Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Pile File Reminder


  • This topic is locked This topic is locked
29 replies to this topic

#1 KoetjePony

KoetjePony

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:17 PM

Posted 31 March 2014 - 06:21 AM

Hello

 

I recently tried to download a game but now i have Pile File Reminder.

If i start up my computer it keeps downloading these programs Mobogenie and oxy.

I tried scanning with my virus scanner microsoft security and with malwarebytes.

I also tried to manually delete Pile File reminder but it says that i don't have permission. (deleting mobogenie and oxy works)

i took a screenshot of pilefile reminder http://i.imgur.com/Be9Q5qV.png and this is what happens if i try to delete it http://i.imgur.com/oqAnQBN.png

sry for bad english and the screenshots in Dutch


Edited by KoetjePony, 31 March 2014 - 06:21 AM.


BC AdBot (Login to Remove)

 


m

#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:17 PM

Posted 31 March 2014 - 07:08 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 
 
 
 
 
HijackThis is not the preferred initial scanning tool in this forum. With today's malware, a more comprehensive set of logs is required to determine the presence of malware.
 
 
 
 
Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)
 
  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.

 
 
 
 
 
Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.zip and extract to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt



Please attach this file to your next reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 KoetjePony

KoetjePony
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:17 PM

Posted 31 March 2014 - 09:10 AM

Here is the FRST.txt file:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by User (administrator) on UserUser on 31-03-2014 15:41:15
Running from C:\Users\User\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: Dutch Standard
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
(Hewlett-Packard Company) C:\Windows\system32\Hpservice.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Game Booster\main.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Greenshot) C:\Program Files\Greenshot\Greenshot.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM-x32\...\Run: [HP CoolSense] - C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1342008 2011-08-26] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [RazerGameBooster] - C:\Program Files (x86)\Razer\Razer Game Booster\RazerGameBooster.exe [61152 2014-02-25] (Razer Inc.)
HKLM-x32\...\Run: [mobilegeni daemon] - C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKLM\...\Policies\Explorer: [3518887414] 0x504B0304273F944DF6F5BDD198170000005000001E8EF752892C5AA9A022A47C72783691D698E27E4DE2B98D51E38D9CF831274F09D02467C162352650C41160F429AE46823D430891D7F232FFC6E56987B672F43B1228891AA72D3E0CD2DBFB7DB331C1DFEB0EA146C10AAB7A37B426584D6122C676D2B5A454A168D2BB0660F06C375F3414AF0CE01C17B7DA93A0FD237E63E0C18D182DDD916EF88B3B551DE06A0A70B8007A3E96930BFDE65BFA8EBBA939BB63FCF889FC3DB766F10CFCA3134703D40FCAE9368BB857E298EAE0AF6BE5F402D670D8154FDC6D6244FD032D428DB6D618B557697160BD13697783DC393ECF1CE7AD5F9CAEBE784663F0A0E70F2E6A7A3CF8D6373082E63D008EAB1E89E6560B3CEE4BB56F0FA2F5219AB18B867D8CCB6A0405802A98BD5DDEC0E29B0F8B1010527FD3D1431F785DEEC1F627319FAAB9971FB03B9837AD2A8123685E942BA2742C954E701911B14FAC73075C48BF973FB02A2576B799003BA0BECC2F705B0F32E164319389ABD14899FAE8A4DF7BF12CB82C56DC2E27C9C59143E587C78D22E820DE7A02AF1D1849270CABD472047291DEEC298413C73A855165AAE6A5AFCE4D946F33E24B7C122EBAB9D75D064B208FB995AAB2C138A8EAA937FB3E12B6172EC3A0D2120D571F65FBD3A5C0EA1648D80154C2D8B2B81A895E99997AC28D12B45AE88C71CAEA6F655DD4C494BA77DC6A77B91EF22FB19093B753000D9CA316D21CC40E2A971A2C7C07E5BEFDB3522D4B9603C046547F5637199DB13EAEB7B46050121564CBBBBDAA8427610FBF1E5AE2D99946EA9BD5ADEEAFADA677E80C9AC76867CFBEFB950471AA88FC36753712EC9C0B353B13C0844EECB6437F06A3CB83BBE58E975FFE608D82A6FE81C33377DF22999A86DF21A09B5695ACD9876E637E3ADA9CD77E904EFD9CE3391811B548592944B398ABC6BBE7C0CDE16F96513CB488BC6D4D3E4D2B3E23246E835645CCBE85E2110A7C1C378BB836C06618A3AD878C3248F2DD7216ECE073B522272F3246E0E6011DBB12D77147ED651EB94951C0ED51027C8370FDB0BFAA194D40505AD0CFFA5FE431F04D7FF2A85E1AECDBBFE0B10B8EEE8BF752B18188A988F2AA3BEDF57B63EC242D5413BF636DCADA4AB9A773C1BB610157BDA9060CA2EB382A21B0F1FD6B5C7C3624F720FA40F9BC55379F691E330CCB7B53359490BE032E0F68CD7AB94B3CD89C3230744A3AA36762BDD3F1E19F0A38E562827ADAB7208E52E15D205AEF7CC8B08DE77514BE3E2516F0A644A0F911A24AF2C4DCDCD79DC1439F2A7423F3DF8783BFA2C070C0EEDA57DCA3E4DBAB26542355B2B9DBDB388D1C6927CAE01E16F9655C24B882097EFE2140836D0E91599EE80B9A5CD27B6D0CA6FAF326B5BC78087FDA6A211C49FC3B89D64237EBC4A7A10466DE0BAE1A61DD648DC37029D6B4E2230144455A7156D1CDAD018F176D71A94245366B0516FC2247A2C0F5F79F08019F912B1B589CEC4E3822CB08A918E47AC51B30DD864C52A117B37D594DDFB98612029B80989FA3963DCB8A3D7DB32704DC8FDB137ADF593FBA33137C14B2EB08AB3CD1186AF4521E151238FEB7C6650BD58A82B8F7D3EFF0DE436107DBAD89DEC2DA479876573E182ADC7B0B7764C56FFE3FF50E599BE0000B22EA2E88DA6FCFB4D9D069BB11858902B8B6820F460F055D980023DA53091C1899F5B0D894F8CEB12167D5308F2820B74CF0329EAA6BB0F6846DC5F754C8943F42DD0FEB850F11E1A515C6C3A34D9B38FEC74A1B3F5B763A2A09615EEEE59C1494CE6D9DFE3478AAE8400808E7C6387FB79D1DEBB2680DE32F0F69CDB9EB62CEC6EDD14616EB5347E5B08C29F166EC599271CDA97803239C69188C9539129C744E1C739E6B2E488EC2F54C0EBFC56056E60560A4D687647AFCC46A436E3457A4FAA988B137A2D6D923386BA86F21F5091A43CF42F4BCF055C00CA3978A3EEB9965CAF5F3417CFB9FE9926DAD827A53668DB7F70CE5FE0CA6080CF2251DE3FDD440E42E60013F9282D25248B2862D8E4F77143059A32AC8016202848D82163FCC435F5223B92973C846F048C14AB9B20AE8C04252B7049E23C1F0320938DF84FF6F53572ADF449426DEC4E173F43F122CD669940ED9EB80EF77EE7F472A7B40B46A2841EC548267D3A7B719DF562A824CD4108A22D58AA73F937B460D78EB3FF96443E66EE62DCED77E241E1F9FAD56E7C3C6F585E9C7B93EF6BB29D86E3045475932258FD2B41477F46D8930FBA91A0CEE562A210D764FF20D2D9F5F6FF813D72C824D5D2B6F26E7113AFBD693EF01B4AE75C838BBC83D9DE68ED192E2FDFE357C1DDA474653CE60E254C88ABDEB743DC348717CF0238DD0BCD09335454F2AE24DF4459302A90DF6AECA9019DCC578632FBD967B8C63EC479E41400AC2956D022E21F2BE23DBD1359BB68BD4A329EBD734DBE04EEA66EE8C6F78FC9C79EEAFDAE39B1769F92A9CA91624781510505E178CF28D9CECE7B4C3ECBC63E9D38CB8EC9250131C26A8E9FC3F1F4AE6DDB484DE59C3EC1322C1FEFC2AC8BF32BBA5A662F0EB6DC6ACDA622EA5CCEDD89E336B4CD16C18F7E92905246A4AC7DB61FFCDC2676742FC0B47539B4DDF96C42A755F47D27AF8B0981ACB0B3177CCB59609D9B939A5DD6F8575EDAEC56B4EFB09433DCBA7E7528E6CA24D4FDD6797C6033F89083EEC13B12BA28D3A4766274218E05F71A92FD51572F3836FE16520EC6D9EBE78EE02F232F7EF553A742B60B2787F5694460AF8F1D4FB021F3A02446E07A053CC39ADA6DE0181DECFC15BABBB95A4767D4DA732D34D78DDAC208148A7134F8C0C0E44996D9594A18E43BA8580C536EA226129B05BF134E5B109EF225D95891B1BA6AB66829E97ABF08C89DEF7229CA82275BE5668F7D7D4E0646415309933D515DD069A0C156785C141AF8F9B57545BDF87BD8E974ECF6D239EDC24F9B10DC4A52F066DD45A6DEC78440AD68565D40A2E95046E5E0A15645050CA0A57BD63CE57A23ED3FBCF7936B5D83E9471C71D740D50DA736871C948E39C7C14A378318B20E6A778A6099C8CDEBD382C53086211E8D14C539BD0A53A6222748D93EB740E64B372E846F55F1BDC5D939527E0BFAD7247F3E39D1957E8F1D7A703F8A819E7A6C8AF4722F76F85112E24BD21BA7C574587BB7BB6563E0E2559BCDDCD03FBDF4A09F8A0A73CF1CB9E681113660E1F17859254398DB11A02D03C3178819AA9FEE43EE665B7AC3CF2F1D0CE9D350363D892EBB4B009C689E2E73FEFC3A725B69651F6178DD9FB5540128C58450D89CBCD16EB613E0519070E812B972C0B83C7F92930365EB3E003BAB51D3A2B66C54D5DC3242104132FC18C2E3BD2F111B3CE23BE79172E5FA42F9BB9FCF4487532925C86FC797C6162C85E00543DDDB43E1EE902A2D069A5A095F32AA703EF3B7E32CB80F70269EFB09C9CE216139A13441405990E11BE28870586BF85F5105437FCC7F8A1AC1D0606CD93AE460F749E405254D3A02E8E75F22338FF2F06156082897E8FA8DF968BE2FF3694E0EE0EF616EC6EFDFD537FCC0FA6CD48641FF51E66D730296BBA4091A3168257F73561AE6D42118C8B9397902528D5903237D58AEFC45065B20688DA26D0B410BE9794F3DFB16241FBB1DDB2F709B84BE85197ED0C53210369C5BD7147D99391F121E55C944CCE95D77DAEF96366182C5C20DC20A220CAE26A659AC554EA29F47A43FAF5225FF876638C4103EF2B52453FA5EDE43BFDD5876582483EFC490BDE66A0BBC80E4B7CC1D9D2C56E3E61866487D3538EF9681E154EBB234BCC90624A1C5EC0E66DD4C3FAB27220A7816B302E6856F8D0FD1DA63B5E983BD9EB2C016C51AE555D1ECAF10F915CAA44CF3EF0AC94FD787A41C8F3462FA16991B82D155B56CF31498835B761C63C5527F55119236283294A8BA345CD29C14E46B1D899B990CB573F51C46AA4D7E9C81DD696B27D3907690BF4FFE6E92389FEC70799D28F9D1DBA3A2A840830BCED9AA90F96EA9EE0FCA03312D995CEAA244AD932634CD44C876B5A6FAD07707F325AAB5B35EECFDFA4DAB9A472A53989967DDF06D04EE90A8220F729D90BD5409CEEA8B0F54DD8E6664BD07E37F79369D73676723F7D84B59EAC5E89B0F13A09344B91F0D2CCA40B1B83527EABD693608AE198B6994B2AA97DA714B1BA7F0BEB8660746E2C92DE2060F0CFE6205D72D58681DBA30103853DDBB836BEDBECBBF239AF3AF2232989797FF4DF217C22D2FBDAC001C7B126BE36750007C2AD09CD558C3CE8F81EDBF10EE3AA440480DA8C9E8055BF037F6303DE9B621446C7BCDE73CAFAFA1F766BCDDE2AB3214D6506CF40B17AF330F7229080A6C1083C53D77594AD021A31CD1082258C576A630B6A1329557387318B4B53F95DD5BC8746AAABB054C3014168852E5AC53A2F9E465B7AB3A5B9D765369AFC421EB73165B1300171A9908718C310DA2B66DA3BD3F0697ED6CF4B7FE3E136D3ACD660963F59F0782C7E81582A1EA39962F8913140556E2412330CFD36C9F644DE5E7379F7E2A7EF8C8FE35F5ED66DF4638366C874E80B17CE22DF657F5E64FEC15B856430242C764D6FB363A6FA579A55536D4959E751773E4FCA7466A526ED069AF53DB5E40C49C903E533326918B28FDEEEF318F203A041226DAF0B87304CD7D9B84CBF36AD80FE57101E7E035F254EAFCA1362C261ECAB1457E0CC4F4F95851C36D8D8BF8D82C6EC7E7FB5A33C2987576D3201AC5E5B8510BCC8B7A18C4B8C5644D8B835434035FE9FC14C0E5672FCE01C20F837B2C593403B815E44FE6B00EC3F87CFAC829B94B06E4BFC15DD2834D986942029767C2E6031D9E864C30FB3CF6B0C1338A9DE82D26E7E119386F9105ECF0ECCF9978BA0787867F34DDA97AE712720E885F491CC036E67BEEAC8917937785A7CFD1F3FB235070D0EAAE0C7D48C510DE142138E8A2CD6F9456BF2BDC3C668A53121837EA20A84353F120BF6DF07542CCEEB16181A1DB92DE1EE2764318CB376288CBBB1FF3D53E31638D13EEF1284C378EDC3B571200249CBBA6314624BDD704442F4500897D0778F1CB42E08597EBEA71903BFD571FD17222B83A7D570E9CF696B629CDA38BE58C1F5D5C995EC38EDFB6AA9B9BE73B6886C1865EAFE42924390119E60E8D34CC31116C0957B2BD6F89FED7EE48631052CD5686E5C139FA529F0476BB1DD6F313CF1A292BA0549B1BAAE8B2F91A374BFF0085D210AA91FD50F9E9E651E57190CB9F3096B40A4AE491E4BBF54D972C50024CF49AF25104E4FAE8875C530AF83471740C0912E1F8F46BA743C95A5B50996FBCACE21AAA7BDCCEDA05AA482CD997AEF200EBECC679E0017B2A600BD0F48A5C67E6847DE6BB139D3BF8F80BEC52E07A82A171CFCC56F2AB998C7973E021DAA210BA8FA60358AA8B44869351E9E64879C8FF4C494A12CECDB5271C5E8BAB188421AED9C3F63B930157FEE3DEDBFB8B5D0D1AF358E1A2966F9274831496AC8191B168FB6151A92BB525B6FF8208E973703D649F5A238DCEB518AB810EC2CAC8E96B18D0CDFD2CD55B52DA3AB5477C85CC591F400156EC687FAC981175253A3C5FF569B87BAC01C9E2FD48396EFBD50746B5B79DF9AAD3BC15A3FFF68B7A98BEEC7CDEC8C16FA1C4BB5A63E3C66F06784F19672CA14338FC5260C807975898BFABF131051A7EFE4E3810F646B1AC3BBFD95C3EF14E0045205490095BA20E64EB308E0BB236FA6825D749F6A34EF3E3213B8E761F2CBAB8B5F68F1D2CE4CAD225876442D674276BC25B2A4A392AEA15C9CD8F78FD750E1675A4146BC4216FF033CF3C3B28ED87E10881ACE95F53AA10BD53C8156CEAB97F3422B90BE0898917288A2EAF7D4A2079307B9C6010BFFEDA10147845A0B381C7ECE8CE3B80175D5DB989F5C9D6F518224F3E99DF2B0F2C6645ADA0461F1400C370B5FEAFDC5C162186E35972CA4A906C1F281067B83E43DED6883AE67081951C33C02389246FE307E747446B32E7D37DD0672DB2B025EB502ECB3C8565CA3D923E432778BF3CC83A13152D924DA0CE6EAC73F25E92AFD73A6750E77E444E44DA419C858F5448A282D6EC8F84ECD6EB183A3D1543BACBD33A20C6FA8A15D34AF84CC047CC09308F05091618FA2C598C8312EFF533F5EF2C578A479C5DF74AA439C00238D3DEB9123447E6B59023BAE78314EBD2285E3E8C498EEBB3D7E6266E49BC96AFF041A73128BFB4108B3B4BC3027A7E4704B03335BE9F8316552B0981E82522503EBD9120BD19196A36BECFB0D4DAD362095306FCA95664962E0CD5F29E1BA297A71AD64CE4B0090639583358FDF2A789A1374CE7E0826DE15D6DCE728CCD6922C6EBB4BB15E4CC598961D38BD12807E01007F20727A4380B9292B5F24CE06DF68CC361E0103060F6B5A7C2CE6F0CF19C0AAA234CBB08FEA44CFBF2704AD254EAA18E0ED64D5E09E9BBB7A0ACC894EB9B88798A466C9F53A68B73E382466DDA09C55973B061B837D2C4AAFE451D217D82220FAD54289A4449C735F0DE9CD7F4C675C1C520F03628AD70E63100BB72B8D7B72B6095ECA98FA0297B9DD11D826D89A20DC9EB792B8494669E267284160A033E1900D2EFCB365AB68EE0378F19B861FB2E64D2D643EAB80DF2E4484FC0C3B459CD2B39CB4B9D500E3470A11FC981F2DC2381B70D34EDC9DB9CA0F57183031B52D5B5153AE1893F4160B6BAA2633A596500EBB230FAB97957749E3EEDC81C058B98E8695657F80F97A34454ED07727CF87264D9C474E7F10628BFFFBF7FCDF602E5017A3228B211C44ED94984E847043733F70C1E5A5972EC9CC609B9A2C174308A02C975E36C56CE99F4F72E047CE7F9AA3FCB0A17EEBCCD9558E20E59D9063C6D0214C3AF19821596A6C43AFDC51E896567617A14F992291195F9A291FB4CDFCA0AD74AD063390F6772CD8A0E7E32D04CAF4D1BF3DF1426ED74EC6C89FF0D997EFA7E9A3DFAAEE457F962254DBAA21F46B66A223A18A975E74EA3E826C6DED1B0C4ED8DD511755FCD0178A8893A544427495A75F2111209BFBED29B63D7ED3B5AB496B5C5D931C976241EE36BF80C9D6BDCD98CDE7C7318C6AD81BE3AA537A049D65D0700F692677C074B1BD4ADB9E9153CF201669BDD259AED411BEA0D2A98F6B37DEB2825B437AE2827D2407504FF45603AD08BDB672C5B946F5AE0498D5F0395C0A4D0B5DAB7E5E1A5F8E9EF2D99AD8A639A132CF5EDD50906E2FD8B0C94856762660BD9653211C4CCFC268CE56AD9E23CC7DA892FB75A22A4367558123D57EA9F04E7B5656F22E22A68CA65D46A0AADF7AB94C0B4B3A98B41442A48DB19D7F3A17A06BD863E31F26ED1B286692F3F4482E8DA286780ED22D2E13DC434E343231CE56D6A91166A86A29939DE0E661E07C4071A7851C2D2D902A7F2A5CA74BBBC41F8F0F3D4F03EBFFEF73B7169544B71A770E73B8EA5E39C52DCAF1FAC22F398D891DEEF19C19BE319843D0691DC87EE458D64D2841855E42F04433C1E49EFC23A3619ECFF3747525466C002A70E1D477EA5165E8B6D20A9682AABC36A1FEC4D77C3E389968536541A96A049374542D1439C118C681197496632A7AB7A104C9F01DF8A1694221AE7B46998297C0BE404FAE52A49D45AB9D4622C317EB2C4B9C4C7004CAE115480003362F52430D101B79A0D05E4726D5D4F9242C78852872AB629BB7F4232C16EC36CB1C0EA351C44F827B0AA08242A60A83E0B7CE76D5CC904F370D7337008CDD89D6D580CFA76FADB7B501E6CC9EA9EF539C4F97465E163619881EBF830CAB422AC8E603F32AB15E6329B4B17F0DB74567CB8CC7CC5484E51BF55A2C72FBDA207602C6A9C6CE5C93D0022838678A475829A95EFE608DED1397E9808C0167A38F5CF887A080E823DA18D58A637AD440717B8F1384106CC3E041393EBA732ED7C2D7FA25612CC1B20187BB7E6DEAA29146F79AC95D161B32EB1CFBB6F61750595C06D20C0820083A28AC79DD0BCAB81D4E304128DF7D4E73A66162C212CD2E921D583B5530FA308178147AAB36E2AD533E808AEB7934C3A2E9EAD59F0F2FC69F6FB849425F9ED77EA82FB90BC25F060D253926D4E83A59E880898389F032EF7371E8B57123269FCE9FA1174AF96BA193F7EC46F2DAB2E7D958E2C4B621A112159329BD2A018CD2364B352145F14BEF5159C4AA0E30FA91B06E955301FB87B3DD134EF7198AFDBA14252114D87BA0B5F8EDB4DA2D90FFD1888AB937BA2E5ADD6384D2C1132E72A168D75AE366E89373BB2CFB52A962678678531EBCAAE34AF7B7DE3E8E37776321F10A9D1F431E597DE8B2CCFD4A9BCA7DDEF62460595ABF3BE6F837FE2072ACCF2D4073D1124F3569DF18B974193FEA5964444469438945281FA6D70DBDCB9008812C10EEBED14EC438022AED735D9B969F756B777F0A03E97C08CF36A9E55C7C183B27E78E8C3D6792426A595DB33FFCDA536428902A18AAAAC29C154D793C8791B191B000CFD91A8950F418A5C9216766DC77479AC2B898F159A397D7233F7F003DD5ACF0F7846E6BDDA7BF24
HKLM\...\Policies\Explorer: [3212083974] 0x504B03048D85C5B9068374BFB5110000004000001E8EF752892C5AA9A022A47C72783691D698E27E4DD2B98D51E38D9CF831274F09D02467C162352650C41160F429AE46823D430891D7F232FFC6E56987B672F43B1228891AA72D3E0CD2DBFB7DB331C1DFEB0EA1B280547A7AD6CCDA35239F39E09FCACF464BB63336503AC78B07403B9521D0DE15C002FAD7085984126129B97C3BCCE1D9FD3637123F72023542AC2F946C7562E2BEA486342225835CA2F6E8E2B06B4E5C6C1BFD2F0F42EF8AD3E078ED8E58748183CC1B154DA8BB2F453E561D82FF1D98E057D1ECB64BCAA73772BCB9A71DF67B9AF90A9468C2AAA5C4013CF3A52190EE05383ED198D4D41F547D6344C8A851423C6B49464DBC56D086ED06EFB8A8DCCC7FF0F3C9061CF096DCCC2A2BB4DC1499783E34AAD80506AE6387B56625DD646727008CE1F06C9C42E0267A89637EE21D864F4D066A6B8AECDFF35EB6C41BBB6F42E752C3B400393F8134662F83E5872A8E6264DE7EFC8C08164D8CE322D1F4D3E1331D1D81E88695AFC07592CA63371F0C6A26FF3D360D95863484F96009457D0CA59276EBC940530DC40EA6FD55DC2DF5123DD294BFAF18B766BC081F011EA6FC6F9157F2B66A28ACFFEA704F248A53E14D641486D030C7201731F79D3C58E50DF49187C72873523EE788B13BA16BFB7B9A21B7BAEB5A1AD3FC10A008013E02BA8068B76996D586621F25F5F7ED30DC7E107153EBB5D355310A2566D50A27842A43319A16CE870CEB41F4F7CA3BA1D56CFB50C002E484DC8F10907D660BA02C06D8E0593E178E98BC4564A0A3277E8904A258015FE0BB62369614FEF15F2681B6E1EC77EB7BC4B4D4248663BBA13F2292764D39F98186E8F2D737F13F4B489CEA6E59F5BF0257D256D111D627DEC3B9C07282458B62868831E272B17352EE6CF7507DA6E3220ADC668CE100C55E8E94118CB28DD04420673E15DCC07D1577E379547B6DE01B0C442D0FACA4730315856C0241731A5F3B0AFEF733C18300EB2C18A99AEB70B213450B39DAEEB12DD5DF9AD1D3110601D73D56BD05AED58BBE5A04FC3A4FCFE270206391C7390044950832A2E3EFDFC22CCF6621ECF54D16DEED8BD6B4375EC9361FA0E5E81095DE823B0C5103DAEF477A88713FE8105294C450D881BBB0A7D84AE719B9437170473BD2D909F5644A7877BD507153710F5EF53EF95FD575D1E4A13B568F79423946CE5ED3583BE08D659EDDF068B8F785995F4B2E498C1FB0C390EAB845FD99927805A9D56BF73F2C2C73974A58EF588BB5A7DC3AF31D3533FCD177DC62230796A1707359A5DFB16C50D938C206B9AB0FF9E7B163E2B3AD9492CD023BEC2D9B7763C2237F218CAF5777032AFB5AFEA776A4C9B5A4BD3E779ECD0E84D38A452F9EF0CE8533C7BEC006FC088FDB5F52E27E371255B047599B354A35C9CCE2ECF7AC2204747AC62B6AEFDBAAE5B5ECDFCBD734851D99FF3ADAA1E6D702F1908EF738B38BE8DE27F497173C2040D9F61112D41FEE2F0EC66218424655C4A2A373453CC9111E135440C3EBEB7773D8CA0C0F1E31D73E21D65B560706582F4283251CBF9999575D0BA773ECA57993A31B13D3B0A0DA2E60E2D59D86CC5DA6FBF60950FEB3F98C65CD822BDE4003AB2C262DD2C43DD2524DD7E6402EF3B725BE4AEFF88BCE980E916CB888B68CAE2A7493FA3407D0DF411E582B8A08BA12C4F63B57CE853E265BADA05D043E5C6225804FE94E439F893032FECD4EA006DFF93165BFB2E4D5998BCEC8F7E9114C3182805EA473F2B352DD7548F61FB1360675F4969D363772B3CC1D5D478033880770D4D7FA1D9469DC6EE5D5BDACA68898708BDAA8AEEC16B0805253EEAD92D669F5C50FE5C5AA4CA35892E16D81B06E42517750794B147D44D683F593A43E1F4ABAC0D1B7A8825D287E0728C875B5B1B531B0B5F5E79F0A30380711E837C9C1F57FFA409F24962D96E1AA5CB6BDF6213C21536408A92284D5D78398DED0119190C9AA6492C1B3601F0C9CFDA08D130E59FD9915F1D9292D0B63FC3D900C8E82A6DEDBD560439C64369651BFB8EDED92116EFDF340A5187919BCE621D5A288F0950F9FE428C9CF30EB5213F8B81731A7787412F2B470EFE1A28493F0C4A41A6017F172328C9806DF9F6AA7462B73A431755A57DC04C12509F6E7C9DA63DABF44B1BB32DDCCC694DCC9AC7A85B0087F1E6A0707E5A16F3650E98A12D7124A548A827278D2660E9D409B924BA2E7E6E7FF163B0DCC8F615D3241F6FA147CF139C9DE6DA332A7894B0AEC46E76ED9E63E25542276AAB9BFC4E82D2051B05FCAD693E90EDD3E7C6166BB28E030C14F0A99F2FA4F239C55FB88002CC97467AC9D534A4647E8F9A8A5A6EA5E596389311F79F34601AE9D2772334E1F04DDE214A3FBB5D674340A08F59CAB799045C964F566C569D53062DBD874908254C0C6E34987099F35D7D99BA298A111DC976FD8D33E6DE8B70823E529BB0FBC048E907FE459CC460AC2C4945BCB39813B80310A9CFAE536D7F27B842906EB3C1DC2F10A16E7C9555D45877493BF87D5183DA4645D550A8F89607C02D7E68604591B447DE08471DFEB74F35DC04BB1EC07A7A62DE8C77F901F944109E09E78B9FECE09D618BDEA4878CEB470F79FD49799448C5CA9B4D87D2D69F2F6EE17E7545841714A2605D1101CE045515BA520199EE7892B21CF28733C3B1BB5C76B0BDF5980ED26F9B6220F87A51D65EE69C8CD9DB56CA8DF355C4B358779E0CEC4C0C6B33565A49FCDA47F3233A9D93A614BFC1FBDC30BA66AC9D965DBAF1EAF52482047BE4F815E1E1B21996207461005B5BE3E76778F541FB416E4757B0585D59DFDFBF1855E4F7722D6BBE009D7B8585A6821480034B5088581988809C5BD07A55D3154997A23DE387590EF84F5D27EC694E038122AE5299A5DF1EB1955A1627803459548B34E6493934D85A44B318CB6E50D9CFD9C436A4466B89D5F522BE0817A0BFEB6C07134A315F298C1975BC7053F3E90E02363DFAC5FDA9B96DA94323AE11D8B5A9ED1AE90AD5D51582C29AC6FEAC494258A3C6A54EF03FCE1389C64640C39836C389E0773C6D69ED784DB272CDC36B18F7ABE71B56EBC83FCDD646D7839C3DE688F7BB1770BF8D7CCC19F1B92F3044A031D2D2F4406FF7496815B9F2479AA75DBE078422C86516C0F775A1138D8793211BEA882D4F17AFE75E7E674447B00E8D2EA64D00E26B1AE216D6B76B49713A2381EA10AD488CE0F90148A1F175D0FF0B403BA9225589814E18BDCCF47F65C311D90E88E2A4F7BC6254EF7435EA6B86328AC241CA1F5C3F8E12715A8AB8D79FA5A1E3E43A5C7EDDC83D4B9DA235684D539568A152D453C796ABAE0AA8CF3E264A27E6F65EC52E7598416A0CE9B291625386092024ECF4BDF5FD9A00882E2B9E67949728C2AF06BDA630DABA74699378F8132FAA699C9CF648902032292D467ECD69354995E3716EE6791351C3D6BDE875719BC7AFBBCA04C52646C683DC55F3CD89B6794C6A9EEEB48C3328BE97E4A1598C0A33EB531C60D36D415065BF56F8CB6EBB240F7A86950B81326551CBDEA38CF67CABAA2C6E6BAAF8AE5995A8B7673070F62D8051239E84E93011865529D8E14A780A8DC9641C02D2831AF61497A8A89D4C40F1A6D1EEBC911AC03CFB73A7ABBA64D1D6B50F23DBF22BF3302E66FEFF5D19FFCC39E48D8339DB9AF184E420FB89BBC4A237A345CF0E65BBC31F9499B2EDBB5C1C7133AFE6DA7146DD8A2926C5F5D16FF646EF3AA9706CDFC02AB5E42A67AF83DA971F54A336877EE5A9B1FAB4D1958E1932F0D3749B98931676EC9D795D2B9CCF730E8354B2612B7FE69A8E516C0846101B6E59391ABE8A3131980ECDB4B7CCF24575A49104A2EAACAB8E3A6FFFB03DCD2FA49443F6A2E1E3210FF37ABC01471FE34DD81D83CBF7FC1CA2383BE226726549AFDFEA1BBA23D759138437FC4359B4EB149A91C303C01B32F4ECD7B6862730890C8F46E919365F7626616A9E6E13D8344E483D8AA9971D6895F4C86EE8D19E951F859DC2CECFE2A7123C1274E06EE36929901480CA281106095F0F97EA0B396A9D7E8F68E01C70A9981F9575849475E5DB0165B87EA2302BECD062DB04DC64E92EA1624D1F20C0D3FD63D6BC891CE0F6B4CCFDF19C0B275002FD7C53F6F04E4E7BD044F12DB0C3FC1AC8604D18B6D2CA5DBDBA0F53A46A712C6372261DE32B55501C89C5C1867B876426E0C6BCDEB2902065E53623AC756A48AD4C54B8434FB41520D2D3E94176B739286AEDCD5A52F0AF9DEDE210311A5E2BB8E117B1E7E4108BDA58CBEB6AD8A7020A5406B3B8981A287FF62F8B0A5C0AD2A9A59EA3CD7B6656686EB036F9CB72576B432F15F7A5856CC8C97235FCDD53AF84983A9BD0B831ED94BA3AEBA6495866DB6E5F50288816F212E069D19B6D4AABC4B5CA4F6381CADB817A80583F76D11D776D2D7AE3483AF5803EF8375B1E99371BB10851C590785F7608344A038A1B775F44CE3166EF35EAD3BA893A6CA5F24D19DE583C0A7D8F112AF9774DBB1352E75F5F3002E0FF1917F4978A8064A0FF892AA9C60D0E8282934CD386CA640BCC629A3494C02B79F2FB402D6323EDC78F344322AE771B843CFE61A482D787EF4E76545CBDD05AD0BB9D9076D530076A039C3BA42ABBD427300EB4AA85A2E9A455B47F81388E6ED8D18ACC3EDA9BACA364856E00007E635214D6F2742A360470FBA91E3EE1EE5A7180C8457C8EC1CBCD4C36F773029852390493614592B58CD34AF13A6B88ED6A01486D1B0196371C15D53ADFFA713BD273B3FE5179105CAA2E05831D4D3D937B984CD48ADEF5B8B574159032E0EADD0C844B3117F4790EE516BBE5A2622BA6936DE35BF861180FB30EB4546C3993AF66CBC0D7D428BA10DED47EC09D07DD1AEEAFCA24217818D75A33F2722850D268CEE13DF2F90523177003546A984E959343B8084E6D35EDC3605E85892CC73C14755FDA6851FDE3315FE3E1A409353CCB584AAD594CFCE665C6BFEC074E0AE92203232B28B27CD19189E9BB9A701C4679F6D209EA775F48B1D5DE71A7F2428E6FEE82CB4D3DA9F6C23E9A949D1C9695D48928D9AF05C3E80BE1B1DA1D8EF3ABFDBE8AD16CDEFF99E7568B8C59CB7F4F49138BF367C08470B73EA109C154A1868243B1071CFD4E8D315F9E813F96A9C4F1813BC0575F71BB65148DE1A8BC7D6ADF4C14C33604C45CB8BF13360D153FEEC5616E773AA7AD1C8799F2D04400BE91AFDDC0B833224A271B9606D81D6B20DA119DD40237FF17F2F40E35ACBBFB5D31249AD7D7EA53CE983E09DC9739E151E9E6B83B970A4E7006A541FE160F9120ADC39104448F534348840FE845ADE2764CE53AF0CDBA8684981AAEC30ACDDF77E033548789707D3BC97E31225B4BC37BD65E29C4827A6A41AD12EFAD6C44A3528F2B0F71983DAA10332289FAD4092521BB74971237CE85FB2313445DB697DF748809D554D06977F005AD20273866939661D5F2B78EC3E36CD26C4BA6086D40389DC70B1D305E2A89ECCF01EE100E12174B38247BD2A4AC49024E8EE60D1D7965C77CAAF5ADF47949F4C272A7660BEB447DCE69D6C89C04DCC85044DA923534C876E1CA5A457FBD088FEAB80289DBEBCA21177484CBAE9B212ECD869DE0B478FF89F51281D8BAA7E292159E787986AF984C189C4D32C190020A9B64C997F5F1D69DDD05FFE93D98DAB8FA875A3A4406A66B296AE19735F2DF8A00F025B73E64782C160D437C8DE0A159DEF684F243EE6FFE32A0187C1FFE0FF762F70DB2BD3119A0BD3CE2EE58C39BCC835BDE0931897E247179DFD81F5E36081FC3FA84008DC889AB32081969E1ACED160134B34036674F2E78E0BCDB2C97058507EF4E6F7BCA03355796C2C524AFEB83D0EDA5B78ECFD66FB087AC60AC4AE00B92B18BCF640AF238EA3127EA7B660B8A4F57CD0DC824E78A2CD961381DBA8DFA47EE52D0D8190AFA72304F636C5AB85F5027C4059DC028AC56C543830C2AFD16197A3AED7F906218836A43D50CC466CAFDA1AEAF5999E63B849322DF0CA295C782ADBF6DBBA673B4A24C5C74D9FCCFEA78310561CEDFFA2CB1897BC1FD82A7DEAE0C2DB962E521B35D13763DD17FDBA8E78EAC850FDDD47AA1BC8057E34C95AF1A7CE07806FDE7B782769F5ED2C25BE4FB8CBA16DE24DD1577A8BB78560FA7153323325070B102E4F688ABCDC674B1787C53366CB79EA6E4949210327B1A1EE574944B90F663976E60B1CC951FCFBAB2CEA4E4FCB5C40D80E7F6C485F4B1AEB234ECE4D67E95F3A98C2DF04302A27F2BD8113122BA5C4DBF7E59BABAB9D81BEEED19F20C8A1965B6BC005CE19BB1183B2099449FFEDDA95B03C4317ADD173A3A1C13CC2DDD1CB7B0FF57DF3E786E5DAF79D8555CDA1986FC92FB36AC0DDBC305DC5B5DD51
HKLM\...\Policies\Explorer: [1781466620] 0x504B03046D564F27FC052F6A12040000003000001E8EF752892C5AA9A022A47C72783691D698E27E4DE2B98D51E38D9CF831274F09D02467C162352650C41160F429AE46823D430891D7F232FFC6E56987B672F43B1228891AA72D3E0CD2DBFB7DB331C1DFEB0EA146C10AAB7A37B426D39E6222C676D2B5A454A168D2BB1E43C26C87472CF4B61755AF0A96D9D58DD0725E3EDCBD27B073EAE89A4C3C5EA954140AE91B8DEA1C788665A8E6F6EE436E5691F3A664282F1297DBE18ED1244393EA7F9A1D3306304688760BF591E9ECD9F8B5B8EF5070F987C4C56FE218A25DF4C8C2AFCAB0B147B571B0BD775006F24475481DF14DB6FBF00A67C0FD4DDDB2BB8FA2488D78A8EDD1267AC7ED103FBBF6E464BAB77DA951BFA9AC2669040DB1A0FE3A3B5A82987CF5EFA436D5ABA48FC46EE0381C332E1DA51322C41D8F4D7F55F15447A04A76F4EA2D92403903751FC3FED65C3C214E824E8D11CF1D3CAA892AD59F3E0B45A18969DCFB6C57DBC40558BBC09C55807717BE21893C3EA77958E8BF81A3027D760FC6AB3F264EBCD352BD8F68DBB40699E373167269F291AE4E608CBEB33B2E4657188C017364E30C4F3BE42B8245915A981C6914E6D93C591EA15EFC42F3A41A56D6379409405ADA36711391F76966875581444BB5FC89A139FC6CC736EEA005EB4B1223605934BF7CA3A75A67F8D24A6A6EECD80B064D4DDC83F3152BC64C01121479B6F062BFE8F731BABA640D8805C2E95602A44080135F8F8EF6F5658C9431E021821A5995753F2A06AF87879E4FEFFEB1323F93A423827F49F7DAB726874782F181E456AAD3E5A5F6671ADA4D1916F98AE08D1DD1F21C37F756D1E6353202EC288FD8B8B1A43D3332D08CBB67BD744823C7F14D71BDA3878D807561557CDC637AB521022892016D38CC6DA94D609A2BACFEFC57C916BB13BEB5DC6D2DF74EF44BF3308422AD3CCF6DBB2D1092076EBEC473FC38B9E9639E1D8C1C945341DAA5C874024F63C6B85E8DEF1FFBE9DA6B084863328852DB89D1DF0505698D159E8173B081E3808130CE921C0314DDA5835109600DE138DE650576FB07960575C2D9FFFBE113B079C2C4B959060C2D5DE688FA12CA73CE32C56E973527D85F0954876015458D34211B7849756042643207468F1CF22494958C57733CB75EBA70AF2FDBFD57A513991EEC8B05813FB7B55D0917F0605E0E0027346A35BBA21E4D1CA086EB31FCA0C1AD90870C450015EE04B9B03A1F77C5B2ACB6D17C55AA373D82123484217D16C893B0064770852E30DFC9FC15FD45BDE67888A200395DBF3936622CC145EAA3D7BF770BCC7249B09A2E88086D5F767CC4B8546AAE4D7A19967F5E7C24C068E63A2759408BC9737F0644950FC292BFC39685453423DA253EA960C7DF85D7AE6E624204CFA5C28E36B689FEC2C9150F0D057A550F8BFEC014AE0B713508F8C6F9F24FED923E3C8AC730B6ABFCA5DF2400EAF7DA17285D500DE7
HKU\S-1-5-21-1113398747-3223410768-3536794208-1001\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-1113398747-3223410768-3536794208-1001\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-1113398747-3223410768-3536794208-1001\...\Run: [Steam] - C:\Program Files (x86)\Steam\steam.exe [1821888 2014-02-25] (Valve Corporation)
HKU\S-1-5-21-1113398747-3223410768-3536794208-1001\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-1113398747-3223410768-3536794208-1001\...\Policies\system: [DisableChangePassword] 0
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPCON/2
URLSearchHook: HKLM-x32 - (No Name) - {32b29df0-2237-4370-9a29-37cebb730e9b} - No File
URLSearchHook: HKCU - (No Name) - {32b29df0-2237-4370-9a29-37cebb730e9b} - No File
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 195.130.130.141 195.130.131.141
 
Chrome: 
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll ()
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Foxit Reader Plugin for Mozilla) - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U17) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.170.2) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Extension: (Google Documenten) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-04-20]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-04-20]
CHR Extension: (HP Instant Support) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnajakljidldedbomhbacclcmjkldmeb [2013-12-18]
CHR Extension: (Google Zoeken) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-04-20]
CHR Extension: (Auto Replay for YouTube™) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb [2013-04-20]
CHR Extension: (Little Alchemy) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd [2013-04-20]
CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Battlefield Play4Free) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiokahphinmbmakkehgelkmpolmnbkdh [2013-08-26]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-04-20]
CHR HKLM-x32\...\Chrome\Extension: [knkakpihealnpggeceajhaonlmgdkaip] - C:\Users\UserDE~1\AppData\Local\Temp\tbch.crx [2013-04-20]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Services (Whitelisted) =================
 
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2014-03-02] ()
S3 HPAuto; C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [682040 2011-02-16] (Hewlett-Packard)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-02-26] (LogMeIn, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4797064 2013-11-06] (INCA Internet Co., Ltd.)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2014-02-22] ()
R2 RzKLService; C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe [105448 2014-02-25] (Razer Inc.)
 
==================== Drivers (Whitelisted) ====================
 
S3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-06-22] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-05-31] (Symantec Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
S3 cpuz134; \??\C:\Users\UserDE~1\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 intaud_WaveExtensible; system32\drivers\intelaud.sys [X]
S3 iwdbus; system32\DRIVERS\iwdbus.sys [X]
S3 X6va015; \??\C:\Windows\SysWOW64\Drivers\X6va015 [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-03-31 15:41 - 2014-03-31 15:41 - 00035571 _____ () C:\Users\User\Desktop\FRST.txt
2014-03-31 15:40 - 2014-03-31 15:41 - 00000000 ____D () C:\FRST
2014-03-31 15:39 - 2014-03-13 03:38 - 02157056 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2014-03-31 15:38 - 2014-03-31 15:40 - 00000000 ____D () C:\Program Files (x86)\Orbitdownloader
2014-03-31 12:55 - 2014-03-31 13:40 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-03-31 12:55 - 2014-03-31 12:55 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-31 12:49 - 2014-03-31 13:40 - 00000000 ____D () C:\Users\User\Desktop\mbar
2014-03-31 12:49 - 2014-03-31 12:50 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-31 12:49 - 2014-03-31 12:48 - 12589848 _____ (Malwarebytes Corp.) C:\Users\User\Desktop\mbar-1.07.0.1009.exe
2014-03-31 12:48 - 2014-03-31 12:48 - 12589848 _____ (Malwarebytes Corp.) C:\Users\User\Downloads\mbar-1.07.0.1009.exe
2014-03-31 12:41 - 2014-03-31 12:41 - 00003071 _____ () C:\Users\User\Desktop\JRT.txt
2014-03-31 12:38 - 2014-03-31 12:44 - 00000000 ____D () C:\Users\User\AppData\Local\Mobogenie
2014-03-31 12:38 - 2014-03-31 12:38 - 00003528 _____ () C:\Windows\System32\Tasks\AmiUpdXp
2014-03-31 12:38 - 2014-03-31 12:38 - 00000494 _____ () C:\Windows\Tasks\AmiUpdXp.job
2014-03-31 12:38 - 2014-03-31 12:38 - 00000000 ____D () C:\Users\User\Documents\Mobogenie
2014-03-31 12:38 - 2014-03-31 12:38 - 00000000 ____D () C:\Users\User\AppData\Local\b2b9bdce-0030-4723-9127-d18f95e7e2f6
2014-03-31 12:36 - 2014-03-31 12:46 - 00000000 ____D () C:\Users\User\AppData\Roaming\Oxy
2014-03-31 12:33 - 2014-03-31 12:33 - 00000000 ____D () C:\Windows\ERUNT
2014-03-31 08:04 - 2014-03-31 08:05 - 00002654 _____ () C:\Users\User\Desktop\Rkill.txt
2014-03-31 08:04 - 2014-03-31 08:04 - 00000000 ____D () C:\Users\User\Desktop\rkill
2014-03-31 08:02 - 2014-03-31 08:04 - 00000262 __RSH () C:\ProgramData\ntuser.pol
2014-03-31 07:55 - 2014-03-31 12:34 - 00000000 ____D () C:\AdwCleaner
2014-03-31 07:42 - 2014-03-31 07:42 - 00000000 ____D () C:\Users\User\AppData\Local\f8a70641-6643-48b6-6341-631ef522c9b4
2014-03-30 21:51 - 2014-03-30 21:52 - 00000000 ____D () C:\ProgramData\CDB
2014-03-30 21:49 - 2014-03-30 21:52 - 00000155 _____ () C:\Windows\Reimage.ini
2014-03-30 21:49 - 2014-03-30 21:49 - 00785536 _____ (Reimage®) C:\Users\User\Downloads\ReimageRepair.exe
2014-03-30 21:36 - 2014-03-30 21:36 - 00000000 ____D () C:\Users\User\AppData\Local\cache
2014-03-30 21:36 - 2014-03-30 21:36 - 00000000 ____D () C:\Users\User\.android
2014-03-30 21:36 - 2014-03-30 21:36 - 00000000 _____ () C:\Users\User\daemonprocess.txt
2014-03-30 21:33 - 2014-03-30 21:33 - 05456976 _____ () C:\Users\User\Downloads\Goat_Simulator_Downloader.exe
2014-03-30 21:33 - 2014-03-30 21:33 - 00003590 _____ () C:\Windows\System32\Tasks\PileFile reminder
2014-03-30 21:33 - 2014-03-30 21:33 - 00003200 _____ () C:\Windows\System32\Tasks\PileFile logon
2014-03-30 20:07 - 2014-03-30 20:07 - 00012806 _____ () C:\Users\User\Downloads\berichten (1).zip
2014-03-20 19:38 - 2014-03-21 08:42 - 00001441 _____ () C:\Users\User\Desktop\Pour commencer ma journée je prends un chocolat puis je me doucher et après je mets du gel sur mes cheveux et je me brosse les dents.lnk
2014-03-17 19:38 - 2014-03-17 20:24 - 02044255 _____ () C:\Users\User\Downloads\PromoSiBe.pptx
2014-03-15 13:21 - 2014-03-15 13:21 - 00000221 _____ () C:\Users\User\Desktop\Mount & Blade Warband.url
2014-03-14 23:01 - 2014-03-15 16:18 - 00000000 ____D () C:\Users\User\Documents\Mount&Blade Warband Savegames
2014-03-14 23:00 - 2014-03-22 17:16 - 00000000 ____D () C:\Users\User\AppData\Roaming\Mount&Blade Warband
2014-03-14 23:00 - 2014-03-14 23:01 - 00000000 ____D () C:\Users\User\Documents\Mount&Blade Warband
2014-03-13 08:47 - 2014-03-13 08:47 - 00000000 ____D () C:\Program Files (x86)\SP54024
2014-03-12 22:41 - 2014-03-12 22:41 - 00921000 _____ (Oracle Corporation) C:\Users\User\Downloads\chromeinstall-7u51.exe
2014-03-12 17:48 - 2014-03-12 17:48 - 00002402 _____ () C:\Users\User\Documents\startup.txt
2014-03-12 13:48 - 2014-03-01 08:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-12 13:48 - 2014-03-01 07:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-12 13:48 - 2014-03-01 07:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-12 13:48 - 2014-03-01 06:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-12 13:48 - 2014-03-01 06:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-12 13:48 - 2014-03-01 06:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-12 13:48 - 2014-03-01 06:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-12 13:48 - 2014-03-01 06:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-12 13:48 - 2014-03-01 06:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-12 13:48 - 2014-03-01 06:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-12 13:48 - 2014-03-01 06:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-12 13:48 - 2014-03-01 06:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-12 13:48 - 2014-03-01 06:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-12 13:48 - 2014-03-01 06:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-12 13:48 - 2014-03-01 06:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-12 13:48 - 2014-03-01 06:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-12 13:48 - 2014-03-01 06:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-12 13:48 - 2014-03-01 05:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-12 13:48 - 2014-03-01 05:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-12 13:48 - 2014-03-01 05:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-12 13:48 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-12 13:48 - 2014-03-01 05:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-12 13:48 - 2014-03-01 05:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-12 13:48 - 2014-03-01 05:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-12 13:48 - 2014-03-01 05:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-12 13:48 - 2014-03-01 05:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-12 13:48 - 2014-03-01 05:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-12 13:48 - 2014-03-01 05:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-12 13:48 - 2014-03-01 05:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-12 13:48 - 2014-03-01 05:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-12 13:48 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-12 13:48 - 2014-03-01 05:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-12 13:48 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-12 13:48 - 2014-03-01 05:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-12 13:48 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-12 13:48 - 2014-03-01 04:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-12 13:48 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-12 13:48 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-12 13:48 - 2014-03-01 04:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-12 13:48 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-12 13:48 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-12 13:48 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-12 13:48 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-12 13:48 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-12 13:43 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-12 13:43 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-12 13:43 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-12 13:43 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-09 22:32 - 2014-03-09 22:32 - 00007693 _____ () C:\Users\User\Downloads\config (1).zip
2014-03-09 22:32 - 2014-03-09 22:32 - 00007693 _____ () C:\Users\User\Desktop\config (1).zip
2014-03-09 22:30 - 2014-03-09 22:30 - 00007693 _____ () C:\Users\User\Downloads\config.zip
2014-03-09 20:05 - 2014-03-09 20:05 - 00000222 _____ () C:\Users\User\Desktop\State of Decay.url
2014-03-09 18:48 - 2014-03-09 18:48 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_xusb21_01009.Wdf
2014-03-09 18:48 - 2014-03-09 18:48 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_MijXfilt_01009.Wdf
2014-03-09 18:44 - 2014-03-09 18:44 - 00000923 _____ () C:\Users\Public\Desktop\DS3 Tool.lnk
2014-03-09 18:44 - 2014-03-09 18:44 - 00000923 _____ () C:\ProgramData\Desktop\DS3 Tool.lnk
2014-03-09 18:44 - 2014-03-09 18:44 - 00000000 ____D () C:\Users\User\AppData\Roaming\MotioninJoy
2014-03-09 18:44 - 2012-05-12 13:31 - 00121416 _____ (MotioninJoy) C:\Windows\system32\Drivers\MijXfilt.sys
2014-03-09 18:44 - 2011-12-07 20:42 - 00328712 _____ (Logitech Inc.) C:\Windows\system32\MijFrc.dll
2014-03-09 18:44 - 2011-12-07 20:42 - 00074960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\xusb21.sys
2014-03-09 18:43 - 2014-03-09 18:44 - 00000000 ____D () C:\Program Files\MotioninJoy
2014-03-09 18:43 - 2012-05-12 06:46 - 04117346 _____ () C:\Users\User\Desktop\MotioninJoy_071001_signed.zip
2014-03-09 17:43 - 2014-03-09 17:43 - 00635704 _____ () C:\Users\User\Desktop\Presentatie ICT Mezelf.pptx
2014-03-09 17:13 - 2014-03-09 17:40 - 00635734 _____ () C:\Users\User\Downloads\Mijn eerste echte presentatie.pptx
2014-03-09 15:48 - 2014-03-09 15:48 - 00000219 _____ () C:\Users\User\Desktop\Dota 2.url
2014-03-09 13:47 - 2014-03-10 21:48 - 66800491 _____ () C:\Users\User\Desktop\gang_beasts_0_0_2_windows.zip
2014-03-09 13:18 - 2014-03-09 13:19 - 15366160 _____ (Gameforge Productions GmbH ) C:\Users\User\Downloads\TERASetup (1).exe
2014-03-09 13:16 - 2014-03-09 13:16 - 00001008 _____ () C:\Users\User\Desktop\TERA.lnk
2014-03-09 12:17 - 2014-03-09 12:17 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-03-09 12:06 - 2014-03-09 12:06 - 00004912 _____ () C:\Users\User\Documents\cc_20140309_110654.reg
2014-03-08 20:23 - 2012-07-01 19:40 - 355441048 _____ (InstallShield Software Corporation ) C:\Users\User\Desktop\sp55092.exe
2014-03-08 19:32 - 2014-03-08 19:32 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-08 19:32 - 2014-03-08 19:32 - 00000000 ____D () C:\Users\User\AppData\Local\Skype
2014-03-08 11:12 - 2014-03-08 11:17 - 00000868 _____ () C:\Users\User\Desktop\Greenshot.lnk
2014-03-08 11:11 - 2014-03-08 11:11 - 00000000 ____D () C:\Users\User\AppData\Roaming\Greenshot
2014-03-08 11:11 - 2014-03-08 11:11 - 00000000 ____D () C:\Users\User\AppData\Local\Greenshot
2014-03-08 11:10 - 2014-03-08 11:10 - 00000000 ____D () C:\Program Files\Greenshot
2014-03-07 11:59 - 2014-03-07 11:59 - 00000017 _____ () C:\Users\User\AppData\Local\resmon.resmoncfg
2014-03-06 20:53 - 2014-03-06 22:20 - 00000222 _____ () C:\Users\User\Desktop\Project Zomboid.url
2014-03-06 11:57 - 2014-03-06 11:57 - 00000000 ____D () C:\Users\User\Documents\Banished
2014-03-06 11:48 - 2014-03-06 11:59 - 115069264 ____R () C:\Users\User\Desktop\PlagueIncEvolved.rar
2014-03-06 11:42 - 2014-03-06 11:50 - 106410049 _____ (Cat-A-Cat ) C:\Users\User\Downloads\Banished.exe
2014-03-06 11:26 - 2014-03-06 11:26 - 00630985 _____ (VLC Player) C:\Users\User\Downloads\Plague Inc Evolved Steam Crack (1).exe
2014-03-02 19:00 - 2014-03-09 12:17 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\
 
==================== One Month Modified Files and Folders =======
 
2014-03-31 15:41 - 2014-03-31 15:41 - 00035571 _____ () C:\Users\User\Desktop\FRST.txt
2014-03-31 15:41 - 2014-03-31 15:40 - 00000000 ____D () C:\FRST
2014-03-31 15:40 - 2014-03-31 15:38 - 00000000 ____D () C:\Program Files (x86)\Orbitdownloader
2014-03-31 15:40 - 2013-11-11 15:50 - 00000000 ____D () C:\Users\User\AppData\Roaming\Orbit
2014-03-31 15:35 - 2012-05-05 12:28 - 00000000 ____D () C:\Users\User\AppData\Roaming\Skype
2014-03-31 15:20 - 2013-04-20 17:49 - 00001068 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-31 15:03 - 2013-12-20 18:20 - 00000940 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-31 13:40 - 2014-03-31 12:55 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-03-31 13:40 - 2014-03-31 12:49 - 00000000 ____D () C:\Users\User\Desktop\mbar
2014-03-31 13:11 - 2012-07-30 22:51 - 00000000 ____D () C:\Users\User\AppData\Local\LogMeIn Hamachi
2014-03-31 12:55 - 2014-03-31 12:55 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-31 12:50 - 2014-03-31 12:49 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-31 12:48 - 2014-03-31 12:49 - 12589848 _____ (Malwarebytes Corp.) C:\Users\User\Desktop\mbar-1.07.0.1009.exe
2014-03-31 12:48 - 2014-03-31 12:48 - 12589848 _____ (Malwarebytes Corp.) C:\Users\User\Downloads\mbar-1.07.0.1009.exe
2014-03-31 12:46 - 2014-03-31 12:36 - 00000000 ____D () C:\Users\User\AppData\Roaming\Oxy
2014-03-31 12:44 - 2014-03-31 12:38 - 00000000 ____D () C:\Users\User\AppData\Local\Mobogenie
2014-03-31 12:42 - 2009-07-14 06:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-31 12:42 - 2009-07-14 06:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-31 12:41 - 2014-03-31 12:41 - 00003071 _____ () C:\Users\User\Desktop\JRT.txt
2014-03-31 12:41 - 2011-11-16 22:33 - 00746014 _____ () C:\Windows\system32\perfh013.dat
2014-03-31 12:41 - 2011-11-16 22:33 - 00153934 _____ () C:\Windows\system32\perfc013.dat
2014-03-31 12:41 - 2009-07-14 07:13 - 01670960 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-31 12:38 - 2014-03-31 12:38 - 00003528 _____ () C:\Windows\System32\Tasks\AmiUpdXp
2014-03-31 12:38 - 2014-03-31 12:38 - 00000494 _____ () C:\Windows\Tasks\AmiUpdXp.job
2014-03-31 12:38 - 2014-03-31 12:38 - 00000000 ____D () C:\Users\User\Documents\Mobogenie
2014-03-31 12:38 - 2014-03-31 12:38 - 00000000 ____D () C:\Users\User\AppData\Local\b2b9bdce-0030-4723-9127-d18f95e7e2f6
2014-03-31 12:38 - 2012-02-11 01:34 - 01409706 _____ () C:\Windows\WindowsUpdate.log
2014-03-31 12:35 - 2013-04-20 17:49 - 00001064 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-31 12:35 - 2013-02-14 22:34 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-03-31 12:34 - 2014-03-31 07:55 - 00000000 ____D () C:\AdwCleaner
2014-03-31 12:34 - 2013-11-05 18:25 - 00018047 _____ () C:\Windows\setupact.log
2014-03-31 12:34 - 2013-04-20 17:38 - 00229010 _____ () C:\Windows\PFRO.log
2014-03-31 12:34 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-31 12:33 - 2014-03-31 12:33 - 00000000 ____D () C:\Windows\ERUNT
2014-03-31 12:20 - 2011-11-16 14:15 - 00000000 ____D () C:\Program Files (x86)\HP Games
2014-03-31 08:05 - 2014-03-31 08:04 - 00002654 _____ () C:\Users\User\Desktop\Rkill.txt
2014-03-31 08:04 - 2014-03-31 08:04 - 00000000 ____D () C:\Users\User\Desktop\rkill
2014-03-31 08:04 - 2014-03-31 08:02 - 00000262 __RSH () C:\ProgramData\ntuser.pol
2014-03-31 08:02 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-03-31 08:02 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-03-31 07:56 - 2012-07-30 22:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-31 07:42 - 2014-03-31 07:42 - 00000000 ____D () C:\Users\User\AppData\Local\f8a70641-6643-48b6-6341-631ef522c9b4
2014-03-30 21:52 - 2014-03-30 21:51 - 00000000 ____D () C:\ProgramData\CDB
2014-03-30 21:52 - 2014-03-30 21:49 - 00000155 _____ () C:\Windows\Reimage.ini
2014-03-30 21:49 - 2014-03-30 21:49 - 00785536 _____ (Reimage®) C:\Users\User\Downloads\ReimageRepair.exe
2014-03-30 21:36 - 2014-03-30 21:36 - 00000000 ____D () C:\Users\User\AppData\Local\cache
2014-03-30 21:36 - 2014-03-30 21:36 - 00000000 ____D () C:\Users\User\.android
2014-03-30 21:36 - 2014-03-30 21:36 - 00000000 _____ () C:\Users\User\daemonprocess.txt
2014-03-30 21:36 - 2012-05-05 12:11 - 00000000 ____D () C:\Users\User
2014-03-30 21:33 - 2014-03-30 21:33 - 05456976 _____ () C:\Users\User\Downloads\Goat_Simulator_Downloader.exe
2014-03-30 21:33 - 2014-03-30 21:33 - 00003590 _____ () C:\Windows\System32\Tasks\PileFile reminder
2014-03-30 21:33 - 2014-03-30 21:33 - 00003200 _____ () C:\Windows\System32\Tasks\PileFile logon
2014-03-30 20:07 - 2014-03-30 20:07 - 00012806 _____ () C:\Users\User\Downloads\berichten (1).zip
2014-03-29 20:15 - 2013-04-20 17:49 - 00004064 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-29 20:15 - 2013-04-20 17:49 - 00003812 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-25 16:58 - 2013-12-08 18:32 - 00000000 ____D () C:\Users\User\Desktop\ponys
2014-03-22 17:16 - 2014-03-14 23:00 - 00000000 ____D () C:\Users\User\AppData\Roaming\Mount&Blade Warband
2014-03-21 17:49 - 2012-06-01 19:37 - 00000000 ____D () C:\Users\User\AppData\Local\CrashDumps
2014-03-21 09:06 - 2013-11-08 09:01 - 00000000 ____D () C:\Users\User\Desktop\Eminem - The Marshall Mathers
2014-03-21 08:42 - 2014-03-20 19:38 - 00001441 _____ () C:\Users\User\Desktop\Pour commencer ma journée je prends un chocolat puis je me doucher et après je mets du gel sur mes cheveux et je me brosse les dents.lnk
2014-03-17 20:24 - 2014-03-17 19:38 - 02044255 _____ () C:\Users\User\Downloads\PromoSiBe.pptx
2014-03-15 19:18 - 2013-04-20 17:49 - 00002163 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-15 19:18 - 2013-04-20 17:49 - 00002163 _____ () C:\ProgramData\Desktop\Google Chrome.lnk
2014-03-15 16:18 - 2014-03-14 23:01 - 00000000 ____D () C:\Users\User\Documents\Mount&Blade Warband Savegames
2014-03-15 13:21 - 2014-03-15 13:21 - 00000221 _____ () C:\Users\User\Desktop\Mount & Blade Warband.url
2014-03-15 11:37 - 2012-05-05 13:59 - 00000000 ____D () C:\Users\User\AppData\Roaming\.minecraft
2014-03-14 23:01 - 2014-03-14 23:00 - 00000000 ____D () C:\Users\User\Documents\Mount&Blade Warband
2014-03-13 17:22 - 2009-07-14 07:08 - 00032584 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-13 08:47 - 2014-03-13 08:47 - 00000000 ____D () C:\Program Files (x86)\SP54024
2014-03-13 03:38 - 2014-03-31 15:39 - 02157056 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2014-03-12 22:41 - 2014-03-12 22:41 - 00921000 _____ (Oracle Corporation) C:\Users\User\Downloads\chromeinstall-7u51.exe
2014-03-12 17:48 - 2014-03-12 17:48 - 00002402 _____ () C:\Users\User\Documents\startup.txt
2014-03-12 17:16 - 2009-07-14 06:45 - 00345072 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-12 17:15 - 2013-03-13 19:07 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-12 17:15 - 2013-03-13 19:07 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-12 17:14 - 2012-08-03 12:47 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-12 17:13 - 2013-07-22 00:52 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-12 17:11 - 2012-05-21 16:03 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-11 21:03 - 2013-12-20 18:20 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-11 21:03 - 2013-12-20 18:20 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-11 21:03 - 2013-12-20 18:20 - 00003878 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-10 21:48 - 2014-03-09 13:47 - 66800491 _____ () C:\Users\User\Desktop\gang_beasts_0_0_2_windows.zip
2014-03-09 22:32 - 2014-03-09 22:32 - 00007693 _____ () C:\Users\User\Downloads\config (1).zip
2014-03-09 22:32 - 2014-03-09 22:32 - 00007693 _____ () C:\Users\User\Desktop\config (1).zip
2014-03-09 22:30 - 2014-03-09 22:30 - 00007693 _____ () C:\Users\User\Downloads\config.zip
2014-03-09 20:05 - 2014-03-09 20:05 - 00000222 _____ () C:\Users\User\Desktop\State of Decay.url
2014-03-09 18:48 - 2014-03-09 18:48 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_xusb21_01009.Wdf
2014-03-09 18:48 - 2014-03-09 18:48 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_MijXfilt_01009.Wdf
2014-03-09 18:44 - 2014-03-09 18:44 - 00000923 _____ () C:\Users\Public\Desktop\DS3 Tool.lnk
2014-03-09 18:44 - 2014-03-09 18:44 - 00000923 _____ () C:\ProgramData\Desktop\DS3 Tool.lnk
2014-03-09 18:44 - 2014-03-09 18:44 - 00000000 ____D () C:\Users\User\AppData\Roaming\MotioninJoy
2014-03-09 18:44 - 2014-03-09 18:43 - 00000000 ____D () C:\Program Files\MotioninJoy
2014-03-09 17:52 - 2013-11-27 20:08 - 00000000 ____D () C:\Users\User\Zomboid
2014-03-09 17:43 - 2014-03-09 17:43 - 00635704 _____ () C:\Users\User\Desktop\Presentatie ICT Mezelf.pptx
2014-03-09 17:40 - 2014-03-09 17:13 - 00635734 _____ () C:\Users\User\Downloads\Mijn eerste echte presentatie.pptx
2014-03-09 15:48 - 2014-03-09 15:48 - 00000219 _____ () C:\Users\User\Desktop\Dota 2.url
2014-03-09 13:19 - 2014-03-09 13:18 - 15366160 _____ (Gameforge Productions GmbH ) C:\Users\User\Downloads\TERASetup (1).exe
2014-03-09 13:17 - 2013-12-01 00:22 - 00000000 ____D () C:\Program Files (x86)\TERA
2014-03-09 13:16 - 2014-03-09 13:16 - 00001008 _____ () C:\Users\User\Desktop\TERA.lnk
2014-03-09 12:17 - 2014-03-09 12:17 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-03-09 12:17 - 2014-03-02 19:00 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\
2014-03-09 12:15 - 2013-12-15 18:31 - 00000000 ____D () C:\Users\User\AppData\Roaming\uTorrent
2014-03-09 12:06 - 2014-03-09 12:06 - 00004912 _____ () C:\Users\User\Documents\cc_20140309_110654.reg
2014-03-08 20:25 - 2011-02-10 21:23 - 00000000 ____D () C:\SWSetup
2014-03-08 19:32 - 2014-03-08 19:32 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-08 19:32 - 2014-03-08 19:32 - 00000000 ____D () C:\Users\User\AppData\Local\Skype
2014-03-08 19:32 - 2011-11-16 14:22 - 00000000 ____D () C:\ProgramData\Skype
2014-03-08 15:19 - 2013-05-31 21:50 - 00000000 ____D () C:\Users\User\Desktop\User map
2014-03-08 11:17 - 2014-03-08 11:12 - 00000868 _____ () C:\Users\User\Desktop\Greenshot.lnk
2014-03-08 11:11 - 2014-03-08 11:11 - 00000000 ____D () C:\Users\User\AppData\Roaming\Greenshot
2014-03-08 11:11 - 2014-03-08 11:11 - 00000000 ____D () C:\Users\User\AppData\Local\Greenshot
2014-03-08 11:10 - 2014-03-08 11:10 - 00000000 ____D () C:\Program Files\Greenshot
2014-03-07 11:59 - 2014-03-07 11:59 - 00000017 _____ () C:\Users\User\AppData\Local\resmon.resmoncfg
2014-03-06 22:20 - 2014-03-06 20:53 - 00000222 _____ () C:\Users\User\Desktop\Project Zomboid.url
2014-03-06 12:07 - 2012-06-19 18:33 - 00000000 ____D () C:\Games
2014-03-06 11:59 - 2014-03-06 11:48 - 115069264 ____R () C:\Users\User\Desktop\PlagueIncEvolved.rar
2014-03-06 11:57 - 2014-03-06 11:57 - 00000000 ____D () C:\Users\User\Documents\Banished
2014-03-06 11:50 - 2014-03-06 11:42 - 106410049 _____ (Cat-A-Cat ) C:\Users\User\Downloads\Banished.exe
2014-03-06 11:28 - 2014-01-07 21:02 - 00001030 _____ () C:\Users\User\Desktop\VLC media player.lnk
2014-03-06 11:26 - 2014-03-06 11:26 - 00630985 _____ (VLC Player) C:\Users\User\Downloads\Plague Inc Evolved Steam Crack (1).exe
2014-03-06 10:06 - 2013-11-30 18:31 - 00002089 _____ () C:\Users\Public\Desktop\Razer Game Booster.lnk
2014-03-06 10:06 - 2013-11-30 18:31 - 00002089 _____ () C:\ProgramData\Desktop\Razer Game Booster.lnk
2014-03-04 12:05 - 2012-11-19 10:38 - 00000000 ____D () C:\Users\User\AppData\Local\Adobe
2014-03-02 13:10 - 2013-12-18 22:32 - 00000000 ____D () C:\Users\User\Documents\DayZ
2014-03-02 13:10 - 2013-12-18 22:32 - 00000000 ____D () C:\Users\User\AppData\Local\DayZ
2014-03-01 08:05 - 2014-03-12 13:48 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-01 07:17 - 2014-03-12 13:48 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-01 07:16 - 2014-03-12 13:48 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-01 06:58 - 2014-03-12 13:48 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-01 06:52 - 2014-03-12 13:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-01 06:51 - 2014-03-12 13:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-01 06:42 - 2014-03-12 13:48 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-01 06:40 - 2014-03-12 13:48 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-01 06:37 - 2014-03-12 13:48 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-01 06:33 - 2014-03-12 13:48 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-01 06:33 - 2014-03-12 13:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-01 06:32 - 2014-03-12 13:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-01 06:30 - 2014-03-12 13:48 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-01 06:23 - 2014-03-12 13:48 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-01 06:17 - 2014-03-12 13:48 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-01 06:11 - 2014-03-12 13:48 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-01 06:02 - 2014-03-12 13:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-01 05:54 - 2014-03-12 13:48 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-01 05:52 - 2014-03-12 13:48 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-01 05:51 - 2014-03-12 13:48 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-01 05:47 - 2014-03-12 13:48 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-01 05:43 - 2014-03-12 13:48 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-01 05:43 - 2014-03-12 13:48 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-01 05:42 - 2014-03-12 13:48 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-01 05:40 - 2014-03-12 13:48 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-01 05:38 - 2014-03-12 13:48 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-01 05:37 - 2014-03-12 13:48 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-01 05:35 - 2014-03-12 13:48 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-01 05:18 - 2014-03-12 13:48 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-01 05:16 - 2014-03-12 13:48 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-01 05:14 - 2014-03-12 13:48 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-01 05:10 - 2014-03-12 13:48 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-01 05:03 - 2014-03-12 13:48 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-01 05:00 - 2014-03-12 13:48 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-01 04:57 - 2014-03-12 13:48 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-01 04:38 - 2014-03-12 13:48 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-01 04:32 - 2014-03-12 13:48 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-01 04:27 - 2014-03-12 13:48 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-01 04:25 - 2014-03-12 13:48 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-01 04:25 - 2014-03-12 13:48 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
 
Files to move or delete:
====================
C:\Users\User\iscsaee.exe
 
 
Some content of TEMP:
====================
C:\Users\User\AppData\Local\Temp\htmlayout.dll
C:\Users\User\AppData\Local\Temp\Quarantine.exe
C:\Users\User\AppData\Local\Temp\ReimagePackage.exe
C:\Users\User\AppData\Local\Temp\setup.exe
C:\Users\User\AppData\Local\Temp\setup__3635.exe
C:\Users\User\AppData\Local\Temp\setup__4177.exe
C:\Users\User\AppData\Local\Temp\tmp4C6.exe
C:\Users\User\AppData\Local\Temp\tmp6D9F.exe
C:\Users\User\AppData\Local\Temp\tmp8537.exe
C:\Users\User\AppData\Local\Temp\tmp873A.exe
C:\Users\User\AppData\Local\Temp\tmp931D.exe
C:\Users\User\AppData\Local\Temp\tmpC025.exe
C:\Users\User\AppData\Local\Temp\tmpC4D8.exe
C:\Users\User\AppData\Local\Temp\tmpC6C9.exe
C:\Users\User\AppData\Local\Temp\tmpCD3F.exe
C:\Users\User\AppData\Local\Temp\tmpD399.exe
C:\Users\User\AppData\Local\Temp\tmpE2A4.exe
C:\Users\User\AppData\Local\Temp\tmpEDCB.exe
C:\Users\User\AppData\Local\Temp\tmpF0BA.exe
C:\Users\User\AppData\Local\Temp\tmpF70E.exe
C:\Users\User\AppData\Local\Temp\tmpFF79.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-03-30 12:35
 
==================== End Of Log ============================

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

And here is the Addition.txt file:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by user at 2014-03-31 15:41:35
Running from C:\Users\user\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
 
==================== Installed Programs ======================
 
µTorrent (HKCU\...\uTorrent) (Version: 3.3.2.30380 - BitTorrent Inc.)
7 Days to Die (HKLM-x32\...\Steam App 251570) (Version:  - The Fun Pimps)
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
AMD APP SDK Runtime (Version: 2.5.709.2 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{3BF3599D-7F28-C60B-1C5D-82BFD4E5EF33}) (Version: 3.0.838.0 - Advanced Micro Devices, Inc.)
AVG 2012 (Version: 12.0.2437 - AVG Technologies) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Brick-Force (HKLM-x32\...\{9853ABB2-6416-4C87-8650-DD8E528FF564}}_is1) (Version: 3.10.274.74.11 - Infernum Productions AG)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (x32 Version: 2011.0930.2209.37895 - Uw bedrijfsnaam) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2011.0930.2209.37895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2011.0930.2209.37895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2011.0930.2209.37895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Profiles Mobile (x32 Version: 2011.0930.2209.37895 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2011.0930.2208.37895 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2011.0930.2208.37895 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2011.0930.2208.37895 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2011.0930.2208.37895 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2011.0930.2208.37895 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2011.0930.2208.37895 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2011.0930.2208.37895 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2011.0930.2208.37895 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2011.0930.2208.37895 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2011.0930.2208.37895 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2011.0930.2208.37895 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2011.0930.2208.37895 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2011.0930.2208.37895 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2011.0930.2208.37895 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2011.0930.2208.37895 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2011.0930.2208.37895 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2011.0930.2208.37895 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2011.0930.2208.37895 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2011.0930.2208.37895 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2011.0930.2208.37895 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2011.0930.2208.37895 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2011.0930.2208.37895 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2011.0930.2209.37895 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.09 - Piriform)
Cube World version 0.0.1 (HKLM-x32\...\{D692A0E0-1BBB-4E9C-826E-4254EE330830}_is1) (Version: 0.0.1 - Picroma)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.0.4528 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.5.0.4528 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DayZ (HKLM-x32\...\Steam App 221100) (Version:  - Bohemia Interactive)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{92C42EDD-6524-4577-B2EB-6C68C63B6D4A}) (Version:  - Microsoft)
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{E96CAA2A-0244-4A2A-8403-0C3C9534778B}) (Version: 2.1.1 - Hewlett-Packard)
EVEREST Ultimate Edition v5.50 (HKLM-x32\...\EVEREST Ultimate Edition_is1) (Version: 5.50 - Lavalys, Inc.)
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
Greenshot 1.1.7.17 (HKLM\...\Greenshot_is1) (Version: 1.1.7.17 - Greenshot)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Hewlett-Packard ACLM.NET v1.1.2.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
HP 3D DriveGuard (HKLM\...\{0B413CBD-14D2-48C9-A5C1-F19A27EF984D}) (Version: 4.1.16.1 - Hewlett-Packard Company)
HP Auto (Version: 1.0.12935.3667 - Hewlett-Packard Company) Hidden
HP Client Services (Version: 1.1.12938.3539 - Hewlett-Packard) Hidden
HP CoolSense (HKLM-x32\...\{16B7BDA1-B967-4D2D-8B27-E12727C28350}) (Version: 2.10.3 - Hewlett-Packard Company)
HP Customer Experience Enhancements (x32 Version: 6.0.1.8 - Hewlett-Packard) Hidden
HP Power Manager (HKLM-x32\...\{E44578C7-4667-4124-8BC2-1161BCA54978}) (Version: 1.4.4 - Hewlett-Packard Company)
HP Recovery Manager (x32 Version: 2.0.0 - Hewlett-Packard) Hidden
HP Software Framework (HKLM-x32\...\{888533C6-F730-4182-BB92-78027AD273A4}) (Version: 4.5.10.1 - Hewlett-Packard Company)
Intel PROSet Wireless (Version:  - ) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Display Audio Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.00.3074 - Intel Corporation)
Intel® Identity Protection Technology 1.1.2.0 (HKLM-x32\...\{C01A86F5-56E7-101F-9BC9-E3F1025EB779}) (Version: 1.1.2.0 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® PROSet/Wireless for Bluetooth® + High Speed (HKLM\...\{705EE775-5776-48FD-B704-C3C9CF535420}) (Version: 15.1.1.0170 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{0EF86E06-C755-4C6F-8E47-2528D0546C0A}) (Version: 1.1.1.0581 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.6.0.1002 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
Intel® PROSet/Wireless WiFi Software (HKLM\...\{BAA0BE9B-9E6D-4802-91CB-FB7ED5CD4BEF}) (Version: 15.01.1500.1034 - Intel Corporation)
Java 7 Update 21 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417021FF}) (Version: 7.0.210 - Oracle)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.173 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.173 - LogMeIn, Inc.) Hidden
Malwarebytes Anti-Malware versie 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Nederlands) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1043) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (NLD) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Access MUI (Dutch) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (Dutch) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (Dutch) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (Dutch) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (Dutch) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Dutch) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (Dutch) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (Dutch) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (Dutch) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (Dutch) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (Dutch) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.4.304.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
MotioninJoy Gamepad tool 0.7.1001 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.1001 - www.motioninjoy.com)
Mount & Blade: Warband (HKLM-x32\...\Steam App 48700) (Version:  - TaleWorlds Entertainment)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
No More Room in Hell (HKLM-x32\...\Steam App 224260) (Version:  - No More Room in Hell Team)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5.2 - Notepad++ Team)
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
PileFile reminder (HKCU\...\{56837588-F559-40CF-91D9-D439D405FB28}) (Version:  - LADY'S WOOD 2013 LIMITED)
Project Zomboid (HKLM-x32\...\Steam App 108600) (Version:  - Indie Stone Studios)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.990 - Even Balance, Inc.)
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
RaiderZ (HKLM-x32\...\Steam App 218470) (Version:  - )
Razer Game Booster (HKLM-x32\...\Razer Game Booster_is1) (Version: 4.2.42.0 - Razer Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.41.216.2011 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.83 - Realtek Semiconductor Corp.)
Rust (HKLM-x32\...\Steam App 252490) (Version:  - Facepunch Studios)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Starbound (HKLM-x32\...\Steam App 211820) (Version:  - )
State of Decay (HKLM-x32\...\Steam App 241540) (Version:  - Undead Labs)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
TERA (HKLM-x32\...\{A2F166A0-F031-4E27-A057-C69733219434}_is1) (Version: 7 - Gameforge Productions GmbH)
Terraria (HKLM-x32\...\Steam App 105600) (Version:  - )
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{C70D2038-A2C4-4A99-87DE-5272BB44F0CE}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{83B1B530-7D9E-4C6A-907F-E979CEE9C295}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0413-0000-0000000FF1CE}_Office14.SingleImage_{2CDD05C4-26E6-4125-8499-EB6D800614EE}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0413-0000-0000000FF1CE}_Office14.SingleImage_{01C54C3F-EF56-4753-A0EC-6B3938822923}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2775360) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{80F56E3F-1D47-4E45-B6E0-FEF4E919F4F9}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2878227) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5D357893-40BA-4323-86BA-D97C66CD72F4}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{8C55AA83-54C2-4236-A622-78440A411DC5}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{E78E2B68-8FD1-42EE-BB74-99A4D9E6222D}) (Version:  - Microsoft)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
VLC media player 2.0.7 (HKLM-x32\...\VLC media player) (Version: 2.0.7 - VideoLAN)
Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinRAR 4.11 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.11.0 - win.rar GmbH)
World of Tanks (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1) (Version:  - Wargaming.net)
 
==================== Restore Points  =========================
 
29-03-2014 08:06:41 Windows Update
31-03-2014 10:49:30 Installatieprogramma voor Windows-modules
 
==================== Hosts content: ==========================
 
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {05A50803-5294-451A-86C9-C341C43B2E77} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-20] (Google Inc.)
Task: {64AC8A2F-2460-441C-9464-F5DA00C3ED1B} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\IPoint.exe
Task: {7DB96DAB-4589-43B5-8FCF-48DDEFDCF10F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-20] (Google Inc.)
Task: {9D4D894C-EF8E-43E0-8FF1-8870C6BDEA8F} - System32\Tasks\PileFile logon => C:\Users\user\AppData\Local\Temp\Goat SimulatorDownload_6831\Goat_Simulator_Downloader.exe [2014-03-30] () <==== ATTENTION
Task: {B0AC89EF-4FC0-47BD-A2EB-78BFA47FE02F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-11] (Adobe Systems Incorporated)
Task: {B147DD92-6DCF-42D4-95DF-8B52D95FE17C} - \Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start No Task File
Task: {B834DD08-CC03-4BD3-A2F3-67795B0CE932} - System32\Tasks\PileFile reminder => C:\Users\user\AppData\Local\Temp\Goat SimulatorDownload_6831\Goat_Simulator_Downloader.exe [2014-03-30] () <==== ATTENTION
Task: {BAD1A069-79FA-4418-BC43-1C9D5CA03664} - System32\Tasks\AmiUpdXp => C:\Users\user\AppData\Local\b2b9bdce-0030-4723-9127-d18f95e7e2f6\b2b9bdce-0030-4723-9127-d18f95e7e2f6.exe [2014-03-31] () <==== ATTENTION
Task: {C9741F53-EFBE-4A19-A7F7-5230DAB865BE} - \Hewlett-Packard\HP Support Assistant\PC Health Analysis No Task File
Task: {D7092C6A-F09E-43D0-A66E-0210CBB75043} - \Hewlett-Packard\HP Support Assistant\PC Tuneup No Task File
Task: {D7ADD2CB-D749-4FA7-B31E-B036EABE4D31} - \Hewlett-Packard\HP Support Assistant\Update Check No Task File
Task: {EDA19EF9-740C-4388-8A78-BD083EDDB679} - \Hewlett-Packard\HP Support Assistant\HP Total Care Tune-Up No Task File
Task: {F91E155D-C04F-41EC-98AC-8AC37BA11675} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-12-17] (Piriform Ltd)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AmiUpdXp.job => C:\Users\user\AppData\Local\b2b9bdce-0030-4723-9127-d18f95e7e2f6\b2b9bdce-0030-4723-9127-d18f95e7e2f6.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-05-06 21:18 - 2014-02-22 21:32 - 00075136 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2012-05-05 14:12 - 2012-02-17 20:55 - 00193536 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2013-11-30 18:31 - 2012-11-20 17:13 - 00264192 _____ () C:\Program Files (x86)\Razer\Razer Game Booster\D3DX8Wrapper.dll
2013-11-30 18:31 - 2013-11-12 10:57 - 00098304 _____ () C:\Program Files (x86)\Razer\Razer Game Booster\EasyHook32.dll
2014-02-14 11:30 - 2014-02-14 11:30 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\367540c92c2004ff2c6695778fed5dd6\IsdiInterop.ni.dll
2012-02-11 01:30 - 2011-05-20 11:05 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2014-03-15 19:18 - 2014-03-15 02:50 - 00051016 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll
2014-03-15 19:18 - 2014-03-15 02:50 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libglesv2.dll
2014-03-15 19:18 - 2014-03-15 02:50 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libegl.dll
2014-03-15 19:18 - 2014-03-15 02:50 - 04061000 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll
2014-03-15 19:18 - 2014-03-15 02:50 - 00394568 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll
2014-03-15 19:18 - 2014-03-15 02:50 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
 
==================== Disabled items from MSCONFIG ==============
 
MSCONFIG\startupreg: ccleaner => "C:\Program Files\CCleaner\CCleaner64.exe" /AUTO
 
==================== Faulty Device Manager Devices =============
 
Name: Microsoft Virtual WiFi Miniport-adapter
Description: Microsoft Virtual WiFi Miniport-adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
 
System errors:
=============
 
Microsoft Office Sessions:
=========================
 
==================== Memory info =========================== 
 
Percentage of memory in use: 29%
Total physical RAM: 8139.86 MB
Available physical RAM: 5743.51 MB
Total Pagefile: 16277.9 MB
Available Pagefile: 13524.4 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:698.44 GB) (Free:522.72 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: 2DA53508)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=698 GB) - (Type=07 NTFS)
 
==================== End Of Log ====================
 
 
 
the TDSSKiller.exe found nothing and didnt create a log. Maybe bcz i scanned with malwarebytes and deleted everything it found.
Ps: I changed my name to User!


#4 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:17 PM

Posted 31 March 2014 - 09:44 AM

Your logs show obvious signs of having cracked software on your system. This is the main reason your computer is infected. Visiting cracksites/warezsites - and other questionable/illegal sites is always a risk.

Even a single click on the site can drop multiple forms of very serious malware, many of which disable your onboard protection, and System Restore.

If you install the cracked software, you are running executable files from these dubious, unknown sources. You are in effect giving these sources access to information on your hard disk, and potential control over the operation of your computer.

Additionally, cracked programs are illegal. Referring to the Forum Rules which you should have read at the time of Registering at this forum, this forum does not support illegal activity. As such, be advised that any request for assistance in removing malware may go unanswered, or may be discontinued, if the cracked (illegal) software is still present on the machine

Having said that we can help you clean your machine this time BUT this would be a ONCE ONLY offer on the understanding that all cracks are removed. This would apply not only here but at many other Malware Support forums if you were to appear again with cracks onboard, as many of us analysts work at multiple support sites. Please remove all cracked software and illegally obtained copyrighted material you have on the system so we may continue with the clean up.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#5 KoetjePony

KoetjePony
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:17 PM

Posted 31 March 2014 - 10:28 AM

Sry i didnt know i downloaded something illegal. Will u still help me?



#6 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:17 PM

Posted 01 April 2014 - 02:21 AM

Going over your logs I noticed that you have uTorrent installed.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall uTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.
If you wish to keep it, please do not use it until your computer is cleaned.

 

 

 

 

 

Add-/remove programms

Click on start-->control panel.

Vista/7: Open Programs and Features
XP: Open add/remove programs

Search for and remove the following programs
 

PileFile reminder


Close the window.

 

 

 

 

 

Fix with FRST (normal mode)

WARNING: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
 

  • Download the attached fixlist.txt and save it to the location where FRST is saved to.
  • Run FRST.exe (on 64bit, run FRST64.exe) and press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply.

 

 

 

 

 

Full System Scan with Malwarebytes Antimalware
 

  • If not existing, please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mb3-setup-1878.1878-3.3.1.2183.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

Attached Files


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#7 KoetjePony

KoetjePony
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:17 PM

Posted 01 April 2014 - 07:08 AM

I deleted Torrent and here r the files:

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
Ran by user user at 2014-04-01 13:10:38 Run:1
Running from C:\Users\user user\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
HKLM-x32\...\Run: [mobilegeni daemon] - C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
HKLM\...\Policies\Explorer: [3518887414] 0x504B0304273F944DF6F5BDD198170000005000001E8EF752892C5AA9A022A47C72783691D698E27E4DE2B98D51E38D9CF831274F09D02467C162352650C41160F429AE46823D430891D7F232FFC6E56987B672F43B1228891AA72D3E0CD2DBFB7DB331C1DFEB0EA146C10AAB7A37B426584D6122C676D2B5A454A168D2BB0660F06C375F3414AF0CE01C17B7DA93A0FD237E63E0C18D182DDD916EF88B3B551DE06A0A70B8007A3E96930BFDE65BFA8EBBA939BB63FCF889FC3DB766F10CFCA3134703D40FCAE9368BB857E298EAE0AF6BE5F402D670D8154FDC6D6244FD032D428DB6D618B557697160BD13697783DC393ECF1CE7AD5F9CAEBE784663F0A0E70F2E6A7A3CF8D6373082E63D008EAB1E89E6560B3CEE4BB56F0FA2F5219AB18B867D8CCB6A0405802A98BD5DDEC0E29B0F8B1010527FD3D1431F785DEEC1F627319FAAB9971FB03B9837AD2A8123685E942BA2742C954E701911B14FAC73075C48BF973FB02A2576B799003BA0BECC2F705B0F32E164319389ABD14899FAE8A4DF7BF12CB82C56DC2E27C9C59143E587C78D22E820DE7A02AF1D1849270CABD472047291DEEC298413C73A855165AAE6A5AFCE4D946F33E24B7C122EBAB9D75D064B208FB995AAB2C138A8EAA937FB3E12B6172EC3A0D2120D571F65FBD3A5C0EA1648D80154C2D8B2B81A895E99997AC28D12B45AE88C71CAEA6F655DD4C494BA77DC6A77B91EF22FB19093B753000D9CA316D21CC40E2A971A2C7C07E5BEFDB3522D4B9603C046547F5637199DB13EAEB7B46050121564CBBBBDAA8427610FBF1E5AE2D99946EA9BD5ADEEAFADA677E80C9AC76867CFBEFB950471AA88FC36753712EC9C0B353B13C0844EECB6437F06A3CB83BBE58E975FFE608D82A6FE81C33377DF22999A86DF21A09B5695ACD9876E637E3ADA9CD77E904EFD9CE3391811B548592944B398ABC6BBE7C0CDE16F96513CB488BC6D4D3E4D2B3E23246E835645CCBE85E2110A7C1C378BB836C06618A3AD878C3248F2DD7216ECE073B522272F3246E0E6011DBB12D77147ED651EB94951C0ED51027C8370FDB0BFAA194D40505AD0CFFA5FE431F04D7FF2A85E1AECDBBFE0B10B8EEE8BF752B18188A988F2AA3BEDF57B63EC242D5413BF636DCADA4AB9A773C1BB610157BDA9060CA2EB382A21B0F1FD6B5C7C3624F720FA40F9BC55379F691E330CCB7B53359490BE032E0F68CD7AB94B3CD89C3230744A3AA36762BDD3F1E19F0A38E562827ADAB7208E52E15D205AEF7CC8B08DE77514BE3E2516F0A644A0F911A24AF2C4DCDCD79DC1439F2A7423F3DF8783BFA2C070C0EEDA57DCA3E4DBAB26542355B2B9DBDB388D1C6927CAE01E16F9655C24B882097EFE2140836D0E91599EE80B9A5CD27B6D0CA6FAF326B5BC78087FDA6A211C49FC3B89D64237EBC4A7A10466DE0BAE1A61DD648DC37029D6B4E2230144455A7156D1CDAD018F176D71A94245366B0516FC2247A2C0F5F79F08019F912B1B589CEC4E3822CB08A918E47AC51B30DD864C52A117B37D594DDFB98612029B80989FA3963DCB8A3D7DB32704DC8FDB137ADF593FBA33137C14B2EB08AB3CD1186AF4521E151238FEB7C6650BD58A82B8F7D3EFF0DE436107DBAD89DEC2DA479876573E182ADC7B0B7764C56FFE3FF50E599BE0000B22EA2E88DA6FCFB4D9D069BB11858902B8B6820F460F055D980023DA53091C1899F5B0D894F8CEB12167D5308F2820B74CF0329EAA6BB0F6846DC5F754C8943F42DD0FEB850F11E1A515C6C3A34D9B38FEC74A1B3F5B763A2A09615EEEE59C1494CE6D9DFE3478AAE8400808E7C6387FB79D1DEBB2680DE32F0F69CDB9EB62CEC6EDD14616EB5347E5B08C29F166EC599271CDA97803239C69188C9539129C744E1C739E6B2E488EC2F54C0EBFC56056E60560A4D687647AFCC46A436E3457A4FAA988B137A2D6D923386BA86F21F5091A43CF42F4BCF055C00CA3978A3EEB9965CAF5F3417CFB9FE9926DAD827A53668DB7F70CE5FE0CA6080CF2251DE3FDD440E42E60013F9282D25248B2862D8E4F77143059A32AC8016202848D82163FCC435F5223B92973C846F048C14AB9B20AE8C04252B7049E23C1F0320938DF84FF6F53572ADF449426DEC4E173F43F122CD669940ED9EB80EF77EE7F472A7B40B46A2841EC548267D3A7B719DF562A824CD4108A22D58AA73F937B460D78EB3FF96443E66EE62DCED77E241E1F9FAD56E7C3C6F585E9C7B93EF6BB29D86E3045475932258FD2B41477F46D8930FBA91A0CEE562A210D764FF20D2D9F5F6FF813D72C824D5D2B6F26E7113AFBD693EF01B4AE75C838BBC83D9DE68ED192E2FDFE357C1DDA474653CE60E254C88ABDEB743DC348717CF0238DD0BCD09335454F2AE24DF4459302A90DF6AECA9019DCC578632FBD967B8C63EC479E41400AC2956D022E21F2BE23DBD1359BB68BD4A329EBD734DBE04EEA66EE8C6F78FC9C79EEAFDAE39B1769F92A9CA91624781510505E178CF28D9CECE7B4C3ECBC63E9D38CB8EC9250131C26A8E9FC3F1F4AE6DDB484DE59C3EC1322C1FEFC2AC8BF32BBA5A662F0EB6DC6ACDA622EA5CCEDD89E336B4CD16C18F7E92905246A4AC7DB61FFCDC2676742FC0B47539B4DDF96C42A755F47D27AF8B0981ACB0B3177CCB59609D9B939A5DD6F8575EDAEC56B4EFB09433DCBA7E7528E6CA24D4FDD6797C6033F89083EEC13B12BA28D3A4766274218E05F71A92FD51572F3836FE16520EC6D9EBE78EE02F232F7EF553A742B60B2787F5694460AF8F1D4FB021F3A02446E07A053CC39ADA6DE0181DECFC15BABBB95A4767D4DA732D34D78DDAC208148A7134F8C0C0E44996D9594A18E43BA8580C536EA226129B05BF134E5B109EF225D95891B1BA6AB66829E97ABF08C89DEF7229CA82275BE5668F7D7D4E0646415309933D515DD069A0C156785C141AF8F9B57545BDF87BD8E974ECF6D239EDC24F9B10DC4A52F066DD45A6DEC78440AD68565D40A2E95046E5E0A15645050CA0A57BD63CE57A23ED3FBCF7936B5D83E9471C71D740D50DA736871C948E39C7C14A378318B20E6A778A6099C8CDEBD382C53086211E8D14C539BD0A53A6222748D93EB740E64B372E846F55F1BDC5D939527E0BFAD7247F3E39D1957E8F1D7A703F8A819E7A6C8AF4722F76F85112E24BD21BA7C574587BB7BB6563E0E2559BCDDCD03FBDF4A09F8A0A73CF1CB9E681113660E1F17859254398DB11A02D03C3178819AA9FEE43EE665B7AC3CF2F1D0CE9D350363D892EBB4B009C689E2E73FEFC3A725B69651F6178DD9FB5540128C58450D89CBCD16EB613E0519070E812B972C0B83C7F92930365EB3E003BAB51D3A2B66C54D5DC3242104132FC18C2E3BD2F111B3CE23BE79172E5FA42F9BB9FCF4487532925C86FC797C6162C85E00543DDDB43E1EE902A2D069A5A095F32AA703EF3B7E32CB80F70269EFB09C9CE216139A13441405990E11BE28870586BF85F5105437FCC7F8A1AC1D0606CD93AE460F749E405254D3A02E8E75F22338FF2F06156082897E8FA8DF968BE2FF3694E0EE0EF616EC6EFDFD537FCC0FA6CD48641FF51E66D730296BBA4091A3168257F73561AE6D42118C8B9397902528D5903237D58AEFC45065B20688DA26D0B410BE9794F3DFB16241FBB1DDB2F709B84BE85197ED0C53210369C5BD7147D99391F121E55C944CCE95D77DAEF96366182C5C20DC20A220CAE26A659AC554EA29F47A43FAF5225FF876638C4103EF2B52453FA5EDE43BFDD5876582483EFC490BDE66A0BBC80E4B7CC1D9D2C56E3E61866487D3538EF9681E154EBB234BCC90624A1C5EC0E66DD4C3FAB27220A7816B302E6856F8D0FD1DA63B5E983BD9EB2C016C51AE555D1ECAF10F915CAA44CF3EF0AC94FD787A41C8F3462FA16991B82D155B56CF31498835B761C63C5527F55119236283294A8BA345CD29C14E46B1D899B990CB573F51C46AA4D7E9C81DD696B27D3907690BF4FFE6E92389FEC70799D28F9D1DBA3A2A840830BCED9AA90F96EA9EE0FCA03312D995CEAA244AD932634CD44C876B5A6FAD07707F325AAB5B35EECFDFA4DAB9A472A53989967DDF06D04EE90A8220F729D90BD5409CEEA8B0F54DD8E6664BD07E37F79369D73676723F7D84B59EAC5E89B0F13A09344B91F0D2CCA40B1B83527EABD693608AE198B6994B2AA97DA714B1BA7F0BEB8660746E2C92DE2060F0CFE6205D72D58681DBA30103853DDBB836BEDBECBBF239AF3AF2232989797FF4DF217C22D2FBDAC001C7B126BE36750007C2AD09CD558C3CE8F81EDBF10EE3AA440480DA8C9E8055BF037F6303DE9B621446C7BCDE73CAFAFA1F766BCDDE2AB3214D6506CF40B17AF330F7229080A6C1083C53D77594AD021A31CD1082258C576A630B6A1329557387318B4B53F95DD5BC8746AAABB054C3014168852E5AC53A2F9E465B7AB3A5B9D765369AFC421EB73165B1300171A9908718C310DA2B66DA3BD3F0697ED6CF4B7FE3E136D3ACD660963F59F0782C7E81582A1EA39962F8913140556E2412330CFD36C9F644DE5E7379F7E2A7EF8C8FE35F5ED66DF4638366C874E80B17CE22DF657F5E64FEC15B856430242C764D6FB363A6FA579A55536D4959E751773E4FCA7466A526ED069AF53DB5E40C49C903E533326918B28FDEEEF318F203A041226DAF0B87304CD7D9B84CBF36AD80FE57101E7E035F254EAFCA1362C261ECAB1457E0CC4F4F95851C36D8D8BF8D82C6EC7E7FB5A33C2987576D3201AC5E5B8510BCC8B7A18C4B8C5644D8B835434035FE9FC14C0E5672FCE01C20F837B2C593403B815E44FE6B00EC3F87CFAC829B94B06E4BFC15DD2834D986942029767C2E6031D9E864C30FB3CF6B0C1338A9DE82D26E7E119386F9105ECF0ECCF9978BA0787867F34DDA97AE712720E885F491CC036E67BEEAC8917937785A7CFD1F3FB235070D0EAAE0C7D48C510DE142138E8A2CD6F9456BF2BDC3C668A53121837EA20A84353F120BF6DF07542CCEEB16181A1DB92DE1EE2764318CB376288CBBB1FF3D53E31638D13EEF1284C378EDC3B571200249CBBA6314624BDD704442F4500897D0778F1CB42E08597EBEA71903BFD571FD17222B83A7D570E9CF696B629CDA38BE58C1F5D5C995EC38EDFB6AA9B9BE73B6886C1865EAFE42924390119E60E8D34CC31116C0957B2BD6F89FED7EE48631052CD5686E5C139FA529F0476BB1DD6F313CF1A292BA0549B1BAAE8B2F91A374BFF0085D210AA91FD50F9E9E651E57190CB9F3096B40A4AE491E4BBF54D972C50024CF49AF25104E4FAE8875C530AF83471740C0912E1F8F46BA743C95A5B50996FBCACE21AAA7BDCCEDA05AA482CD997AEF200EBECC679E0017B2A600BD0F48A5C67E6847DE6BB139D3BF8F80BEC52E07A82A171CFCC56F2AB998C7973E021DAA210BA8FA60358AA8B44869351E9E64879C8FF4C494A12CECDB5271C5E8BAB188421AED9C3F63B930157FEE3DEDBFB8B5D0D1AF358E1A2966F9274831496AC8191B168FB6151A92BB525B6FF8208E973703D649F5A238DCEB518AB810EC2CAC8E96B18D0CDFD2CD55B52DA3AB5477C85CC591F400156EC687FAC981175253A3C5FF569B87BAC01C9E2FD48396EFBD50746B5B79DF9AAD3BC15A3FFF68B7A98BEEC7CDEC8C16FA1C4BB5A63E3C66F06784F19672CA14338FC5260C807975898BFABF131051A7EFE4E3810F646B1AC3BBFD95C3EF14E0045205490095BA20E64EB308E0BB236FA6825D749F6A34EF3E3213B8E761F2CBAB8B5F68F1D2CE4CAD225876442D674276BC25B2A4A392AEA15C9CD8F78FD750E1675A4146BC4216FF033CF3C3B28ED87E10881ACE95F53AA10BD53C8156CEAB97F3422B90BE0898917288A2EAF7D4A2079307B9C6010BFFEDA10147845A0B381C7ECE8CE3B80175D5DB989F5C9D6F518224F3E99DF2B0F2C6645ADA0461F1400C370B5FEAFDC5C162186E35972CA4A906C1F281067B83E43DED6883AE67081951C33C02389246FE307E747446B32E7D37DD0672DB2B025EB502ECB3C8565CA3D923E432778BF3CC83A13152D924DA0CE6EAC73F25E92AFD73A6750E77E444E44DA419C858F5448A282D6EC8F84ECD6EB183A3D1543BACBD33A20C6FA8A15D34AF84CC047CC09308F05091618FA2C598C8312EFF533F5EF2C578A479C5DF74AA439C00238D3DEB9123447E6B59023BAE78314EBD2285E3E8C498EEBB3D7E6266E49BC96AFF041A73128BFB4108B3B4BC3027A7E4704B03335BE9F8316552B0981E82522503EBD9120BD19196A36BECFB0D4DAD362095306FCA95664962E0CD5F29E1BA297A71AD64CE4B0090639583358FDF2A789A1374CE7E0826DE15D6DCE728CCD6922C6EBB4BB15E4CC598961D38BD12807E01007F20727A4380B9292B5F24CE06DF68CC361E0103060F6B5A7C2CE6F0CF19C0AAA234CBB08FEA44CFBF2704AD254EAA18E0ED64D5E09E9BBB7A0ACC894EB9B88798A466C9F53A68B73E382466DDA09C55973B061B837D2C4AAFE451D217D82220FAD54289A4449C735F0DE9CD7F4C675C1C520F03628AD70E63100BB72B8D7B72B6095ECA98FA0297B9DD11D826D89A20DC9EB792B8494669E267284160A033E1900D2EFCB365AB68EE0378F19B861FB2E64D2D643EAB80DF2E4484FC0C3B459CD2B39CB4B9D500E3470A11FC981F2DC2381B70D34EDC9DB9CA0F57183031B52D5B5153AE1893F4160B6BAA2633A596500EBB230FAB97957749E3EEDC81C058B98E8695657F80F97A34454ED07727CF87264D9C474E7F10628BFFFBF7FCDF602E5017A3228B211C44ED94984E847043733F70C1E5A5972EC9CC609B9A2C174308A02C975E36C56CE99F4F72E047CE7F9AA3FCB0A17EEBCCD9558E20E59D9063C6D0214C3AF19821596A6C43AFDC51E896567617A14F992291195F9A291FB4CDFCA0AD74AD063390F6772CD8A0E7E32D04CAF4D1BF3DF1426ED74EC6C89FF0D997EFA7E9A3DFAAEE457F962254DBAA21F46B66A223A18A975E74EA3E826C6DED1B0C4ED8DD511755FCD0178A8893A544427495A75F2111209BFBED29B63D7ED3B5AB496B5C5D931C976241EE36BF80C9D6BDCD98CDE7C7318C6AD81BE3AA537A049D65D0700F692677C074B1BD4ADB9E9153CF201669BDD259AED411BEA0D2A98F6B37DEB2825B437AE2827D2407504FF45603AD08BDB672C5B946F5AE0498D5F0395C0A4D0B5DAB7E5E1A5F8E9EF2D99AD8A639A132CF5EDD50906E2FD8B0C94856762660BD9653211C4CCFC268CE56AD9E23CC7DA892FB75A22A4367558123D57EA9F04E7B5656F22E22A68CA65D46A0AADF7AB94C0B4B3A98B41442A48DB19D7F3A17A06BD863E31F26ED1B286692F3F4482E8DA286780ED22D2E13DC434E343231CE56D6A91166A86A29939DE0E661E07C4071A7851C2D2D902A7F2A5CA74BBBC41F8F0F3D4F03EBFFEF73B7169544B71A770E73B8EA5E39C52DCAF1FAC22F398D891DEEF19C19BE319843D0691DC87EE458D64D2841855E42F04433C1E49EFC23A3619ECFF3747525466C002A70E1D477EA5165E8B6D20A9682AABC36A1FEC4D77C3E389968536541A96A049374542D1439C118C681197496632A7AB7A104C9F01DF8A1694221AE7B46998297C0BE404FAE52A49D45AB9D4622C317EB2C4B9C4C7004CAE115480003362F52430D101B79A0D05E4726D5D4F9242C78852872AB629BB7F4232C16EC36CB1C0EA351C44F827B0AA08242A60A83E0B7CE76D5CC904F370D7337008CDD89D6D580CFA76FADB7B501E6CC9EA9EF539C4F97465E163619881EBF830CAB422AC8E603F32AB15E6329B4B17F0DB74567CB8CC7CC5484E51BF55A2C72FBDA207602C6A9C6CE5C93D0022838678A475829A95EFE608DED1397E9808C0167A38F5CF887A080E823DA18D58A637AD440717B8F1384106CC3E041393EBA732ED7C2D7FA25612CC1B20187BB7E6DEAA29146F79AC95D161B32EB1CFBB6F61750595C06D20C0820083A28AC79DD0BCAB81D4E304128DF7D4E73A66162C212CD2E921D583B5530FA308178147AAB36E2AD533E808AEB7934C3A2E9EAD59F0F2FC69F6FB849425F9ED77EA82FB90BC25F060D253926D4E83A59E880898389F032EF7371E8B57123269FCE9FA1174AF96BA193F7EC46F2DAB2E7D958E2C4B621A112159329BD2A018CD2364B352145F14BEF5159C4AA0E30FA91B06E955301FB87B3DD134EF7198AFDBA14252114D87BA0B5F8EDB4DA2D90FFD1888AB937BA2E5ADD6384D2C1132E72A168D75AE366E89373BB2CFB52A962678678531EBCAAE34AF7B7DE3E8E37776321F10A9D1F431E597DE8B2CCFD4A9BCA7DDEF62460595ABF3BE6F837FE2072ACCF2D4073D1124F3569DF18B974193FEA5964444469438945281FA6D70DBDCB9008812C10EEBED14EC438022AED735D9B969F756B777F0A03E97C08CF36A9E55C7C183B27E78E8C3D6792426A595DB33FFCDA536428902A18AAAAC29C154D793C8791B191B000CFD91A8950F418A5C9216766DC77479AC2B898F159A397D7233F7F003DD5ACF0F7846E6BDDA7BF24
HKLM\...\Policies\Explorer: [3212083974] 0x504B03048D85C5B9068374BFB5110000004000001E8EF752892C5AA9A022A47C72783691D698E27E4DD2B98D51E38D9CF831274F09D02467C162352650C41160F429AE46823D430891D7F232FFC6E56987B672F43B1228891AA72D3E0CD2DBFB7DB331C1DFEB0EA1B280547A7AD6CCDA35239F39E09FCACF464BB63336503AC78B07403B9521D0DE15C002FAD7085984126129B97C3BCCE1D9FD3637123F72023542AC2F946C7562E2BEA486342225835CA2F6E8E2B06B4E5C6C1BFD2F0F42EF8AD3E078ED8E58748183CC1B154DA8BB2F453E561D82FF1D98E057D1ECB64BCAA73772BCB9A71DF67B9AF90A9468C2AAA5C4013CF3A52190EE05383ED198D4D41F547D6344C8A851423C6B49464DBC56D086ED06EFB8A8DCCC7FF0F3C9061CF096DCCC2A2BB4DC1499783E34AAD80506AE6387B56625DD646727008CE1F06C9C42E0267A89637EE21D864F4D066A6B8AECDFF35EB6C41BBB6F42E752C3B400393F8134662F83E5872A8E6264DE7EFC8C08164D8CE322D1F4D3E1331D1D81E88695AFC07592CA63371F0C6A26FF3D360D95863484F96009457D0CA59276EBC940530DC40EA6FD55DC2DF5123DD294BFAF18B766BC081F011EA6FC6F9157F2B66A28ACFFEA704F248A53E14D641486D030C7201731F79D3C58E50DF49187C72873523EE788B13BA16BFB7B9A21B7BAEB5A1AD3FC10A008013E02BA8068B76996D586621F25F5F7ED30DC7E107153EBB5D355310A2566D50A27842A43319A16CE870CEB41F4F7CA3BA1D56CFB50C002E484DC8F10907D660BA02C06D8E0593E178E98BC4564A0A3277E8904A258015FE0BB62369614FEF15F2681B6E1EC77EB7BC4B4D4248663BBA13F2292764D39F98186E8F2D737F13F4B489CEA6E59F5BF0257D256D111D627DEC3B9C07282458B62868831E272B17352EE6CF7507DA6E3220ADC668CE100C55E8E94118CB28DD04420673E15DCC07D1577E379547B6DE01B0C442D0FACA4730315856C0241731A5F3B0AFEF733C18300EB2C18A99AEB70B213450B39DAEEB12DD5DF9AD1D3110601D73D56BD05AED58BBE5A04FC3A4FCFE270206391C7390044950832A2E3EFDFC22CCF6621ECF54D16DEED8BD6B4375EC9361FA0E5E81095DE823B0C5103DAEF477A88713FE8105294C450D881BBB0A7D84AE719B9437170473BD2D909F5644A7877BD507153710F5EF53EF95FD575D1E4A13B568F79423946CE5ED3583BE08D659EDDF068B8F785995F4B2E498C1FB0C390EAB845FD99927805A9D56BF73F2C2C73974A58EF588BB5A7DC3AF31D3533FCD177DC62230796A1707359A5DFB16C50D938C206B9AB0FF9E7B163E2B3AD9492CD023BEC2D9B7763C2237F218CAF5777032AFB5AFEA776A4C9B5A4BD3E779ECD0E84D38A452F9EF0CE8533C7BEC006FC088FDB5F52E27E371255B047599B354A35C9CCE2ECF7AC2204747AC62B6AEFDBAAE5B5ECDFCBD734851D99FF3ADAA1E6D702F1908EF738B38BE8DE27F497173C2040D9F61112D41FEE2F0EC66218424655C4A2A373453CC9111E135440C3EBEB7773D8CA0C0F1E31D73E21D65B560706582F4283251CBF9999575D0BA773ECA57993A31B13D3B0A0DA2E60E2D59D86CC5DA6FBF60950FEB3F98C65CD822BDE4003AB2C262DD2C43DD2524DD7E6402EF3B725BE4AEFF88BCE980E916CB888B68CAE2A7493FA3407D0DF411E582B8A08BA12C4F63B57CE853E265BADA05D043E5C6225804FE94E439F893032FECD4EA006DFF93165BFB2E4D5998BCEC8F7E9114C3182805EA473F2B352DD7548F61FB1360675F4969D363772B3CC1D5D478033880770D4D7FA1D9469DC6EE5D5BDACA68898708BDAA8AEEC16B0805253EEAD92D669F5C50FE5C5AA4CA35892E16D81B06E42517750794B147D44D683F593A43E1F4ABAC0D1B7A8825D287E0728C875B5B1B531B0B5F5E79F0A30380711E837C9C1F57FFA409F24962D96E1AA5CB6BDF6213C21536408A92284D5D78398DED0119190C9AA6492C1B3601F0C9CFDA08D130E59FD9915F1D9292D0B63FC3D900C8E82A6DEDBD560439C64369651BFB8EDED92116EFDF340A5187919BCE621D5A288F0950F9FE428C9CF30EB5213F8B81731A7787412F2B470EFE1A28493F0C4A41A6017F172328C9806DF9F6AA7462B73A431755A57DC04C12509F6E7C9DA63DABF44B1BB32DDCCC694DCC9AC7A85B0087F1E6A0707E5A16F3650E98A12D7124A548A827278D2660E9D409B924BA2E7E6E7FF163B0DCC8F615D3241F6FA147CF139C9DE6DA332A7894B0AEC46E76ED9E63E25542276AAB9BFC4E82D2051B05FCAD693E90EDD3E7C6166BB28E030C14F0A99F2FA4F239C55FB88002CC97467AC9D534A4647E8F9A8A5A6EA5E596389311F79F34601AE9D2772334E1F04DDE214A3FBB5D674340A08F59CAB799045C964F566C569D53062DBD874908254C0C6E34987099F35D7D99BA298A111DC976FD8D33E6DE8B70823E529BB0FBC048E907FE459CC460AC2C4945BCB39813B80310A9CFAE536D7F27B842906EB3C1DC2F10A16E7C9555D45877493BF87D5183DA4645D550A8F89607C02D7E68604591B447DE08471DFEB74F35DC04BB1EC07A7A62DE8C77F901F944109E09E78B9FECE09D618BDEA4878CEB470F79FD49799448C5CA9B4D87D2D69F2F6EE17E7545841714A2605D1101CE045515BA520199EE7892B21CF28733C3B1BB5C76B0BDF5980ED26F9B6220F87A51D65EE69C8CD9DB56CA8DF355C4B358779E0CEC4C0C6B33565A49FCDA47F3233A9D93A614BFC1FBDC30BA66AC9D965DBAF1EAF52482047BE4F815E1E1B21996207461005B5BE3E76778F541FB416E4757B0585D59DFDFBF1855E4F7722D6BBE009D7B8585A6821480034B5088581988809C5BD07A55D3154997A23DE387590EF84F5D27EC694E038122AE5299A5DF1EB1955A1627803459548B34E6493934D85A44B318CB6E50D9CFD9C436A4466B89D5F522BE0817A0BFEB6C07134A315F298C1975BC7053F3E90E02363DFAC5FDA9B96DA94323AE11D8B5A9ED1AE90AD5D51582C29AC6FEAC494258A3C6A54EF03FCE1389C64640C39836C389E0773C6D69ED784DB272CDC36B18F7ABE71B56EBC83FCDD646D7839C3DE688F7BB1770BF8D7CCC19F1B92F3044A031D2D2F4406FF7496815B9F2479AA75DBE078422C86516C0F775A1138D8793211BEA882D4F17AFE75E7E674447B00E8D2EA64D00E26B1AE216D6B76B49713A2381EA10AD488CE0F90148A1F175D0FF0B403BA9225589814E18BDCCF47F65C311D90E88E2A4F7BC6254EF7435EA6B86328AC241CA1F5C3F8E12715A8AB8D79FA5A1E3E43A5C7EDDC83D4B9DA235684D539568A152D453C796ABAE0AA8CF3E264A27E6F65EC52E7598416A0CE9B291625386092024ECF4BDF5FD9A00882E2B9E67949728C2AF06BDA630DABA74699378F8132FAA699C9CF648902032292D467ECD69354995E3716EE6791351C3D6BDE875719BC7AFBBCA04C52646C683DC55F3CD89B6794C6A9EEEB48C3328BE97E4A1598C0A33EB531C60D36D415065BF56F8CB6EBB240F7A86950B81326551CBDEA38CF67CABAA2C6E6BAAF8AE5995A8B7673070F62D8051239E84E93011865529D8E14A780A8DC9641C02D2831AF61497A8A89D4C40F1A6D1EEBC911AC03CFB73A7ABBA64D1D6B50F23DBF22BF3302E66FEFF5D19FFCC39E48D8339DB9AF184E420FB89BBC4A237A345CF0E65BBC31F9499B2EDBB5C1C7133AFE6DA7146DD8A2926C5F5D16FF646EF3AA9706CDFC02AB5E42A67AF83DA971F54A336877EE5A9B1FAB4D1958E1932F0D3749B98931676EC9D795D2B9CCF730E8354B2612B7FE69A8E516C0846101B6E59391ABE8A3131980ECDB4B7CCF24575A49104A2EAACAB8E3A6FFFB03DCD2FA49443F6A2E1E3210FF37ABC01471FE34DD81D83CBF7FC1CA2383BE226726549AFDFEA1BBA23D759138437FC4359B4EB149A91C303C01B32F4ECD7B6862730890C8F46E919365F7626616A9E6E13D8344E483D8AA9971D6895F4C86EE8D19E951F859DC2CECFE2A7123C1274E06EE36929901480CA281106095F0F97EA0B396A9D7E8F68E01C70A9981F9575849475E5DB0165B87EA2302BECD062DB04DC64E92EA1624D1F20C0D3FD63D6BC891CE0F6B4CCFDF19C0B275002FD7C53F6F04E4E7BD044F12DB0C3FC1AC8604D18B6D2CA5DBDBA0F53A46A712C6372261DE32B55501C89C5C1867B876426E0C6BCDEB2902065E53623AC756A48AD4C54B8434FB41520D2D3E94176B739286AEDCD5A52F0AF9DEDE210311A5E2BB8E117B1E7E4108BDA58CBEB6AD8A7020A5406B3B8981A287FF62F8B0A5C0AD2A9A59EA3CD7B6656686EB036F9CB72576B432F15F7A5856CC8C97235FCDD53AF84983A9BD0B831ED94BA3AEBA6495866DB6E5F50288816F212E069D19B6D4AABC4B5CA4F6381CADB817A80583F76D11D776D2D7AE3483AF5803EF8375B1E99371BB10851C590785F7608344A038A1B775F44CE3166EF35EAD3BA893A6CA5F24D19DE583C0A7D8F112AF9774DBB1352E75F5F3002E0FF1917F4978A8064A0FF892AA9C60D0E8282934CD386CA640BCC629A3494C02B79F2FB402D6323EDC78F344322AE771B843CFE61A482D787EF4E76545CBDD05AD0BB9D9076D530076A039C3BA42ABBD427300EB4AA85A2E9A455B47F81388E6ED8D18ACC3EDA9BACA364856E00007E635214D6F2742A360470FBA91E3EE1EE5A7180C8457C8EC1CBCD4C36F773029852390493614592B58CD34AF13A6B88ED6A01486D1B0196371C15D53ADFFA713BD273B3FE5179105CAA2E05831D4D3D937B984CD48ADEF5B8B574159032E0EADD0C844B3117F4790EE516BBE5A2622BA6936DE35BF861180FB30EB4546C3993AF66CBC0D7D428BA10DED47EC09D07DD1AEEAFCA24217818D75A33F2722850D268CEE13DF2F90523177003546A984E959343B8084E6D35EDC3605E85892CC73C14755FDA6851FDE3315FE3E1A409353CCB584AAD594CFCE665C6BFEC074E0AE92203232B28B27CD19189E9BB9A701C4679F6D209EA775F48B1D5DE71A7F2428E6FEE82CB4D3DA9F6C23E9A949D1C9695D48928D9AF05C3E80BE1B1DA1D8EF3ABFDBE8AD16CDEFF99E7568B8C59CB7F4F49138BF367C08470B73EA109C154A1868243B1071CFD4E8D315F9E813F96A9C4F1813BC0575F71BB65148DE1A8BC7D6ADF4C14C33604C45CB8BF13360D153FEEC5616E773AA7AD1C8799F2D04400BE91AFDDC0B833224A271B9606D81D6B20DA119DD40237FF17F2F40E35ACBBFB5D31249AD7D7EA53CE983E09DC9739E151E9E6B83B970A4E7006A541FE160F9120ADC39104448F534348840FE845ADE2764CE53AF0CDBA8684981AAEC30ACDDF77E033548789707D3BC97E31225B4BC37BD65E29C4827A6A41AD12EFAD6C44A3528F2B0F71983DAA10332289FAD4092521BB74971237CE85FB2313445DB697DF748809D554D06977F005AD20273866939661D5F2B78EC3E36CD26C4BA6086D40389DC70B1D305E2A89ECCF01EE100E12174B38247BD2A4AC49024E8EE60D1D7965C77CAAF5ADF47949F4C272A7660BEB447DCE69D6C89C04DCC85044DA923534C876E1CA5A457FBD088FEAB80289DBEBCA21177484CBAE9B212ECD869DE0B478FF89F51281D8BAA7E292159E787986AF984C189C4D32C190020A9B64C997F5F1D69DDD05FFE93D98DAB8FA875A3A4406A66B296AE19735F2DF8A00F025B73E64782C160D437C8DE0A159DEF684F243EE6FFE32A0187C1FFE0FF762F70DB2BD3119A0BD3CE2EE58C39BCC835BDE0931897E247179DFD81F5E36081FC3FA84008DC889AB32081969E1ACED160134B34036674F2E78E0BCDB2C97058507EF4E6F7BCA03355796C2C524AFEB83D0EDA5B78ECFD66FB087AC60AC4AE00B92B18BCF640AF238EA3127EA7B660B8A4F57CD0DC824E78A2CD961381DBA8DFA47EE52D0D8190AFA72304F636C5AB85F5027C4059DC028AC56C543830C2AFD16197A3AED7F906218836A43D50CC466CAFDA1AEAF5999E63B849322DF0CA295C782ADBF6DBBA673B4A24C5C74D9FCCFEA78310561CEDFFA2CB1897BC1FD82A7DEAE0C2DB962E521B35D13763DD17FDBA8E78EAC850FDDD47AA1BC8057E34C95AF1A7CE07806FDE7B782769F5ED2C25BE4FB8CBA16DE24DD1577A8BB78560FA7153323325070B102E4F688ABCDC674B1787C53366CB79EA6E4949210327B1A1EE574944B90F663976E60B1CC951FCFBAB2CEA4E4FCB5C40D80E7F6C485F4B1AEB234ECE4D67E95F3A98C2DF04302A27F2BD8113122BA5C4DBF7E59BABAB9D81BEEED19F20C8A1965B6BC005CE19BB1183B2099449FFEDDA95B03C4317ADD173A3A1C13CC2DDD1CB7B0FF57DF3E786E5DAF79D8555CDA1986FC92FB36AC0DDBC305DC5B5DD51
HKLM\...\Policies\Explorer: [1781466620] 0x504B03046D564F27FC052F6A12040000003000001E8EF752892C5AA9A022A47C72783691D698E27E4DE2B98D51E38D9CF831274F09D02467C162352650C41160F429AE46823D430891D7F232FFC6E56987B672F43B1228891AA72D3E0CD2DBFB7DB331C1DFEB0EA146C10AAB7A37B426D39E6222C676D2B5A454A168D2BB1E43C26C87472CF4B61755AF0A96D9D58DD0725E3EDCBD27B073EAE89A4C3C5EA954140AE91B8DEA1C788665A8E6F6EE436E5691F3A664282F1297DBE18ED1244393EA7F9A1D3306304688760BF591E9ECD9F8B5B8EF5070F987C4C56FE218A25DF4C8C2AFCAB0B147B571B0BD775006F24475481DF14DB6FBF00A67C0FD4DDDB2BB8FA2488D78A8EDD1267AC7ED103FBBF6E464BAB77DA951BFA9AC2669040DB1A0FE3A3B5A82987CF5EFA436D5ABA48FC46EE0381C332E1DA51322C41D8F4D7F55F15447A04A76F4EA2D92403903751FC3FED65C3C214E824E8D11CF1D3CAA892AD59F3E0B45A18969DCFB6C57DBC40558BBC09C55807717BE21893C3EA77958E8BF81A3027D760FC6AB3F264EBCD352BD8F68DBB40699E373167269F291AE4E608CBEB33B2E4657188C017364E30C4F3BE42B8245915A981C6914E6D93C591EA15EFC42F3A41A56D6379409405ADA36711391F76966875581444BB5FC89A139FC6CC736EEA005EB4B1223605934BF7CA3A75A67F8D24A6A6EECD80B064D4DDC83F3152BC64C01121479B6F062BFE8F731BABA640D8805C2E95602A44080135F8F8EF6F5658C9431E021821A5995753F2A06AF87879E4FEFFEB1323F93A423827F49F7DAB726874782F181E456AAD3E5A5F6671ADA4D1916F98AE08D1DD1F21C37F756D1E6353202EC288FD8B8B1A43D3332D08CBB67BD744823C7F14D71BDA3878D807561557CDC637AB521022892016D38CC6DA94D609A2BACFEFC57C916BB13BEB5DC6D2DF74EF44BF3308422AD3CCF6DBB2D1092076EBEC473FC38B9E9639E1D8C1C945341DAA5C874024F63C6B85E8DEF1FFBE9DA6B084863328852DB89D1DF0505698D159E8173B081E3808130CE921C0314DDA5835109600DE138DE650576FB07960575C2D9FFFBE113B079C2C4B959060C2D5DE688FA12CA73CE32C56E973527D85F0954876015458D34211B7849756042643207468F1CF22494958C57733CB75EBA70AF2FDBFD57A513991EEC8B05813FB7B55D0917F0605E0E0027346A35BBA21E4D1CA086EB31FCA0C1AD90870C450015EE04B9B03A1F77C5B2ACB6D17C55AA373D82123484217D16C893B0064770852E30DFC9FC15FD45BDE67888A200395DBF3936622CC145EAA3D7BF770BCC7249B09A2E88086D5F767CC4B8546AAE4D7A19967F5E7C24C068E63A2759408BC9737F0644950FC292BFC39685453423DA253EA960C7DF85D7AE6E624204CFA5C28E36B689FEC2C9150F0D057A550F8BFEC014AE0B713508F8C6F9F24FED923E3C8AC730B6ABFCA5DF2400EAF7DA17285D500DE7
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
URLSearchHook: HKLM-x32 - (No Name) - {32b29df0-2237-4370-9a29-37cebb730e9b} - No File
URLSearchHook: HKCU - (No Name) - {32b29df0-2237-4370-9a29-37cebb730e9b} - No File
CHR HKLM-x32\...\Chrome\Extension: [knkakpihealnpggeceajhaonlmgdkaip] - C:\Users\UserDE~1\AppData\Local\Temp\tbch.crx [2013-04-20]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Task: {9D4D894C-EF8E-43E0-8FF1-8870C6BDEA8F} - System32\Tasks\PileFile logon => C:\Users\user\AppData\Local\Temp\Goat SimulatorDownload_6831\Goat_Simulator_Downloader.exe [2014-03-30] () <==== ATTENTION
Task: {B834DD08-CC03-4BD3-A2F3-67795B0CE932} - System32\Tasks\PileFile reminder => C:\Users\user\AppData\Local\Temp\Goat SimulatorDownload_6831\Goat_Simulator_Downloader.exe [2014-03-30] () <==== ATTENTION
Task: {BAD1A069-79FA-4418-BC43-1C9D5CA03664} - System32\Tasks\AmiUpdXp => C:\Users\user\AppData\Local\b2b9bdce-0030-4723-9127-d18f95e7e2f6\b2b9bdce-0030-4723-9127-d18f95e7e2f6.exe [2014-03-31] () <==== ATTENTION
Task: C:\Windows\Tasks\AmiUpdXp.job => C:\Users\user\AppData\Local\b2b9bdce-0030-4723-9127-d18f95e7e2f6\b2b9bdce-0030-4723-9127-d18f95e7e2f6.exe <==== ATTENTION
 
 
 
S3 X6va015; \??\C:\Windows\SysWOW64\Drivers\X6va015 [X]
 
C:\Program Files (x86)\Mobogenie
C:\Users\UserDE~1\AppData\Local\Temp\tbch.crx
C:\Windows\SysWOW64\Drivers\X6va015
C:\Users\User\AppData\Local\Mobogenie
C:\Windows\System32\Tasks\AmiUpdXp
C:\Users\User\Documents\Mobogenie
C:\Users\User\AppData\Local\b2b9bdce-0030-4723-9127-d18f95e7e2f6
C:\Users\User\AppData\Roaming\Oxy
2014-03-30 21:36 - 2014-03-30 21:36 - 00000000 ____D () C:\Users\User\AppData\Local\cache
2014-03-30 21:36 - 2014-03-30 21:36 - 00000000 ____D () C:\Users\User\.android
2014-03-30 21:36 - 2014-03-30 21:36 - 00000000 _____ () C:\Users\User\daemonprocess.txt
2014-03-30 21:33 - 2014-03-30 21:33 - 05456976 _____ () C:\Users\User\Downloads\Goat_Simulator_Downloader.exe
2014-03-30 21:33 - 2014-03-30 21:33 - 00003590 _____ () C:\Windows\System32\Tasks\PileFile reminder
2014-03-30 21:33 - 2014-03-30 21:33 - 00003200 _____ () C:\Windows\System32\Tasks\PileFile logon
C:\Users\User\Downloads\Plague Inc Evolved Steam Crack (1).exe
C:\Users\User\iscsaee.exe
 
 
 
 
 
*****************
 
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\mobilegeni daemon => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\3518887414 => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\3212083974 => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\1781466620 => Value deleted successfully.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
 
 
 
mbam file:
 
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Databaseversie: v2014.04.01.02
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16521
USER :: USER [administrator]
 
1/04/2014 13:24:14
mbam-log-2014-04-01 (13-24-14).txt
 
Scan type: Snelle scan
Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scan opties: P2P
Objecten gescand: 227996
Verstreken tijd: 7 minuut/minuten, 21 seconde(n)
 
Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
 
Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
 
Registersleutels gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
 
Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
 
Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
 
Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
 
Bestanden gedetecteerd: 5
C:\Users\USER\AppData\Local\Temp\setup.exe (PUP.Optional.Amonetize.A) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\USER\AppData\Local\Temp\setup__3635.exe (PUP.Optional.Amonetize.A) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\USER\AppData\Local\Temp\setup__4177.exe (PUP.Optional.Amonetize.A) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\USER\AppData\Local\b2b9bdce-0030-4723-9127-d18f95e7e2f6\b2b9bdce-0030-4723-9127-d18f95e7e2f6.exe (PUP.Optional.Amonetize.A) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\USER\AppData\Local\f8a70641-6643-48b6-6341-631ef522c9b4\f8a70641-6643-48b6-6341-631ef522c9b4.exe (PUP.Optional.Amonetize.A) -> Succesvol in quarantaine geplaatst en verwijderd.
 
(einde)
 

 



#8 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:17 PM

Posted 01 April 2014 - 07:52 AM

Looks better...

 

 

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#9 KoetjePony

KoetjePony
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:17 PM

Posted 01 April 2014 - 02:32 PM

ok here it is:

 

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=ab53a71bcad0fe4e95b7bdd1a4b64017
# engine=17709
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-04-01 05:55:42
# local_time=2014-04-01 07:55:42 (+0100, Romance (zomertijd))
# country="Belgium"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 22750452 148004792 0 0
# scanned=288975
# found=96
# cleaned=0
# scan_time=4956
sh=3151A3C881F8247A150E8D899B83A6996B33D791 ft=1 fh=506d88c89cbef7e1 vn="a variant of Win32/BundleInstaller.D potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\user user\AppData\Roaming\Oxy\oxyinst.exe.vir"
sh=8AE592723BB80C0DC4BF7DFBE2187DCF4F593E38 ft=1 fh=502300bdb294b607 vn="a variant of MSIL/Kryptik.JH trojan" ac=I fn="C:\Documents and Settings\user user\iscsaee.exe"
sh=77677EC4AEFAD104FF7DD8240E868A5732F12FDC ft=1 fh=511ff0b1c11bd0b4 vn="a variant of Win32/Amonetize.Z potentially unwanted application" ac=I fn="C:\Documents and Settings\user user\AppData\Local\Temp\tmp1066.exe"
sh=77677EC4AEFAD104FF7DD8240E868A5732F12FDC ft=1 fh=511ff0b1c11bd0b4 vn="a variant of Win32/Amonetize.Z potentially unwanted application" ac=I fn="C:\Documents and Settings\user user\AppData\Local\Temp\tmp1313.exe"
sh=77677EC4AEFAD104FF7DD8240E868A5732F12FDC ft=1 fh=511ff0b1c11bd0b4 vn="a variant of Win32/Amonetize.Z potentially unwanted application" ac=I fn="C:\Documents and Settings\user user\AppData\Local\Temp\tmp4C6.exe"
sh=77677EC4AEFAD104FF7DD8240E868A5732F12FDC ft=1 fh=511ff0b1c11bd0b4 vn="a variant of Win32/Amonetize.Z potentially unwanted application" ac=I fn="C:\Documents and Settings\user user\AppData\Local\Temp\tmp4ED.exe"
sh=77677EC4AEFAD104FF7DD8240E868A5732F12FDC ft=1 fh=511ff0b1c11bd0b4 vn="a variant of Win32/Amonetize.Z potentially unwanted application" ac=I fn="C:\Documents and Settings\user user\AppData\Local\Temp\tmp6D9F.exe"
sh=77677EC4AEFAD104FF7DD8240E868A5732F12FDC ft=1 fh=511ff0b1c11bd0b4 vn="a variant of Win32/Amonetize.Z potentially unwanted application" ac=I fn="C:\Documents and Settings\user user\AppData\Local\Temp\tmp8537.exe"
sh=77677EC4AEFAD104FF7DD8240E868A5732F12FDC ft=1 fh=511ff0b1c11bd0b4 vn="a variant of Win32/Amonetize.Z potentially unwanted application" ac=I fn="C:\Documents and Settings\user user\AppData\Local\Temp\tmp873A.exe"
sh=77677EC4AEFAD104FF7DD8240E868A5732F12FDC ft=1 fh=511ff0b1c11bd0b4 vn="a variant of Win32/Amonetize.Z potentially unwanted application" ac=I fn="C:\Documents and Settings\user user\AppData\Local\Temp\tmp931D.exe"
sh=77677EC4AEFAD104FF7DD8240E868A5732F12FDC ft=1 fh=511ff0b1c11bd0b4 vn="a variant of Win32/Amonetize.Z potentially unwanted application" ac=I fn="C:\Documents and Settings\user user\AppData\Local\Temp\tmpC025.exe"
sh=77677EC4AEFAD104FF7DD8240E868A5732F12FDC ft=1 fh=511ff0b1c11bd0b4 vn="a variant of Win32/Amonetize.Z potentially unwanted application" ac=I fn="C:\Documents and Settings\user user\AppData\Local\Temp\tmpC4D8.exe"
sh=77677EC4AEFAD104FF7DD8240E868A5732F12FDC ft=1 fh=511ff0b1c11bd0b4 vn="a variant of Win32/Amonetize.Z potentially unwanted application" ac=I fn="C:\Documents and Settings\user user\AppData\Local\Temp\tmpC6C9.exe"
sh=77677EC4AEFAD104FF7DD8240E868A5732F12FDC ft=1 fh=511ff0b1c11bd0b4 vn="a variant of Win32/Amonetize.Z potentially unwanted application" ac=I fn="C:\Documents and Settings\user user\AppData\Local\Temp\tmpCD3F.exe"
sh=77677EC4AEFAD104FF7DD8240E868A5732F12FDC ft=1 fh=511ff0b1c11bd0b4 vn="a variant of Win32/Amonetize.Z potentially unwanted application" ac=I fn="C:\Documents and Settings\user user\AppData\Local\Temp\tmpD399.exe"
sh=77677EC4AEFAD104FF7DD8240E868A5732F12FDC ft=1 fh=511ff0b1c11bd0b4 vn="a variant of Win32/Amonetize.Z potentially unwanted application" ac=I fn="C:\Documents and Settings\user user\AppData\Local\Temp\tmpE2A4.exe"
sh=77677EC4AEFAD104FF7DD8240E868A5732F12FDC ft=1 fh=511ff0b1c11bd0b4 vn="a variant of Win32/Amonetize.Z potentially unwanted application" ac=I fn="C:\Documents and Settings\user user\AppData\Local\Temp\tmpEDA4.exe"
sh=77677EC4AEFAD104FF7DD8240E868A5732F12FDC ft=1 fh=511ff0b1c11bd0b4 vn="a variant of Win32/Amonetize.Z potentially unwanted application" ac=I fn="C:\Documents and Settings\user user\AppData\Local\Temp\tmpEDCB.exe"
sh=77677EC4AEFAD104FF7DD8240E868A5732F12FDC ft=1 fh=511ff0b1c11bd0b4 vn="a variant of Win32/Amonetize.Z potentially unwanted application" ac=I fn="C:\Documents and Settings\user user\AppData\Local\Temp\tmpF0BA.exe"
sh=77677EC4AEFAD104FF7DD8240E868A5732F12FDC ft=1 fh=511ff0b1c11bd0b4 vn="a variant of Win32/Amonetize.Z potentially unwanted application" ac=I fn="C:\Documents and Settings\user user\AppData\Local\Temp\tmpF70E.exe"
sh=77677EC4AEFAD104FF7DD8240E868A5732F12FDC ft=1 fh=511ff0b1c11bd0b4 vn="a variant of Win32/Amonetize.Z potentially unwanted application" ac=I fn="C:\Documents and Settings\user user\AppData\Local\Temp\tmpFF79.exe"
sh=3151A3C881F8247A150E8D899B83A6996B33D791 ft=1 fh=506d88c89cbef7e1 vn="a variant of Win32/BundleInstaller.D potentially unwanted application" ac=I fn="C:\Documents and Settings\user user\AppData\Local\Temp\Download_3A80\oxyinst.exe"
sh=3151A3C881F8247A150E8D899B83A6996B33D791 ft=1 fh=506d88c89cbef7e1 vn="a variant of Win32/BundleInstaller.D potentially unwanted application" ac=I fn="C:\Documents and Settings\user user\AppData\Local\Temp\Download_6074\Goat_Simulator_Downloader.exe"
sh=3151A3C881F8247A150E8D899B83A6996B33D791 ft=1 fh=506d88c89cbef7e1 vn="a variant of Win32/BundleInstaller.D potentially unwanted application" ac=I fn="C:\Documents and Settings\user user\AppData\Local\Temp\Download_694C\Goat_Simulator_Downloader.exe"
sh=3151A3C881F8247A150E8D899B83A6996B33D791 ft=1 fh=506d88c89cbef7e1 vn="a variant of Win32/BundleInstaller.D potentially unwanted application" ac=I fn="C:\Documents and Settings\user user\AppData\Local\Temp\Download_6F84\oxyinst.exe"
sh=3151A3C881F8247A150E8D899B83A6996B33D791 ft=1 fh=506d88c89cbef7e1 vn="a variant of Win32/BundleInstaller.D potentially unwanted application" ac=I fn="C:\Documents and Settings\user user\AppData\Local\Temp\Download_8101\oxyinst.exe"
sh=3151A3C881F8247A150E8D899B83A6996B33D791 ft=1 fh=506d88c89cbef7e1 vn="a variant of Win32/BundleInstaller.D potentially unwanted application" ac=I fn="C:\Documents and Settings\user user\AppData\Local\Temp\Download_888F\Goat_Simulator_Downloader.exe"
sh=3151A3C881F8247A150E8D899B83A6996B33D791 ft=1 fh=506d88c89cbef7e1 vn="a variant of Win32/BundleInstaller.D potentially unwanted application" ac=I fn="C:\Documents and Settings\user user\AppData\Local\Temp\Download_8F72\Goat_Simulator_Downloader.exe"
sh=3151A3C881F8247A150E8D899B83A6996B33D791 ft=1 fh=506d88c89cbef7e1 vn="a variant of Win32/BundleInstaller.D potentially unwanted application" ac=I fn="C:\Documents and Settings\user user\AppData\Local\Temp\Download_DB89\Goat_Simulator_Downloader.exe"
sh=3151A3C881F8247A150E8D899B83A6996B33D791 ft=1 fh=506d88c89cbef7e1 vn="a variant of Win32/BundleInstaller.D potentially unwanted application" ac=I fn="C:\Documents and Settings\user user\AppData\Local\Temp\Download_F4B\Goat_Simulator_Downloader.exe"
sh=3151A3C881F8247A150E8D899B83A6996B33D791 ft=1 fh=506d88c89cbef7e1 vn="a variant of Win32/BundleInstaller.D potentially unwanted application" ac=I fn="C:\Documents and Settings\user user\AppData\Local\Temp\Goat SimulatorDownload_656\Goat_Simulator_Downloader.exe"
sh=3151A3C881F8247A150E8D899B83A6996B33D791 ft=1 fh=506d88c89cbef7e1 vn="a variant of Win32/BundleInstaller.D potentially unwanted application" ac=I fn="C:\Documents and Settings\user user\AppData\Local\Temp\Goat SimulatorDownload_6831\Goat_Simulator_Downloader.exe"
sh=3151A3C881F8247A150E8D899B83A6996B33D791 ft=1 fh=506d88c89cbef7e1 vn="a variant of Win32/BundleInstaller.D potentially unwanted application" ac=I fn="C:\Documents and Settings\user user\AppData\Local\Temp\Goat SimulatorDownload_8258\Goat_Simulator_Downloader.exe"
sh=3151A3C881F8247A150E8D899B83A6996B33D791 ft=1 fh=506d88c89cbef7e1 vn="a variant of Win32/BundleInstaller.D potentially unwanted application" ac=I fn="C:\Documents and Settings\user user\AppData\Local\Temp\Goat SimulatorDownload_B8F2\Goat_Simulator_Downloader.exe"
sh=3151A3C881F8247A150E8D899B83A6996B33D791 ft=1 fh=506d88c89cbef7e1 vn="a variant of Win32/BundleInstaller.D potentially unwanted application" ac=I fn="C:\Documents and Settings\user user\AppData\Local\Temp\Goat SimulatorDownload_C15B\Goat_Simulator_Downloader.exe"
sh=3151A3C881F8247A150E8D899B83A6996B33D791 ft=1 fh=506d88c89cbef7e1 vn="a variant of Win32/BundleInstaller.D potentially unwanted application" ac=I fn="C:\Documents and Settings\user user\AppData\Local\Temp\Goat SimulatorDownload_C8F9\Goat_Simulator_Downloader.exe"
sh=3151A3C881F8247A150E8D899B83A6996B33D791 ft=1 fh=506d88c89cbef7e1 vn="a variant of Win32/BundleInstaller.D potentially unwanted application" ac=I fn="C:\Documents and Settings\user user\AppData\Local\Temp\Goat SimulatorDownload_EAB5\Goat_Simulator_Downloader.exe"
sh=77677EC4AEFAD104FF7DD8240E868A5732F12FDC ft=1 fh=511ff0b1c11bd0b4 vn="a variant of Win32/Amonetize.Z potentially unwanted application" ac=I fn="C:\Documents and Settings\user user\AppData\Local\Temp\tmp2C63\Bundle.exe"
sh=77677EC4AEFAD104FF7DD8240E868A5732F12FDC ft=1 fh=511ff0b1c11bd0b4 vn="a variant of Win32/Amonetize.Z potentially unwanted application" ac=I fn="C:\Documents and Settings\user user\AppData\Local\Temp\tmp44F2\Bundle.exe"
sh=77677EC4AEFAD104FF7DD8240E868A5732F12FDC ft=1 fh=511ff0b1c11bd0b4 vn="a variant of Win32/Amonetize.Z potentially unwanted application" ac=I fn="C:\Documents and Settings\user user\AppData\Local\Temp\tmp4E5F\Bundle.exe"
sh=77677EC4AEFAD104FF7DD8240E868A5732F12FDC ft=1 fh=511ff0b1c11bd0b4 vn="a variant of Win32/Amonetize.Z potentially unwanted application" ac=I fn="C:\Documents and Settings\user user\AppData\Local\Temp\tmpC94B\Bundle.exe"
sh=77677EC4AEFAD104FF7DD8240E868A5732F12FDC ft=1 fh=511ff0b1c11bd0b4 vn="a variant of Win32/Amonetize.Z potentially unwanted application" ac=I fn="C:\Documents and Settings\user user\AppData\Local\Temp\tmpF9CF\Bundle.exe"
sh=A285B6AB3A4B305D62BD64167DDCF20CBC334A1E ft=1 fh=8ef37e04d274dcbb vn="Win32/OpenCandy potentially unsafe application" ac=I fn="C:\Documents and Settings\user user\Downloads\CheatEngine63.exe"
sh=3151A3C881F8247A150E8D899B83A6996B33D791 ft=1 fh=506d88c89cbef7e1 vn="a variant of Win32/BundleInstaller.D potentially unwanted application" ac=I fn="C:\Documents and Settings\user user\Downloads\Goat_Simulator_Downloader.exe"
sh=86A48B518816BA90C9E681F1707B26B8ACB3FB2C ft=1 fh=511f602037fd74b3 vn="a variant of MSIL/FakeTool.EN trojan" ac=I fn="C:\Documents and Settings\user user\Downloads"
sh=F49DB75E299BE1F4674200A30F3446350DA0E6A3 ft=1 fh=e673c5d9d7780d06 vn="Win32/OpenCandy potentially unsafe application" ac=I fn="C:\Documents and Settings\user user\Downloads\OrbitSetup4.1.19.exe"
sh=F83D0E46AB8EFF0922480210F867ACFDAEA85631 ft=1 fh=78fce87553575b20 vn="a variant of Win32/OutBrowse.D potentially unwanted application" ac=I fn="C:\Documents and Settings\user user\Downloads\Plague Inc Evolved Steam Crack (1).exe"
sh=C711F0A2C9540F9BAFBBE8F24670D88E62BBF3AE ft=1 fh=546be722c4e56546 vn="a variant of Win32/Mobogenie.A potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\Mobogenie\DaemonProcess.exe.xBAD"
sh=EFDD6B583F90AC3E0A5FDC1E67DD5A5E9845F8CA ft=1 fh=7e2aa44739b719fb vn="a variant of Win32/Mobogenie.A potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\Mobogenie\Mobogenie.exe.xBAD"
sh=BEBECFF2567526F6E28E4866F3F4858BD29B6B16 ft=1 fh=3a727f1cfa4c66bd vn="a variant of Win32/Mobogenie.A potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\Mobogenie\UpdateMoboGenie.exe.xBAD"
sh=8AE592723BB80C0DC4BF7DFBE2187DCF4F593E38 ft=1 fh=502300bdb294b607 vn="a variant of MSIL/Kryptik.JH trojan" ac=I fn="C:\Users\user user\iscsaee.exe"
sh=77677EC4AEFAD104FF7DD8240E868A5732F12FDC ft=1 fh=511ff0b1c11bd0b4 vn="a variant of Win32/Amonetize.Z potentially unwanted application" ac=I fn="C:\Users\user user\AppData\Local\Temp\tmp1066.exe"
sh=77677EC4AEFAD104FF7DD8240E868A5732F12FDC ft=1 fh=511ff0b1c11bd0b4 vn="a variant of Win32/Amonetize.Z potentially unwanted application" ac=I fn="C:\Users\user user\AppData\Local\Temp\tmp1313.exe"
sh=77677EC4AEFAD104FF7DD8240E868A5732F12FDC ft=1 fh=511ff0b1c11bd0b4 vn="a variant of Win32/Amonetize.Z potentially unwanted application" ac=I fn="C:\Users\user user\AppData\Local\Temp\tmp4C6.exe"
sh=77677EC4AEFAD104FF7DD8240E868A5732F12FDC ft=1 fh=511ff0b1c11bd0b4 vn="a variant of Win32/Amonetize.Z potentially unwanted application" ac=I fn="C:\Users\user user\AppData\Local\Temp\tmp4ED.exe"
sh=77677EC4AEFAD104FF7DD8240E868A5732F12FDC ft=1 fh=511ff0b1c11bd0b4 vn="a variant of Win32/Amonetize.Z potentially unwanted application" ac=I fn="C:\Users\user user\AppData\Local\Temp\tmp6D9F.exe"
sh=77677EC4AEFAD104FF7DD8240E868A5732F12FDC ft=1 fh=511ff0b1c11bd0b4 vn="a variant of Win32/Amonetize.Z potentially unwanted application" ac=I fn="C:\Users\user user\AppData\Local\Temp\tmp8537.exe"
sh=77677EC4AEFAD104FF7DD8240E868A5732F12FDC ft=1 fh=511ff0b1c11bd0b4 vn="a variant of Win32/Amonetize.Z potentially unwanted application" ac=I fn="C:\Users\user user\AppData\Local\Temp\tmp873A.exe"
sh=77677EC4AEFAD104FF7DD8240E868A5732F12FDC ft=1 fh=511ff0b1c11bd0b4 vn="a variant of Win32/Amonetize.Z potentially unwanted application" ac=I fn="C:\Users\user user\AppData\Local\Temp\tmp931D.exe"
sh=77677EC4AEFAD104FF7DD8240E868A5732F12FDC ft=1 fh=511ff0b1c11bd0b4 vn="a variant of Win32/Amonetize.Z potentially unwanted application" ac=I fn="C:\Users\user user\AppData\Local\Temp\tmpC025.exe"
sh=77677EC4AEFAD104FF7DD8240E868A5732F12FDC ft=1 fh=511ff0b1c11bd0b4 vn="a variant of Win32/Amonetize.Z potentially unwanted application" ac=I fn="C:\Users\user user\AppData\Local\Temp\tmpC4D8.exe"
sh=77677EC4AEFAD104FF7DD8240E868A5732F12FDC ft=1 fh=511ff0b1c11bd0b4 vn="a variant of Win32/Amonetize.Z potentially unwanted application" ac=I fn="C:\Users\user user\AppData\Local\Temp\tmpC6C9.exe"
sh=77677EC4AEFAD104FF7DD8240E868A5732F12FDC ft=1 fh=511ff0b1c11bd0b4 vn="a variant of Win32/Amonetize.Z potentially unwanted application" ac=I fn="C:\Users\user user\AppData\Local\Temp\tmpCD3F.exe"
sh=77677EC4AEFAD104FF7DD8240E868A5732F12FDC ft=1 fh=511ff0b1c11bd0b4 vn="a variant of Win32/Amonetize.Z potentially unwanted application" ac=I fn="C:\Users\user user\AppData\Local\Temp\tmpD399.exe"
sh=77677EC4AEFAD104FF7DD8240E868A5732F12FDC ft=1 fh=511ff0b1c11bd0b4 vn="a variant of Win32/Amonetize.Z potentially unwanted application" ac=I fn="C:\Users\user user\AppData\Local\Temp\tmpE2A4.exe"
sh=77677EC4AEFAD104FF7DD8240E868A5732F12FDC ft=1 fh=511ff0b1c11bd0b4 vn="a variant of Win32/Amonetize.Z potentially unwanted application" ac=I fn="C:\Users\user user\AppData\Local\Temp\tmpEDA4.exe"
sh=77677EC4AEFAD104FF7DD8240E868A5732F12FDC ft=1 fh=511ff0b1c11bd0b4 vn="a variant of Win32/Amonetize.Z potentially unwanted application" ac=I fn="C:\Users\user user\AppData\Local\Temp\tmpEDCB.exe"
sh=77677EC4AEFAD104FF7DD8240E868A5732F12FDC ft=1 fh=511ff0b1c11bd0b4 vn="a variant of Win32/Amonetize.Z potentially unwanted application" ac=I fn="C:\Users\user user\AppData\Local\Temp\tmpF0BA.exe"
sh=77677EC4AEFAD104FF7DD8240E868A5732F12FDC ft=1 fh=511ff0b1c11bd0b4 vn="a variant of Win32/Amonetize.Z potentially unwanted application" ac=I fn="C:\Users\user user\AppData\Local\Temp\tmpF70E.exe"
sh=77677EC4AEFAD104FF7DD8240E868A5732F12FDC ft=1 fh=511ff0b1c11bd0b4 vn="a variant of Win32/Amonetize.Z potentially unwanted application" ac=I fn="C:\Users\user user\AppData\Local\Temp\tmpFF79.exe"
sh=3151A3C881F8247A150E8D899B83A6996B33D791 ft=1 fh=506d88c89cbef7e1 vn="a variant of Win32/BundleInstaller.D potentially unwanted application" ac=I fn="C:\Users\user user\AppData\Local\Temp\Download_3A80\oxyinst.exe"
sh=3151A3C881F8247A150E8D899B83A6996B33D791 ft=1 fh=506d88c89cbef7e1 vn="a variant of Win32/BundleInstaller.D potentially unwanted application" ac=I fn="C:\Users\user user\AppData\Local\Temp\Download_6074\Goat_Simulator_Downloader.exe"
sh=3151A3C881F8247A150E8D899B83A6996B33D791 ft=1 fh=506d88c89cbef7e1 vn="a variant of Win32/BundleInstaller.D potentially unwanted application" ac=I fn="C:\Users\user user\AppData\Local\Temp\Download_694C\Goat_Simulator_Downloader.exe"
sh=3151A3C881F8247A150E8D899B83A6996B33D791 ft=1 fh=506d88c89cbef7e1 vn="a variant of Win32/BundleInstaller.D potentially unwanted application" ac=I fn="C:\Users\user user\AppData\Local\Temp\Download_6F84\oxyinst.exe"
sh=3151A3C881F8247A150E8D899B83A6996B33D791 ft=1 fh=506d88c89cbef7e1 vn="a variant of Win32/BundleInstaller.D potentially unwanted application" ac=I fn="C:\Users\user user\AppData\Local\Temp\Download_8101\oxyinst.exe"
sh=3151A3C881F8247A150E8D899B83A6996B33D791 ft=1 fh=506d88c89cbef7e1 vn="a variant of Win32/BundleInstaller.D potentially unwanted application" ac=I fn="C:\Users\user user\AppData\Local\Temp\Download_888F\Goat_Simulator_Downloader.exe"
sh=3151A3C881F8247A150E8D899B83A6996B33D791 ft=1 fh=506d88c89cbef7e1 vn="a variant of Win32/BundleInstaller.D potentially unwanted application" ac=I fn="C:\Users\user user\AppData\Local\Temp\Download_8F72\Goat_Simulator_Downloader.exe"
sh=3151A3C881F8247A150E8D899B83A6996B33D791 ft=1 fh=506d88c89cbef7e1 vn="a variant of Win32/BundleInstaller.D potentially unwanted application" ac=I fn="C:\Users\user user\AppData\Local\Temp\Download_DB89\Goat_Simulator_Downloader.exe"
sh=3151A3C881F8247A150E8D899B83A6996B33D791 ft=1 fh=506d88c89cbef7e1 vn="a variant of Win32/BundleInstaller.D potentially unwanted application" ac=I fn="C:\Users\user user\AppData\Local\Temp\Download_F4B\Goat_Simulator_Downloader.exe"
sh=3151A3C881F8247A150E8D899B83A6996B33D791 ft=1 fh=506d88c89cbef7e1 vn="a variant of Win32/BundleInstaller.D potentially unwanted application" ac=I fn="C:\Users\user user\AppData\Local\Temp\Goat SimulatorDownload_656\Goat_Simulator_Downloader.exe"
sh=3151A3C881F8247A150E8D899B83A6996B33D791 ft=1 fh=506d88c89cbef7e1 vn="a variant of Win32/BundleInstaller.D potentially unwanted application" ac=I fn="C:\Users\user user\AppData\Local\Temp\Goat SimulatorDownload_6831\Goat_Simulator_Downloader.exe"
sh=3151A3C881F8247A150E8D899B83A6996B33D791 ft=1 fh=506d88c89cbef7e1 vn="a variant of Win32/BundleInstaller.D potentially unwanted application" ac=I fn="C:\Users\user user\AppData\Local\Temp\Goat SimulatorDownload_8258\Goat_Simulator_Downloader.exe"
sh=3151A3C881F8247A150E8D899B83A6996B33D791 ft=1 fh=506d88c89cbef7e1 vn="a variant of Win32/BundleInstaller.D potentially unwanted application" ac=I fn="C:\Users\user user\AppData\Local\Temp\Goat SimulatorDownload_B8F2\Goat_Simulator_Downloader.exe"
sh=3151A3C881F8247A150E8D899B83A6996B33D791 ft=1 fh=506d88c89cbef7e1 vn="a variant of Win32/BundleInstaller.D potentially unwanted application" ac=I fn="C:\Users\user user\AppData\Local\Temp\Goat SimulatorDownload_C15B\Goat_Simulator_Downloader.exe"
sh=3151A3C881F8247A150E8D899B83A6996B33D791 ft=1 fh=506d88c89cbef7e1 vn="a variant of Win32/BundleInstaller.D potentially unwanted application" ac=I fn="C:\Users\user user\AppData\Local\Temp\Goat SimulatorDownload_C8F9\Goat_Simulator_Downloader.exe"
sh=3151A3C881F8247A150E8D899B83A6996B33D791 ft=1 fh=506d88c89cbef7e1 vn="a variant of Win32/BundleInstaller.D potentially unwanted application" ac=I fn="C:\Users\user user\AppData\Local\Temp\Goat SimulatorDownload_EAB5\Goat_Simulator_Downloader.exe"
sh=77677EC4AEFAD104FF7DD8240E868A5732F12FDC ft=1 fh=511ff0b1c11bd0b4 vn="a variant of Win32/Amonetize.Z potentially unwanted application" ac=I fn="C:\Users\user user\AppData\Local\Temp\tmp2C63\Bundle.exe"
sh=77677EC4AEFAD104FF7DD8240E868A5732F12FDC ft=1 fh=511ff0b1c11bd0b4 vn="a variant of Win32/Amonetize.Z potentially unwanted application" ac=I fn="C:\Users\user user\AppData\Local\Temp\tmp44F2\Bundle.exe"
sh=77677EC4AEFAD104FF7DD8240E868A5732F12FDC ft=1 fh=511ff0b1c11bd0b4 vn="a variant of Win32/Amonetize.Z potentially unwanted application" ac=I fn="C:\Users\user user\AppData\Local\Temp\tmp4E5F\Bundle.exe"
sh=77677EC4AEFAD104FF7DD8240E868A5732F12FDC ft=1 fh=511ff0b1c11bd0b4 vn="a variant of Win32/Amonetize.Z potentially unwanted application" ac=I fn="C:\Users\user user\AppData\Local\Temp\tmpC94B\Bundle.exe"
sh=77677EC4AEFAD104FF7DD8240E868A5732F12FDC ft=1 fh=511ff0b1c11bd0b4 vn="a variant of Win32/Amonetize.Z potentially unwanted application" ac=I fn="C:\Users\user user\AppData\Local\Temp\tmpF9CF\Bundle.exe"
sh=A285B6AB3A4B305D62BD64167DDCF20CBC334A1E ft=1 fh=8ef37e04d274dcbb vn="Win32/OpenCandy potentially unsafe application" ac=I fn="C:\Users\user user\Downloads\CheatEngine63.exe"
sh=3151A3C881F8247A150E8D899B83A6996B33D791 ft=1 fh=506d88c89cbef7e1 vn="a variant of Win32/BundleInstaller.D potentially unwanted application" ac=I fn="C:\Users\user user\Downloads\Goat_Simulator_Downloader.exe"
sh=86A48B518816BA90C9E681F1707B26B8ACB3FB2C ft=1 fh=511f602037fd74b3 vn="a variant of MSIL/FakeTool.EN trojan" ac=I fn="C:\Users\user user\Downloads"
sh=F49DB75E299BE1F4674200A30F3446350DA0E6A3 ft=1 fh=e673c5d9d7780d06 vn="Win32/OpenCandy potentially unsafe application" ac=I fn="C:\Users\user user\Downloads\OrbitSetup4.1.19.exe"
sh=F83D0E46AB8EFF0922480210F867ACFDAEA85631 ft=1 fh=78fce87553575b20 vn="a variant of Win32/OutBrowse.D potentially unwanted application" ac=I fn="C:\Users\user user\Downloads\Plague Inc Evolved Steam Crack (1).exe"


#10 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:17 PM

Posted 02 April 2014 - 03:34 AM

 

C:\Users\user user\iscsaee.exe

Delete this file.

 

 

Then we can do the cleanup - if you are facing any issues, report that immediately.

Delete junk with adwCleaner


Please download AdwCleaner to your desktop.


  • Run adwcleaner.exe
  • Hit Scan and wait for the scan to finish.
  • Confirm the message but don´t uncheck anything.
  • Hit Clean
  • When the run is finished, it will open up a text file
  • Please post its contents within your next reply
  • You´ll find the log file at C:\AdwCleaner[S1].txt also




Delete junk with JRT

thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.




SecurityCheck

Reboot your system before starting!

Please download SecurityCheck: LINK1 LINK2

  • Save it to your desktop, start it and follow the instructions in the window.
  • After the scan finished the (checkup.txt) will open. Copy its content to your thread.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#11 KoetjePony

KoetjePony
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:17 PM

Posted 02 April 2014 - 04:11 AM

I deleted the file and then it said winini isn't working anymore is that bad or good? 

 

Here r all the reports:

 

# AdwCleaner v3.023 - Report created 02/04/2014 at 10:41:32
# Updated 01/04/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : User - UserUser
# Running from : C:\Users\User\Desktop\adwcleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
[#] Service Deleted : MgAssistService
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Program Files (x86)\orbitdownloader
Folder Deleted : C:\Users\User\AppData\Local\CrashRpt
Folder Deleted : C:\Users\User\AppData\Local\Mobogenie
Folder Deleted : C:\Users\User\AppData\Roaming\Oxy
Folder Deleted : C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie
Folder Deleted : C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Oxy
Folder Deleted : C:\Users\User\Documents\Mobogenie
File Deleted : C:\Users\User\Desktop\Mobogenie.lnk
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Mobogenie.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D54C859C-6066-4F31-8FE0-2AAEDCAE67D7}
Key Deleted : HKCU\Software\Escolade
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v0.0.0.0
 
 
-\\ Google Chrome v33.0.1750.154
 
[ File : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [12493 octets] - [31/03/2014 07:55:29]
AdwCleaner[R1].txt - [2844 octets] - [31/03/2014 12:33:36]
AdwCleaner[R2].txt - [2136 octets] - [02/04/2014 10:41:00]
AdwCleaner[S0].txt - [11778 octets] - [31/03/2014 07:56:28]
AdwCleaner[S1].txt - [2870 octets] - [31/03/2014 12:33:58]
AdwCleaner[S2].txt - [2055 octets] - [02/04/2014 10:41:32]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [2115 octets] ##########
 
 
 
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows 7 Home Premium x64
Ran by User on wo 02/04/2014 at 10:48:05,19
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on wo 02/04/2014 at 10:52:58,02
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
 

 Results of screen317's Security Check version 0.99.81  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Security Center service is not running! This report may not be accurate! 
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:````````` 
 JavaFX 2.1.1    
 Java 7 Update 51  
 Adobe Flash Player 12.0.0.77  
 Google Chrome 33.0.1750.146  
 Google Chrome 33.0.1750.154  
 Google Chrome Plugins...  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
 Malwarebytes' Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 0% 
````````````````````End of Log`````````````````````` 
 
 


#12 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:17 PM

Posted 02 April 2014 - 04:16 AM

No, that´s ok.

 

 

Scan with Farbar´s Service Scanner

Please download Farbar Service Scanner and run it on the computer with the issue.

  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender

  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#13 KoetjePony

KoetjePony
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:17 PM

Posted 02 April 2014 - 04:21 AM

Farbar Service Scanner Version: 25-02-2014
Ran by User (administrator) on 02-04-2014 at 11:20:24
Running from "C:\Users\User\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Disabled Policy: 
========================
 
 
Action Center:
============
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
 
 
Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
 
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
 
 
**** End of log ****


#14 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:17 PM

Posted 02 April 2014 - 06:31 AM

Your system is clean :)

 

 

 

Uninstall our tools using delfix

Please follow these steps in order:

  • In the case we used Defogger to turn off your CD emulation software. You can start it again and use the Enable button.
  • In the case we used Combofix. Deactivate your antivirus software once more, then rename the combofix.exe to uninstall.exe and run it one last time. You shall be noted that Combofix has been removed.
  • In any case please download delfix to your desktop.
    • Close all other programms and start delfix.
    • Please check all the boxes and run the tool.
    • delfix will now delete all found traces of our removal process
  • If there is still something left please delete it manualy.

 

 

 

Recommendations: How to protect yourself

  • System Updates
    Please ensure to have automatic updates activated in your control panel.
    For further information and a tutorial, see this Microsoft Support article.
  • Protection
    What you need is one (not more) virus scanner with background protection. Additionally I recommend a special malware scanner to run on demand weekly.
    Personally I am using avast! Antivirus Free Edition and Malwarebytes Anti-Malware. They offer good protection for free.
    • To keep your browser free of advertising, you may install the Adblock Plus browser extension.
      It will filter unwanted advertising out of the website´s content.
    • To protect yourself from accidentally visiting malicious web sites, install the Web of Trust (WOT) browser extension.
      It will display a green (safe), yellow (unknown) or red (potentially dangerous) icon for a visited website within your browser.
      In addition, before accessing a dangerous classified web site, a warning screen is displayed.

  • Up to date Software
    Keep your Windows and your third party software up to date. The easiest way to get infected is an outdated windows, followed by: browser(s) (including add-ons and plug-ins), Adobe Flash Player and Adobe Reader, Java Runtime Environment, your antivirus program and so on. These links may help you to check:

  • Backup
    Hardware issues, malware, fire, lightning strike: There is a long list of different ways to loose all your data. Back up your files regularly. Use the windows internal backup function or a third party tool and save your data onto an external hard drive, cloud storage, optical media like CDs or DVDs or (if available) a professional network backup system.
  • Behaviour
    The commonest error when using a computer is "error 80" - what means that the error is located about 80cm in front of the monitor. This is a common joke between IT support technicians but it shows that all the safety mechanisms won´t help if you aren´t careful enough.
    • While surfing the internet, don´t click on anything you don´t know. In the worst case, it infects your system with malware.
    • Watch your step in social networks! Many cyber criminals use them to spread malware, mine personal pata (to be sold to advertising companies, for example) or simply do damage to other users. Even if a received hyperlink within a message seems to be coming from one of your friends, have a closer look. In addition, don´t click everything.
    • When installing software, have a look to each of the setup windows and uncheck any additional toolbars or free programs that may be offered additionally. Most of today´s setup procedures contain potentially unwanted programs so keep them off your system.
    • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
      They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#15 KoetjePony

KoetjePony
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:17 PM

Posted 02 April 2014 - 07:22 AM

i can't delete it manually it says i don't have permission

 

and here is the thingy from delfix 

 

# DelFix v10.6 - Logfile created 02/04/2014 at 14:08:05
# Updated 11/11/2013 by Xplode
# Username : User - User
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
 
~ Activating UAC ... OK
 
~ Removing disinfection tools ...
 
Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\User\Desktop\rkill
Deleted : C:\Users\User\Desktop\mbar
Deleted : C:\TDSSKiller.3.0.0.26_31.03.2014_15.56.56_log.txt
Deleted : C:\Users\User\Desktop\Addition.txt
Deleted : C:\Users\User\Desktop\adwcleaner.exe
Deleted : C:\Users\User\Desktop\AdwCleaner[S2].txt
Deleted : C:\Users\User\Desktop\Fixlog.txt
Deleted : C:\Users\User\Desktop\FRST.txt
Deleted : C:\Users\User\Desktop\FRST64.exe
Deleted : C:\Users\User\Desktop\FSS.exe
Deleted : C:\Users\User\Desktop\FSS.txt
Deleted : C:\Users\User\Desktop\JRT.exe
Deleted : C:\Users\User\Desktop\JRT.txt
Deleted : C:\Users\User\Desktop\Rkill.txt
Deleted : C:\Users\User\Desktop\SecurityCheck.exe
Deleted : C:\Users\User\Desktop\tdsskiller.zip
Deleted : HKLM\SOFTWARE\AdwCleaner
 
~ Creating registry backup ... OK
 
~ Cleaning system restore ...
 
Deleted : RP #342 [Windows Update | 03/29/2014 08:06:41]
Deleted : RP #343 [Installatieprogramma voor Windows-modules | 03/31/2014 10:49:30]
Deleted : RP #344 [Windows Update | 04/02/2014 08:22:07]
 
New restore point created !
 
~ Resetting system settings ... OK
 
########## - EOF - ##########





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users