Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Keylogged and money stolen, need to secure computer


  • This topic is locked This topic is locked
17 replies to this topic

#1 thomdejong

thomdejong

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:37 PM

Posted 21 February 2014 - 10:10 AM

Hello everyone, today/yesterday my funds were stolen from an online poker account, I'm 99% sure someone somehow installed a keylogger on my computer, their customer support is investigating the matter, but this is offtopic

 

I have immediately downloaded and ran some anti virus/spyware/keylogger software, I'm pretty bad at technical computer stuff so this is most of the info I can give at the moment:

Windows 7 Home Premium Service Pack 1

AVG Free

MBAM Free and Spybot S&D

HijackThis

Downloaded AntiLogger Free which encrypts keystrokes

Downloaded KL-Detector and found this suspicious file: C:\Windows\ServiceProfiles\LocalService\AppData\Local\PnrpSqm\PnrpResolveSession0.sqm, it seems to be modified every couple seconds/minutes, if deleted a new one is made, anyone familiar with these files?

 

I feel more safe now because keystrokes are encrypted now and I have changed important passwords since then, however I still want to remove any virus/spyware/keylogger and protect my computer from it in the future.

 

So my question is how can I be sure my computer is 100% safe?

 

Thanks in advance

 

DDS log:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer:   BrowserJavaVersion: 10.45.2
Run by Thom at 15:45:01 on 2014-02-21
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.31.1043.18.5588.3042 [GMT 1:00]
.
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2014\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Windows\system32\WLANExt.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe
C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\atieclxx.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\ASUS\P4G\BatteryLife.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x86\QuickGesture.exe
C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x64\QuickGesture64.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\4t Tray Minimizer\4t-min.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
C:\Program Files (x86)\4t Tray Minimizer\4t-min64.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uDefault_Page_URL = hxxp://asus.msn.com
mStart Page = about:blank
mWinlogon: Userinit = userinit.exe,
BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
mRun: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
mRun: [ACMON] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
mRun: [ZALFree] "C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe" /MINIMIZED
StartupFolder: C:\Users\Thom\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\4TTRAY~1.LNK - C:\Program Files (x86)\4t Tray Minimizer\4t-min.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ASUSVI~1.LNK - C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: {07BA1DA9-F501-4796-8728-74D1B91A6CD5} - C:\Program Files (x86)\PokerStars.EU\PokerStarsUpdate.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.1.254 195.241.77.55 195.241.77.58
TCP: Interfaces\{3761CA32-9830-4B03-946B-92453C88238F} : DHCPNameServer = 192.168.1.254 195.241.77.55 195.241.77.58
TCP: Interfaces\{A21AC50B-5538-4209-AAED-40160891778C} : DHCPNameServer = 192.168.1.254 195.241.77.55 195.241.77.58
TCP: Interfaces\{A21AC50B-5538-4209-AAED-40160891778C}\14256573531393834444241383 : DHCPNameServer = 192.168.2.254
TCP: Interfaces\{A21AC50B-5538-4209-AAED-40160891778C}\4556C65623D213 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{A21AC50B-5538-4209-AAED-40160891778C}\65746573531393145434142373 : DHCPNameServer = 192.168.2.254 195.121.1.34 195.121.1.66
TCP: Interfaces\{A21AC50B-5538-4209-AAED-40160891778C}\84232303E4832433547364 : DHCPNameServer = 192.168.2.254
TCP: Interfaces\{A21AC50B-5538-4209-AAED-40160891778C}\84232303E4833434832434 : DHCPNameServer = 192.168.2.254
TCP: Interfaces\{A21AC50B-5538-4209-AAED-40160891778C}\C45736B69735472796B656 : DHCPNameServer = 192.168.2.254
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= C:\PROGRA~2\KEYCRY~1\KEYCRY~3.DLL
SSODL: WebCheck - <orphaned>
x64-BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1    www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Thom\AppData\Roaming\Mozilla\Firefox\Profiles\wosbxhat.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\ThreeShips Shared\Dll\npTSHelper.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll
FF - ExtSQL: 2014-01-10 19:10; {4ca8c1be-c30f-49bf-9ac8-f3e63f49665d}; C:\Users\Thom\AppData\Roaming\Mozilla\Firefox\Profiles\wosbxhat.default\extensions\{4ca8c1be-c30f-49bf-9ac8-f3e63f49665d}
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2012-7-8 82048]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2012-7-8 42624]
R0 amdkmpfd;AMD PCI Root Bus Lower Filter;C:\Windows\System32\drivers\amdkmpfd.sys [2012-7-8 31872]
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-11-25 196376]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-10-31 294712]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-10-1 123704]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-9-10 31544]
R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-9-7 17536]
R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2013-11-25 150808]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-11-25 243480]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-10-31 212280]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-8-1 251192]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-7-8 235520]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-3-29 361984]
R2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2011-11-13 55936]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-3 15416]
R2 ASUS InstantOn;ASUS InstantOn Service;C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [2012-4-13 277120]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2014-1-22 3788816]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2013-9-24 348008]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2014-1-20 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2014-1-20 701512]
R2 pgsql-8.3;PostgreSQL Database Server 8.3;C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe [2009-12-10 65536]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-10-9 2754984]
R3 AiCharger;ASUS Charger Driver;C:\Windows\System32\drivers\AiCharger.sys [2012-7-8 17152]
R3 amdhub30;AMD USB 3.0 Hub Driver;C:\Windows\System32\drivers\amdhub30.sys [2012-7-8 102528]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2012-7-8 46136]
R3 amdxhc;AMD USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\amdxhc.sys [2012-7-8 219776]
R3 AsusVBus;AsusVBus;C:\Windows\System32\drivers\AsusVBus.sys [2011-12-21 35968]
R3 AsusVTouch;AsusVTouch;C:\Windows\System32\drivers\AsusVTouch.sys [2011-11-8 16512]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-7-8 95760]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2012-4-10 200488]
R3 keycrypt;keycrypt;C:\Windows\System32\drivers\KeyCrypt64.sys [2014-2-21 25568]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-1-20 25928]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-7-8 646248]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2012-7-8 56448]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-2-24 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-14 1492840]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-2-13 111616]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\System32\drivers\L1C62x64.sys [2009-6-10 57344]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-10 56832]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-2-18 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2011-2-18 31232]
S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-10-8 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
.
=============== Created Last 30 ================
.
2014-02-21 00:29:18    25568    ----a-w-    C:\Windows\System32\drivers\KeyCrypt64.sys
2014-02-21 00:29:18    --------    d-----w-    C:\Program Files (x86)\KeyCryptSDK
2014-02-21 00:29:17    --------    d-----w-    C:\Program Files (x86)\Zemana AntiLogger Free
2014-02-21 00:29:16    --------    d-----w-    C:\Users\Thom\AppData\Local\AntiLogger Free
2014-02-20 21:31:40    --------    d-----w-    C:\Users\Thom\AppData\Roaming\AVG2014
2014-02-20 21:31:05    --------    d-----w-    C:\Users\Thom\AppData\Roaming\TuneUp Software
2014-02-20 21:30:31    --------    d--h--w-    C:\$AVG
2014-02-20 21:30:31    --------    d-----w-    C:\ProgramData\AVG2014
2014-02-20 21:29:42    --------    d-----w-    C:\Program Files (x86)\AVG
2014-02-20 21:24:17    --------    d--h--w-    C:\ProgramData\Common Files
2014-02-20 21:24:17    --------    d-----w-    C:\Users\Thom\AppData\Local\Avg2014
2014-02-20 21:24:16    --------    d-----w-    C:\Users\Thom\AppData\Local\MFAData
2014-02-20 21:24:16    --------    d-----w-    C:\ProgramData\MFAData
2014-02-18 19:13:16    10536864    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7EE7D349-4157-4EF2-BCD8-AFE2A420DB53}\mpengine.dll
2014-02-13 02:02:21    548864    ----a-w-    C:\Windows\System32\vbscript.dll
2014-02-13 02:02:21    454656    ----a-w-    C:\Windows\SysWow64\vbscript.dll
2014-02-13 00:27:02    --------    d-----w-    C:\ProgramData\boost_interprocess
2014-02-13 00:26:56    --------    d-----w-    C:\Users\Thom\AppData\Roaming\DogeCoin
2014-01-24 18:54:37    --------    d-----w-    C:\Users\Thom\AppData\Local\join.me
.
==================== Find3M  ====================
.
2014-02-21 14:38:35    387    ----a-w-    C:\Users\Thom\AppData\Roaming\sp_data.sys
2014-02-21 02:25:23    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-21 02:25:23    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-02-14 14:23:50    45056    ----a-w-    C:\Windows\SysWow64\acovcnt.exe
2014-02-06 11:30:46    2724864    ----a-w-    C:\Windows\System32\mshtml.tlb
2014-02-06 11:30:12    4096    ----a-w-    C:\Windows\System32\ieetwcollectorres.dll
2014-02-06 11:07:39    66048    ----a-w-    C:\Windows\System32\iesetup.dll
2014-02-06 11:06:47    48640    ----a-w-    C:\Windows\System32\ieetwproxystub.dll
2014-02-06 10:49:03    139264    ----a-w-    C:\Windows\System32\ieUnatt.exe
2014-02-06 10:48:45    111616    ----a-w-    C:\Windows\System32\ieetwcollector.exe
2014-02-06 10:48:11    708608    ----a-w-    C:\Windows\System32\jscript9diag.dll
2014-02-06 10:20:26    2724864    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2014-02-06 10:11:37    5768704    ----a-w-    C:\Windows\System32\jscript9.dll
2014-02-06 10:01:36    61952    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2014-02-06 10:00:46    51200    ----a-w-    C:\Windows\SysWow64\ieetwproxystub.dll
2014-02-06 09:50:32    2041856    ----a-w-    C:\Windows\System32\inetcpl.cpl
2014-02-06 09:47:22    112128    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2014-02-06 09:46:27    553472    ----a-w-    C:\Windows\SysWow64\jscript9diag.dll
2014-02-06 09:25:36    4244480    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2014-02-06 09:24:52    2334208    ----a-w-    C:\Windows\System32\wininet.dll
2014-02-06 09:09:30    1964032    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2014-02-06 08:41:35    1820160    ----a-w-    C:\Windows\SysWow64\wininet.dll
2014-01-09 05:14:28    33864    ----a-w-    C:\Windows\Launcher.exe
2013-12-24 23:09:41    1987584    ----a-w-    C:\Windows\SysWow64\d3d10warp.dll
2013-12-24 22:48:32    2565120    ----a-w-    C:\Windows\System32\d3d10warp.dll
2013-12-18 05:13:56    270496    ------w-    C:\Windows\System32\MpSigStub.exe
2013-12-06 02:30:08    2048    ----a-w-    C:\Windows\System32\msxml3r.dll
2013-12-06 02:30:08    1882112    ----a-w-    C:\Windows\System32\msxml3.dll
2013-12-06 02:02:08    2048    ----a-w-    C:\Windows\SysWow64\msxml3r.dll
2013-12-06 02:02:08    1237504    ----a-w-    C:\Windows\SysWow64\msxml3.dll
2013-12-05 05:09:06    0    ----a-w-    C:\Windows\SysWow64\sho36E5.tmp
2013-12-04 02:27:33    485888    ----a-w-    C:\Windows\System32\secproc_isv.dll
2013-12-04 02:27:33    123392    ----a-w-    C:\Windows\System32\secproc_ssp_isv.dll
2013-12-04 02:27:33    123392    ----a-w-    C:\Windows\System32\secproc_ssp.dll
2013-12-04 02:27:16    488448    ----a-w-    C:\Windows\System32\secproc.dll
2013-12-04 02:26:32    528384    ----a-w-    C:\Windows\System32\msdrm.dll
2013-12-04 02:16:51    658432    ----a-w-    C:\Windows\System32\RMActivate_isv.exe
2013-12-04 02:16:51    626176    ----a-w-    C:\Windows\System32\RMActivate.exe
2013-12-04 02:16:50    552960    ----a-w-    C:\Windows\System32\RMActivate_ssp_isv.exe
2013-12-04 02:16:48    553984    ----a-w-    C:\Windows\System32\RMActivate_ssp.exe
2013-12-04 02:03:20    87040    ----a-w-    C:\Windows\SysWow64\secproc_ssp_isv.dll
2013-12-04 02:03:20    87040    ----a-w-    C:\Windows\SysWow64\secproc_ssp.dll
2013-12-04 02:03:20    423936    ----a-w-    C:\Windows\SysWow64\secproc_isv.dll
2013-12-04 02:03:08    428032    ----a-w-    C:\Windows\SysWow64\secproc.dll
2013-12-04 02:02:06    390144    ----a-w-    C:\Windows\SysWow64\msdrm.dll
2013-12-04 01:54:14    510976    ----a-w-    C:\Windows\SysWow64\RMActivate_ssp.exe
2013-12-04 01:54:10    594944    ----a-w-    C:\Windows\SysWow64\RMActivate_isv.exe
2013-12-04 01:54:09    572416    ----a-w-    C:\Windows\SysWow64\RMActivate.exe
2013-12-04 01:54:06    508928    ----a-w-    C:\Windows\SysWow64\RMActivate_ssp_isv.exe
2013-11-27 01:41:37    343040    ----a-w-    C:\Windows\System32\drivers\usbhub.sys
2013-11-27 01:41:15    99840    ----a-w-    C:\Windows\System32\drivers\usbccgp.sys
2013-11-27 01:41:11    53248    ----a-w-    C:\Windows\System32\drivers\usbehci.sys
2013-11-27 01:41:11    325120    ----a-w-    C:\Windows\System32\drivers\usbport.sys
2013-11-27 01:41:09    25600    ----a-w-    C:\Windows\System32\drivers\usbohci.sys
2013-11-27 01:41:06    30720    ----a-w-    C:\Windows\System32\drivers\usbuhci.sys
2013-11-27 01:41:03    7808    ----a-w-    C:\Windows\System32\drivers\usbd.sys
2013-11-26 11:40:00    376768    ----a-w-    C:\Windows\System32\drivers\netio.sys
2013-11-26 10:32:56    3156480    ----a-w-    C:\Windows\System32\win32k.sys
2013-11-26 08:16:50    3419136    ----a-w-    C:\Windows\SysWow64\d2d1.dll
2013-11-25 20:47:22    196376    ----a-w-    C:\Windows\System32\drivers\avgidsha.sys
2013-11-25 20:47:20    243480    ----a-w-    C:\Windows\System32\drivers\avgidsdrivera.sys
2013-11-25 20:47:20    150808    ----a-w-    C:\Windows\System32\drivers\avgdiska.sys
2013-11-23 18:26:20    417792    ----a-w-    C:\Windows\SysWow64\WMPhoto.dll
2013-11-23 17:47:34    465920    ----a-w-    C:\Windows\System32\WMPhoto.dll
.
============= FINISH: 15:45:58,49 ===============
 

Attached File  attach.txt   8.11KB   1 downloads



BC AdBot (Login to Remove)

 


#2 Mako

Mako

  • Malware Response Team
  • 238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:07:37 PM

Posted 23 February 2014 - 06:00 AM

Hi thomdejong,

Welcome to the BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum. :welcome:
My name is Mako and I will be helping you with your computer problems.

I suggest we start by making sure your computer is completely clean. When finished we'll discuss how to obtain a secure and safe machine. If that's okay for you?

Before we begin, please note the following:

  • Please stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • The instructions given are for your system only!
  • Please do not run any tools until requested! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • If you don't understand something don't hesitate to ask before running the tools.

Now let's get started...

:step1: I've noticed a lot of DNS redirects in your log. Most of them belonging to a Dutch company 'RIPE NCC (RIPE Network Coordination Center)'. Do you have idea how this may be related to your system or any program?

:step2: ======Zoek.exe======

Take action to disable your antivirus and antispyware programs, as they may conflict with Zoek.exe
>> Info on how to disable your security applications > http://www.bleepingcomputer.com/forums/topic114351.html

Download 51a612a8b27e2-Zoek.pngzoek.exe to your desktop

  • If Internet Explorer, any other browser, or a security program issues a warning indicating the file is unsafe, please ignore, since it is a false warning.

Using Zoek.exe

  • On the Desktop, double-click Zoek.exe to start the tool.
    Windows Vista, 7 and 8 users right-click the file and select: Run as Administrator.
    Give the program a few seconds to appear.
  • Copy and paste the following script in the code box:
  • Note: This script is written for usage on this system only, do not use it on any other computer even if the problems are similar.
    filesrcm;
    startupall;
    chromelook;
    firefoxlook;
    emptyfolderscheck;
    torpigcheck;
    
  • Click the "Run script" button and wait patiently.
  • When finished the logfile will be opened in notepad.
  • If a reboot is needed the logfile will be opened after reboot.
  • The zoek-results.log can also be found on your systemdrive.
  • Please post the logfile for further review in your next comment.

:step3: ====aswMBR====

Please download aswMBR ( 4.5MB ) to your desktop.

  • Double click the aswMBR.exe icon, and click Run.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Click the Scan button to start the scan.
  • On completion of the scan, click the save log button, save it to your desktop, then attach it to your next reply.

Regards,

Mako

 

Member of UNITE Unified Network of Instructors and Trained Eliminators

Noticed any spelling or grammar errors in my reply? Please feel free to point them out to me, I'm always eager to learn. 


#3 thomdejong

thomdejong
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:37 PM

Posted 23 February 2014 - 03:59 PM

Thanks Mako!

 

A bit late response because I wasn't at home yesterday, I can respond a lot faster the next couple days so this won't have to take ages.

 

1 I don't know the company, I searched it on wikipedia and found the following information:

 

The Réseaux IP Européens Network Coordination Centre (RIPE NCC) is the Regional Internet Registry (RIR) for Europe, the Middle East and parts of Central Asia. It is headquartered in Amsterdam, Netherlands.[1]

 

An RIR oversees the allocation and registration of Internet number resources (IPv4 addresses, IPv6 addresses and Autonomous System (AS) Numbers) in a specific region.

The RIPE NCC supports the technical and administrative coordination of the infrastructure of the Internet. It is a not-for-profit membership organisation with over 7,038 (as of September 2010) members located in over 70 countries in its service region.

 

Any individual or organisation can become a member of the RIPE NCC. The membership consists mainly of Internet service providers (ISPs), telecommunication organisations, educational institutions, governments, regulatory agencies, and large corporations.

 

My ISP is Telfort in the Netherlands, but I don't know if they use this company.

I don't know what DNS redirects mean to my computer's security tho, please explain.

 

2 Zoek.exe logfile

 

Zoek.exe v5.0.0.0 Updated 19-February-2014
Tool run by Thom on zo 23-02-2014 at 21:18:59,88.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Thom\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

23-2-2014 21:20:44 Zoek.exe System Restore Point Created Succesfully.

==== Torpig Check ======================

HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\FileSystem {217FC9C0-3AEA-1069-A2DB-08002B30309D} %SystemRoot%\system32\shell32.dll
HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\FileZilla3CopyHook {DB70412E-EEC9-479C-BBA9-BE36BFDDA41B} C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\Sharing {40dd6e20-7c17-11ce-a804-00aa003ca9f6} %SystemRoot%\system32\ntshrui.dll


==== Empty Folders Check ======================

C:\PROGRA~3\Deadtime Stories
C:\PROGRA~3\Oracle
C:\Users\Thom\AppData\Roaming\DataWork
C:\Users\Thom\AppData\Roaming\SynthMaker
C:\Users\Thom\AppData\Roaming\TP
C:\Users\Thom\AppData\Roaming\Windows Live Writer

==== Files Recently Created / Modified ======================

====== C:\Windows ====
====== C:\Users\Thom\AppData\Local\Temp ====
====== Java Cache =====
2014-02-21 16:17:03    C1BBA7F1278F193AB584FFF460DB5E2A    17878    ----a-w-    C:\Users\Thom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\eef218c-76913568
2014-02-21 16:16:58    415FC9732A3F4D89A0E01251CD66E136    646    ----a-w-    C:\Users\Thom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\49a00451-4f5b7d54
2014-02-21 16:16:58    FB91FBFC1E489AE22F33AD16B05D830A    99    ----a-w-    C:\Users\Thom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\49a00451-6.0.lap
2014-02-21 16:16:57    415FC9732A3F4D89A0E01251CD66E136    646    ----a-w-    C:\Users\Thom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\3cb32f52-5769df56
2014-02-21 16:16:59    34FA8033B50A3F99D3AB8209C72C0ABA    6860    ----a-w-    C:\Users\Thom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\1ca2666b-2be96ce8
====== C:\Windows\SysWOW64 =====
2014-02-21 16:16:06    95E15A2DE75AB48728AB8E1911C3EDB1    264616    ----a-w-    C:\Windows\SysWOW64\javaws.exe
2014-02-21 16:15:57    CB3638541DCAC86EE17FA8258202E20E    175016    ----a-w-    C:\Windows\SysWOW64\javaw.exe
2014-02-21 16:15:57    A7871E39687EC6EE9712209DAE248B3A    96168    ----a-w-    C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-02-21 16:15:57    9395BBE294045909A025C9F3DC3D9025    174504    ----a-w-    C:\Windows\SysWOW64\java.exe
2014-02-13 02:02:21    3D485254E43EF4E4F707346B5731EA9A    454656    ----a-w-    C:\Windows\SysWOW64\vbscript.dll
2014-02-13 02:01:03    B8F28AAC003060E3B125D2447CFC19E2    164864    ----a-w-    C:\Windows\SysWOW64\msrating.dll
2014-02-13 02:01:03    B5B3334F177CED627C2D7FE38235B6B1    2724864    ----a-w-    C:\Windows\SysWOW64\mshtml.tlb
2014-02-13 02:01:02    85AC8EB265EDCAD86D651D45C5E3AB83    440832    ----a-w-    C:\Windows\SysWOW64\ieui.dll
2014-02-13 02:00:59    C9D1131E2163CE932DF3EAAF0EEA3673    524288    ----a-w-    C:\Windows\SysWOW64\msfeeds.dll
2014-02-13 02:00:59    7D6B20C69CC8EECB8F31D4FAF913BBE8    112128    ----a-w-    C:\Windows\SysWOW64\ieUnatt.exe
2014-02-13 02:00:59    6A06EB11F1E5BDAA795DAE7838F9FE20    43008    ----a-w-    C:\Windows\SysWOW64\jsproxy.dll
2014-02-13 02:00:58    408805B8083896DC95E6340F4016BEBD    61952    ----a-w-    C:\Windows\SysWOW64\iesetup.dll
2014-02-13 02:00:58    260D6B421E5551E8BA75D16B5CA90D9A    51200    ----a-w-    C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-13 02:00:58    0E7B7C9F483300F9FF97C6A1E4BC4F57    32768    ----a-w-    C:\Windows\SysWOW64\iernonce.dll
2014-02-13 02:00:57    0F739443669F3A48F1B2325995117BFE    553472    ----a-w-    C:\Windows\SysWOW64\jscript9diag.dll
2014-02-13 02:00:56    5DD49C02D059C1E6E47A8FB4A076C9B1    703488    ----a-w-    C:\Windows\SysWOW64\ieapfltr.dll
2014-02-13 02:00:55    9C89246184979A070B0C6CCF61C68136    1820160    ----a-w-    C:\Windows\SysWOW64\wininet.dll
2014-02-13 02:00:55    34CBED7698D557DDB43F8732FBC2ACB9    2168320    ----a-w-    C:\Windows\SysWOW64\iertutil.dll
2014-02-13 02:00:54    5D9DC6332A4FC66388B09BBE7CF53750    1156096    ----a-w-    C:\Windows\SysWOW64\urlmon.dll
2014-02-13 02:00:54    40E68599FE3A10F816217D3789FCE74E    1964032    ----a-w-    C:\Windows\SysWOW64\inetcpl.cpl
2014-02-13 02:00:51    79FA7D8B488F90EDE325963379A6F738    11266048    ----a-w-    C:\Windows\SysWOW64\ieframe.dll
2014-02-13 02:00:49    C863E5A2417DF0F2A31ED32C3B2CB23F    17103872    ----a-w-    C:\Windows\SysWOW64\mshtml.dll
2014-02-13 02:00:49    99280392987A1A96C756A9F38C4CE396    4244480    ----a-w-    C:\Windows\SysWOW64\jscript9.dll
2014-02-12 20:24:44    EA093130471090037BB70A4AF86FAD1B    420008    ----a-w-    C:\Windows\SysWOW64\locale.nls
2014-02-12 20:24:43    E4561704CBFA193761743E5AF746C669    1237504    ----a-w-    C:\Windows\SysWOW64\msxml3.dll
2014-02-12 20:24:43    17B06F23237FCD731FA2E10ECD6EDFE1    2048    ----a-w-    C:\Windows\SysWOW64\msxml3r.dll
2014-02-12 20:24:33    E01D2AC63453534DB8AD1EA97DEE9C3A    594944    ----a-w-    C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-12 20:24:33    6142C5540C8D2764D59CBC11AF4A5900    572416    ----a-w-    C:\Windows\SysWOW64\RMActivate.exe
2014-02-12 20:24:33    0F5FEF37588AF457E02125674F171A4F    508928    ----a-w-    C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-12 20:24:32    BBCE3E9E74C7CEA47FA4115B360AC2C6    423936    ----a-w-    C:\Windows\SysWOW64\secproc_isv.dll
2014-02-12 20:24:32    12A9F24DC9F465DA79AC2272D829A81E    428032    ----a-w-    C:\Windows\SysWOW64\secproc.dll
2014-02-12 20:24:32    08D323750350A8A29611D1004C0CF319    510976    ----a-w-    C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-12 20:24:31    9158DBE2F8483434FC72F320690C9DB8    87040    ----a-w-    C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-12 20:24:31    7FA485555BF802FE3DB5598004DBDFAC    390144    ----a-w-    C:\Windows\SysWOW64\msdrm.dll
2014-02-12 20:24:31    58712A48D31B40EBCB35B47205F87771    87040    ----a-w-    C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-12 20:24:27    D96106CF60505734B14F6AE80AAA4B07    1987584    ----a-w-    C:\Windows\SysWOW64\d3d10warp.dll
2014-02-12 20:24:26    14800BD31701A5047AC3145BB1E698AE    3419136    ----a-w-    C:\Windows\SysWOW64\d2d1.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2014-02-13 02:02:21    F67C7D80745379DC4C5332EFFE5AC696    548864    ----a-w-    C:\Windows\Sysnative\vbscript.dll
2014-02-13 02:01:04    94C59DD02BC7EA0E421055B9946CA861    2724864    ----a-w-    C:\Windows\Sysnative\mshtml.tlb
2014-02-13 02:01:03    1D1D7F52EC84294859642A4309FE648E    195584    ----a-w-    C:\Windows\Sysnative\msrating.dll
2014-02-13 02:01:02    63B5E990896BA81D604032A48CC80A5C    574976    ----a-w-    C:\Windows\Sysnative\ieui.dll
2014-02-13 02:01:01    FD08F8BA2437A85F500EFFE3FD3158A6    33792    ----a-w-    C:\Windows\Sysnative\iernonce.dll
2014-02-13 02:01:01    E77092C38028EB0A5C461B3436E0A6D5    4096    ----a-w-    C:\Windows\Sysnative\ieetwcollectorres.dll
2014-02-13 02:01:01    27516B54E116D5EF8B0129B5C829A87C    218624    ----a-w-    C:\Windows\Sysnative\ie4uinit.exe
2014-02-13 02:00:59    CDE728C8FB1D6E132CED44835FA44C87    627200    ----a-w-    C:\Windows\Sysnative\msfeeds.dll
2014-02-13 02:00:59    99ED8FBAFD325550D07A32664D9E3CC8    53760    ----a-w-    C:\Windows\Sysnative\jsproxy.dll
2014-02-13 02:00:58    FCFAEDF0AA1A78A1875FDB798598408B    48640    ----a-w-    C:\Windows\Sysnative\ieetwproxystub.dll
2014-02-13 02:00:58    E129D34089E70215B65EA611F802FA9A    111616    ----a-w-    C:\Windows\Sysnative\ieetwcollector.exe
2014-02-13 02:00:58    C1E2C16D58D76323800C3EE5E2C5095A    66048    ----a-w-    C:\Windows\Sysnative\iesetup.dll
2014-02-13 02:00:58    338415F2E9A188875B6E43B5269620B0    139264    ----a-w-    C:\Windows\Sysnative\ieUnatt.exe
2014-02-13 02:00:57    D016F5092E4FFC41147E8555A71D2DDE    23170048    ----a-w-    C:\Windows\Sysnative\mshtml.dll
2014-02-13 02:00:56    F348B2D0983C91392632B4291C517AA4    817664    ----a-w-    C:\Windows\Sysnative\ieapfltr.dll
2014-02-13 02:00:56    3906C9640406FC0FC00A324947C74893    708608    ----a-w-    C:\Windows\Sysnative\jscript9diag.dll
2014-02-13 02:00:55    6300AD525D639CECBB3D144B6D7B30F9    2765824    ----a-w-    C:\Windows\Sysnative\iertutil.dll
2014-02-13 02:00:54    263B6E451526A90FF8B1CEC759F22956    2334208    ----a-w-    C:\Windows\Sysnative\wininet.dll
2014-02-13 02:00:54    22874047B810B5B174C68ACD7C0B6510    1393664    ----a-w-    C:\Windows\Sysnative\urlmon.dll
2014-02-13 02:00:53    83296DE8CFFEADA636DCC1AB2E3BF643    2041856    ----a-w-    C:\Windows\Sysnative\inetcpl.cpl
2014-02-13 02:00:52    DB02F4D37E5F7F07A0D0F9FAA68249EE    13051392    ----a-w-    C:\Windows\Sysnative\ieframe.dll
2014-02-13 02:00:48    5922EEA922D3AD686342F866CAEE851F    5768704    ----a-w-    C:\Windows\Sysnative\jscript9.dll
2014-02-12 20:24:44    EA093130471090037BB70A4AF86FAD1B    420008    ----a-w-    C:\Windows\Sysnative\locale.nls
2014-02-12 20:24:44    0D298133C359AB8CB9EB4FA178BF3947    1882112    ----a-w-    C:\Windows\Sysnative\msxml3.dll
2014-02-12 20:24:43    CD2C20CC3B385A32701F78C0ACBBE9F3    2048    ----a-w-    C:\Windows\Sysnative\msxml3r.dll
2014-02-12 20:24:33    1B3741488AA7E237961A29D1E7A44C0A    626176    ----a-w-    C:\Windows\Sysnative\RMActivate.exe
2014-02-12 20:24:33    17CF3B3F68272BD40C878D4DBAB0EBC9    658432    ----a-w-    C:\Windows\Sysnative\RMActivate_isv.exe
2014-02-12 20:24:32    C6AC2C91541D24F9E236A670C0CA793D    528384    ----a-w-    C:\Windows\Sysnative\msdrm.dll
2014-02-12 20:24:32    5693212AB2EBCACBBE05EC3A642113E2    485888    ----a-w-    C:\Windows\Sysnative\secproc_isv.dll
2014-02-12 20:24:32    399FC1B75790EE606A6FD9F2FB4C891C    488448    ----a-w-    C:\Windows\Sysnative\secproc.dll
2014-02-12 20:24:32    297926B15AE5390409F1007EB28A8EFB    552960    ----a-w-    C:\Windows\Sysnative\RMActivate_ssp_isv.exe
2014-02-12 20:24:32    03F8F411F118CFDA508E77C747BB05EA    553984    ----a-w-    C:\Windows\Sysnative\RMActivate_ssp.exe
2014-02-12 20:24:31    DC6DD779F35BB42E2E76FDFEC565C251    123392    ----a-w-    C:\Windows\Sysnative\secproc_ssp_isv.dll
2014-02-12 20:24:31    B41B1FEDEBBD955B4E25676B42087885    123392    ----a-w-    C:\Windows\Sysnative\secproc_ssp.dll
2014-02-12 20:24:27    E8710B5DDA963E6BA198DF5FB209E72A    2565120    ----a-w-    C:\Windows\Sysnative\d3d10warp.dll
2014-02-12 20:24:26    C676E5EA388AF7C4C031F56F9B42E362    3928064    ----a-w-    C:\Windows\Sysnative\d2d1.dll
====== C:\Windows\Sysnative\drivers =====
2014-02-21 00:29:18    CC6D3A79D09A3108A7DBD2790B7AFED0    25568    ----a-w-    C:\Windows\Sysnative\drivers\KeyCrypt64.sys
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
======= C:\PROGRA~2 =====
2014-02-21 16:16:12    --------    d-----w-    C:\PROGRA~2\COMMON~1\Java
2014-02-21 00:29:18    --------    d-----w-    C:\PROGRA~2\KeyCryptSDK
2014-02-20 21:29:42    --------    d-----w-    C:\PROGRA~2\AVG
======= C: =====
====== C:\Users\Thom\AppData\Roaming ======
2014-02-21 20:49:02    B810104420C4CD49E91DC09B32FB5C5B    24576    ----a-w-    C:\Users\Thom\AppData\Local\uninst.tmp
2014-02-20 21:31:40    --------    d-----w-    C:\Users\Thom\AppData\Roaming\AVG2014
2014-02-20 21:31:29    --------    d-----w-    C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming\AVG2014
2014-02-20 21:31:07    --------    d-----w-    C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Avg2014
2014-02-20 21:31:05    --------    d-----w-    C:\Users\Thom\AppData\Roaming\TuneUp Software
2014-02-20 21:29:43    --------    d-----w-    C:\Windows\SysNative\config\systemprofile\AppData\Local\Avg2014
2014-02-20 21:24:17    --------    d-----w-    C:\Users\Thom\AppData\Local\Avg2014
2014-02-13 00:26:56    --------    d-----w-    C:\Users\Thom\AppData\Roaming\DogeCoin
====== C:\Users\Thom ======
2014-02-23 07:07:45    --------    d-----w-    C:\ProgramData\AVG 0214c Campaign
2014-02-21 21:35:44    0840EB50F38B3A9BBA2D24780AEB07A6    1241834    ----a-w-    C:\Users\Thom\Desktop\AdwCleaner.exe
2014-02-21 16:16:30    --------    d-----w-    C:\ProgramData\Oracle
2014-02-21 16:15:57    --------    d-----w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-02-21 14:44:18    8B968045D75783A09592C3105F2865DA    688992    ----a-r-    C:\Users\Thom\Desktop\dds.com
2014-02-21 00:39:13    6C6494E1263DCF7D36D877AD5DFD7D8F    114717    ----a-w-    C:\Users\Thom\Desktop\KL-Detector.exe
2014-02-20 23:44:14    25CABA7671247023155D72906625ADA7    4122976    ----a-w-    C:\Users\Thom\Desktop\tdsskiller.exe
2014-02-20 21:50:56    930556AC8837A77E443FF73C473A3054    47616    ----a-w-    C:\Users\Thom\Desktop\Win32kDiag.exe
2014-02-20 21:31:05    --------    d-----w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-02-20 21:30:31    --------    d-----w-    C:\ProgramData\AVG2014
2014-02-20 21:24:17    --------    d--h--w-    C:\ProgramData\Common Files

====== C: exe-files ==
2014-02-23 07:07:47    F1035139A090C1D839209AF0CDED0AB7    7006109    ----a-w-    C:\ProgramData\AVG 0214c Campaign\Launcher.exe
2014-02-23 07:07:47    EE2C15CD4214E6F4CAF35B5381630603    157000    ----a-w-    C:\ProgramData\AVG 0214c Campaign\MachineIdCreator.exe
2014-02-23 07:07:47    DA2C29DF0B6B9BEA6CC5162924010E4B    22040    ----a-w-    C:\ProgramData\AVG 0214c Campaign\Setup.exe
2014-02-23 07:07:47    397B42F989468A3C2E6FEA788A45C592    3166288    ----a-w-    C:\ProgramData\AVG 0214c Campaign\safeguard.exe
2014-02-23 07:07:46    F8B752B674B40F588EF061EB3EF55777    3085904    ----a-w-    C:\ProgramData\AVG 0214c Campaign\avg.exe
2014-02-23 07:07:46    D039F98E767C2CF5020033B6ADDABB76    2548248    ----a-w-    C:\ProgramData\AVG 0214c Campaign\AVG-Secure-Search-Update.exe
2014-02-23 07:07:46    D039F98E767C2CF5020033B6ADDABB76    2548248    ----a-w-    C:\ProgramData\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe
2014-02-23 07:07:31    7D0C6962E353BDE0C882211AFF5869C5    14100640    ----a-w-    C:\Program Files (x86)\AVG\AVG2014\Notification\Launcher.exe
=== C: other files ==
2014-02-21 14:44:18    8B968045D75783A09592C3105F2865DA    688992    ----a-r-    C:\Users\Thom\Desktop\dds.com
2014-02-21 00:29:18    CC6D3A79D09A3108A7DBD2790B7AFED0    25568    ----a-w-    C:\Windows\System32\drivers\KeyCrypt64.sys
2014-02-20 23:57:22    F0ECD6BD7C7331D77C91DF55BDB3D7DA    536255    ----a-w-    C:\Users\Thom\AppData\Roaming\Mozilla\Firefox\Profiles\wosbxhat.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
2014-02-20 20:51:50    5D0D3BE86EEE4E41BABED8248D4AC6C4    38030    ----a-w-    C:\Users\Thom\Desktop\kldetector13.zip

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-811424810-1323542184-1123006007-1002\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-21-811424810-1323542184-1123006007-1002\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ASUSPRP"="C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
"StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun"
"ATKOSD2"="C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe"
"HControlUser"="C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe"
"ZALFree"="C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe /MINIMIZED"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\PROGRA~2\\KEYCRY~1\\KEYCRY~3.DLL"

==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Adobe ARM"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Reader Speed Launcher]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Adobe Reader Speed Launcher"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Reader_sl.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ASUS Screen Saver Protector]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ASUS Screen Saver Protector"
"hkey"="HKLM"
"command"="C:\\Windows\\AsScrPro.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ASUSWebStorage]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ASUSWebStorage"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\ASUS\\ASUS WebStorage\\3.0.108.222\\AsusWSPanel.exe /S"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ATKMEDIA]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ATKMEDIA"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\ASUS\\ATK Package\\ATK Media\\DMedia.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AVG_UI]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AVG_UI"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\AVG\\AVG2014\\avgui.exe\" /TRAYONLY"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CLMLServer]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CLMLServer"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\CyberLink\\Power2Go\\CLMLSvc.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ETDCtrl]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ETDCtrl"
"hkey"="HKLM"
"command"="%ProgramFiles%\\Elantech\\ETDCtrl.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HP Photosmart 5520 series (NET)]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="HP Photosmart 5520 series (NET)"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\HP\\HP Photosmart 5520 series\\Bin\\ScanToPCActivationApp.exe\" -deviceID \"CN2A4166M405ST:NW\" -scfn \"HP Photosmart 5520 series (NET)\" -AutoStart 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HP Software Update]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="HP Software Update"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\Hp\\HP Software Update\\HPWuSchd2.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\mcui_exe]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mcui_exe"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\McAfee.com\\Agent\\mcagent.exe\" /runkey"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Mikogo]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Mikogo"
"hkey"="HKCU"
"command"="\"C:\\Users\\Thom\\AppData\\Roaming\\Mikogo 4\\mikogo-host.exe\" -asp"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Persistence]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Persistence"
"hkey"="HKLM"
"command"="C:\\Windows\\system32\\igfxpers.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RTHDVCPL]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RTHDVCPL"
"hkey"="HKLM"
"command"="C:\\Program Files\\Realtek\\Audio\\HDA\\RAVCpl64.exe -s"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SunJavaUpdateSched"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Wireless Console 3]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Wireless Console 3"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\ASUS\\Wireless Console 3\\wcourier.exe"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Thom^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Inktwaarschuwingen controleren - HP Photosmart 5520 series (netwerk).lnk]
"path"="C:\\Users\\Thom\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Inktwaarschuwingen controleren - HP Photosmart 5520 series (netwerk).lnk"
"backup"="C:\\Windows\\pss\\Inktwaarschuwingen controleren - HP Photosmart 5520 series (netwerk).lnk.Startup"
"backupExtension"=".Startup"
"command"="C:\\Windows\\system32\\RunDll32.exe \"C:\\Program Files\\HP\\HP Photosmart 5520 series\\bin\\HPStatusBL.dll\",RunDLLEntry SERIALNUMBER=CN2A4166M405ST;CONNECTION=NW;MONITOR=1;"
"item"="Inktwaarschuwingen controleren - HP Photosmart 5520 series (netwerk)"


==== Startup Folders ======================

2013-01-05 02:29:11    1108    ----a-w-    C:\Users\Thom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4t Tray Minimizer.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [21-02-2014 03:25]
C:\Windows\tasks\AVG_SYS_TASK.job --a------ C:\ProgramData\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe [28-01-2014 20:07]
C:\Windows\tasks\AVG_SYS_TASK_DELETE.job --a------ C:\ProgramData\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe [28-01-2014 20:07]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [24-02-2012 03:28]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [24-02-2012 03:28]

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\ASUS P4G" [C:\Program Files\ASUS\P4G\BatteryLife.exe]
"C:\Windows\SysNative\tasks\ASUS Quick Gesture" [C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x86\QuickGesture.exe]
"C:\Windows\SysNative\tasks\ASUS Quick Gesture (x64)" [C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x64\QuickGesture64.exe]
"C:\Windows\SysNative\tasks\ASUS USB Charger Plus" ["C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe"]
"C:\Windows\SysNative\tasks\ATKOSD2" [C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe]
"C:\Windows\SysNative\tasks\AVG_SYS_TASK" [C:\ProgramData\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe]
"C:\Windows\SysNative\tasks\AVG_SYS_TASK_DELETE" [C:\ProgramData\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe]
"C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\HPCustParticipation HP Photosmart 5520 series" ["C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPCustPartic.exe"]
"C:\Windows\SysNative\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe]
"C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]
"C:\Windows\SysNative\tasks\SystemSockets\SystemSockets" ["C:\Program Files (x86)\HomeTab\SystemSockets.exe"]

==== Folders in C:\PROGRA~3 0-6 Months Old ======================

2014-01-15 00:56:35    --------    d-----w-    C:\PROGRA~3\Spybot - Search & Destroy
2014-01-20 21:06:43    --------    d-----w-    C:\PROGRA~3\Malwarebytes
2014-02-20 21:24:16    --------    d-----w-    C:\PROGRA~3\MFAData
2014-02-20 21:24:17    --------    d--h--w-    C:\PROGRA~3\Common Files
2014-02-20 21:30:31    --------    d-----w-    C:\PROGRA~3\AVG2014
2014-02-21 16:16:30    --------    d-----w-    C:\PROGRA~3\Oracle
2014-02-23 07:07:45    --------    d-----w-    C:\PROGRA~3\AVG 0214c Campaign

==== Firefox Extensions ======================

ProfilePath: C:\Users\Thom\AppData\Roaming\Mozilla\Firefox\Profiles\wosbxhat.default
- CookiesOK - %ProfilePath%\extensions\jid0-UgB5JNMPWHIRM4dcAe76c7EcVis@jetpack.xpi
- NoScript - %ProfilePath%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

ProfilePath: C:\Users\Thom\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_853802
- Undetermined - C:\Users\Thom\AppData\Roaming\Mozilla\Firefox\Profiles\wosbxhat.default\extensions\{4ca8c1be-c30f-49bf-9ac8-f3e63f49665d}
- HomeTab - %ProfilePath%\extensions\{4ca8c1be-c30f-49bf-9ac8-f3e63f49665d}
- CookiesOK - %ProfilePath%\extensions\jid0-UgB5JNMPWHIRM4dcAe76c7EcVis@jetpack.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Thom\AppData\Roaming\Mozilla\Firefox\Profiles\wosbxhat.default
D775FA6F1E88B3B99E69E8A0D6C3A819    - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll -    Shockwave Flash


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
ndgonipadfipmlmdfofnjnhhlgojnjdn - C:\Users\Thom\AppData\Local\CRE\ndgonipadfipmlmdfofnjnhhlgojnjdn.crx[10-09-2012 12:29]
oihiaojfckjaconbjjpanjechlighodn - C:\Program Files (x86)\HomeTab\chrome\HomeTab.crx[]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
ndgonipadfipmlmdfofnjnhhlgojnjdn - C:\Users\Thom\AppData\Local\CRE\ndgonipadfipmlmdfofnjnhhlgojnjdn.crx[10-09-2012 12:29]

==== C:\zoek_backup content ======================

C:\zoek_backup (files=0 folders=0 0 bytes)

==== EOF on zo 23-02-2014 at 21:29:50,76 ======================
 

 

3 aswMBR logfile, I don't know if it worked properly because it was done in 1 second, after that it stopped working for me

 

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2014-02-23 21:30:59
-----------------------------
21:30:59.432    OS Version: Windows x64 6.1.7601 Service Pack 1
21:30:59.433    Number of processors: 4 586 0x1001
21:30:59.434    ComputerName: THOM-PC  UserName: Thom
21:30:59.483    Initialze error 1
21:36:56.544    AVAST engine defs: 14022301
21:37:18.587    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000062
21:37:18.602    Disk 0 Vendor: Hitachi_ GG2O Size: 476940MB BusType: 11
21:37:18.649    Disk 0 MBR read successfully
21:37:18.649    Disk 0 MBR scan
21:37:18.665    Disk 0 unknown MBR code
21:37:18.665    Disk 0 Partition 1 00     EE          GPT            476940 MB offset 1
21:37:18.680    Disk 0 scanning C:\Windows\system32\drivers
21:37:18.680    Service scanning
21:37:19.257    Modules scanning
21:37:19.257    Disk 0 trace - called modules:
21:37:19.273    
21:37:19.273    AVAST engine scan C:\Windows
21:37:19.289    AVAST engine scan C:\Windows\system32
21:37:19.289    AVAST engine scan C:\Windows\system32\drivers
21:37:19.304    AVAST engine scan C:\Users\Thom
21:37:19.304    AVAST engine scan C:\ProgramData
21:37:19.320    Scan finished successfully
21:37:37.010    Disk 0 MBR has been saved successfully to "C:\Users\Thom\Desktop\MBR.dat"
21:37:37.026    The log file has been saved successfully to "C:\Users\Thom\Desktop\aswMBR.txt"

While I was going to post this post I suddenly got a blue screen and my laptop restarted, my battery was low but not empty yet (didn't get a warning yet), all pretty weird, I got the following information after:

 

Probleemhandtekening:
  Gebeurtenisnaam van probleem:    BlueScreen
  Versie van besturingssysteem:    6.1.7601.2.1.0.768.3
  Landinstelling-id:    1043

Aanvullende informatie over dit probleem:
  BCCode:    109
  BCP1:    A3A039D89B9E56EB
  BCP2:    B3B7465EEE1C92E5
  BCP3:    FFFFF88002F4D5C0
  BCP4:    0000000000000002
  OS Version:    6_1_7601
  Service Pack:    1_0
  Product:    768_1

Bestanden die helpen bij het beschrijven van het probleem:
  C:\Windows\Minidump\022314-46067-01.dmp
  C:\Users\Thom\AppData\Local\Temp\WER-106501-0.sysdata.xml

Lees de onlineprivacyverklaring:
  http://go.microsoft.com/fwlink/?linkid=104288&clcid=0x0413

Als de onlineprivacyverklaring niet beschikbaar is, lees dan onze offlineprivacyverklaring:
  C:\Windows\system32\nl-NL\erofflps.txt
 

Since you are from Belgium I hope you understand this :)



#4 Mako

Mako

  • Malware Response Team
  • 238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:07:37 PM

Posted 25 February 2014 - 04:37 PM

Hello thomdejong,

Sorry for my late response, I somehow didn't get any notifications about this topic. I'll look into this and make sure it doesn't happen again.  :unsure: 

Concerning the RIPE NCC I think this will be related to your ISP in the Netherlands. Nothing to worry about, the company is totally safe.

Looks like you've been using TDSSKiller and AdwCleaner before. Can you attach the results of those scans to your next reply please?

The Blue Screen information wasn't a problem to understand :wink:. I can't really tell if this is related to any of your problems you're experiencing right now since I'm missing some information. I would like to finish some scans and test to make sure your computer is clean before we take a closer look at the Blue Screen issue. Once we do I'll ask for some further information.

:step1: ====Zoek.exe====

Start Zoek.exe 51a612a8b27e2-Zoek.png again.

Take action to disable your antivirus and antispyware programs, as they may conflict with Zoek.exe
>> Info on how to disable your security applications > http://www.bleepingcomputer.com/forums/topic114351.html

Using Zoek.exe

  • On the Desktop, double-click Zoek.exe to start the tool.
    Windows Vista, 7 and 8 users right-click the file and select: Run as Administrator.
    Give the program a few seconds to appear.
  • Copy and paste the following script in the code box:
  • Note: This script is written for usage on this system only, do not use it on any other computer even if the problems are similar.
    autoclean;
    C:\Users\Thom\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_853802\extensions\{4ca8c1be-c30f-49bf-9ac8-f3e63f49665d};fs
    oihiaojfckjaconbjjpanjechlighodn;chr
    C:\Program Files (x86)\HomeTab;fs
    emptyfolderscheck;delete;
    PnrpSqm;z
    
  • Click the "Run script" button and wait patiently.
  • When finished the logfile will be opened in notepad.
  • If a reboot is needed the logfile will be opened after reboot.
  • The zoek-results.log can also be found on your systemdrive.
  • Please post the logfile for further review in your next comment.

:step2: ====Farbar Recovery Scan Tool (FRST)====

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right-click FRST then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.

Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.
 

Once again: my apologies for this late reply.

 

Regards,

Mako


Regards,

Mako

 

Member of UNITE Unified Network of Instructors and Trained Eliminators

Noticed any spelling or grammar errors in my reply? Please feel free to point them out to me, I'm always eager to learn. 


#5 thomdejong

thomdejong
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:37 PM

Posted 25 February 2014 - 05:57 PM

No problem :) Thanks for the information about RIPE NCC and the bluescreen.

 

Zoek logfile:

Zoek.exe v5.0.0.0 Updated 19-February-2014
Tool run by Thom on di 25-02-2014 at 23:06:25,30.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Thom\Desktop\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-02-23-202950.log    25556 bytes

==== Empty Folders Check ======================

C:\PROGRA~3\Deadtime Stories deleted successfully
C:\PROGRA~3\Oracle deleted successfully
C:\Users\Thom\AppData\Roaming\DataWork deleted successfully
C:\Users\Thom\AppData\Roaming\SynthMaker deleted successfully
C:\Users\Thom\AppData\Roaming\TP deleted successfully
C:\Users\Thom\AppData\Roaming\Windows Live Writer deleted successfully

==== Creating Sample_25-02-2014_2326.zip ======================
 
Process firefox.exe killed
Copied file C:\Users\Thom\AppData\Local\TempFullTiltPokerEuSetup.exe to sample\TempFullTiltPokerEuSetup.exe
sample\TempFullTiltPokerEuSetup.exe renamed to 64A8CEEE69E3B322BB543123060862CB

C:\Users\Public\Desktop\sample_25-02-2014_2326.zip created successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-811424810-1323542184-1123006007-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully
HKEY_USERS\S-1-5-21-811424810-1323542184-1123006007-1001\Software\Microsoft\Internet Explorer\SearchScopes\{12386AA4-C70C-4F3B-A34E-9AA29983BB6D} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

ProfilePath: C:\Users\Thom\AppData\Roaming\Mozilla\Firefox\Profiles\wosbxhat.default

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs_25-02-2014_2329_.backup

ProfilePath: C:\Users\Thom\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_853802

prefs.js not found
user.js not found
---- FireFox user.js and prefs.js backups ----


==== Deleting Files \ Folders ======================

C:\Program Files (x86)\HomeTab not found
C:\Users\Thom\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_853802\extensions\{4ca8c1be-c30f-49bf-9ac8-f3e63f49665d} deleted
C:\Program Files\Uninstaller deleted
C:\SoloApp deleted
C:\Users\Thom\AppData\Local\uninst.tmp deleted
C:\Users\Thom\AppData\Local\CRE deleted
C:\Users\Thom\AppData\Local\cache deleted
C:\windows\SysNative\Tasks\SystemSockets deleted
C:\windows\SysNative\Tasks\Browser Updater deleted
C:\Windows\wininit.ini deleted
C:\windows\SysNative\tasks\ProtectedSearch deleted
C:\windows\SysNative\tasks\AVG_SYS_TASK deleted
C:\windows\SysNative\tasks\AVG_SYS_TASK_DELETE deleted
C:\Windows\Launcher.exe deleted
C:\Windows\Syswow64\sho36E5.tmp deleted
C:\Users\Thom\AppData\Roaming\Mozilla\Firefox\Profiles\wosbxhat.default\jetpack deleted
C:\Users\Thom\AppData\Roaming\Mozilla\Firefox\Profiles\wosbxhat.default\CT2849859 deleted
C:\Users\Thom\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_853802\jetpack deleted
C:\Users\Thom\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_853802\CT2849859 deleted
C:\Users\Thom\AppData\Local\TempFullTiltPokerEuSetup.exe deleted
"C:\Users\Thom\AppData\Roaming\Logs\15-01-2014" deleted
"C:\PROGRA~3\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe" deleted
"C:\Users\Thom\AppData\Roaming\Logs" deleted
"C:\PROGRA~3\AVG 0214c Campaign" not deleted

==== Folders Found ======================

2012-11-16 11:59:03 2014-02-21 00:17:43    --------    d-----w-    C:\Windows\ServiceProfiles\LocalService\AppData\Local\PnrpSqm

==== Files Found ======================


--- C:\Users\Thom\AppData\Roaming\Microsoft\Windows\Recent\PnrpSqm (2).lnk ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1183
Created time: 2014-02-20 21:25:56
Modified time: 2014-02-20 21:25:56
MD5: E3C3EE262D4CB75A772AF29B4E38EC42
SHA1: 9277115F4A37E9213EE148E161B9460153F8FA4E


--- C:\Users\Thom\AppData\Roaming\Microsoft\Windows\Recent\PnrpSqm.lnk ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1051
Created time: 2014-02-20 20:56:35
Modified time: 2014-02-21 03:35:03
MD5: 0CA529CF11D01830E4534481D8CC3407
SHA1: E976E2CDAFD2E843CED18D8B9886FD0055505F69


==== Firefox Extensions ======================

ProfilePath: C:\Users\Thom\AppData\Roaming\Mozilla\Firefox\Profiles\wosbxhat.default
- CookiesOK - %ProfilePath%\extensions\jid0-UgB5JNMPWHIRM4dcAe76c7EcVis@jetpack.xpi
- NoScript - %ProfilePath%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

ProfilePath: C:\Users\Thom\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_853802
- Undetermined - C:\Users\Thom\AppData\Roaming\Mozilla\Firefox\Profiles\wosbxhat.default\extensions\{4ca8c1be-c30f-49bf-9ac8-f3e63f49665d}
- CookiesOK - %ProfilePath%\extensions\jid0-UgB5JNMPWHIRM4dcAe76c7EcVis@jetpack.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Thom\AppData\Roaming\Mozilla\Firefox\Profiles\wosbxhat.default
D775FA6F1E88B3B99E69E8A0D6C3A819    - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll -    Shockwave Flash


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
ndgonipadfipmlmdfofnjnhhlgojnjdn - C:\Users\Thom\AppData\Local\CRE\ndgonipadfipmlmdfofnjnhhlgojnjdn.crx[]
oihiaojfckjaconbjjpanjechlighodn - C:\Program Files (x86)\HomeTab\chrome\HomeTab.crx[]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
ndgonipadfipmlmdfofnjnhhlgojnjdn - C:\Users\Thom\AppData\Local\CRE\ndgonipadfipmlmdfofnjnhhlgojnjdn.crx[]

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://search.certified-toolbar.com?si=71578&tid=8195&ver=5.5&ts=1382392800000.000007&tguid=71578-8195-1382459284750-324360A7602E635B976EBD2F4668765C&st=chrome&q="
"Search Bar"="http://search.certified-toolbar.com?si=71578&tid=8195&ver=5.5&ts=1382392800000.000007&tguid=71578-8195-1382459284750-324360A7602E635B976EBD2F4668765C&st=chrome&q="
"Search Page"="http://search.certified-toolbar.com?si=71578&tid=8195&ver=5.5&ts=1382392800000.000007&tguid=71578-8195-1382459284750-324360A7602E635B976EBD2F4668765C&st=chrome&q="
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://search.certified-toolbar.com?si=71578&tid=8195&ver=5.5&ts=1382392800000.000007&tguid=71578-8195-1382459284750-324360A7602E635B976EBD2F4668765C&st=chrome&q="
"Search Bar"="http://search.certified-toolbar.com?si=71578&tid=8195&ver=5.5&ts=1382392800000.000007&tguid=71578-8195-1382459284750-324360A7602E635B976EBD2F4668765C&st=chrome&q="
"Search Page"="http://search.certified-toolbar.com?si=71578&tid=8195&ver=5.5&ts=1382392800000.000007&tguid=71578-8195-1382459284750-324360A7602E635B976EBD2F4668765C&st=chrome&q="
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchURI]
"(Default)"="http://search.certified-toolbar.com?si=71578&st=bs&tid=8195&ver=5.5&ts=1382392800000.000007&tguid=71578-8195-1382459284750-324360A7602E635B976EBD2F4668765C&q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchURI]
"(Default)"="http://search.certified-toolbar.com?si=71578&st=bs&tid=8195&ver=5.5&ts=1382392800000.000007&tguid=71578-8195-1382459284750-324360A7602E635B976EBD2F4668765C&q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.certified-toolbar.com?si=71578&st=bs&tid=8195&ver=5.5&ts=1382392800000.000007&tguid=71578-8195-1382459284750-324360A7602E635B976EBD2F4668765C&q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchURI]
"(Default)"="http://search.certified-toolbar.com?si=71578&st=bs&tid=8195&ver=5.5&ts=1382392800000.000007&tguid=71578-8195-1382459284750-324360A7602E635B976EBD2F4668765C&q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.certified-toolbar.com?si=71578&st=bs&tid=8195&ver=5.5&ts=1382392800000.000007&tguid=71578-8195-1382459284750-324360A7602E635B976EBD2F4668765C&q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\SearchURI]
"(Default)"="http://search.certified-toolbar.com?si=71578&st=bs&tid=8195&ver=5.5&ts=1382392800000.000007&tguid=71578-8195-1382459284750-324360A7602E635B976EBD2F4668765C&q=%s"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURI]
"(Default)"="http://www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://www.google.com/"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://search.certified-toolbar.com?si=71578&tid=8195&ver=5.5&ts=1382392800000.000007&tguid=71578-8195-1382459284750-324360A7602E635B976EBD2F4668765C&st=chrome&q="
"Search Bar"="http://search.certified-toolbar.com?si=71578&tid=8195&ver=5.5&ts=1382392800000.000007&tguid=71578-8195-1382459284750-324360A7602E635B976EBD2F4668765C&st=chrome&q="
"Search Page"="http://search.certified-toolbar.com?si=71578&tid=8195&ver=5.5&ts=1382392800000.000007&tguid=71578-8195-1382459284750-324360A7602E635B976EBD2F4668765C&st=chrome&q="
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://search.certified-toolbar.com?si=71578&tid=8195&ver=5.5&ts=1382392800000.000007&tguid=71578-8195-1382459284750-324360A7602E635B976EBD2F4668765C&st=chrome&q="
"Search Bar"="http://search.certified-toolbar.com?si=71578&tid=8195&ver=5.5&ts=1382392800000.000007&tguid=71578-8195-1382459284750-324360A7602E635B976EBD2F4668765C&st=chrome&q="
"Search Page"="http://search.certified-toolbar.com?si=71578&tid=8195&ver=5.5&ts=1382392800000.000007&tguid=71578-8195-1382459284750-324360A7602E635B976EBD2F4668765C&st=chrome&q="
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"Search Bar"="http://www.google.com"
"Search Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Search]
"Search Bar"="http://www.google.com"
"Search Page"="http://www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Search Bar"="http://www.google.com"
"Search Page"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchURI]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchURI]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchURI]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\SearchURI]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURI]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Search]
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\oihiaojfckjaconbjjpanjechlighodn deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\ndgonipadfipmlmdfofnjnhhlgojnjdn deleted successfully
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\ndgonipadfipmlmdfofnjnhhlgojnjdn deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUSWebStorage deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcui_exe deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mikogo deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Thom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Thom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Thom\AppData\Local\Mozilla\Firefox\Profiles\wosbxhat.default\Cache emptied successfully

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=188 folders=62 61251402 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\postgres\AppData\Local\Temp emptied successfully
C:\Users\Thom\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Thom\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\PROGRA~3\AVG 0214c Campaign"  not found

==== EOF on di 25-02-2014 at 23:42:25,44 ======================
 

 

FRST logfile:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-02-2014 01
Ran by Thom (administrator) on THOM-PC on 25-02-2014 23:45:03
Running from C:\Users\Thom\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: Dutch Standard
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(AMD) C:\Windows\system32\atieclxx.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(4t Niagara Software) C:\Program Files (x86)\4t Tray Minimizer\4t-min.exe
(Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe
(4t Niagara Software) C:\Program Files (x86)\4t Tray Minimizer\4t-min64.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x86\QuickGesture.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x64\QuickGesture64.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM-x32\...\Run: [ASUSPRP] - C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3331312 2012-02-24] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [630912 2012-03-29] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ATKOSD2] - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [322176 2012-02-16] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [HControlUser] - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [ZALFree] - C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe [12739936 2014-02-12] (Zemana Ltd.)
AppInit_DLLs: C:\PROGRA~2\KEYCRY~1\KEYCRY~4.DLL => C:\Program Files (x86)\KeyCryptSDK\KeyCrypt64(1).dll [90448 2014-02-12] (Zemana Ltd.)
AppInit_DLLs-x32: C:\PROGRA~2\KEYCRY~1\KEYCRY~3.DLL => C:\Program Files (x86)\KeyCryptSDK\KeyCrypt32(1).dll [83208 2014-02-12] (Zemana Ltd.)
Startup: C:\Users\Thom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4t Tray Minimizer.lnk
ShortcutTarget: 4t Tray Minimizer.lnk -> C:\Program Files (x86)\4t Tray Minimizer\4t-min.exe (4t Niagara Software)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
BHO: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {1c98a3ee-3194-4309-8715-ad4c57183160} -  No File
Toolbar: HKCU - No Name - {2D8D9ACC-F6D7-4362-8876-A275CA929591} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 195.241.77.55 195.241.77.58

FireFox:
========
FF ProfilePath: C:\Users\Thom\AppData\Roaming\Mozilla\Firefox\Profiles\wosbxhat.default
FF Homepage: google.com
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @threeships.nl/TSHelper;version=1.0.1.3 - C:\Program Files (x86)\Common Files\ThreeShips Shared\Dll\\npTSHelper.dll (Three Ships)
FF Plugin-x32: @threeships.nl/TSHelper;version=2.0.0.1 - C:\Program Files (x86)\Common Files\ThreeShips Shared\Dll\\npTSHelper.dll (Three Ships)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\bolcom-nl.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\marktplaats-nl.xml
FF Extension: CookiesOK - C:\Users\Thom\AppData\Roaming\Mozilla\Firefox\Profiles\wosbxhat.default\Extensions\jid0-UgB5JNMPWHIRM4dcAe76c7EcVis@jetpack.xpi [2013-01-28]
FF Extension: NoScript - C:\Users\Thom\AppData\Roaming\Mozilla\Firefox\Profiles\wosbxhat.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-02-21]

==================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-03-29] (Advanced Micro Devices, Inc.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3788816 2014-01-22] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 pgsql-8.3; C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe [65536 2009-12-10] (PostgreSQL Global Development Group)

==================== Drivers (Whitelisted) ====================

R3 AiCharger; C:\Windows\SysWOW64\DRIVERS\AiCharger.sys [17152 2012-02-29] (ASUSTek Computer Inc.)
R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [31872 2012-02-01] (Advanced Micro Devices, Inc.)
R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [55936 2011-11-13] (Advanced Micro Devices)
R3 AsusVBus; C:\Windows\System32\DRIVERS\AsusVBus.sys [35968 2011-12-21] (Windows ® Win 7 DDK provider)
R3 AsusVTouch; C:\Windows\System32\DRIVERS\AsusVTouch.sys [16512 2011-11-08] (Windows ® Win 7 DDK provider)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [150808 2013-11-25] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [243480 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [196376 2013-11-25] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-10-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [251192 2013-08-01] (AVG Technologies CZ, s.r.o.)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R3 keycrypt; C:\Windows\System32\DRIVERS\KeyCrypt64.sys [25568 2014-02-12] (Zemana Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-25 23:45 - 2014-02-25 23:46 - 00013870 _____ () C:\Users\Thom\Desktop\FRST.txt
2014-02-25 23:44 - 2014-02-25 23:45 - 00000000 ____D () C:\FRST
2014-02-25 23:39 - 2014-02-25 23:06 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-02-25 23:27 - 2014-02-25 23:27 - 22657295 _____ () C:\Users\Public\Desktop\sample_25-02-2014_2326.zip
2014-02-25 23:09 - 2014-02-25 23:10 - 02156032 _____ (Farbar) C:\Users\Thom\Desktop\FRST64.exe
2014-02-25 23:09 - 2014-02-21 22:39 - 00004749 _____ () C:\Users\Thom\Desktop\AdwCleaner[S0].txt
2014-02-25 23:09 - 2014-02-21 22:37 - 00005635 _____ () C:\Users\Thom\Desktop\AdwCleaner[R0].txt
2014-02-25 23:08 - 2014-02-23 21:29 - 00025556 _____ () C:\zoek-results2014-02-23-202950.log
2014-02-23 21:52 - 2014-02-23 21:53 - 00275824 _____ () C:\Windows\Minidump\022314-46067-01.dmp
2014-02-23 21:51 - 2014-02-23 21:51 - 580089324 _____ () C:\Windows\MEMORY.DMP
2014-02-23 21:37 - 2014-02-23 21:37 - 00001422 _____ () C:\Users\Thom\Desktop\aswMBR.txt
2014-02-23 21:37 - 2014-02-23 21:37 - 00000512 _____ () C:\Users\Thom\Desktop\MBR.dat
2014-02-23 21:30 - 2014-02-25 23:43 - 00018458 _____ () C:\Users\Thom\Desktop\zoek-results.txt
2014-02-23 21:30 - 2014-02-23 21:30 - 04745728 _____ (AVAST Software) C:\Users\Thom\Downloads\aswmbr.exe
2014-02-23 21:20 - 2014-02-25 23:42 - 00018458 _____ () C:\zoek-results.log
2014-02-23 21:18 - 2014-02-25 23:29 - 00000000 ____D () C:\zoek_backup
2014-02-23 21:15 - 2014-02-23 21:15 - 01284608 _____ () C:\Users\Thom\Desktop\zoek.exe
2014-02-23 08:07 - 2014-02-25 23:42 - 00000386 _____ () C:\Windows\Tasks\AVG_SYS_TASK_DELETE.job
2014-02-23 08:07 - 2014-02-25 23:42 - 00000358 _____ () C:\Windows\Tasks\AVG_SYS_TASK.job
2014-02-21 22:36 - 2014-02-21 22:39 - 00000000 ____D () C:\AdwCleaner
2014-02-21 22:35 - 2014-02-21 22:35 - 01241834 _____ () C:\Users\Thom\Desktop\AdwCleaner.exe
2014-02-21 17:16 - 2014-02-21 17:16 - 00000000 ____D () C:\Windows\Sun
2014-02-21 17:16 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-02-21 17:15 - 2014-02-21 17:15 - 00005221 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-02-21 17:15 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-02-21 17:15 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-02-21 17:15 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-02-21 15:46 - 2014-02-21 15:46 - 00008304 _____ () C:\Users\Thom\Desktop\attach.txt
2014-02-21 15:46 - 2014-02-21 15:45 - 00023260 _____ () C:\Users\Thom\Desktop\dds.txt
2014-02-21 15:44 - 2014-02-21 15:44 - 00688992 ____R (Swearware) C:\Users\Thom\Desktop\dds.com
2014-02-21 15:35 - 2014-02-25 23:42 - 00194034 _____ () C:\Windows\PFRO.log
2014-02-21 01:39 - 2006-04-30 23:13 - 00114717 _____ (DewaSoft) C:\Users\Thom\Desktop\KL-Detector.exe
2014-02-21 01:29 - 2014-02-21 01:29 - 00001142 _____ () C:\Users\Public\Desktop\AntiLogger Free.lnk
2014-02-21 01:29 - 2014-02-21 01:29 - 00000000 ____D () C:\Users\Thom\AppData\Local\AntiLogger Free
2014-02-21 01:29 - 2014-02-21 01:29 - 00000000 ____D () C:\Program Files (x86)\Zemana AntiLogger Free
2014-02-21 01:29 - 2014-02-21 01:29 - 00000000 ____D () C:\Program Files (x86)\KeyCryptSDK
2014-02-21 01:29 - 2014-02-12 15:28 - 00025568 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\KeyCrypt64.sys
2014-02-21 00:44 - 2014-02-21 00:44 - 04122976 _____ (Kaspersky Lab ZAO) C:\Users\Thom\Desktop\tdsskiller.exe
2014-02-21 00:01 - 2014-02-21 00:20 - 00001105 _____ () C:\Users\Thom\Desktop\Win32kDiag.txt
2014-02-20 23:09 - 2014-02-20 14:09 - 01049113 ____N () C:\Users\Thom\Desktop\AUDIT   Thommehh .htm
2014-02-20 22:50 - 2014-02-20 22:50 - 00047616 _____ () C:\Users\Thom\Desktop\Win32kDiag.exe
2014-02-20 22:31 - 2014-02-20 22:31 - 00000977 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-02-20 22:31 - 2014-02-20 22:31 - 00000000 ____D () C:\Users\Thom\AppData\Roaming\TuneUp Software
2014-02-20 22:31 - 2014-02-20 22:31 - 00000000 ____D () C:\Users\Thom\AppData\Roaming\AVG2014
2014-02-20 22:30 - 2014-02-20 22:31 - 00000000 ____D () C:\ProgramData\AVG2014
2014-02-20 22:30 - 2014-02-20 22:30 - 00000000 ___HD () C:\$AVG
2014-02-20 22:29 - 2014-02-20 22:29 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-02-20 22:24 - 2014-02-25 18:53 - 00000000 ____D () C:\ProgramData\MFAData
2014-02-20 22:24 - 2014-02-20 22:40 - 00000000 ____D () C:\Users\Thom\AppData\Local\Avg2014
2014-02-20 22:24 - 2014-02-20 22:24 - 00000000 ____D () C:\Users\Thom\AppData\Local\MFAData
2014-02-20 21:51 - 2014-02-20 21:51 - 00038030 _____ () C:\Users\Thom\Desktop\kldetector13.zip
2014-02-18 06:06 - 2014-02-25 23:42 - 00001288 _____ () C:\Windows\setupact.log
2014-02-18 06:06 - 2014-02-18 06:06 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-15 03:44 - 2014-02-18 06:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-13 23:16 - 2014-02-13 23:18 - 00000000 ____D () C:\Users\Thom\Desktop\troep
2014-02-13 03:02 - 2013-12-21 10:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-13 03:02 - 2013-12-21 09:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-13 03:01 - 2014-02-06 12:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-13 03:01 - 2014-02-06 12:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-13 03:01 - 2014-02-06 11:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-13 03:01 - 2014-02-06 11:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-13 03:01 - 2014-02-06 11:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-13 03:01 - 2014-02-06 11:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-13 03:01 - 2014-02-06 11:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-13 03:01 - 2014-02-06 10:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-13 03:01 - 2014-02-06 10:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-13 03:00 - 2014-02-06 13:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-13 03:00 - 2014-02-06 12:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-13 03:00 - 2014-02-06 12:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-13 03:00 - 2014-02-06 12:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-13 03:00 - 2014-02-06 11:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-13 03:00 - 2014-02-06 11:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-13 03:00 - 2014-02-06 11:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-13 03:00 - 2014-02-06 11:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-13 03:00 - 2014-02-06 11:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-13 03:00 - 2014-02-06 11:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-13 03:00 - 2014-02-06 11:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-13 03:00 - 2014-02-06 11:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-13 03:00 - 2014-02-06 10:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-13 03:00 - 2014-02-06 10:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-13 03:00 - 2014-02-06 10:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-13 03:00 - 2014-02-06 10:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-13 03:00 - 2014-02-06 10:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-13 03:00 - 2014-02-06 10:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-13 03:00 - 2014-02-06 10:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-13 03:00 - 2014-02-06 10:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-13 03:00 - 2014-02-06 10:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-13 03:00 - 2014-02-06 10:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-13 03:00 - 2014-02-06 10:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-13 03:00 - 2014-02-06 10:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-13 03:00 - 2014-02-06 10:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-13 03:00 - 2014-02-06 09:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-13 03:00 - 2014-02-06 09:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-13 03:00 - 2014-02-06 09:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-13 03:00 - 2014-02-06 09:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-13 03:00 - 2014-02-06 09:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-13 01:26 - 2014-02-13 01:46 - 00000000 ____D () C:\Users\Thom\AppData\Roaming\DogeCoin
2014-02-12 21:24 - 2014-01-01 00:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-12 21:24 - 2014-01-01 00:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-12 21:24 - 2013-12-25 00:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-12 21:24 - 2013-12-24 23:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-12 21:24 - 2013-12-06 03:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-12 21:24 - 2013-12-06 03:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-12 21:24 - 2013-12-06 03:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-12 21:24 - 2013-12-06 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-12 21:24 - 2013-12-04 03:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-12 21:24 - 2013-12-04 03:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-12 21:24 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-12 21:24 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-12 21:24 - 2013-12-04 03:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-12 21:24 - 2013-12-04 03:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-12 21:24 - 2013-12-04 03:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-12 21:24 - 2013-12-04 03:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-12 21:24 - 2013-12-04 03:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-12 21:24 - 2013-12-04 03:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-12 21:24 - 2013-12-04 03:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-12 21:24 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-12 21:24 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-12 21:24 - 2013-12-04 03:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-12 21:24 - 2013-12-04 02:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-12 21:24 - 2013-12-04 02:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-12 21:24 - 2013-12-04 02:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-12 21:24 - 2013-12-04 02:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-12 21:24 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-12 21:24 - 2013-11-22 23:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-01-28 23:53 - 2014-01-28 23:54 - 00000000 ____D () C:\Users\Thom\Desktop\Easy Game Volume I & II by Andrew (balugawhale) Seidman

==================== One Month Modified Files and Folders =======

2014-02-25 23:46 - 2014-02-25 23:45 - 00013870 _____ () C:\Users\Thom\Desktop\FRST.txt
2014-02-25 23:45 - 2014-02-25 23:44 - 00000000 ____D () C:\FRST
2014-02-25 23:45 - 2012-07-08 09:12 - 01945928 _____ () C:\Windows\WindowsUpdate.log
2014-02-25 23:43 - 2014-02-23 21:30 - 00018458 _____ () C:\Users\Thom\Desktop\zoek-results.txt
2014-02-25 23:42 - 2014-02-23 21:20 - 00018458 _____ () C:\zoek-results.log
2014-02-25 23:42 - 2014-02-23 08:07 - 00000386 _____ () C:\Windows\Tasks\AVG_SYS_TASK_DELETE.job
2014-02-25 23:42 - 2014-02-23 08:07 - 00000358 _____ () C:\Windows\Tasks\AVG_SYS_TASK.job
2014-02-25 23:42 - 2014-02-21 15:35 - 00194034 _____ () C:\Windows\PFRO.log
2014-02-25 23:42 - 2014-02-18 06:06 - 00001288 _____ () C:\Windows\setupact.log
2014-02-25 23:42 - 2013-01-05 03:29 - 00000000 ____D () C:\Program Files (x86)\4t Tray Minimizer
2014-02-25 23:42 - 2012-02-24 03:29 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-25 23:42 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-25 23:34 - 2012-02-24 03:29 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-25 23:29 - 2014-02-23 21:18 - 00000000 ____D () C:\zoek_backup
2014-02-25 23:27 - 2014-02-25 23:27 - 22657295 _____ () C:\Users\Public\Desktop\sample_25-02-2014_2326.zip
2014-02-25 23:25 - 2012-10-13 13:23 - 00000940 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-25 23:10 - 2014-02-25 23:09 - 02156032 _____ (Farbar) C:\Users\Thom\Desktop\FRST64.exe
2014-02-25 23:06 - 2014-02-25 23:39 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-02-25 18:53 - 2014-02-20 22:24 - 00000000 ____D () C:\ProgramData\MFAData
2014-02-25 15:29 - 2009-07-14 05:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-25 15:29 - 2009-07-14 05:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-24 03:01 - 2012-02-24 03:28 - 01647108 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-24 03:01 - 2011-02-19 05:40 - 00746450 _____ () C:\Windows\system32\perfh013.dat
2014-02-24 03:01 - 2011-02-19 05:40 - 00154112 _____ () C:\Windows\system32\perfc013.dat
2014-02-24 03:01 - 2009-07-14 06:13 - 01647108 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-23 21:53 - 2014-02-23 21:52 - 00275824 _____ () C:\Windows\Minidump\022314-46067-01.dmp
2014-02-23 21:52 - 2013-08-06 23:11 - 00000000 ____D () C:\Windows\Minidump
2014-02-23 21:52 - 2012-10-05 16:17 - 00000000 ____D () C:\Users\postgres
2014-02-23 21:51 - 2014-02-23 21:51 - 580089324 _____ () C:\Windows\MEMORY.DMP
2014-02-23 21:37 - 2014-02-23 21:37 - 00001422 _____ () C:\Users\Thom\Desktop\aswMBR.txt
2014-02-23 21:37 - 2014-02-23 21:37 - 00000512 _____ () C:\Users\Thom\Desktop\MBR.dat
2014-02-23 21:30 - 2014-02-23 21:30 - 04745728 _____ (AVAST Software) C:\Users\Thom\Downloads\aswmbr.exe
2014-02-23 21:29 - 2014-02-25 23:08 - 00025556 _____ () C:\zoek-results2014-02-23-202950.log
2014-02-23 21:15 - 2014-02-23 21:15 - 01284608 _____ () C:\Users\Thom\Desktop\zoek.exe
2014-02-21 22:39 - 2014-02-25 23:09 - 00004749 _____ () C:\Users\Thom\Desktop\AdwCleaner[S0].txt
2014-02-21 22:39 - 2014-02-21 22:36 - 00000000 ____D () C:\AdwCleaner
2014-02-21 22:37 - 2014-02-25 23:09 - 00005635 _____ () C:\Users\Thom\Desktop\AdwCleaner[R0].txt
2014-02-21 22:35 - 2014-02-21 22:35 - 01241834 _____ () C:\Users\Thom\Desktop\AdwCleaner.exe
2014-02-21 21:58 - 2013-05-08 22:33 - 00000000 ____D () C:\Users\Thom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
2014-02-21 21:56 - 2012-02-24 03:42 - 00000000 ____D () C:\Program Files (x86)\ASUS
2014-02-21 21:48 - 2012-02-24 03:50 - 00000000 ____D () C:\AsusVibeData
2014-02-21 17:16 - 2014-02-21 17:16 - 00000000 ____D () C:\Windows\Sun
2014-02-21 17:15 - 2014-02-21 17:15 - 00005221 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-02-21 17:15 - 2013-10-26 18:45 - 00000000 ____D () C:\Program Files (x86)\Java
2014-02-21 15:46 - 2014-02-21 15:46 - 00008304 _____ () C:\Users\Thom\Desktop\attach.txt
2014-02-21 15:45 - 2014-02-21 15:46 - 00023260 _____ () C:\Users\Thom\Desktop\dds.txt
2014-02-21 15:44 - 2014-02-21 15:44 - 00688992 ____R (Swearware) C:\Users\Thom\Desktop\dds.com
2014-02-21 15:37 - 2009-07-29 07:03 - 00000000 ____D () C:\Windows\Panther
2014-02-21 07:42 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-02-21 05:34 - 2012-10-15 14:24 - 00000351 _____ () C:\Users\Thom\Desktop\Nieuw tekstdocument.txt
2014-02-21 03:25 - 2012-10-13 13:23 - 00003878 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-21 03:25 - 2012-10-05 14:54 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-21 03:25 - 2012-10-05 14:54 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-21 01:39 - 2012-10-05 13:41 - 00000000 ____D () C:\Users\Thom\AppData\Local\PokerStars.EU
2014-02-21 01:29 - 2014-02-21 01:29 - 00001142 _____ () C:\Users\Public\Desktop\AntiLogger Free.lnk
2014-02-21 01:29 - 2014-02-21 01:29 - 00000000 ____D () C:\Users\Thom\AppData\Local\AntiLogger Free
2014-02-21 01:29 - 2014-02-21 01:29 - 00000000 ____D () C:\Program Files (x86)\Zemana AntiLogger Free
2014-02-21 01:29 - 2014-02-21 01:29 - 00000000 ____D () C:\Program Files (x86)\KeyCryptSDK
2014-02-21 00:44 - 2014-02-21 00:44 - 04122976 _____ (Kaspersky Lab ZAO) C:\Users\Thom\Desktop\tdsskiller.exe
2014-02-21 00:27 - 2013-12-18 22:49 - 00011943 _____ () C:\Users\Thom\Desktop\hijackthis.log
2014-02-21 00:20 - 2014-02-21 00:01 - 00001105 _____ () C:\Users\Thom\Desktop\Win32kDiag.txt
2014-02-20 22:50 - 2014-02-20 22:50 - 00047616 _____ () C:\Users\Thom\Desktop\Win32kDiag.exe
2014-02-20 22:40 - 2014-02-20 22:24 - 00000000 ____D () C:\Users\Thom\AppData\Local\Avg2014
2014-02-20 22:31 - 2014-02-20 22:31 - 00000977 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-02-20 22:31 - 2014-02-20 22:31 - 00000000 ____D () C:\Users\Thom\AppData\Roaming\TuneUp Software
2014-02-20 22:31 - 2014-02-20 22:31 - 00000000 ____D () C:\Users\Thom\AppData\Roaming\AVG2014
2014-02-20 22:31 - 2014-02-20 22:30 - 00000000 ____D () C:\ProgramData\AVG2014
2014-02-20 22:30 - 2014-02-20 22:30 - 00000000 ___HD () C:\$AVG
2014-02-20 22:29 - 2014-02-20 22:29 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-02-20 22:29 - 2012-10-05 13:29 - 00000000 ____D () C:\Users\Thom
2014-02-20 22:24 - 2014-02-20 22:24 - 00000000 ____D () C:\Users\Thom\AppData\Local\MFAData
2014-02-20 22:17 - 2014-01-15 01:56 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-02-20 21:51 - 2014-02-20 21:51 - 00038030 _____ () C:\Users\Thom\Desktop\kldetector13.zip
2014-02-20 21:38 - 2012-11-14 02:20 - 00000000 ____D () C:\Users\Thom\AppData\Local\Deployment
2014-02-20 21:18 - 2013-12-18 22:51 - 00000000 ____D () C:\Users\Thom\Desktop\backups
2014-02-20 14:09 - 2014-02-20 23:09 - 01049113 ____N () C:\Users\Thom\Desktop\AUDIT   Thommehh .htm
2014-02-19 19:52 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-02-19 03:34 - 2013-03-05 20:04 - 00000000 ____D () C:\Users\Thom\AppData\Roaming\Skype
2014-02-18 20:42 - 2014-01-14 22:53 - 00000000 ____D () C:\Users\Thom\AppData\Roaming\TableNinja.v2
2014-02-18 20:42 - 2012-10-05 15:21 - 00000000 ____D () C:\Program Files (x86)\PokerTracker 4
2014-02-18 06:13 - 2014-02-15 03:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-18 06:06 - 2014-02-18 06:06 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-18 03:58 - 2014-01-15 02:41 - 00000000 ____D () C:\Users\Thom\Documents\ccleaner backups
2014-02-18 03:57 - 2012-10-28 23:42 - 00000000 ____D () C:\Users\Thom\AppData\Roaming\BitTorrent
2014-02-16 03:04 - 2013-08-15 02:02 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-16 03:00 - 2013-04-16 21:08 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-15 15:08 - 2012-10-05 13:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-14 15:23 - 2014-01-16 16:42 - 00045056 _____ () C:\Windows\SysWOW64\acovcnt.exe
2014-02-13 23:18 - 2014-02-13 23:16 - 00000000 ____D () C:\Users\Thom\Desktop\troep
2014-02-13 01:46 - 2014-02-13 01:26 - 00000000 ____D () C:\Users\Thom\AppData\Roaming\DogeCoin
2014-02-12 15:28 - 2014-02-21 01:29 - 00025568 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\KeyCrypt64.sys
2014-02-11 03:14 - 2012-10-05 15:21 - 00000000 ____D () C:\Users\Thom\AppData\Local\PokerTracker 4
2014-02-11 03:13 - 2013-01-31 20:52 - 00001076 _____ () C:\Users\postgres\Desktop\PokerTracker 4.lnk
2014-02-06 13:16 - 2014-02-13 03:00 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-06 12:30 - 2014-02-13 03:01 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-06 12:30 - 2014-02-13 03:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-06 12:12 - 2014-02-13 03:00 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-06 12:07 - 2014-02-13 03:00 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-06 12:06 - 2014-02-13 03:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-06 11:57 - 2014-02-13 03:00 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-06 11:56 - 2014-02-13 03:01 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-06 11:52 - 2014-02-13 03:01 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-06 11:49 - 2014-02-13 03:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-06 11:48 - 2014-02-13 03:00 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-06 11:48 - 2014-02-13 03:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-06 11:38 - 2014-02-13 03:00 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-06 11:32 - 2014-02-13 03:01 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-06 11:20 - 2014-02-13 03:01 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-06 11:17 - 2014-02-13 03:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-06 11:11 - 2014-02-13 03:00 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-06 11:01 - 2014-02-13 03:00 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-06 11:00 - 2014-02-13 03:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-06 10:57 - 2014-02-13 03:00 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-06 10:57 - 2014-02-13 03:00 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-06 10:52 - 2014-02-13 03:00 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-06 10:52 - 2014-02-13 03:00 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-06 10:50 - 2014-02-13 03:00 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-06 10:49 - 2014-02-13 03:01 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-06 10:47 - 2014-02-13 03:00 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-06 10:46 - 2014-02-13 03:00 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-06 10:25 - 2014-02-13 03:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-06 10:25 - 2014-02-13 03:00 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-06 10:24 - 2014-02-13 03:00 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-06 10:22 - 2014-02-13 03:00 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-06 10:13 - 2014-02-13 03:00 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-06 10:09 - 2014-02-13 03:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-06 10:03 - 2014-02-13 03:00 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-06 09:55 - 2014-02-13 03:00 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-06 09:41 - 2014-02-13 03:00 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-06 09:40 - 2014-02-13 03:00 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-06 09:36 - 2014-02-13 03:00 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-06 09:34 - 2014-02-13 03:00 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-04 19:13 - 2012-10-05 13:41 - 00000000 ____D () C:\Program Files (x86)\PokerStars.EU
2014-01-28 23:54 - 2014-01-28 23:53 - 00000000 ____D () C:\Users\Thom\Desktop\Easy Game Volume I & II by Andrew (balugawhale) Seidman

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-19 19:44

==================== End Of Log ============================

 

 

Addition logfile:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-02-2014 01
Ran by Thom at 2014-02-25 23:46:55
Running from C:\Users\Thom\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

4t Tray Minimizer Free 5.52 (HKLM-x32\...\4t Tray Minimizer_is1) (Version: 5.52 - 4t Niagara Software)
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
AMD Accelerated Video Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.873.1 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{81AB1FAB-B6E5-0107-EE24-D16F18039301}) (Version: 3.0.864.0 - Advanced Micro Devices, Inc.)
AMD Fuel (Version: 2012.0329.520.7571 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.70329.0544 - Advanced Micro Devices, Inc.) Hidden
AMD Steady Video Plug-In  (Version: 2.03.0000 - AMD) Hidden
AMD VISION Engine Control Center (x32 Version: 2012.0329.520.7571 - Advanced Micro Devices, Inc.) Hidden
AntiLogger Free version 1.7.2.361 (HKLM-x32\...\{A80DB23D-0618-405B-89D9-28F99814E287}_is1) (Version: 1.7.2.361 - Zemana Ltd.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.10 - Michael Tippach)
ASUS AI Recovery (HKLM-x32\...\{D39F0676-163E-4595-A917-E28F99BBD4D2}) (Version: 1.0.24 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 1.2.1 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.0.9 - ASUS)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.26 - ASUS)
ASUS Virtual Touch (HKLM-x32\...\{938CFBD4-0652-49E5-BB8B-153948865941}) (Version: 1.0.9 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0016 - ASUS)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4335 - AVG Technologies)
AVG 2014 (Version: 14.0.3705 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4335 - AVG Technologies) Hidden
BitTorrent (HKLM-x32\...\BitTorrent) (Version: 7.7.0.27987 - BitTorrent Inc.)
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0329.520.7571 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.0329.520.7571 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.0329.520.7571 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Profiles Mobile (x32 Version: 2012.0329.520.7571 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.0329.0519.7571 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.0329.0519.7571 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.0329.0519.7571 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.0329.0519.7571 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.0329.0519.7571 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.0329.0519.7571 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.0329.0519.7571 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.0329.0519.7571 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.0329.0519.7571 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.0329.0519.7571 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.0329.0519.7571 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.0329.0519.7571 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.0329.0519.7571 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.0329.0519.7571 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.0329.0519.7571 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.0329.0519.7571 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.0329.0519.7571 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.0329.0519.7571 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.0329.0519.7571 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.0329.0519.7571 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.0329.0519.7571 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.0329.0519.7571 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.0329.520.7571 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.09 - Piriform)
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (HKLM-x32\...\{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}) (Version: 15.4.5722.2 - Microsoft Corporation)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3624 - CyberLink Corp.)
CyberLink LabelPrint (x32 Version: 2.5.3624 - CyberLink Corp.) Hidden
CyberLink Media Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2926 - CyberLink Corp.)
CyberLink Media Suite (x32 Version: 8.0.2926 - CyberLink Corp.) Hidden
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 7.0.0.1126 - CyberLink Corp.)
CyberLink Power2Go (x32 Version: 7.0.0.1126 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 1.6.18 - Dropbox, Inc.)
ETDWare PS/2-X64 10.5.9.0 (HKLM\...\Elantech) (Version: 10.5.9.0 - ELAN Microelectronic Corp.)
FileZilla Client 3.6.0 (HKLM-x32\...\FileZilla Client) (Version: 3.6.0 - FileZilla Project)
FL Studio 10 (HKLM-x32\...\FL Studio 10) (Version:  - Image-Line)
Full Tilt Poker (HKLM-x32\...\{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}) (Version: 4.46.4.WIN.FullTilt.COM - )
Full Tilt Poker.Eu (HKLM-x32\...\{127BEFB3-24B2-4B44-8E99-AD22C2A5A8ED}) (Version: 4.63.10.WIN.FullTilt.EU - )
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 15.0.874.120 - Google Inc.)
Google Update Helper (x32 Version: 1.3.21.79 - Google Inc.) Hidden
Gyazo 1.0.1 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version:  - Nota Inc. & Toshiyuki Masui)
HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
HijackThis 1.99.1 (HKLM-x32\...\HijackThis) (Version: 1.99.1 - Soeperman Enterprises Ltd.)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.3341 - HP Photo Creations Powered by RocketLife)
HP Photosmart 5520 series Basissoftware van het apparaat (HKLM\...\{58DEC84D-E2D9-4EC5-89B2-3E7648264AF7}) (Version: 27.0.847.0 - Hewlett-Packard Co.)
HP Photosmart 5520 series Help (HKLM-x32\...\{193C95A3-E4D5-4482-A9C9-1510E29849E4}) (Version: 27.0.0 - Hewlett Packard)
HP Photosmart 5520 series Productverbeteringsonderzoek (HKLM\...\{FA687157-1A56-4FDE-9197-08FF0FF95C97}) (Version: 27.0.847.0 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware versie 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klik-en-Klaar 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klik-en-Klaar 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - Nederlands (HKLM-x32\...\{90140011-0066-0413-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0413-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 27.0.1 (x86 nl) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 nl)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MultiBit 0.5.14 (HKLM-x32\...\MultiBit 0.5.14) (Version: 0.5.14 - )
Native Instruments Massive (HKLM-x32\...\Native Instruments Massive) (Version:  - Native Instruments)
Native Instruments Massive (Version: 1.3.0.2050 - Native Instruments) Hidden
Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version:  - Native Instruments)
Native Instruments Service Center (Version: 2.2.6.676 - Native Instruments) Hidden
PokerStars.eu (HKLM-x32\...\PokerStars.eu) (Version:  - PokerStars.eu)
PokerStove version 1.24 (HKLM-x32\...\{6D0C6BE4-F674-43D2-96BC-3509345108C9}_is1) (Version:  - )
PokerTracker 4 (remove only) (HKLM-x32\...\PokerTracker4) (Version:  - )
PostgreSQL 8.3 (HKLM-x32\...\{B823632F-3B72-4514-8861-B961CE263224}) (Version: 8.3 - PostgreSQL Global Development Group)
Qualcomm Atheros WiFi Driver Installation (HKLM-x32\...\{7D916FA5-DAE9-4A25-B089-655C70EAF607}) (Version: 9.2 - Qualcomm Atheros)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.49.927.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6537 - Realtek Semiconductor Corp.)
reFX Nexus VSTi RTAS v2.2.0 (HKLM-x32\...\reFX Nexus_is1) (Version:  - )
SceneSwitch (HKLM-x32\...\{5172E572-C175-4F80-A6D5-5CB45826AD61}) (Version: 1.0.12 - ASUS)
SIW version 2011.10.29 (HKLM-x32\...\{AB67580-257C-45FF-B8F4-C8C30682091A}_is1) (Version: 2011.10.29 - Topala Software Solutions)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
TeamViewer 7 (HKLM-x32\...\TeamViewer 7) (Version: 7.0.14563 - TeamViewer)
ThreeShipsPluginSetup (HKLM-x32\...\{954AED8D-F8FD-46AC-ABDF-A624C1B41803}) (Version: 2.0.0.1 - Three Ships)
TN2 (HKLM-x32\...\{FB82D8E0-28B0-437A-A74F-7B6847047F95}) (Version: 2.2.134 - PASG)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Корпорация Майкрософт) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 影像中心 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 程式集 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.1 - ASUS)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Wireless Console 3 (HKLM-x32\...\{19EA33FB-B34E-40EA-8B8A-61743AEB795A}) (Version: 3.0.27 - ASUS)
Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις (HKLM-x32\...\{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Элемент управления Windows Live Mesh ActiveX для удаленных подключений (HKLM-x32\...\{BCB0D6F7-7EAB-4009-A6F2-8E0E7F317773}) (Version: 15.4.5722.2 - Microsoft Corporation)
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
פקד ActiveX של Windows Live Mesh עבור חיבורים מרוחקים (HKLM-x32\...\{9D4C7DFA-CBBB-4F06-BDAC-94D831406DF0}) (Version: 15.4.5722.2 - Microsoft Corporation)
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
عنصر تحكم ActiveX الخاص بـ Windows Live Mesh للاتصالات البعيدة (HKLM-x32\...\{E18B30AA-6E2D-480C-B918-AF61009F4010}) (Version: 15.4.5722.2 - Microsoft Corporation)
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
適用遠端連線的 Windows Live Mesh ActiveX 控制項 (HKLM-x32\...\{622DE1BE-9EDE-49D3-B349-29D64760342A}) (Version: 15.4.5722.2 - Microsoft Corporation)

==================== Restore Points  =========================

20-02-2014 21:29:09 Installed AVG 2014
20-02-2014 21:29:51 Installed AVG 2014
21-02-2014 06:05:05 Installatieprogramma voor Windows-modules
21-02-2014 16:13:12 Windows Update
21-02-2014 20:49:56 Removed ASUS Live Update
21-02-2014 20:50:59 Removed InstantOn for NB
21-02-2014 20:53:22 Removed ASUS FaceLogon
21-02-2014 20:54:02 Removed ASUS LifeFrame3
21-02-2014 20:55:22 Removed ASUS Splendid Video Enhancement Technology
23-02-2014 20:20:11 zoek.exe restore point
24-02-2014 02:00:12 Windows Update

==================== Hosts content: ==========================

2009-07-14 03:34 - 2014-01-15 02:32 - 00450660 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    100sexlinks.com
127.0.0.1    10sek.com
127.0.0.1    www.10sek.com
127.0.0.1    www.1-2005-search.com
127.0.0.1    1-2005-search.com
127.0.0.1    123fporn.info
127.0.0.1    www.123fporn.info
127.0.0.1    123haustiereundmehr.com
127.0.0.1    www.123haustiereundmehr.com
127.0.0.1    123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: {0679C422-A547-423C-B667-E0170C5AF2BE} - \AVG_SYS_TASK No Task File
Task: {0B3022E3-1822-42D2-853B-060D9B16FE85} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-02-24] (Google Inc.)
Task: {17A8F048-2BE1-4BFD-A841-301B6AFBC1A3} - \Browser Updater\Browser Updater No Task File
Task: {2492BBDC-37D0-46D4-943F-339353636CAF} - System32\Tasks\ASUS Quick Gesture => C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x86\QuickGesture.exe [2011-12-21] (ASUSTeK Computer Inc.)
Task: {2DEF609A-9B4A-4941-BC5B-116A497E480E} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-02-29] (ASUSTek Computer Inc.)
Task: {6CB3302B-03F3-4B70-8F3D-FB951AA1F733} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-21] (Adobe Systems Incorporated)
Task: {785824D9-2200-4206-9E74-15143CE0C5F5} - \ProtectedSearch\Protected Search No Task File
Task: {8BDDB50A-894A-44C8-8F18-AC996B599520} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-02-24] (Google Inc.)
Task: {9C9B631A-5883-4511-9F6F-FB05DDC824F2} - \AVG_SYS_TASK_DELETE No Task File
Task: {AAA83B3C-EB41-4549-8CBF-6545F9A1AA44} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2012-02-16] (ASUSTek Computer Inc.)
Task: {BB728AF7-B5AE-470A-BCCB-2308ED329F8E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-12-17] (Piriform Ltd)
Task: {CA8CFA88-54DB-4F04-9B3F-69982818768F} - System32\Tasks\HPCustParticipation HP Photosmart 5520 series => C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPCustPartic.exe [2012-01-31] (Hewlett-Packard Co.)
Task: {DD811221-847D-4CC7-B0C7-057718DBA86E} - System32\Tasks\ASUS Quick Gesture (x64) => C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x64\QuickGesture64.exe [2011-12-21] (ASUSTeK Computer Inc.)
Task: {E270344F-C9FD-4728-9BEC-521A412EFB06} - \SystemSockets\SystemSockets No Task File
Task: {FECE6AF9-C9DC-4F9F-89EB-33BA3FB7F7E6} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
Task: {FFF6DA6C-77A9-46AF-BED6-CA28FE4EA88A} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-02-16] (ASUS)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AVG_SYS_TASK.job => C:\ProgramData\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe
Task: C:\Windows\Tasks\AVG_SYS_TASK_DELETE.job => C:\ProgramData\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-03-29 13:33 - 2012-03-29 13:33 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2010-07-15 00:11 - 2010-07-15 00:11 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2009-12-10 02:39 - 2009-12-10 02:39 - 00167936 _____ () C:\Program Files (x86)\PostgreSQL\8.3\bin\LIBPQ.dll
2009-02-12 18:01 - 2009-02-12 18:01 - 00976384 _____ () C:\Program Files (x86)\PostgreSQL\8.3\bin\libxml2.dll
2005-07-20 04:48 - 2005-07-20 04:48 - 00059904 _____ () C:\Program Files (x86)\PostgreSQL\8.3\bin\zlib1.dll
2008-02-04 20:43 - 2008-02-04 20:43 - 00027136 _____ () C:\Program Files (x86)\PostgreSQL\8.3\lib\plugins\plugin_debugger.dll
2014-02-15 03:44 - 2014-02-15 03:44 - 03578992 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\21395431.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\21395431.sys => ""="Driver"

==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupfolder: C:^Users^Thom^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Inktwaarschuwingen controleren - HP Photosmart 5520 series (netwerk).lnk => C:\Windows\pss\Inktwaarschuwingen controleren - HP Photosmart 5520 series (netwerk).lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe
MSCONFIG\startupreg: ATKMEDIA => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
MSCONFIG\startupreg: AVG_UI => "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: ETDCtrl => %ProgramFiles%\Elantech\ETDCtrl.exe
MSCONFIG\startupreg: HP Photosmart 5520 series (NET) => "C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN2A4166M405ST:NW" -scfn "HP Photosmart 5520 series (NET)" -AutoStart 1
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: Wireless Console 3 => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/25/2014 04:12:02 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (02/24/2014 04:54:54 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (02/23/2014 09:26:19 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (02/22/2014 05:42:28 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (02/21/2014 03:57:59 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (02/20/2014 08:57:42 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (02/19/2014 08:10:29 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (02/19/2014 07:45:35 PM) (Source: SideBySide) (User: )
Description: Kan activeringscontext voor 'assemblyIdentity1' niet maken. Fout in manifest of beleidsbestand 'assemblyIdentity2' op regel assemblyIdentity3.
De waarde *  van kenmerk language in element assemblyIdentity is ongeldig.

Error: (02/19/2014 07:21:54 PM) (Source: CVHSVC) (User: )
Description: Alleen informatie.
(Patch task for {90140011-0066-0413-0000-0000000FF1CE}): DownloadLatest Failed: Er zijn momenteel geen actieve netwerkverbindingen. Als een adapter wordt aangesloten probeert BITS (Background Intelligent Transfer Service) het opnieuw.

Error: (02/19/2014 01:30:17 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005


System errors:
=============
Error: (02/25/2014 11:40:36 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (02/25/2014 11:29:06 PM) (Source: Service Control Manager) (User: )
Description: De PEVSystemStart-service staat aangeduid als een interactieve service. Het systeem is echter zodanig geconfigureerd dat interactieve services niet zijn toegestaan. Deze service werkt mogelijk niet juist.

Error: (02/25/2014 11:29:05 PM) (Source: Service Control Manager) (User: )
Description: De PEVSystemStart-service staat aangeduid als een interactieve service. Het systeem is echter zodanig geconfigureerd dat interactieve services niet zijn toegestaan. Deze service werkt mogelijk niet juist.

Error: (02/25/2014 11:29:05 PM) (Source: Service Control Manager) (User: )
Description: De PEVSystemStart-service staat aangeduid als een interactieve service. Het systeem is echter zodanig geconfigureerd dat interactieve services niet zijn toegestaan. Deze service werkt mogelijk niet juist.

Error: (02/25/2014 11:29:04 PM) (Source: Service Control Manager) (User: )
Description: De PEVSystemStart-service staat aangeduid als een interactieve service. Het systeem is echter zodanig geconfigureerd dat interactieve services niet zijn toegestaan. Deze service werkt mogelijk niet juist.

Error: (02/25/2014 11:29:03 PM) (Source: Service Control Manager) (User: )
Description: De PEVSystemStart-service staat aangeduid als een interactieve service. Het systeem is echter zodanig geconfigureerd dat interactieve services niet zijn toegestaan. Deze service werkt mogelijk niet juist.

Error: (02/25/2014 08:19:09 PM) (Source: ACPI) (User: )
Description: : de EC (embedded controller) heeft niet binnen de opgegeven time-outperiode gereageerd. Dit kan duiden op een fout in de EC-hardware of -firmware, of dat de BIOS op een onjuiste manier toegang de EC probeert te krijgen. U dient de fabrikant van uw computer om een bijgewerkte BIOS te vragen. In sommige situaties kan deze fout leiden tot problemen met de computer.

Error: (02/25/2014 05:53:39 PM) (Source: Service Control Manager) (User: )
Description: De Google Update Service (gupdate)-service kan vanwege de volgende fout niet worden gestart:
%%109

Error: (02/25/2014 05:53:39 PM) (Source: DCOM) (User: )
Description: 109gupdate/comsvc{4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error: (02/25/2014 06:49:59 AM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}


Microsoft Office Sessions:
=========================
Error: (02/25/2014 04:12:02 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005

Error: (02/24/2014 04:54:54 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005

Error: (02/23/2014 09:26:19 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005

Error: (02/22/2014 05:42:28 AM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005

Error: (02/21/2014 03:57:59 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005

Error: (02/20/2014 08:57:42 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005

Error: (02/19/2014 08:10:29 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005

Error: (02/19/2014 07:45:35 PM) (Source: SideBySide)(User: )
Description: assemblyIdentitylanguage*c:\program files (x86)\spybot - search & destroy\DelZip179.dllc:\program files (x86)\spybot - search & destroy\DelZip179.dll8

Error: (02/19/2014 07:21:54 PM) (Source: CVHSVC)(User: )
Description: (Patch task for {90140011-0066-0413-0000-0000000FF1CE}): DownloadLatest Failed: Er zijn momenteel geen actieve netwerkverbindingen. Als een adapter wordt aangesloten probeert BITS (Background Intelligent Transfer Service) het opnieuw.

Error: (02/19/2014 01:30:17 AM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005


==================== Memory info ===========================

Percentage of memory in use: 42%
Total physical RAM: 5587.79 MB
Available physical RAM: 3192.45 MB
Total Pagefile: 11173.76 MB
Available Pagefile: 7334.16 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:200.28 GB) (Free:74.48 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (DATA) (Fixed) (Total:240.16 GB) (Free:239.23 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 85CBDE57)

Partition: GPT Partition Type.

==================== End Of Log ============================

 

 

AdwCleaner and TDSSKiller logfiles:

Attached File  AdwCleanerR0.txt   5.5KB   0 downloads

Attached File  AdwCleanerS0.txt   4.64KB   1 downloads

Attached File  TDSSKiller.3.0.0.23_21.02.2014_00.44.26_log.txt   201.38KB   1 downloads

Attached File  TDSSKiller.3.0.0.23_21.02.2014_22.41.53_log.txt   6.3KB   0 downloads

 

 



#6 thomdejong

thomdejong
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:37 PM

Posted 25 February 2014 - 05:59 PM

Last logfile because it was too big for the last reply:

http://pastebin.com/5Ug6B39w



#7 Mako

Mako

  • Malware Response Team
  • 238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:07:37 PM

Posted 26 February 2014 - 03:44 AM

Good morning thomdejong, :)

Thank you for the log files! It seems you've been infected with some spy- and adware. There are still some suspicious files I would like to investigate further, but most of the nasty files and folders are already taken care of.

 

Now, let's see what to do next:

:step1: ====Zoek.exe====

Start Zoek.exe 51a612a8b27e2-Zoek.png again.

Take action to disable your antivirus and antispyware programs, as they may conflict with Zoek.exe
>> Info on how to disable your security applications > http://www.bleepingcomputer.com/forums/topic114351.html

Using Zoek.exe

  • On the Desktop, double-click Zoek.exe to start the tool.
    Windows Vista, 7 and 8 users right-click the file and select: Run as Administrator.
    Give the program a few seconds to appear.
  • Copy and paste the following script in the code box:
  • Note: This script is written for usage on this system only, do not use it on any other computer even if the problems are similar.
    21395431.sys;z
    resethosts;
    {1c98a3ee-3194-4309-8715-ad4c57183160};c
    {2D8D9ACC-F6D7-4362-8876-A275CA929591};c
    emptyclsid;
    C:\Windows\ServiceProfiles\LocalService\AppData\Local\PnrpSqm;p
    
  • Click the "Run script" button and wait patiently.
  • When finished the logfile will be opened in notepad.
  • If a reboot is needed the logfile will be opened after reboot.
  • The zoek-results.log can also be found on your systemdrive.
  • Please post the logfile for further review in your next comment.
  • You will now see a file called sample_25-02-2014_2326.zip on your desktop. Please upload this file to www.mijnbestand.nl and provide a link to the file in your next reply. The website is Dutch, but i figure that shouldn't be a problem?
  • If another sample file is created during this run with Zoek.exe (probably with the name sample_26-02-2014_{hour}.zip), please upload this file too.

:step2: ====MalwareByte's Anti-Malware (MBAM)====

Please download Malwarebytes Anti-Malware mbamicontw5.gif and save it to your desktop.

Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A: 4. Issues.
  • Under the Scanner tab, make sure the "Perform Deep Scan" option is selected.
  • Click on the Scan button.
  • When the scan is complete, click OK, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.

Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

-- Some types of malware will target Malwarebytes and other security tools to keep them from running properly. If that's the case, use Malwarebytes Chameleon and follow the onscreen instructions. The Chameleon folder can be accessed by opening the program folder for Malwarebytes Anti-Malware (normally C:\Program Files\Malwarebytes' Anti-Malware or C:\Program Files (x86)\Malwarebytes' Anti-Malware).


Regards,

Mako

 

Member of UNITE Unified Network of Instructors and Trained Eliminators

Noticed any spelling or grammar errors in my reply? Please feel free to point them out to me, I'm always eager to learn. 


#8 thomdejong

thomdejong
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:37 PM

Posted 26 February 2014 - 12:42 PM

Ok nice to hear that Mako!

 

I already ran MBAM a couple times before all this when I got suspicious my laptop might be infected so it didn't find anything this time, I pasted the log anyways.

 

Zoek logfile:

 

Zoek.exe v5.0.0.0 Updated 19-February-2014
Tool run by Thom on wo 26-02-2014 at 15:00:06,43.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Thom\Desktop\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-02-23-202950.log    25556 bytes
C:\zoek-results2014-02-25-224225.log    18458 bytes

==== Reset Hosts File ======================

# Copyright © 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97     rhino.acme.com          # source server
#       38.25.63.10     x.acme.com              # x client host
 
# localhost name resolution is handle within DNS itself.
127.0.0.1       localhost
::1             localhost

==== Creating Sample_26-02-2014_1505.zip ======================
 
Copied folder C:\Windows\ServiceProfiles\LocalService\AppData\Local\PnrpSqm to sample\PnrpSqm
sample\PnrpSqm\PnrpRegSession0.sqm renamed to C63426CDB35F5D4955B198ED1799DD33
sample\PnrpSqm\PnrpResolveSession0.sqm renamed to 3C82E03F4EA5ED036E8D276D592363B3

C:\Users\Public\Desktop\sample_26-02-2014_1505.zip created successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-811424810-1323542184-1123006007-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{2D8D9ACC-F6D7-4362-8876-A275CA929591} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{1c98a3ee-3194-4309-8715-ad4c57183160} deleted successfully

==== Folders Found ======================


==== Files Found ======================


==== C:\zoek_backup content ======================

C:\zoek_backup (files=188 folders=62 61251402 bytes)

==== EOF on wo 26-02-2014 at 15:08:19,47 ======================
 

 

Zip files:

http://www.mijnbestand.nl/Bestand-ZHD7XN66LYQQ.zip

http://www.mijnbestand.nl/Bestand-FBE7Q4L8SDYD.zip

 

MBMAM logfile:

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Databaseversie: v2014.02.26.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16518
Thom :: THOM-PC [administrator]

26-2-2014 16:01:56
mbam-log-2014-02-26 (16-01-56).txt

Scan type: Volledige scan (C:\|)
Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scan opties: P2P
Objecten gescand: 465253
Verstreken tijd: 1 uur/uren, 25 minuut/minuten, 44 seconde(n)

Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registersleutels gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Bestanden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

(einde)
 



#9 Mako

Mako

  • Malware Response Team
  • 238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:07:37 PM

Posted 26 February 2014 - 02:10 PM

Hello,
 
That's looking good! :thumbup2:  I would like to run 2 more final tests before jumping into the Blue Screen isue.
 
:step1: ====Hitman Pro====

Download the 51a46c3b17d42-HitmanPro-logo16px.png32 or 64 bit version of HitmanPro to your desktop.

Using HitmanPro

  • Double-click the "HitmanPro.exe" icon on your desktop and select "Next"
  • Click on the next button. You must agree with the terms of EULA
  • When the setup screen appears click one last time "Next", a scan will start automatically. Do not use your computer until the scan is finished
  • Once done, activate the free licence. This will allow you to delete any infections found and use HitmanPro for free for the next 30 days
  • In order to activate your free licence you must provide a valid e-mail. Select "Activate".
  • Note: if you've used HitmanPro before you won't be able to delete detected infections. Should this be the case, please tell me in your next reply.
  • When all found items are deleted click "Save log" and save it to your desktop
  • Click "Restart / Reboot computer"
  • Please paste the content of the HitmanPro_{DATE} file in your next reply but remove the CODE tags before doing so.

:step2: ====OTL====

We need to create an OTL Report

  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the otlicon.png icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the runscan.png button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Regards,

Mako

 

Member of UNITE Unified Network of Instructors and Trained Eliminators

Noticed any spelling or grammar errors in my reply? Please feel free to point them out to me, I'm always eager to learn. 


#10 thomdejong

thomdejong
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:37 PM

Posted 26 February 2014 - 04:15 PM

Hitman log:

 

HitmanPro 3.7.9.212
www.hitmanpro.com

   Computer name . . . . : THOM-PC
   Windows . . . . . . . : 6.1.1.7601.X64/4
   User name . . . . . . : Thom-PC\Thom
   UAC . . . . . . . . . : Disabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2014-02-26 20:58:00
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 4m 2s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 29

   Objects scanned . . . : 1.823.411
   Files scanned . . . . : 33.102
   Remnants scanned  . . : 447.971 files / 1.342.338 keys

Cookies _____________________________________________________________________

   C:\Users\Thom\AppData\Roaming\Microsoft\Windows\Cookies\WRZ20VAD.txt
   C:\Users\Thom\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_853802\cookies.sqlite:ad.360yield.com
   C:\Users\Thom\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_853802\cookies.sqlite:ad.nl
   C:\Users\Thom\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_853802\cookies.sqlite:adfarm.mediaplex.com
   C:\Users\Thom\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_853802\cookies.sqlite:ads.creative-serving.com
   C:\Users\Thom\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_853802\cookies.sqlite:ads.p161.net
   C:\Users\Thom\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_853802\cookies.sqlite:ads.stickyadstv.com
   C:\Users\Thom\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_853802\cookies.sqlite:ads.yahoo.com
   C:\Users\Thom\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_853802\cookies.sqlite:adtech.de
   C:\Users\Thom\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_853802\cookies.sqlite:advertising.com
   C:\Users\Thom\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_853802\cookies.sqlite:atdmt.com
   C:\Users\Thom\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_853802\cookies.sqlite:casalemedia.com
   C:\Users\Thom\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_853802\cookies.sqlite:doubleclick.net
   C:\Users\Thom\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_853802\cookies.sqlite:invitemedia.com
   C:\Users\Thom\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_853802\cookies.sqlite:media6degrees.com
   C:\Users\Thom\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_853802\cookies.sqlite:nl.sitestat.com
   C:\Users\Thom\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_853802\cookies.sqlite:ru4.com
   C:\Users\Thom\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_853802\cookies.sqlite:serving-sys.com
   C:\Users\Thom\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_853802\cookies.sqlite:smartadserver.com
   C:\Users\Thom\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_853802\cookies.sqlite:track.adform.net
   C:\Users\Thom\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_853802\cookies.sqlite:weborama.fr
   C:\Users\Thom\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_853802\cookies.sqlite:xiti.com
   C:\Users\Thom\AppData\Roaming\Mozilla\Firefox\Profiles\wosbxhat.default\cookies.sqlite:ad.360yield.com
   C:\Users\Thom\AppData\Roaming\Mozilla\Firefox\Profiles\wosbxhat.default\cookies.sqlite:ads.bleepingcomputer.com
   C:\Users\Thom\AppData\Roaming\Mozilla\Firefox\Profiles\wosbxhat.default\cookies.sqlite:ads.creative-serving.com
   C:\Users\Thom\AppData\Roaming\Mozilla\Firefox\Profiles\wosbxhat.default\cookies.sqlite:ads.yahoo.com
   C:\Users\Thom\AppData\Roaming\Mozilla\Firefox\Profiles\wosbxhat.default\cookies.sqlite:overture.com
   C:\Users\Thom\AppData\Roaming\Mozilla\Firefox\Profiles\wosbxhat.default\cookies.sqlite:track.adform.net
   C:\Users\Thom\AppData\Roaming\Mozilla\Firefox\Profiles\wosbxhat.default\cookies.sqlite:xiti.com
 

 

OTL log:

 

OTL logfile created on: 26-2-2014 21:59:25 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Thom\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16518)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy
 
5,46 Gb Total Physical Memory | 3,26 Gb Available Physical Memory | 59,67% Memory free
10,91 Gb Paging File | 7,25 Gb Available in Paging File | 66,44% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 200,28 Gb Total Space | 74,22 Gb Free Space | 37,06% Space Free | Partition Type: NTFS
Drive D: | 240,16 Gb Total Space | 239,23 Gb Free Space | 99,61% Space Free | Partition Type: NTFS
 
Computer Name: THOM-PC | User Name: Thom | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014-02-26 21:58:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Thom\Desktop\OTL.exe
PRC - [2014-02-15 03:44:21 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014-02-12 15:28:56 | 012,739,936 | ---- | M] (Zemana Ltd.) -- C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe
PRC - [2014-01-22 12:19:38 | 003,788,816 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
PRC - [2013-12-18 10:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013-09-24 01:33:08 | 000,348,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
PRC - [2013-06-26 18:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2013-06-26 18:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2013-04-04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013-04-04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013-04-04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012-08-31 15:02:03 | 002,754,984 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012-02-29 19:08:34 | 001,121,448 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
PRC - [2012-02-16 19:37:16 | 000,322,176 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
PRC - [2012-02-16 01:38:10 | 000,174,720 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
PRC - [2011-12-21 22:15:54 | 000,017,872 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x86\QuickGesture.exe
PRC - [2011-11-21 22:22:08 | 000,080,512 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
PRC - [2011-11-21 22:19:50 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
PRC - [2011-08-11 14:58:24 | 001,848,832 | ---- | M] (4t Niagara Software) -- C:\Program Files (x86)\4t Tray Minimizer\4t-min.exe
PRC - [2009-12-10 02:39:04 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe
PRC - [2009-12-10 02:37:16 | 003,690,496 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
PRC - [2009-06-19 18:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
PRC - [2009-06-19 18:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
PRC - [2008-12-23 01:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
PRC - [2008-08-14 05:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014-02-15 03:44:21 | 003,578,992 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014-02-26 20:57:59 | 000,127,752 | ---- | M] (SurfRight B.V.) [Auto | Running] -- C:\Program Files\HitmanPro\hmpsched.exe -- (HitmanProScheduler)
SRV:64bit: - [2014-02-06 11:48:45 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013-05-27 06:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012-03-29 13:32:50 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2012-03-29 10:39:18 | 000,235,520 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010-09-23 03:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2014-02-21 03:25:25 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014-02-15 03:44:21 | 000,118,896 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014-01-22 12:19:38 | 003,788,816 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013-12-18 10:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013-09-24 01:33:08 | 000,348,008 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe -- (avgwd)
SRV - [2013-09-11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013-09-05 09:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013-06-26 18:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2013-06-26 18:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2013-04-04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013-04-04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012-08-31 15:02:03 | 002,754,984 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2011-11-21 22:22:08 | 000,080,512 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2011-11-21 22:19:50 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2009-12-10 02:39:04 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe -- (pgsql-8.3)
SRV - [2009-06-10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014-02-12 15:28:56 | 000,025,568 | ---- | M] (Zemana Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\KeyCrypt64.sys -- (keycrypt)
DRV:64bit: - [2013-11-25 21:47:22 | 000,196,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2013-11-25 21:47:20 | 000,243,480 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2013-11-25 21:47:20 | 000,150,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgdiska.sys -- (Avgdiska)
DRV:64bit: - [2013-10-31 23:00:18 | 000,212,280 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2013-10-31 22:49:46 | 000,294,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2013-10-01 00:52:08 | 000,123,704 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2013-09-10 00:43:02 | 000,031,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2013-08-01 16:07:06 | 000,251,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2013-06-26 18:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2013-06-26 18:21:48 | 000,028,840 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2013-06-26 18:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2013-06-26 18:21:44 | 000,767,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2013-04-04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012-03-29 11:07:22 | 010,819,584 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012-03-29 09:35:58 | 000,328,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012-03-01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012-02-29 19:08:34 | 000,017,152 | ---- | M] (ASUSTek Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AiCharger.sys -- (AiCharger)
DRV:64bit: - [2012-02-24 01:56:32 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012-02-24 01:56:32 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012-02-23 13:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012-02-19 19:16:24 | 000,200,488 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2012-02-01 17:54:56 | 000,031,872 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdkmpfd.sys -- (amdkmpfd)
DRV:64bit: - [2012-01-13 21:05:56 | 000,056,448 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2011-12-28 05:44:26 | 002,797,056 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011-12-21 22:15:56 | 000,035,968 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AsusVBus.sys -- (AsusVBus)
DRV:64bit: - [2011-12-12 21:52:44 | 000,082,048 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2011-12-12 21:52:44 | 000,042,624 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2011-11-13 22:31:16 | 000,055,936 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.1)
DRV:64bit: - [2011-11-08 03:48:28 | 000,016,512 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AsusVTouch.sys -- (AsusVTouch)
DRV:64bit: - [2011-10-26 04:16:46 | 000,219,776 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdxhc.sys -- (amdxhc)
DRV:64bit: - [2011-10-26 04:16:46 | 000,102,528 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdhub30.sys -- (amdhub30)
DRV:64bit: - [2011-09-29 10:30:34 | 000,646,248 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011-05-14 00:37:54 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010-11-20 14:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010-11-20 12:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010-11-20 12:07:06 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010-11-20 10:37:44 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010-02-18 17:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009-07-20 10:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009-07-14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009-07-14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009-07-14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009-07-14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009-07-14 00:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009-06-10 22:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009-06-10 21:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009-06-10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009-06-10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009-06-10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009-06-10 21:34:18 | 000,057,344 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009-06-10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008-05-24 01:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2012-02-29 19:08:34 | 000,017,152 | ---- | M] (ASUSTek Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AiCharger.sys -- (AiCharger)
DRV - [2011-09-07 17:55:04 | 000,017,536 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO)
DRV - [2009-07-14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009-07-03 01:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = about:newtab
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = about:newtab
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = about:newtab
IE - HKLM\..\SearchScopes,DefaultScope =
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-811424810-1323542184-1123006007-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
IE - HKU\S-1-5-21-811424810-1323542184-1123006007-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL =
IE - HKU\S-1-5-21-811424810-1323542184-1123006007-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL =
IE - HKU\S-1-5-21-811424810-1323542184-1123006007-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page =
IE - HKU\S-1-5-21-811424810-1323542184-1123006007-1001\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-811424810-1323542184-1123006007-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-811424810-1323542184-1123006007-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKU\S-1-5-21-811424810-1323542184-1123006007-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-811424810-1323542184-1123006007-1002\..\SearchScopes,DefaultScope =
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "google.com"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0.1
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@threeships.nl/TSHelper;version=1.0.1.3: C:\Program Files (x86)\Common Files\ThreeShips Shared\Dll\\npTSHelper.dll ()
FF - HKLM\Software\MozillaPlugins\@threeships.nl/TSHelper;version=2.0.0.1: C:\Program Files (x86)\Common Files\ThreeShips Shared\Dll\\npTSHelper.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012-10-05 13:37:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thom\AppData\Roaming\mozilla\Extensions
[2014-02-25 23:29:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thom\AppData\Roaming\mozilla\Firefox\Profiles\Solo_853802\extensions
[2014-02-21 00:57:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thom\AppData\Roaming\mozilla\Firefox\Profiles\wosbxhat.default\extensions
[2013-07-16 21:13:18 | 000,211,403 | ---- | M] () (No name found) -- C:\Users\Thom\AppData\Roaming\mozilla\firefox\profiles\Solo_853802\extensions\jid0-UgB5JNMPWHIRM4dcAe76c7EcVis@jetpack.xpi
[2013-07-16 21:13:18 | 000,211,403 | ---- | M] () (No name found) -- C:\Users\Thom\AppData\Roaming\mozilla\firefox\profiles\wosbxhat.default\extensions\jid0-UgB5JNMPWHIRM4dcAe76c7EcVis@jetpack.xpi
[2014-02-21 00:57:28 | 000,536,255 | ---- | M] () (No name found) -- C:\Users\Thom\AppData\Roaming\mozilla\firefox\profiles\wosbxhat.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2014-02-15 03:44:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014-02-15 03:44:21 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2014-02-26 15:04:27 | 000,000,840 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ASUSPRP] C:\Program Files (x86)\ASUS\APRP\APRP.EXE (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [ZALFree] C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe (Zemana Ltd.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-811424810-1323542184-1123006007-1002..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-811424810-1323542184-1123006007-1002..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Thom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4t Tray Minimizer.lnk = C:\Program Files (x86)\4t Tray Minimizer\4t-min.exe (4t Niagara Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O9 - Extra Button: PokerStars.eu - {07BA1DA9-F501-4796-8728-74D1B91A6CD5} - C:\Program Files (x86)\PokerStars.EU\PokerStarsUpdate.exe (PokerStars)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 195.241.77.55 195.241.77.58
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3761CA32-9830-4B03-946B-92453C88238F}: DhcpNameServer = 192.168.1.254 195.241.77.55 195.241.77.58
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A21AC50B-5538-4209-AAED-40160891778C}: DhcpNameServer = 192.168.1.254 195.241.77.55 195.241.77.58
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KEYCRY~1\KEYCRY~4.DLL) - C:\Program Files (x86)\KeyCryptSDK\KeyCrypt64(1).dll (Zemana Ltd.)
O20 - AppInit_DLLs: (C:\PROGRA~2\KEYCRY~1\KEYCRY~3.DLL) - C:\Program Files (x86)\KeyCryptSDK\KeyCrypt32(1).dll (Zemana Ltd.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014-02-26 21:58:26 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Thom\Desktop\OTL.exe
[2014-02-26 20:57:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
[2014-02-26 20:57:57 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2014-02-26 20:56:58 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2014-02-26 20:56:08 | 010,820,032 | ---- | C] (SurfRight B.V.) -- C:\Users\Thom\Desktop\HitmanPro_x64.exe
[2014-02-25 23:44:44 | 000,000,000 | ---D | C] -- C:\FRST
[2014-02-25 23:42:27 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014-02-25 23:39:45 | 000,000,000 | ---D | C] -- C:\Windows\Temp
[2014-02-25 23:39:45 | 000,000,000 | ---D | C] -- C:\Users\Thom\AppData\Local\Temp
[2014-02-25 23:09:57 | 002,156,032 | ---- | C] (Farbar) -- C:\Users\Thom\Desktop\FRST64.exe
[2014-02-23 21:18:50 | 000,000,000 | ---D | C] -- C:\zoek_backup
[2014-02-21 22:36:30 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014-02-21 17:16:59 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[2014-02-21 17:16:56 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2014-02-21 17:16:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2014-02-21 17:16:06 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2014-02-21 17:15:57 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2014-02-21 17:15:57 | 000,174,504 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2014-02-21 17:15:57 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2014-02-21 17:15:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014-02-21 15:44:18 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Thom\Desktop\dds.com
[2014-02-21 01:39:13 | 000,114,717 | ---- | C] (DewaSoft) -- C:\Users\Thom\Desktop\KL-Detector.exe
[2014-02-21 01:29:18 | 000,025,568 | ---- | C] (Zemana Ltd.) -- C:\Windows\SysNative\drivers\KeyCrypt64.sys
[2014-02-21 01:29:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiLogger Free
[2014-02-21 01:29:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\KeyCryptSDK
[2014-02-21 01:29:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Zemana AntiLogger Free
[2014-02-21 01:29:16 | 000,000,000 | ---D | C] -- C:\Users\Thom\AppData\Local\AntiLogger Free
[2014-02-21 00:44:14 | 004,122,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Thom\Desktop\tdsskiller.exe
[2014-02-20 22:31:40 | 000,000,000 | ---D | C] -- C:\Users\Thom\AppData\Roaming\AVG2014
[2014-02-20 22:31:05 | 000,000,000 | ---D | C] -- C:\Users\Thom\AppData\Roaming\TuneUp Software
[2014-02-20 22:31:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2014-02-20 22:30:31 | 000,000,000 | -H-D | C] -- C:\$AVG
[2014-02-20 22:30:31 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2014
[2014-02-20 22:29:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2014-02-20 22:24:17 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2014-02-20 22:24:17 | 000,000,000 | ---D | C] -- C:\Users\Thom\AppData\Local\Avg2014
[2014-02-20 22:24:16 | 000,000,000 | ---D | C] -- C:\Users\Thom\AppData\Local\MFAData
[2014-02-20 22:24:16 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2014-02-15 03:44:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014-02-13 23:16:32 | 000,000,000 | ---D | C] -- C:\Users\Thom\Desktop\troep
[2014-02-13 03:02:21 | 000,548,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014-02-13 03:01:03 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014-02-13 03:01:03 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014-02-13 03:01:02 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014-02-13 03:01:02 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014-02-13 03:01:01 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014-02-13 03:01:01 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014-02-13 03:01:01 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014-02-13 03:00:59 | 000,627,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014-02-13 03:00:59 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014-02-13 03:00:58 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014-02-13 03:00:58 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014-02-13 03:00:58 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014-02-13 03:00:58 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014-02-13 03:00:58 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014-02-13 03:00:58 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014-02-13 03:00:58 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014-02-13 03:00:57 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014-02-13 03:00:56 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014-02-13 03:00:56 | 000,708,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014-02-13 03:00:56 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014-02-13 03:00:54 | 001,964,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014-02-13 03:00:53 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014-02-13 03:00:48 | 005,768,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014-02-13 01:26:56 | 000,000,000 | ---D | C] -- C:\Users\Thom\AppData\Roaming\DogeCoin
[2014-02-12 21:24:43 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2014-02-12 21:24:43 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2014-02-12 21:24:33 | 000,658,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_isv.exe
[2014-02-12 21:24:33 | 000,626,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate.exe
[2014-02-12 21:24:33 | 000,594,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe
[2014-02-12 21:24:33 | 000,572,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe
[2014-02-12 21:24:33 | 000,508,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
[2014-02-12 21:24:32 | 000,553,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp.exe
[2014-02-12 21:24:32 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp_isv.exe
[2014-02-12 21:24:32 | 000,528,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdrm.dll
[2014-02-12 21:24:32 | 000,510,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe
[2014-02-12 21:24:32 | 000,488,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc.dll
[2014-02-12 21:24:32 | 000,485,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_isv.dll
[2014-02-12 21:24:32 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll
[2014-02-12 21:24:32 | 000,423,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll
[2014-02-12 21:24:31 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp_isv.dll
[2014-02-12 21:24:31 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp.dll
[2014-02-12 21:24:31 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll
[2014-02-12 21:24:31 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll
[2014-02-12 21:24:27 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2014-02-12 21:24:26 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2014-01-28 23:53:47 | 000,000,000 | ---D | C] -- C:\Users\Thom\Desktop\Easy Game Volume I & II by Andrew (balugawhale) Seidman
 
========== Files - Modified Within 30 Days ==========
 
[2014-02-26 21:58:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Thom\Desktop\OTL.exe
[2014-02-26 21:34:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014-02-26 21:25:00 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014-02-26 20:57:59 | 000,001,881 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2014-02-26 20:56:24 | 010,820,032 | ---- | M] (SurfRight B.V.) -- C:\Users\Thom\Desktop\HitmanPro_x64.exe
[2014-02-26 18:33:59 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014-02-26 15:05:07 | 000,001,439 | ---- | M] () -- C:\Users\Public\Desktop\sample_26-02-2014_1505.zip
[2014-02-26 15:04:27 | 000,000,840 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2014-02-26 15:02:07 | 000,018,736 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014-02-26 15:02:07 | 000,018,736 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014-02-26 14:55:06 | 000,000,386 | ---- | M] () -- C:\Windows\tasks\AVG_SYS_TASK_DELETE.job
[2014-02-26 14:55:06 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\AVG_SYS_TASK.job
[2014-02-26 14:54:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014-02-26 14:54:36 | 099,446,783 | -HS- | M] () -- C:\hiberfil.sys
[2014-02-25 23:27:06 | 022,657,295 | ---- | M] () -- C:\Users\Public\Desktop\sample_25-02-2014_2326.zip
[2014-02-25 23:10:00 | 002,156,032 | ---- | M] (Farbar) -- C:\Users\Thom\Desktop\FRST64.exe
[2014-02-24 03:01:28 | 001,647,108 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014-02-24 03:01:28 | 000,746,450 | ---- | M] () -- C:\Windows\SysNative\perfh013.dat
[2014-02-24 03:01:28 | 000,654,916 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014-02-24 03:01:28 | 000,154,112 | ---- | M] () -- C:\Windows\SysNative\perfc013.dat
[2014-02-24 03:01:28 | 000,122,530 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014-02-24 03:01:14 | 001,647,108 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014-02-23 21:51:53 | 580,089,324 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2014-02-23 21:37:37 | 000,000,512 | ---- | M] () -- C:\Users\Thom\Desktop\MBR.dat
[2014-02-23 21:15:10 | 001,284,608 | ---- | M] () -- C:\Users\Thom\Desktop\zoek.exe
[2014-02-21 22:35:46 | 001,241,834 | ---- | M] () -- C:\Users\Thom\Desktop\AdwCleaner.exe
[2014-02-21 15:44:21 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Thom\Desktop\dds.com
[2014-02-21 03:25:23 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014-02-21 03:25:23 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014-02-21 01:29:19 | 000,001,142 | ---- | M] () -- C:\Users\Public\Desktop\AntiLogger Free.lnk
[2014-02-21 00:44:21 | 004,122,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Thom\Desktop\tdsskiller.exe
[2014-02-20 22:50:59 | 000,047,616 | ---- | M] () -- C:\Users\Thom\Desktop\Win32kDiag.exe
[2014-02-20 22:31:05 | 000,000,977 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2014.lnk
[2014-02-20 21:51:50 | 000,038,030 | ---- | M] () -- C:\Users\Thom\Desktop\kldetector13.zip
[2014-02-20 14:09:00 | 001,049,113 | ---- | M] () -- C:\Users\Thom\Desktop\AUDIT   Thommehh .htm
[2014-02-14 15:23:50 | 000,045,056 | ---- | M] () -- C:\Windows\SysWow64\acovcnt.exe
[2014-02-14 03:17:56 | 000,063,000 | ---- | M] () -- C:\Users\Thom\Desktop\ip.bitcointalk.org.png
[2014-02-13 22:51:47 | 000,194,672 | ---- | M] () -- C:\Users\Thom\Desktop\IMAG0390.jpg
[2014-02-13 22:44:47 | 000,452,425 | ---- | M] () -- C:\Users\Thom\Desktop\IMAG0389.jpg
[2014-02-13 22:43:15 | 000,823,420 | ---- | M] () -- C:\Users\Thom\Desktop\IMAG0385.jpg
[2014-02-13 22:43:03 | 000,914,721 | ---- | M] () -- C:\Users\Thom\Desktop\IMAG0386.jpg
[2014-02-13 22:42:45 | 000,406,787 | ---- | M] () -- C:\Users\Thom\Desktop\IMAG0388.jpg
[2014-02-13 00:25:01 | 000,143,779 | ---- | M] () -- C:\Users\Thom\Desktop\btcgraph.png
[2014-02-12 15:28:56 | 000,025,568 | ---- | M] (Zemana Ltd.) -- C:\Windows\SysNative\drivers\KeyCrypt64.sys
[2014-02-06 12:30:12 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014-02-06 12:07:39 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014-02-06 12:06:47 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014-02-06 11:56:03 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014-02-06 11:52:11 | 000,574,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014-02-06 11:49:03 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014-02-06 11:48:45 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014-02-06 11:48:11 | 000,708,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014-02-06 11:32:49 | 000,218,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014-02-06 11:17:15 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014-02-06 11:11:37 | 005,768,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014-02-06 11:01:36 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014-02-06 11:00:46 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014-02-06 10:57:13 | 000,627,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014-02-06 10:52:21 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014-02-06 10:50:32 | 002,041,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014-02-06 10:49:22 | 000,440,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014-02-06 10:47:22 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014-02-06 10:46:27 | 000,553,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014-02-06 10:25:43 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014-02-06 10:09:30 | 001,964,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014-02-06 09:40:06 | 000,817,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014-02-06 09:34:31 | 000,703,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
 
========== Files Created - No Company Name ==========
 
[2014-02-26 20:57:59 | 000,001,881 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2014-02-26 15:05:07 | 000,001,439 | ---- | C] () -- C:\Users\Public\Desktop\sample_26-02-2014_1505.zip
[2014-02-25 23:27:06 | 022,657,295 | ---- | C] () -- C:\Users\Public\Desktop\sample_25-02-2014_2326.zip
[2014-02-23 21:51:53 | 580,089,324 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2014-02-23 21:37:37 | 000,000,512 | ---- | C] () -- C:\Users\Thom\Desktop\MBR.dat
[2014-02-23 21:15:05 | 001,284,608 | ---- | C] () -- C:\Users\Thom\Desktop\zoek.exe
[2014-02-23 08:07:50 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\AVG_SYS_TASK.job
[2014-02-23 08:07:48 | 000,000,386 | ---- | C] () -- C:\Windows\tasks\AVG_SYS_TASK_DELETE.job
[2014-02-21 22:35:44 | 001,241,834 | ---- | C] () -- C:\Users\Thom\Desktop\AdwCleaner.exe
[2014-02-21 01:29:19 | 000,001,142 | ---- | C] () -- C:\Users\Public\Desktop\AntiLogger Free.lnk
[2014-02-20 23:09:38 | 001,049,113 | ---- | C] () -- C:\Users\Thom\Desktop\AUDIT   Thommehh .htm
[2014-02-20 22:50:56 | 000,047,616 | ---- | C] () -- C:\Users\Thom\Desktop\Win32kDiag.exe
[2014-02-20 22:31:05 | 000,000,977 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2014.lnk
[2014-02-20 21:51:50 | 000,038,030 | ---- | C] () -- C:\Users\Thom\Desktop\kldetector13.zip
[2014-02-14 03:17:56 | 000,063,000 | ---- | C] () -- C:\Users\Thom\Desktop\ip.bitcointalk.org.png
[2014-02-13 22:51:46 | 000,194,672 | ---- | C] () -- C:\Users\Thom\Desktop\IMAG0390.jpg
[2014-02-13 22:44:47 | 000,452,425 | ---- | C] () -- C:\Users\Thom\Desktop\IMAG0389.jpg
[2014-02-13 22:43:14 | 000,823,420 | ---- | C] () -- C:\Users\Thom\Desktop\IMAG0385.jpg
[2014-02-13 22:43:03 | 000,914,721 | ---- | C] () -- C:\Users\Thom\Desktop\IMAG0386.jpg
[2014-02-13 22:42:44 | 000,406,787 | ---- | C] () -- C:\Users\Thom\Desktop\IMAG0388.jpg
[2014-02-13 00:25:00 | 000,143,779 | ---- | C] () -- C:\Users\Thom\Desktop\btcgraph.png
[2014-01-16 16:42:16 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\acovcnt.exe
[2013-08-07 20:55:00 | 000,000,204 | ---- | C] () -- C:\Users\Thom\.screenleap
[2013-07-27 22:08:03 | 000,000,045 | ---- | C] () -- C:\Users\Thom\AppData\Local\machpro.dat
[2013-02-06 11:04:15 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012-10-09 18:37:08 | 000,007,600 | ---- | C] () -- C:\Users\Thom\AppData\Local\Resmon.ResmonCfg
[2012-10-05 15:21:42 | 000,004,934 | ---- | C] () -- C:\ProgramData\flwjycbm.bab
[2012-07-08 09:19:26 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012-07-08 09:15:41 | 000,204,960 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012-07-08 09:15:41 | 000,157,152 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012-07-08 09:15:41 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2012-03-29 14:03:38 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2012-02-24 03:42:37 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe
 
========== ZeroAccess Check ==========
 
[2009-07-14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013-07-26 03:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013-07-26 02:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-20 13:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
 

 

Extras log:

 

OTL Extras logfile created on: 26-2-2014 21:59:25 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Thom\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16518)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy
 
5,46 Gb Total Physical Memory | 3,26 Gb Available Physical Memory | 59,67% Memory free
10,91 Gb Paging File | 7,25 Gb Available in Paging File | 66,44% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 200,28 Gb Total Space | 74,22 Gb Free Space | 37,06% Space Free | Partition Type: NTFS
Drive D: | 240,16 Gb Total Space | 239,23 Gb Free Space | 99,61% Space Free | Partition Type: NTFS
 
Computer Name: THOM-PC | User Name: Thom | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- Reg Error: Key error. File not found
 
[HKEY_USERS\S-1-5-21-811424810-1323542184-1123006007-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01B1A5EF-0537-422B-A681-9C2ECB597AD3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{19AA219A-CF80-454B-8EA1-5E1575A9E7F6}" = lport=138 | protocol=17 | dir=in | app=system |
"{24A76D04-2824-46C5-820B-BCE8F40B2494}" = rport=10243 | protocol=6 | dir=out | app=system |
"{2A78AB96-606D-4FD6-8200-371C5ED350EC}" = lport=137 | protocol=17 | dir=in | app=system |
"{3BF7C0E7-D0E2-4200-A3F4-F68F70E39272}" = lport=445 | protocol=6 | dir=in | app=system |
"{5D4E0A5F-3C0F-4D77-960D-70121BD34CCF}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6324E817-1D0D-4EE3-A2AB-3A17E512BD0F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{67DB614F-DBB2-4301-A39F-7353FC6FC473}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6AFE5D97-5726-4E14-9578-AC55F467E3EB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{7200A232-CB9A-4548-89E0-CF072E6C2E3E}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{7CFA6EA0-53B4-4191-B6EE-4A5B91EB0F63}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{80AB7AD1-3155-41A4-ABF7-8704F916CDB5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{91D997AD-00FC-4D77-B61E-E9C906EDB671}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A56F99CF-933B-4F79-9B77-D54139039647}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{AC393F6B-1126-4894-A464-38522BEE2F5A}" = rport=445 | protocol=6 | dir=out | app=system |
"{AE980138-0F61-40A6-BCC0-D2D61CFFD33E}" = rport=138 | protocol=17 | dir=out | app=system |
"{BBDED936-C296-4C8B-8F82-4E7FBA3FF37D}" = rport=137 | protocol=17 | dir=out | app=system |
"{D3D6D244-FEA5-4E37-B3AE-F701E1CC55D6}" = rport=139 | protocol=6 | dir=out | app=system |
"{D7BD3144-51C3-4588-8BC2-F847BF8186D5}" = lport=10243 | protocol=6 | dir=in | app=system |
"{E89BEAB9-61B3-4EAC-9A23-4BC56C556CB0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EFC25547-C259-4726-96A9-1E2523101CB8}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{FB685182-FCF1-4770-8469-C3EE6DBEE971}" = lport=139 | protocol=6 | dir=in | app=system |
"{FFC21423-61CB-4E4C-BE0E-62379200065E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01E4C841-7383-4755-93F0-E2EC50BA8C05}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{089AB85B-21D0-44E8-B93D-DCC143AD2A78}" = dir=in | app=c:\soloapp\webdriver.dll |
"{0A94A494-86EF-4A10-A08A-C37ACA2AE9AE}" = dir=out | app=c:\soloapp\iedriverserver.exe |
"{109395C2-5DF9-4EDA-88F8-EEDB2AD81363}" = dir=out | app=c:\soloapp\iedriverserver.exe |
"{10C4D4AE-A8E8-4F83-8104-4692231622B3}" = dir=out | app=c:\soloapp\chromedriver.exe |
"{12C97A60-E3E3-48B3-9B28-DAEC56EF507A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{147363FA-5DFE-49A8-BEE8-ED8FBFA8C8B4}" = dir=in | app=c:\soloapp\soloapp.exe |
"{1515E0C6-86F3-4E5C-AF49-E1134EC04F5C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{1604EDE0-E26A-40D4-AC31-9B79E237CB15}" = dir=in | app=c:\program files\hp\hp photosmart 5520 series\bin\devicesetup.exe |
"{161BFF74-E823-4343-B8AC-310021F4B335}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1B5FFF12-17F6-4C89-BE63-86185C05A4E4}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgdiagex.exe |
"{1EB39902-947F-4928-BCAC-D60ED6030380}" = dir=out | app=c:\soloapp\webdriver.dll |
"{1F0D607E-2B25-4FEB-9F2E-AE84E1E3134F}" = dir=in | app=c:\program files\hp\hp photosmart 5520 series\bin\hpnetworkcommunicator.exe |
"{20B75D7D-E532-48CE-94FA-ED5ED2EBE723}" = dir=out | app=c:\soloapp\soloapp.exe |
"{23BD09AC-0BC8-451F-A082-CF057188FF35}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{2A781107-A47E-4301-BF65-F2A33E17ADF6}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgnsa.exe |
"{2BC24698-1E6E-4555-8845-13DE182816B5}" = dir=out | app=c:\soloapp\soloapp.exe |
"{2C7C580D-26B4-495C-A878-070FC612D437}" = dir=in | app=c:\soloapp\iedriverserver.exe |
"{2D030457-D53B-4C8F-B987-D5F8FDA62163}" = dir=out | app=c:\soloapp\webdriver.dll |
"{2ECF8690-1E37-4DB9-A290-7381E2CD007D}" = dir=in | app=c:\soloapp\soloapp.exe |
"{2EE98295-78C3-4B55-93BB-701815FFBAB3}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{2EEC8998-B8FC-47CE-9CEF-B5ECE0E4DF4F}" = dir=out | app=c:\soloapp\iedriverserver.exe |
"{302108A9-C5EF-4245-AA71-F914C19EFEEA}" = dir=out | app=c:\soloapp\webdriver.dll |
"{37577FEC-87E3-4016-AD64-DBD43CFEDA88}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe |
"{37B6223D-574C-44DF-9E51-BC1538F4E305}" = dir=in | app=c:\soloapp\iedriverserver.exe |
"{39C7E0B4-61B1-46ED-AB24-84D0F6DEEB4C}" = protocol=6 | dir=out | app=system |
"{3E3E50DE-4333-427A-90FF-4B3FEEE54E3B}" = dir=in | app=c:\soloapp\soloapp.exe |
"{3F166C59-34BD-47B9-8635-5E84407CD20C}" = dir=in | app=c:\soloapp\chromedriver.exe |
"{43878BAC-3B61-4149-9D7E-D40FC65ADF5B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{49B4110D-9E81-47C0-B69F-A02F4CE113B9}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{4BDC85C6-A4A5-4A88-A13C-4B0C2B373F53}" = dir=in | app=c:\soloapp\chromedriver.exe |
"{504343A7-1364-43F0-AD88-EDAAB9175069}" = dir=in | app=c:\soloapp\webdriver.dll |
"{523202D9-2DF7-401D-A826-8ED8C8DA2CFE}" = dir=out | app=c:\soloapp\chromedriver.exe |
"{56048913-2EE4-4FB6-9B10-B11FD9535645}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{5A50A9DB-AB39-45AC-96B3-6E668F31F81B}" = dir=in | app=c:\soloapp\chromedriver.exe |
"{5B6714B2-C604-4867-9A51-B53ED021C064}" = dir=in | app=c:\soloapp\soloapp.exe |
"{6144D3CD-3478-4FC4-8923-CAAAFEFF4EF5}" = dir=in | app=c:\soloapp\soloapp.exe |
"{62D390DE-4AFD-4FC1-B590-6DEE7CE41C8A}" = dir=in | app=c:\soloapp\webdriver.dll |
"{65DD2C09-BC8A-4A20-B59C-40C0D563CB35}" = dir=out | app=c:\soloapp\chromedriver.exe |
"{667ECFD3-B66D-4CA0-B7C2-6E29B4173CF2}" = dir=out | app=c:\soloapp\chromedriver.exe |
"{6AAC022F-2E7E-4B14-9E92-DCD05701D41C}" = dir=in | app=c:\soloapp\iedriverserver.exe |
"{6BF77F2B-F8BC-4C78-8522-04BA5C2A88AF}" = dir=in | app=c:\soloapp\soloapp.exe |
"{71A2A46B-4396-4F09-A265-C32C92623558}" = dir=out | app=c:\soloapp\chromedriver.exe |
"{7210EAE1-1F4E-48DA-B7F9-4976428B8FF2}" = dir=in | app=c:\soloapp\webdriver.dll |
"{77E42EDF-3268-4095-9555-406CF83C824F}" = dir=out | app=c:\soloapp\iedriverserver.exe |
"{7AADBADF-8113-4E90-9BDA-3B5ED564019C}" = dir=in | app=c:\soloapp\chromedriver.exe |
"{7BBBE950-341E-4831-A4CF-A16FF47B6707}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7BE8143B-0323-4B97-BCD2-79DC24AF2BD8}" = dir=out | app=c:\soloapp\webdriver.dll |
"{87104B5D-B3E8-4D05-A003-CD82570FA2C9}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgemca.exe |
"{8779B3E4-3D15-4B30-B216-687226F35D5D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8A6158B1-8D26-4396-A463-C740BF6756F2}" = dir=out | app=c:\soloapp\iedriverserver.exe |
"{8D1D86DD-BA38-41CF-9176-738915C42554}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgdiagex.exe |
"{8D48B936-4225-4471-8835-73B3D46B5FFD}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe |
"{8FC617B8-EBF5-4F2C-B8C7-066C6C4C247B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{97CFE71B-2FE7-4E69-9F8E-2FE325A02568}" = dir=out | app=c:\soloapp\soloapp.exe |
"{98529B94-40C4-4003-9E9D-F607FDAE3232}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{998D6B84-7957-4AFD-9490-0A9A9646CB79}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{9A26E1CA-F98A-4228-9FC2-C5C46DC9B95E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{A00968C8-AC55-476D-9500-38B322F26191}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgnsa.exe |
"{A21949F8-A719-4978-AC41-F48E2C2A5395}" = dir=out | app=c:\soloapp\iedriverserver.exe |
"{A2A02886-04A3-4899-A5BF-4962592D1DBB}" = dir=out | app=c:\soloapp\webdriver.dll |
"{A4DF1D02-2BB6-4A05-81C7-CBF16A31AA81}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{A6DDAFAF-527E-4135-8672-0F80C2243CEB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A79C5F07-048C-43E7-BC7F-D7C9082478B0}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{AA5D3B94-40C1-4D0A-AC92-041DF0BB1E70}" = dir=out | app=c:\soloapp\soloapp.exe |
"{AB2E60F3-A94D-4C66-B9A4-6BBA56BD5A0F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AC17413F-A64E-44AD-941A-BD1EA4F8280D}" = dir=in | app=c:\soloapp\chromedriver.exe |
"{B0CB9A59-B634-4602-9B07-1AAA824816AC}" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{B2C86831-35AD-4364-826C-064160569F8F}" = dir=in | app=c:\soloapp\webdriver.dll |
"{B47DCE39-BD05-4FD0-BC5F-8FCE7C3FBB7F}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{B5DEB8DB-0E84-457D-9B87-08A90F7A6BD7}" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{B6C0EC26-8E89-4B18-877A-FA37F1DE18D0}" = dir=out | app=c:\soloapp\soloapp.exe |
"{B8B7C4B1-4933-46CB-85F3-3A2DECCD8A14}" = dir=out | app=c:\soloapp\iedriverserver.exe |
"{BBAE7202-C235-4B75-A93A-DC13914DCB86}" = dir=in | app=c:\soloapp\iedriverserver.exe |
"{BE0EC94A-88B6-4356-B121-F67FE5BE0F40}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{BE4B8706-C124-48AE-B9FA-650F33374E0B}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgemca.exe |
"{BED21653-8CCF-468C-A6DF-901423C29FC7}" = dir=in | app=c:\soloapp\soloapp.exe |
"{C78DFD98-F93F-4CCA-B07C-12154D959193}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C9C49CF8-D331-49B0-A8FF-9E07A1F24B38}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CC3EF8B3-FCE5-4176-9715-50944A0AEB8C}" = dir=out | app=c:\soloapp\chromedriver.exe |
"{D0747594-3FA0-42E3-B913-11BC656DE267}" = dir=out | app=c:\soloapp\soloapp.exe |
"{D0E001F4-7603-4854-8B14-F8C9BE34F5EF}" = dir=in | app=c:\soloapp\iedriverserver.exe |
"{D4692336-E391-42F5-B5EB-1EC76677B2EC}" = dir=in | app=c:\soloapp\webdriver.dll |
"{D4F1E3C5-F6E1-4A72-B115-986A2F24E118}" = dir=out | app=c:\soloapp\soloapp.exe |
"{D5085271-DF7D-4CC2-901B-1B879019F71E}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{E15D5672-AB9A-4A0F-A9CD-5ECF47F2EF1B}" = dir=in | app=c:\soloapp\iedriverserver.exe |
"{E2D82EA0-1490-4045-B4E2-9D6EA2D4088D}" = dir=in | app=c:\soloapp\chromedriver.exe |
"{E2FC0D8A-238B-454C-A40E-CB84D915305B}" = dir=out | app=c:\soloapp\webdriver.dll |
"{E452F531-5D75-4194-9F1B-60D5AAE96493}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{ED727475-6B0F-4C37-84FE-8D27FE16A9E7}" = dir=out | app=c:\soloapp\chromedriver.exe |
"{ED9E8362-042D-4C5A-AE4E-9F1574AC8B59}" = dir=in | app=c:\soloapp\iedriverserver.exe |
"{F2C0B9FA-2765-47AD-84DD-F40275094E47}" = dir=in | app=c:\soloapp\chromedriver.exe |
"{F37EC8C2-F648-4D1C-9704-A273C4DE6915}" = dir=out | app=c:\soloapp\webdriver.dll |
"{FCE906F3-A869-4A2D-BBD1-A4804162C3C7}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{FEE8923F-9DA4-40FA-9A11-302603E67CD5}" = dir=in | app=c:\soloapp\webdriver.dll |
"TCP Query User{C385ED8E-1567-4034-83BF-1F3356B1DE1C}C:\users\thom\desktop\dogecoin\dogecoin-qt.exe" = protocol=6 | dir=in | app=c:\users\thom\desktop\dogecoin\dogecoin-qt.exe |
"UDP Query User{41E1CAD1-5F78-4451-B51B-9449D35D7A08}C:\users\thom\desktop\dogecoin\dogecoin-qt.exe" = protocol=17 | dir=in | app=c:\users\thom\desktop\dogecoin\dogecoin-qt.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0919C44F-F18A-4E3B-A737-03685272CE72}" = Windows Live Remote Service Resources
"{0B43130A-4F6A-EC46-7857-21502C095300}" = AMD Fuel
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{11BA2B00-1495-47B8-BFA8-D08C605AB2CC}" = Windows Live Family Safety
"{17A4FD95-A507-43F1-BC92-D8572AF8340A}" = Windows Live Remote Service Resources
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{1FB31F44-D4D0-4D76-944A-A1A5D79FD321}" = Windows Live Family Safety
"{2292C2E1-8412-996B-6E8C-BFDAAEABC521}" = ccc-utility64
"{3CE222BA-66A6-4D18-BEE9-5D21C5798C3E}" = Windows Live Family Safety
"{3D7F836A-AE1F-4FA6-8DB9-4FE06697AB0A}" = Windows Live Family Safety
"{3E776E7A-F4C3-4A89-8EAD-535E722C8397}" = Windows Live Family Safety
"{491DF203-7B61-4F0E-BDCB-A1218C4DAFE9}" = Native Instruments Massive
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{53375A2B-FE08-42B6-8EB8-16818CD27B2C}" = Windows Live Family Safety
"{58DEC84D-E2D9-4EC5-89B2-3E7648264AF7}" = HP Photosmart 5520 series Basissoftware van het apparaat
"{5E015E15-F7AD-3379-523F-AD63C0CB9E71}" = AMD Steady Video Plug-In
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{63919769-655A-48A8-AD6C-39B471F683ED}" = Windows Live Family Safety
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{6DDCFF78-6F91-438C-9567-C5CAA9D7F56C}" = Windows Live Family Safety
"{7C4C5901-A58F-4018-A93B-01C93EF8D3F3}" = AVG 2014
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{81AB1FAB-B6E5-0107-EE24-D16F18039301}" = AMD Catalyst Install Manager
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C775E70-A791-4DA8-BCC3-6AB7136F4484}" = Visual Studio 2012 x64 Redistributables
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{90140000-006D-0413-1000-0000000FF1CE}" = Microsoft Office Klik-en-Klaar 2010
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{B0BF8602-EA52-4B0A-A2BD-EDABB0977030}" = Windows Live Remote Client Resources
"{B36055BF-5F0E-4EAB-804D-9203DFB34ADC}" = Windows Live Family Safety
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{C504EC13-E122-4939-BD6E-EE5A3BAA5FEC}" = Windows Live Remote Client Resources
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{CE470020-CCCF-4C09-9AB9-B710A4FBE2C8}" = AVG 2014
"{CEA21F20-DBF4-464C-8B81-28B8508AFDDD}" = Windows Live Family Safety
"{D24CB8ED-BCAB-7D0A-1B64-1081B66C8858}" = AMD Accelerated Video Transcoding
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E01819BD-709F-43A1-9600-6F5E4C584C37}" = Windows Live Family Safety
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E042B20F-D0A9-D2D0-52B6-040F0F435A7C}" = AMD Media Foundation Decoders
"{E60F14FA-E114-4F25-AEE0-33FE9EC9B1C3}" = Windows Live Family Safety
"{EFB20CF5-1A6D-41F3-8895-223346CE6291}" = Windows Live Remote Service Resources
"{F11009B0-F4DB-463B-B717-5266E47498AA}" = Windows Live Family Safety
"{FA687157-1A56-4FDE-9197-08FF0FF95C97}" = HP Photosmart 5520 series Productverbeteringsonderzoek
"{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources
"{FAD0EC0B-753B-4A97-AD34-32AC1EC8DB69}" = Windows Live Remote Client Resources
"AVG" = AVG 2014
"CCleaner" = CCleaner
"Elantech" = ETDWare PS/2-X64 10.5.9.0
"HitmanPro37" = HitmanPro 3.7
"WinRAR archiver" = WinRAR 4.20 (64-bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{039480EE-6933-4845-88B8-77FD0C3D059D}" = Windows Live Mesh
"{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{062E4D94-8306-46D5-81B6-45E6AD09C799}" = Windows Live Messenger
"{06D0A399-1749-A782-9B4A-69646CD38998}" = CCC Help Portuguese
"{0A4C4B29-5A9D-4910-A13C-B920D5758744}" = بريد Windows Live
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{127BEFB3-24B2-4B44-8E99-AD22C2A5A8ED}" = Full Tilt Poker.Eu
"{128133D3-037A-4C62-B1B7-55666A10587A}" = Windows Live UX Platform Language Pack
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{193C95A3-E4D5-4482-A9C9-1510E29849E4}" = HP Photosmart 5520 series Help
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19EA33FB-B34E-40EA-8B8A-61743AEB795A}" = Wireless Console 3
"{1A82AE99-84D3-486D-BAD6-675982603E14}" = Windows Live Writer
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20E1E100-ACCF-FE1F-64CB-F48CD6E57F2D}" = CCC Help Hungarian
"{2511AAD7-82DF-4B97-B0B3-E1B933317010}" = Windows Live Writer Resources
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 51
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2C4C2DC8-7CA8-4019-9780-124611747F50}" = CCC Help German
"{2C4E06CC-1F04-4C25-8B3C-93A9049EC42C}" = Windows Live UX Platform Language Pack
"{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{38FCEA06-FA6A-365B-1FFF-9175315A3297}" = Catalyst Control Center Localization All
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{415FA9AD-DA10-4ABE-97B6-5051D4795C90}" = HP FWUpdateEDO2
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{48D01AC5-40DC-BED8-6A96-AB59D87B58A4}" = Catalyst Control Center InstallProxy
"{49E4CD79-140C-C78E-9493-24DF63AE6EC4}" = CCC Help Chinese Traditional
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4D83F339-5A5C-4B21-8FD3-5D407B981E72}" = Windows Live Photo Common
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11
"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
"{5172E572-C175-4F80-A6D5-5CB45826AD61}" = SceneSwitch
"{521D5228-65FF-68D0-73F2-8D7B926D3D42}" = CCC Help Spanish
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5ADF54DE-DA4E-150A-7A2A-315F98C1AA68}" = CCC Help Danish
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{6114EEEA-7DD0-E3AE-C5A3-EEE66AA810D7}" = CCC Help Dutch
"{622DE1BE-9EDE-49D3-B349-29D64760342A}" = 適用遠端連線的 Windows Live Mesh ActiveX 控制項
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{676C23DE-A399-FD7A-CF30-3F71BCBB08B8}" = CCC Help Italian
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}" = Windows Live UX Platform Language Pack
"{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker
"{6D0C6BE4-F674-43D2-96BC-3509345108C9}_is1" = PokerStove version 1.24
"{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1" = Gyazo 1.0.1
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger
"{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71160F8B-84AD-DC1D-738C-0AAADF55CA2A}" = CCC Help Polish
"{716A8DF8-C1A0-3FE2-D9B5-679D28FB7613}" = CCC Help Russian
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{77AC32CF-A350-6825-5445-E9A85C32DC2C}" = CCC Help Japanese
"{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = Фотоальбом Windows Live
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{78DBE8CE-61F6-4D6C-806C-A0FFF65F5E1D}" = Windows Live Messenger
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7D916FA5-DAE9-4A25-B089-655C70EAF607}" = Qualcomm Atheros WiFi Driver Installation
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources
"{804DE397-F82C-4867-9085-E0AA539A3294}" = Windows Live Writer
"{80D42903-AB9D-A6A7-3C58-E1DB243F4898}" = CCC Help Korean
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{84776CD5-7364-4DE2-71FA-D37839FBF9F5}" = CCC Help Turkish
"{84A411F9-40A5-4CDA-BF46-E09FBB2BC313}" = Windows Live Essentials
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{8F9A9C38-EF19-1871-3731-C5DC986776FD}" = CCC Help Chinese Standard
"{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger
"{90140011-0066-0413-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Nederlands
"{901D82B4-5961-195B-9987-ECFCED0F9BCB}" = CCC Help Greek
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{938CFBD4-0652-49E5-BB8B-153948865941}" = ASUS Virtual Touch
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95140000-00AF-0413-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{954AED8D-F8FD-46AC-ABDF-A624C1B41803}" = ThreeShipsPluginSetup
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D4C7DFA-CBBB-4F06-BDAC-94D831406DF0}" = פקד ActiveX של Windows Live Mesh עבור חיבורים מרוחקים
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA}" = Windows Live Movie Maker
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A5A329F3-9971-83C7-AEBA-9BC86AB392AA}" = CCC Help English
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A80DB23D-0618-405B-89D9-28F99814E287}_is1" = AntiLogger Free version 1.7.2.361
"{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}" = ASUS USB Charger Plus
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{AB67580-257C-45FF-B8F4-C8C30682091A}_is1" = SIW version 2011.10.29
"{ABD534B7-E951-470E-92C2-CD5AF1735726}" = Windows Live Essentials
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.9) MUI
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{AF01B90A-D25C-4F60-AECD-6EEDF509DC11}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D}" = Windows Live Photo Common
"{B2E90616-C50D-4B89-A40D-92377AC669E5}" = Windows Live Messenger
"{B2FEEB41-2206-773C-E6B5-D6A57CD529AD}" = CCC Help Czech
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = Почта Windows Live
"{B823632F-3B72-4514-8861-B961CE263224}" = PostgreSQL 8.3
"{BAEE89D5-6E87-4F89-9603-A1C100479181}" = Windows Live Messenger
"{BCB0D6F7-7EAB-4009-A6F2-8E0E7F317773}" = Элемент управления Windows Live Mesh ActiveX для удаленных подключений
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{BF3E4775-9784-8F4B-1E5A-B70D3A8AE998}" = CCC Help Finnish
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C6579CAA-4A51-86E7-1E85-442192C2266B}" = CCC Help French
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C72947D7-7EE3-1FA1-5D89-1927C3D76652}" = CCC Help Thai
"{C8657F9F-550D-9C81-F941-D5B68BFA8E25}" = CCC Help Norwegian
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{C95A5A77-622F-45CA-9540-84468FCB18B1}" = Windows Live Messenger
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CBFD061C-4B27-4A89-ADD8-210316EEFA11}" = Windows Live Messenger
"{CD798768-821A-C0C5-7C49-E3CC4BEBD9A3}" = AMD VISION Engine Control Center
"{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer
"{CE929F09-3853-4180-BD90-30764BFF7136}" = גלריית התמונות של Windows Live
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack
"{D39F0676-163E-4595-A917-E28F99BBD4D2}" = ASUS AI Recovery
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DB7882E2-ABEF-27ED-E657-D3EDAFC1F0F6}" = Catalyst Control Center Graphics Previews Common
"{DBAA2B17-D596-4195-A169-BA2166B0D69B}" = Windows Live Mail
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E18B30AA-6E2D-480C-B918-AF61009F4010}" = عنصر تحكم ActiveX الخاص بـ Windows Live Mesh للاتصالات البعيدة
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EEA324B5-30A3-F8B3-B5AE-714C21CA2DB8}" = Catalyst Control Center Profiles Mobile
"{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心
"{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F52C5BE7-3F57-464E-8A54-908402E43CE8}" = Windows Live Writer Resources
"{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}" = Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις
"{F7E80BA7-A09D-4DD1-828B-C4A0274D4720}" = Windows Live Mesh
"{F89D6F87-73AD-D9B6-D46B-7FE7C773AD43}" = CCC Help Swedish
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FB82D8E0-28B0-437A-A74F-7B6847047F95}" = TN2
"{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}" = معرض صور Windows Live
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF105207-8423-4E13-B0B1-50753170B245}" = Windows Live Movie Maker
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"4t Tray Minimizer_is1" = 4t Tray Minimizer Free 5.52
"Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin
"ASIO4ALL" = ASIO4ALL
"BitTorrent" = BitTorrent
"FileZilla Client" = FileZilla Client 3.6.0
"FL Studio 10" = FL Studio 10
"Google Chrome" = Google Chrome
"HijackThis" = HijackThis 1.99.1
"HP Photo Creations" = HP Photo Creations
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versie 1.75.0.1300
"Mozilla Firefox 27.0.1 (x86 nl)" = Mozilla Firefox 27.0.1 (x86 nl)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MultiBit 0.5.14" = MultiBit 0.5.14
"Native Instruments Massive" = Native Instruments Massive
"Native Instruments Service Center" = Native Instruments Service Center
"Office14.Click2Run" = Microsoft Office Klik-en-Klaar 2010
"PokerStars.eu" = PokerStars.eu
"PokerTracker4" = PokerTracker 4 (remove only)
"reFX Nexus_is1" = reFX Nexus VSTi RTAS v2.2.0
"TeamViewer 7" = TeamViewer 7
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-811424810-1323542184-1123006007-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 29-10-2013 15:52:44 | Computer Name = Thom-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
 
Error - 30-10-2013 10:16:37 | Computer Name = Thom-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
 
Error - 31-10-2013 19:19:04 | Computer Name = Thom-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
 
Error - 1-11-2013 14:07:57 | Computer Name = Thom-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
 
Error - 3-11-2013 9:01:19 | Computer Name = Thom-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
 
Error - 3-11-2013 22:54:36 | Computer Name = Thom-PC | Source = Application Error | ID = 1000
Description = Naam van toepassing met fout: plugin-container.exe, versie: 25.0.0.5046,
 tijdstempel: 0x526b1daa  Naam van module met fout: mozalloc.dll, versie: 25.0.0.5046,
 tijdstempel: 0x526af0bc  Uitzonderingscode: 0x80000003  Foutoffset: 0x0000119c  Id van
 proces met fout: 0xf30  Starttijd van toepassing met fout: 0x01ced8ef7c395251  Pad
naar toepassing met fout: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
Pad
 naar module met fout: C:\Program Files (x86)\Mozilla Firefox\mozalloc.dll  Rapport-id:
 705620f5-44fc-11e3-8596-10bf48e00332
 
Error - 3-11-2013 23:24:43 | Computer Name = Thom-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
 
Error - 4-11-2013 18:42:12 | Computer Name = Thom-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
 
Error - 5-11-2013 16:21:40 | Computer Name = Thom-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
 
Error - 6-11-2013 14:49:18 | Computer Name = Thom-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
 
[ System Events ]
Error - 25-2-2014 15:19:09 | Computer Name = Thom-PC | Source = ACPI | ID = 327693
Description = : de EC (embedded controller) heeft niet binnen de opgegeven time-outperiode
 gereageerd. Dit kan duiden op een fout in de EC-hardware of -firmware, of dat de
 BIOS op een onjuiste manier toegang de EC probeert te krijgen. U dient de fabrikant
 van uw computer om een bijgewerkte BIOS te vragen. In sommige situaties kan deze
 fout leiden tot problemen met de computer.
 
Error - 25-2-2014 18:29:03 | Computer Name = Thom-PC | Source = Service Control Manager | ID = 7030
Description = De PEVSystemStart-service staat aangeduid als een interactieve service.
 Het systeem is echter zodanig geconfigureerd dat interactieve services niet zijn
 toegestaan. Deze service werkt mogelijk niet juist.
 
Error - 25-2-2014 18:29:04 | Computer Name = Thom-PC | Source = Service Control Manager | ID = 7030
Description = De PEVSystemStart-service staat aangeduid als een interactieve service.
 Het systeem is echter zodanig geconfigureerd dat interactieve services niet zijn
 toegestaan. Deze service werkt mogelijk niet juist.
 
Error - 25-2-2014 18:29:05 | Computer Name = Thom-PC | Source = Service Control Manager | ID = 7030
Description = De PEVSystemStart-service staat aangeduid als een interactieve service.
 Het systeem is echter zodanig geconfigureerd dat interactieve services niet zijn
 toegestaan. Deze service werkt mogelijk niet juist.
 
Error - 25-2-2014 18:29:05 | Computer Name = Thom-PC | Source = Service Control Manager | ID = 7030
Description = De PEVSystemStart-service staat aangeduid als een interactieve service.
 Het systeem is echter zodanig geconfigureerd dat interactieve services niet zijn
 toegestaan. Deze service werkt mogelijk niet juist.
 
Error - 25-2-2014 18:29:06 | Computer Name = Thom-PC | Source = Service Control Manager | ID = 7030
Description = De PEVSystemStart-service staat aangeduid als een interactieve service.
 Het systeem is echter zodanig geconfigureerd dat interactieve services niet zijn
 toegestaan. Deze service werkt mogelijk niet juist.
 
Error - 25-2-2014 18:40:36 | Computer Name = Thom-PC | Source = DCOM | ID = 10010
Description =
 
Error - 26-2-2014 1:20:13 | Computer Name = Thom-PC | Source = DCOM | ID = 10010
Description =
 
Error - 26-2-2014 10:04:27 | Computer Name = Thom-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Er is een fout opgetreden bij een poging het local hosts-bestand te
 lezen.
 
Error - 26-2-2014 16:48:13 | Computer Name = Thom-PC | Source = ACPI | ID = 327693
Description = : de EC (embedded controller) heeft niet binnen de opgegeven time-outperiode
 gereageerd. Dit kan duiden op een fout in de EC-hardware of -firmware, of dat de
 BIOS op een onjuiste manier toegang de EC probeert te krijgen. U dient de fabrikant
 van uw computer om een bijgewerkte BIOS te vragen. In sommige situaties kan deze
 fout leiden tot problemen met de computer.
 
 
< End of report >
 



#11 Mako

Mako

  • Malware Response Team
  • 238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:07:37 PM

Posted 27 February 2014 - 11:13 AM

Hello,

We need to run an OTL Fix

  • Please reopen otlicon.png on your desktop.
  • Copy and Paste the following code into the customscanfix.png textbox.
    :Files
    C:\Users\Thom\AppData\Roaming\mozilla\firefox\profiles\Solo_853802\extensions\jid0-UgB5JNMPWHIRM4dcAe76c7EcVis@jetpack.xpi
    C:\Users\Thom\AppData\Roaming\mozilla\firefox\profiles\wosbxhat.default\extensions\jid0-UgB5JNMPWHIRM4dcAe76c7EcVis@jetpack.xpi
    C:\ProgramData\flwjycbm.bab
    
    :OTL
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4 - HKLM..\Run: [] File not found
    
    :Commands
    [EMPTYFLASH]
    [EMPTYJAVA]
    [EMPTYTEMP]
    
  • Push runfix.png
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.

Regards,

Mako

 

Member of UNITE Unified Network of Instructors and Trained Eliminators

Noticed any spelling or grammar errors in my reply? Please feel free to point them out to me, I'm always eager to learn. 


#12 thomdejong

thomdejong
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:37 PM

Posted 27 February 2014 - 01:29 PM

All processes killed
========== FILES ==========
C:\Users\Thom\AppData\Roaming\mozilla\firefox\profiles\Solo_853802\extensions\jid0-UgB5JNMPWHIRM4dcAe76c7EcVis@jetpack.xpi moved successfully.
C:\Users\Thom\AppData\Roaming\mozilla\firefox\profiles\wosbxhat.default\extensions\jid0-UgB5JNMPWHIRM4dcAe76c7EcVis@jetpack.xpi moved successfully.
C:\ProgramData\flwjycbm.bab moved successfully.
========== OTL ==========
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
========== COMMANDS ==========
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: postgres
 
User: Public
 
User: Thom
->Flash cache emptied: 506 bytes
 
Total Flash Files Cleaned = 0,00 mb
 
 
[EMPTYJAVA]
 
User: All Users
 
User: Default
 
User: Default User
 
User: postgres
 
User: Public
 
User: Thom
->Java cache emptied: 8196 bytes
 
Total Java Files Cleaned = 0,00 mb
 
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: postgres
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: Thom
->Temp folder emptied: 5998 bytes
->Temporary Internet Files folder emptied: 128 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 79382323 bytes
->Flash cache emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 11958 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 195 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 76,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 02272014_192421

Files\Folders moved on Reboot...
C:\Users\Thom\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 



#13 Mako

Mako

  • Malware Response Team
  • 238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:07:37 PM

Posted 28 February 2014 - 07:09 AM

Hello,
 
Looks fine by me. We can now take a look at the Blue Screen error if that's okay for you?

:step1:  ====Blue Screen View====
 
Download Blue Screen View and start it.
You will now see an overview of the latest errors and Minidumps (.dmp-files).
 
Select the first file of the list in Dump File and press Ctrl+A.
Click File - Save Selected Items and save it to your desktop.
Attach this file to your next reply for further review.
 
 
:step2: ====SFC Scannow====

Go to Start - All Programs - Accessories
Right-click the icon for the Command Prompt and choose Run As Administrator to open the Command Prompt.
Type sfc /scannow and hit Enter. (Pay attention to the space in front of the / )
All system files on your computer will now be checked and repaired if necessary. Please keep your Windows Installation Disk at hand since you might need it.
When finished you will see an overview of the scan results and a reference to a CBS log file, which we will handle later on.
 
If you receive the following message you don't have to do the following steps. Just let me know in your next reply:
"Windows Resource Protection did not find any integrity violations."
If you do not see this message, please continue...

Type findstr /c:"[SR]" %windir%\\Logs\\CBS\\CBS.log > "%userprofile%\\Desktop\\sfcdetails.txt" and hit Enter.
 
info.gifYou can copy the section above and paste it into the Command Prompt or type it yourself. If you choose to do so, please pay attention to the space in front of the / and %windir% and before and after the >.
 
You should now see a file called sfcdetails.txt on your desktop.
Paste the content of this file in your next post.

Edited by Mako, 28 February 2014 - 07:30 AM.
Added step 2

Regards,

Mako

 

Member of UNITE Unified Network of Instructors and Trained Eliminators

Noticed any spelling or grammar errors in my reply? Please feel free to point them out to me, I'm always eager to learn. 


#14 thomdejong

thomdejong
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:37 PM

Posted 28 February 2014 - 01:26 PM

Blue screen view:

 

Attached File  1.txt   208.42KB   1 downloads

 

 

SFC log:

 

2014-02-28 19:10:23, Info                  CSI    00000009 [SR] Verifying 100 (0x0000000000000064) components
2014-02-28 19:10:23, Info                  CSI    0000000a [SR] Beginning Verify and Repair transaction
2014-02-28 19:10:26, Info                  CSI    0000000c [SR] Verify complete
2014-02-28 19:10:26, Info                  CSI    0000000d [SR] Verifying 100 (0x0000000000000064) components
2014-02-28 19:10:26, Info                  CSI    0000000e [SR] Beginning Verify and Repair transaction
2014-02-28 19:10:28, Info                  CSI    00000010 [SR] Verify complete
2014-02-28 19:10:28, Info                  CSI    00000011 [SR] Verifying 100 (0x0000000000000064) components
2014-02-28 19:10:28, Info                  CSI    00000012 [SR] Beginning Verify and Repair transaction
2014-02-28 19:10:30, Info                  CSI    00000014 [SR] Verify complete
2014-02-28 19:10:31, Info                  CSI    00000015 [SR] Verifying 100 (0x0000000000000064) components
2014-02-28 19:10:31, Info                  CSI    00000016 [SR] Beginning Verify and Repair transaction
2014-02-28 19:10:32, Info                  CSI    00000018 [SR] Verify complete
2014-02-28 19:10:33, Info                  CSI    00000019 [SR] Verifying 100 (0x0000000000000064) components
2014-02-28 19:10:33, Info                  CSI    0000001a [SR] Beginning Verify and Repair transaction
2014-02-28 19:10:35, Info                  CSI    0000001c [SR] Verify complete
2014-02-28 19:10:35, Info                  CSI    0000001d [SR] Verifying 100 (0x0000000000000064) components
2014-02-28 19:10:35, Info                  CSI    0000001e [SR] Beginning Verify and Repair transaction
2014-02-28 19:10:39, Info                  CSI    00000020 [SR] Verify complete
2014-02-28 19:10:39, Info                  CSI    00000021 [SR] Verifying 100 (0x0000000000000064) components
2014-02-28 19:10:39, Info                  CSI    00000022 [SR] Beginning Verify and Repair transaction
2014-02-28 19:10:42, Info                  CSI    00000024 [SR] Verify complete
2014-02-28 19:10:43, Info                  CSI    00000025 [SR] Verifying 100 (0x0000000000000064) components
2014-02-28 19:10:43, Info                  CSI    00000026 [SR] Beginning Verify and Repair transaction
2014-02-28 19:10:45, Info                  CSI    00000028 [SR] Verify complete
2014-02-28 19:10:46, Info                  CSI    00000029 [SR] Verifying 100 (0x0000000000000064) components
2014-02-28 19:10:46, Info                  CSI    0000002a [SR] Beginning Verify and Repair transaction
2014-02-28 19:10:49, Info                  CSI    0000002c [SR] Verify complete
2014-02-28 19:10:49, Info                  CSI    0000002d [SR] Verifying 100 (0x0000000000000064) components
2014-02-28 19:10:49, Info                  CSI    0000002e [SR] Beginning Verify and Repair transaction
2014-02-28 19:10:52, Info                  CSI    00000030 [SR] Verify complete
2014-02-28 19:10:52, Info                  CSI    00000031 [SR] Verifying 100 (0x0000000000000064) components
2014-02-28 19:10:52, Info                  CSI    00000032 [SR] Beginning Verify and Repair transaction
2014-02-28 19:10:56, Info                  CSI    00000034 [SR] Verify complete
2014-02-28 19:10:56, Info                  CSI    00000035 [SR] Verifying 100 (0x0000000000000064) components
2014-02-28 19:10:56, Info                  CSI    00000036 [SR] Beginning Verify and Repair transaction
2014-02-28 19:10:58, Info                  CSI    00000038 [SR] Verify complete
2014-02-28 19:10:58, Info                  CSI    00000039 [SR] Verifying 100 (0x0000000000000064) components
2014-02-28 19:10:58, Info                  CSI    0000003a [SR] Beginning Verify and Repair transaction
2014-02-28 19:11:00, Info                  CSI    0000003c [SR] Verify complete
2014-02-28 19:11:00, Info                  CSI    0000003d [SR] Verifying 100 (0x0000000000000064) components
2014-02-28 19:11:00, Info                  CSI    0000003e [SR] Beginning Verify and Repair transaction
2014-02-28 19:11:06, Info                  CSI    00000041 [SR] Verify complete
2014-02-28 19:11:06, Info                  CSI    00000042 [SR] Verifying 100 (0x0000000000000064) components
2014-02-28 19:11:06, Info                  CSI    00000043 [SR] Beginning Verify and Repair transaction
2014-02-28 19:11:13, Info                  CSI    00000046 [SR] Verify complete
2014-02-28 19:11:13, Info                  CSI    00000047 [SR] Verifying 100 (0x0000000000000064) components
2014-02-28 19:11:13, Info                  CSI    00000048 [SR] Beginning Verify and Repair transaction
2014-02-28 19:11:17, Info                  CSI    0000004b [SR] Verify complete
2014-02-28 19:11:18, Info                  CSI    0000004c [SR] Verifying 100 (0x0000000000000064) components
2014-02-28 19:11:18, Info                  CSI    0000004d [SR] Beginning Verify and Repair transaction
2014-02-28 19:11:23, Info                  CSI    00000051 [SR] Verify complete
2014-02-28 19:11:23, Info                  CSI    00000052 [SR] Verifying 100 (0x0000000000000064) components
2014-02-28 19:11:23, Info                  CSI    00000053 [SR] Beginning Verify and Repair transaction
2014-02-28 19:11:29, Info                  CSI    00000055 [SR] Verify complete
2014-02-28 19:11:29, Info                  CSI    00000056 [SR] Verifying 100 (0x0000000000000064) components
2014-02-28 19:11:29, Info                  CSI    00000057 [SR] Beginning Verify and Repair transaction
2014-02-28 19:11:38, Info                  CSI    0000007c [SR] Verify complete
2014-02-28 19:11:39, Info                  CSI    0000007d [SR] Verifying 100 (0x0000000000000064) components
2014-02-28 19:11:39, Info                  CSI    0000007e [SR] Beginning Verify and Repair transaction
2014-02-28 19:11:44, Info                  CSI    00000080 [SR] Verify complete
2014-02-28 19:11:44, Info                  CSI    00000081 [SR] Verifying 100 (0x0000000000000064) components
2014-02-28 19:11:44, Info                  CSI    00000082 [SR] Beginning Verify and Repair transaction
2014-02-28 19:11:49, Info                  CSI    00000084 [SR] Verify complete
2014-02-28 19:11:49, Info                  CSI    00000085 [SR] Verifying 100 (0x0000000000000064) components
2014-02-28 19:11:49, Info                  CSI    00000086 [SR] Beginning Verify and Repair transaction
2014-02-28 19:11:54, Info                  CSI    00000088 [SR] Verify complete
2014-02-28 19:11:54, Info                  CSI    00000089 [SR] Verifying 100 (0x0000000000000064) components
2014-02-28 19:11:54, Info                  CSI    0000008a [SR] Beginning Verify and Repair transaction
2014-02-28 19:12:00, Info                  CSI    0000008c [SR] Verify complete
2014-02-28 19:12:00, Info                  CSI    0000008d [SR] Verifying 100 (0x0000000000000064) components
2014-02-28 19:12:00, Info                  CSI    0000008e [SR] Beginning Verify and Repair transaction
2014-02-28 19:12:05, Info                  CSI    00000090 [SR] Verify complete
2014-02-28 19:12:05, Info                  CSI    00000091 [SR] Verifying 100 (0x0000000000000064) components
2014-02-28 19:12:05, Info                  CSI    00000092 [SR] Beginning Verify and Repair transaction
2014-02-28 19:12:14, Info                  CSI    00000096 [SR] Verify complete
2014-02-28 19:12:15, Info                  CSI    00000097 [SR] Verifying 100 (0x0000000000000064) components
2014-02-28 19:12:15, Info                  CSI    00000098 [SR] Beginning Verify and Repair transaction
2014-02-28 19:12:24, Info                  CSI    000000b9 [SR] Verify complete
2014-02-28 19:12:24, Info                  CSI    000000ba [SR] Verifying 100 (0x0000000000000064) components
2014-02-28 19:12:24, Info                  CSI    000000bb [SR] Beginning Verify and Repair transaction
2014-02-28 19:12:37, Info                  CSI    000000bd [SR] Verify complete
2014-02-28 19:12:37, Info                  CSI    000000be [SR] Verifying 100 (0x0000000000000064) components
2014-02-28 19:12:37, Info                  CSI    000000bf [SR] Beginning Verify and Repair transaction
2014-02-28 19:12:50, Info                  CSI    000000c3 [SR] Verify complete
2014-02-28 19:12:50, Info                  CSI    000000c4 [SR] Verifying 100 (0x0000000000000064) components
2014-02-28 19:12:50, Info                  CSI    000000c5 [SR] Beginning Verify and Repair transaction
2014-02-28 19:12:54, Info                  CSI    000000c7 [SR] Verify complete
2014-02-28 19:12:54, Info                  CSI    000000c8 [SR] Verifying 100 (0x0000000000000064) components
2014-02-28 19:12:54, Info                  CSI    000000c9 [SR] Beginning Verify and Repair transaction
2014-02-28 19:12:56, Info                  CSI    000000cb [SR] Verify complete
2014-02-28 19:12:56, Info                  CSI    000000cc [SR] Verifying 100 (0x0000000000000064) components
2014-02-28 19:12:56, Info                  CSI    000000cd [SR] Beginning Verify and Repair transaction
2014-02-28 19:12:59, Info                  CSI    000000cf [SR] Verify complete
2014-02-28 19:12:59, Info                  CSI    000000d0 [SR] Verifying 100 (0x0000000000000064) components
2014-02-28 19:12:59, Info                  CSI    000000d1 [SR] Beginning Verify and Repair transaction
2014-02-28 19:13:09, Info                  CSI    000000e4 [SR] Verify complete
2014-02-28 19:13:10, Info                  CSI    000000e5 [SR] Verifying 100 (0x0000000000000064) components
2014-02-28 19:13:10, Info                  CSI    000000e6 [SR] Beginning Verify and Repair transaction
2014-02-28 19:13:12, Info                  CSI    000000e8 [SR] Verify complete
2014-02-28 19:13:12, Info                  CSI    000000e9 [SR] Verifying 100 (0x0000000000000064) components
2014-02-28 19:13:12, Info                  CSI    000000ea [SR] Beginning Verify and Repair transaction
2014-02-28 19:13:14, Info                  CSI    000000ec [SR] Verify complete
2014-02-28 19:13:14, Info                  CSI    000000ed [SR] Verifying 100 (0x0000000000000064) components
2014-02-28 19:13:14, Info                  CSI    000000ee [SR] Beginning Verify and Repair transaction
2014-02-28 19:13:18, Info                  CSI    000000f0 [SR] Verify complete
2014-02-28 19:13:18, Info                  CSI    000000f1 [SR] Verifying 100 (0x0000000000000064) components
2014-02-28 19:13:18, Info                  CSI    000000f2 [SR] Beginning Verify and Repair transaction
2014-02-28 19:13:23, Info                  CSI    000000f4 [SR] Verify complete
2014-02-28 19:13:24, Info                  CSI    000000f5 [SR] Verifying 100 (0x0000000000000064) components
2014-02-28 19:13:24, Info                  CSI    000000f6 [SR] Beginning Verify and Repair transaction
2014-02-28 19:13:33, Info                  CSI    000000f9 [SR] Verify complete
2014-02-28 19:13:33, Info                  CSI    000000fa [SR] Verifying 100 (0x0000000000000064) components
2014-02-28 19:13:33, Info                  CSI    000000fb [SR] Beginning Verify and Repair transaction
2014-02-28 19:13:41, Info                  CSI    000000fe [SR] Verify complete
2014-02-28 19:13:41, Info                  CSI    000000ff [SR] Verifying 100 (0x0000000000000064) components
2014-02-28 19:13:41, Info                  CSI    00000100 [SR] Beginning Verify and Repair transaction
2014-02-28 19:13:44, Info                  CSI    00000102 [SR] Verify complete
2014-02-28 19:13:44, Info                  CSI    00000103 [SR] Verifying 100 (0x0000000000000064) components
2014-02-28 19:13:44, Info                  CSI    00000104 [SR] Beginning Verify and Repair transaction
2014-02-28 19:13:47, Info                  CSI    00000106 [SR] Verify complete
2014-02-28 19:13:47, Info                  CSI    00000107 [SR] Verifying 100 (0x0000000000000064) components
2014-02-28 19:13:47, Info                  CSI    00000108 [SR] Beginning Verify and Repair transaction
2014-02-28 19:13:55, Info                  CSI    0000010a [SR] Verify complete
2014-02-28 19:13:56, Info                  CSI    0000010b [SR] Verifying 100 (0x0000000000000064) components
2014-02-28 19:13:56, Info                  CSI    0000010c [SR] Beginning Verify and Repair transaction
2014-02-28 19:14:00, Info                  CSI    0000010e [SR] Verify complete
2014-02-28 19:14:01, Info                  CSI    0000010f [SR] Verifying 100 (0x0000000000000064) components
2014-02-28 19:14:01, Info                  CSI    00000110 [SR] Beginning Verify and Repair transaction
2014-02-28 19:14:11, Info                  CSI    00000112 [SR] Verify complete
2014-02-28 19:14:11, Info                  CSI    00000113 [SR] Verifying 100 (0x0000000000000064) components
2014-02-28 19:14:11, Info                  CSI    00000114 [SR] Beginning Verify and Repair transaction
2014-02-28 19:14:19, Info                  CSI    0000012c [SR] Verify complete
2014-02-28 19:14:20, Info                  CSI    0000012d [SR] Verifying 100 (0x0000000000000064) components
2014-02-28 19:14:20, Info                  CSI    0000012e [SR] Beginning Verify and Repair transaction
2014-02-28 19:14:26, Info                  CSI    00000130 [SR] Verify complete
2014-02-28 19:14:27, Info                  CSI    00000131 [SR] Verifying 100 (0x0000000000000064) components
2014-02-28 19:14:27, Info                  CSI    00000132 [SR] Beginning Verify and Repair transaction
2014-02-28 19:14:45, Info                  CSI    00000134 [SR] Verify complete
2014-02-28 19:14:45, Info                  CSI    00000135 [SR] Verifying 100 (0x0000000000000064) components
2014-02-28 19:14:45, Info                  CSI    00000136 [SR] Beginning Verify and Repair transaction
2014-02-28 19:14:57, Info                  CSI    00000138 [SR] Verify complete
2014-02-28 19:14:58, Info                  CSI    00000139 [SR] Verifying 100 (0x0000000000000064) components
2014-02-28 19:14:58, Info                  CSI    0000013a [SR] Beginning Verify and Repair transaction
2014-02-28 19:15:05, Info                  CSI    0000013c [SR] Verify complete
2014-02-28 19:15:05, Info                  CSI    0000013d [SR] Verifying 100 (0x0000000000000064) components
2014-02-28 19:15:05, Info                  CSI    0000013e [SR] Beginning Verify and Repair transaction
2014-02-28 19:15:11, Info                  CSI    00000140 [SR] Verify complete
2014-02-28 19:15:11, Info                  CSI    00000141 [SR] Verifying 100 (0x0000000000000064) components
2014-02-28 19:15:11, Info                  CSI    00000142 [SR] Beginning Verify and Repair transaction
2014-02-28 19:15:17, Info                  CSI    00000144 [SR] Verify complete
2014-02-28 19:15:17, Info                  CSI    00000145 [SR] Verifying 100 (0x0000000000000064) components
2014-02-28 19:15:17, Info                  CSI    00000146 [SR] Beginning Verify and Repair transaction
2014-02-28 19:15:22, Info                  CSI    0000014a [SR] Verify complete
2014-02-28 19:15:23, Info                  CSI    0000014b [SR] Verifying 100 (0x0000000000000064) components
2014-02-28 19:15:23, Info                  CSI    0000014c [SR] Beginning Verify and Repair transaction
2014-02-28 19:15:28, Info                  CSI    0000014e [SR] Verify complete
2014-02-28 19:15:28, Info                  CSI    0000014f [SR] Verifying 100 (0x0000000000000064) components
2014-02-28 19:15:28, Info                  CSI    00000150 [SR] Beginning Verify and Repair transaction
2014-02-28 19:15:34, Info                  CSI    00000153 [SR] Verify complete
2014-02-28 19:15:35, Info                  CSI    00000154 [SR] Verifying 100 (0x0000000000000064) components
2014-02-28 19:15:35, Info                  CSI    00000155 [SR] Beginning Verify and Repair transaction
2014-02-28 19:15:40, Info                  CSI    00000157 [SR] Verify complete
2014-02-28 19:15:40, Info                  CSI    00000158 [SR] Verifying 100 (0x0000000000000064) components
2014-02-28 19:15:40, Info                  CSI    00000159 [SR] Beginning Verify and Repair transaction
2014-02-28 19:15:46, Info                  CSI    0000015c [SR] Verify complete
2014-02-28 19:15:47, Info                  CSI    0000015d [SR] Verifying 100 (0x0000000000000064) components
2014-02-28 19:15:47, Info                  CSI    0000015e [SR] Beginning Verify and Repair transaction
2014-02-28 19:15:57, Info                  CSI    00000161 [SR] Verify complete
2014-02-28 19:15:58, Info                  CSI    00000162 [SR] Verifying 100 (0x0000000000000064) components
2014-02-28 19:15:58, Info                  CSI    00000163 [SR] Beginning Verify and Repair transaction
2014-02-28 19:16:04, Info                  CSI    00000165 [SR] Verify complete
2014-02-28 19:16:04, Info                  CSI    00000166 [SR] Verifying 100 (0x0000000000000064) components
2014-02-28 19:16:04, Info                  CSI    00000167 [SR] Beginning Verify and Repair transaction
2014-02-28 19:16:09, Info                  CSI    00000169 [SR] Verify complete
2014-02-28 19:16:09, Info                  CSI    0000016a [SR] Verifying 100 (0x0000000000000064) components
2014-02-28 19:16:09, Info                  CSI    0000016b [SR] Beginning Verify and Repair transaction
2014-02-28 19:16:15, Info                  CSI    0000016e [SR] Verify complete
2014-02-28 19:16:15, Info                  CSI    0000016f [SR] Verifying 100 (0x0000000000000064) components
2014-02-28 19:16:15, Info                  CSI    00000170 [SR] Beginning Verify and Repair transaction
2014-02-28 19:16:22, Info                  CSI    00000172 [SR] Verify complete
2014-02-28 19:16:22, Info                  CSI    00000173 [SR] Verifying 100 (0x0000000000000064) components
2014-02-28 19:16:22, Info                  CSI    00000174 [SR] Beginning Verify and Repair transaction
2014-02-28 19:16:25, Info                  CSI    00000176 [SR] Verify complete
2014-02-28 19:16:26, Info                  CSI    00000177 [SR] Verifying 100 (0x0000000000000064) components
2014-02-28 19:16:26, Info                  CSI    00000178 [SR] Beginning Verify and Repair transaction
2014-02-28 19:16:32, Info                  CSI    0000017b [SR] Verify complete
2014-02-28 19:16:33, Info                  CSI    0000017c [SR] Verifying 100 (0x0000000000000064) components
2014-02-28 19:16:33, Info                  CSI    0000017d [SR] Beginning Verify and Repair transaction
2014-02-28 19:16:40, Info                  CSI    0000017f [SR] Verify complete
2014-02-28 19:16:40, Info                  CSI    00000180 [SR] Verifying 100 (0x0000000000000064) components
2014-02-28 19:16:40, Info                  CSI    00000181 [SR] Beginning Verify and Repair transaction
2014-02-28 19:16:47, Info                  CSI    00000185 [SR] Verify complete
2014-02-28 19:16:48, Info                  CSI    00000186 [SR] Verifying 100 (0x0000000000000064) components
2014-02-28 19:16:48, Info                  CSI    00000187 [SR] Beginning Verify and Repair transaction
2014-02-28 19:16:56, Info                  CSI    00000189 [SR] Verify complete
2014-02-28 19:16:56, Info                  CSI    0000018a [SR] Verifying 100 (0x0000000000000064) components
2014-02-28 19:16:56, Info                  CSI    0000018b [SR] Beginning Verify and Repair transaction
2014-02-28 19:17:03, Info                  CSI    0000018e [SR] Verify complete
2014-02-28 19:17:04, Info                  CSI    0000018f [SR] Verifying 100 (0x0000000000000064) components
2014-02-28 19:17:04, Info                  CSI    00000190 [SR] Beginning Verify and Repair transaction
2014-02-28 19:17:07, Info                  CSI    00000192 [SR] Verify complete
2014-02-28 19:17:08, Info                  CSI    00000193 [SR] Verifying 100 (0x0000000000000064) components
2014-02-28 19:17:08, Info                  CSI    00000194 [SR] Beginning Verify and Repair transaction
2014-02-28 19:17:10, Info                  CSI    00000196 [SR] Verify complete
2014-02-28 19:17:10, Info                  CSI    00000197 [SR] Verifying 100 (0x0000000000000064) components
2014-02-28 19:17:10, Info                  CSI    00000198 [SR] Beginning Verify and Repair transaction
2014-02-28 19:17:15, Info                  CSI    0000019a [SR] Verify complete
2014-02-28 19:17:16, Info                  CSI    0000019b [SR] Verifying 100 (0x0000000000000064) components
2014-02-28 19:17:16, Info                  CSI    0000019c [SR] Beginning Verify and Repair transaction
2014-02-28 19:17:20, Info                  CSI    0000019e [SR] Verify complete
2014-02-28 19:17:21, Info                  CSI    0000019f [SR] Verifying 100 (0x0000000000000064) components
2014-02-28 19:17:21, Info                  CSI    000001a0 [SR] Beginning Verify and Repair transaction
2014-02-28 19:17:27, Info                  CSI    000001a2 [SR] Verify complete
2014-02-28 19:17:28, Info                  CSI    000001a3 [SR] Verifying 100 (0x0000000000000064) components
2014-02-28 19:17:28, Info                  CSI    000001a4 [SR] Beginning Verify and Repair transaction
2014-02-28 19:17:31, Info                  CSI    000001a6 [SR] Verify complete
2014-02-28 19:17:31, Info                  CSI    000001a7 [SR] Verifying 100 (0x0000000000000064) components
2014-02-28 19:17:31, Info                  CSI    000001a8 [SR] Beginning Verify and Repair transaction
2014-02-28 19:17:37, Info                  CSI    000001aa [SR] Verify complete
2014-02-28 19:17:37, Info                  CSI    000001ab [SR] Verifying 100 (0x0000000000000064) components
2014-02-28 19:17:37, Info                  CSI    000001ac [SR] Beginning Verify and Repair transaction
2014-02-28 19:17:52, Info                  CSI    000001ae [SR] Verify complete
2014-02-28 19:17:52, Info                  CSI    000001af [SR] Verifying 100 (0x0000000000000064) components
2014-02-28 19:17:52, Info                  CSI    000001b0 [SR] Beginning Verify and Repair transaction
2014-02-28 19:18:08, Info                  CSI    000001b2 [SR] Verify complete
2014-02-28 19:18:08, Info                  CSI    000001b3 [SR] Verifying 100 (0x0000000000000064) components
2014-02-28 19:18:08, Info                  CSI    000001b4 [SR] Beginning Verify and Repair transaction
2014-02-28 19:18:15, Info                  CSI    000001b6 [SR] Verify complete
2014-02-28 19:18:15, Info                  CSI    000001b7 [SR] Verifying 100 (0x0000000000000064) components
2014-02-28 19:18:15, Info                  CSI    000001b8 [SR] Beginning Verify and Repair transaction
2014-02-28 19:18:19, Info                  CSI    000001ba [SR] Verify complete
2014-02-28 19:18:20, Info                  CSI    000001bb [SR] Verifying 100 (0x0000000000000064) components
2014-02-28 19:18:20, Info                  CSI    000001bc [SR] Beginning Verify and Repair transaction
2014-02-28 19:18:24, Info                  CSI    000001be [SR] Verify complete
2014-02-28 19:18:24, Info                  CSI    000001bf [SR] Verifying 100 (0x0000000000000064) components
2014-02-28 19:18:24, Info                  CSI    000001c0 [SR] Beginning Verify and Repair transaction
2014-02-28 19:18:27, Info                  CSI    000001c2 [SR] Verify complete
2014-02-28 19:18:28, Info                  CSI    000001c3 [SR] Verifying 100 (0x0000000000000064) components
2014-02-28 19:18:28, Info                  CSI    000001c4 [SR] Beginning Verify and Repair transaction
2014-02-28 19:18:33, Info                  CSI    000001c6 [SR] Verify complete
2014-02-28 19:18:33, Info                  CSI    000001c7 [SR] Verifying 100 (0x0000000000000064) components
2014-02-28 19:18:33, Info                  CSI    000001c8 [SR] Beginning Verify and Repair transaction
2014-02-28 19:18:35, Info                  CSI    000001ca [SR] Verify complete
2014-02-28 19:18:35, Info                  CSI    000001cb [SR] Verifying 100 (0x0000000000000064) components
2014-02-28 19:18:35, Info                  CSI    000001cc [SR] Beginning Verify and Repair transaction
2014-02-28 19:18:36, Info                  CSI    000001ce [SR] Verify complete
2014-02-28 19:18:37, Info                  CSI    000001cf [SR] Verifying 100 (0x0000000000000064) components
2014-02-28 19:18:37, Info                  CSI    000001d0 [SR] Beginning Verify and Repair transaction
2014-02-28 19:18:43, Info                  CSI    000001d8 [SR] Verify complete
2014-02-28 19:18:43, Info                  CSI    000001d9 [SR] Verifying 100 (0x0000000000000064) components
2014-02-28 19:18:43, Info                  CSI    000001da [SR] Beginning Verify and Repair transaction
2014-02-28 19:18:48, Info                  CSI    000001dc [SR] Verify complete
2014-02-28 19:18:48, Info                  CSI    000001dd [SR] Verifying 100 (0x0000000000000064) components
2014-02-28 19:18:48, Info                  CSI    000001de [SR] Beginning Verify and Repair transaction
2014-02-28 19:18:52, Info                  CSI    000001e0 [SR] Verify complete
2014-02-28 19:18:52, Info                  CSI    000001e1 [SR] Verifying 100 (0x0000000000000064) components
2014-02-28 19:18:52, Info                  CSI    000001e2 [SR] Beginning Verify and Repair transaction
2014-02-28 19:18:58, Info                  CSI    000001e4 [SR] Verify complete
2014-02-28 19:18:58, Info                  CSI    000001e5 [SR] Verifying 100 (0x0000000000000064) components
2014-02-28 19:18:58, Info                  CSI    000001e6 [SR] Beginning Verify and Repair transaction
2014-02-28 19:19:05, Info                  CSI    000001e8 [SR] Verify complete
2014-02-28 19:19:05, Info                  CSI    000001e9 [SR] Verifying 100 (0x0000000000000064) components
2014-02-28 19:19:05, Info                  CSI    000001ea [SR] Beginning Verify and Repair transaction
2014-02-28 19:19:13, Info                  CSI    000001ed [SR] Verify complete
2014-02-28 19:19:13, Info                  CSI    000001ee [SR] Verifying 100 (0x0000000000000064) components
2014-02-28 19:19:13, Info                  CSI    000001ef [SR] Beginning Verify and Repair transaction
2014-02-28 19:19:15, Info                  CSI    000001f1 [SR] Verify complete
2014-02-28 19:19:16, Info                  CSI    000001f2 [SR] Verifying 100 (0x0000000000000064) components
2014-02-28 19:19:16, Info                  CSI    000001f3 [SR] Beginning Verify and Repair transaction
2014-02-28 19:19:19, Info                  CSI    000001f5 [SR] Verify complete
2014-02-28 19:19:19, Info                  CSI    000001f6 [SR] Verifying 100 (0x0000000000000064) components
2014-02-28 19:19:19, Info                  CSI    000001f7 [SR] Beginning Verify and Repair transaction
2014-02-28 19:19:30, Info                  CSI    000001f8 [SR] Repairing corrupted file [ml:520{260},l:88{44}]"\??\C:\Program Files (x86)\Internet Explorer"\[l:34{17}]"ie9props.propdesc" from store
2014-02-28 19:19:32, Info                  CSI    000001fd [SR] Verify complete
2014-02-28 19:19:32, Info                  CSI    000001fe [SR] Verifying 100 (0x0000000000000064) components
2014-02-28 19:19:32, Info                  CSI    000001ff [SR] Beginning Verify and Repair transaction
2014-02-28 19:19:44, Info                  CSI    00000204 [SR] Verify complete
2014-02-28 19:19:44, Info                  CSI    00000205 [SR] Verifying 100 (0x0000000000000064) components
2014-02-28 19:19:44, Info                  CSI    00000206 [SR] Beginning Verify and Repair transaction
2014-02-28 19:19:52, Info                  CSI    00000208 [SR] Verify complete
2014-02-28 19:19:52, Info                  CSI    00000209 [SR] Verifying 100 (0x0000000000000064) components
2014-02-28 19:19:52, Info                  CSI    0000020a [SR] Beginning Verify and Repair transaction
2014-02-28 19:19:59, Info                  CSI    00000216 [SR] Verify complete
2014-02-28 19:20:00, Info                  CSI    00000217 [SR] Verifying 100 (0x0000000000000064) components
2014-02-28 19:20:00, Info                  CSI    00000218 [SR] Beginning Verify and Repair transaction
2014-02-28 19:20:07, Info                  CSI    0000021e [SR] Verify complete
2014-02-28 19:20:07, Info                  CSI    0000021f [SR] Verifying 100 (0x0000000000000064) components
2014-02-28 19:20:07, Info                  CSI    00000220 [SR] Beginning Verify and Repair transaction
2014-02-28 19:20:13, Info                  CSI    00000222 [SR] Verify complete
2014-02-28 19:20:13, Info                  CSI    00000223 [SR] Verifying 100 (0x0000000000000064) components
2014-02-28 19:20:13, Info                  CSI    00000224 [SR] Beginning Verify and Repair transaction
2014-02-28 19:20:17, Info                  CSI    00000228 [SR] Verify complete
2014-02-28 19:20:18, Info                  CSI    00000229 [SR] Verifying 100 (0x0000000000000064) components
2014-02-28 19:20:18, Info                  CSI    0000022a [SR] Beginning Verify and Repair transaction
2014-02-28 19:20:22, Info                  CSI    0000022c [SR] Verify complete
2014-02-28 19:20:23, Info                  CSI    0000022d [SR] Verifying 100 (0x0000000000000064) components
2014-02-28 19:20:23, Info                  CSI    0000022e [SR] Beginning Verify and Repair transaction
2014-02-28 19:20:31, Info                  CSI    00000253 [SR] Verify complete
2014-02-28 19:20:31, Info                  CSI    00000254 [SR] Verifying 100 (0x0000000000000064) components
2014-02-28 19:20:31, Info                  CSI    00000255 [SR] Beginning Verify and Repair transaction
2014-02-28 19:20:36, Info                  CSI    00000257 [SR] Verify complete
2014-02-28 19:20:36, Info                  CSI    00000258 [SR] Verifying 100 (0x0000000000000064) components
2014-02-28 19:20:36, Info                  CSI    00000259 [SR] Beginning Verify and Repair transaction
2014-02-28 19:20:40, Info                  CSI    0000025b [SR] Verify complete
2014-02-28 19:20:41, Info                  CSI    0000025c [SR] Verifying 100 (0x0000000000000064) components
2014-02-28 19:20:41, Info                  CSI    0000025d [SR] Beginning Verify and Repair transaction
2014-02-28 19:20:46, Info                  CSI    0000025f [SR] Verify complete
2014-02-28 19:20:46, Info                  CSI    00000260 [SR] Verifying 100 (0x0000000000000064) components
2014-02-28 19:20:46, Info                  CSI    00000261 [SR] Beginning Verify and Repair transaction
2014-02-28 19:20:51, Info                  CSI    0000026f [SR] Verify complete
2014-02-28 19:20:51, Info                  CSI    00000270 [SR] Verifying 100 (0x0000000000000064) components
2014-02-28 19:20:51, Info                  CSI    00000271 [SR] Beginning Verify and Repair transaction
2014-02-28 19:21:02, Info                  CSI    00000273 [SR] Verify complete
2014-02-28 19:21:03, Info                  CSI    00000274 [SR] Verifying 100 (0x0000000000000064) components
2014-02-28 19:21:03, Info                  CSI    00000275 [SR] Beginning Verify and Repair transaction
2014-02-28 19:21:10, Info                  CSI    00000283 [SR] Verify complete
2014-02-28 19:21:11, Info                  CSI    00000284 [SR] Verifying 100 (0x0000000000000064) components
2014-02-28 19:21:11, Info                  CSI    00000285 [SR] Beginning Verify and Repair transaction
2014-02-28 19:21:13, Info                  CSI    00000287 [SR] Verify complete
2014-02-28 19:21:13, Info                  CSI    00000288 [SR] Verifying 100 (0x0000000000000064) components
2014-02-28 19:21:13, Info                  CSI    00000289 [SR] Beginning Verify and Repair transaction
2014-02-28 19:21:19, Info                  CSI    0000028b [SR] Verify complete
2014-02-28 19:21:19, Info                  CSI    0000028c [SR] Verifying 100 (0x0000000000000064) components
2014-02-28 19:21:19, Info                  CSI    0000028d [SR] Beginning Verify and Repair transaction
2014-02-28 19:21:24, Info                  CSI    00000290 [SR] Verify complete
2014-02-28 19:21:25, Info                  CSI    00000291 [SR] Verifying 100 (0x0000000000000064) components
2014-02-28 19:21:25, Info                  CSI    00000292 [SR] Beginning Verify and Repair transaction
2014-02-28 19:21:26, Info                  CSI    00000294 [SR] Verify complete
2014-02-28 19:21:27, Info                  CSI    00000295 [SR] Verifying 100 (0x0000000000000064) components
2014-02-28 19:21:27, Info                  CSI    00000296 [SR] Beginning Verify and Repair transaction
2014-02-28 19:21:32, Info                  CSI    00000298 [SR] Verify complete
2014-02-28 19:21:33, Info                  CSI    00000299 [SR] Verifying 100 (0x0000000000000064) components
2014-02-28 19:21:33, Info                  CSI    0000029a [SR] Beginning Verify and Repair transaction
2014-02-28 19:21:38, Info                  CSI    0000029c [SR] Verify complete
2014-02-28 19:21:38, Info                  CSI    0000029d [SR] Verifying 100 (0x0000000000000064) components
2014-02-28 19:21:38, Info                  CSI    0000029e [SR] Beginning Verify and Repair transaction
2014-02-28 19:21:44, Info                  CSI    000002a2 [SR] Verify complete
2014-02-28 19:21:45, Info                  CSI    000002a3 [SR] Verifying 100 (0x0000000000000064) components
2014-02-28 19:21:45, Info                  CSI    000002a4 [SR] Beginning Verify and Repair transaction
2014-02-28 19:21:52, Info                  CSI    000002bc [SR] Verify complete
2014-02-28 19:21:52, Info                  CSI    000002bd [SR] Verifying 100 (0x0000000000000064) components
2014-02-28 19:21:52, Info                  CSI    000002be [SR] Beginning Verify and Repair transaction
2014-02-28 19:22:07, Info                  CSI    000002c0 [SR] Verify complete
2014-02-28 19:22:07, Info                  CSI    000002c1 [SR] Verifying 100 (0x0000000000000064) components
2014-02-28 19:22:07, Info                  CSI    000002c2 [SR] Beginning Verify and Repair transaction
2014-02-28 19:22:11, Info                  CSI    000002c4 [SR] Verify complete
2014-02-28 19:22:11, Info                  CSI    000002c5 [SR] Verifying 100 (0x0000000000000064) components
2014-02-28 19:22:11, Info                  CSI    000002c6 [SR] Beginning Verify and Repair transaction
2014-02-28 19:22:15, Info                  CSI    000002c8 [SR] Verify complete
2014-02-28 19:22:16, Info                  CSI    000002c9 [SR] Verifying 100 (0x0000000000000064) components
2014-02-28 19:22:16, Info                  CSI    000002ca [SR] Beginning Verify and Repair transaction
2014-02-28 19:22:19, Info                  CSI    000002ce [SR] Verify complete
2014-02-28 19:22:20, Info                  CSI    000002cf [SR] Verifying 100 (0x0000000000000064) components
2014-02-28 19:22:20, Info                  CSI    000002d0 [SR] Beginning Verify and Repair transaction
2014-02-28 19:22:24, Info                  CSI    000002d2 [SR] Verify complete
2014-02-28 19:22:24, Info                  CSI    000002d3 [SR] Verifying 100 (0x0000000000000064) components
2014-02-28 19:22:24, Info                  CSI    000002d4 [SR] Beginning Verify and Repair transaction
2014-02-28 19:22:29, Info                  CSI    000002d6 [SR] Verify complete
2014-02-28 19:22:29, Info                  CSI    000002d7 [SR] Verifying 100 (0x0000000000000064) components
2014-02-28 19:22:29, Info                  CSI    000002d8 [SR] Beginning Verify and Repair transaction
2014-02-28 19:22:33, Info                  CSI    000002da [SR] Verify complete
2014-02-28 19:22:34, Info                  CSI    000002db [SR] Verifying 100 (0x0000000000000064) components
2014-02-28 19:22:34, Info                  CSI    000002dc [SR] Beginning Verify and Repair transaction
2014-02-28 19:22:38, Info                  CSI    000002df [SR] Verify complete
2014-02-28 19:22:39, Info                  CSI    000002e0 [SR] Verifying 100 (0x0000000000000064) components
2014-02-28 19:22:39, Info                  CSI    000002e1 [SR] Beginning Verify and Repair transaction
2014-02-28 19:22:42, Info                  CSI    000002e3 [SR] Verify complete
2014-02-28 19:22:43, Info                  CSI    000002e4 [SR] Verifying 100 (0x0000000000000064) components
2014-02-28 19:22:43, Info                  CSI    000002e5 [SR] Beginning Verify and Repair transaction
2014-02-28 19:22:48, Info                  CSI    000002e7 [SR] Verify complete
2014-02-28 19:22:49, Info                  CSI    000002e8 [SR] Verifying 100 (0x0000000000000064) components
2014-02-28 19:22:49, Info                  CSI    000002e9 [SR] Beginning Verify and Repair transaction
2014-02-28 19:22:55, Info                  CSI    000002eb [SR] Verify complete
2014-02-28 19:22:55, Info                  CSI    000002ec [SR] Verifying 100 (0x0000000000000064) components
2014-02-28 19:22:55, Info                  CSI    000002ed [SR] Beginning Verify and Repair transaction
2014-02-28 19:22:58, Info                  CSI    000002f0 [SR] Verify complete
2014-02-28 19:22:58, Info                  CSI    000002f1 [SR] Verifying 100 (0x0000000000000064) components
2014-02-28 19:22:58, Info                  CSI    000002f2 [SR] Beginning Verify and Repair transaction
2014-02-28 19:23:03, Info                  CSI    000002f4 [SR] Verify complete
2014-02-28 19:23:04, Info                  CSI    000002f5 [SR] Verifying 100 (0x0000000000000064) components
2014-02-28 19:23:04, Info                  CSI    000002f6 [SR] Beginning Verify and Repair transaction
2014-02-28 19:23:08, Info                  CSI    000002f8 [SR] Verify complete
2014-02-28 19:23:08, Info                  CSI    000002f9 [SR] Verifying 100 (0x0000000000000064) components
2014-02-28 19:23:08, Info                  CSI    000002fa [SR] Beginning Verify and Repair transaction
2014-02-28 19:23:13, Info                  CSI    000002fc [SR] Verify complete
2014-02-28 19:23:13, Info                  CSI    000002fd [SR] Verifying 47 (0x000000000000002f) components
2014-02-28 19:23:13, Info                  CSI    000002fe [SR] Beginning Verify and Repair transaction
2014-02-28 19:23:15, Info                  CSI    00000300 [SR] Verify complete
2014-02-28 19:23:15, Info                  CSI    00000301 [SR] Repairing 1 components
2014-02-28 19:23:15, Info                  CSI    00000302 [SR] Beginning Verify and Repair transaction
2014-02-28 19:23:15, Info                  CSI    00000303 [SR] Repairing corrupted file [ml:520{260},l:88{44}]"\??\C:\Program Files (x86)\Internet Explorer"\[l:34{17}]"ie9props.propdesc" from store
2014-02-28 19:23:16, Info                  CSI    00000305 [SR] Repair complete
2014-02-28 19:23:16, Info                  CSI    00000306 [SR] Committing transaction
2014-02-28 19:23:16, Info                  CSI    0000030a [SR] Verify and Repair Transaction completed. All files and registry keys listed in this transaction  have been successfully repaired
 



#15 Mako

Mako

  • Malware Response Team
  • 238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:07:37 PM

Posted 28 February 2014 - 04:05 PM

Hello,

The only Blue screen found in 2014 is related to Zemana AntiLogger Free. If you haven't experienced any other troubles with this program, I wouldn't worry too much about it. Should you find yourself having other Blue Screens in the next few days / weeks, please don't hesitate to tell so we can take a closer look. As for now I don't think we should worry about them. It doesn't seem like the error was related to the malware issue you were experiencing.

How is the computer behaving right now? Is everything fine or are there still some security items we can work on in your opinion?


Regards,

Mako

 

Member of UNITE Unified Network of Instructors and Trained Eliminators

Noticed any spelling or grammar errors in my reply? Please feel free to point them out to me, I'm always eager to learn. 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users