do not ask for help for your company/business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.

:excl: I can't foresee everything, so if anything not covered in my instructions happens, please stop and inform me!
:excl: There are no silly questions. Never be afraid to ask if in doubt!
 
 
 
  warning.gif Rules and policies
 
We won't support any piracy.
That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!
The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!
 
Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.
 
 



 
 

51a612a8b27e2-Zoek.png Scan with ZOEK
 
Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
  • Right-click on 51a612a8b27e2-Zoek.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:
    createsrpoint;autoclean;emptyalltemp;ipconfig /flushdns;b
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)
  • Post its content into your next reply.
Link to post
Share on other sites

  • Staff

FRST.gif Scan with Farbar Recovery Scan Tool
 
Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content into your next reply.

Link to post
Share on other sites

  • Staff

servicerepairico.png Fix with ESET Services Repair
 
Please download Services Repair by ESET and save it to your desktop.

  • Right-click on servicerepairico.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • If security notifications appear, click Continue or Run.
  • Accept the prompt about restoring services.
  • Once the tool has finished, you will be prompted to restart your computer. Click Yes to restart.
  • A log will be saved in the CCSupport folder the tool created on your desktop.

Please include that logfile in your next reply.

Link to post
Share on other sites

Hi TwinHeadedEagle,

 

That did the trick! After the reboot the firewalls started again.

Anything else I should check?

 

Thank you for your help

 

 

P.S. Now that the firewall is up again, I will remember to appreciate your help - bottom's up.

 

Link to post
Share on other sites

  • Staff

I would like to see fresh FRST reports:
 
FRST.gif Scan with Farbar Recovery Scan Tool
 
Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
  • Please include their content into your next reply.



    FarbarServiceScanner.png Scan with Farbar Service Scanner

    Download Farbar Service Scanner by Farbar and save it to your desktop.
    • Right-click on FarbarServiceScanner.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    • Make sure all of the options are checked!
    • Press Scan.
    • It will create a log (FSS.txt) in the same directory the tool is run.
    Please include that log in your next reply.
Link to post
Share on other sites

OK. This required uninstalling McAfee AntiVirus Plus (strangely it didn't care about MBAM) first. Did that, ran the fix. However, that did not change the outcome. The Diagnostics Policy Service is still down. I have reinstalled McAfee in the mean time.

 

Thx

Link to post
Share on other sites

The Diagnostic Policy Service is set as Automatic, but it is not started (Service status: stopped). Trying to start it in the dialog results in messaging similar to the one I sent earlier. 'Windows could not start the Diagnostic Policy Service service on local computer. Error 5: access is denied.

 

Thx

Link to post
Share on other sites

  • Staff

reg_file_icon.jpg Registry Fix

Modifying the registry may create unforeseen results. Please do not proceed, unless you have created a registry backup prior to doing that!

Please download the attached registry fix file and save it to your desktop:

http://download.bleepingcomputer.com/win-services/7/DPS.reg

Now we need to import the file into the registry.

  • Locate the DPS.reg file on your desktop.
  • Right-click the reg_file_icon.jpg icon of your file and select Merge.
  • You'll be prompted about adding the information to the registry. Please agree.

After this please manually reboot your machine. Any report won't be generated.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.