Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus or unwanted program 'TR/Crypt.ZPACK.Gen8


  • This topic is locked This topic is locked
37 replies to this topic

#1 sandervanz

sandervanz

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Apeldoorn, Netherlands
  • Local time:05:33 PM

Posted 31 October 2013 - 02:32 PM

Avira Free Antivirus is showing a popup everytime I start browsing.

The message shown is:

Virus or unwanted program 'TR/Crypt.ZPACK.Gen8 [trojan]'
detected in file 'C:\Windows\Temp\bkkrjmhmww\plugin.dll.
Action performed: Deny access
 
The location is different is everytime. With Avira i can put the file in quarantine, but it keeps coming back. I tried several software (Kaspersky, Malwarebytes etc.) to get rid of it. I think I should remove it manually but I don't really know how to so..
 
 
I'm hoping you guys can help,  thanks in advance.
 
 
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 9.0.8112.16476
Run by Sander at 20:16:16 on 2013-10-31
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.31.1043.18.3767.959 [GMT 1:00]
.
AV: Lavasoft Ad-Aware *Disabled/Outdated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
AV: Kaspersky Internet Security *Enabled/Updated* {179979E8-273D-D14E-0543-2861940E4886}
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Kaspersky Internet Security *Enabled/Updated* {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Aware *Disabled/Outdated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}
FW: Kaspersky Internet Security *Enabled* {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
FW: Lavasoft Ad-Aware *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\PROGRA~2\mcafee\SITEAD~1\McSACore.exe
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
C:\Program Files (x86)\PDF Architect\HelperService.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\PDF Architect\ConversionService.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
c:\PROGRA~2\mcafee\SITEAD~1\saui.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uDefault_Page_URL = about:blank
mStart Page = about:blank
mDefault_Page_URL = about:blank
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: PDF Architect Helper: {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Aanmeldhulp voor Windows Live ID: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
mRun: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [Anvi Smart Defender] C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:221
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ie_banner_deny.htm
IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - <orphaned>
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - <orphaned>
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
LSP: C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.2.254
TCP: Interfaces\{7004FE86-FDAB-42C6-9C09-90AE908901F8} : DHCPNameServer = 192.168.2.254
TCP: Interfaces\{7004FE86-FDAB-42C6-9C09-90AE908901F8}\14256573531393331334039343 : DHCPNameServer = 192.168.2.254
TCP: Interfaces\{7004FE86-FDAB-42C6-9C09-90AE908901F8}\2456C6B696E6534376 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{7004FE86-FDAB-42C6-9C09-90AE908901F8}\D416473754C696E656 : DHCPNameServer = 192.168.1.1
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = about:blank
x64-mDefault_Page_URL = about:blank
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - <orphaned>
x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - <orphaned>
x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 gfibto;gfibto;C:\Windows\System32\drivers\gfibto.sys [2013-1-14 14456]
R1 asdrm;asdrm;C:\Windows\System32\drivers\asdrm.sys [2013-10-30 18768]
R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2013-8-29 28600]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2013-10-11 29792]
R1 klpd;klpd;C:\Windows\System32\drivers\klpd.sys [2013-4-12 15456]
R1 kltdi;kltdi;C:\Windows\System32\drivers\kltdi.sys [2013-5-14 55904]
R1 kneps;kneps;C:\Windows\System32\drivers\kneps.sys [2013-6-6 178784]
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\System32\drivers\mwlPSDFilter.sys [2009-6-3 22576]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\System32\drivers\mwlPSDNserv.sys [2009-6-3 20016]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\System32\drivers\mwlPSDVDisk.sys [2009-6-3 60464]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 SBRE;SBRE;C:\Windows\System32\drivers\sbredrv.sys [2011-5-5 57976]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-12 140672]
R2 Ad-Aware Service;Ad-Aware Service;C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-12-14 1236968]
R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2013-8-29 84024]
R2 AntiVirService;Avira Real-Time Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2013-8-29 108088]
R2 asdrs;AntiMalware Host-based Intrusion Prevention System;C:\Windows\System32\drivers\asdrs.sys [2013-10-30 23376]
R2 asdsrv;Anvi Smart Defender Realtime Guard Service;C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe [2013-10-21 742584]
R2 asdws;AnviSmartDefender Web Guard;C:\Windows\System32\drivers\asdws.sys [2013-10-30 17232]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2013-8-29 105344]
R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [2013-10-11 214512]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-8-30 321104]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2010-11-26 868896]
R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2010-1-8 23584]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-8-30 13336]
R2 Live Updater Service;Live Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2012-4-23 255376]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\PROGRA~2\mcafee\SITEAD~1\McSACore.exe [2013-10-4 121616]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-6-28 255744]
R2 PDF Architect Helper Service;PDF Architect Helper Service;C:\Program Files (x86)\PDF Architect\HelperService.exe [2012-11-22 1522312]
R2 PDF Architect Service;PDF Architect Service;C:\Program Files (x86)\PDF Architect\ConversionService.exe [2012-11-22 905864]
R2 SBAMSvc;Ad-Aware;C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2012-9-20 3677000]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R2 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2013-3-22 93072]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2009-11-2 13784]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-8-30 2320920]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-8-30 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-8-30 158976]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-8-30 287232]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2010-5-15 384040]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\Windows\System32\drivers\klkbdflt.sys [2013-10-11 29280]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2013-10-11 29280]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-3-1 161384]
S3 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-5-27 305520]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-11-26 246376]
S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-11-2 126352]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]
S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-5-7 1255736]
S4 AntiVirWebService;Avira Web Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe [2013-8-29 815160]
S4 klflt;klflt;C:\Windows\System32\drivers\klflt.sys [2013-10-27 112224]
S4 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]
.
=============== Created Last 30 ================
.
2013-10-30 23:11:15 -------- d-----w- C:\Windows\System32\SPReview
2013-10-30 22:55:32 -------- d-----w- C:\Users\Sander\AppData\Roaming\Anvisoft
2013-10-30 22:55:18 23376 ----a-w- C:\Windows\System32\drivers\asdrs.sys
2013-10-30 22:55:18 18768 ----a-w- C:\Windows\System32\drivers\asdrm.sys
2013-10-30 22:55:18 17232 ----a-w- C:\Windows\System32\drivers\asdws.sys
2013-10-30 22:55:17 -------- d-----w- C:\ProgramData\Anvisoft
2013-10-30 22:55:13 -------- d-----w- C:\Program Files (x86)\Anvisoft
2013-10-30 21:59:39 -------- d-----w- C:\AdwCleaner
2013-10-30 21:26:43 0 ----a-w- C:\Windows\SysWow64\shoCBEB.tmp
2013-10-27 12:23:33 110176 ----a-w- C:\Windows\System32\klfphc.dll
2013-10-27 12:22:09 -------- d-----w- C:\Windows\ELAMBKUP
2013-10-27 12:21:53 -------- d-----w- C:\Program Files (x86)\Kaspersky Lab
2013-10-27 12:21:09 112224 ----a-w- C:\Windows\System32\drivers\klflt.sys
2013-10-24 18:30:33 -------- d-----w- C:\ProgramData\Kaspersky Lab
2013-10-23 17:55:58 -------- d-----w- C:\Windows\SysWow64\wbem\Logs
2013-10-23 17:16:12 -------- d-----w- C:\Users\Sander\AppData\Roaming\eCyber
2013-10-23 17:15:41 -------- d-----w- C:\Users\Sander\AppData\Roaming\iSafe
2013-10-22 19:46:07 10280728 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C8DF75F4-03A5-4748-BA94-E264031002C2}\mpengine.dll
2013-10-22 17:29:56 -------- d-----w- C:\Users\Sander\AppData\Roaming\Yqhy
2013-10-22 17:29:56 -------- d-----w- C:\Users\Sander\AppData\Roaming\Uxelti
2013-10-22 17:29:56 -------- d-----w- C:\Users\Sander\AppData\Roaming\Iquss
2013-10-22 17:24:51 -------- d-----w- C:\Users\Sander\AppData\Roaming\Qauk
2013-10-22 17:24:51 -------- d-----w- C:\Users\Sander\AppData\Roaming\Icno
2013-10-22 17:24:51 -------- d-----w- C:\Users\Sander\AppData\Roaming\Ettezu
2013-10-21 20:58:38 -------- d-----w- C:\ProgramData\8aad9bf2-cb0a-49a5-a72d-76afdd5befcb
2013-10-11 12:25:26 7717984 ----a-w- C:\Windows\System32\drivers\kl1.sys
2013-10-11 12:25:26 29792 ----a-w- C:\Windows\System32\drivers\klim6.sys
2013-10-11 12:25:26 29280 ----a-w- C:\Windows\System32\drivers\klmouflt.sys
2013-10-11 12:25:26 29280 ----a-w- C:\Windows\System32\drivers\klkbdflt.sys
2013-10-10 21:03:30 0 ----a-w- C:\Windows\SysWow64\shoD417.tmp
2013-10-05 16:26:32 417792 ----a-w- C:\Program Files (x86)\Windows Media Player\Plugins\wmp_scrobbler.dll
.
==================== Find3M  ====================
.
2013-09-05 21:28:50 105344 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2013-09-03 12:35:10 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-08-29 16:45:23 81112 ----a-w- C:\Windows\System32\drivers\avnetflt.sys
2013-08-28 17:23:36 28600 ----a-w- C:\Windows\System32\drivers\avkmgr.sys
.
============= FINISH: 20:18:21,87 ===============
 

Attached Files


Edited by sandervanz, 31 October 2013 - 02:35 PM.


BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:04:33 PM

Posted 31 October 2013 - 03:21 PM

Good evening. :)

I think that the file that you are seeing is being created by another file and each time that your AV deletes it, it is being recreated by that other file. What we need to do is to identify the creating file and delete that one. What I want you to do is to identify when the file is being created, probably when you boot the PC, and not have your AV scan or delete the file if that is possible. The I want you to run the following:

 

Pay a visit to the ESET Online Scanner.

  • Click the Run ESET Online Scanner button.
  • If you are using any other browser than IE, you will be prompted to download and run esetsmartinstaller_enu.exe and the scan will run from within the window that the executable opens.
  • Regardless of which browser you are using, you will be shown some terms and conditions and you will need to accept these to continue.
  • If you are running IE for this scan you will then be prompted to allow an ActiveX component to be downloaded, unless you already have it installed, and the scan will run inside IE.
  • When you see the Computer Scan Settings window, you will need to make the following changes:

    • UNCHECK Remove found threats - this is important.
    • Check Scan archives
    • Click on Advanced settings
    • Check Scan for potentially unsafe applications
  • Once ready, click Start to begin - not a surprise really!
  • The anti-virus definitions will now be downloaded, so don't forget to allow them through your firewall if prompted.
  • The above will take a little time, so now is a good time to fire up the kettle and open the biccies.
  • Once the scan has completed you will be shown the results - assuming that the scanner has found anything.
  • Click List of found threats and then Export to text file... and save the log somewhere convenient.
  • You can then close out the scanner - don't bother uninstalling it as you may need to use it again.
  • Please post the contents of this file in your next reply, or let me know that nothing was identified.

 

I'd like ESET's opinion on the file that you are seeing as well as, hopefully, the parent file.


So long, and thanks for all the fish.

 

 


#3 sandervanz

sandervanz
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Apeldoorn, Netherlands
  • Local time:05:33 PM

Posted 01 November 2013 - 01:27 AM

Thanks for the clear explanation.
 
Finished my tea, so here are the results:
C:\Program Files (x86)\Avira\AntiVir Desktop\offercast_avirav7_.exe a variant of Win32/Bundled.Toolbar.Ask.D application
C:\ProgramData\Ad-Aware Browsing Protection\lmbd.dll a variant of Win64/Kryptik.ER trojan
C:\Users\All Users\Ad-Aware Browsing Protection\lmbd.dll a variant of Win64/Kryptik.ER trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\ApnIC[1].0 a variant of Win32/Bundled.Toolbar.Ask application
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\ApnIC[2].0 a variant of Win32/Bundled.Toolbar.Ask application
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\ApnIC[1].0 a variant of Win32/Bundled.Toolbar.Ask application
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\ApnIC[2].0 a variant of Win32/Bundled.Toolbar.Ask application
C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_3de8def0db722996\autochk.exe a variant of Win32/CompuTrace.B application


#4 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:04:33 PM

Posted 01 November 2013 - 02:44 PM

Good evening. :)

Please download AdwCleaner by Xplode from here and save it to your Desktop.

  • Close all open programs, including browsers.
  • Double click adwcleaner.exe to begin.
  • Click on Scan and, once complete, click on report and let me have the contents of the text that opens.
  • A copy of the text file will be saved to C:\AdwCleaner[R*].txt - make sure you post the file with the biggest "R" number.


So long, and thanks for all the fish.

 

 


#5 sandervanz

sandervanz
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Apeldoorn, Netherlands
  • Local time:05:33 PM

Posted 01 November 2013 - 03:19 PM

Hi, this is the report:

 

# AdwCleaner v3.010 - Report created 01/11/2013 at 21:11:47
# Updated 20/10/2013 by Xplode
# Operating System : Windows 7 Home Premium  (64 bits)
# Username : ############
# Running from : C:\Users\Sander\Downloads\AdwCleaner (1).exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{25A3A431-30BB-47C8-AD6A-E1063801134F}]
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16476
 
 
-\\ Google Chrome v30.0.1599.101
 
[ File : C:\Users\Sander\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [1729 octets] - [30/10/2013 22:59:49]
AdwCleaner[R1].txt - [784 octets] - [01/11/2013 21:11:47]
AdwCleaner[S0].txt - [1830 octets] - [30/10/2013 23:06:58]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [903 octets] ##########

Edited by sandervanz, 01 November 2013 - 03:19 PM.


#6 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:04:33 PM

Posted 01 November 2013 - 04:50 PM

Take a trip to this webpage for download links and instructions for running Combofix by sUBs.*

  • Please be aware that this tool may require the PC to be rebooted so close any programs you have open before you start.
  • When CF has finished, it will produce a log - C:\ComboFix.txt - copy and paste it into your next reply.
  • Let me know how the PC is behaving.

* Please note from the instructions page:

Disabling your Anti-Virus - CF has been the victim of false-positive detections on occasion and a resident AV may incorrectly identify and delete part of the tool which won't do it much good. If you don't disable your AV, you may not get the results you hoped for either.
 


So long, and thanks for all the fish.

 

 


#7 sandervanz

sandervanz
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Apeldoorn, Netherlands
  • Local time:05:33 PM

Posted 03 November 2013 - 07:01 AM

Need a couple of attempts before I could run the scan succesfully. As soon as i started my browser (Chrome), I got a pop-up from avira with the virus.

 

edit: Not sure if it matters, but after rebooting my pc, I started using Internet with IE, and the popup did not show up.

 

 

ComboFix 13-11-03.02 - Sander 03-11-2013  12:10:41.3.4 - x64
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.31.1043.18.3767.1850 [GMT 1:00]
Gestart vanuit: c:\users\Sander\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: Kaspersky Internet Security *Disabled/Updated* {179979E8-273D-D14E-0543-2861940E4886}
AV: Lavasoft Ad-Aware *Disabled/Outdated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
FW: Kaspersky Internet Security *Disabled* {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
FW: Lavasoft Ad-Aware *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Kaspersky Internet Security *Disabled/Updated* {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
SP: Lavasoft Ad-Aware *Disabled/Outdated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((   Andere Verwijderingen   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Sander\AppData\Roaming\Agfiuz
c:\users\Sander\AppData\Roaming\Agfiuz\umrai.zob
c:\users\Sander\AppData\Roaming\Etepub
c:\users\Sander\AppData\Roaming\Etepub\yvum.ati
c:\users\Sander\AppData\Roaming\Iquss
c:\users\Sander\AppData\Roaming\Iquss\icrov.egp
c:\users\Sander\AppData\Roaming\Uxelti
c:\users\Sander\AppData\Roaming\Uxelti\daryl.uzh
c:\users\Sander\AppData\Roaming\Zela
c:\users\Sander\AppData\Roaming\Zela\guit.weo
c:\windows\wininit.ini
.
.
((((((((((((((((((((   Bestanden Gemaakt van 2013-10-03 to 2013-11-03  ))))))))))))))))))))))))))))))
.
.
2013-11-03 11:26 . 2013-11-03 11:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-11-02 16:35 . 2013-11-02 16:35 -------- d-----w- c:\windows\system32\SPReview
2013-11-02 10:22 . 2013-11-02 10:22 0 ----a-w- c:\windows\SysWow64\shoA737.tmp
2013-10-31 20:41 . 2013-10-31 20:41 0 ----a-w- c:\windows\SysWow64\sho395C.tmp
2013-10-31 20:26 . 2013-10-31 20:26 -------- d-----w- c:\program files (x86)\ESET
2013-10-30 22:55 . 2013-10-30 22:55 -------- d-----w- c:\users\Sander\AppData\Roaming\Anvisoft
2013-10-30 22:55 . 2013-10-15 03:05 23376 ----a-w- c:\windows\system32\drivers\asdrs.sys
2013-10-30 22:55 . 2013-10-15 03:05 18768 ----a-w- c:\windows\system32\drivers\asdrm.sys
2013-10-30 22:55 . 2013-10-15 03:05 17232 ----a-w- c:\windows\system32\drivers\asdws.sys
2013-10-30 22:55 . 2013-10-30 22:55 -------- d-----w- c:\programdata\Anvisoft
2013-10-30 22:55 . 2013-10-30 22:55 -------- d-----w- c:\program files (x86)\Anvisoft
2013-10-30 21:59 . 2013-11-01 20:15 -------- d-----w- C:\AdwCleaner
2013-10-30 21:26 . 2013-10-30 21:26 0 ----a-w- c:\windows\SysWow64\shoCBEB.tmp
2013-10-27 12:23 . 2013-05-06 08:13 110176 ----a-w- c:\windows\system32\klfphc.dll
2013-10-27 12:22 . 2013-10-27 12:22 -------- d-----w- c:\windows\ELAMBKUP
2013-10-27 12:21 . 2013-10-27 12:21 -------- d-----w- c:\program files (x86)\Kaspersky Lab
2013-10-27 12:21 . 2013-10-11 12:25 620640 ----a-w- c:\windows\system32\drivers\klif.sys
2013-10-27 12:21 . 2013-06-08 19:18 112224 ----a-w- c:\windows\system32\drivers\klflt.sys
2013-10-24 18:30 . 2013-11-03 11:05 -------- d-----w- c:\programdata\Kaspersky Lab
2013-10-23 17:55 . 2013-10-23 17:55 -------- d-----w- c:\windows\SysWow64\wbem\Logs
2013-10-23 17:16 . 2013-10-23 17:16 -------- d-----w- c:\users\Sander\AppData\Roaming\eCyber
2013-10-23 17:15 . 2013-10-30 22:12 -------- d-----w- c:\users\Sander\AppData\Roaming\iSafe
2013-10-22 19:46 . 2013-10-15 23:20 10280728 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C8DF75F4-03A5-4748-BA94-E264031002C2}\mpengine.dll
2013-10-22 17:29 . 2013-10-23 18:48 -------- d-----w- c:\users\Sander\AppData\Roaming\Yqhy
2013-10-22 17:24 . 2013-10-23 18:49 -------- d-----w- c:\users\Sander\AppData\Roaming\Qauk
2013-10-22 17:24 . 2013-10-23 18:46 -------- d-----w- c:\users\Sander\AppData\Roaming\Icno
2013-10-22 17:24 . 2013-10-22 17:24 -------- d-----w- c:\users\Sander\AppData\Roaming\Ettezu
2013-10-21 20:58 . 2013-10-24 18:23 -------- d-----w- c:\programdata\8aad9bf2-cb0a-49a5-a72d-76afdd5befcb
2013-10-11 12:25 . 2013-10-11 12:25 7717984 ----a-w- c:\windows\system32\drivers\kl1.sys
2013-10-11 12:25 . 2013-10-11 12:25 29792 ----a-w- c:\windows\system32\drivers\klim6.sys
2013-10-11 12:25 . 2013-10-11 12:25 29280 ----a-w- c:\windows\system32\drivers\klmouflt.sys
2013-10-11 12:25 . 2013-10-11 12:25 29280 ----a-w- c:\windows\system32\drivers\klkbdflt.sys
2013-10-10 21:03 . 2013-10-10 21:03 0 ----a-w- c:\windows\SysWow64\shoD417.tmp
2013-10-05 16:26 . 2008-05-13 16:23 417792 ----a-w- c:\program files (x86)\Windows Media Player\Plugins\wmp_scrobbler.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((   Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-09 21:33 . 2011-07-29 19:56 80541720 ----a-w- c:\windows\system32\MRT.exe
2013-09-05 21:28 . 2013-08-29 16:39 105344 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-09-03 12:35 . 2011-07-07 20:09 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-08-29 16:45 . 2013-08-29 16:46 81112 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2013-08-29 16:45 . 2013-08-29 16:39 132088 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-08-28 17:23 . 2013-08-29 16:39 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Opstartpunten   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 02:40 120176 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-04-13 284696]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-05-27 337264]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-03-11 201584]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-03-11 407920]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-06-28 265984]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-08-10 975952]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-08-29 347192]
"Anvi Smart Defender"="c:\program files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe" [2013-10-21 1636536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 AntiVirWebService;Avira Web Protection;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
R4 klflt;klflt;c:\windows\system32\DRIVERS\klflt.sys;c:\windows\SYSNATIVE\DRIVERS\klflt.sys [x]
R4 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys;c:\windows\SYSNATIVE\drivers\gfibto.sys [x]
S1 asdrm;asdrm;c:\windows\system32\DRIVERS\asdrm.sys;c:\windows\SYSNATIVE\DRIVERS\asdrm.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
S1 klpd;klpd;c:\windows\system32\DRIVERS\klpd.sys;c:\windows\SYSNATIVE\DRIVERS\klpd.sys [x]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys;c:\windows\SYSNATIVE\drivers\SBREdrv.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 Ad-Aware Service;Ad-Aware Service;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe [x]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 asdrs;AntiMalware Host-based Intrusion Prevention System;c:\windows\system32\DRIVERS\asdrs.sys;c:\windows\SYSNATIVE\DRIVERS\asdrs.sys [x]
S2 asdsrv;Anvi Smart Defender Realtime Guard Service;c:\program files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe;c:\program files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe [x]
S2 asdws;AnviSmartDefender Web Guard;c:\windows\system32\DRIVERS\asdws.sys;c:\windows\SYSNATIVE\DRIVERS\asdws.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\McSACore.exe;c:\progra~2\mcafee\SITEAD~1\McSACore.exe [x]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [x]
S2 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files (x86)\PDF Architect\HelperService.exe;c:\program files (x86)\PDF Architect\HelperService.exe [x]
S2 PDF Architect Service;PDF Architect Service;c:\program files (x86)\PDF Architect\ConversionService.exe;c:\program files (x86)\PDF Architect\ConversionService.exe [x]
S2 SBAMSvc;Ad-Aware;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-10-24 18:18 1185744 ----a-w- c:\program files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe
.
Inhoud van de 'Gedeelde Taken' map
.
2013-11-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-10-24 18:18]
.
2013-11-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-10-24 18:18]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 02:42 137584 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mwlDaemon"="c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-05-27 349552]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-22 10920552]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-06-11 861216]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 386584]
.
------- Bijkomende Scan -------
.
uStart Page = about:blank
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.2.254
.
- - - - ORPHANS VERWIJDERD - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_USERS\S-1-5-21-3435791109-2971925331-1817287955-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*A*v*a*jإP\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-3435791109-2971925331-1817287955-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*A*v*a*þÙ¥P\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-3435791109-2971925331-1817287955-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*D*r*W%-j\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-3435791109-2971925331-1817287955-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Voltooingstijd: 2013-11-03  12:40:58
ComboFix-quarantined-files.txt  2013-11-03 11:40
.
Pre-Run: 433.492.422.656 bytes beschikbaar
Post-Run: 433.138.999.296 bytes beschikbaar
.
- - End Of File - - C29E23AE76C1635F4F1FA5F210EA2274

Edited by sandervanz, 03 November 2013 - 07:23 AM.


#8 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:04:33 PM

Posted 03 November 2013 - 02:19 PM

Good evening. :)

Will you play with any and all browsers you have and let me know which, if any, are giving you issues.


So long, and thanks for all the fish.

 

 


#9 sandervanz

sandervanz
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Apeldoorn, Netherlands
  • Local time:05:33 PM

Posted 05 November 2013 - 01:16 PM

It seems to be going allright. Two days ago, first time after using Combofix the popup still showed up, but yesterday and today it didn't

I uninstalled Kaspersky 2 days ago, maybe that had something to do with? 

 

However, don;t know if I can test more or do some something else, but it seems to be working well.



#10 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:04:33 PM

Posted 05 November 2013 - 03:55 PM

Good evening. :)

The standard rule is one anti-virus and one firewall running in real time, so i'd be inclined to pick your favourite AV and uninstall the rest. As yoiu have MalwareByte's Anti-Malware will you update it and then run a full scan and post the results please.


So long, and thanks for all the fish.

 

 


#11 sandervanz

sandervanz
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Apeldoorn, Netherlands
  • Local time:05:33 PM

Posted 09 November 2013 - 08:08 AM

During scanning Avira found the virus again, it's not showing up when I start browsing.
 
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Databaseversie: v2013.11.06.10
 
Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Sander :: SANDER-PC [administrator]
 
9-11-2013 11:53:52
mbam-log-2013-11-09 (11-53-52).txt
 
Scan type: Volledige scan (C:\|)
Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scan opties: P2P
Objecten gescand: 451319
Verstreken tijd: 1 uur/uren, 59 minuut/minuten, 44 seconde(n)
 
Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
 
Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
 
Registersleutels gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
 
Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
 
Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
 
Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
 
Bestanden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
 
(einde)


#12 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:04:33 PM

Posted 10 November 2013 - 02:14 PM

Good evening. :)

Is the Avira scan the boot-up one or one that you ran yourself?


So long, and thanks for all the fish.

 

 


#13 sandervanz

sandervanz
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Apeldoorn, Netherlands
  • Local time:05:33 PM

Posted 10 November 2013 - 03:46 PM

Hi, boot-up.



#14 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:04:33 PM

Posted 11 November 2013 - 03:09 PM

Good evening. :)

Download OTL by OldTimer from here and save it to your Desktop.

  • Double click the tool to run it.
  • Click the Quick Scan button and allow it to do it's thing.
  • Once complete, it should open two Notepad Windows - OTL.Txt and Extras.Txt
  • It should also save copies in the same location as OTL.
  • I want you to copy and paste the contents of OTL.txt that should appear into one reply and Extras.Txt into another.
  • The length of the two logs sometimes results in the end being chopped off if you post both in one reply.

 


So long, and thanks for all the fish.

 

 


#15 sandervanz

sandervanz
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Apeldoorn, Netherlands
  • Local time:05:33 PM

Posted 11 November 2013 - 04:35 PM

OTL

 

OTL logfile created on: 11/11/2013 9:49:44 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Sander\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy
 
3.68 Gb Total Physical Memory | 1.30 Gb Available Physical Memory | 35.42% Memory free
7.36 Gb Paging File | 4.16 Gb Available in Paging File | 56.50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 583.07 Gb Total Space | 404.88 Gb Free Space | 69.44% Space Free | Partition Type: NTFS
 
Computer Name: SANDER-PC | User Name: Sander | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/11/11 21:49:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sander\Desktop\OTL.exe
PRC - [2013/10/20 21:00:24 | 001,140,736 | ---- | M] (Spotify Ltd) -- C:\Users\Sander\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2013/10/09 01:02:45 | 000,844,752 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013/09/30 09:51:00 | 000,754,024 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
PRC - [2013/08/29 17:45:16 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013/08/29 17:44:45 | 000,347,192 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013/08/29 17:44:45 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2013/06/26 18:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2013/06/26 18:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2013/03/22 05:07:18 | 000,093,072 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2013/01/14 16:34:26 | 001,751,552 | ---- | M] (Last.fm) -- C:\Program Files (x86)\Last.fm\Last.fm Scrobbler.exe
PRC - [2012/12/14 20:38:46 | 001,236,968 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
PRC - [2012/11/22 16:58:14 | 001,522,312 | ---- | M] (pdfforge GbR) -- C:\Program Files (x86)\PDF Architect\HelperService.exe
PRC - [2012/11/22 16:56:10 | 000,905,864 | ---- | M] (pdfforge GbR) -- C:\Program Files (x86)\PDF Architect\ConversionService.exe
PRC - [2012/09/20 05:39:12 | 003,677,000 | ---- | M] (GFI Software) -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
PRC - [2012/04/05 14:48:02 | 000,255,376 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2010/09/01 05:26:04 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2010/08/10 10:06:16 | 000,975,952 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2010/08/10 10:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2010/08/10 10:06:16 | 000,305,744 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2010/06/28 23:23:12 | 000,265,984 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
PRC - [2010/06/28 23:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
PRC - [2010/05/27 03:41:24 | 000,349,552 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
PRC - [2010/04/13 17:57:58 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/04/13 17:57:56 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/03/18 05:57:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/03/18 05:56:56 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/03/11 06:11:56 | 000,407,920 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
PRC - [2010/03/11 06:11:42 | 000,201,584 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
PRC - [2010/01/08 14:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/10/09 01:02:43 | 000,415,184 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppgooglenaclpluginchrome.dll
MOD - [2013/10/09 01:02:42 | 013,584,336 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll
MOD - [2013/10/09 01:02:41 | 004,055,504 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll
MOD - [2013/10/09 01:01:50 | 000,698,832 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\libglesv2.dll
MOD - [2013/10/09 01:01:49 | 000,099,792 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\libegl.dll
MOD - [2013/10/09 01:01:47 | 001,604,560 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ffmpegsumo.dll
MOD - [2013/02/14 18:34:06 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\05682429807d34d6ff05a77ea153935f\System.Windows.Forms.ni.dll
MOD - [2013/01/14 16:33:58 | 000,104,960 | ---- | M] () -- C:\Program Files (x86)\Last.fm\listener.dll
MOD - [2013/01/14 16:33:56 | 000,592,896 | ---- | M] () -- C:\Program Files (x86)\Last.fm\unicorn.dll
MOD - [2013/01/14 16:33:42 | 000,015,872 | ---- | M] () -- C:\Program Files (x86)\Last.fm\logger.dll
MOD - [2013/01/14 16:30:06 | 000,083,968 | ---- | M] () -- C:\Program Files (x86)\Last.fm\lastfm_fingerprint.dll
MOD - [2013/01/14 16:30:02 | 000,351,744 | ---- | M] () -- C:\Program Files (x86)\Last.fm\lastfm.dll
MOD - [2013/01/10 18:31:41 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\25ee48eb497e73b0eaad5b8b4c365992\IAStorUtil.ni.dll
MOD - [2013/01/10 18:24:58 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\01b47a246b4ec7bfec31bf4503aceda1\System.Runtime.Remoting.ni.dll
MOD - [2013/01/10 18:24:21 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\e2ee5d77ebe0bd025e7a7a317a43d677\System.Drawing.ni.dll
MOD - [2013/01/10 18:24:08 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\82a4c4666ad83c3a375210247e69646b\WindowsBase.ni.dll
MOD - [2013/01/10 18:24:02 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\10aba2c167cc1119b80159fd9ac71ca8\System.Xml.ni.dll
MOD - [2013/01/10 18:23:59 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\96a3b737db1e72adaf32d2b350e50c23\System.Configuration.ni.dll
MOD - [2013/01/10 18:23:58 | 007,974,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c54750e64ba10d0fb7b6a636fb3695ca\System.ni.dll
MOD - [2013/01/10 18:23:53 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b0b8554c05f194f546a8ed531320760b\mscorlib.ni.dll
MOD - [2013/01/06 21:15:58 | 015,212,032 | ---- | M] () -- C:\Program Files (x86)\Last.fm\avcodec-54.dll
MOD - [2013/01/06 21:15:58 | 000,221,696 | ---- | M] () -- C:\Program Files (x86)\Last.fm\avutil-52.dll
MOD - [2013/01/06 21:15:58 | 000,112,128 | ---- | M] () -- C:\Program Files (x86)\Last.fm\swresample-0.dll
MOD - [2013/01/06 21:15:56 | 003,054,592 | ---- | M] () -- C:\Program Files (x86)\Last.fm\avformat-54.dll
MOD - [2012/10/25 12:09:32 | 000,181,248 | ---- | M] () -- C:\Program Files (x86)\Last.fm\plugins\phonon_backend\phonon_vlc.dll
MOD - [2012/10/15 20:28:38 | 002,286,592 | ---- | M] () -- C:\Program Files (x86)\Last.fm\libvlccore.dll
MOD - [2012/10/15 20:28:30 | 000,049,664 | ---- | M] () -- C:\Program Files (x86)\Last.fm\plugins\audio_output\libaout_directx_plugin.dll
MOD - [2012/10/15 20:27:56 | 000,111,616 | ---- | M] () -- C:\Program Files (x86)\Last.fm\libvlc.dll
MOD - [2012/10/11 11:09:40 | 000,300,544 | ---- | M] () -- C:\Program Files (x86)\Last.fm\phonon.dll
MOD - [2012/08/16 14:34:12 | 001,478,144 | ---- | M] () -- C:\Program Files (x86)\Last.fm\libsamplerate-0.dll
MOD - [2012/04/28 10:15:28 | 002,320,776 | ---- | M] () -- C:\Program Files (x86)\Last.fm\libfftw3f-3.dll
MOD - [2010/11/26 01:42:04 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_nl_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010/06/28 23:20:54 | 000,465,576 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
MOD - [2010/06/08 14:19:24 | 000,692,224 | ---- | M] () -- C:\Windows\SysWOW64\libeay32.dll
MOD - [2010/06/08 14:19:24 | 000,151,552 | ---- | M] () -- C:\Windows\SysWOW64\ssleay32.dll
MOD - [2009/05/20 07:02:04 | 000,072,200 | ---- | M] () -- C:\Program Files (x86)\Launch Manager\CdDirIo.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012/04/05 14:48:02 | 000,255,376 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Live Updater Service)
SRV:64bit: - [2011/08/12 00:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2010/06/11 23:27:26 | 000,868,896 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2010/05/20 14:26:28 | 000,199,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
SRV:64bit: - [2009/11/02 21:48:18 | 000,126,352 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/10/02 16:05:08 | 000,121,616 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe -- (McAfee SiteAdvisor Service)
SRV - [2013/08/29 17:45:16 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013/08/29 17:44:55 | 000,815,160 | ---- | M] (Avira Operations GmbH & Co. KG) [Disabled | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2013/08/29 17:44:45 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013/06/26 18:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2013/06/26 18:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2013/03/22 05:07:18 | 000,093,072 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2013/03/01 11:11:32 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/12/14 20:38:46 | 001,236,968 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe -- (Ad-Aware Service)
SRV - [2012/11/22 16:58:14 | 001,522,312 | ---- | M] (pdfforge GbR) [Auto | Running] -- C:\Program Files (x86)\PDF Architect\HelperService.exe -- (PDF Architect Helper Service)
SRV - [2012/11/22 16:56:10 | 000,905,864 | ---- | M] (pdfforge GbR) [Auto | Running] -- C:\Program Files (x86)\PDF Architect\ConversionService.exe -- (PDF Architect Service)
SRV - [2012/09/20 05:39:12 | 003,677,000 | ---- | M] (GFI Software) [Auto | Running] -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe -- (SBAMSvc)
SRV - [2011/11/25 15:32:36 | 000,687,400 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010/11/26 01:17:51 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/08/10 10:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010/06/28 23:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2010/06/01 23:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/05/27 03:41:06 | 000,305,520 | ---- | M] (Egis Technology Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService)
SRV - [2010/04/13 17:57:58 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 05:57:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/03/18 05:56:56 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/01/08 14:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/09/05 22:28:50 | 000,105,344 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2013/08/29 17:45:23 | 000,132,088 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2013/08/28 18:23:36 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2013/06/26 18:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2013/06/26 18:21:48 | 000,028,840 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2013/06/26 18:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2013/06/26 18:21:44 | 000,767,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2013/01/14 19:43:40 | 000,014,456 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\gfibto.sys -- (gfibto)
DRV:64bit: - [2012/09/28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 07:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/26 13:23:36 | 000,057,976 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\sbredrv.sys -- (SBRE)
DRV:64bit: - [2011/07/22 17:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 22:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/03/11 07:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/08/25 18:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/07/09 04:51:50 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2010/06/21 10:45:56 | 000,287,232 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/06/17 10:18:28 | 000,246,376 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/06/03 20:59:00 | 004,171,328 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010/05/20 14:26:28 | 002,060,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VX1000.sys -- (VX1000)
DRV:64bit: - [2010/05/15 13:48:28 | 000,384,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2010/04/20 03:35:14 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2010/04/13 17:44:22 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/02/27 00:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/12/10 12:25:10 | 000,301,104 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/11/02 21:48:02 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2009/09/17 06:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/03 03:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009/06/03 03:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009/06/03 03:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0191A6B0-1154-4C22-9182-23A95BBE92D9}
IE:64bit: - HKLM\..\SearchScopes\{0191A6B0-1154-4C22-9182-23A95BBE92D9}: "URL" = http://www.google.com/search?q={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {0191A6B0-1154-4C22-9182-23A95BBE92D9}
IE - HKLM\..\SearchScopes\{0191A6B0-1154-4C22-9182-23A95BBE92D9}: "URL" = http://www.google.com/search?q={searchTerms}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.nl/
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0191A6B0-1154-4C22-9182-23A95BBE92D9}: "URL" = http://www.google.com/search?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2013/10/05 09:19:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFPDFArchitectConverter@pdfarchitect.com: C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013/01/06 19:33:08 | 000,000,000 | ---D | M]
 
[2013/07/13 13:38:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sander\AppData\Roaming\mozilla\Extensions
[2013/07/13 13:38:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sander\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = http://www.google.com/search?q={searchTerms}
CHR - default_search_provider: suggest_url = ,
CHR - homepage: about:blank
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Sander\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.60.126.1_0\McChPlg.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Users\Sander\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak\1.0_0\np-mswmp.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Nero Kwik Media Helper (Enabled) = C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Java™ Platform SE 6 U35 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Windows Live Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Sander\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Java Deployment Toolkit 6.0.350.10 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: Angry Birds = C:\Users\Sander\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: YouTube = C:\Users\Sander\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Zoeken = C:\Users\Sander\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: SiteAdvisor = C:\Users\Sander\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.6.3.1271_0\
CHR - Extension: AdBlock = C:\Users\Sander\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.14_0\
CHR - Extension: TweetDeck by Twitter = C:\Users\Sander\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl\3.3.8_0\
CHR - Extension: Windows Media Player Extension for HTML5 = C:\Users\Sander\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak\1.0_0\
CHR - Extension: Google Wallet = C:\Users\Sander\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: Gmail = C:\Users\Sander\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2013/11/03 12:27:12 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (PDF Architect Helper) - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {25A3A431-30BB-47C8-AD6A-E1063801134F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Sander\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: blank ([]about in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7004FE86-FDAB-42C6-9C09-90AE908901F8}: DhcpNameServer = 192.168.2.254
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\livecall - No CLSID value found
O18 - Protocol\Handler\msnim - No CLSID value found
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/11/11 21:49:25 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Sander\Desktop\OTL.exe
[2013/11/10 23:18:56 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2013/11/03 12:41:58 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/11/03 12:09:12 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013/11/02 11:56:19 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/11/02 11:56:19 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/11/02 11:56:19 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/11/02 11:53:49 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/11/02 11:10:10 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/10/31 21:26:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013/10/30 23:55:32 | 000,000,000 | ---D | C] -- C:\Users\Sander\AppData\Roaming\Anvisoft
[2013/10/30 23:55:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvisoft
[2013/10/30 23:55:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Anvisoft
[2013/10/30 23:55:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Anvisoft
[2013/10/30 22:59:39 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/10/30 22:45:29 | 005,143,677 | R--- | C] (Swearware) -- C:\Users\Sander\Desktop\ComboFix.exe
[2013/10/24 19:18:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/10/23 18:16:12 | 000,000,000 | ---D | C] -- C:\Users\Sander\AppData\Roaming\eCyber
[2013/10/23 18:15:41 | 000,000,000 | ---D | C] -- C:\Users\Sander\AppData\Roaming\iSafe
[2013/10/23 17:07:22 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013/10/22 18:29:56 | 000,000,000 | ---D | C] -- C:\Users\Sander\AppData\Roaming\Yqhy
[2013/10/22 18:24:51 | 000,000,000 | ---D | C] -- C:\Users\Sander\AppData\Roaming\Qauk
[2013/10/22 18:24:51 | 000,000,000 | ---D | C] -- C:\Users\Sander\AppData\Roaming\Icno
[2013/10/22 18:24:51 | 000,000,000 | ---D | C] -- C:\Users\Sander\AppData\Roaming\Ettezu
[2013/10/21 21:58:38 | 000,000,000 | ---D | C] -- C:\ProgramData\8aad9bf2-cb0a-49a5-a72d-76afdd5befcb
[6 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/11/11 21:49:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sander\Desktop\OTL.exe
[2013/11/11 21:23:00 | 000,001,056 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/11/11 20:43:04 | 000,009,321 | -HS- | M] () -- C:\ProgramData\6dfcc686-a9b2-48ef-9dbf-e0def048d69a
[2013/11/11 20:23:00 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/11/11 18:48:50 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/11 18:48:50 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/11 18:40:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/11/11 18:40:04 | 2962,259,968 | -HS- | M] () -- C:\hiberfil.sys
[2013/11/10 21:38:30 | 001,551,050 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/11/10 21:38:30 | 000,702,250 | ---- | M] () -- C:\Windows\SysNative\perfh013.dat
[2013/11/10 21:38:30 | 000,616,694 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/11/10 21:38:30 | 000,133,992 | ---- | M] () -- C:\Windows\SysNative\perfc013.dat
[2013/11/10 21:38:30 | 000,106,816 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/11/03 12:27:12 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/11/03 09:30:15 | 005,143,677 | R--- | M] (Swearware) -- C:\Users\Sander\Desktop\ComboFix.exe
[2013/10/27 15:35:21 | 000,006,323 | ---- | M] () -- C:\Users\Sander\Desktop\sammstag.m3u
[2013/10/26 10:00:54 | 000,124,220 | ---- | M] () -- C:\Users\Sander\Documents\cc_20131026_110033.reg
[2013/10/25 17:51:45 | 000,002,247 | ---- | M] () -- C:\Users\Sander\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/10/25 17:44:48 | 000,002,223 | ---- | M] () -- C:\Users\Sander\Desktop\Google Chrome.lnk
[2013/10/24 19:18:59 | 000,002,223 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[6 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/11/02 11:56:19 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/11/02 11:56:19 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/11/02 11:56:19 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/11/02 11:56:19 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/11/02 11:56:19 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/10/27 15:35:21 | 000,006,323 | ---- | C] () -- C:\Users\Sander\Desktop\sammstag.m3u
[2013/10/26 10:00:41 | 000,124,220 | ---- | C] () -- C:\Users\Sander\Documents\cc_20131026_110033.reg
[2013/10/24 19:18:59 | 000,002,247 | ---- | C] () -- C:\Users\Sander\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/10/24 19:18:59 | 000,002,223 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/10/24 19:18:10 | 000,001,056 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/10/24 19:18:07 | 000,001,052 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/10/21 21:29:14 | 000,009,321 | -HS- | C] () -- C:\ProgramData\6dfcc686-a9b2-48ef-9dbf-e0def048d69a
[2013/05/30 16:58:44 | 000,692,224 | ---- | C] () -- C:\Windows\SysWow64\libeay32.dll
[2013/05/30 16:58:44 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\ssleay32.dll
[2013/04/15 22:41:11 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2011/11/23 22:03:06 | 000,000,013 | ---- | C] () -- C:\Users\Sander\cvdm.err
[2011/05/24 20:19:57 | 000,006,656 | ---- | C] () -- C:\Users\Sander\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013/01/14 22:13:16 | 000,000,000 | ---D | M] -- C:\Users\Sander\AppData\Roaming\Ad-Aware Antivirus
[2013/11/06 19:59:59 | 000,000,000 | ---D | M] -- C:\Users\Sander\AppData\Roaming\Anvisoft
[2012/11/06 23:40:25 | 000,000,000 | ---D | M] -- C:\Users\Sander\AppData\Roaming\AnvSoft
[2013/01/06 19:33:31 | 000,000,000 | ---D | M] -- C:\Users\Sander\AppData\Roaming\APP_NAME_NON_STRING
[2013/03/30 15:30:06 | 000,000,000 | ---D | M] -- C:\Users\Sander\AppData\Roaming\Belastingdienst
[2013/05/26 11:51:33 | 000,000,000 | ---D | M] -- C:\Users\Sander\AppData\Roaming\BitTorrent
[2013/10/07 16:44:50 | 000,000,000 | ---D | M] -- C:\Users\Sander\AppData\Roaming\Dropbox
[2013/10/23 18:16:12 | 000,000,000 | ---D | M] -- C:\Users\Sander\AppData\Roaming\eCyber
[2013/10/22 18:24:51 | 000,000,000 | ---D | M] -- C:\Users\Sander\AppData\Roaming\Ettezu
[2013/05/30 22:43:18 | 000,000,000 | ---D | M] -- C:\Users\Sander\AppData\Roaming\EurekaLog
[2012/05/23 21:52:38 | 000,000,000 | ---D | M] -- C:\Users\Sander\AppData\Roaming\Goyhl
[2013/10/23 19:46:23 | 000,000,000 | ---D | M] -- C:\Users\Sander\AppData\Roaming\Icno
[2012/05/28 11:47:18 | 000,000,000 | ---D | M] -- C:\Users\Sander\AppData\Roaming\Ihegco
[2013/05/17 21:39:58 | 000,000,000 | ---D | M] -- C:\Users\Sander\AppData\Roaming\IrfanView
[2013/10/30 23:12:01 | 000,000,000 | ---D | M] -- C:\Users\Sander\AppData\Roaming\iSafe
[2012/05/16 20:31:13 | 000,000,000 | ---D | M] -- C:\Users\Sander\AppData\Roaming\Ixry
[2011/10/24 19:12:54 | 000,000,000 | ---D | M] -- C:\Users\Sander\AppData\Roaming\Jasc
[2012/06/06 21:59:20 | 000,000,000 | ---D | M] -- C:\Users\Sander\AppData\Roaming\KeePass
[2012/05/16 20:13:26 | 000,000,000 | ---D | M] -- C:\Users\Sander\AppData\Roaming\Oxgy
[2013/01/06 20:12:54 | 000,000,000 | ---D | M] -- C:\Users\Sander\AppData\Roaming\PDF Architect
[2012/05/10 22:10:33 | 000,000,000 | ---D | M] -- C:\Users\Sander\AppData\Roaming\Peit
[2013/10/23 19:49:26 | 000,000,000 | ---D | M] -- C:\Users\Sander\AppData\Roaming\Qauk
[2013/10/22 22:24:40 | 000,000,000 | ---D | M] -- C:\Users\Sander\AppData\Roaming\SoftGrid Client
[2013/11/06 21:43:18 | 000,000,000 | ---D | M] -- C:\Users\Sander\AppData\Roaming\Spotify
[2013/07/13 13:38:13 | 000,000,000 | ---D | M] -- C:\Users\Sander\AppData\Roaming\TomTom
[2011/05/05 19:31:07 | 000,000,000 | ---D | M] -- C:\Users\Sander\AppData\Roaming\TP
[2013/01/06 22:23:54 | 000,000,000 | ---D | M] -- C:\Users\Sander\AppData\Roaming\Windows Live Writer
[2013/10/23 19:48:12 | 000,000,000 | ---D | M] -- C:\Users\Sander\AppData\Roaming\Yqhy
[2012/05/13 09:23:33 | 000,000,000 | ---D | M] -- C:\Users\Sander\AppData\Roaming\Zinav
 
========== Purity Check ==========
 
 
 
========== Files - Unicode (All) ==========
[2013/11/11 18:41:11 | 103,792,856 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\ႜ
[2013/11/11 18:41:11 | 000,000,000 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\ႜ
[2013/11/06 19:16:25 | 102,844,835 | ---- | M] ()(C:\Windows\SysWow64\???) -- C:\Windows\SysWow64\醔῞
[2013/11/06 19:16:25 | 102,844,835 | ---- | C] ()(C:\Windows\SysWow64\???) -- C:\Windows\SysWow64\醔῞
[2013/10/29 17:58:18 | 103,932,228 | ---- | M] ()(C:\Windows\SysWow64\???W) -- C:\Windows\SysWow64\ꖸ턉W
[2013/10/29 17:58:18 | 103,932,228 | ---- | C] ()(C:\Windows\SysWow64\???W) -- C:\Windows\SysWow64\ꖸ턉W
[2013/10/27 18:18:04 | 103,533,600 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\倄น
[2013/10/27 12:17:58 | 103,533,600 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\倄น
[2013/10/21 17:35:43 | 102,171,793 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\芒矝
[2013/10/21 17:35:43 | 102,171,793 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\芒矝
[2013/10/10 16:55:05 | 100,305,510 | ---- | M] ()(C:\Windows\SysWow64\???¢) -- C:\Windows\SysWow64\✎¢
[2013/10/10 16:55:05 | 100,305,510 | ---- | C] ()(C:\Windows\SysWow64\???¢) -- C:\Windows\SysWow64\✎¢
[2013/09/26 21:03:40 | 098,009,570 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\ꕪ叙
[2013/09/26 21:03:40 | 098,009,570 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\ꕪ叙
[2013/09/21 22:56:00 | 098,547,399 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\ꁘ㈏
[2013/09/21 22:56:00 | 098,547,399 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\ꁘ㈏
[2013/09/03 23:07:53 | 095,768,378 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\ܓ
[2013/09/03 23:07:53 | 095,768,378 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\ܓ
[2013/09/02 17:31:08 | 095,286,781 | ---- | M] ()(C:\Windows\SysWow64\???9) -- C:\Windows\SysWow64\ꏇ9
[2013/09/02 17:31:08 | 095,286,781 | ---- | C] ()(C:\Windows\SysWow64\???9) -- C:\Windows\SysWow64\ꏇ9
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:CDFF58FE
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:93EB7685
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:1A60DE96
 
< End of report >

Extras

 

OTL Extras logfile created on: 11/11/2013 9:49:44 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Sander\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy
 
3.68 Gb Total Physical Memory | 1.30 Gb Available Physical Memory | 35.42% Memory free
7.36 Gb Paging File | 4.16 Gb Available in Paging File | 56.50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 583.07 Gb Total Space | 404.88 Gb Free Space | 69.44% Space Free | Partition Type: NTFS
 
Computer Name: SANDER-PC | User Name: Sander | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03F8DF2D-DD83-412E-BDC5-307C3B052C88}" = rport=137 | protocol=17 | dir=out | app=system | 
"{051AC241-7F19-4568-91DC-BE6E02B1D698}" = rport=445 | protocol=6 | dir=out | app=system | 
"{334F0849-C1A0-4617-9E61-53CFFA87A18F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{33D1F650-6E4C-46B2-B6C8-44BB34D1528F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{35B9BB7D-826C-406C-BA70-51472AFC88C2}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{3AA15787-B450-4E21-8E11-2785047FD478}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{3AB9E8D5-6061-430A-BC87-E53F973ECC3A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{6989B38D-FE6B-4101-96D8-B7156A438167}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{6E1389E2-10CF-4F6F-BBC7-F7C3FD8178B0}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{7755F765-97BB-436F-9D45-FE9F1DEB2F23}" = rport=138 | protocol=17 | dir=out | app=system | 
"{785C8F97-A860-4708-8562-3DE02B1033AC}" = rport=139 | protocol=6 | dir=out | app=system | 
"{7F8BEFF8-CEEF-4853-9BEA-26445115C31B}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{A213D913-971C-450B-9640-B4A39540E0A4}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{A45A13EE-CA92-4598-ABDE-D3F9D7F5F2A2}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B695752B-3851-46F6-AABA-5463A3BDCFBC}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{BEB6ED2F-BE38-4944-A1D0-9DE4067E765B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{CB2C5B76-8202-43B5-8942-1F6807D9E4C0}" = lport=445 | protocol=6 | dir=in | app=system | 
"{CBE744C8-C2C4-4F5C-89FF-F089336582F4}" = lport=137 | protocol=17 | dir=in | app=system | 
"{CFF4999F-F224-4739-8FCB-CA1AD95C6B49}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{DAC7DC68-FE34-4C94-8915-6A3AA6E14BEF}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E5B67DF1-EA4F-41EA-ADBF-A6625D395CDB}" = lport=139 | protocol=6 | dir=in | app=system | 
"{E82D7AD5-F2E9-448F-912C-17FC2706083C}" = lport=138 | protocol=17 | dir=in | app=system | 
"{EAB298D4-1FDF-48DF-8E9D-5A1EE92535D0}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{F09B4163-AEB0-4632-B706-929386CA1268}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{FC8BEB03-26AD-4BB5-A165-979CB299EE9B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0DEE4B34-1B42-4916-A627-6A1107F6F60B}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe | 
"{1130E97A-2BB5-4239-8C0F-2B39727831A5}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{122884A5-C214-4CAC-8D14-7B74F81CBA9D}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{12ECD00E-EE42-4D44-A00E-C287FB7DC5D3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{1476E902-51EC-48BC-A3DC-963777E4B8D7}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{1984DB90-AE4F-47A3-9642-831086CD80A4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{1A9823CA-216A-44EC-A0D3-C32E2673342D}" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe | 
"{2BADACE1-644B-4CA9-B20B-6A64760D61CD}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{3D7BA5F9-412E-4793-B502-4FBFF5F1F631}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{3DAE1F4A-EB3D-44B9-9302-4017FD8CEAAE}" = protocol=6 | dir=in | app=c:\program files (x86)\kpn\kpn installatie assistent\kpn_ia.exe | 
"{4794F689-365A-4614-A5C0-A1732FD5B030}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{4C8BB8C9-DD22-4E31-9268-65F1FF841BBF}" = protocol=6 | dir=in | app=c:\program files\kpn\kpn assistent\kpn_assistent.exe | 
"{4F08F175-D261-4825-83BA-7D0ED9A6F3FB}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe | 
"{51E38046-DAB7-4AEB-99C0-59702D5079A2}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{5D24857C-26A4-4085-A387-A3A27AE13D3A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{6C196BB7-BCAA-4995-A71B-7A34F97CDAF0}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe | 
"{6C24ED8B-4AC6-4617-925F-2062E219A8BF}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{76833C0B-85D7-4A94-BC69-D69E0E9E74F2}" = protocol=6 | dir=out | app=system | 
"{7D20AE03-0D57-4929-B2D9-818D25280DB6}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe | 
"{7F64C254-6E1E-4444-99F1-05B599B6E81D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{890B7A95-C681-4BAE-BB86-0E102A0C3C7E}" = protocol=17 | dir=in | app=c:\program files (x86)\kpn\kpn installatie assistent\kpn_ia.exe | 
"{91BA2C19-A958-4491-9A8F-BA7CD577DF7A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{980B7EC1-0AE0-43E7-8A17-FD23781157BF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{9AD77596-4ADE-40A2-BE7F-B4A2E3E184D7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{9F4BB90A-5903-4F31-8E40-2621B7E8CAAF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{A1862DC4-AAFB-44CB-AD5C-49AA90055AE0}" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe | 
"{A252C92F-D14F-410C-A302-CDB187668C94}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe | 
"{A4FF408F-A85F-4E4A-B59D-4F4844C719A8}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{A638F7C1-8C1D-4C77-A10E-A989452D879D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{A88AD805-5E88-48EB-A758-F54CCF186D79}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{AA90D52A-6F77-48B9-B095-08584131F037}" = protocol=6 | dir=in | app=c:\program files\kpn\kpn assistent\kpn draadloos netwerk assistent\kpn_wna.exe | 
"{B5499787-750C-47B5-B4B3-48BCEBE68418}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{B5E14A33-F243-46F9-BA48-C32EB93F4BB4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{BC54EA32-C168-4E40-B644-753CDB2CE972}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{BD091719-757F-4A84-A321-F31C1169C0A5}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{C0C70676-82F4-43FB-B9D2-35E86287A199}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe | 
"{C9078120-8066-4D23-BDD9-04D2FFB6EC36}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe | 
"{CBFA888B-7239-4B5C-9971-5A5004E811FD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{CC8D3FB4-DAD9-401C-9A69-3122B9509C44}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe | 
"{D0F75ACF-3BAF-4F35-81B1-95F9C83E17F5}" = protocol=17 | dir=in | app=c:\program files\kpn\kpn assistent\kpn installatie assistent\kpn_ia.exe | 
"{D3185860-667C-422C-8328-FD659FD7CD62}" = protocol=17 | dir=in | app=c:\program files\kpn\kpn assistent\kpn_assistent.exe | 
"{DD3E6254-742F-4142-94C4-FAB10EAD9AB8}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{E18278A0-CE67-424C-B49E-9209EAB5A56C}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{E7DA5BFD-3154-4B6C-85EA-FB7F78F4F358}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{EB663817-144A-4420-9F88-6720D03C06C5}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe | 
"{EF415BE0-DEC9-4626-997E-44C1ECF4B2A6}" = protocol=6 | dir=in | app=c:\program files\kpn\kpn assistent\kpn installatie assistent\kpn_ia.exe | 
"{F0790893-61FB-4AD9-A05A-073CAAC51234}" = protocol=17 | dir=in | app=c:\program files\kpn\kpn assistent\kpn draadloos netwerk assistent\kpn_wna.exe | 
"TCP Query User{0C5DFF1D-B672-47B2-8E97-6F0A605B94D6}C:\users\sander\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\sander\appdata\roaming\spotify\spotify.exe | 
"TCP Query User{75D38540-944E-48E4-A9F5-F67B459B94C1}C:\program files (x86)\soulseekns\slsk.exe" = protocol=6 | dir=in | app=c:\program files (x86)\soulseekns\slsk.exe | 
"TCP Query User{8F8547F9-437A-4393-B247-5BB0645DA6DC}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe | 
"TCP Query User{92BC0FAC-02DD-454F-87CD-3121E55DCE3E}C:\program files (x86)\soulseekns\slsk.exe" = protocol=6 | dir=in | app=c:\program files (x86)\soulseekns\slsk.exe | 
"TCP Query User{AFA1BE60-4981-4FE4-8EC3-653520FF1B21}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"TCP Query User{D42FEFF9-59BC-4A3E-8843-6C26C7F74BC3}C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe | 
"TCP Query User{EBF7B80B-D27A-45AC-8C97-F0645423FBF2}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | 
"TCP Query User{FE6CC997-A5F1-4E32-9AE8-A4817D9BE6E7}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | 
"UDP Query User{1832E6A2-8858-49FE-B69F-55345DA6BDC0}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | 
"UDP Query User{187559DC-F300-4238-9C7A-5CEB66242378}C:\program files (x86)\soulseekns\slsk.exe" = protocol=17 | dir=in | app=c:\program files (x86)\soulseekns\slsk.exe | 
"UDP Query User{43E588D1-DB7D-4CA5-B771-C341AE7988FE}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe | 
"UDP Query User{4AC2ACC8-B833-4A6A-9CC4-EB0137021318}C:\program files (x86)\soulseekns\slsk.exe" = protocol=17 | dir=in | app=c:\program files (x86)\soulseekns\slsk.exe | 
"UDP Query User{59CA11C6-EE9F-4157-B2BD-F408E7266653}C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe | 
"UDP Query User{6B023DA9-1F92-4764-85E1-D40AF03E822D}C:\users\sander\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\sander\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{E5DF55AD-D467-46B3-849E-809FBD52D2B8}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"UDP Query User{FD98499F-0284-4C4D-A6AE-71B162F783CD}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel® Turbo Boost Technology Monitor
"{6965A8D2-465D-4F98-9FAA-0E9E2348F329}" = Microsoft LifeCam
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-006D-0413-1000-0000000FF1CE}" = Microsoft Office Klik-en-Klaar 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation
"{A84DB02B-9C2B-4272-9D2D-A80E00A56513}" = Broadcom Gigabit NetLink Controller
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01E9B2FF-DAF4-4529-9CC9-2101625517C7}" = nero.prerequisites.msi
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}" = MyWinLocker
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20F71B17-008C-43B4-8097-58FB62EA7AB8}" = Nero Kwik Media
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java™ 6 Update 35
"{2819e172-81d5-4113-88bd-4605b02344e0}" = Ad-Aware Antivirus
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{30B41B7A-3C9D-44DE-A7A1-949011F33CC3}" = PDF Architect
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{4412F224-3849-4461-A3E9-DEEF8D252790}" = Visual Studio C++ 10.0 Runtime
"{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{51F026FA-5146-4232-A8BA-1364740BD053}" = Acer Crystal Eye webcam
"{58F4D244-314F-4D26-B5EF-C28AB32E22CB}_is1" = Acer GameZone Console
"{5A212B2D-140D-46F4-B625-2D1CA5A00594}" = Nero 11 Kwik Themes Basic
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110300453}" = Spin & Win
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111355427}" = Poker Pop
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}" = Merriam Websters Spell Jam
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}" = Amazonia
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11505173}" = Airport Mania First Flight
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90140011-0066-0413-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Nederlands
"{9193490D-5229-4FC4-9BB9-A6D63C09574A}" = High-Definition Video Playback
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7A0BF2E-31CC-49E3-9913-52C503EB969D}" = Nero Audio Pack 1
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B9B1BA7F-7E07-49DD-A713-5B397A5BB66B}" = Nero Kwik Media Help (CHM)
"{BE814218-3919-4EA3-868A-2F60BC135CB4}" = Nero Kwik Media
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components 11
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E34F703A-1C9D-4B1F-ABBE-D7E8800B860D}" = Windows Live Sync
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EC5F4C1B-F838-4CB7-8561-8F809296428B}" = TomTom HOME
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"Aangifte inkomstenbelasting 2011" = Aangifte inkomstenbelasting 2011
"Aangifte inkomstenbelasting 2012" = Aangifte inkomstenbelasting 2012
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Ad-Aware Browsing Protection" = Ad-Aware Browsing Protection
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Alt.Binz" = Alt.Binz 0.25.0
"Avira AntiVir Desktop" = Avira Free Antivirus
"BitTorrent" = BitTorrent
"ESET Online Scanner" = ESET Online Scanner v3
"Google Chrome" = Google Chrome
"Guitar Pro 5_is1" = Guitar Pro 5.2
"Identity Card" = Identity Card
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
"InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9
"IrfanView" = IrfanView (remove only)
"KeePassPasswordSafe2_is1" = KeePass Password Safe 2.19
"KPN Assistent" = KPN Assistent
"KPN Installatie Assistent" = KPN Installatie Assistent
"LastFM_is1" = Last.fm Scrobbler 2.1.30
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versie 1.75.0.1300
"Office14.Click2Run" = Microsoft Office Klik-en-Klaar 2010
"Picasa 3" = Picasa 3
"SopCast" = SopCast 3.4.0
"Soulseek2" = SoulSeek 157 NS 13e
"Spotify" = Spotify
"VLC media player" = VLC media player 1.1.9
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.00 (32-bit)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"Dropbox" = Dropbox
"Spotify" = Spotify
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 11/10/2013 3:53:57 PM | Computer Name = Sander-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 11/10/2013 3:53:57 PM | Computer Name = Sander-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2060
 
Error - 11/10/2013 3:53:57 PM | Computer Name = Sander-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2060
 
Error - 11/10/2013 3:53:58 PM | Computer Name = Sander-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 11/10/2013 3:53:58 PM | Computer Name = Sander-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3120
 
Error - 11/10/2013 3:53:58 PM | Computer Name = Sander-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3120
 
Error - 11/11/2013 3:02:48 PM | Computer Name = Sander-PC | Source = SideBySide | ID = 16842815
Description = Kan activeringscontext voor 'c:\Program Files (x86)\Common Files\Adobe
 AIR\Versions\1.0\Adobe AIR.dll' niet maken. Fout in manifest of beleidsbestand 
'c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll' op regel
 3.  De waarde MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR  
van kenmerk version in element assemblyIdentity is ongeldig.
 
Error - 11/11/2013 3:02:59 PM | Computer Name = Sander-PC | Source = SideBySide | ID = 16842832
Description = Kan activeringscontext voor c:\program files (x86)\ESET\eset online
 scanner\ESETSmartInstaller.exe niet maken. Fout in manifest of beleidsbestand  
op regel .  Een onderdeelversie die nodig is voor de toepassing conflicteert met een
 andere onderdeelversie die reeds actief is.  Conflicterende onderdelen zijn:  Onderdeel
 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Onderdeel
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
 
Error - 11/11/2013 3:04:24 PM | Computer Name = Sander-PC | Source = SideBySide | ID = 16842785
Description = Kan activeringscontext voor 'c:\program files (x86)\Last.fm\ext_messengernotify.dll'
 niet maken.  Kan afhankelijke assembly Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"
 niet vinden.  Gebruik sxstrace.exe voor een gedetailleerde diagnose.
 
Error - 11/11/2013 3:04:24 PM | Computer Name = Sander-PC | Source = SideBySide | ID = 16842785
Description = Kan activeringscontext voor 'c:\program files (x86)\Last.fm\ext_skypenotify.dll'
 niet maken.  Kan afhankelijke assembly Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"
 niet vinden.  Gebruik sxstrace.exe voor een gedetailleerde diagnose.
 
[ System Events ]
Error - 11/5/2013 6:55:48 PM | Computer Name = Sander-PC | Source = Service Control Manager | ID = 7043
Description = De service Windows Update is niet juist afgesloten na de ontvangst
 van een besturingselement voor afsluiten.
 
Error - 11/6/2013 5:59:25 PM | Computer Name = Sander-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installatiefout: de volgende update kan niet worden geïnstalleerd,
 foutcode 0x8024200d: Windows 7 Service Pack 1 voor x64-systemen (KB976932).
 
Error - 11/7/2013 5:26:28 PM | Computer Name = Sander-PC | Source = Service Control Manager | ID = 7009
Description = Time-out (30000 seconden) tijdens het wachten op het verbinden van
 deze service: Windows Media Player Network Sharing Service.
 
Error - 11/7/2013 5:26:28 PM | Computer Name = Sander-PC | Source = Service Control Manager | ID = 7000
Description = De Windows Media Player Network Sharing Service-service kan vanwege
 de volgende fout niet worden gestart:   %%1053
 
Error - 11/7/2013 6:12:55 PM | Computer Name = Sander-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installatiefout: de volgende update kan niet worden geïnstalleerd,
 foutcode 0x8024200d: Windows 7 Service Pack 1 voor x64-systemen (KB976932).
 
Error - 11/8/2013 1:29:04 PM | Computer Name = Sander-PC | Source = iaStor | ID = 262153
Description = Het apparaat \Device\Ide\iaStor0 heeft niet binnen de tijd voor time-out
 gereageerd.
 
Error - 11/8/2013 6:11:04 PM | Computer Name = Sander-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installatiefout: de volgende update kan niet worden geïnstalleerd,
 foutcode 0x8024200d: Windows 7 Service Pack 1 voor x64-systemen (KB976932).
 
Error - 11/9/2013 6:25:52 PM | Computer Name = Sander-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installatiefout: de volgende update kan niet worden geïnstalleerd,
 foutcode 0x8024200d: Windows 7 Service Pack 1 voor x64-systemen (KB976932).
 
Error - 11/10/2013 7:28:31 AM | Computer Name = Sander-PC | Source = bowser | ID = 8003
Description = 
 
Error - 11/10/2013 6:20:56 PM | Computer Name = Sander-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installatiefout: de volgende update kan niet worden geïnstalleerd,
 foutcode 0x8024200d: Windows 7 Service Pack 1 voor x64-systemen (KB976932).
 
 
< End of report >





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users