Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

trojan.bitcoinminer \ Windows\temp\svghost PROBLEM


  • This topic is locked This topic is locked
9 replies to this topic

#1 vainn

vainn

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:21 PM

Posted 25 March 2014 - 02:55 PM

Hey guys.

Like the titel says.

Everytime i start up my pc the file is there. Everytime i deleted it it comes back:(

Please help me



BC AdBot (Login to Remove)

 


#2 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:21 PM

Posted 28 March 2014 - 04:55 PM

Hi there,

please run a FRST scan:


Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.


#3 vainn

vainn
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:21 PM

Posted 29 March 2014 - 11:44 AM

hey .
 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Va1nn (administrator) on DENNIS on 29-03-2014 17:41:41
Running from C:\Users\Va1nn\Downloads
Windows 8.1 Pro (X64) OS Language: Dutch Standard
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(AMD) C:\Windows\system32\atiesrxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
() C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Hercules®) C:\Program Files\Hercules\Audio\DJ Console Series\drivers\amd64\HerculesDJControlMP3.EXE
(Microsoft Corporation) C:\Windows\system32\dashost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(StarWind Software) C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Electronic Arts) C:\Program Files (x86)\Origin\Origin.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDPop3.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr_im.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr\raptr_ep64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [Launch LCore] - C:\Program Files\Logitech Gaming Software\LCore.exe [8290584 2013-08-01] (Logitech Inc.)
HKLM\...\Run: [Hercules DJ Series TrayAgent] - C:\Program Files\Guillemot\HDJTray\HDJSeries2TrayBar.exe [3572048 2013-05-10] (Hercules®)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-02-23] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4971024 2014-03-19] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-289169897-1255528339-1447242423-1001\...\Run: [EADM] - C:\Program Files (x86)\Origin\Origin.exe [3588952 2014-03-07] (Electronic Arts)
HKU\S-1-5-21-289169897-1255528339-1447242423-1001\...\Run: [Raptr] - C:\Program Files (x86)\Raptr\raptrstub.exe [55360 2014-02-18] (Raptr, Inc)
HKU\S-1-5-21-289169897-1255528339-1447242423-1001\...\Run: [AlcoholAutomount] - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team)
HKU\S-1-5-21-289169897-1255528339-1447242423-1001\...\Run: [HydraVisionDesktopManager] - C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [389120 2014-01-31] (AMD)
HKU\S-1-5-21-289169897-1255528339-1447242423-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [EADM] - C:\Program Files (x86)\Origin\Origin.exe [3588952 2014-03-07] (Electronic Arts)
HKU\S-1-5-21-289169897-1255528339-1447242423-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Raptr] - C:\Program Files (x86)\Raptr\raptrstub.exe [55360 2014-02-18] (Raptr, Inc)
HKU\S-1-5-21-289169897-1255528339-1447242423-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [AlcoholAutomount] - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team)
HKU\S-1-5-21-289169897-1255528339-1447242423-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [HydraVisionDesktopManager] - C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [389120 2014-01-31] (AMD)
AppInit_DLLs: C:\PROGRA~2\GSSUPP~1\ASSIST~2.DLL => C:\Program Files (x86)\GS Supporter\Assistant_x64.dll [4210176 2014-03-17] ()
AppInit_DLLs-x32: c:\progra~2\gssupp~1\assist~1.dll => "c:\progra~2\gssupp~1\assist~1.dll" File Not Found
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.nl.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x7C28C5F585EFCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = nl-NL
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO-x32: BitComet Helper - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.254
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com
CHR Extension: (BiitSavEr) - C:\Users\Va1nn\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpnbfifnfbephmfonnpijhdjkehnfppm [2014-03-24]
CHR Extension: (Safeweebo) - C:\Users\Va1nn\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdajbmkcpbpmebcfdkebheakehghokjj [2014-03-17]
CHR Extension: (Google Wallet) - C:\Users\Va1nn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-22]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Services (Whitelisted) =================
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-02-23] (Advanced Micro Devices, Inc.)
R2 AODService; C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [137584 2014-01-08] ()
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3782672 2014-02-23] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
S2 AxAutoMntSrv; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team)
S3 BITCOMET_HELPER_SERVICE; C:\Program Files\BitComet\tools\BitCometService.exe [1296728 2010-12-28] (www.BitComet.com)
R2 HerculesDJControlMP3; C:\Program Files\Hercules\Audio\DJ Console Series\drivers\amd64\HerculesDJControlMP3.EXE [47104 2013-05-21] (Hercules®)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-03-05] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-03-05] (Malwarebytes Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-12-18] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2013-10-31] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2013-10-31] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-11-04] (Advanced Micro Devices)
R2 AODDriver4.3.0; C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [59624 2014-01-08] (Advanced Micro Devices)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2013-12-19] (Advanced Micro Devices)
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [150808 2013-11-25] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [243480 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [196376 2013-11-25] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-10-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [252728 2013-10-21] (AVG Technologies CZ, s.r.o.)
U3 axscsidrv; C:\Windows\System32\Drivers\axscsidrv.sys [293888 2014-01-27] (Alcohol Soft Development Team)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows ® Win 7 DDK provider)
S3 Bulk; C:\Windows\System32\Drivers\HDJBulk.sys [258352 2013-05-21] (© Guillemot R&D, 2013. All rights reserved.)
S3 HDJAsioK; C:\Windows\System32\Drivers\HDJAsioK.sys [320816 2013-05-21] (© Guillemot R&D, 2013. All rights reserved.)
S3 HDJMidi; C:\Windows\system32\DRIVERS\HDJMidi.sys [274736 2013-05-21] (© Guillemot R&D, 2013. All rights reserved.)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation)
S3 kbldfltr; C:\Windows\System32\drivers\kbldfltr.sys [22272 2013-09-30] (Microsoft Corporation)
R3 LGSHidFilt; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-03-05] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-03-29] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-03-05] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\system32\DRIVERS\ASACPI.sys [17280 2013-05-17] ()
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
S3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [1975000 2013-07-31] (Realtek Semiconductor Corporation                           )
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2014-01-26] (Duplex Secure Ltd.)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124760 2013-10-31] (Microsoft Corporation)
S3 WUDFWpdComp; C:\Windows\system32\DRIVERS\WUDFRd.sys [230912 2013-08-22] (Microsoft Corporation)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2013-08-22] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-03-29 17:41 - 2014-03-29 17:41 - 02157056 _____ (Farbar) C:\Users\Va1nn\Downloads\FRST64.exe
2014-03-29 17:41 - 2014-03-29 17:41 - 00014080 _____ () C:\Users\Va1nn\Downloads\FRST.txt
2014-03-29 17:41 - 2014-03-29 17:41 - 00000000 ____D () C:\FRST
2014-03-25 20:46 - 2014-03-25 20:46 - 00000742 _____ () C:\Users\Va1nn\Desktop\JRT.txt
2014-03-25 20:42 - 2014-03-25 20:42 - 00000000 ____D () C:\Windows\ERUNT
2014-03-25 20:40 - 2014-03-25 20:40 - 01038974 _____ (Thisisu) C:\Users\Va1nn\Downloads\JRT.exe
2014-03-25 20:27 - 2014-03-25 20:27 - 00714207 _____ () C:\Users\Va1nn\Downloads\pbsetup (1).zip
2014-03-25 20:27 - 2013-11-04 17:38 - 00820736 _____ () C:\Users\Va1nn\Desktop\pbsetup.exe
2014-03-25 20:22 - 2014-03-25 20:22 - 00714207 _____ () C:\Users\Va1nn\Downloads\pbsetup.zip
2014-03-25 20:16 - 2014-03-25 20:16 - 03822704 _____ () C:\Users\Va1nn\Downloads\battlelog-web-plugins_2.3.2_133.exe
2014-03-25 20:06 - 2014-03-25 20:06 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2014-03-25 20:00 - 2014-03-25 20:00 - 00002376 _____ () C:\Windows\system32\.crusader
2014-03-25 19:56 - 2014-03-25 20:00 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-03-25 19:54 - 2014-03-25 19:55 - 10820032 _____ (SurfRight B.V.) C:\Users\Va1nn\Downloads\HitmanPro_x64.exe
2014-03-25 19:34 - 2014-03-29 17:35 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-25 19:33 - 2014-03-25 19:33 - 00001114 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-25 19:33 - 2014-03-25 19:33 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-25 19:33 - 2014-03-25 19:33 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-03-25 19:33 - 2014-03-05 09:26 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-25 19:33 - 2014-03-05 09:26 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-03-25 19:33 - 2014-03-05 09:26 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-25 19:32 - 2014-03-25 19:33 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Va1nn\Downloads\mb3-setup-1878.1878-3.5.1.2522.exe
2014-03-25 19:18 - 2014-03-25 19:19 - 00000000 ____D () C:\AdwCleaner
2014-03-25 18:39 - 2014-03-25 18:39 - 01950720 _____ () C:\Users\Va1nn\Downloads\adwcleaner (1).exe
2014-03-25 18:35 - 2014-03-25 18:36 - 05192353 _____ (Swearware) C:\Users\Va1nn\Downloads\ComboFix.exe
2014-03-25 16:49 - 2014-03-29 15:06 - 00208109 _____ () C:\Windows\WindowsUpdate.log
2014-03-25 16:46 - 2014-03-25 16:47 - 00000000 ____D () C:\ProgramData\AVG2014
2014-03-25 16:46 - 2014-03-25 16:46 - 00000991 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-03-25 16:46 - 2014-03-25 16:46 - 00000000 ___HD () C:\$AVG
2014-03-25 16:46 - 2014-03-25 16:46 - 00000000 ____D () C:\Users\Va1nn\AppData\Roaming\TuneUp Software
2014-03-25 16:46 - 2014-03-25 16:46 - 00000000 ____D () C:\Users\Va1nn\AppData\Roaming\AVG2014
2014-03-25 16:46 - 2014-03-25 16:46 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-03-25 16:44 - 2014-03-29 17:15 - 00000000 ____D () C:\ProgramData\MFAData
2014-03-25 16:44 - 2014-03-25 16:48 - 00000000 ____D () C:\Users\Va1nn\AppData\Local\Avg2014
2014-03-25 16:44 - 2014-03-25 16:44 - 04471880 _____ (AVG Technologies) C:\Users\Va1nn\Downloads\avg_free_stb_all_2014_4354_cnet.exe
2014-03-25 16:44 - 2014-03-25 16:44 - 00000000 ____D () C:\Users\Va1nn\AppData\Local\MFAData
2014-03-24 20:34 - 2014-03-24 20:34 - 00036851 _____ () C:\Users\Va1nn\Downloads\[kickass.to]the.walking.dead.s04e15.hdtv.x264.2hd.ettv.torrent
2014-03-20 18:44 - 2014-03-20 18:50 - 00000000 ____D () C:\Users\Va1nn\AppData\Roaming\Belastingdienst
2014-03-20 18:44 - 2014-03-20 18:44 - 00000000 ____D () C:\Users\Va1nn\Documents\Belastingdienst
2014-03-20 18:43 - 2014-03-20 18:43 - 02836400 _____ (Belastingdienst) C:\Users\Va1nn\Downloads\ib2013_win_setup.exe
2014-03-20 18:43 - 2014-03-20 18:43 - 00001427 _____ () C:\Users\Public\Desktop\Aangifte inkomstenbelasting 2013.lnk
2014-03-20 18:43 - 2014-03-20 18:43 - 00000000 ____D () C:\Program Files (x86)\Belastingdienst
2014-03-20 15:41 - 2014-03-20 15:41 - 00028824 _____ () C:\Users\Va1nn\Downloads\captain-america-the-first-avenger_dutch-491747.zip
2014-03-20 15:22 - 2014-03-20 15:22 - 00016377 _____ () C:\Users\Va1nn\Downloads\Captain_America_-_The_First_Avenger_(2011).torrent
2014-03-20 15:20 - 2014-03-20 15:20 - 00020347 _____ () C:\Users\Va1nn\Downloads\[kickass.to]the.blacklist.s01e16.hdtv.x264.lol.ettv.torrent
2014-03-19 15:46 - 2014-03-19 15:46 - 03821624 _____ () C:\Users\Va1nn\Downloads\battlelog-web-plugins_2.3.2_131 (1).exe
2014-03-19 13:11 - 2014-03-19 13:11 - 00019403 _____ () C:\Users\Va1nn\Downloads\the.blacklist.the.judge.(2014).dut.1cd.(5576370).zip
2014-03-19 11:53 - 2014-03-19 11:53 - 00019731 _____ () C:\Users\Va1nn\Downloads\the.blacklist.madeline.pratt.(2014).dut.1cd.(5567255).zip
2014-03-18 16:26 - 2014-01-08 02:46 - 00325464 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\USBXHCI.SYS
2014-03-18 16:26 - 2014-01-08 02:41 - 01530712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-03-18 16:26 - 2014-01-08 02:41 - 00382808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2014-03-18 16:26 - 2014-01-04 16:54 - 00138240 _____ () C:\Windows\system32\OEMLicense.dll
2014-03-18 16:26 - 2014-01-04 16:08 - 00103936 _____ () C:\Windows\SysWOW64\OEMLicense.dll
2014-03-18 16:26 - 2014-01-04 15:08 - 00206336 _____ (Microsoft Corporation) C:\Windows\system32\WSClient.dll
2014-03-18 16:26 - 2014-01-04 14:53 - 00174592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSClient.dll
2014-03-18 16:26 - 2014-01-03 00:54 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2014-03-18 16:26 - 2014-01-03 00:48 - 00336896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2014-03-18 16:26 - 2014-01-01 02:55 - 01720560 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-03-18 16:26 - 2014-01-01 02:52 - 00481944 _____ (Microsoft Corporation) C:\Windows\system32\mfsvr.dll
2014-03-18 16:26 - 2014-01-01 01:56 - 01472048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-03-18 16:26 - 2014-01-01 01:55 - 00381168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfsvr.dll
2014-03-18 16:26 - 2014-01-01 00:59 - 00802816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
2014-03-18 16:26 - 2014-01-01 00:57 - 01214976 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2014-03-18 16:26 - 2014-01-01 00:56 - 00960512 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll
2014-03-18 16:26 - 2013-12-31 00:34 - 00218112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sti.dll
2014-03-18 16:26 - 2013-12-31 00:33 - 00770560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ReAgent.dll
2014-03-18 16:26 - 2013-12-31 00:32 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\sti.dll
2014-03-18 16:26 - 2013-12-31 00:31 - 00947712 _____ (Microsoft Corporation) C:\Windows\system32\reseteng.dll
2014-03-18 16:26 - 2013-12-31 00:31 - 00914944 _____ (Microsoft Corporation) C:\Windows\system32\ReAgent.dll
2014-03-18 16:26 - 2013-12-27 16:09 - 00419160 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2014-03-18 16:26 - 2013-12-27 09:57 - 00842752 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.dll
2014-03-18 16:26 - 2013-12-27 09:57 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncHost.exe
2014-03-18 16:26 - 2013-12-27 09:23 - 00749056 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncCore.dll
2014-03-18 16:26 - 2013-12-27 08:03 - 00630272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsSpellCheckingFacility.dll
2014-03-18 16:26 - 2013-12-27 08:03 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncHost.exe
2014-03-18 16:26 - 2013-12-27 07:37 - 00588800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncCore.dll
2014-03-18 16:26 - 2013-12-21 08:21 - 00376320 _____ (Microsoft Corporation) C:\Windows\system32\pnrpsvc.dll
2014-03-18 16:26 - 2013-12-17 08:21 - 00408576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys
2014-03-18 16:26 - 2013-12-14 07:31 - 13949440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2014-03-18 16:26 - 2013-12-14 07:19 - 18576384 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2014-03-18 16:26 - 2013-12-13 11:54 - 00131160 _____ (Microsoft Corporation) C:\Windows\system32\easinvoker.exe
2014-03-18 16:26 - 2013-12-13 08:24 - 00121088 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys
2014-03-18 16:26 - 2013-12-13 07:36 - 00178176 _____ (Microsoft Corporation) C:\Windows\system32\easwrt.dll
2014-03-18 16:26 - 2013-12-13 06:32 - 00140800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\easwrt.dll
2014-03-18 16:26 - 2013-12-09 09:05 - 21199256 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-03-18 16:26 - 2013-12-09 05:51 - 18643560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-03-17 20:38 - 2014-03-17 20:38 - 00029375 _____ () C:\Users\Va1nn\Downloads\The Walking Dead - 04x14 - The Grove.HDTV REMARKABLE.Dutch.orig.Addic7ed.com.srt
2014-03-17 20:33 - 2014-03-25 16:49 - 00000000 ____D () C:\Program Files (x86)\GS Supporter
2014-03-17 20:33 - 2014-03-17 20:33 - 00000000 ____D () C:\ProgramData\Bsoft
2014-03-17 20:32 - 2014-03-24 14:12 - 00000000 ____D () C:\ProgramData\7996f9cd31bc3d94
2014-03-17 20:32 - 2014-03-17 20:33 - 00000000 ____D () C:\ProgramData\InstallMate
2014-03-17 20:32 - 2014-03-17 20:32 - 00000000 ____D () C:\Users\Va1nn\AppData\Local\Comodo
2014-03-17 20:32 - 2014-03-17 20:32 - 00000000 ____D () C:\Users\Gast\AppData\Local\Torch
2014-03-17 20:32 - 2014-03-17 20:32 - 00000000 ____D () C:\Users\Gast\AppData\Local\Google
2014-03-17 20:32 - 2014-03-17 20:32 - 00000000 ____D () C:\Users\Gast\AppData\Local\Comodo
2014-03-17 20:32 - 2014-03-17 20:32 - 00000000 ____D () C:\Users\Gast
2014-03-17 20:32 - 2014-03-17 20:32 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch
2014-03-17 20:32 - 2014-03-17 20:32 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-03-17 20:32 - 2014-03-17 20:32 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-03-17 20:32 - 2014-03-17 20:32 - 00000000 ____D () C:\Users\Administrator
2014-03-17 16:02 - 2014-03-17 16:02 - 00000000 ____D () C:\Users\Va1nn\Documents\Sports Interactive
2014-03-17 16:02 - 2014-03-17 16:02 - 00000000 ____D () C:\Users\Va1nn\AppData\Roaming\Sports Interactive
2014-03-17 16:02 - 2014-03-17 16:02 - 00000000 ____D () C:\Users\Va1nn\AppData\Local\Sports Interactive
2014-03-17 16:02 - 2014-03-17 16:02 - 00000000 ____D () C:\Users\Public\Documents\Sports Interactive
2014-03-17 15:35 - 2014-03-17 15:35 - 00000202 _____ () C:\Users\Va1nn\Desktop\Football Manager 2013.url
2014-03-17 15:35 - 2014-03-17 15:35 - 00000000 ____D () C:\Users\Va1nn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-03-16 09:19 - 2014-02-22 13:16 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2014-03-16 09:19 - 2014-02-22 12:24 - 00124416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2014-03-13 14:08 - 2014-03-01 07:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-13 14:08 - 2014-03-01 05:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-13 14:08 - 2014-03-01 05:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-13 14:08 - 2014-03-01 05:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-13 14:08 - 2014-03-01 04:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-13 14:08 - 2014-03-01 04:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-13 14:08 - 2014-03-01 04:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-13 14:08 - 2014-03-01 04:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-13 14:08 - 2014-03-01 04:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-13 14:08 - 2014-03-01 04:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-13 14:08 - 2014-03-01 04:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-13 14:08 - 2014-03-01 03:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-13 14:08 - 2014-03-01 03:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-13 14:08 - 2014-03-01 03:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-13 14:08 - 2014-03-01 03:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-13 14:08 - 2014-03-01 03:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-13 14:08 - 2014-03-01 03:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-13 14:08 - 2014-02-11 04:04 - 04189184 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-13 14:08 - 2014-02-11 03:43 - 00488448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-13 14:08 - 2014-02-11 03:04 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-13 14:08 - 2014-01-31 17:15 - 00311640 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys
2014-03-13 14:08 - 2014-01-31 17:07 - 00233920 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-03-13 14:08 - 2014-01-31 17:06 - 02133208 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2014-03-13 14:08 - 2014-01-31 14:47 - 02143960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2014-03-13 14:08 - 2014-01-31 10:06 - 00716288 _____ (Microsoft Corporation) C:\Windows\system32\swprv.dll
2014-03-13 14:08 - 2014-01-29 10:55 - 01287064 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-03-13 14:08 - 2014-01-29 09:53 - 00458616 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
2014-03-13 14:08 - 2014-01-29 09:53 - 00407024 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2014-03-13 14:08 - 2014-01-29 09:49 - 01928144 _____ (Microsoft Corporation) C:\Windows\system32\combase.dll
2014-03-13 14:08 - 2014-01-29 09:47 - 02543960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-03-13 14:08 - 2014-01-29 08:44 - 01371824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\combase.dll
2014-03-13 14:08 - 2014-01-29 08:44 - 00408480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
2014-03-13 14:08 - 2014-01-29 08:44 - 00369280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll
2014-03-13 14:08 - 2014-01-29 07:41 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpencom.dll
2014-03-13 14:08 - 2014-01-29 01:36 - 00249856 _____ (Microsoft Corporation) C:\Windows\system32\rdpencom.dll
2014-03-13 14:08 - 2014-01-27 20:07 - 04175360 _____ (Microsoft Corporation) C:\Windows\system32\dbgeng.dll
2014-03-13 14:08 - 2014-01-27 20:06 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-03-13 14:08 - 2014-01-27 20:04 - 00160256 _____ (Microsoft Corporation) C:\Windows\system32\DWWIN.EXE
2014-03-13 14:08 - 2014-01-27 19:52 - 01036288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-03-13 14:08 - 2014-01-27 19:23 - 02873344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbgeng.dll
2014-03-13 14:08 - 2014-01-27 19:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-03-13 14:08 - 2014-01-27 19:20 - 00138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWWIN.EXE
2014-03-13 14:08 - 2014-01-27 19:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-03-13 14:08 - 2014-01-27 18:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-03-13 14:08 - 2014-01-27 18:18 - 01486848 _____ (Microsoft Corporation) C:\Windows\system32\dbghelp.dll
2014-03-13 14:08 - 2014-01-27 18:00 - 01238016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbghelp.dll
2014-03-13 14:08 - 2014-01-27 16:58 - 05770752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-03-13 14:08 - 2014-01-27 16:50 - 06640640 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-03-13 14:08 - 2014-01-27 12:45 - 00386722 _____ () C:\Windows\system32\ApnDatabase.xml
2014-03-13 14:08 - 2014-01-18 00:04 - 00764864 _____ (Microsoft Corporation) C:\Windows\system32\mfmpeg2srcsnk.dll
2014-03-13 14:08 - 2014-01-17 22:54 - 00669352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmpeg2srcsnk.dll
2014-03-13 14:08 - 2013-12-21 15:51 - 06353960 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe
2014-03-13 14:08 - 2013-12-21 09:54 - 00447488 _____ (Microsoft Corporation) C:\Windows\system32\sppcomapi.dll
2014-03-13 14:08 - 2013-12-20 11:18 - 01643584 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2014-03-13 14:08 - 2013-12-20 11:18 - 01507704 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-03-13 14:08 - 2013-10-31 01:29 - 00236888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2014-03-13 14:08 - 2013-10-31 01:29 - 00124760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys
2014-03-13 14:08 - 2013-10-31 01:28 - 00035856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2014-03-11 16:09 - 2014-03-11 16:09 - 03821624 _____ () C:\Users\Va1nn\Downloads\battlelog-web-plugins_2.3.2_131.exe
2014-03-05 19:52 - 2014-03-05 19:52 - 00008867 _____ () C:\Users\Va1nn\Downloads\Enders_Game_2013_720p_BluRay_x264_YIFY_mp4.torrent
2014-03-03 17:46 - 2014-03-03 17:46 - 00000000 ____D () C:\ProgramData\ATI
2014-03-03 17:44 - 2014-03-03 17:44 - 00060993 _____ () C:\Windows\SysWOW64\CCCInstall_201403031744096947.log
2014-03-03 17:44 - 2014-03-03 17:44 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-03-03 15:39 - 2014-03-03 15:44 - 300632259 _____ (AMD Inc.) C:\Users\Va1nn\Downloads\amd_catalyst_14.2_beta1.3.exe
2014-02-28 20:11 - 2014-02-28 20:11 - 00000000 ____D () C:\Users\Va1nn\AppData\Roaming\TeamViewer
2014-02-28 20:10 - 2014-02-28 20:11 - 04385776 _____ (TeamViewer) C:\Users\Va1nn\Downloads\TeamViewerQS_nl.exe
2014-02-28 15:46 - 2014-02-28 15:47 - 22357360 _____ () C:\Users\Va1nn\Downloads\Joey Dale - Watcha Called Me, Shockwave EP (Original Mixes) [ZIPPY-MUSIC.COM].zip
 
==================== One Month Modified Files and Folders =======
 
2014-03-29 17:41 - 2014-03-29 17:41 - 02157056 _____ (Farbar) C:\Users\Va1nn\Downloads\FRST64.exe
2014-03-29 17:41 - 2014-03-29 17:41 - 00014080 _____ () C:\Users\Va1nn\Downloads\FRST.txt
2014-03-29 17:41 - 2014-03-29 17:41 - 00000000 ____D () C:\FRST
2014-03-29 17:35 - 2014-03-25 19:34 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-29 17:15 - 2014-03-25 16:44 - 00000000 ____D () C:\ProgramData\MFAData
2014-03-29 17:08 - 2013-11-22 15:52 - 00001068 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-29 17:00 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru
2014-03-29 15:39 - 2013-11-22 15:28 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-289169897-1255528339-1447242423-1001
2014-03-29 15:06 - 2014-03-25 16:49 - 00208109 _____ () C:\Windows\WindowsUpdate.log
2014-03-29 14:46 - 2013-11-22 19:48 - 00000000 ____D () C:\Users\Va1nn\AppData\Roaming\Raptr
2014-03-29 14:46 - 2013-11-22 15:58 - 00000000 ____D () C:\ProgramData\Origin
2014-03-29 14:46 - 2013-11-22 15:58 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-03-29 14:46 - 2013-11-22 15:53 - 00002223 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-29 14:46 - 2013-11-22 15:52 - 00001064 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-28 15:39 - 2013-11-22 16:13 - 00214392 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-03-28 14:59 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-03-27 22:13 - 2013-11-22 15:47 - 00000000 ____D () C:\Users\Va1nn\AppData\Roaming\TS3Client
2014-03-27 20:33 - 2013-11-22 16:13 - 00214392 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2014-03-26 20:00 - 2013-09-30 05:24 - 01848216 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-26 20:00 - 2013-09-30 05:00 - 00817794 _____ () C:\Windows\system32\perfh013.dat
2014-03-26 20:00 - 2013-09-30 05:00 - 00166026 _____ () C:\Windows\system32\perfc013.dat
2014-03-26 19:54 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-26 19:54 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-03-25 20:46 - 2014-03-25 20:46 - 00000742 _____ () C:\Users\Va1nn\Desktop\JRT.txt
2014-03-25 20:42 - 2014-03-25 20:42 - 00000000 ____D () C:\Windows\ERUNT
2014-03-25 20:40 - 2014-03-25 20:40 - 01038974 _____ (Thisisu) C:\Users\Va1nn\Downloads\JRT.exe
2014-03-25 20:27 - 2014-03-25 20:27 - 00714207 _____ () C:\Users\Va1nn\Downloads\pbsetup (1).zip
2014-03-25 20:22 - 2014-03-25 20:22 - 00714207 _____ () C:\Users\Va1nn\Downloads\pbsetup.zip
2014-03-25 20:17 - 2013-11-22 15:56 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins
2014-03-25 20:16 - 2014-03-25 20:16 - 03822704 _____ () C:\Users\Va1nn\Downloads\battlelog-web-plugins_2.3.2_133.exe
2014-03-25 20:06 - 2014-03-25 20:06 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2014-03-25 20:00 - 2014-03-25 20:00 - 00002376 _____ () C:\Windows\system32\.crusader
2014-03-25 20:00 - 2014-03-25 19:56 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-03-25 19:55 - 2014-03-25 19:54 - 10820032 _____ (SurfRight B.V.) C:\Users\Va1nn\Downloads\HitmanPro_x64.exe
2014-03-25 19:42 - 2013-08-22 16:36 - 00000000 ___RD () C:\Windows\DesktopTileResources
2014-03-25 19:33 - 2014-03-25 19:33 - 00001114 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-25 19:33 - 2014-03-25 19:33 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-25 19:33 - 2014-03-25 19:33 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-03-25 19:33 - 2014-03-25 19:32 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Va1nn\Downloads\mb3-setup-1878.1878-3.5.1.2522.exe
2014-03-25 19:19 - 2014-03-25 19:18 - 00000000 ____D () C:\AdwCleaner
2014-03-25 19:16 - 2013-11-28 22:33 - 00000000 ____D () C:\Users\Va1nn\AppData\Roaming\vlc
2014-03-25 18:45 - 2013-11-22 15:23 - 00000987 _____ () C:\Users\Va1nn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-03-25 18:39 - 2014-03-25 18:39 - 01950720 _____ () C:\Users\Va1nn\Downloads\adwcleaner (1).exe
2014-03-25 18:36 - 2014-03-25 18:35 - 05192353 _____ (Swearware) C:\Users\Va1nn\Downloads\ComboFix.exe
2014-03-25 16:49 - 2014-03-17 20:33 - 00000000 ____D () C:\Program Files (x86)\GS Supporter
2014-03-25 16:48 - 2014-03-25 16:44 - 00000000 ____D () C:\Users\Va1nn\AppData\Local\Avg2014
2014-03-25 16:48 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-03-25 16:47 - 2014-03-25 16:46 - 00000000 ____D () C:\ProgramData\AVG2014
2014-03-25 16:46 - 2014-03-25 16:46 - 00000991 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-03-25 16:46 - 2014-03-25 16:46 - 00000000 ___HD () C:\$AVG
2014-03-25 16:46 - 2014-03-25 16:46 - 00000000 ____D () C:\Users\Va1nn\AppData\Roaming\TuneUp Software
2014-03-25 16:46 - 2014-03-25 16:46 - 00000000 ____D () C:\Users\Va1nn\AppData\Roaming\AVG2014
2014-03-25 16:46 - 2014-03-25 16:46 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-03-25 16:46 - 2013-08-22 16:36 - 00000000 ___HD () C:\Windows\ELAMBKUP
2014-03-25 16:44 - 2014-03-25 16:44 - 04471880 _____ (AVG Technologies) C:\Users\Va1nn\Downloads\avg_free_stb_all_2014_4354_cnet.exe
2014-03-25 16:44 - 2014-03-25 16:44 - 00000000 ____D () C:\Users\Va1nn\AppData\Local\MFAData
2014-03-24 21:02 - 2013-11-22 22:07 - 00000000 ____D () C:\Users\Va1nn\AppData\Roaming\BitComet
2014-03-24 20:34 - 2014-03-24 20:34 - 00036851 _____ () C:\Users\Va1nn\Downloads\[kickass.to]the.walking.dead.s04e15.hdtv.x264.2hd.ettv.torrent
2014-03-24 14:12 - 2014-03-17 20:32 - 00000000 ____D () C:\ProgramData\7996f9cd31bc3d94
2014-03-20 18:50 - 2014-03-20 18:44 - 00000000 ____D () C:\Users\Va1nn\AppData\Roaming\Belastingdienst
2014-03-20 18:44 - 2014-03-20 18:44 - 00000000 ____D () C:\Users\Va1nn\Documents\Belastingdienst
2014-03-20 18:43 - 2014-03-20 18:43 - 02836400 _____ (Belastingdienst) C:\Users\Va1nn\Downloads\ib2013_win_setup.exe
2014-03-20 18:43 - 2014-03-20 18:43 - 00001427 _____ () C:\Users\Public\Desktop\Aangifte inkomstenbelasting 2013.lnk
2014-03-20 18:43 - 2014-03-20 18:43 - 00000000 ____D () C:\Program Files (x86)\Belastingdienst
2014-03-20 15:41 - 2014-03-20 15:41 - 00028824 _____ () C:\Users\Va1nn\Downloads\captain-america-the-first-avenger_dutch-491747.zip
2014-03-20 15:22 - 2014-03-20 15:22 - 00016377 _____ () C:\Users\Va1nn\Downloads\Captain_America_-_The_First_Avenger_(2011).torrent
2014-03-20 15:20 - 2014-03-20 15:20 - 00020347 _____ () C:\Users\Va1nn\Downloads\[kickass.to]the.blacklist.s01e16.hdtv.x264.lol.ettv.torrent
2014-03-20 15:16 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\rescache
2014-03-19 21:55 - 2013-11-22 15:23 - 00000000 ____D () C:\Users\Va1nn
2014-03-19 15:46 - 2014-03-19 15:46 - 03821624 _____ () C:\Users\Va1nn\Downloads\battlelog-web-plugins_2.3.2_131 (1).exe
2014-03-19 15:41 - 2013-11-22 15:23 - 00000000 ___RD () C:\Users\Va1nn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-19 15:41 - 2013-11-22 15:23 - 00000000 ___RD () C:\Users\Va1nn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-19 15:41 - 2013-08-22 16:36 - 00000000 ___RD () C:\Windows\ToastData
2014-03-19 15:09 - 2013-11-22 19:01 - 00000000 ____D () C:\Windows\Minidump
2014-03-19 13:11 - 2014-03-19 13:11 - 00019403 _____ () C:\Users\Va1nn\Downloads\the.blacklist.the.judge.(2014).dut.1cd.(5576370).zip
2014-03-19 11:53 - 2014-03-19 11:53 - 00019731 _____ () C:\Users\Va1nn\Downloads\the.blacklist.madeline.pratt.(2014).dut.1cd.(5567255).zip
2014-03-18 18:44 - 2013-11-22 15:41 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-18 18:43 - 2013-11-22 15:41 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-17 20:38 - 2014-03-17 20:38 - 00029375 _____ () C:\Users\Va1nn\Downloads\The Walking Dead - 04x14 - The Grove.HDTV REMARKABLE.Dutch.orig.Addic7ed.com.srt
2014-03-17 20:33 - 2014-03-17 20:33 - 00000000 ____D () C:\ProgramData\Bsoft
2014-03-17 20:33 - 2014-03-17 20:32 - 00000000 ____D () C:\ProgramData\InstallMate
2014-03-17 20:32 - 2014-03-17 20:32 - 00000000 ____D () C:\Users\Va1nn\AppData\Local\Comodo
2014-03-17 20:32 - 2014-03-17 20:32 - 00000000 ____D () C:\Users\Gast\AppData\Local\Torch
2014-03-17 20:32 - 2014-03-17 20:32 - 00000000 ____D () C:\Users\Gast\AppData\Local\Google
2014-03-17 20:32 - 2014-03-17 20:32 - 00000000 ____D () C:\Users\Gast\AppData\Local\Comodo
2014-03-17 20:32 - 2014-03-17 20:32 - 00000000 ____D () C:\Users\Gast
2014-03-17 20:32 - 2014-03-17 20:32 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch
2014-03-17 20:32 - 2014-03-17 20:32 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-03-17 20:32 - 2014-03-17 20:32 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-03-17 20:32 - 2014-03-17 20:32 - 00000000 ____D () C:\Users\Administrator
2014-03-17 20:32 - 2013-11-22 15:52 - 00000000 ____D () C:\Users\Va1nn\AppData\Local\Google
2014-03-17 16:02 - 2014-03-17 16:02 - 00000000 ____D () C:\Users\Va1nn\Documents\Sports Interactive
2014-03-17 16:02 - 2014-03-17 16:02 - 00000000 ____D () C:\Users\Va1nn\AppData\Roaming\Sports Interactive
2014-03-17 16:02 - 2014-03-17 16:02 - 00000000 ____D () C:\Users\Va1nn\AppData\Local\Sports Interactive
2014-03-17 16:02 - 2014-03-17 16:02 - 00000000 ____D () C:\Users\Public\Documents\Sports Interactive
2014-03-17 15:35 - 2014-03-17 15:35 - 00000202 _____ () C:\Users\Va1nn\Desktop\Football Manager 2013.url
2014-03-17 15:35 - 2014-03-17 15:35 - 00000000 ____D () C:\Users\Va1nn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-03-14 13:04 - 2014-01-28 18:31 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-14 13:04 - 2014-01-28 18:31 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-14 13:04 - 2013-08-22 15:44 - 00336056 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-13 22:13 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-13 22:13 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-13 22:13 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-03-13 22:13 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-03-13 18:18 - 2013-11-22 15:46 - 00000000 ____D () C:\Users\Va1nn\AppData\Local\TeamSpeak 3 Client
2014-03-11 16:09 - 2014-03-11 16:09 - 03821624 _____ () C:\Users\Va1nn\Downloads\battlelog-web-plugins_2.3.2_131.exe
2014-03-05 19:52 - 2014-03-05 19:52 - 00008867 _____ () C:\Users\Va1nn\Downloads\Enders_Game_2013_720p_BluRay_x264_YIFY_mp4.torrent
2014-03-05 09:26 - 2014-03-25 19:33 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-05 09:26 - 2014-03-25 19:33 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-03-05 09:26 - 2014-03-25 19:33 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-04 23:53 - 2013-08-22 16:38 - 00693240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-04 23:53 - 2013-08-22 16:38 - 00105464 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-03 17:46 - 2014-03-03 17:46 - 00000000 ____D () C:\ProgramData\ATI
2014-03-03 17:44 - 2014-03-03 17:44 - 00060993 _____ () C:\Windows\SysWOW64\CCCInstall_201403031744096947.log
2014-03-03 17:44 - 2014-03-03 17:44 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-03-03 17:44 - 2013-11-22 15:35 - 00000000 ____D () C:\Program Files\ATI Technologies
2014-03-03 17:43 - 2013-11-22 15:37 - 00000000 ____D () C:\ProgramData\AMD
2014-03-03 17:40 - 2013-11-22 15:34 - 00000000 ____D () C:\AMD
2014-03-03 15:44 - 2014-03-03 15:39 - 300632259 _____ (AMD Inc.) C:\Users\Va1nn\Downloads\amd_catalyst_14.2_beta1.3.exe
2014-03-01 07:05 - 2014-03-13 14:08 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-01 05:58 - 2014-03-13 14:08 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-01 05:30 - 2014-03-13 14:08 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-01 05:17 - 2014-03-13 14:08 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-01 04:54 - 2014-03-13 14:08 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-01 04:47 - 2014-03-13 14:08 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-01 04:42 - 2014-03-13 14:08 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-01 04:18 - 2014-03-13 14:08 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-01 04:14 - 2014-03-13 14:08 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-01 04:10 - 2014-03-13 14:08 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-01 04:03 - 2014-03-13 14:08 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-01 03:57 - 2014-03-13 14:08 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-01 03:38 - 2014-03-13 14:08 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-01 03:32 - 2014-03-13 14:08 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-01 03:27 - 2014-03-13 14:08 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-01 03:25 - 2014-03-13 14:08 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-01 03:25 - 2014-03-13 14:08 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-28 20:11 - 2014-02-28 20:11 - 00000000 ____D () C:\Users\Va1nn\AppData\Roaming\TeamViewer
2014-02-28 20:11 - 2014-02-28 20:10 - 04385776 _____ (TeamViewer) C:\Users\Va1nn\Downloads\TeamViewerQS_nl.exe
2014-02-28 15:47 - 2014-02-28 15:46 - 22357360 _____ () C:\Users\Va1nn\Downloads\Joey Dale - Watcha Called Me, Shockwave EP (Original Mixes) [ZIPPY-MUSIC.COM].zip
 
Files to move or delete:
====================
C:\Users\Va1nn\AppData\Roaming\Origin\update.vbe
 
 
Some content of TEMP:
====================
C:\Users\Va1nn\AppData\Local\Temp\sonarinst.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2014-03-13 14:08] - [2014-01-31 17:15] - 0311640 ___AC (Microsoft Corporation) C85C075DE5B6D0FE116043054DE8EE02
 
 
 
LastRegBack: 2014-03-27 15:09
 
==================== End Of Log ============================

and the second file
 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by Va1nn at 2014-03-29 17:42:01
Running from C:\Users\Va1nn\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
 
==================== Installed Programs ======================
 
Aangifte inkomstenbelasting 2013 (HKLM-x32\...\Aangifte inkomstenbelasting 2013) (Version:  - Belastingdienst)
Action! (HKLM-x32\...\Mirillis Action!) (Version: 1.17.4 - Mirillis)
AMD Accelerated Video Transcoding (Version: 13.30.100.40223 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2014.0223.2239.40626 - Uw bedrijfsnaam) Hidden
AMD Catalyst Install Manager (HKLM\...\{A081D35B-0AF0-588A-D0D6-259D25C03E50}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AMD Fuel (Version: 2014.0223.2239.40626 - Uw bedrijfsnaam) Hidden
AMD OverDrive (HKLM-x32\...\{34D5220A-58D0-473C-90E4-15136C3FB0E3}) (Version: 4.3.1.0690 - Advanced Micro Devices, Inc.)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4354 - AVG Technologies)
AVG 2014 (Version: 14.0.3722 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4354 - AVG Technologies) Hidden
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.2.0.0 - Electronic Arts)
Battlefield: Bad Company™ 2 (HKLM-x32\...\{3AC8457C-0385-4BEA-A959-E095F05D6D67}) (Version: 1.0.1.0 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.2 - EA Digital Illusions CE AB)
BF4 Settings Editor (HKLM\...\{EF4C9459-47DE-4FCD-B9E0-CEB5BA03FC64}) (Version: 1.1 - Realmware)
BitComet 1.35 64-bit (HKLM-x32\...\BitComet_x64) (Version: 1.35 - CometNetwork)
Burn4Free DVD Burning 6.8.0.0 (HKLM-x32\...\Burn4Free DVD Burning_is1) (Version:  - Sakysoft s.r.l.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2014.0223.2239.40626 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2014.0223.2239.40626 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2014.0223.2239.40626 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2014.0223.2238.40626 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2014.0223.2238.40626 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2014.0223.2238.40626 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2014.0223.2238.40626 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2014.0223.2238.40626 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2014.0223.2238.40626 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2014.0223.2238.40626 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2014.0223.2238.40626 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2014.0223.2238.40626 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2014.0223.2238.40626 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2014.0223.2238.40626 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2014.0223.2238.40626 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2014.0223.2238.40626 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2014.0223.2238.40626 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2014.0223.2238.40626 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2014.0223.2238.40626 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2014.0223.2238.40626 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2014.0223.2238.40626 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2014.0223.2238.40626 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2014.0223.2238.40626 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2014.0223.2238.40626 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2014.0223.2238.40626 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2014.0223.2239.40626 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.10 - Piriform)
CPUID CPU-Z 1.68 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
Football Manager 2013 (HKLM-x32\...\Steam App 207890) (Version:  - Sports Interactive)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
GS Supporter 1.80 (HKLM-x32\...\{5F189DF5-2D05-472B-9091-84D9848AE48B}{e9f32388}) (Version:  - Certified Publisher) <==== ATTENTION
Hercules DJ Products Series drivers (HKLM-x32\...\{33999F1F-EA46-4E55-A239-1BA803235396}) (Version: 2.HDJS.2013 - Hercules)
HydraVision (x32 Version: 4.2.252.0 - Advanced Micro Devices, Inc.) Hidden
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
K-Lite Codec Pack 10.3.0 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.3.0 - )
Logitech Gaming Software (Version: 8.45.88 - Logitech Inc.) Hidden
Logitech Gaming Software 8.50 (HKLM\...\Logitech Gaming Software) (Version: 8.50.281 - Logitech Inc.)
Malwarebytes Anti-Malware versie 2.00.0.1000 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.00.0.1000 - Malwarebytes Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.3.11.2762 - Electronic Arts, Inc.)
PokerStars.eu (HKLM-x32\...\PokerStars.eu) (Version:  - PokerStars.eu)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.988 - Even Balance, Inc.)
Raptr (HKLM-x32\...\Raptr) (Version:  - )
Setup - Final Fantasy VIII Steam Edition © SQUARE ENIX ... (HKLM-x32\...\Setup - Final Fantasy VIII Steam Edition © SQUARE ENIX ...) (Version: ... - Eidos Interactive)
Skype™ 6.13 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.13.104 - Skype Technologies S.A.)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
TeamSpeak 3 Client (HKCU\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
VirtualDJ PRO Full (HKLM-x32\...\{C515E2A3-4878-4C85-A519-52630C7AB08B}) (Version: 7.3 - Atomix Productions)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.1.0 (HKLM-x32\...\VLC media player) (Version: 2.1.0 - VideoLAN)
WinRAR 5.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
 
==================== Restore Points  =========================
 
16-03-2014 08:57:40 Windows Update
17-03-2014 14:59:40 DirectX is geïnstalleerd.
24-03-2014 16:48:19 Gepland controlepunt
 
==================== Hosts content: ==========================
 
2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {199F4E4E-F0EE-4AB3-80FF-59A8F854F0DB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-22] (Google Inc.)
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {505AF2E0-62CB-4700-8F4C-51EB031FA6A8} - \GoforFilesUpdate No Task File
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {842D80CA-327A-4D84-BE10-28574EE2AABC} - System32\Tasks\Origin => C:\Users\Va1nn\AppData\Roaming\Origin\update.vbe [2014-01-27] () <==== ATTENTION
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {97D7A12C-A023-4902-A010-BDE3F3101B5F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-01-21] (Piriform Ltd)
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {BECC95B3-75BC-41E3-ABC1-79430B5DC0EC} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-03-18] (Microsoft Corporation)
Task: {C3A1E8B2-98C5-47EC-9562-F79F347D355F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-22] (Google Inc.)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-02-23 22:42 - 2014-02-23 22:42 - 00214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2013-11-04 15:03 - 2013-11-04 15:03 - 00818688 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2013-11-04 15:03 - 2013-11-04 15:03 - 03650560 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2014-01-08 06:46 - 2014-01-08 06:46 - 00137584 _____ () C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe
2013-11-22 16:13 - 2013-12-18 19:48 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-02-23 22:41 - 2014-02-23 22:41 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2014-01-08 06:47 - 2014-01-08 06:47 - 00625000 _____ () C:\Program Files (x86)\AMD\OverDrive\Device.dll
2014-01-08 06:48 - 2014-01-08 06:48 - 03860848 _____ () C:\Program Files (x86)\AMD\OverDrive\Platform.dll
2014-01-08 06:49 - 2014-01-08 06:49 - 01587560 _____ () C:\Program Files (x86)\AMD\OverDrive\QtCore4.dll
2014-01-08 06:49 - 2014-01-08 06:49 - 06441320 _____ () C:\Program Files (x86)\AMD\OverDrive\QtGui4.dll
2014-01-08 06:50 - 2014-01-08 06:50 - 00362856 _____ () C:\Program Files (x86)\AMD\OverDrive\QtXml4.dll
2014-01-29 14:38 - 2014-03-07 14:02 - 00962560 _____ () C:\Program Files (x86)\Origin\platforms\qwindows.dll
2014-01-29 14:38 - 2014-03-07 14:02 - 00024064 _____ () C:\Program Files (x86)\Origin\imageformats\qgif.dll
2014-01-29 14:38 - 2014-03-07 14:02 - 00025088 _____ () C:\Program Files (x86)\Origin\imageformats\qico.dll
2014-01-29 14:38 - 2014-03-07 14:02 - 00217088 _____ () C:\Program Files (x86)\Origin\imageformats\qjpeg.dll
2014-01-29 14:38 - 2014-03-07 14:02 - 00261632 _____ () C:\Program Files (x86)\Origin\imageformats\qmng.dll
2014-01-29 14:38 - 2014-03-07 14:02 - 00019968 _____ () C:\Program Files (x86)\Origin\imageformats\qtga.dll
2014-01-29 14:38 - 2014-03-07 14:02 - 00302592 _____ () C:\Program Files (x86)\Origin\imageformats\qtiff.dll
2014-01-29 14:38 - 2014-03-07 14:02 - 00018944 _____ () C:\Program Files (x86)\Origin\imageformats\qwbmp.dll
2014-01-31 15:24 - 2014-01-31 15:24 - 00094208 _____ () C:\Program Files (x86)\ATI Technologies\HydraVision\HydraNln.dll
2010-11-22 23:56 - 2010-11-22 23:56 - 00087040 _____ () C:\Program Files (x86)\Raptr\_ctypes.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00043008 _____ () C:\Program Files (x86)\Raptr\_socket.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00805376 _____ () C:\Program Files (x86)\Raptr\_ssl.pyd
2012-06-22 22:53 - 2012-06-22 22:53 - 05812736 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtGui.pyd
2012-06-22 22:24 - 2012-06-22 22:24 - 00067584 _____ () C:\Program Files (x86)\Raptr\sip.pyd
2012-06-22 22:39 - 2012-06-22 22:39 - 01662464 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtCore.pyd
2012-06-22 22:55 - 2012-06-22 22:55 - 00494592 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtNetwork.pyd
2010-11-22 23:57 - 2010-11-22 23:57 - 00096256 _____ () C:\Program Files (x86)\Raptr\win32api.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00110592 _____ () C:\Program Files (x86)\Raptr\pywintypes26.dll
2010-11-22 23:56 - 2010-11-22 23:56 - 00324608 _____ () C:\Program Files (x86)\Raptr\PIL._imaging.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00356864 _____ () C:\Program Files (x86)\Raptr\_hashlib.pyd
2010-11-22 23:57 - 2010-11-22 23:57 - 00036352 _____ () C:\Program Files (x86)\Raptr\win32process.pyd
2010-11-22 23:57 - 2010-11-22 23:57 - 00111104 _____ () C:\Program Files (x86)\Raptr\win32file.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00124928 _____ () C:\Program Files (x86)\Raptr\_elementtree.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00127488 _____ () C:\Program Files (x86)\Raptr\pyexpat.pyd
2012-02-06 21:28 - 2012-02-06 21:28 - 00031744 _____ () C:\Program Files (x86)\Raptr\Crypto.Cipher.AES.pyd
2012-02-06 21:28 - 2012-02-06 21:28 - 00010752 _____ () C:\Program Files (x86)\Raptr\Crypto.Random.OSRNG.winrandom.pyd
2012-02-06 21:28 - 2012-02-06 21:28 - 00011264 _____ () C:\Program Files (x86)\Raptr\Crypto.Util._counter.pyd
2011-05-10 20:01 - 2011-05-10 20:01 - 00030208 _____ () C:\Program Files (x86)\Raptr\simplejson._speedups.pyd
2012-06-22 22:59 - 2012-06-22 22:59 - 00313856 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtWebKit.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00044544 _____ () C:\Program Files (x86)\Raptr\_sqlite3.pyd
2011-02-15 19:17 - 2011-02-15 19:17 - 00417501 _____ () C:\Program Files (x86)\Raptr\sqlite3.dll
2010-11-22 23:56 - 2010-11-22 23:56 - 00354304 _____ () C:\Program Files (x86)\Raptr\pythoncom26.dll
2010-11-22 23:57 - 2010-11-22 23:57 - 00016384 _____ () C:\Program Files (x86)\Raptr\win32trace.pyd
2010-11-22 23:57 - 2010-11-22 23:57 - 00167936 _____ () C:\Program Files (x86)\Raptr\win32gui.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00009216 _____ () C:\Program Files (x86)\Raptr\winsound.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00010240 _____ () C:\Program Files (x86)\Raptr\select.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00583680 _____ () C:\Program Files (x86)\Raptr\unicodedata.pyd
2013-11-21 01:05 - 2013-11-21 01:05 - 00256000 _____ () C:\Program Files (x86)\Raptr\amd_ags.dll
2010-11-22 23:57 - 2010-11-22 23:57 - 00263168 _____ () C:\Program Files (x86)\Raptr\win32com.shell.shell.pyd
2010-11-22 23:57 - 2010-11-22 23:57 - 00141312 _____ () C:\Program Files (x86)\Raptr\gobject._gobject.pyd
2012-10-27 08:53 - 2012-10-27 08:53 - 02717595 _____ () C:\Program Files (x86)\Raptr\heliotrope._purple.pyd
2011-02-15 19:17 - 2011-02-15 19:17 - 01213633 _____ () C:\Program Files (x86)\Raptr\libxml2-2.dll
2010-11-23 00:06 - 2010-11-23 00:06 - 00055808 _____ () C:\Program Files (x86)\Raptr\zlib1.dll
2013-05-10 00:52 - 2013-05-10 00:52 - 00495680 _____ () C:\Program Files (x86)\Raptr\plugins\libaim.dll
2013-05-10 00:52 - 2013-05-10 00:52 - 01183699 _____ () C:\Program Files (x86)\Raptr\liboscar.dll
2013-05-10 00:52 - 2013-05-10 00:52 - 00483306 _____ () C:\Program Files (x86)\Raptr\plugins\libicq.dll
2013-05-03 19:57 - 2013-05-03 19:57 - 00655356 _____ () C:\Program Files (x86)\Raptr\plugins\libirc.dll
2013-05-03 19:56 - 2013-05-03 19:56 - 01306387 _____ () C:\Program Files (x86)\Raptr\plugins\libmsn.dll
2013-05-03 19:56 - 2013-05-03 19:56 - 00565461 _____ () C:\Program Files (x86)\Raptr\plugins\libxmpp.dll
2013-05-03 19:57 - 2013-05-03 19:57 - 01640221 _____ () C:\Program Files (x86)\Raptr\libjabber.dll
2013-05-03 19:56 - 2013-05-03 19:56 - 00506276 _____ () C:\Program Files (x86)\Raptr\plugins\libyahoo.dll
2013-05-03 19:57 - 2013-05-03 19:57 - 01053730 _____ () C:\Program Files (x86)\Raptr\libymsg.dll
2013-05-03 19:57 - 2013-05-03 19:57 - 00497782 _____ () C:\Program Files (x86)\Raptr\plugins\libyahoojp.dll
2013-05-03 19:57 - 2013-05-03 19:57 - 00603326 _____ () C:\Program Files (x86)\Raptr\plugins\ssl-nss.dll
2013-05-03 19:57 - 2013-05-03 19:57 - 00474199 _____ () C:\Program Files (x86)\Raptr\plugins\ssl.dll
2014-03-15 19:10 - 2014-03-15 01:50 - 00051016 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll
2014-03-15 19:10 - 2014-03-15 01:50 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libglesv2.dll
2014-03-15 19:10 - 2014-03-15 01:50 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libegl.dll
2014-03-15 19:10 - 2014-03-15 01:50 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll
2014-03-15 19:10 - 2014-03-15 01:50 - 13637448 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll
2014-03-15 19:10 - 2014-03-15 01:50 - 04061000 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll
2014-03-15 19:10 - 2014-03-15 01:50 - 00394568 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== Disabled items from MSCONFIG ==============
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/28/2014 02:59:34 PM) (Source: Desktop Window Manager) (User: )
Description: Er is een onherstelbare fout (0x8898008d) opgetreden
 
Error: (03/27/2014 03:09:27 PM) (Source: Microsoft-Windows-Defrag) (User: )
Description: Het volume \\?\Volume{54831694-5381-11e3-824f-806e6f6e6963}\ is niet geoptimaliseerd, omdat er een fout is opgetreden: De parameter is onjuist. (0x80070057)
 
Error: (03/25/2014 08:07:13 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: Cannot update Object List value of SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance key. The first DWORD in the Data section contains the error code and the second DWORD contains the updated value.
 
Error: (03/25/2014 08:07:13 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: Cannot update First Help value of SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance key. The first DWORD in the Data section contains the error code and the second DWORD contains the updated value.
 
Error: (03/25/2014 08:07:13 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: Cannot update First Counter value of SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance key. The first DWORD in the Data section contains the error code and the second DWORD contains the updated value.
 
Error: (03/25/2014 08:07:13 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: Cannot update Last Help value of SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance key. The first DWORD in the Data section contains the error code and the second DWORD contains the updated value.
 
Error: (03/25/2014 08:07:13 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: Cannot update Last Counter value of SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance key. The first DWORD in the Data section contains the error code and the second DWORD contains the updated value.
 
Error: (03/25/2014 05:07:18 PM) (Source: Perflib) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
 
Error: (03/25/2014 02:54:08 PM) (Source: Desktop Window Manager) (User: )
Description: Er is een onherstelbare fout (0x8898008d) opgetreden
 
Error: (03/24/2014 05:48:20 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: De service Cryptografische services is mislukt tijdens het verwerken van aanroep OnIdentity() op het object System Writer.
 
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Toegang geweigerd.
.
 
 
System errors:
=============
Error: (03/29/2014 03:40:47 PM) (Source: DCOM) (User: Dennis)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
 
Error: (03/29/2014 03:40:17 PM) (Source: DCOM) (User: Dennis)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
 
Error: (03/28/2014 04:40:59 PM) (Source: DCOM) (User: Dennis)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
 
Error: (03/28/2014 04:40:29 PM) (Source: DCOM) (User: Dennis)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
 
Error: (03/27/2014 03:10:26 PM) (Source: DCOM) (User: Dennis)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
 
Error: (03/27/2014 03:09:56 PM) (Source: DCOM) (User: Dennis)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
 
Error: (03/26/2014 07:54:35 PM) (Source: DCOM) (User: Dennis)
Description: toepassingsspecifiekLokaalStarten{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}DennisVa1nnS-1-5-21-289169897-1255528339-1447242423-1001LocalHost (via LRPC)Niet beschikbaarNiet beschikbaar
 
Error: (03/26/2014 05:58:50 PM) (Source: DCOM) (User: Dennis)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
 
Error: (03/25/2014 08:28:13 PM) (Source: Service Control Manager) (User: )
Description: ScRegSetValueExW-oproep voor FailureActions is niet geslaagd vanwege deze fout: 
%%5.
 
Error: (03/25/2014 08:26:20 PM) (Source: Service Control Manager) (User: )
Description: ScRegSetValueExW-oproep voor Type is niet geslaagd vanwege deze fout: 
%%5.
 
 
Microsoft Office Sessions:
=========================
Error: (03/28/2014 02:59:34 PM) (Source: Desktop Window Manager)(User: )
Description: 0x8898008d
 
Error: (03/27/2014 03:09:27 PM) (Source: Microsoft-Windows-Defrag)(User: )
Description: \\?\Volume{54831694-5381-11e3-824f-806e6f6e6963}\De parameter is onjuist. (0x80070057)
 
Error: (03/25/2014 08:07:13 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: Object ListSYSTEM\CurrentControlSet\Services\WmiApRpl\Performance8050000000E0E0000
 
Error: (03/25/2014 08:07:13 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: First HelpSYSTEM\CurrentControlSet\Services\WmiApRpl\Performance1205000000131E0000F90D0000
 
Error: (03/25/2014 08:07:13 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: First CounterSYSTEM\CurrentControlSet\Services\WmiApRpl\Performance1205000000121E0000E50D0000
 
Error: (03/25/2014 08:07:13 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: Last HelpSYSTEM\CurrentControlSet\Services\WmiApRpl\Performance1205000000B91E0000D10D0000
 
Error: (03/25/2014 08:07:13 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: Last CounterSYSTEM\CurrentControlSet\Services\WmiApRpl\Performance1205000000B81E0000BD0D0000
 
Error: (03/25/2014 05:07:18 PM) (Source: Perflib)(User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
 
Error: (03/25/2014 02:54:08 PM) (Source: Desktop Window Manager)(User: )
Description: 0x8898008d
 
Error: (03/24/2014 05:48:20 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Toegang geweigerd.
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-03-20 15:14:46.414
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-03-20 15:14:46.389
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-03-20 15:13:58.653
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-03-20 15:13:58.628
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-03-20 15:13:58.532
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-03-20 15:13:58.508
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-03-20 15:13:58.475
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-03-20 15:13:58.451
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-03-20 15:13:58.312
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-03-20 15:13:58.240
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 51%
Total physical RAM: 4094.11 MB
Available physical RAM: 1998.87 MB
Total Pagefile: 8190.11 MB
Available Pagefile: 4798.09 MB
Total Virtual: 131072 MB
Available Virtual: 131071.78 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:111.69 GB) (Free:18.97 GB) NTFS
Drive e: (Muziek) (Fixed) (Total:26.23 GB) (Free:17.18 GB) NTFS
Drive f: (Games) (Fixed) (Total:51.79 GB) (Free:8.49 GB) NTFS
Drive g: (Movies/Series) (Fixed) (Total:97.66 GB) (Free:16.83 GB) NTFS
Drive h: (..) (Fixed) (Total:29.3 GB) (Free:2.93 GB) NTFS
Drive i: (muziek) (Fixed) (Total:29.3 GB) (Free:3.3 GB) NTFS
Drive j: (Games 2) (Fixed) (Total:63.72 GB) (Free:8.94 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 112 GB) (Disk ID: 3A2D2D12)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=112 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: A7FDA7FD)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================


#4 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:21 PM

Posted 29 March 2014 - 12:40 PM

Alright. How is your computer running after the following steps?


Step 1

Please download this attached Attached File  fixlist.txt   1.11KB   14 downloads and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button. Allow a reboot if requested.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.


Step 2

Please download the ESET Online Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start esetsmartinstaller_enu.exe with administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log file is created at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
    Copy and paste the content of this log file in your next reply.
Note: Do not forget to re-enable your antivirus application after running the above scan!



Step 3

Start FRST with administator privileges.
  • Make sure the option Addition.txt (under Optional Scan) is checked.
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.


#5 vainn

vainn
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:21 PM

Posted 30 March 2014 - 09:30 AM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
Ran by Va1nn at 2014-03-30 15:11:00 Run:1
Running from C:\Users\Va1nn\Downloads
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
Task: {842D80CA-327A-4D84-BE10-28574EE2AABC} - System32\Tasks\Origin => C:\Users\Va1nn\AppData\Roaming\Origin\update.vbe [2014-01-27] () <==== ATTENTION
C:\Users\Va1nn\AppData\Roaming\Origin
2014-03-25 16:49 - 2014-03-17 20:33 - 00000000 ____D () C:\Program Files (x86)\GS Supporter
2014-03-17 20:33 - 2014-03-17 20:33 - 00000000 ____D () C:\ProgramData\Bsoft
2014-03-17 20:32 - 2014-03-24 14:12 - 00000000 ____D () C:\ProgramData\7996f9cd31bc3d94
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR Extension: (BiitSavEr) - C:\Users\Va1nn\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpnbfifnfbephmfonnpijhdjkehnfppm [2014-03-24]
CHR Extension: (Safeweebo) - C:\Users\Va1nn\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdajbmkcpbpmebcfdkebheakehghokjj [2014-03-17]
AppInit_DLLs: C:\PROGRA~2\GSSUPP~1\ASSIST~2.DLL => C:\Program Files (x86)\GS Supporter\Assistant_x64.dll [4210176 2014-03-17] ()
AppInit_DLLs-x32: c:\progra~2\gssupp~1\assist~1.dll => "c:\progra~2\gssupp~1\assist~1.dll" File Not Found
Reboot:
*****************
 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{842D80CA-327A-4D84-BE10-28574EE2AABC} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{842D80CA-327A-4D84-BE10-28574EE2AABC} => Key deleted successfully.
C:\Windows\System32\Tasks\Origin => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Origin => Key deleted successfully.
C:\Users\Va1nn\AppData\Roaming\Origin => Moved successfully.
C:\Program Files (x86)\GS Supporter => Moved successfully.
C:\ProgramData\Bsoft => Moved successfully.
C:\ProgramData\7996f9cd31bc3d94 => Moved successfully.
HKLM\SOFTWARE\Policies\Google => Key deleted successfully.
HKCU\SOFTWARE\Policies\Google => Key deleted successfully.
C:\Users\Va1nn\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpnbfifnfbephmfonnpijhdjkehnfppm => Moved successfully.
C:\Users\Va1nn\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdajbmkcpbpmebcfdkebheakehghokjj => Moved successfully.
"C:\\PROGRA~2\\GSSUPP~1\\ASSIST~2.DLL" => Value Data removed successfully.
"c:\\progra~2\\gssupp~1\\assist~1.dll" => Value Data removed successfully.
 
 
The system needed a reboot. 
 
 
==== End of Fixlog ====

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=0e9a0bf21c5fe746a575ccd8ef4f9df0
# engine=17682
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-03-30 02:25:11
# local_time=2014-03-30 04:25:11 (+0100, West-Europa (zomertijd))
# country="Netherlands"
# lang=1033
# osver=6.2.9200 NT 
# compatibility_mode=5893 16776574 100 94 437396 13505808 0 0
# scanned=181350
# found=17
# cleaned=0
# scan_time=4011
sh=AE4B3ECB491AEF6D1594361E820A6FCC8EF44E3E ft=1 fh=c71c0011d35ff60a vn="a variant of Win64/SProtector.B potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\GS Supporter\Assistant_x64.dll"
sh=2FEFB3D1DB4D1FF79451529F61F6290DB3D5ED57 ft=0 fh=0000000000000000 vn="VBS/CoinMiner.AD trojan" ac=I fn="C:\FRST\Quarantine\C\Users\Va1nn\AppData\Roaming\Origin\update.vbe"
sh=2FEFB3D1DB4D1FF79451529F61F6290DB3D5ED57 ft=0 fh=0000000000000000 vn="VBS/CoinMiner.AD trojan" ac=I fn="C:\Users\Va1nn\AppData\Local\tmp023423.vbe"
sh=0F97FB08E6FC4500F86E64D3285C171C6462BD61 ft=1 fh=acbbffe185c36761 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Va1nn\Downloads\ccsetup410_755246a3d44bfdb8a66db8c19122724b.exe"
sh=D7FBAD7D18D895EC0B062DD8B41BE9B463810D21 ft=1 fh=ce6e2bdbffa3f8ae vn="Win32/SmartFileAdvisor.B potentially unwanted application" ac=I fn="C:\Users\Va1nn\Downloads\_Alcohol120_trial_2.0.2.5830.exe"
sh=DE7767E0C52753A9395168FB8F88275522203451 ft=1 fh=2957105ba068805f vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="F:\cpuz_1.58.exe"
sh=29FEFB03E803E6430D7D0EAA47324A3691CA13F8 ft=1 fh=a7bb94cd7cbc834c vn="a variant of Win32/Somoto.A potentially unwanted application" ac=I fn="F:\etypesetup"
sh=7F1D59A0006EBF370D15BEE6AD34EB7F1A663506 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="H:\DENNIS-PC\Backup Set 2013-06-23 191636\Backup Files 2013-06-30 190000\Backup files 1.zip"
sh=39148E704BC9AA5F5E8879AD520EED1D7B7BEBB0 ft=0 fh=0000000000000000 vn="Win32/Adware.Toolbar.Shopper application" ac=I fn="H:\DENNIS-PC\Backup Set 2013-06-23 191636\Backup Files 2013-09-28 174818\Backup files 1.zip"
sh=160DE76C6D3BB3E8DBCFB5F6285A276005BB2D41 ft=0 fh=0000000000000000 vn="Win32/InstalleRex.J potentially unwanted application" ac=I fn="H:\DENNIS-PC\Backup Set 2013-06-23 191636\Backup Files 2013-09-28 174818\Backup files 7.zip"
sh=43C9E413EE19DFB9175E1AB6EDE76F3BDB4F4AA6 ft=0 fh=0000000000000000 vn="Win32/Malavida.A potentially unwanted application" ac=I fn="H:\DENNIS-PC\Backup Set 2013-06-23 191636\Backup Files 2013-09-28 174818\Backup files 8.zip"
sh=7A10F9597D28C3B36E9E1CAAE6E752923B887269 ft=0 fh=0000000000000000 vn="Win32/OpenCandy potentially unsafe application" ac=I fn="H:\DENNIS-PC\Backup Set 2013-06-23 191636\Backup Files 2013-09-28 174818\Backup files 9.zip"
sh=CB73BAC51FA9F58B2790ED44CC6C4439D798098F ft=0 fh=0000000000000000 vn="a variant of Win32/bProtector.J potentially unwanted application" ac=I fn="H:\DENNIS-PC\Backup Set 2013-06-23 191636\Backup Files 2013-09-29 190001\Backup files 1.zip"
sh=07389537890C3CAD2B1D5B171AE86DF03B6F0C95 ft=0 fh=0000000000000000 vn="a variant of Win32/Toolbar.Babylon.F potentially unwanted application" ac=I fn="H:\DENNIS-PC\Backup Set 2013-06-23 191636\Backup Files 2013-09-29 190001\Backup files 2.zip"
sh=D433FB562769525938DE8207BCEC5804F227367C ft=0 fh=0000000000000000 vn="a variant of Win32/bProtector.A potentially unwanted application" ac=I fn="H:\DENNIS-PC\Backup Set 2013-06-23 191636\Backup Files 2013-09-29 190001\Backup files 3.zip"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/HackTool.Crack.BL potentially unsafe application" ac=I fn="H:\F1.2013-RELOADED\rld-f12013.iso"
sh=0A859D24A2C40D9DD7B805F008EE642A96E11F9A ft=1 fh=07c06b0090a4942b vn="Win32/OpenCandy potentially unsafe application" ac=I fn="J:\Programma's\videora-hd2-504-setup.exe"


#6 vainn

vainn
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:21 PM

Posted 30 March 2014 - 09:32 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Va1nn (administrator) on DENNIS on 30-03-2014 16:32:02
Running from C:\Users\Va1nn\Downloads
Windows 8.1 Pro (X64) OS Language: Dutch Standard
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
() C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Hercules®) C:\Program Files\Hercules\Audio\DJ Console Series\drivers\amd64\HerculesDJControlMP3.EXE
(Microsoft Corporation) C:\Windows\system32\dashost.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(StarWind Software) C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDPop3.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe
(Electronic Arts) C:\Program Files (x86)\Origin\Origin.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr_im.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr\raptr_ep64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(ESET) C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [Launch LCore] - C:\Program Files\Logitech Gaming Software\LCore.exe [8290584 2013-08-01] (Logitech Inc.)
HKLM\...\Run: [Hercules DJ Series TrayAgent] - C:\Program Files\Guillemot\HDJTray\HDJSeries2TrayBar.exe [3572048 2013-05-10] (Hercules®)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-02-24] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4971024 2014-03-19] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-289169897-1255528339-1447242423-1001\...\Run: [EADM] - C:\Program Files (x86)\Origin\Origin.exe [3588952 2014-03-07] (Electronic Arts)
HKU\S-1-5-21-289169897-1255528339-1447242423-1001\...\Run: [Raptr] - C:\Program Files (x86)\Raptr\raptrstub.exe [55360 2014-02-18] (Raptr, Inc)
HKU\S-1-5-21-289169897-1255528339-1447242423-1001\...\Run: [AlcoholAutomount] - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team)
HKU\S-1-5-21-289169897-1255528339-1447242423-1001\...\Run: [HydraVisionDesktopManager] - C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [389120 2014-01-31] (AMD)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.nl.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x7C28C5F585EFCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = nl-NL
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO-x32: BitComet Helper - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.254
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com
CHR Extension: (Google Wallet) - C:\Users\Va1nn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-22]
 
==================== Services (Whitelisted) =================
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-02-23] (Advanced Micro Devices, Inc.)
R2 AODService; C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [137584 2014-01-08] ()
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3782672 2014-02-23] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
S2 AxAutoMntSrv; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team)
S3 BITCOMET_HELPER_SERVICE; C:\Program Files\BitComet\tools\BitCometService.exe [1296728 2010-12-28] (www.BitComet.com)
R2 HerculesDJControlMP3; C:\Program Files\Hercules\Audio\DJ Console Series\drivers\amd64\HerculesDJControlMP3.EXE [47104 2013-05-21] (Hercules®)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-03-05] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-03-05] (Malwarebytes Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-12-18] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2013-10-31] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2013-10-31] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-11-04] (Advanced Micro Devices)
R2 AODDriver4.3.0; C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [59624 2014-01-08] (Advanced Micro Devices)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2013-12-19] (Advanced Micro Devices)
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [150808 2013-11-25] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [243480 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [196376 2013-11-25] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-11-01] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-10-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [252728 2013-10-21] (AVG Technologies CZ, s.r.o.)
U3 axscsidrv; C:\Windows\System32\Drivers\axscsidrv.sys [293888 2014-01-27] (Alcohol Soft Development Team)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows ® Win 7 DDK provider)
S3 Bulk; C:\Windows\System32\Drivers\HDJBulk.sys [258352 2013-05-21] (© Guillemot R&D, 2013. All rights reserved.)
S3 HDJAsioK; C:\Windows\System32\Drivers\HDJAsioK.sys [320816 2013-05-21] (© Guillemot R&D, 2013. All rights reserved.)
S3 HDJMidi; C:\Windows\system32\DRIVERS\HDJMidi.sys [274736 2013-05-21] (© Guillemot R&D, 2013. All rights reserved.)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation)
S3 kbldfltr; C:\Windows\System32\drivers\kbldfltr.sys [22272 2013-09-30] (Microsoft Corporation)
R3 LGSHidFilt; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-03-05] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\system32\DRIVERS\ASACPI.sys [17280 2013-05-17] ()
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
S3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [1975000 2013-07-31] (Realtek Semiconductor Corporation                           )
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2014-01-26] (Duplex Secure Ltd.)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124760 2013-10-31] (Microsoft Corporation)
S3 WUDFWpdComp; C:\Windows\system32\DRIVERS\WUDFRd.sys [230912 2013-08-22] (Microsoft Corporation)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2013-08-22] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-03-30 15:16 - 2014-03-30 15:16 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-03-30 15:16 - 2014-03-30 15:15 - 02347384 _____ (ESET) C:\Users\Va1nn\Desktop\esetsmartinstaller_enu.exe
2014-03-30 15:15 - 2014-03-30 15:15 - 02347384 _____ (ESET) C:\Users\Va1nn\Downloads\esetsmartinstaller_enu.exe
2014-03-30 15:12 - 2014-03-30 16:22 - 00000000 ____D () C:\Users\Va1nn\AppData\Roaming\Origin
2014-03-29 18:42 - 2014-03-29 18:42 - 00033721 _____ () C:\Users\Va1nn\Downloads\Addition.txt
2014-03-29 18:41 - 2014-03-30 16:32 - 00011671 _____ () C:\Users\Va1nn\Downloads\FRST.txt
2014-03-29 18:41 - 2014-03-30 16:32 - 00000000 ____D () C:\FRST
2014-03-29 18:41 - 2014-03-29 18:41 - 02157056 _____ (Farbar) C:\Users\Va1nn\Downloads\FRST64.exe
2014-03-25 21:46 - 2014-03-25 21:46 - 00000742 _____ () C:\Users\Va1nn\Desktop\JRT.txt
2014-03-25 21:42 - 2014-03-25 21:42 - 00000000 ____D () C:\Windows\ERUNT
2014-03-25 21:40 - 2014-03-25 21:40 - 01038974 _____ (Thisisu) C:\Users\Va1nn\Downloads\JRT.exe
2014-03-25 21:27 - 2014-03-25 21:27 - 00714207 _____ () C:\Users\Va1nn\Downloads\pbsetup (1).zip
2014-03-25 21:27 - 2013-11-04 18:38 - 00820736 _____ () C:\Users\Va1nn\Desktop\pbsetup.exe
2014-03-25 21:22 - 2014-03-25 21:22 - 00714207 _____ () C:\Users\Va1nn\Downloads\pbsetup.zip
2014-03-25 21:16 - 2014-03-25 21:16 - 03822704 _____ () C:\Users\Va1nn\Downloads\battlelog-web-plugins_2.3.2_133.exe
2014-03-25 21:06 - 2014-03-25 21:06 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2014-03-25 21:00 - 2014-03-25 21:00 - 00002376 _____ () C:\Windows\system32\.crusader
2014-03-25 20:56 - 2014-03-25 21:00 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-03-25 20:54 - 2014-03-25 20:55 - 10820032 _____ (SurfRight B.V.) C:\Users\Va1nn\Downloads\HitmanPro_x64.exe
2014-03-25 20:34 - 2014-03-30 15:12 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-25 20:33 - 2014-03-25 20:33 - 00001114 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-25 20:33 - 2014-03-25 20:33 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-25 20:33 - 2014-03-25 20:33 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-03-25 20:33 - 2014-03-05 10:26 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-25 20:33 - 2014-03-05 10:26 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-03-25 20:33 - 2014-03-05 10:26 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-25 20:32 - 2014-03-25 20:33 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Va1nn\Downloads\mb3-setup-1878.1878-3.5.1.2522.exe
2014-03-25 20:18 - 2014-03-25 20:19 - 00000000 ____D () C:\AdwCleaner
2014-03-25 19:39 - 2014-03-25 19:39 - 01950720 _____ () C:\Users\Va1nn\Downloads\adwcleaner (1).exe
2014-03-25 19:35 - 2014-03-25 19:36 - 05192353 _____ (Swearware) C:\Users\Va1nn\Downloads\ComboFix.exe
2014-03-25 17:49 - 2014-03-30 15:54 - 00245987 _____ () C:\Windows\WindowsUpdate.log
2014-03-25 17:46 - 2014-03-25 17:47 - 00000000 ____D () C:\ProgramData\AVG2014
2014-03-25 17:46 - 2014-03-25 17:46 - 00000991 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-03-25 17:46 - 2014-03-25 17:46 - 00000000 ___HD () C:\$AVG
2014-03-25 17:46 - 2014-03-25 17:46 - 00000000 ____D () C:\Users\Va1nn\AppData\Roaming\TuneUp Software
2014-03-25 17:46 - 2014-03-25 17:46 - 00000000 ____D () C:\Users\Va1nn\AppData\Roaming\AVG2014
2014-03-25 17:46 - 2014-03-25 17:46 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-03-25 17:44 - 2014-03-30 12:57 - 00000000 ____D () C:\ProgramData\MFAData
2014-03-25 17:44 - 2014-03-25 17:48 - 00000000 ____D () C:\Users\Va1nn\AppData\Local\Avg2014
2014-03-25 17:44 - 2014-03-25 17:44 - 04471880 _____ (AVG Technologies) C:\Users\Va1nn\Downloads\avg_free_stb_all_2014_4354_cnet.exe
2014-03-25 17:44 - 2014-03-25 17:44 - 00000000 ____D () C:\Users\Va1nn\AppData\Local\MFAData
2014-03-24 21:34 - 2014-03-24 21:34 - 00036851 _____ () C:\Users\Va1nn\Downloads\[kickass.to]the.walking.dead.s04e15.hdtv.x264.2hd.ettv.torrent
2014-03-20 19:44 - 2014-03-20 19:50 - 00000000 ____D () C:\Users\Va1nn\AppData\Roaming\Belastingdienst
2014-03-20 19:44 - 2014-03-20 19:44 - 00000000 ____D () C:\Users\Va1nn\Documents\Belastingdienst
2014-03-20 19:43 - 2014-03-20 19:43 - 02836400 _____ (Belastingdienst) C:\Users\Va1nn\Downloads\ib2013_win_setup.exe
2014-03-20 19:43 - 2014-03-20 19:43 - 00001427 _____ () C:\Users\Public\Desktop\Aangifte inkomstenbelasting 2013.lnk
2014-03-20 19:43 - 2014-03-20 19:43 - 00000000 ____D () C:\Program Files (x86)\Belastingdienst
2014-03-20 16:41 - 2014-03-20 16:41 - 00028824 _____ () C:\Users\Va1nn\Downloads\captain-america-the-first-avenger_dutch-491747.zip
2014-03-20 16:22 - 2014-03-20 16:22 - 00016377 _____ () C:\Users\Va1nn\Downloads\Captain_America_-_The_First_Avenger_(2011).torrent
2014-03-20 16:20 - 2014-03-20 16:20 - 00020347 _____ () C:\Users\Va1nn\Downloads\[kickass.to]the.blacklist.s01e16.hdtv.x264.lol.ettv.torrent
2014-03-19 16:46 - 2014-03-19 16:46 - 03821624 _____ () C:\Users\Va1nn\Downloads\battlelog-web-plugins_2.3.2_131 (1).exe
2014-03-19 14:11 - 2014-03-19 14:11 - 00019403 _____ () C:\Users\Va1nn\Downloads\the.blacklist.the.judge.(2014).dut.1cd.(5576370).zip
2014-03-19 12:53 - 2014-03-19 12:53 - 00019731 _____ () C:\Users\Va1nn\Downloads\the.blacklist.madeline.pratt.(2014).dut.1cd.(5567255).zip
2014-03-18 17:26 - 2014-01-08 03:46 - 00325464 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\USBXHCI.SYS
2014-03-18 17:26 - 2014-01-08 03:41 - 01530712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-03-18 17:26 - 2014-01-08 03:41 - 00382808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2014-03-18 17:26 - 2014-01-04 17:54 - 00138240 _____ () C:\Windows\system32\OEMLicense.dll
2014-03-18 17:26 - 2014-01-04 17:08 - 00103936 _____ () C:\Windows\SysWOW64\OEMLicense.dll
2014-03-18 17:26 - 2014-01-04 16:08 - 00206336 _____ (Microsoft Corporation) C:\Windows\system32\WSClient.dll
2014-03-18 17:26 - 2014-01-04 15:53 - 00174592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSClient.dll
2014-03-18 17:26 - 2014-01-03 01:54 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2014-03-18 17:26 - 2014-01-03 01:48 - 00336896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2014-03-18 17:26 - 2014-01-01 03:55 - 01720560 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-03-18 17:26 - 2014-01-01 03:52 - 00481944 _____ (Microsoft Corporation) C:\Windows\system32\mfsvr.dll
2014-03-18 17:26 - 2014-01-01 02:56 - 01472048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-03-18 17:26 - 2014-01-01 02:55 - 00381168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfsvr.dll
2014-03-18 17:26 - 2014-01-01 01:59 - 00802816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
2014-03-18 17:26 - 2014-01-01 01:57 - 01214976 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2014-03-18 17:26 - 2014-01-01 01:56 - 00960512 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll
2014-03-18 17:26 - 2013-12-31 01:34 - 00218112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sti.dll
2014-03-18 17:26 - 2013-12-31 01:33 - 00770560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ReAgent.dll
2014-03-18 17:26 - 2013-12-31 01:32 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\sti.dll
2014-03-18 17:26 - 2013-12-31 01:31 - 00947712 _____ (Microsoft Corporation) C:\Windows\system32\reseteng.dll
2014-03-18 17:26 - 2013-12-31 01:31 - 00914944 _____ (Microsoft Corporation) C:\Windows\system32\ReAgent.dll
2014-03-18 17:26 - 2013-12-27 17:09 - 00419160 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2014-03-18 17:26 - 2013-12-27 10:57 - 00842752 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.dll
2014-03-18 17:26 - 2013-12-27 10:57 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncHost.exe
2014-03-18 17:26 - 2013-12-27 10:23 - 00749056 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncCore.dll
2014-03-18 17:26 - 2013-12-27 09:03 - 00630272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsSpellCheckingFacility.dll
2014-03-18 17:26 - 2013-12-27 09:03 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncHost.exe
2014-03-18 17:26 - 2013-12-27 08:37 - 00588800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncCore.dll
2014-03-18 17:26 - 2013-12-21 09:21 - 00376320 _____ (Microsoft Corporation) C:\Windows\system32\pnrpsvc.dll
2014-03-18 17:26 - 2013-12-17 09:21 - 00408576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys
2014-03-18 17:26 - 2013-12-14 08:31 - 13949440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2014-03-18 17:26 - 2013-12-14 08:19 - 18576384 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2014-03-18 17:26 - 2013-12-13 12:54 - 00131160 _____ (Microsoft Corporation) C:\Windows\system32\easinvoker.exe
2014-03-18 17:26 - 2013-12-13 09:24 - 00121088 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys
2014-03-18 17:26 - 2013-12-13 08:36 - 00178176 _____ (Microsoft Corporation) C:\Windows\system32\easwrt.dll
2014-03-18 17:26 - 2013-12-13 07:32 - 00140800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\easwrt.dll
2014-03-18 17:26 - 2013-12-09 10:05 - 21199256 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-03-18 17:26 - 2013-12-09 06:51 - 18643560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-03-17 21:38 - 2014-03-17 21:38 - 00029375 _____ () C:\Users\Va1nn\Downloads\The Walking Dead - 04x14 - The Grove.HDTV REMARKABLE.Dutch.orig.Addic7ed.com.srt
2014-03-17 21:32 - 2014-03-17 21:33 - 00000000 ____D () C:\ProgramData\InstallMate
2014-03-17 21:32 - 2014-03-17 21:32 - 00000000 ____D () C:\Users\Va1nn\AppData\Local\Comodo
2014-03-17 21:32 - 2014-03-17 21:32 - 00000000 ____D () C:\Users\Gast\AppData\Local\Torch
2014-03-17 21:32 - 2014-03-17 21:32 - 00000000 ____D () C:\Users\Gast\AppData\Local\Google
2014-03-17 21:32 - 2014-03-17 21:32 - 00000000 ____D () C:\Users\Gast\AppData\Local\Comodo
2014-03-17 21:32 - 2014-03-17 21:32 - 00000000 ____D () C:\Users\Gast
2014-03-17 21:32 - 2014-03-17 21:32 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch
2014-03-17 21:32 - 2014-03-17 21:32 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-03-17 21:32 - 2014-03-17 21:32 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-03-17 21:32 - 2014-03-17 21:32 - 00000000 ____D () C:\Users\Administrator
2014-03-17 17:02 - 2014-03-17 17:02 - 00000000 ____D () C:\Users\Va1nn\Documents\Sports Interactive
2014-03-17 17:02 - 2014-03-17 17:02 - 00000000 ____D () C:\Users\Va1nn\AppData\Roaming\Sports Interactive
2014-03-17 17:02 - 2014-03-17 17:02 - 00000000 ____D () C:\Users\Va1nn\AppData\Local\Sports Interactive
2014-03-17 17:02 - 2014-03-17 17:02 - 00000000 ____D () C:\Users\Public\Documents\Sports Interactive
2014-03-17 16:35 - 2014-03-17 16:35 - 00000202 _____ () C:\Users\Va1nn\Desktop\Football Manager 2013.url
2014-03-17 16:35 - 2014-03-17 16:35 - 00000000 ____D () C:\Users\Va1nn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-03-16 10:19 - 2014-02-22 14:16 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2014-03-16 10:19 - 2014-02-22 13:24 - 00124416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2014-03-13 15:08 - 2014-03-01 08:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-13 15:08 - 2014-03-01 06:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-13 15:08 - 2014-03-01 06:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-13 15:08 - 2014-03-01 06:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-13 15:08 - 2014-03-01 05:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-13 15:08 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-13 15:08 - 2014-03-01 05:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-13 15:08 - 2014-03-01 05:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-13 15:08 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-13 15:08 - 2014-03-01 05:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-13 15:08 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-13 15:08 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-13 15:08 - 2014-03-01 04:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-13 15:08 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-13 15:08 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-13 15:08 - 2014-03-01 04:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-13 15:08 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-13 15:08 - 2014-02-11 05:04 - 04189184 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-13 15:08 - 2014-02-11 04:43 - 00488448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-13 15:08 - 2014-02-11 04:04 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-13 15:08 - 2014-01-31 18:15 - 00311640 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys
2014-03-13 15:08 - 2014-01-31 18:07 - 00233920 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-03-13 15:08 - 2014-01-31 18:06 - 02133208 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2014-03-13 15:08 - 2014-01-31 15:47 - 02143960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2014-03-13 15:08 - 2014-01-31 11:06 - 00716288 _____ (Microsoft Corporation) C:\Windows\system32\swprv.dll
2014-03-13 15:08 - 2014-01-29 11:55 - 01287064 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-03-13 15:08 - 2014-01-29 10:53 - 00458616 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
2014-03-13 15:08 - 2014-01-29 10:53 - 00407024 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2014-03-13 15:08 - 2014-01-29 10:49 - 01928144 _____ (Microsoft Corporation) C:\Windows\system32\combase.dll
2014-03-13 15:08 - 2014-01-29 10:47 - 02543960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-03-13 15:08 - 2014-01-29 09:44 - 01371824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\combase.dll
2014-03-13 15:08 - 2014-01-29 09:44 - 00408480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
2014-03-13 15:08 - 2014-01-29 09:44 - 00369280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll
2014-03-13 15:08 - 2014-01-29 08:41 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpencom.dll
2014-03-13 15:08 - 2014-01-29 02:36 - 00249856 _____ (Microsoft Corporation) C:\Windows\system32\rdpencom.dll
2014-03-13 15:08 - 2014-01-27 21:07 - 04175360 _____ (Microsoft Corporation) C:\Windows\system32\dbgeng.dll
2014-03-13 15:08 - 2014-01-27 21:06 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-03-13 15:08 - 2014-01-27 21:04 - 00160256 _____ (Microsoft Corporation) C:\Windows\system32\DWWIN.EXE
2014-03-13 15:08 - 2014-01-27 20:52 - 01036288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-03-13 15:08 - 2014-01-27 20:23 - 02873344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbgeng.dll
2014-03-13 15:08 - 2014-01-27 20:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-03-13 15:08 - 2014-01-27 20:20 - 00138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWWIN.EXE
2014-03-13 15:08 - 2014-01-27 20:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-03-13 15:08 - 2014-01-27 19:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-03-13 15:08 - 2014-01-27 19:18 - 01486848 _____ (Microsoft Corporation) C:\Windows\system32\dbghelp.dll
2014-03-13 15:08 - 2014-01-27 19:00 - 01238016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbghelp.dll
2014-03-13 15:08 - 2014-01-27 17:58 - 05770752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-03-13 15:08 - 2014-01-27 17:50 - 06640640 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-03-13 15:08 - 2014-01-27 13:45 - 00386722 _____ () C:\Windows\system32\ApnDatabase.xml
2014-03-13 15:08 - 2014-01-18 01:04 - 00764864 _____ (Microsoft Corporation) C:\Windows\system32\mfmpeg2srcsnk.dll
2014-03-13 15:08 - 2014-01-17 23:54 - 00669352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmpeg2srcsnk.dll
2014-03-13 15:08 - 2013-12-21 16:51 - 06353960 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe
2014-03-13 15:08 - 2013-12-21 10:54 - 00447488 _____ (Microsoft Corporation) C:\Windows\system32\sppcomapi.dll
2014-03-13 15:08 - 2013-12-20 12:18 - 01643584 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2014-03-13 15:08 - 2013-12-20 12:18 - 01507704 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-03-13 15:08 - 2013-10-31 02:29 - 00236888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2014-03-13 15:08 - 2013-10-31 02:29 - 00124760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys
2014-03-13 15:08 - 2013-10-31 02:28 - 00035856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2014-03-11 17:09 - 2014-03-11 17:09 - 03821624 _____ () C:\Users\Va1nn\Downloads\battlelog-web-plugins_2.3.2_131.exe
2014-03-05 20:52 - 2014-03-05 20:52 - 00008867 _____ () C:\Users\Va1nn\Downloads\Enders_Game_2013_720p_BluRay_x264_YIFY_mp4.torrent
2014-03-03 18:46 - 2014-03-03 18:46 - 00000000 ____D () C:\ProgramData\ATI
2014-03-03 18:44 - 2014-03-03 18:44 - 00060993 _____ () C:\Windows\SysWOW64\CCCInstall_201403031744096947.log
2014-03-03 18:44 - 2014-03-03 18:44 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-03-03 16:39 - 2014-03-03 16:44 - 300632259 _____ (AMD Inc.) C:\Users\Va1nn\Downloads\amd_catalyst_14.2_beta1.3.exe
2014-02-28 21:11 - 2014-02-28 21:11 - 00000000 ____D () C:\Users\Va1nn\AppData\Roaming\TeamViewer
2014-02-28 21:10 - 2014-02-28 21:11 - 04385776 _____ (TeamViewer) C:\Users\Va1nn\Downloads\TeamViewerQS_nl.exe
2014-02-28 16:46 - 2014-02-28 16:47 - 22357360 _____ () C:\Users\Va1nn\Downloads\Joey Dale - Watcha Called Me, Shockwave EP (Original Mixes) [ZIPPY-MUSIC.COM].zip
 
==================== One Month Modified Files and Folders =======
 
2014-03-30 16:32 - 2014-03-29 18:41 - 00011671 _____ () C:\Users\Va1nn\Downloads\FRST.txt
2014-03-30 16:32 - 2014-03-29 18:41 - 00000000 ____D () C:\FRST
2014-03-30 16:22 - 2014-03-30 15:12 - 00000000 ____D () C:\Users\Va1nn\AppData\Roaming\Origin
2014-03-30 16:08 - 2013-11-22 16:52 - 00001068 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-30 16:02 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\sru
2014-03-30 15:54 - 2014-03-25 17:49 - 00245987 _____ () C:\Windows\WindowsUpdate.log
2014-03-30 15:17 - 2013-11-22 16:28 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-289169897-1255528339-1447242423-1001
2014-03-30 15:16 - 2014-03-30 15:16 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-03-30 15:16 - 2013-09-30 06:24 - 01848216 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-30 15:16 - 2013-09-30 06:00 - 00817794 _____ () C:\Windows\system32\perfh013.dat
2014-03-30 15:16 - 2013-09-30 06:00 - 00166026 _____ () C:\Windows\system32\perfc013.dat
2014-03-30 15:15 - 2014-03-30 15:16 - 02347384 _____ (ESET) C:\Users\Va1nn\Desktop\esetsmartinstaller_enu.exe
2014-03-30 15:15 - 2014-03-30 15:15 - 02347384 _____ (ESET) C:\Users\Va1nn\Downloads\esetsmartinstaller_enu.exe
2014-03-30 15:14 - 2013-11-22 16:53 - 00002223 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-30 15:12 - 2014-03-25 20:34 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-30 15:12 - 2013-11-22 20:48 - 00000000 ____D () C:\Users\Va1nn\AppData\Roaming\Raptr
2014-03-30 15:12 - 2013-11-22 16:58 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-03-30 15:12 - 2013-11-22 16:52 - 00001064 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-30 15:12 - 2013-08-22 16:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-30 14:55 - 2013-11-22 16:58 - 00000000 ____D () C:\ProgramData\Origin
2014-03-30 12:57 - 2014-03-25 17:44 - 00000000 ____D () C:\ProgramData\MFAData
2014-03-29 18:42 - 2014-03-29 18:42 - 00033721 _____ () C:\Users\Va1nn\Downloads\Addition.txt
2014-03-29 18:41 - 2014-03-29 18:41 - 02157056 _____ (Farbar) C:\Users\Va1nn\Downloads\FRST64.exe
2014-03-28 16:39 - 2013-11-22 17:13 - 00214392 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-03-28 15:59 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-03-27 23:13 - 2013-11-22 16:47 - 00000000 ____D () C:\Users\Va1nn\AppData\Roaming\TS3Client
2014-03-27 21:33 - 2013-11-22 17:13 - 00214392 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2014-03-26 20:54 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-03-25 21:46 - 2014-03-25 21:46 - 00000742 _____ () C:\Users\Va1nn\Desktop\JRT.txt
2014-03-25 21:42 - 2014-03-25 21:42 - 00000000 ____D () C:\Windows\ERUNT
2014-03-25 21:40 - 2014-03-25 21:40 - 01038974 _____ (Thisisu) C:\Users\Va1nn\Downloads\JRT.exe
2014-03-25 21:27 - 2014-03-25 21:27 - 00714207 _____ () C:\Users\Va1nn\Downloads\pbsetup (1).zip
2014-03-25 21:22 - 2014-03-25 21:22 - 00714207 _____ () C:\Users\Va1nn\Downloads\pbsetup.zip
2014-03-25 21:17 - 2013-11-22 16:56 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins
2014-03-25 21:16 - 2014-03-25 21:16 - 03822704 _____ () C:\Users\Va1nn\Downloads\battlelog-web-plugins_2.3.2_133.exe
2014-03-25 21:06 - 2014-03-25 21:06 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2014-03-25 21:00 - 2014-03-25 21:00 - 00002376 _____ () C:\Windows\system32\.crusader
2014-03-25 21:00 - 2014-03-25 20:56 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-03-25 20:55 - 2014-03-25 20:54 - 10820032 _____ (SurfRight B.V.) C:\Users\Va1nn\Downloads\HitmanPro_x64.exe
2014-03-25 20:42 - 2013-08-22 17:36 - 00000000 ___RD () C:\Windows\DesktopTileResources
2014-03-25 20:33 - 2014-03-25 20:33 - 00001114 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-25 20:33 - 2014-03-25 20:33 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-25 20:33 - 2014-03-25 20:33 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-03-25 20:33 - 2014-03-25 20:32 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Va1nn\Downloads\mb3-setup-1878.1878-3.5.1.2522.exe
2014-03-25 20:19 - 2014-03-25 20:18 - 00000000 ____D () C:\AdwCleaner
2014-03-25 20:16 - 2013-11-28 23:33 - 00000000 ____D () C:\Users\Va1nn\AppData\Roaming\vlc
2014-03-25 19:45 - 2013-11-22 16:23 - 00000987 _____ () C:\Users\Va1nn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-03-25 19:39 - 2014-03-25 19:39 - 01950720 _____ () C:\Users\Va1nn\Downloads\adwcleaner (1).exe
2014-03-25 19:36 - 2014-03-25 19:35 - 05192353 _____ (Swearware) C:\Users\Va1nn\Downloads\ComboFix.exe
2014-03-25 17:48 - 2014-03-25 17:44 - 00000000 ____D () C:\Users\Va1nn\AppData\Local\Avg2014
2014-03-25 17:48 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-03-25 17:47 - 2014-03-25 17:46 - 00000000 ____D () C:\ProgramData\AVG2014
2014-03-25 17:46 - 2014-03-25 17:46 - 00000991 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-03-25 17:46 - 2014-03-25 17:46 - 00000000 ___HD () C:\$AVG
2014-03-25 17:46 - 2014-03-25 17:46 - 00000000 ____D () C:\Users\Va1nn\AppData\Roaming\TuneUp Software
2014-03-25 17:46 - 2014-03-25 17:46 - 00000000 ____D () C:\Users\Va1nn\AppData\Roaming\AVG2014
2014-03-25 17:46 - 2014-03-25 17:46 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-03-25 17:46 - 2013-08-22 17:36 - 00000000 ___HD () C:\Windows\ELAMBKUP
2014-03-25 17:44 - 2014-03-25 17:44 - 04471880 _____ (AVG Technologies) C:\Users\Va1nn\Downloads\avg_free_stb_all_2014_4354_cnet.exe
2014-03-25 17:44 - 2014-03-25 17:44 - 00000000 ____D () C:\Users\Va1nn\AppData\Local\MFAData
2014-03-24 22:02 - 2013-11-22 23:07 - 00000000 ____D () C:\Users\Va1nn\AppData\Roaming\BitComet
2014-03-24 21:34 - 2014-03-24 21:34 - 00036851 _____ () C:\Users\Va1nn\Downloads\[kickass.to]the.walking.dead.s04e15.hdtv.x264.2hd.ettv.torrent
2014-03-20 19:50 - 2014-03-20 19:44 - 00000000 ____D () C:\Users\Va1nn\AppData\Roaming\Belastingdienst
2014-03-20 19:44 - 2014-03-20 19:44 - 00000000 ____D () C:\Users\Va1nn\Documents\Belastingdienst
2014-03-20 19:43 - 2014-03-20 19:43 - 02836400 _____ (Belastingdienst) C:\Users\Va1nn\Downloads\ib2013_win_setup.exe
2014-03-20 19:43 - 2014-03-20 19:43 - 00001427 _____ () C:\Users\Public\Desktop\Aangifte inkomstenbelasting 2013.lnk
2014-03-20 19:43 - 2014-03-20 19:43 - 00000000 ____D () C:\Program Files (x86)\Belastingdienst
2014-03-20 16:41 - 2014-03-20 16:41 - 00028824 _____ () C:\Users\Va1nn\Downloads\captain-america-the-first-avenger_dutch-491747.zip
2014-03-20 16:22 - 2014-03-20 16:22 - 00016377 _____ () C:\Users\Va1nn\Downloads\Captain_America_-_The_First_Avenger_(2011).torrent
2014-03-20 16:20 - 2014-03-20 16:20 - 00020347 _____ () C:\Users\Va1nn\Downloads\[kickass.to]the.blacklist.s01e16.hdtv.x264.lol.ettv.torrent
2014-03-20 16:16 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\rescache
2014-03-19 22:55 - 2013-11-22 16:23 - 00000000 ____D () C:\Users\Va1nn
2014-03-19 16:46 - 2014-03-19 16:46 - 03821624 _____ () C:\Users\Va1nn\Downloads\battlelog-web-plugins_2.3.2_131 (1).exe
2014-03-19 16:41 - 2013-11-22 16:23 - 00000000 ___RD () C:\Users\Va1nn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-19 16:41 - 2013-11-22 16:23 - 00000000 ___RD () C:\Users\Va1nn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-19 16:41 - 2013-08-22 17:36 - 00000000 ___RD () C:\Windows\ToastData
2014-03-19 16:09 - 2013-11-22 20:01 - 00000000 ____D () C:\Windows\Minidump
2014-03-19 14:11 - 2014-03-19 14:11 - 00019403 _____ () C:\Users\Va1nn\Downloads\the.blacklist.the.judge.(2014).dut.1cd.(5576370).zip
2014-03-19 12:53 - 2014-03-19 12:53 - 00019731 _____ () C:\Users\Va1nn\Downloads\the.blacklist.madeline.pratt.(2014).dut.1cd.(5567255).zip
2014-03-18 19:44 - 2013-11-22 16:41 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-18 19:43 - 2013-11-22 16:41 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-17 21:38 - 2014-03-17 21:38 - 00029375 _____ () C:\Users\Va1nn\Downloads\The Walking Dead - 04x14 - The Grove.HDTV REMARKABLE.Dutch.orig.Addic7ed.com.srt
2014-03-17 21:33 - 2014-03-17 21:32 - 00000000 ____D () C:\ProgramData\InstallMate
2014-03-17 21:32 - 2014-03-17 21:32 - 00000000 ____D () C:\Users\Va1nn\AppData\Local\Comodo
2014-03-17 21:32 - 2014-03-17 21:32 - 00000000 ____D () C:\Users\Gast\AppData\Local\Torch
2014-03-17 21:32 - 2014-03-17 21:32 - 00000000 ____D () C:\Users\Gast\AppData\Local\Google
2014-03-17 21:32 - 2014-03-17 21:32 - 00000000 ____D () C:\Users\Gast\AppData\Local\Comodo
2014-03-17 21:32 - 2014-03-17 21:32 - 00000000 ____D () C:\Users\Gast
2014-03-17 21:32 - 2014-03-17 21:32 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch
2014-03-17 21:32 - 2014-03-17 21:32 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-03-17 21:32 - 2014-03-17 21:32 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-03-17 21:32 - 2014-03-17 21:32 - 00000000 ____D () C:\Users\Administrator
2014-03-17 21:32 - 2013-11-22 16:52 - 00000000 ____D () C:\Users\Va1nn\AppData\Local\Google
2014-03-17 17:02 - 2014-03-17 17:02 - 00000000 ____D () C:\Users\Va1nn\Documents\Sports Interactive
2014-03-17 17:02 - 2014-03-17 17:02 - 00000000 ____D () C:\Users\Va1nn\AppData\Roaming\Sports Interactive
2014-03-17 17:02 - 2014-03-17 17:02 - 00000000 ____D () C:\Users\Va1nn\AppData\Local\Sports Interactive
2014-03-17 17:02 - 2014-03-17 17:02 - 00000000 ____D () C:\Users\Public\Documents\Sports Interactive
2014-03-17 16:35 - 2014-03-17 16:35 - 00000202 _____ () C:\Users\Va1nn\Desktop\Football Manager 2013.url
2014-03-17 16:35 - 2014-03-17 16:35 - 00000000 ____D () C:\Users\Va1nn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-03-14 14:04 - 2014-01-28 19:31 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-14 14:04 - 2014-01-28 19:31 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-14 14:04 - 2013-08-22 16:44 - 00336056 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-13 23:13 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-13 23:13 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-13 23:13 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-03-13 23:13 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-03-13 19:18 - 2013-11-22 16:46 - 00000000 ____D () C:\Users\Va1nn\AppData\Local\TeamSpeak 3 Client
2014-03-11 17:09 - 2014-03-11 17:09 - 03821624 _____ () C:\Users\Va1nn\Downloads\battlelog-web-plugins_2.3.2_131.exe
2014-03-05 20:52 - 2014-03-05 20:52 - 00008867 _____ () C:\Users\Va1nn\Downloads\Enders_Game_2013_720p_BluRay_x264_YIFY_mp4.torrent
2014-03-05 10:26 - 2014-03-25 20:33 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-05 10:26 - 2014-03-25 20:33 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-03-05 10:26 - 2014-03-25 20:33 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-05 00:53 - 2013-08-22 17:38 - 00693240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-05 00:53 - 2013-08-22 17:38 - 00105464 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-03 18:46 - 2014-03-03 18:46 - 00000000 ____D () C:\ProgramData\ATI
2014-03-03 18:44 - 2014-03-03 18:44 - 00060993 _____ () C:\Windows\SysWOW64\CCCInstall_201403031744096947.log
2014-03-03 18:44 - 2014-03-03 18:44 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-03-03 18:44 - 2013-11-22 16:35 - 00000000 ____D () C:\Program Files\ATI Technologies
2014-03-03 18:43 - 2013-11-22 16:37 - 00000000 ____D () C:\ProgramData\AMD
2014-03-03 18:40 - 2013-11-22 16:34 - 00000000 ____D () C:\AMD
2014-03-03 16:44 - 2014-03-03 16:39 - 300632259 _____ (AMD Inc.) C:\Users\Va1nn\Downloads\amd_catalyst_14.2_beta1.3.exe
2014-03-01 08:05 - 2014-03-13 15:08 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-01 06:58 - 2014-03-13 15:08 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-01 06:30 - 2014-03-13 15:08 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-01 06:17 - 2014-03-13 15:08 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-01 05:54 - 2014-03-13 15:08 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-01 05:47 - 2014-03-13 15:08 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-01 05:42 - 2014-03-13 15:08 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-01 05:18 - 2014-03-13 15:08 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-01 05:14 - 2014-03-13 15:08 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-01 05:10 - 2014-03-13 15:08 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-01 05:03 - 2014-03-13 15:08 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-01 04:57 - 2014-03-13 15:08 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-01 04:38 - 2014-03-13 15:08 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-01 04:32 - 2014-03-13 15:08 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-01 04:27 - 2014-03-13 15:08 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-01 04:25 - 2014-03-13 15:08 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-01 04:25 - 2014-03-13 15:08 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-28 21:11 - 2014-02-28 21:11 - 00000000 ____D () C:\Users\Va1nn\AppData\Roaming\TeamViewer
2014-02-28 21:11 - 2014-02-28 21:10 - 04385776 _____ (TeamViewer) C:\Users\Va1nn\Downloads\TeamViewerQS_nl.exe
2014-02-28 16:47 - 2014-02-28 16:46 - 22357360 _____ () C:\Users\Va1nn\Downloads\Joey Dale - Watcha Called Me, Shockwave EP (Original Mixes) [ZIPPY-MUSIC.COM].zip
 
Some content of TEMP:
====================
C:\Users\Va1nn\AppData\Local\Temp\sonarinst.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2014-03-13 15:08] - [2014-01-31 18:15] - 0311640 ___AC (Microsoft Corporation) C85C075DE5B6D0FE116043054DE8EE02
 
 
 
LastRegBack: 2014-03-27 16:09
 
==================== End Of Log ============================


#7 vainn

vainn
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:21 PM

Posted 30 March 2014 - 09:34 AM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by Va1nn at 2014-03-29 17:42:01
Running from C:\Users\Va1nn\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
 
==================== Installed Programs ======================
 
Aangifte inkomstenbelasting 2013 (HKLM-x32\...\Aangifte inkomstenbelasting 2013) (Version:  - Belastingdienst)
Action! (HKLM-x32\...\Mirillis Action!) (Version: 1.17.4 - Mirillis)
AMD Accelerated Video Transcoding (Version: 13.30.100.40223 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2014.0223.2239.40626 - Uw bedrijfsnaam) Hidden
AMD Catalyst Install Manager (HKLM\...\{A081D35B-0AF0-588A-D0D6-259D25C03E50}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AMD Fuel (Version: 2014.0223.2239.40626 - Uw bedrijfsnaam) Hidden
AMD OverDrive (HKLM-x32\...\{34D5220A-58D0-473C-90E4-15136C3FB0E3}) (Version: 4.3.1.0690 - Advanced Micro Devices, Inc.)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4354 - AVG Technologies)
AVG 2014 (Version: 14.0.3722 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4354 - AVG Technologies) Hidden
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.2.0.0 - Electronic Arts)
Battlefield: Bad Company™ 2 (HKLM-x32\...\{3AC8457C-0385-4BEA-A959-E095F05D6D67}) (Version: 1.0.1.0 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.2 - EA Digital Illusions CE AB)
BF4 Settings Editor (HKLM\...\{EF4C9459-47DE-4FCD-B9E0-CEB5BA03FC64}) (Version: 1.1 - Realmware)
BitComet 1.35 64-bit (HKLM-x32\...\BitComet_x64) (Version: 1.35 - CometNetwork)
Burn4Free DVD Burning 6.8.0.0 (HKLM-x32\...\Burn4Free DVD Burning_is1) (Version:  - Sakysoft s.r.l.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2014.0223.2239.40626 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2014.0223.2239.40626 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2014.0223.2239.40626 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2014.0223.2238.40626 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2014.0223.2238.40626 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2014.0223.2238.40626 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2014.0223.2238.40626 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2014.0223.2238.40626 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2014.0223.2238.40626 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2014.0223.2238.40626 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2014.0223.2238.40626 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2014.0223.2238.40626 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2014.0223.2238.40626 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2014.0223.2238.40626 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2014.0223.2238.40626 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2014.0223.2238.40626 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2014.0223.2238.40626 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2014.0223.2238.40626 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2014.0223.2238.40626 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2014.0223.2238.40626 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2014.0223.2238.40626 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2014.0223.2238.40626 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2014.0223.2238.40626 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2014.0223.2238.40626 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2014.0223.2238.40626 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2014.0223.2239.40626 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.10 - Piriform)
CPUID CPU-Z 1.68 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
Football Manager 2013 (HKLM-x32\...\Steam App 207890) (Version:  - Sports Interactive)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
GS Supporter 1.80 (HKLM-x32\...\{5F189DF5-2D05-472B-9091-84D9848AE48B}{e9f32388}) (Version:  - Certified Publisher) <==== ATTENTION
Hercules DJ Products Series drivers (HKLM-x32\...\{33999F1F-EA46-4E55-A239-1BA803235396}) (Version: 2.HDJS.2013 - Hercules)
HydraVision (x32 Version: 4.2.252.0 - Advanced Micro Devices, Inc.) Hidden
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
K-Lite Codec Pack 10.3.0 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.3.0 - )
Logitech Gaming Software (Version: 8.45.88 - Logitech Inc.) Hidden
Logitech Gaming Software 8.50 (HKLM\...\Logitech Gaming Software) (Version: 8.50.281 - Logitech Inc.)
Malwarebytes Anti-Malware versie 2.00.0.1000 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.00.0.1000 - Malwarebytes Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.3.11.2762 - Electronic Arts, Inc.)
PokerStars.eu (HKLM-x32\...\PokerStars.eu) (Version:  - PokerStars.eu)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.988 - Even Balance, Inc.)
Raptr (HKLM-x32\...\Raptr) (Version:  - )
Setup - Final Fantasy VIII Steam Edition © SQUARE ENIX ... (HKLM-x32\...\Setup - Final Fantasy VIII Steam Edition © SQUARE ENIX ...) (Version: ... - Eidos Interactive)
Skype™ 6.13 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.13.104 - Skype Technologies S.A.)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
TeamSpeak 3 Client (HKCU\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
VirtualDJ PRO Full (HKLM-x32\...\{C515E2A3-4878-4C85-A519-52630C7AB08B}) (Version: 7.3 - Atomix Productions)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.1.0 (HKLM-x32\...\VLC media player) (Version: 2.1.0 - VideoLAN)
WinRAR 5.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
 
==================== Restore Points  =========================
 
16-03-2014 08:57:40 Windows Update
17-03-2014 14:59:40 DirectX is geïnstalleerd.
24-03-2014 16:48:19 Gepland controlepunt
 
==================== Hosts content: ==========================
 
2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {199F4E4E-F0EE-4AB3-80FF-59A8F854F0DB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-22] (Google Inc.)
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {505AF2E0-62CB-4700-8F4C-51EB031FA6A8} - \GoforFilesUpdate No Task File
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {842D80CA-327A-4D84-BE10-28574EE2AABC} - System32\Tasks\Origin => C:\Users\Va1nn\AppData\Roaming\Origin\update.vbe [2014-01-27] () <==== ATTENTION
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {97D7A12C-A023-4902-A010-BDE3F3101B5F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-01-21] (Piriform Ltd)
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {BECC95B3-75BC-41E3-ABC1-79430B5DC0EC} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-03-18] (Microsoft Corporation)
Task: {C3A1E8B2-98C5-47EC-9562-F79F347D355F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-22] (Google Inc.)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-02-23 22:42 - 2014-02-23 22:42 - 00214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2013-11-04 15:03 - 2013-11-04 15:03 - 00818688 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2013-11-04 15:03 - 2013-11-04 15:03 - 03650560 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2014-01-08 06:46 - 2014-01-08 06:46 - 00137584 _____ () C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe
2013-11-22 16:13 - 2013-12-18 19:48 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-02-23 22:41 - 2014-02-23 22:41 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2014-01-08 06:47 - 2014-01-08 06:47 - 00625000 _____ () C:\Program Files (x86)\AMD\OverDrive\Device.dll
2014-01-08 06:48 - 2014-01-08 06:48 - 03860848 _____ () C:\Program Files (x86)\AMD\OverDrive\Platform.dll
2014-01-08 06:49 - 2014-01-08 06:49 - 01587560 _____ () C:\Program Files (x86)\AMD\OverDrive\QtCore4.dll
2014-01-08 06:49 - 2014-01-08 06:49 - 06441320 _____ () C:\Program Files (x86)\AMD\OverDrive\QtGui4.dll
2014-01-08 06:50 - 2014-01-08 06:50 - 00362856 _____ () C:\Program Files (x86)\AMD\OverDrive\QtXml4.dll
2014-01-29 14:38 - 2014-03-07 14:02 - 00962560 _____ () C:\Program Files (x86)\Origin\platforms\qwindows.dll
2014-01-29 14:38 - 2014-03-07 14:02 - 00024064 _____ () C:\Program Files (x86)\Origin\imageformats\qgif.dll
2014-01-29 14:38 - 2014-03-07 14:02 - 00025088 _____ () C:\Program Files (x86)\Origin\imageformats\qico.dll
2014-01-29 14:38 - 2014-03-07 14:02 - 00217088 _____ () C:\Program Files (x86)\Origin\imageformats\qjpeg.dll
2014-01-29 14:38 - 2014-03-07 14:02 - 00261632 _____ () C:\Program Files (x86)\Origin\imageformats\qmng.dll
2014-01-29 14:38 - 2014-03-07 14:02 - 00019968 _____ () C:\Program Files (x86)\Origin\imageformats\qtga.dll
2014-01-29 14:38 - 2014-03-07 14:02 - 00302592 _____ () C:\Program Files (x86)\Origin\imageformats\qtiff.dll
2014-01-29 14:38 - 2014-03-07 14:02 - 00018944 _____ () C:\Program Files (x86)\Origin\imageformats\qwbmp.dll
2014-01-31 15:24 - 2014-01-31 15:24 - 00094208 _____ () C:\Program Files (x86)\ATI Technologies\HydraVision\HydraNln.dll
2010-11-22 23:56 - 2010-11-22 23:56 - 00087040 _____ () C:\Program Files (x86)\Raptr\_ctypes.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00043008 _____ () C:\Program Files (x86)\Raptr\_socket.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00805376 _____ () C:\Program Files (x86)\Raptr\_ssl.pyd
2012-06-22 22:53 - 2012-06-22 22:53 - 05812736 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtGui.pyd
2012-06-22 22:24 - 2012-06-22 22:24 - 00067584 _____ () C:\Program Files (x86)\Raptr\sip.pyd
2012-06-22 22:39 - 2012-06-22 22:39 - 01662464 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtCore.pyd
2012-06-22 22:55 - 2012-06-22 22:55 - 00494592 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtNetwork.pyd
2010-11-22 23:57 - 2010-11-22 23:57 - 00096256 _____ () C:\Program Files (x86)\Raptr\win32api.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00110592 _____ () C:\Program Files (x86)\Raptr\pywintypes26.dll
2010-11-22 23:56 - 2010-11-22 23:56 - 00324608 _____ () C:\Program Files (x86)\Raptr\PIL._imaging.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00356864 _____ () C:\Program Files (x86)\Raptr\_hashlib.pyd
2010-11-22 23:57 - 2010-11-22 23:57 - 00036352 _____ () C:\Program Files (x86)\Raptr\win32process.pyd
2010-11-22 23:57 - 2010-11-22 23:57 - 00111104 _____ () C:\Program Files (x86)\Raptr\win32file.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00124928 _____ () C:\Program Files (x86)\Raptr\_elementtree.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00127488 _____ () C:\Program Files (x86)\Raptr\pyexpat.pyd
2012-02-06 21:28 - 2012-02-06 21:28 - 00031744 _____ () C:\Program Files (x86)\Raptr\Crypto.Cipher.AES.pyd
2012-02-06 21:28 - 2012-02-06 21:28 - 00010752 _____ () C:\Program Files (x86)\Raptr\Crypto.Random.OSRNG.winrandom.pyd
2012-02-06 21:28 - 2012-02-06 21:28 - 00011264 _____ () C:\Program Files (x86)\Raptr\Crypto.Util._counter.pyd
2011-05-10 20:01 - 2011-05-10 20:01 - 00030208 _____ () C:\Program Files (x86)\Raptr\simplejson._speedups.pyd
2012-06-22 22:59 - 2012-06-22 22:59 - 00313856 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtWebKit.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00044544 _____ () C:\Program Files (x86)\Raptr\_sqlite3.pyd
2011-02-15 19:17 - 2011-02-15 19:17 - 00417501 _____ () C:\Program Files (x86)\Raptr\sqlite3.dll
2010-11-22 23:56 - 2010-11-22 23:56 - 00354304 _____ () C:\Program Files (x86)\Raptr\pythoncom26.dll
2010-11-22 23:57 - 2010-11-22 23:57 - 00016384 _____ () C:\Program Files (x86)\Raptr\win32trace.pyd
2010-11-22 23:57 - 2010-11-22 23:57 - 00167936 _____ () C:\Program Files (x86)\Raptr\win32gui.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00009216 _____ () C:\Program Files (x86)\Raptr\winsound.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00010240 _____ () C:\Program Files (x86)\Raptr\select.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00583680 _____ () C:\Program Files (x86)\Raptr\unicodedata.pyd
2013-11-21 01:05 - 2013-11-21 01:05 - 00256000 _____ () C:\Program Files (x86)\Raptr\amd_ags.dll
2010-11-22 23:57 - 2010-11-22 23:57 - 00263168 _____ () C:\Program Files (x86)\Raptr\win32com.shell.shell.pyd
2010-11-22 23:57 - 2010-11-22 23:57 - 00141312 _____ () C:\Program Files (x86)\Raptr\gobject._gobject.pyd
2012-10-27 08:53 - 2012-10-27 08:53 - 02717595 _____ () C:\Program Files (x86)\Raptr\heliotrope._purple.pyd
2011-02-15 19:17 - 2011-02-15 19:17 - 01213633 _____ () C:\Program Files (x86)\Raptr\libxml2-2.dll
2010-11-23 00:06 - 2010-11-23 00:06 - 00055808 _____ () C:\Program Files (x86)\Raptr\zlib1.dll
2013-05-10 00:52 - 2013-05-10 00:52 - 00495680 _____ () C:\Program Files (x86)\Raptr\plugins\libaim.dll
2013-05-10 00:52 - 2013-05-10 00:52 - 01183699 _____ () C:\Program Files (x86)\Raptr\liboscar.dll
2013-05-10 00:52 - 2013-05-10 00:52 - 00483306 _____ () C:\Program Files (x86)\Raptr\plugins\libicq.dll
2013-05-03 19:57 - 2013-05-03 19:57 - 00655356 _____ () C:\Program Files (x86)\Raptr\plugins\libirc.dll
2013-05-03 19:56 - 2013-05-03 19:56 - 01306387 _____ () C:\Program Files (x86)\Raptr\plugins\libmsn.dll
2013-05-03 19:56 - 2013-05-03 19:56 - 00565461 _____ () C:\Program Files (x86)\Raptr\plugins\libxmpp.dll
2013-05-03 19:57 - 2013-05-03 19:57 - 01640221 _____ () C:\Program Files (x86)\Raptr\libjabber.dll
2013-05-03 19:56 - 2013-05-03 19:56 - 00506276 _____ () C:\Program Files (x86)\Raptr\plugins\libyahoo.dll
2013-05-03 19:57 - 2013-05-03 19:57 - 01053730 _____ () C:\Program Files (x86)\Raptr\libymsg.dll
2013-05-03 19:57 - 2013-05-03 19:57 - 00497782 _____ () C:\Program Files (x86)\Raptr\plugins\libyahoojp.dll
2013-05-03 19:57 - 2013-05-03 19:57 - 00603326 _____ () C:\Program Files (x86)\Raptr\plugins\ssl-nss.dll
2013-05-03 19:57 - 2013-05-03 19:57 - 00474199 _____ () C:\Program Files (x86)\Raptr\plugins\ssl.dll
2014-03-15 19:10 - 2014-03-15 01:50 - 00051016 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll
2014-03-15 19:10 - 2014-03-15 01:50 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libglesv2.dll
2014-03-15 19:10 - 2014-03-15 01:50 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libegl.dll
2014-03-15 19:10 - 2014-03-15 01:50 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll
2014-03-15 19:10 - 2014-03-15 01:50 - 13637448 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll
2014-03-15 19:10 - 2014-03-15 01:50 - 04061000 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll
2014-03-15 19:10 - 2014-03-15 01:50 - 00394568 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== Disabled items from MSCONFIG ==============
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/28/2014 02:59:34 PM) (Source: Desktop Window Manager) (User: )
Description: Er is een onherstelbare fout (0x8898008d) opgetreden
 
Error: (03/27/2014 03:09:27 PM) (Source: Microsoft-Windows-Defrag) (User: )
Description: Het volume \\?\Volume{54831694-5381-11e3-824f-806e6f6e6963}\ is niet geoptimaliseerd, omdat er een fout is opgetreden: De parameter is onjuist. (0x80070057)
 
Error: (03/25/2014 08:07:13 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: Cannot update Object List value of SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance key. The first DWORD in the Data section contains the error code and the second DWORD contains the updated value.
 
Error: (03/25/2014 08:07:13 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: Cannot update First Help value of SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance key. The first DWORD in the Data section contains the error code and the second DWORD contains the updated value.
 
Error: (03/25/2014 08:07:13 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: Cannot update First Counter value of SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance key. The first DWORD in the Data section contains the error code and the second DWORD contains the updated value.
 
Error: (03/25/2014 08:07:13 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: Cannot update Last Help value of SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance key. The first DWORD in the Data section contains the error code and the second DWORD contains the updated value.
 
Error: (03/25/2014 08:07:13 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: Cannot update Last Counter value of SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance key. The first DWORD in the Data section contains the error code and the second DWORD contains the updated value.
 
Error: (03/25/2014 05:07:18 PM) (Source: Perflib) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
 
Error: (03/25/2014 02:54:08 PM) (Source: Desktop Window Manager) (User: )
Description: Er is een onherstelbare fout (0x8898008d) opgetreden
 
Error: (03/24/2014 05:48:20 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: De service Cryptografische services is mislukt tijdens het verwerken van aanroep OnIdentity() op het object System Writer.
 
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Toegang geweigerd.
.
 
 
System errors:
=============
Error: (03/29/2014 03:40:47 PM) (Source: DCOM) (User: Dennis)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
 
Error: (03/29/2014 03:40:17 PM) (Source: DCOM) (User: Dennis)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
 
Error: (03/28/2014 04:40:59 PM) (Source: DCOM) (User: Dennis)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
 
Error: (03/28/2014 04:40:29 PM) (Source: DCOM) (User: Dennis)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
 
Error: (03/27/2014 03:10:26 PM) (Source: DCOM) (User: Dennis)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
 
Error: (03/27/2014 03:09:56 PM) (Source: DCOM) (User: Dennis)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
 
Error: (03/26/2014 07:54:35 PM) (Source: DCOM) (User: Dennis)
Description: toepassingsspecifiekLokaalStarten{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}DennisVa1nnS-1-5-21-289169897-1255528339-1447242423-1001LocalHost (via LRPC)Niet beschikbaarNiet beschikbaar
 
Error: (03/26/2014 05:58:50 PM) (Source: DCOM) (User: Dennis)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
 
Error: (03/25/2014 08:28:13 PM) (Source: Service Control Manager) (User: )
Description: ScRegSetValueExW-oproep voor FailureActions is niet geslaagd vanwege deze fout: 
%%5.
 
Error: (03/25/2014 08:26:20 PM) (Source: Service Control Manager) (User: )
Description: ScRegSetValueExW-oproep voor Type is niet geslaagd vanwege deze fout: 
%%5.
 
 
Microsoft Office Sessions:
=========================
Error: (03/28/2014 02:59:34 PM) (Source: Desktop Window Manager)(User: )
Description: 0x8898008d
 
Error: (03/27/2014 03:09:27 PM) (Source: Microsoft-Windows-Defrag)(User: )
Description: \\?\Volume{54831694-5381-11e3-824f-806e6f6e6963}\De parameter is onjuist. (0x80070057)
 
Error: (03/25/2014 08:07:13 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: Object ListSYSTEM\CurrentControlSet\Services\WmiApRpl\Performance8050000000E0E0000
 
Error: (03/25/2014 08:07:13 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: First HelpSYSTEM\CurrentControlSet\Services\WmiApRpl\Performance1205000000131E0000F90D0000
 
Error: (03/25/2014 08:07:13 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: First CounterSYSTEM\CurrentControlSet\Services\WmiApRpl\Performance1205000000121E0000E50D0000
 
Error: (03/25/2014 08:07:13 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: Last HelpSYSTEM\CurrentControlSet\Services\WmiApRpl\Performance1205000000B91E0000D10D0000
 
Error: (03/25/2014 08:07:13 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: Last CounterSYSTEM\CurrentControlSet\Services\WmiApRpl\Performance1205000000B81E0000BD0D0000
 
Error: (03/25/2014 05:07:18 PM) (Source: Perflib)(User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
 
Error: (03/25/2014 02:54:08 PM) (Source: Desktop Window Manager)(User: )
Description: 0x8898008d
 
Error: (03/24/2014 05:48:20 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Toegang geweigerd.
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-03-20 15:14:46.414
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-03-20 15:14:46.389
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-03-20 15:13:58.653
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-03-20 15:13:58.628
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-03-20 15:13:58.532
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-03-20 15:13:58.508
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-03-20 15:13:58.475
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-03-20 15:13:58.451
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-03-20 15:13:58.312
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-03-20 15:13:58.240
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 51%
Total physical RAM: 4094.11 MB
Available physical RAM: 1998.87 MB
Total Pagefile: 8190.11 MB
Available Pagefile: 4798.09 MB
Total Virtual: 131072 MB
Available Virtual: 131071.78 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:111.69 GB) (Free:18.97 GB) NTFS
Drive e: (Muziek) (Fixed) (Total:26.23 GB) (Free:17.18 GB) NTFS
Drive f: (Games) (Fixed) (Total:51.79 GB) (Free:8.49 GB) NTFS
Drive g: (Movies/Series) (Fixed) (Total:97.66 GB) (Free:16.83 GB) NTFS
Drive h: (..) (Fixed) (Total:29.3 GB) (Free:2.93 GB) NTFS
Drive i: (muziek) (Fixed) (Total:29.3 GB) (Free:3.3 GB) NTFS
Drive j: (Games 2) (Fixed) (Total:63.72 GB) (Free:8.94 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 112 GB) (Disk ID: 3A2D2D12)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=112 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: A7FDA7FD)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================


#8 vainn

vainn
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:21 PM

Posted 30 March 2014 - 09:35 AM

It seems to work all fine..
 



#9 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:21 PM

Posted 30 March 2014 - 10:48 AM

Yes it's looking good.

That's it! Your logs look clean to me at the moment.
We're gonna clean up everything now and in the end I'll provide you with a list of security tips so you hopefully will not need our help anymore in the future.


My help is free for everybody.
If you want to support me fighting against malware or buy me a beer for the assistance you received, then you can consider a donation: btn_donate_SM.gif.
Thank you!



Clean Up

Now we remove all the tools we used (including their logs and quarantine folders), restore your settings and delete old and infected system restorepoints:
  • You can uninstall programs that you had to install (e.g. MBAM or ESET Onlinescanner) in the control panel if you so wish.
  • Download DelFix (by Xplode) and save it to your Desktop.
    • Close all running programs and start delfix.exe.
    • Make sure that all available options are checked.
    • Click on Run
    • DelFix should remove all our tools and delete itself afterwards. I don't need the log file.
  • If there is still something left you can delete it manually.
Tips

I recommend to read and follow the "16 simple and easy ways to keep your computer safe and secure on the Internet" (Link) by Lawrence Abrams.

#10 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:21 PM

Posted 03 September 2014 - 07:00 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users