Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unable to enable Windows Security Centre (Windows 7) and computer runs slow


  • This topic is locked This topic is locked
19 replies to this topic

#1 Sequan

Sequan

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:06:39 PM

Posted 11 April 2014 - 07:24 AM

The Maintenance Centre of  Windows 7 gives messages that say Windows Security Centre is dissabled and should be enabled again.  When I try to enable it again, it shows the message : " The Windows Security Centre cannot be enabled."  The  computer has generally been slow the past couple days.  I ran MaxSpywaredetector, this showed a Trojan, but I was unable to remove any threats.  Running Malwarebytes showed no Trojans.  Could you please help me fix this problem?

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16521  BrowserJavaVersion: 10.51.2
Run by Deblauwe at 14:09:46 on 2014-04-11
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.32.1043.18.1978.825 [GMT 2:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrCoordinator.exe
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrCoordinator.exe
C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrUI.exe
C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\wuauclt.exe
C:\Windows\Explorer.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.search.ask.com/?o=APN10645A&gct=hp&d=406-905&v=a11465-188&t=4
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live Aanmelden - Help: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: &Verzenden naar OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: Add to AMV/AVI Video Converter... - C:\Program Files (x86)\Media Player Utilities 4.37\AMVConverter\grab.html
IE: E&xporteren naar Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
TCP: NameServer = 195.130.130.5 195.130.131.5
TCP: Interfaces\{A9F85BE7-7E70-484D-A123-1DEA30DEB89B} : DHCPNameServer = 195.130.130.5 195.130.131.5
TCP: Interfaces\{A9F85BE7-7E70-484D-A123-1DEA30DEB89B}\350756564645F6573686341363646303 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{A9F85BE7-7E70-484D-A123-1DEA30DEB89B}\4554C454E4544584F4D4543505F445 : DHCPNameServer = 195.130.130.141 195.130.131.141
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Deblauwe\AppData\Roaming\Mozilla\Firefox\Profiles\wednoxxf.default-1373914836301\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-7-20 71480]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-7-20 311608]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-1-25 268512]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2014-3-20 240952]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-8-30 45856]
R1 F06DEFF2-5B9C-490D-910F-35D3A9119622;F06DEFF2-5B9C-490D-910F-35D3A9119622;C:\Program Files (x86)\Movies Toolbar\Datamngr\x64\setmgrc1.cfg [2014-4-10 36216]
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\System32\drivers\mwlPSDFilter.sys [2009-6-3 22576]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\System32\drivers\mwlPSDNserv.sys [2009-6-3 20016]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\System32\drivers\mwlPSDVDisk.sys [2009-6-3 60464]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-11-20 283136]
R2 DatamngrCoordinator;Datamngr Coordinator;C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrCoordinator.exe [2014-4-10 3545088]
R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-7-16 321104]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2010-9-1 868896]
R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2010-1-8 23584]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-7-16 13336]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-4-10 1809720]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-4-10 857912]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-3-25 490280]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-1-20 133928]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-2 2804568]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-6-29 255744]
R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2010-7-16 243232]
R2 vToolbarUpdater15.3.0;vToolbarUpdater15.3.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe [2013-6-27 1598128]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2010-7-16 135560]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\System32\drivers\IntcHdmi.sys [2010-7-16 139264]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2010-7-16 384040]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-4-10 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-4-11 119512]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-4-10 63192]
R3 NisSrv;Microsoft Netwerkinspectie;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-3-11 347872]
RUnknown MaxMgr;MaxMgr; [x]
RUnknown MaxProc64;MaxProc64; [x]
RUnknown MaxProtector64;MaxProtector64; [x]
RUnknown SDActMon;SDActMon; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-3-15 111616]
S3 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-5-27 305520]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-7-16 246304]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-21 59392]
S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-12-15 1255736]
SUnknown CltMngSvc;CltMngSvc; [x]
.
=============== Created Last 30 ================
.
2014-04-11 11:54:26    75888    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B235D78C-A65C-4BEB-A9CA-63B05129FA0D}\offreg.dll
2014-04-11 11:40:25    79064    ----a-w-    C:\Windows\System32\drivers\yfag.sys
2014-04-11 11:16:19    10521840    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B235D78C-A65C-4BEB-A9CA-63B05129FA0D}\mpengine.dll
2014-04-11 10:57:37    119512    ----a-w-    C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-04-11 10:54:08    --------    d-sh--w-    C:\$RECYCLE.BIN
2014-04-10 20:06:33    88280    ----a-w-    C:\Windows\System32\drivers\mbamchameleon.sys
2014-04-10 20:06:33    63192    ----a-w-    C:\Windows\System32\drivers\mwac.sys
2014-04-10 20:06:33    25816    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2014-04-10 20:06:32    --------    d-----w-    C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-10 19:53:17    --------    d-s---w-    C:\ComboFix
2014-04-10 19:48:26    --------    d-----w-    C:\Users\Deblauwe\AppData\Roaming\Nico Mak Computing
2014-04-10 19:35:43    --------    d-----w-    C:\Program Files\Max Spyware Detector
2014-04-10 19:33:55    --------    d-----w-    C:\ProgramData\Max Secure
2014-04-10 19:31:23    --------    d-----w-    C:\Users\Deblauwe\AppData\Local\Max Secure Software
2014-04-10 19:30:56    --------    d-----w-    C:\Users\Deblauwe\AppData\Roaming\GetRightToGo
2014-04-10 11:03:45    10521840    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-04-04 18:26:44    1031560    ------w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{77FB3FA0-5283-42A9-867E-B82ADA94CC5B}\gapaengine.dll
2014-03-27 20:43:51    248320    --sha-r-    C:\Users\Deblauwe\AppData\Roaming\KBDGKLM.dll
2014-03-27 20:43:40    248320    --sha-r-    C:\Users\Deblauwe\AppData\Roaming\ReAgent5.dll
2014-03-27 20:43:38    248320    --sha-r-    C:\Windows\SysWow64\taskschdd.dll
2014-03-20 12:50:52    240952    ----a-w-    C:\Windows\System32\drivers\avgtdia.sys
2014-03-15 13:30:10    5777288    ----a-w-    C:\Windows\SysWow64\FlashPlayerInstaller.exe
2014-03-15 12:06:45    --------    d-----w-    C:\ProgramData\Oracle
2014-03-15 12:00:40    624128    ----a-w-    C:\Windows\System32\qedit.dll
2014-03-15 12:00:40    509440    ----a-w-    C:\Windows\SysWow64\qedit.dll
2014-03-15 12:00:39    1424384    ----a-w-    C:\Windows\System32\WindowsCodecs.dll
2014-03-15 12:00:39    1230336    ----a-w-    C:\Windows\SysWow64\WindowsCodecs.dll
2014-03-15 11:59:10    96168    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
.
==================== Find3M  ====================
.
2014-03-15 13:30:32    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-15 13:30:32    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-03-11 07:52:30    133928    ----a-w-    C:\Windows\System32\drivers\NisDrvWFP.sys
2014-03-01 05:17:02    2724864    ----a-w-    C:\Windows\System32\mshtml.tlb
2014-03-01 05:16:26    4096    ----a-w-    C:\Windows\System32\ieetwcollectorres.dll
2014-03-01 04:52:55    66048    ----a-w-    C:\Windows\System32\iesetup.dll
2014-03-01 04:51:59    48640    ----a-w-    C:\Windows\System32\ieetwproxystub.dll
2014-03-01 04:33:52    139264    ----a-w-    C:\Windows\System32\ieUnatt.exe
2014-03-01 04:33:34    111616    ----a-w-    C:\Windows\System32\ieetwcollector.exe
2014-03-01 04:32:59    708608    ----a-w-    C:\Windows\System32\jscript9diag.dll
2014-03-01 04:23:49    940032    ----a-w-    C:\Windows\System32\MsSpellCheckingFacility.exe
2014-03-01 04:11:20    2724864    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2014-03-01 03:54:33    5768704    ----a-w-    C:\Windows\System32\jscript9.dll
2014-03-01 03:52:43    61952    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2014-03-01 03:51:53    51200    ----a-w-    C:\Windows\SysWow64\ieetwproxystub.dll
2014-03-01 03:38:26    112128    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2014-03-01 03:37:35    553472    ----a-w-    C:\Windows\SysWow64\jscript9diag.dll
2014-03-01 03:35:11    2041856    ----a-w-    C:\Windows\System32\inetcpl.cpl
2014-03-01 03:14:15    4244480    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2014-03-01 03:10:28    2334208    ----a-w-    C:\Windows\System32\wininet.dll
2014-03-01 03:00:08    1964032    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2014-03-01 02:32:16    1820160    ----a-w-    C:\Windows\SysWow64\wininet.dll
2014-02-07 01:23:30    3156480    ----a-w-    C:\Windows\System32\win32k.sys
2014-01-29 02:32:18    484864    ----a-w-    C:\Windows\System32\wer.dll
2014-01-29 02:06:47    381440    ----a-w-    C:\Windows\SysWow64\wer.dll
2014-01-28 02:32:46    228864    ----a-w-    C:\Windows\System32\wwansvc.dll
2014-01-24 23:19:42    268512    ----a-w-    C:\Windows\System32\drivers\MpFilter.sys
2014-01-22 20:19:59    83968    ----a-w-    C:\Windows\System32\MshtmlDac.dll
2014-01-22 20:19:59    48128    ----a-w-    C:\Windows\System32\imgutil.dll
2014-01-22 20:19:59    13824    ----a-w-    C:\Windows\System32\mshta.exe
2014-01-19 07:33:29    270496    ------w-    C:\Windows\System32\MpSigStub.exe
2014-01-14 10:32:47    1409    ----a-w-    C:\Windows\QTFont.for
2013-06-14 14:23:25    4126720    ----a-w-    C:\Program Files (x86)\GUT4C1D.tmp
.
============= FINISH: 14:11:51,13 ===============
 



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:39 PM

Posted 16 April 2014 - 07:25 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/530692 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Sequan

Sequan
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:06:39 PM

Posted 16 April 2014 - 03:14 PM

Hello,

I still have the same problem with my Windows Security Centre.  The pc seems a little less slow though.  I don't have an original cd/dvd of Windows 7, It was already installed upon my laptop when I bought it.  Hereby the new logs from DDS

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16521  BrowserJavaVersion: 10.51.2
Run by Deblauwe at 22:06:02 on 2014-04-16
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.32.1043.18.1978.846 [GMT 2:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Windows\Explorer.EXE
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.search.ask.com/?o=APN10645A&gct=hp&d=406-905&v=a11465-188&t=4
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live Aanmelden - Help: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: &Verzenden naar OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: Add to AMV/AVI Video Converter... - C:\Program Files (x86)\Media Player Utilities 4.37\AMVConverter\grab.html
IE: E&xporteren naar Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
TCP: NameServer = 195.130.130.5 195.130.131.5
TCP: Interfaces\{A9F85BE7-7E70-484D-A123-1DEA30DEB89B} : DHCPNameServer = 195.130.130.5 195.130.131.5
TCP: Interfaces\{A9F85BE7-7E70-484D-A123-1DEA30DEB89B}\350756564645F6573686341363646303 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{A9F85BE7-7E70-484D-A123-1DEA30DEB89B}\4554C454E4544584F4D4543505F445 : DHCPNameServer = 195.130.130.141 195.130.131.141
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Deblauwe\AppData\Roaming\Mozilla\Firefox\Profiles\wednoxxf.default-1373914836301\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-7-20 71480]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-7-20 311608]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-1-25 268512]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2014-3-20 240952]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-8-30 45856]
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\System32\drivers\mwlPSDFilter.sys [2009-6-3 22576]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\System32\drivers\mwlPSDNserv.sys [2009-6-3 20016]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\System32\drivers\mwlPSDVDisk.sys [2009-6-3 60464]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-11-20 283136]
R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-7-16 321104]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2010-9-1 868896]
R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2010-1-8 23584]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-7-16 13336]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-4-10 1809720]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-4-10 857912]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-3-25 490280]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-1-20 133928]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-2 2804568]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-6-29 255744]
R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2010-7-16 243232]
R2 vToolbarUpdater15.3.0;vToolbarUpdater15.3.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe [2013-6-27 1598128]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2010-7-16 135560]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\System32\drivers\IntcHdmi.sys [2010-7-16 139264]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2010-7-16 384040]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-4-10 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-4-11 119512]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-4-10 63192]
R3 NisSrv;Microsoft Netwerkinspectie;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-3-11 347872]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-3-15 111616]
S3 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-5-27 305520]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-7-16 246304]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-21 59392]
S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-12-15 1255736]
.
=============== Created Last 30 ================
.
2014-04-16 11:43:00    10651696    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7BF394C7-C4B0-4283-9E89-7935535DB2F4}\mpengine.dll
2014-04-14 19:42:37    10521840    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-04-11 10:57:37    119512    ----a-w-    C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-04-11 10:54:08    --------    d-sh--w-    C:\$RECYCLE.BIN
2014-04-10 20:06:33    88280    ----a-w-    C:\Windows\System32\drivers\mbamchameleon.sys
2014-04-10 20:06:33    63192    ----a-w-    C:\Windows\System32\drivers\mwac.sys
2014-04-10 20:06:33    25816    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2014-04-10 20:06:32    --------    d-----w-    C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-10 19:53:17    --------    d-s---w-    C:\ComboFix
2014-04-10 19:48:26    --------    d-----w-    C:\Users\Deblauwe\AppData\Roaming\Nico Mak Computing
2014-04-10 19:33:55    --------    d-----w-    C:\ProgramData\Max Secure
2014-04-10 19:31:23    --------    d-----w-    C:\Users\Deblauwe\AppData\Local\Max Secure Software
2014-04-10 19:30:56    --------    d-----w-    C:\Users\Deblauwe\AppData\Roaming\GetRightToGo
2014-04-10 11:03:05    2724864    ----a-w-    C:\Windows\System32\mshtml.tlb
2014-04-10 11:03:04    2724864    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2014-04-04 18:26:44    1031560    ------w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{77FB3FA0-5283-42A9-867E-B82ADA94CC5B}\gapaengine.dll
2014-03-27 20:43:51    248320    --sha-r-    C:\Users\Deblauwe\AppData\Roaming\KBDGKLM.dll
2014-03-27 20:43:40    248320    --sha-r-    C:\Users\Deblauwe\AppData\Roaming\ReAgent5.dll
2014-03-27 20:43:38    248320    --sha-r-    C:\Windows\SysWow64\taskschdd.dll
2014-03-20 12:50:52    240952    ----a-w-    C:\Windows\System32\drivers\avgtdia.sys
.
==================== Find3M  ====================
.
2014-03-15 13:30:32    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-15 13:30:32    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-03-15 13:30:12    5777288    ----a-w-    C:\Windows\SysWow64\FlashPlayerInstaller.exe
2014-03-11 07:52:30    133928    ----a-w-    C:\Windows\System32\drivers\NisDrvWFP.sys
2014-03-04 09:44:21    362496    ----a-w-    C:\Windows\System32\wow64win.dll
2014-03-04 09:44:21    243712    ----a-w-    C:\Windows\System32\wow64.dll
2014-03-04 09:44:21    13312    ----a-w-    C:\Windows\System32\wow64cpu.dll
2014-03-04 09:44:03    16384    ----a-w-    C:\Windows\System32\ntvdm64.dll
2014-03-04 09:17:19    14336    ----a-w-    C:\Windows\SysWow64\ntvdm64.dll
2014-03-04 09:17:05    44032    ----a-w-    C:\Windows\apppatch\acwow64.dll
2014-03-04 09:16:54    25600    ----a-w-    C:\Windows\SysWow64\setup16.exe
2014-03-04 09:16:18    5120    ----a-w-    C:\Windows\SysWow64\wow32.dll
2014-03-04 08:09:30    7680    ----a-w-    C:\Windows\SysWow64\instnm.exe
2014-03-04 08:09:29    2048    ----a-w-    C:\Windows\SysWow64\user.exe
2014-03-01 05:16:26    4096    ----a-w-    C:\Windows\System32\ieetwcollectorres.dll
2014-03-01 04:52:55    66048    ----a-w-    C:\Windows\System32\iesetup.dll
2014-03-01 04:51:59    48640    ----a-w-    C:\Windows\System32\ieetwproxystub.dll
2014-03-01 04:33:52    139264    ----a-w-    C:\Windows\System32\ieUnatt.exe
2014-03-01 04:33:34    111616    ----a-w-    C:\Windows\System32\ieetwcollector.exe
2014-03-01 04:32:59    708608    ----a-w-    C:\Windows\System32\jscript9diag.dll
2014-03-01 04:23:49    940032    ----a-w-    C:\Windows\System32\MsSpellCheckingFacility.exe
2014-03-01 03:54:33    5768704    ----a-w-    C:\Windows\System32\jscript9.dll
2014-03-01 03:52:43    61952    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2014-03-01 03:51:53    51200    ----a-w-    C:\Windows\SysWow64\ieetwproxystub.dll
2014-03-01 03:38:26    112128    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2014-03-01 03:37:35    553472    ----a-w-    C:\Windows\SysWow64\jscript9diag.dll
2014-03-01 03:35:11    2041856    ----a-w-    C:\Windows\System32\inetcpl.cpl
2014-03-01 03:14:15    4244480    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2014-03-01 03:10:28    2334208    ----a-w-    C:\Windows\System32\wininet.dll
2014-03-01 03:00:08    1964032    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2014-03-01 02:32:16    1820160    ----a-w-    C:\Windows\SysWow64\wininet.dll
2014-02-07 01:23:30    3156480    ----a-w-    C:\Windows\System32\win32k.sys
2014-02-04 02:35:56    190912    ----a-w-    C:\Windows\System32\drivers\storport.sys
2014-02-04 02:35:49    274880    ----a-w-    C:\Windows\System32\drivers\msiscsi.sys
2014-02-04 02:35:35    27584    ----a-w-    C:\Windows\System32\drivers\Diskdump.sys
2014-02-04 02:32:22    1424384    ----a-w-    C:\Windows\System32\WindowsCodecs.dll
2014-02-04 02:32:12    624128    ----a-w-    C:\Windows\System32\qedit.dll
2014-02-04 02:28:36    2048    ----a-w-    C:\Windows\System32\iologmsg.dll
2014-02-04 02:04:22    1230336    ----a-w-    C:\Windows\SysWow64\WindowsCodecs.dll
2014-02-04 02:04:11    509440    ----a-w-    C:\Windows\SysWow64\qedit.dll
2014-02-04 02:00:39    2048    ----a-w-    C:\Windows\SysWow64\iologmsg.dll
2014-01-29 02:32:18    484864    ----a-w-    C:\Windows\System32\wer.dll
2014-01-29 02:06:47    381440    ----a-w-    C:\Windows\SysWow64\wer.dll
2014-01-28 02:32:46    228864    ----a-w-    C:\Windows\System32\wwansvc.dll
2014-01-24 23:19:42    268512    ----a-w-    C:\Windows\System32\drivers\MpFilter.sys
2014-01-24 02:37:55    1684928    ----a-w-    C:\Windows\System32\drivers\ntfs.sys
2014-01-22 20:19:59    83968    ----a-w-    C:\Windows\System32\MshtmlDac.dll
2014-01-22 20:19:59    48128    ----a-w-    C:\Windows\System32\imgutil.dll
2014-01-22 20:19:59    13824    ----a-w-    C:\Windows\System32\mshta.exe
2014-01-19 07:33:29    270496    ------w-    C:\Windows\System32\MpSigStub.exe
2013-06-14 14:23:25    4126720    ----a-w-    C:\Program Files (x86)\GUT4C1D.tmp
.
============= FINISH: 22:08:32,39 ===============
 



#4 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:06:39 PM

Posted 17 April 2014 - 04:07 PM

Hi Sequan!!

We do have a few suspicious file here:
2014-03-27 20:43:51    248320    --sha-r-    C:\Users\Deblauwe\AppData\Roaming\KBDGKLM.dll
2014-03-27 20:43:40    248320    --sha-r-    C:\Users\Deblauwe\AppData\Roaming\ReAgent5.dll
2014-03-27 20:43:38    248320    --sha-r-    C:\Windows\SysWow64\taskschdd.dll
Please show hidden files, and then please go to VirusTotal and upload one of those files above for analysis... Allow the file to be uploaded and scanned. Then, please post a link to the results page for me to see.

I see you've tried to run the ComboFix tool - if the logfile exists (C:\ComboFix.txt), please post it in your reply...

I'll need a more detailed logfile:
Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system - choose the 64-Bit Version.
  • Right-click FRST then click "Run as administrator"
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.
Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.
Posted Image
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#5 Sequan

Sequan
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:06:39 PM

Posted 18 April 2014 - 08:08 AM

Hi,

I had the first file in the list scanned by Virus Total.  https://www.virustotal.com/nl/file/ef24a96922daee9f379a24e5b98867bb2fdcd01943687a96a001fcd3e207e722/analysis/1397826213/

I'll run Combofix and Farbary and send you these logs.



#6 Sequan

Sequan
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:06:39 PM

Posted 18 April 2014 - 08:37 AM

This is the log from Combofix:

 

ComboFix 14-04-17.01 - Deblauwe 18/04/2014  15:19:09.2.1 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.32.1043.18.1978.946 [GMT 2:00]
Gestart vanuit: c:\users\Deblauwe\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((   Andere Verwijderingen   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\programdata\sAveNshare
c:\programdata\sAveNshare\OjNrQN6c.dat
c:\programdata\sAveNshare\pVKEsKfLI.dat
c:\users\Deblauwe\AppData\Roaming\KBDGKLM.dll
c:\users\Deblauwe\AppData\Roaming\ReAgent5.dll
c:\windows\IsUn0413.exe
c:\windows\SysWow64\X86
.
.
((((((((((((((((((((   Bestanden Gemaakt van 2014-03-18 to 2014-04-18  ))))))))))))))))))))))))))))))
.
.
2014-04-18 13:30 . 2014-04-18 13:30    --------    d-----w-    c:\users\Public\AppData\Local\temp
2014-04-18 13:30 . 2014-04-18 13:30    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-04-17 18:32 . 2014-04-01 01:15    10651696    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8C4870C2-88E7-4E2C-8124-C32D87BC3053}\mpengine.dll
2014-04-16 11:43 . 2014-04-01 01:15    10651696    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-04-15 11:35 . 2014-04-15 11:35    240952    ----a-w-    c:\windows\system32\drivers\avgtdia.sys
2014-04-11 10:57 . 2014-04-18 12:45    119512    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-04-10 20:06 . 2014-04-03 07:51    63192    ----a-w-    c:\windows\system32\drivers\mwac.sys
2014-04-10 20:06 . 2014-04-03 07:51    88280    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-04-10 20:06 . 2014-04-03 07:50    25816    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-04-10 20:06 . 2014-04-10 20:06    --------    d-----w-    c:\program files (x86)\Malwarebytes Anti-Malware
2014-04-10 19:48 . 2014-04-10 20:02    --------    d-----w-    c:\users\Deblauwe\AppData\Roaming\Nico Mak Computing
2014-04-10 19:33 . 2014-04-10 19:35    --------    d-----w-    c:\programdata\Max Secure
2014-04-10 19:31 . 2014-04-10 19:31    --------    d-----w-    c:\users\Deblauwe\AppData\Local\Max Secure Software
2014-04-10 19:30 . 2014-04-10 19:31    --------    d-----w-    c:\users\Deblauwe\AppData\Roaming\GetRightToGo
2014-04-10 11:03 . 2014-03-31 01:16    23134208    ----a-w-    c:\windows\system32\mshtml.dll
2014-04-10 11:03 . 2014-03-31 01:13    2724864    ----a-w-    c:\windows\system32\mshtml.tlb
2014-04-10 11:03 . 2014-03-31 00:13    2724864    ----a-w-    c:\windows\SysWow64\mshtml.tlb
2014-04-04 18:26 . 2014-02-20 11:57    1031560    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{77FB3FA0-5283-42A9-867E-B82ADA94CC5B}\gapaengine.dll
2014-03-27 20:43 . 2014-03-27 20:43    248320    --sha-r-    c:\windows\SysWow64\taskschdd.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((   Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-10 13:50 . 2012-01-29 16:31    90655440    ----a-w-    c:\windows\system32\MRT.exe
2014-03-15 13:30 . 2012-06-04 17:08    692616    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2014-03-15 13:30 . 2011-07-17 18:39    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-15 13:30 . 2014-03-15 13:30    5777288    ----a-w-    c:\windows\SysWow64\FlashPlayerInstaller.exe
2014-03-11 07:52 . 2013-01-20 13:59    133928    ----a-w-    c:\windows\system32\drivers\NisDrvWFP.sys
2014-03-04 09:17 . 2014-04-10 11:02    44032    ----a-w-    c:\windows\apppatch\acwow64.dll
2014-03-01 05:16 . 2014-03-15 12:01    4096    ----a-w-    c:\windows\system32\ieetwcollectorres.dll
2014-03-01 04:58 . 2014-03-15 12:01    2765824    ----a-w-    c:\windows\system32\iertutil.dll
2014-03-01 04:52 . 2014-03-15 12:01    66048    ----a-w-    c:\windows\system32\iesetup.dll
2014-03-01 04:51 . 2014-03-15 12:01    48640    ----a-w-    c:\windows\system32\ieetwproxystub.dll
2014-03-01 04:42 . 2014-03-15 12:01    53760    ----a-w-    c:\windows\system32\jsproxy.dll
2014-03-01 04:40 . 2014-03-15 12:01    33792    ----a-w-    c:\windows\system32\iernonce.dll
2014-03-01 04:37 . 2014-03-15 12:01    574976    ----a-w-    c:\windows\system32\ieui.dll
2014-03-01 04:33 . 2014-03-15 12:01    139264    ----a-w-    c:\windows\system32\ieUnatt.exe
2014-03-01 04:33 . 2014-03-15 12:01    111616    ----a-w-    c:\windows\system32\ieetwcollector.exe
2014-03-01 04:32 . 2014-03-15 12:01    708608    ----a-w-    c:\windows\system32\jscript9diag.dll
2014-03-01 04:23 . 2014-03-15 12:01    940032    ----a-w-    c:\windows\system32\MsSpellCheckingFacility.exe
2014-03-01 04:17 . 2014-03-15 12:01    218624    ----a-w-    c:\windows\system32\ie4uinit.exe
2014-03-01 04:02 . 2014-03-15 12:01    195584    ----a-w-    c:\windows\system32\msrating.dll
2014-03-01 03:54 . 2014-03-15 12:01    5768704    ----a-w-    c:\windows\system32\jscript9.dll
2014-03-01 03:52 . 2014-03-15 12:01    61952    ----a-w-    c:\windows\SysWow64\iesetup.dll
2014-03-01 03:51 . 2014-03-15 12:01    51200    ----a-w-    c:\windows\SysWow64\ieetwproxystub.dll
2014-03-01 03:42 . 2014-03-15 12:01    627200    ----a-w-    c:\windows\system32\msfeeds.dll
2014-03-01 03:38 . 2014-03-15 12:01    112128    ----a-w-    c:\windows\SysWow64\ieUnatt.exe
2014-03-01 03:37 . 2014-03-15 12:01    553472    ----a-w-    c:\windows\SysWow64\jscript9diag.dll
2014-03-01 03:35 . 2014-03-15 12:01    2041856    ----a-w-    c:\windows\system32\inetcpl.cpl
2014-03-01 03:18 . 2014-03-15 12:01    13051904    ----a-w-    c:\windows\system32\ieframe.dll
2014-03-01 03:14 . 2014-03-15 12:01    4244480    ----a-w-    c:\windows\SysWow64\jscript9.dll
2014-03-01 03:10 . 2014-03-15 12:01    2334208    ----a-w-    c:\windows\system32\wininet.dll
2014-03-01 03:00 . 2014-03-15 12:01    1964032    ----a-w-    c:\windows\SysWow64\inetcpl.cpl
2014-03-01 02:38 . 2014-03-15 12:01    1393664    ----a-w-    c:\windows\system32\urlmon.dll
2014-03-01 02:32 . 2014-03-15 12:01    1820160    ----a-w-    c:\windows\SysWow64\wininet.dll
2014-03-01 02:25 . 2014-03-15 12:01    817664    ----a-w-    c:\windows\system32\ieapfltr.dll
2014-02-20 11:57 . 2013-04-23 16:09    1031560    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-02-07 01:23 . 2014-03-15 12:01    3156480    ----a-w-    c:\windows\system32\win32k.sys
2014-02-04 02:32 . 2014-03-15 12:00    1424384    ----a-w-    c:\windows\system32\WindowsCodecs.dll
2014-02-04 02:32 . 2014-03-15 12:00    624128    ----a-w-    c:\windows\system32\qedit.dll
2014-02-04 02:04 . 2014-03-15 12:00    1230336    ----a-w-    c:\windows\SysWow64\WindowsCodecs.dll
2014-02-04 02:04 . 2014-03-15 12:00    509440    ----a-w-    c:\windows\SysWow64\qedit.dll
2014-01-29 02:32 . 2014-03-15 12:01    484864    ----a-w-    c:\windows\system32\wer.dll
2014-01-29 02:06 . 2014-03-15 12:01    381440    ----a-w-    c:\windows\SysWow64\wer.dll
2014-01-28 02:32 . 2014-03-15 12:01    228864    ----a-w-    c:\windows\system32\wwansvc.dll
2014-01-24 23:19 . 2014-01-24 23:19    268512    ----a-w-    c:\windows\system32\drivers\MpFilter.sys
2014-01-22 20:20 . 2014-01-22 20:20    194048    ----a-w-    c:\windows\SysWow64\elshyph.dll
2014-01-22 20:20 . 2014-01-22 20:20    71680    ----a-w-    c:\windows\SysWow64\RegisterIEPKEYs.exe
2014-01-22 20:20 . 2014-01-22 20:20    645120    ----a-w-    c:\windows\SysWow64\jsIntl.dll
2014-01-22 20:20 . 2014-01-22 20:20    235008    ----a-w-    c:\windows\system32\elshyph.dll
2014-01-22 20:20 . 2014-01-22 20:20    182272    ----a-w-    c:\windows\SysWow64\msls31.dll
2014-01-22 20:20 . 2014-01-22 20:20    62464    ----a-w-    c:\windows\SysWow64\tdc.ocx
2014-01-22 20:20 . 2014-01-22 20:20    34816    ----a-w-    c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-01-22 20:20 . 2014-01-22 20:20    337408    ----a-w-    c:\windows\SysWow64\html.iec
2014-01-22 20:20 . 2014-01-22 20:20    24576    ----a-w-    c:\windows\SysWow64\licmgr10.dll
2014-01-22 20:20 . 2014-01-22 20:20    151552    ----a-w-    c:\windows\SysWow64\iexpress.exe
2014-01-22 20:20 . 2014-01-22 20:20    139264    ----a-w-    c:\windows\SysWow64\wextract.exe
2014-01-22 20:20 . 2014-01-22 20:20    1051136    ----a-w-    c:\windows\SysWow64\mshtmlmedia.dll
2014-01-22 20:20 . 2014-01-22 20:20    86016    ----a-w-    c:\windows\SysWow64\iesysprep.dll
2014-01-22 20:20 . 2014-01-22 20:20    74240    ----a-w-    c:\windows\SysWow64\SetIEInstalledDate.exe
2014-01-22 20:20 . 2014-01-22 20:20    61952    ----a-w-    c:\windows\SysWow64\MshtmlDac.dll
2014-01-22 20:20 . 2014-01-22 20:20    48640    ----a-w-    c:\windows\SysWow64\mshtmler.dll
2014-01-22 20:20 . 2014-01-22 20:20    36352    ----a-w-    c:\windows\SysWow64\imgutil.dll
2014-01-22 20:20 . 2014-01-22 20:20    13312    ----a-w-    c:\windows\SysWow64\mshta.exe
2014-01-22 20:20 . 2014-01-22 20:20    111616    ----a-w-    c:\windows\SysWow64\IEAdvpack.dll
2014-01-22 20:20 . 2014-01-22 20:20    942592    ----a-w-    c:\windows\system32\jsIntl.dll
2014-01-22 20:20 . 2014-01-22 20:20    90112    ----a-w-    c:\windows\system32\SetIEInstalledDate.exe
2014-01-22 20:20 . 2014-01-22 20:20    86016    ----a-w-    c:\windows\system32\RegisterIEPKEYs.exe
2014-01-22 20:20 . 2014-01-22 20:20    77312    ----a-w-    c:\windows\system32\tdc.ocx
2014-01-22 20:20 . 2014-01-22 20:20    52224    ----a-w-    c:\windows\system32\msfeedsbs.dll
2014-01-22 20:20 . 2014-01-22 20:20    48640    ----a-w-    c:\windows\system32\mshtmler.dll
2014-01-22 20:20 . 2014-01-22 20:20    40448    ----a-w-    c:\windows\system32\JavaScriptCollectionAgent.dll
2014-01-22 20:20 . 2014-01-22 20:20    247808    ----a-w-    c:\windows\system32\msls31.dll
2014-01-22 20:20 . 2014-01-22 20:20    13312    ----a-w-    c:\windows\system32\msfeedssync.exe
2014-01-22 20:20 . 2014-01-22 20:20    131072    ----a-w-    c:\windows\system32\IEAdvpack.dll
2014-01-22 20:20 . 2014-01-22 20:20    105984    ----a-w-    c:\windows\system32\iesysprep.dll
2014-01-22 20:20 . 2014-01-22 20:20    84992    ----a-w-    c:\windows\system32\mshtmled.dll
2014-01-22 20:20 . 2014-01-22 20:20    81408    ----a-w-    c:\windows\system32\icardie.dll
2014-01-22 20:20 . 2014-01-22 20:20    616104    ----a-w-    c:\windows\system32\ieapfltr.dat
2014-01-22 20:20 . 2014-01-22 20:20    453120    ----a-w-    c:\windows\system32\dxtmsft.dll
2014-01-22 20:20 . 2014-01-22 20:20    413696    ----a-w-    c:\windows\system32\html.iec
2014-01-22 20:20 . 2014-01-22 20:20    30208    ----a-w-    c:\windows\system32\licmgr10.dll
2014-01-22 20:20 . 2014-01-22 20:20    296960    ----a-w-    c:\windows\system32\dxtrans.dll
2014-01-22 20:20 . 2014-01-22 20:20    263376    ----a-w-    c:\windows\system32\iedkcs32.dll
2014-01-22 20:20 . 2014-01-22 20:20    243200    ----a-w-    c:\windows\system32\webcheck.dll
2014-01-22 20:20 . 2014-01-22 20:20    235520    ----a-w-    c:\windows\system32\url.dll
2014-01-22 20:20 . 2014-01-22 20:20    167424    ----a-w-    c:\windows\system32\iexpress.exe
2014-01-22 20:20 . 2014-01-22 20:20    143872    ----a-w-    c:\windows\system32\wextract.exe
2014-01-22 20:20 . 2014-01-22 20:20    1228800    ----a-w-    c:\windows\system32\mshtmlmedia.dll
2014-01-22 20:20 . 2014-01-22 20:20    101376    ----a-w-    c:\windows\system32\inseng.dll
2014-01-22 20:20 . 2014-01-22 20:19    147968    ----a-w-    c:\windows\system32\occache.dll
2014-01-22 20:19 . 2014-01-22 20:19    83968    ----a-w-    c:\windows\system32\MshtmlDac.dll
2014-01-22 20:19 . 2014-01-22 20:19    774144    ----a-w-    c:\windows\system32\jscript.dll
2014-01-22 20:19 . 2014-01-22 20:19    62464    ----a-w-    c:\windows\system32\pngfilt.dll
2014-01-22 20:19 . 2014-01-22 20:19    48128    ----a-w-    c:\windows\system32\imgutil.dll
2014-01-22 20:19 . 2014-01-22 20:19    13824    ----a-w-    c:\windows\system32\mshta.exe
2014-01-22 20:19 . 2014-01-22 20:19    135680    ----a-w-    c:\windows\system32\iepeers.dll
2014-01-19 07:33 . 2013-04-18 15:56    270496    ------w-    c:\windows\system32\MpSigStub.exe
2013-06-14 14:23 . 2013-06-14 14:23    4126720    ----a-w-    c:\program files (x86)\GUT4C1D.tmp
.
.
(((((((((((((((((((((((((((((((((((((   Reg Opstartpunten   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 02:40    120176    ----a-w-    c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2014-01-20 4411952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Netwerkinspectie;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [x]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S2 vToolbarUpdater15.3.0;vToolbarUpdater15.3.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys;c:\windows\SYSNATIVE\drivers\IntcHdmi.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
.
.
--- Andere Services/Drivers In Geheugen ---
.
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - MBAMWEBACCESSCONTROL
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
start [BU]
.
Inhoud van de 'Gedeelde Taken' map
.
2014-04-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-04 13:30]
.
2014-04-17 c:\windows\Tasks\HP Photo Creations Communicator.job
- c:\programdata\HP Photo Creations\Communicator.exe [2012-12-16 15:27]
.
2014-04-18 c:\windows\Tasks\xhevvfe.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 02:42    137584    ----a-w-    c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.search.ask.com/?o=APN10645A&gct=hp&d=406-905&v=a11465-188&t=4
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &Verzenden naar OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: Add to AMV/AVI Video Converter... - c:\program files (x86)\Media Player Utilities 4.37\AMVConverter\grab.html
IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 195.130.130.5 195.130.131.5
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
FF - ProfilePath - c:\users\Deblauwe\AppData\Roaming\Mozilla\Firefox\Profiles\wednoxxf.default-1373914836301\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/
.
- - - - ORPHANS VERWIJDERD - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
SafeBoot-34782765.sys
Toolbar-10 - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
AddRemove-ilividmoviestoolbarhaIE - c:\progra~2\MOVIES~1\Datamngr\SRTOOL~1\IE\uninstall.exe
AddRemove-La Belle et la Bete - La Belle du bal - c:\windows\IsUn0413.exe
.
.
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}\MiscStatus\1]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.12"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Voltooingstijd: 2014-04-18  15:35:58
ComboFix-quarantined-files.txt  2014-04-18 13:35
ComboFix2.txt  2013-07-10 09:36
.
Pre-Run: 111.105.961.984 bytes beschikbaar
Post-Run: 110.661.787.648 bytes beschikbaar
.
- - End Of File - - FC677651538750ECF47090B53982C63C
 



#7 Sequan

Sequan
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:06:39 PM

Posted 18 April 2014 - 08:43 AM

This is the Farbar log:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-04-2014 01
Ran by Deblauwe (administrator) on DEBLAUWE-PC on 18-04-2014 15:39:02
Running from C:\Users\Deblauwe\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: Dutch Standard
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe


==================== Registry (Whitelisted) ==================

HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411952 2014-01-21] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search.ask.com/?o=APN10645A&gct=hp&d=406-905&v=a11465-188&t=4
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=905&systemid=406&v=a11465-188&apn_uid=2466230776114323&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=905&systemid=406&v=a11465-188&apn_uid=2466230776114323&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
SearchScopes: HKCU - DefaultScope Software\Microsoft\Internet Explorer\SearchScopes URL =
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3312375&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SPA9145162-1214-4B93-85AB-5D7B9A0EDA23&q={searchTerms}
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_nlBE409
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=905&systemid=406&v=a11465-188&apn_uid=2466230776114323&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 195.130.130.5 195.130.131.5

FireFox:
========
FF ProfilePath: C:\Users\Deblauwe\AppData\Roaming\Mozilla\Firefox\Profiles\wednoxxf.default-1373914836301
FF DefaultSearchEngine: Ask.com
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: Ask.com
FF Homepage: hxxp://www.google.be/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 - C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF SearchPlugin: C:\Users\Deblauwe\AppData\Roaming\Mozilla\Firefox\Profiles\wednoxxf.default-1373914836301\searchplugins\Ask.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\Ask.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\bolcom-nl.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\marktplaats-nl.xml
FF Extension: Search-NewTaB - C:\Users\Deblauwe\AppData\Roaming\Mozilla\Firefox\Profiles\wednoxxf.default-1373914836301\Extensions\gezz8.kpg@pttzzzeoktqb.edu [2013-09-09]
FF Extension: saVeNshare  - C:\Users\Deblauwe\AppData\Roaming\Mozilla\Firefox\Profiles\wednoxxf.default-1373914836301\Extensions\rdo-o@jfquqiio.co.uk [2013-09-09]
FF Extension: Ask New Tabs - C:\Users\Deblauwe\AppData\Roaming\Mozilla\Firefox\Profiles\wednoxxf.default-1373914836301\Extensions\{40B85966-9F42-5726-B80A-30E0FC83AC27} [2014-03-27]

Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.95\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.95\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.95\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Computer, Inc.)
CHR Plugin: (QuickTime Plug-in 7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Computer, Inc.)
CHR Plugin: (QuickTime Plug-in 7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Computer, Inc.)
CHR Plugin: (QuickTime Plug-in 7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Computer, Inc.)
CHR Plugin: (QuickTime Plug-in 7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Computer, Inc.)
CHR Plugin: (QuickTime Plug-in 7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Computer, Inc.)
CHR Plugin: (QuickTime Plug-in 7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Computer, Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll No File
CHR Plugin: (RocketLife Secure Plug-In Layer) - C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\Deblauwe\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll No File
CHR HKLM-x32\...\Chrome\Extension: [ealchnonpofjocgofjpopjdoegbbkofj] - C:\Program Files (x86)\HappyLyrics\Chrome.crx []
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-11-20] (AVG Technologies CZ, s.r.o.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
S3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-05-27] (Egis Technology Inc.)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-02] (Symantec Corporation)
R2 vToolbarUpdater15.3.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe [1598128 2013-06-27] (AVG Secure Search)

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2014-04-15] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [45856 2013-06-27] (AVG Technologies)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-18] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-18 15:39 - 2014-04-18 15:39 - 00015424 _____ () C:\Users\Deblauwe\Downloads\FRST.txt
2014-04-18 15:38 - 2014-04-18 15:39 - 00000000 ____D () C:\FRST
2014-04-18 15:35 - 2014-04-18 15:35 - 00025928 _____ () C:\ComboFix.txt
2014-04-18 15:08 - 2014-04-18 15:08 - 02158592 _____ (Farbar) C:\Users\Deblauwe\Downloads\FRST64.exe
2014-04-16 22:08 - 2014-04-16 22:10 - 00017133 _____ () C:\Users\Deblauwe\Desktop\dds.txt
2014-04-16 22:08 - 2014-04-16 22:10 - 00007558 _____ () C:\Users\Deblauwe\Desktop\attach.txt
2014-04-15 19:55 - 2014-04-15 20:13 - 00000000 ____D () C:\Users\Deblauwe\Downloads\WWE.Raw.04.14.14.DSR.XviD-XWT
2014-04-15 13:35 - 2014-04-15 13:35 - 00240952 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdia.sys
2014-04-14 21:52 - 2014-04-14 21:53 - 00000000 ____D () C:\Users\Deblauwe\Downloads\Game of Thrones S04E02 HDTV x264-2HD[ettv]
2014-04-14 21:48 - 2014-04-14 21:48 - 01671248 _____ (BitTorrent Inc.) C:\Users\Deblauwe\Downloads\uTorrent.exe
2014-04-11 14:08 - 2014-04-11 14:08 - 00688992 ____R (Swearware) C:\Users\Deblauwe\Downloads\dds.com
2014-04-11 13:47 - 2014-04-11 13:47 - 00000000 ____D () C:\Users\Deblauwe\AppData\Roaming\Macromedia
2014-04-11 12:57 - 2014-04-18 14:45 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-10 22:06 - 2014-04-10 22:06 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Deblauwe\Desktop\mbam-setup-2-0-1-1004.exe
2014-04-10 22:06 - 2014-04-10 22:06 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-10 22:06 - 2014-04-10 22:06 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-10 22:06 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-10 22:06 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-10 22:06 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-10 21:50 - 2014-04-18 15:10 - 05195154 ____R (Swearware) C:\Users\Deblauwe\Downloads\ComboFix.exe
2014-04-10 21:48 - 2014-04-10 22:02 - 00000000 ____D () C:\Users\Deblauwe\AppData\Roaming\Nico Mak Computing
2014-04-10 21:47 - 2014-04-10 21:47 - 04892480 _____ (WinZip International LLC ) C:\Users\Deblauwe\Downloads\wzmp_8.exe
2014-04-10 21:33 - 2014-04-10 21:35 - 00000000 ____D () C:\ProgramData\Max Secure
2014-04-10 21:32 - 2014-04-10 21:33 - 237206200 _____ (Max Secure Software ) C:\Users\Deblauwe\Desktop\MaxSpywaredetectorx64.exe
2014-04-10 21:31 - 2014-04-10 21:31 - 00000000 ____D () C:\Users\Deblauwe\AppData\Local\Max Secure Software
2014-04-10 21:30 - 2014-04-10 21:31 - 00000000 ____D () C:\Users\Deblauwe\AppData\Roaming\GetRightToGo
2014-04-10 21:30 - 2014-04-10 21:30 - 00368256 _____ (RegNow.com) C:\Users\Deblauwe\Downloads\Download_MaxSDDMnew.exe
2014-04-10 13:03 - 2014-03-31 03:16 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-10 13:03 - 2014-03-31 03:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-10 13:03 - 2014-03-31 02:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-10 13:03 - 2014-03-31 01:57 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-10 13:02 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-10 13:02 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-10 13:02 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-10 13:02 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-10 13:02 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-10 13:02 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-10 13:02 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-10 13:02 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-10 13:02 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-10 13:02 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-10 13:02 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-10 13:02 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-10 13:02 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-10 13:02 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-10 13:02 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-10 13:02 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-10 13:02 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-01 20:23 - 2014-04-01 20:26 - 252299708 _____ () C:\Users\Deblauwe\Downloads\The.Mentalist.S06E02.HDTV.x264-LOL.mp4
2014-04-01 20:22 - 2014-04-01 20:25 - 237272569 _____ () C:\Users\Deblauwe\Downloads\The.Mentalist.S06E01.HDTV.x264-LOL.mp4
2014-03-29 19:01 - 2014-03-29 19:02 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-27 22:45 - 2014-03-27 22:45 - 01866752 _____ () C:\Users\Deblauwe\Downloads\2013-03-07 Algemene presentatie - definitieve versie.ppt
2014-03-27 22:43 - 2014-04-18 15:29 - 00000324 _____ () C:\Windows\Tasks\xhevvfe.job
2014-03-27 22:43 - 2014-03-27 22:43 - 00248320 __RSH () C:\Windows\SysWOW64\taskschdd.dll
2014-03-27 22:43 - 2014-03-27 22:43 - 00002604 _____ () C:\Windows\System32\Tasks\xhevvfe
2014-03-26 14:57 - 2014-03-26 14:57 - 00000000 ____D () C:\Users\Deblauwe\Downloads\The Dream
2014-03-26 14:29 - 2014-03-26 14:37 - 00000000 ____D () C:\Users\Deblauwe\Downloads\In This Moment - A Star-Crossed Wasteland CDRip [DE][MJN]
2014-03-26 14:27 - 2014-03-31 21:49 - 00000000 ____D () C:\Users\Deblauwe\Downloads\In This Moment - 2006-2012 - Дополнение к дискографии
2014-03-26 14:23 - 2014-03-26 14:45 - 00000000 ____D () C:\Users\Deblauwe\Downloads\Beautiful Tragedy

==================== One Month Modified Files and Folders =======

2014-04-18 15:39 - 2014-04-18 15:39 - 00015424 _____ () C:\Users\Deblauwe\Downloads\FRST.txt
2014-04-18 15:39 - 2014-04-18 15:38 - 00000000 ____D () C:\FRST
2014-04-18 15:38 - 2012-12-07 17:12 - 00000344 _____ () C:\Windows\Tasks\HP Photo Creations Communicator.job
2014-04-18 15:36 - 2013-07-05 20:32 - 00000000 ____D () C:\Qoobox
2014-04-18 15:35 - 2014-04-18 15:35 - 00025928 _____ () C:\ComboFix.txt
2014-04-18 15:30 - 2012-10-10 20:37 - 00000940 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-18 15:30 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-04-18 15:29 - 2014-03-27 22:43 - 00000324 _____ () C:\Windows\Tasks\xhevvfe.job
2014-04-18 15:17 - 2010-09-01 11:40 - 02024300 _____ () C:\Windows\WindowsUpdate.log
2014-04-18 15:10 - 2014-04-10 21:50 - 05195154 ____R (Swearware) C:\Users\Deblauwe\Downloads\ComboFix.exe
2014-04-18 15:08 - 2014-04-18 15:08 - 02158592 _____ (Farbar) C:\Users\Deblauwe\Downloads\FRST64.exe
2014-04-18 14:52 - 2009-07-14 06:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-18 14:52 - 2009-07-14 06:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-18 14:50 - 2011-01-06 22:10 - 00000000 ____D () C:\ProgramData\MFAData
2014-04-18 14:45 - 2014-04-11 12:57 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-18 14:44 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-18 14:44 - 2009-07-14 06:51 - 00122918 _____ () C:\Windows\setupact.log
2014-04-17 20:29 - 2013-04-18 17:32 - 00000979 _____ () C:\Users\Public\Desktop\AVG 2013.lnk
2014-04-16 22:10 - 2014-04-16 22:08 - 00017133 _____ () C:\Users\Deblauwe\Desktop\dds.txt
2014-04-16 22:10 - 2014-04-16 22:08 - 00007558 _____ () C:\Users\Deblauwe\Desktop\attach.txt
2014-04-16 22:03 - 2010-09-01 12:32 - 00750566 _____ () C:\Windows\system32\perfh013.dat
2014-04-16 22:03 - 2010-09-01 12:32 - 00156256 _____ () C:\Windows\system32\perfc013.dat
2014-04-16 22:03 - 2009-07-14 07:13 - 01684136 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-16 22:00 - 2013-10-29 13:13 - 00000000 ____D () C:\Users\Deblauwe\Documents\HIG
2014-04-16 20:37 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-04-15 21:27 - 2011-04-29 14:09 - 00000000 ____D () C:\Users\Deblauwe\AppData\Roaming\uTorrent
2014-04-15 20:13 - 2014-04-15 19:55 - 00000000 ____D () C:\Users\Deblauwe\Downloads\WWE.Raw.04.14.14.DSR.XviD-XWT
2014-04-15 19:49 - 2010-09-01 11:37 - 00302264 _____ () C:\Windows\PFRO.log
2014-04-15 13:35 - 2014-04-15 13:35 - 00240952 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdia.sys
2014-04-14 21:53 - 2014-04-14 21:52 - 00000000 ____D () C:\Users\Deblauwe\Downloads\Game of Thrones S04E02 HDTV x264-2HD[ettv]
2014-04-14 21:50 - 2013-09-11 11:29 - 00000861 _____ () C:\Users\Deblauwe\Desktop\µTorrent.lnk
2014-04-14 21:48 - 2014-04-14 21:48 - 01671248 _____ (BitTorrent Inc.) C:\Users\Deblauwe\Downloads\uTorrent.exe
2014-04-11 14:28 - 2013-12-06 22:42 - 00000000 ____D () C:\Program Files (x86)\Movies Toolbar
2014-04-11 14:27 - 2009-07-14 07:37 - 00000000 ____D () C:\Windows\DigitalLocker
2014-04-11 14:08 - 2014-04-11 14:08 - 00688992 ____R (Swearware) C:\Users\Deblauwe\Downloads\dds.com
2014-04-11 13:47 - 2014-04-11 13:47 - 00000000 ____D () C:\Users\Deblauwe\AppData\Roaming\Macromedia
2014-04-11 13:36 - 2013-12-06 22:42 - 00000000 ____D () C:\ProgramData\Wincert
2014-04-11 13:35 - 2010-12-10 16:41 - 00000000 ____D () C:\Users\Deblauwe
2014-04-11 12:53 - 2009-07-14 06:45 - 00418728 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-10 22:12 - 2013-12-16 21:49 - 00000000 ____D () C:\Users\Deblauwe\Documents\2013 10 13 Wat er ook op de usb stick staat
2014-04-10 22:06 - 2014-04-10 22:06 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Deblauwe\Desktop\mbam-setup-2-0-1-1004.exe
2014-04-10 22:06 - 2014-04-10 22:06 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-10 22:06 - 2014-04-10 22:06 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-10 22:06 - 2013-06-29 10:22 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-10 22:02 - 2014-04-10 21:48 - 00000000 ____D () C:\Users\Deblauwe\AppData\Roaming\Nico Mak Computing
2014-04-10 21:48 - 2010-12-10 16:42 - 00110080 _____ () C:\Users\Deblauwe\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-10 21:47 - 2014-04-10 21:47 - 04892480 _____ (WinZip International LLC ) C:\Users\Deblauwe\Downloads\wzmp_8.exe
2014-04-10 21:35 - 2014-04-10 21:33 - 00000000 ____D () C:\ProgramData\Max Secure
2014-04-10 21:33 - 2014-04-10 21:32 - 237206200 _____ (Max Secure Software ) C:\Users\Deblauwe\Desktop\MaxSpywaredetectorx64.exe
2014-04-10 21:31 - 2014-04-10 21:31 - 00000000 ____D () C:\Users\Deblauwe\AppData\Local\Max Secure Software
2014-04-10 21:31 - 2014-04-10 21:30 - 00000000 ____D () C:\Users\Deblauwe\AppData\Roaming\GetRightToGo
2014-04-10 21:30 - 2014-04-10 21:30 - 00368256 _____ (RegNow.com) C:\Users\Deblauwe\Downloads\Download_MaxSDDMnew.exe
2014-04-10 21:17 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2014-04-10 20:38 - 2014-01-31 13:54 - 00000000 ____D () C:\Program Files (x86)\Disney Interactive
2014-04-10 20:38 - 2014-01-31 13:53 - 00002419 _____ () C:\Windows\disney.ini
2014-04-10 15:51 - 2012-02-17 15:20 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-10 15:50 - 2012-01-29 18:31 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-08 18:00 - 2012-12-07 16:36 - 00000000 ____D () C:\Users\Deblauwe\AppData\Roaming\HpUpdate
2014-04-03 22:31 - 2013-04-18 18:01 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-04-03 22:31 - 2013-04-18 18:01 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-04-03 22:30 - 2013-04-18 18:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-04-03 09:51 - 2014-04-10 22:06 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-10 22:06 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-10 22:06 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-01 20:26 - 2014-04-01 20:23 - 252299708 _____ () C:\Users\Deblauwe\Downloads\The.Mentalist.S06E02.HDTV.x264-LOL.mp4
2014-04-01 20:25 - 2014-04-01 20:22 - 237272569 _____ () C:\Users\Deblauwe\Downloads\The.Mentalist.S06E01.HDTV.x264-LOL.mp4
2014-03-31 21:49 - 2014-03-26 14:27 - 00000000 ____D () C:\Users\Deblauwe\Downloads\In This Moment - 2006-2012 - Дополнение к дискографии
2014-03-31 03:16 - 2014-04-10 13:03 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-31 03:13 - 2014-04-10 13:03 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-31 02:13 - 2014-04-10 13:03 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-31 01:57 - 2014-04-10 13:03 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-30 10:31 - 2013-06-26 19:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-29 19:02 - 2014-03-29 19:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-28 19:10 - 2010-07-16 11:09 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-03-27 22:45 - 2014-03-27 22:45 - 01866752 _____ () C:\Users\Deblauwe\Downloads\2013-03-07 Algemene presentatie - definitieve versie.ppt
2014-03-27 22:43 - 2014-03-27 22:43 - 00248320 __RSH () C:\Windows\SysWOW64\taskschdd.dll
2014-03-27 22:43 - 2014-03-27 22:43 - 00002604 _____ () C:\Windows\System32\Tasks\xhevvfe
2014-03-26 14:57 - 2014-03-26 14:57 - 00000000 ____D () C:\Users\Deblauwe\Downloads\The Dream
2014-03-26 14:45 - 2014-03-26 14:23 - 00000000 ____D () C:\Users\Deblauwe\Downloads\Beautiful Tragedy
2014-03-26 14:37 - 2014-03-26 14:29 - 00000000 ____D () C:\Users\Deblauwe\Downloads\In This Moment - A Star-Crossed Wasteland CDRip [DE][MJN]
2014-03-21 21:51 - 2011-01-07 12:22 - 00000116 _____ () C:\Windows\NeroDigital.ini

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-10 22:55

==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-04-2014 01
Ran by Deblauwe at 2014-04-18 15:39:46
Running from C:\Users\Deblauwe\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

µTorrent (HKCU\...\uTorrent) (Version: 3.4.1.30768 - BitTorrent Inc.)
Acer Backup Manager (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.68 - NewTech Infosystems)
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3005 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3013 - Acer Incorporated)
Acer GameZone Console (HKLM-x32\...\{58F4D244-314F-4D26-B5EF-C28AB32E22CB}_is1) (Version: 6.1.0.9 - Oberon Media, Inc.)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.03.3003 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0707.2010 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3001 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.0.7220 - Adobe Systems Inc.) Hidden
Adobe Digital Editions (HKLM-x32\...\Digital Editions) (Version:  - )
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader 9.1 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
AVG 2012 (Version: 12.0.2641 - AVG Technologies) Hidden
AVG 2013 (HKLM\...\AVG) (Version: 2013.0.3468 - AVG Technologies)
AVG 2013 (Version: 13.0.3468 - AVG Technologies) Hidden
Backup Manager Basic (x32 Version: 2.0.0.68 - NewTech Infosystems) Hidden
Basissoftware voor HP Officejet 4620 series (HKLM\...\{D195201D-E7E6-4237-8DD4-CE311237670F}) (Version: 26.0.784.0 - Hewlett-Packard Co.)
Belle en het Beest - De Ster van het Bal (HKLM-x32\...\La Belle et la Bete - La Belle du bal) (Version:  - )
CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.2829.50 - CyberLink Corp.)
CyberLink PowerDVD 9 (x32 Version: 9.0.2829.50 - CyberLink Corp.) Hidden
De Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.50.56 - Electronic Arts)
De Sims™ 3 Bovennatuurlijk (HKLM-x32\...\{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}) (Version: 15.0.135 - Electronic Arts)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5971CA1F-6BDE-498F-952C-9F2BF94070A4}) (Version:  - Microsoft)
Disney's Assepoester (HKLM-x32\...\{680E5008-CA49-11D6-8940-0002A5E32BEF}) (Version:  - )
ETDWare PS/2-x64 7.0.6.5_WHQL (HKLM\...\Elantech) (Version: 7.0.6.5 - ELAN Microelectronics Corp.)
Explor@ Park (HKLM-x32\...\VTechDownloadManager) (Version:  - VTech)
GenoPro 2.5.4.1 (HKLM-x32\...\GenoPro) (Version:  - GenoPro Inc.)
High-Definition Video Playback 10 (x32 Version: 7.0.11400.29.0 - Nero AG) Hidden
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet 4620 series Haelp (HKLM-x32\...\{225F0E4C-A89A-4AC7-A56A-95B2A12DDC26}) (Version: 6.0.0 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.10712 - HP)
HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1892 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.2.1001 - Intel Corporation)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 4.0.12 - Acer Inc.)
LightScribe  1.4.44.1 (x32 Version: 1.4.44.1 - Integrator) Hidden
Malwarebytes Anti-Malware versie 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Media Player Utilities 4.37 (HKLM-x32\...\{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}) (Version: 4.37 -  )
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Nederlands) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1043) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (NLD) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (Dutch) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (Dutch) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (Dutch) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (Dutch) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (Dutch) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-0081-0413-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Office Outlook MUI (Dutch) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (Dutch) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Dutch) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (Dutch) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (Dutch) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (Dutch) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (Dutch) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (Dutch) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Movies Toolbar for Internet Explorer (Dist. by Bandoo Media, Inc.) (HKLM-x32\...\ilividmoviestoolbarhaIE) (Version: 1.6.2.0 - APN LLC) <==== ATTENTION
Mozilla Firefox 28.0 (x86 nl) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 nl)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyWinLocker (x32 Version: 3.1.212.0 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}) (Version: 3.1.212.0 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 3.1.212.0 - Egis Technology Inc.) Hidden
Nero 10 Menu TemplatePack Basic (x32 Version: 10.0.10600.6.0 - Nero AG) Hidden
Nero 10 Movie ThemePack Basic (x32 Version: 10.0.10600.6.0 - Nero AG) Hidden
Nero BackItUp 10 (HKLM-x32\...\{68AB6930-5BFF-4FF6-923B-516A91984FE6}) (Version: 5.4.11600.19.100 - Nero AG)
Nero BackItUp 10 Help (CHM) (x32 Version: 1.0.10700 - Nero AG) Hidden
Nero Burning ROM 10 (HKLM-x32\...\{7A5D731D-B4B3-490E-B339-75685712BAAB}) (Version: 10.0.11100.10.100 - Nero AG)
Nero BurningROM 10 Help (CHM) (x32 Version: 1.0.10700 - Nero AG) Hidden
Nero BurnRights 10 (HKLM-x32\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.0.11000.12.100 - Nero AG)
Nero BurnRights 10 Help (CHM) (x32 Version: 1.0.10600 - Nero AG) Hidden
Nero Control Center 10 (x32 Version: 10.0.12000.1.4 - Nero AG) Hidden
Nero ControlCenter 10 Help (CHM) (x32 Version: 1.0.10700 - Nero AG) Hidden
Nero Core Components 10 (x32 Version: 2.0.13700.0.1 - Nero AG) Hidden
Nero CoverDesigner 10 (HKLM-x32\...\{FCF00A6E-FB58-477A-ABE9-232907105521}) (Version: 5.0.10900.11.100 - Nero AG)
Nero CoverDesigner 10 Help (CHM) (x32 Version: 1.0.10600 - Nero AG) Hidden
Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.0.10800.7.100 - Nero AG)
Nero DiscSpeed 10 Help (CHM) (x32 Version: 1.0.10600 - Nero AG) Hidden
Nero Dolby Files 10 (x32 Version: 2.0.11000.0.10 - Nero AG) Hidden
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.0.11000.10.100 - Nero AG)
Nero Express 10 Help (CHM) (x32 Version: 1.0.10700 - Nero AG) Hidden
Nero InfoTool 10 (HKLM-x32\...\{F412B4AF-388C-4FF5-9B2F-33DB1C536953}) (Version: 7.0.10800.8.100 - Nero AG)
Nero InfoTool 10 Help (CHM) (x32 Version: 1.0.10600 - Nero AG) Hidden
Nero MediaHub 10 (HKLM-x32\...\{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}) (Version: 1.0.13400.11.100 - Nero AG)
Nero MediaHub 10 Help (CHM) (x32 Version: 1.0.10700 - Nero AG) Hidden
Nero Multimedia Suite 10 (HKLM-x32\...\{277C1559-4CF7-44FF-8D07-98AA9C13AABD}) (Version: 10.0.13100 - Nero AG)
Nero Recode 10 (HKLM-x32\...\{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}) (Version: 4.6.10900.4.100 - Nero AG)
Nero Recode 10 Help (CHM) (x32 Version: 1.0.10600 - Nero AG) Hidden
Nero RescueAgent 10 (HKLM-x32\...\{E337E787-CF61-4B7B-B84F-509202A54023}) (Version: 3.0.10900.9.100 - Nero AG)
Nero RescueAgent 10 Help (CHM) (x32 Version: 1.0.10700 - Nero AG) Hidden
Nero SoundTrax 10 (HKLM-x32\...\{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}) (Version: 4.6.10600.2.100 - Nero AG)
Nero SoundTrax 10 Help (CHM) (x32 Version: 1.0.10600 - Nero AG) Hidden
Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.0.11200.12.100 - Nero AG)
Nero StartSmart 10 Help (CHM) (x32 Version: 1.0.10700 - Nero AG) Hidden
Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0017 - Nero AG)
Nero Vision 10 (HKLM-x32\...\{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}) (Version: 7.0.11100.8.100 - Nero AG)
Nero Vision 10 Help (CHM) (x32 Version: 1.0.10600 - Nero AG) Hidden
Nero WaveEditor 10 (HKLM-x32\...\{EDCDFAD5-DF80-4600-A493-E9DAD6810230}) (Version: 5.6.10600.2.100 - Nero AG)
Nero WaveEditor 10 Help (CHM) (x32 Version: 1.0.10600 - Nero AG) Hidden
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
Origin (HKLM-x32\...\Origin) (Version: 8.6.0.357 - Electronic Arts, Inc.)
Pingu en zijn vrienden (HKLM-x32\...\{453EDAF5-D01B-487C-8BCE-2F4F07F8B9A9}) (Version: 1.00.0000 - Transposia)
Productverbeteringonderzoek HP Officejet 4620 series (HKLM\...\{C3FA1B2C-A5A9-4F3E-B021-3079B836B620}) (Version: 26.0.784.0 - Hewlett-Packard Co.)
QuickTime (HKLM-x32\...\InstallShield_{C21D5524-A970-42FA-AC8A-59B8C7CDCA31}) (Version: 7.1 - Apple Computer, Inc.)
QuickTime (x32 Version: 7.1 - Apple Computer, Inc.) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6151 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30121 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Shredder (Version: 2.0.8.3 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.3 - Egis Technology Inc.) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
The Treasures of Montezuma 2 (HKLM-x32\...\Denda Games The Treasures of Montezuma 2) (Version: 1.0.0.0 - Denda Games)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{C70D2038-A2C4-4A99-87DE-5272BB44F0CE}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{83B1B530-7D9E-4C6A-907F-E979CEE9C295}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0413-0000-0000000FF1CE}_Office14.PROPLUSR_{2CDD05C4-26E6-4125-8499-EB6D800614EE}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0413-0000-0000000FF1CE}_Office14.PROPLUSR_{F071F40F-CBA0-452D-A1CB-3F327CC8DF66}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2553444) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{799005D3-9B70-4219-AFE0-BC479614CC4D}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{8C55AA83-54C2-4236-A622-78440A411DC5}) (Version:  - Microsoft)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
VTech Download Agent Library (x32 Version: 1.00.0000 - VTech) Hidden
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3004 - Acer Incorporated)
Windows Live - Hulpprogramma voor uploaden (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Live aanmeldhulp (HKLM-x32\...\{1BD6AE96-4742-4498-9D03-9451C7E5A214}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Communications Platform (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 14.0.8091.0730 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 14.0.8081.709 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{CD19EDD9-1632-4002-9212-7478E4BA0423}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Writer (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
WinRAR 4.10 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.10.0 - win.rar GmbH)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version:  - )

==================== Restore Points  =========================

10-04-2014 19:37:57 Installed Spyware Detector
11-04-2014 11:00:33 Windows Update
14-04-2014 19:40:31 Windows Update
18-04-2014 13:16:53 ComboFix created restore point

==================== Hosts content: ==========================

2009-07-14 04:34 - 2014-04-18 15:30 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {15939159-CC69-4B86-9407-BEECBF4C099B} - System32\Tasks\{F8DEA416-8B2C-4C57-A81B-454D5259F61C} => C:\Users\Deblauwe\Downloads\flashplayer10_2_p2_32bit_activex_011011.exe [2011-01-16] (Adobe Systems, Inc.)
Task: {180F1B25-F759-484B-BFC6-9CF79C12EF3D} - System32\Tasks\xhevvfe => Rundll32.exe "C:\Windows\SysWOW64\taskschdd.dll",Ilgszstonnh
Task: {86AAA6E1-1510-4F78-A744-A5D4F974E528} - System32\Tasks\{F5AF528A-8E9F-4458-851F-BD0B52280120} => C:\Program Files (x86)\Ahead\Nero StartSmart\NeroStartSmart.exe [2005-04-29] (Ahead Software AG)
Task: {8DB01ECC-F3F5-4CD3-B291-EF0CC0112B50} - System32\Tasks\HPCustParticipation HP Officejet 4620 series => C:\Program Files\HP\HP Officejet 4620 series\Bin\HPCustPartic.exe [2011-12-18] (Hewlett-Packard Co.)
Task: {949BEFB5-F72F-45F8-B3EB-73399DF3025E} - System32\Tasks\HP Photo Creations Communicator => C:\ProgramData\HP Photo Creations\Communicator.exe [2012-12-16] ()
Task: {99743961-8967-42EF-9941-DC1E19C60246} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-15] (Adobe Systems Incorporated)
Task: {A9A1AEF0-3FEF-41A6-B415-0B7CB479B55C} - System32\Tasks\{F42211CC-FC60-409E-B45D-65F8F46CFD26} => C:\Program Files (x86)\Ahead\Nero StartSmart\NeroStartSmart.exe [2005-04-29] (Ahead Software AG)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\Communicator.exe
Task: C:\Windows\Tasks\xhevvfe.job => C:\Windows\SysWOW64\taskschdd.dll

==================== Loaded Modules (whitelisted) =============

2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-06-29 00:20 - 2010-06-29 00:20 - 00465576 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
2010-06-29 00:12 - 2010-06-29 00:12 - 01081600 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2014-02-13 20:59 - 2014-02-13 20:59 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\29335dc88d799664dcd97362bcb687e9\IsdiInterop.ni.dll
2010-07-16 11:09 - 2010-04-13 18:52 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\Temp:33A7CC67

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"

==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupreg: Acer ePower Management => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AgentMonitor => C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe
MSCONFIG\startupreg: AVG_UI => "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
MSCONFIG\startupreg: BackupManagerTray => "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: EgisTecPMMUpdate => "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
MSCONFIG\startupreg: EgisUpdate => "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
MSCONFIG\startupreg: ETDWare => C:\Program Files\Elantech\ETDCtrl.exe
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: LManager => C:\Program Files (x86)\Launch Manager\LManager.exe
MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: mwlDaemon => C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
MSCONFIG\startupreg: NBAgent => "C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
MSCONFIG\startupreg: Norton Online Backup => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: SuiteTray => "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/11/2014 01:02:34 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: De service Cryptografische services is mislukt tijdens het verwerken van aanroep OnIdentity() op het object System Writer.


Details:
AddLegacyDriverFiles: Unable to back up image of binary SDActMon.

System Error:
Het systeem kan het opgegeven bestand niet vinden.
.

Error: (04/11/2014 01:02:34 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: De service Cryptografische services is mislukt tijdens het verwerken van aanroep OnIdentity() op het object System Writer.


Details:
AddLegacyDriverFiles: Unable to back up image of binary MaxProtector64.

System Error:
Het systeem kan het opgegeven bestand niet vinden.
.

Error: (04/11/2014 01:02:34 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: De service Cryptografische services is mislukt tijdens het verwerken van aanroep OnIdentity() op het object System Writer.


Details:
AddLegacyDriverFiles: Unable to back up image of binary MaxProc64.

System Error:
Het systeem kan het opgegeven bestand niet vinden.
.

Error: (04/11/2014 01:02:34 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: De service Cryptografische services is mislukt tijdens het verwerken van aanroep OnIdentity() op het object System Writer.


Details:
AddLegacyDriverFiles: Unable to back up image of binary MaxMgr.

System Error:
Het systeem kan het opgegeven bestand niet vinden.
.

Error: (04/11/2014 00:57:09 PM) (Source: Application Error) (User: )
Description: Naam van toepassing met fout: firefox.exe, versie: 28.0.0.5186, tijdstempel: 0x53240e37
Naam van module met fout: xul.dll, versie: 28.0.0.5186, tijdstempel: 0x53240e04
Uitzonderingscode: 0xc0000005
Foutoffset: 0x00184729
Id van proces met fout: 0x348
Starttijd van toepassing met fout: 0xfirefox.exe0
Pad naar toepassing met fout: firefox.exe1
Pad naar module met fout: firefox.exe2
Rapport-id: firefox.exe3

Error: (04/11/2014 00:32:18 PM) (Source: SideBySide) (User: )
Description: Kan activeringscontext voor 'WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1' niet maken. Fout in manifest of beleidsbestand 'WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2 op regel WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Onderdeel-id in manifest komt niet overeen met de id van het gevraagde onderdeel.
Verwijzing is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definitie is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Gebruik sxstrace.exe voor gedetailleerde diagnose.

Error: (04/11/2014 00:26:52 PM) (Source: SideBySide) (User: )
Description: Kan activeringscontext voor 'assemblyIdentity1' niet maken. Fout in manifest of beleidsbestand 'assemblyIdentity2' op regel assemblyIdentity3.
De waarde MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR  van kenmerk version in element assemblyIdentity is ongeldig.

Error: (04/10/2014 10:10:07 PM) (Source: SideBySide) (User: )
Description: Kan activeringscontext voor C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1 niet maken. Fout in manifest of beleidsbestand C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2 op regel C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Een onderdeelversie die nodig is voor de toepassing conflicteert met een andere onderdeelversie die reeds actief is.
Conflicterende onderdelen zijn:
Onderdeel 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Onderdeel 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (04/10/2014 10:05:28 PM) (Source: SideBySide) (User: )
Description: Kan activeringscontext voor C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1 niet maken. Fout in manifest of beleidsbestand C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2 op regel C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Een onderdeelversie die nodig is voor de toepassing conflicteert met een andere onderdeelversie die reeds actief is.
Conflicterende onderdelen zijn:
Onderdeel 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Onderdeel 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (04/10/2014 10:05:25 PM) (Source: SideBySide) (User: )
Description: Kan activeringscontext voor C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1 niet maken. Fout in manifest of beleidsbestand C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2 op regel C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Een onderdeelversie die nodig is voor de toepassing conflicteert met een andere onderdeelversie die reeds actief is.
Conflicterende onderdelen zijn:
Onderdeel 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Onderdeel 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.


System errors:
=============
Error: (04/18/2014 03:30:27 PM) (Source: Service Control Manager) (User: )
Description: De PEVSystemStart-service staat aangeduid als een interactieve service. Het systeem is echter zodanig geconfigureerd dat interactieve services niet zijn toegestaan. Deze service werkt mogelijk niet juist.

Error: (04/18/2014 03:29:31 PM) (Source: Application Popup) (User: )
Description: \??\C:\ComboFix\catchme.sys kan niet worden geladen vanwege incompatibiliteit met dit systeem. Vraag de leverancier van de software om een compatibele versie van het stuurprogramma.

Error: (04/18/2014 03:29:31 PM) (Source: Application Popup) (User: )
Description: \??\C:\ComboFix\catchme.sys kan niet worden geladen vanwege incompatibiliteit met dit systeem. Vraag de leverancier van de software om een compatibele versie van het stuurprogramma.

Error: (04/18/2014 03:26:31 PM) (Source: Service Control Manager) (User: )
Description: De PEVSystemStart-service staat aangeduid als een interactieve service. Het systeem is echter zodanig geconfigureerd dat interactieve services niet zijn toegestaan. Deze service werkt mogelijk niet juist.

Error: (04/17/2014 08:22:28 PM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0x80004005

Error: (04/16/2014 06:22:56 PM) (Source: Service Control Manager) (User: )
Description: Time-out (30000 seconden) tijdens het wachten op een reactie op een transactie van deze service: Wlansvc.

Error: (04/14/2014 09:27:55 PM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (04/11/2014 02:30:15 PM) (Source: Service Control Manager) (User: )
Description: De WinHTTP Web Proxy Auto-Discovery Service-service is afhankelijk van de DHCP-client-service, die vanwege de volgende fout niet kan worden gestart:
%%1069

Error: (04/11/2014 02:30:15 PM) (Source: Service Control Manager) (User: )
Description: De DHCP-client-service kan vanwege de volgende fout niet worden gestart:
%%1069

Error: (04/11/2014 02:30:15 PM) (Source: Service Control Manager) (User: )
Description: De Dhcp-service kan niet als NT Authority\LocalService met het huidig ingestelde wachtwoord worden aangemeld vanwege de volgende fout:
%%50

Gebruik de module Services in de Microsoft Management Console (MMC) om te controleren of de service juist is geconfigureerd.


Microsoft Office Sessions:
=========================
Error: (04/11/2014 01:02:34 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary SDActMon.

System Error:
Het systeem kan het opgegeven bestand niet vinden.

Error: (04/11/2014 01:02:34 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary MaxProtector64.

System Error:
Het systeem kan het opgegeven bestand niet vinden.

Error: (04/11/2014 01:02:34 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary MaxProc64.

System Error:
Het systeem kan het opgegeven bestand niet vinden.

Error: (04/11/2014 01:02:34 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary MaxMgr.

System Error:
Het systeem kan het opgegeven bestand niet vinden.

Error: (04/11/2014 00:57:09 PM) (Source: Application Error)(User: )
Description: firefox.exe28.0.0.518653240e37xul.dll28.0.0.518653240e04c00000050018472934801cf557498adfe6eC:\program files (x86)\mozilla firefox\firefox.exeC:\program files (x86)\mozilla firefox\xul.dll06c7694e-c168-11e3-8bb5-88ae1d8af9f3

Error: (04/11/2014 00:32:18 PM) (Source: SideBySide)(User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"c:\program files (x86)\windows live\photo gallery\MovieMaker.Exec:\program files (x86)\windows live\photo gallery\WLMFDS.DLL8

Error: (04/11/2014 00:26:52 PM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (04/10/2014 10:10:07 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Deblauwe\Downloads\SoftonicDownloader_voor_malwarebytes-anti-malware.exe

Error: (04/10/2014 10:05:28 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Deblauwe\Downloads\SoftonicDownloader_voor_malwarebytes-anti-malware.exe

Error: (04/10/2014 10:05:25 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Deblauwe\Downloads\SoftonicDownloader_voor_malwarebytes-anti-malware.exe


CodeIntegrity Errors:
===================================
  Date: 2014-04-18 15:29:31.875
  Description: De integriteit van de kopie van het bestand \Device\HarddiskVolume3\ComboFix\catchme.sys kan niet worden geverifieerd omdat de bestands-hash niet is gevonden op het systeem. Tijdens een recente hardware- of softwarewijziging is mogelijk een bestand geïnstalleerd dat onjuist ondertekend of beschadigd is, of dat mogelijk kwaadwillende software van een onbekende bron is.

  Date: 2014-04-18 15:29:31.470
  Description: De integriteit van de kopie van het bestand \Device\HarddiskVolume3\ComboFix\catchme.sys kan niet worden geverifieerd omdat de bestands-hash niet is gevonden op het systeem. Tijdens een recente hardware- of softwarewijziging is mogelijk een bestand geïnstalleerd dat onjuist ondertekend of beschadigd is, of dat mogelijk kwaadwillende software van een onbekende bron is.

  Date: 2014-04-18 15:29:30.986
  Description: De integriteit van de kopie van het bestand \Device\HarddiskVolume3\ComboFix\catchme.sys kan niet worden geverifieerd omdat de bestands-hash niet is gevonden op het systeem. Tijdens een recente hardware- of softwarewijziging is mogelijk een bestand geïnstalleerd dat onjuist ondertekend of beschadigd is, of dat mogelijk kwaadwillende software van een onbekende bron is.

  Date: 2014-04-18 15:29:30.581
  Description: De integriteit van de kopie van het bestand \Device\HarddiskVolume3\ComboFix\catchme.sys kan niet worden geverifieerd omdat de bestands-hash niet is gevonden op het systeem. Tijdens een recente hardware- of softwarewijziging is mogelijk een bestand geïnstalleerd dat onjuist ondertekend of beschadigd is, of dat mogelijk kwaadwillende software van een onbekende bron is.

  Date: 2013-07-10 11:28:34.910
  Description: De integriteit van de kopie van het bestand \Device\HarddiskVolume3\ComboFix\catchme.sys kan niet worden geverifieerd omdat de bestands-hash niet is gevonden op het systeem. Tijdens een recente hardware- of softwarewijziging is mogelijk een bestand geïnstalleerd dat onjuist ondertekend of beschadigd is, of dat mogelijk kwaadwillende software van een onbekende bron is.

  Date: 2013-07-10 11:28:34.629
  Description: De integriteit van de kopie van het bestand \Device\HarddiskVolume3\ComboFix\catchme.sys kan niet worden geverifieerd omdat de bestands-hash niet is gevonden op het systeem. Tijdens een recente hardware- of softwarewijziging is mogelijk een bestand geïnstalleerd dat onjuist ondertekend of beschadigd is, of dat mogelijk kwaadwillende software van een onbekende bron is.


==================== Memory info ===========================

Percentage of memory in use: 48%
Total physical RAM: 1977.98 MB
Available physical RAM: 1019.47 MB
Total Pagefile: 3955.96 MB
Available Pagefile: 2614.77 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:219.79 GB) (Free:102.83 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 41901DE2)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=220 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#8 Sequan

Sequan
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:06:39 PM

Posted 18 April 2014 - 10:44 AM

Hi, the problem could be resolved now.  The Windows maintenance centre shows no more problems and the Windows Security has enabled again.  Please let me know if the logs still show problems. How could I best secure my computer from malware in the future?

 

Kind regards


Edited by Sequan, 18 April 2014 - 10:47 AM.


#9 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:06:39 PM

Posted 18 April 2014 - 05:05 PM

Hi again Sequan!! :)
 

Please let me know if the logs still show problems.

There are still a few malware files that need to be deleted, so that your system doesn't get reinfected... I've also included some leftovers in the fix, mostly related to the Ask Toolbar ...

Firstly,
I notice that you are using more than one antivirus program - AVG 2013 and Microsoft Security Essentials.
It's not recommended to run more than one antivirus program in resident mode because they can conflict with each other.
I strongly suggest you either disable a real time protection or uninstall one of these programs.

Let me know what you decide.

Secondly,
We need to run a fix with FRST:
  • Open Notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below into it:
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search.ask.com/?o=APN10645A&gct=hp&d=406-905&v=a11465-188&t=4
    SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=905&systemid=406&v=a11465-188&apn_uid=2466230776114323&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
    SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=905&systemid=406&v=a11465-188&apn_uid=2466230776114323&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
    SearchScopes: HKCU - DefaultScope Software\Microsoft\Internet Explorer\SearchScopes URL =
    SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3312375&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SPA9145162-1214-4B93-85AB-5D7B9A0EDA23&q={searchTerms}
    SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=905&systemid=406&v=a11465-188&apn_uid=2466230776114323&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
    FF DefaultSearchEngine: Ask.com
    FF SearchEngineOrder.1: Ask.com
    FF SelectedSearchEngine: Ask.com
    FF SearchPlugin: C:\Users\Deblauwe\AppData\Roaming\Mozilla\Firefox\Profiles\wednoxxf.default-1373914836301\searchplugins\Ask.xml
    FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\Ask.xml
    FF Extension: Search-NewTaB - C:\Users\Deblauwe\AppData\Roaming\Mozilla\Firefox\Profiles\wednoxxf.default-1373914836301\Extensions\gezz8.kpg@pttzzzeoktqb.edu [2013-09-09]
    FF Extension: saVeNshare  - C:\Users\Deblauwe\AppData\Roaming\Mozilla\Firefox\Profiles\wednoxxf.default-1373914836301\Extensions\rdo-o@jfquqiio.co.uk [2013-09-09]
    FF Extension: Ask New Tabs - C:\Users\Deblauwe\AppData\Roaming\Mozilla\Firefox\Profiles\wednoxxf.default-1373914836301\Extensions\{40B85966-9F42-5726-B80A-30E0FC83AC27} [2014-03-27]
    CHR HKLM-x32\...\Chrome\Extension: [ealchnonpofjocgofjpopjdoegbbkofj] - C:\Program Files (x86)\HappyLyrics\Chrome.crx []
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    Reg: reg add "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes" /v DefaultScope /t REG_SZ /d {67A2568C-7A0A-4EED-AECC-B5405DE63B64} /f
    Reg: reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes" /v DefaultScope /t REG_SZ /d {67A2568C-7A0A-4EED-AECC-B5405DE63B64} /f
    Task: {180F1B25-F759-484B-BFC6-9CF79C12EF3D} - System32\Tasks\xhevvfe => Rundll32.exe "C:\Windows\SysWOW64\taskschdd.dll",Ilgszstonnh
    Task: C:\Windows\Tasks\xhevvfe.job => C:\Windows\SysWOW64\taskschdd.dll
    C:\Windows\Tasks\xhevvfe.job
    C:\Windows\SysWOW64\taskschdd.dll
    C:\Windows\System32\Tasks\xhevvfe
    
  • Save the file as fixlist.txt in the same directory FRST is located in.
    Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply
Thirdly,
Please run a new scan with FRST. FRST.txt logfile will be produced in the same directory the tool was run from. Please copy and paste the log in your next reply.


How could I best secure my computer from malware in the future?

I'll give you some tips once your system looks clean.
Posted Image
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#10 Sequan

Sequan
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:06:39 PM

Posted 20 April 2014 - 01:48 PM

Hi,

 

You were right, the problem reoccured after only one day.  I've removed AVG antivirus from my computer and I followed the rest of your instructionsThis is the fixlog:

 

.  Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 20-04-2014 01
Ran by Deblauwe at 2014-04-20 20:43:37 Run:1
Running from C:\Users\Deblauwe\Downloads\FRST
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search.ask.com/?o=APN10645A&gct=hp&d=406-905&v=a11465-188&t=4
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=905&systemid=406&v=a11465-188&apn_uid=2466230776114323&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=905&systemid=406&v=a11465-188&apn_uid=2466230776114323&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
SearchScopes: HKCU - DefaultScope Software\Microsoft\Internet Explorer\SearchScopes URL =
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3312375&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SPA9145162-1214-4B93-85AB-5D7B9A0EDA23&q={searchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=905&systemid=406&v=a11465-188&apn_uid=2466230776114323&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
FF DefaultSearchEngine: Ask.com
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: Ask.com
FF SearchPlugin: C:\Users\Deblauwe\AppData\Roaming\Mozilla\Firefox\Profiles\wednoxxf.default-1373914836301\searchplugins\Ask.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\Ask.xml
FF Extension: Search-NewTaB - C:\Users\Deblauwe\AppData\Roaming\Mozilla\Firefox\Profiles\wednoxxf.default-1373914836301\Extensions\gezz8.kpg@pttzzzeoktqb.edu [2013-09-09]
FF Extension: saVeNshare  - C:\Users\Deblauwe\AppData\Roaming\Mozilla\Firefox\Profiles\wednoxxf.default-1373914836301\Extensions\rdo-o@jfquqiio.co.uk [2013-09-09]
FF Extension: Ask New Tabs - C:\Users\Deblauwe\AppData\Roaming\Mozilla\Firefox\Profiles\wednoxxf.default-1373914836301\Extensions\{40B85966-9F42-5726-B80A-30E0FC83AC27} [2014-03-27]
CHR HKLM-x32\...\Chrome\Extension: [ealchnonpofjocgofjpopjdoegbbkofj] - C:\Program Files (x86)\HappyLyrics\Chrome.crx []
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Reg: reg add "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes" /v DefaultScope /t REG_SZ /d {67A2568C-7A0A-4EED-AECC-B5405DE63B64} /f
Reg: reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes" /v DefaultScope /t REG_SZ /d {67A2568C-7A0A-4EED-AECC-B5405DE63B64} /f
Task: {180F1B25-F759-484B-BFC6-9CF79C12EF3D} - System32\Tasks\xhevvfe => Rundll32.exe "C:\Windows\SysWOW64\taskschdd.dll",Ilgszstonnh
Task: C:\Windows\Tasks\xhevvfe.job => C:\Windows\SysWOW64\taskschdd.dll
C:\Windows\Tasks\xhevvfe.job
C:\Windows\SysWOW64\taskschdd.dll
C:\Windows\System32\Tasks\xhevvfe
*****************

HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} => Key deleted successfully.
HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} => Key deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => Key deleted successfully.
HKCR\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => Key deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} => Key deleted successfully.
HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} => Key deleted successfully.
Firefox DefaultSearchEngine deleted successfully.
Firefox SearchEngineOrder.1 deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
C:\Users\Deblauwe\AppData\Roaming\Mozilla\Firefox\Profiles\wednoxxf.default-1373914836301\searchplugins\Ask.xml => Moved successfully.
C:\Program Files (x86)\mozilla firefox\browser\searchplugins\Ask.xml => Moved successfully.
C:\Users\Deblauwe\AppData\Roaming\Mozilla\Firefox\Profiles\wednoxxf.default-1373914836301\Extensions\gezz8.kpg@pttzzzeoktqb.edu => Moved successfully.
C:\Users\Deblauwe\AppData\Roaming\Mozilla\Firefox\Profiles\wednoxxf.default-1373914836301\Extensions\rdo-o@jfquqiio.co.uk => Moved successfully.
C:\Users\Deblauwe\AppData\Roaming\Mozilla\Firefox\Profiles\wednoxxf.default-1373914836301\Extensions\{40B85966-9F42-5726-B80A-30E0FC83AC27} => Moved successfully.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ealchnonpofjocgofjpopjdoegbbkofj => Key deleted successfully.
"C:\Program Files (x86)\HappyLyrics\Chrome.crx" => File/Directory not found.
HKLM\SOFTWARE\Policies\Google => Key deleted successfully.

========= reg add "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes" /v DefaultScope /t REG_SZ /d {67A2568C-7A0A-4EED-AECC-B5405DE63B64} /f =========

De bewerking is voltooid.



========= End of Reg: =========


========= reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes" /v DefaultScope /t REG_SZ /d {67A2568C-7A0A-4EED-AECC-B5405DE63B64} /f =========

De bewerking is voltooid.



========= End of Reg: =========

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{180F1B25-F759-484B-BFC6-9CF79C12EF3D} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{180F1B25-F759-484B-BFC6-9CF79C12EF3D} => Key deleted successfully.
C:\Windows\System32\Tasks\xhevvfe => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\xhevvfe => Key deleted successfully.
C:\Windows\Tasks\xhevvfe.job => Moved successfully.
"C:\Windows\Tasks\xhevvfe.job" => File/Directory not found.
C:\Windows\SysWOW64\taskschdd.dll => Moved successfully.
"C:\Windows\System32\Tasks\xhevvfe" => File/Directory not found.

==== End of Fixlog ====

 

 

The FRST logfile is:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-04-2014 01
Ran by Deblauwe (administrator) on DEBLAUWE-PC on 20-04-2014 20:46:47
Running from C:\Users\Deblauwe\Downloads\FRST
Windows 7 Home Premium Service Pack 1 (X64) OS Language: Dutch Standard
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\system32\msiexec.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
SearchScopes: HKLM-x32 - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_nlBE409
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 195.130.130.5 195.130.131.5

FireFox:
========
FF ProfilePath: C:\Users\Deblauwe\AppData\Roaming\Mozilla\Firefox\Profiles\wednoxxf.default-1373914836301
FF Homepage: hxxp://www.google.be/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_182.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 - C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\bolcom-nl.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\marktplaats-nl.xml

Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.95\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.95\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.95\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Computer, Inc.)
CHR Plugin: (QuickTime Plug-in 7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Computer, Inc.)
CHR Plugin: (QuickTime Plug-in 7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Computer, Inc.)
CHR Plugin: (QuickTime Plug-in 7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Computer, Inc.)
CHR Plugin: (QuickTime Plug-in 7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Computer, Inc.)
CHR Plugin: (QuickTime Plug-in 7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Computer, Inc.)
CHR Plugin: (QuickTime Plug-in 7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Computer, Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll No File
CHR Plugin: (RocketLife Secure Plug-In Layer) - C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\Deblauwe\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll No File

==================== Services (Whitelisted) =================

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
S3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-05-27] (Egis Technology Inc.)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-02] (Symantec Corporation)
R2 vToolbarUpdater15.3.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe [1598128 2013-06-27] (AVG Secure Search)

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [45856 2013-06-27] (AVG Technologies)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-20] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R4 AVGIDSHA; system32\DRIVERS\avgidsha.sys [X]
R4 Avgtdia; system32\DRIVERS\avgtdia.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-20 20:41 - 2014-04-20 20:46 - 00000000 ____D () C:\Users\Deblauwe\Downloads\FRST
2014-04-18 15:38 - 2014-04-20 20:46 - 00000000 ____D () C:\FRST
2014-04-18 15:35 - 2014-04-18 15:35 - 00025928 _____ () C:\ComboFix.txt
2014-04-15 19:55 - 2014-04-15 20:13 - 00000000 ____D () C:\Users\Deblauwe\Downloads\WWE.Raw.04.14.14.DSR.XviD-XWT
2014-04-14 21:52 - 2014-04-14 21:53 - 00000000 ____D () C:\Users\Deblauwe\Downloads\Game of Thrones S04E02 HDTV x264-2HD[ettv]
2014-04-14 21:48 - 2014-04-14 21:48 - 01671248 _____ (BitTorrent Inc.) C:\Users\Deblauwe\Downloads\uTorrent.exe
2014-04-11 14:08 - 2014-04-11 14:08 - 00688992 ____R (Swearware) C:\Users\Deblauwe\Downloads\dds.com
2014-04-11 13:47 - 2014-04-11 13:47 - 00000000 ____D () C:\Users\Deblauwe\AppData\Roaming\Macromedia
2014-04-11 12:57 - 2014-04-20 19:34 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-10 22:06 - 2014-04-10 22:06 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Deblauwe\Desktop\mbam-setup-2-0-1-1004.exe
2014-04-10 22:06 - 2014-04-10 22:06 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-10 22:06 - 2014-04-10 22:06 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-10 22:06 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-10 22:06 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-10 22:06 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-10 21:50 - 2014-04-18 15:10 - 05195154 ____R (Swearware) C:\Users\Deblauwe\Downloads\ComboFix.exe
2014-04-10 21:48 - 2014-04-10 22:02 - 00000000 ____D () C:\Users\Deblauwe\AppData\Roaming\Nico Mak Computing
2014-04-10 21:47 - 2014-04-10 21:47 - 04892480 _____ (WinZip International LLC ) C:\Users\Deblauwe\Downloads\wzmp_8.exe
2014-04-10 21:33 - 2014-04-10 21:35 - 00000000 ____D () C:\ProgramData\Max Secure
2014-04-10 21:31 - 2014-04-10 21:31 - 00000000 ____D () C:\Users\Deblauwe\AppData\Local\Max Secure Software
2014-04-10 21:30 - 2014-04-10 21:31 - 00000000 ____D () C:\Users\Deblauwe\AppData\Roaming\GetRightToGo
2014-04-10 21:30 - 2014-04-10 21:30 - 00368256 _____ (RegNow.com) C:\Users\Deblauwe\Downloads\Download_MaxSDDMnew.exe
2014-04-10 13:03 - 2014-03-31 03:16 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-10 13:03 - 2014-03-31 03:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-10 13:03 - 2014-03-31 02:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-10 13:03 - 2014-03-31 01:57 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-10 13:02 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-10 13:02 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-10 13:02 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-10 13:02 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-10 13:02 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-10 13:02 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-10 13:02 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-10 13:02 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-10 13:02 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-10 13:02 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-10 13:02 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-10 13:02 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-10 13:02 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-10 13:02 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-10 13:02 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-10 13:02 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-10 13:02 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-01 20:23 - 2014-04-01 20:26 - 252299708 _____ () C:\Users\Deblauwe\Downloads\The.Mentalist.S06E02.HDTV.x264-LOL.mp4
2014-04-01 20:22 - 2014-04-01 20:25 - 237272569 _____ () C:\Users\Deblauwe\Downloads\The.Mentalist.S06E01.HDTV.x264-LOL.mp4
2014-03-29 19:01 - 2014-03-29 19:02 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-27 22:45 - 2014-03-27 22:45 - 01866752 _____ () C:\Users\Deblauwe\Downloads\2013-03-07 Algemene presentatie - definitieve versie.ppt
2014-03-26 14:57 - 2014-03-26 14:57 - 00000000 ____D () C:\Users\Deblauwe\Downloads\The Dream
2014-03-26 14:29 - 2014-03-26 14:37 - 00000000 ____D () C:\Users\Deblauwe\Downloads\In This Moment - A Star-Crossed Wasteland CDRip [DE][MJN]
2014-03-26 14:27 - 2014-03-31 21:49 - 00000000 ____D () C:\Users\Deblauwe\Downloads\In This Moment - 2006-2012 - Дополнение к дискографии
2014-03-26 14:23 - 2014-03-26 14:45 - 00000000 ____D () C:\Users\Deblauwe\Downloads\Beautiful Tragedy

==================== One Month Modified Files and Folders =======

2014-04-20 20:46 - 2014-04-20 20:41 - 00000000 ____D () C:\Users\Deblauwe\Downloads\FRST
2014-04-20 20:46 - 2014-04-18 15:38 - 00000000 ____D () C:\FRST
2014-04-20 20:38 - 2012-12-07 17:12 - 00000344 _____ () C:\Windows\Tasks\HP Photo Creations Communicator.job
2014-04-20 20:36 - 2011-01-06 22:10 - 00000000 ____D () C:\ProgramData\MFAData
2014-04-20 20:35 - 2013-04-18 17:28 - 00000000 ____D () C:\ProgramData\AVG2013
2014-04-20 20:32 - 2011-07-27 08:40 - 00000000 ____D () C:\$AVG
2014-04-20 20:30 - 2012-10-10 20:37 - 00000940 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-20 20:06 - 2010-09-01 11:40 - 01108582 _____ () C:\Windows\WindowsUpdate.log
2014-04-20 19:34 - 2014-04-11 12:57 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-20 18:43 - 2009-07-14 06:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-20 18:43 - 2009-07-14 06:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-20 18:35 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-20 18:35 - 2009-07-14 06:51 - 00123198 _____ () C:\Windows\setupact.log
2014-04-19 13:33 - 2010-09-01 12:32 - 00750566 _____ () C:\Windows\system32\perfh013.dat
2014-04-19 13:33 - 2010-09-01 12:32 - 00156256 _____ () C:\Windows\system32\perfc013.dat
2014-04-19 13:33 - 2009-07-14 07:13 - 01684136 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-19 09:25 - 2011-04-29 14:09 - 00000000 ____D () C:\Users\Deblauwe\AppData\Roaming\uTorrent
2014-04-19 09:02 - 2010-09-01 11:37 - 00302804 _____ () C:\Windows\PFRO.log
2014-04-18 21:48 - 2011-04-08 13:12 - 00000000 ____D () C:\Users\Deblauwe\AppData\Local\Adobe
2014-04-18 21:47 - 2012-10-10 20:37 - 00003878 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-04-18 21:47 - 2012-06-04 19:08 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-04-18 21:47 - 2011-07-17 20:39 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-18 15:36 - 2013-07-05 20:32 - 00000000 ____D () C:\Qoobox
2014-04-18 15:35 - 2014-04-18 15:35 - 00025928 _____ () C:\ComboFix.txt
2014-04-18 15:30 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-04-18 15:10 - 2014-04-10 21:50 - 05195154 ____R (Swearware) C:\Users\Deblauwe\Downloads\ComboFix.exe
2014-04-16 22:00 - 2013-10-29 13:13 - 00000000 ____D () C:\Users\Deblauwe\Documents\HIG
2014-04-16 20:37 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-04-15 20:13 - 2014-04-15 19:55 - 00000000 ____D () C:\Users\Deblauwe\Downloads\WWE.Raw.04.14.14.DSR.XviD-XWT
2014-04-14 21:53 - 2014-04-14 21:52 - 00000000 ____D () C:\Users\Deblauwe\Downloads\Game of Thrones S04E02 HDTV x264-2HD[ettv]
2014-04-14 21:50 - 2013-09-11 11:29 - 00000861 _____ () C:\Users\Deblauwe\Desktop\µTorrent.lnk
2014-04-14 21:48 - 2014-04-14 21:48 - 01671248 _____ (BitTorrent Inc.) C:\Users\Deblauwe\Downloads\uTorrent.exe
2014-04-11 14:28 - 2013-12-06 22:42 - 00000000 ____D () C:\Program Files (x86)\Movies Toolbar
2014-04-11 14:27 - 2009-07-14 07:37 - 00000000 ____D () C:\Windows\DigitalLocker
2014-04-11 14:08 - 2014-04-11 14:08 - 00688992 ____R (Swearware) C:\Users\Deblauwe\Downloads\dds.com
2014-04-11 13:47 - 2014-04-11 13:47 - 00000000 ____D () C:\Users\Deblauwe\AppData\Roaming\Macromedia
2014-04-11 13:36 - 2013-12-06 22:42 - 00000000 ____D () C:\ProgramData\Wincert
2014-04-11 13:35 - 2010-12-10 16:41 - 00000000 ____D () C:\Users\Deblauwe
2014-04-11 12:53 - 2009-07-14 06:45 - 00418728 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-10 22:12 - 2013-12-16 21:49 - 00000000 ____D () C:\Users\Deblauwe\Documents\2013 10 13 Wat er ook op de usb stick staat
2014-04-10 22:06 - 2014-04-10 22:06 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Deblauwe\Desktop\mbam-setup-2-0-1-1004.exe
2014-04-10 22:06 - 2014-04-10 22:06 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-10 22:06 - 2014-04-10 22:06 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-10 22:06 - 2013-06-29 10:22 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-10 22:02 - 2014-04-10 21:48 - 00000000 ____D () C:\Users\Deblauwe\AppData\Roaming\Nico Mak Computing
2014-04-10 21:48 - 2010-12-10 16:42 - 00110080 _____ () C:\Users\Deblauwe\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-10 21:47 - 2014-04-10 21:47 - 04892480 _____ (WinZip International LLC ) C:\Users\Deblauwe\Downloads\wzmp_8.exe
2014-04-10 21:35 - 2014-04-10 21:33 - 00000000 ____D () C:\ProgramData\Max Secure
2014-04-10 21:31 - 2014-04-10 21:31 - 00000000 ____D () C:\Users\Deblauwe\AppData\Local\Max Secure Software
2014-04-10 21:31 - 2014-04-10 21:30 - 00000000 ____D () C:\Users\Deblauwe\AppData\Roaming\GetRightToGo
2014-04-10 21:30 - 2014-04-10 21:30 - 00368256 _____ (RegNow.com) C:\Users\Deblauwe\Downloads\Download_MaxSDDMnew.exe
2014-04-10 21:17 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2014-04-10 20:38 - 2014-01-31 13:54 - 00000000 ____D () C:\Program Files (x86)\Disney Interactive
2014-04-10 20:38 - 2014-01-31 13:53 - 00002419 _____ () C:\Windows\disney.ini
2014-04-10 15:51 - 2012-02-17 15:20 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-10 15:50 - 2012-01-29 18:31 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-08 18:00 - 2012-12-07 16:36 - 00000000 ____D () C:\Users\Deblauwe\AppData\Roaming\HpUpdate
2014-04-03 22:31 - 2013-04-18 18:01 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-04-03 22:31 - 2013-04-18 18:01 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-04-03 22:30 - 2013-04-18 18:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-04-03 09:51 - 2014-04-10 22:06 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-10 22:06 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-10 22:06 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-01 20:26 - 2014-04-01 20:23 - 252299708 _____ () C:\Users\Deblauwe\Downloads\The.Mentalist.S06E02.HDTV.x264-LOL.mp4
2014-04-01 20:25 - 2014-04-01 20:22 - 237272569 _____ () C:\Users\Deblauwe\Downloads\The.Mentalist.S06E01.HDTV.x264-LOL.mp4
2014-03-31 21:49 - 2014-03-26 14:27 - 00000000 ____D () C:\Users\Deblauwe\Downloads\In This Moment - 2006-2012 - Дополнение к дискографии
2014-03-31 03:16 - 2014-04-10 13:03 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-31 03:13 - 2014-04-10 13:03 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-31 02:13 - 2014-04-10 13:03 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-31 01:57 - 2014-04-10 13:03 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-30 10:31 - 2013-06-26 19:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-29 19:02 - 2014-03-29 19:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-28 19:10 - 2010-07-16 11:09 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-03-27 22:45 - 2014-03-27 22:45 - 01866752 _____ () C:\Users\Deblauwe\Downloads\2013-03-07 Algemene presentatie - definitieve versie.ppt
2014-03-26 14:57 - 2014-03-26 14:57 - 00000000 ____D () C:\Users\Deblauwe\Downloads\The Dream
2014-03-26 14:45 - 2014-03-26 14:23 - 00000000 ____D () C:\Users\Deblauwe\Downloads\Beautiful Tragedy
2014-03-26 14:37 - 2014-03-26 14:29 - 00000000 ____D () C:\Users\Deblauwe\Downloads\In This Moment - A Star-Crossed Wasteland CDRip [DE][MJN]
2014-03-21 21:51 - 2011-01-07 12:22 - 00000116 _____ () C:\Windows\NeroDigital.ini

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-10 22:55

==================== End Of Log ============================



#11 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:06:39 PM

Posted 20 April 2014 - 03:50 PM

Hi again Sequan!! :)

Looks like malware files were successfully deleted! Please confirm the problem is gone...

I see there are still some leftovers related to AVG present on your system (mostly Driver Services) - I suggest you use a dedicated uninstaller to get rid of them...
To do so, please refer to this article: Uninstall / Re-Install Instructions | AVG Forums
- download the AVG Remover utility: AVG Remover(64bit) 2013
- close all open windows, right-click on the file and choose "Run as Administrator"
- follow the prompts; please perform a restart if the tool asks you to do so...

I've also seen some leftovers related to AVG 2012, so if you had that program installed at some point, I suggest you run the AVG Remover(64bit) 2012 tool as well...

Then,
I strongly recommend you uninstall an ad-supported Movies Toolbar...

Go to Start -> Control Panel -> Programs and Features, highlight a program to see the available option on the toolbar for it. Choose Uninstall for:
Movies Toolbar for Internet Explorer

If not prompted for a reboot, please reboot manually...


I see you've disabled quite a few programs through the Microsoft's msconfig utility ( Using System Configuration (msconfig) )...
The utility was designed as a diagnostic tool only, and it's not recommended to use it as a startup manager... I suggest you re-enable the Startup entries in msconfig, and use a different tool to manage Startup entries - I recommend Autoruns for Windows... If you decide to follow my suggestion, please note that it can be done at your leisure...

Finally, please perform those two steps:

1) I'd like you to scan for any leftovers:

Please scan your computer with ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista/Windows 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.
  • Please go here to run the scan.

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: EOLS2.gif
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: EOLS3.gif
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: EOLS4.gif
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!


2) Please run a scan with FRST once again. This time, though, please place a check next to Addition.txt (under "Optional Scan"). Two logfiles will be produced - please either post or attach the FRST.txt and Addition.txt logfiles...
Posted Image
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#12 Sequan

Sequan
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:06:39 PM

Posted 22 April 2014 - 09:43 AM

Hi,

The problem isn't solved yet.  I've removed the Movie toolbar as you recommended and I used AVG remover 2014,2013,2012.   I scanned the computer with Eset and FRST.

 

This is the Eset log:

 

C:\FRST\Quarantine\C\Users\Deblauwe\AppData\Roaming\Mozilla\Firefox\Profiles\wednoxxf.default-1373914836301\Extensions\{40B85966-9F42-5726-B80A-30E0FC83AC27}\components\DatamngrHlpFF10.dll    probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\FRST\Quarantine\C\Users\Deblauwe\AppData\Roaming\Mozilla\Firefox\Profiles\wednoxxf.default-1373914836301\Extensions\{40B85966-9F42-5726-B80A-30E0FC83AC27}\components\DatamngrHlpFF11.dll    probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\FRST\Quarantine\C\Users\Deblauwe\AppData\Roaming\Mozilla\Firefox\Profiles\wednoxxf.default-1373914836301\Extensions\{40B85966-9F42-5726-B80A-30E0FC83AC27}\components\DatamngrHlpFF12.dll    probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\FRST\Quarantine\C\Users\Deblauwe\AppData\Roaming\Mozilla\Firefox\Profiles\wednoxxf.default-1373914836301\Extensions\{40B85966-9F42-5726-B80A-30E0FC83AC27}\components\DatamngrHlpFF13.dll    probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\FRST\Quarantine\C\Users\Deblauwe\AppData\Roaming\Mozilla\Firefox\Profiles\wednoxxf.default-1373914836301\Extensions\{40B85966-9F42-5726-B80A-30E0FC83AC27}\components\DatamngrHlpFF14.dll    probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\FRST\Quarantine\C\Users\Deblauwe\AppData\Roaming\Mozilla\Firefox\Profiles\wednoxxf.default-1373914836301\Extensions\{40B85966-9F42-5726-B80A-30E0FC83AC27}\components\DatamngrHlpFF15.dll    probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\FRST\Quarantine\C\Users\Deblauwe\AppData\Roaming\Mozilla\Firefox\Profiles\wednoxxf.default-1373914836301\Extensions\{40B85966-9F42-5726-B80A-30E0FC83AC27}\components\DatamngrHlpFF16.dll    probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\FRST\Quarantine\C\Users\Deblauwe\AppData\Roaming\Mozilla\Firefox\Profiles\wednoxxf.default-1373914836301\Extensions\{40B85966-9F42-5726-B80A-30E0FC83AC27}\components\DatamngrHlpFF17.dll    probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\FRST\Quarantine\C\Users\Deblauwe\AppData\Roaming\Mozilla\Firefox\Profiles\wednoxxf.default-1373914836301\Extensions\{40B85966-9F42-5726-B80A-30E0FC83AC27}\components\DatamngrHlpFF18.dll    probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\FRST\Quarantine\C\Users\Deblauwe\AppData\Roaming\Mozilla\Firefox\Profiles\wednoxxf.default-1373914836301\Extensions\{40B85966-9F42-5726-B80A-30E0FC83AC27}\components\DatamngrHlpFF19.dll    probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\FRST\Quarantine\C\Users\Deblauwe\AppData\Roaming\Mozilla\Firefox\Profiles\wednoxxf.default-1373914836301\Extensions\{40B85966-9F42-5726-B80A-30E0FC83AC27}\components\DatamngrHlpFF2.dll    probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\FRST\Quarantine\C\Users\Deblauwe\AppData\Roaming\Mozilla\Firefox\Profiles\wednoxxf.default-1373914836301\Extensions\{40B85966-9F42-5726-B80A-30E0FC83AC27}\components\DatamngrHlpFF20.dll    probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\FRST\Quarantine\C\Users\Deblauwe\AppData\Roaming\Mozilla\Firefox\Profiles\wednoxxf.default-1373914836301\Extensions\{40B85966-9F42-5726-B80A-30E0FC83AC27}\components\DatamngrHlpFF21.dll    probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\FRST\Quarantine\C\Users\Deblauwe\AppData\Roaming\Mozilla\Firefox\Profiles\wednoxxf.default-1373914836301\Extensions\{40B85966-9F42-5726-B80A-30E0FC83AC27}\components\DatamngrHlpFF22.dll    probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\FRST\Quarantine\C\Users\Deblauwe\AppData\Roaming\Mozilla\Firefox\Profiles\wednoxxf.default-1373914836301\Extensions\{40B85966-9F42-5726-B80A-30E0FC83AC27}\components\DatamngrHlpFF23.dll    probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\FRST\Quarantine\C\Users\Deblauwe\AppData\Roaming\Mozilla\Firefox\Profiles\wednoxxf.default-1373914836301\Extensions\{40B85966-9F42-5726-B80A-30E0FC83AC27}\components\DatamngrHlpFF24.dll    probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\FRST\Quarantine\C\Users\Deblauwe\AppData\Roaming\Mozilla\Firefox\Profiles\wednoxxf.default-1373914836301\Extensions\{40B85966-9F42-5726-B80A-30E0FC83AC27}\components\DatamngrHlpFF25.dll    probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\FRST\Quarantine\C\Users\Deblauwe\AppData\Roaming\Mozilla\Firefox\Profiles\wednoxxf.default-1373914836301\Extensions\{40B85966-9F42-5726-B80A-30E0FC83AC27}\components\DatamngrHlpFF26.dll    probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\FRST\Quarantine\C\Users\Deblauwe\AppData\Roaming\Mozilla\Firefox\Profiles\wednoxxf.default-1373914836301\Extensions\{40B85966-9F42-5726-B80A-30E0FC83AC27}\components\DatamngrHlpFF27.dll    probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\FRST\Quarantine\C\Users\Deblauwe\AppData\Roaming\Mozilla\Firefox\Profiles\wednoxxf.default-1373914836301\Extensions\{40B85966-9F42-5726-B80A-30E0FC83AC27}\components\DatamngrHlpFF28.dll    probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\FRST\Quarantine\C\Users\Deblauwe\AppData\Roaming\Mozilla\Firefox\Profiles\wednoxxf.default-1373914836301\Extensions\{40B85966-9F42-5726-B80A-30E0FC83AC27}\components\DatamngrHlpFF4.dll    probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\FRST\Quarantine\C\Users\Deblauwe\AppData\Roaming\Mozilla\Firefox\Profiles\wednoxxf.default-1373914836301\Extensions\{40B85966-9F42-5726-B80A-30E0FC83AC27}\components\DatamngrHlpFF5.dll    probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\FRST\Quarantine\C\Users\Deblauwe\AppData\Roaming\Mozilla\Firefox\Profiles\wednoxxf.default-1373914836301\Extensions\{40B85966-9F42-5726-B80A-30E0FC83AC27}\components\DatamngrHlpFF6.dll    probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\FRST\Quarantine\C\Users\Deblauwe\AppData\Roaming\Mozilla\Firefox\Profiles\wednoxxf.default-1373914836301\Extensions\{40B85966-9F42-5726-B80A-30E0FC83AC27}\components\DatamngrHlpFF7.dll    probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\FRST\Quarantine\C\Users\Deblauwe\AppData\Roaming\Mozilla\Firefox\Profiles\wednoxxf.default-1373914836301\Extensions\{40B85966-9F42-5726-B80A-30E0FC83AC27}\components\DatamngrHlpFF8.dll    probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\FRST\Quarantine\C\Users\Deblauwe\AppData\Roaming\Mozilla\Firefox\Profiles\wednoxxf.default-1373914836301\Extensions\{40B85966-9F42-5726-B80A-30E0FC83AC27}\components\DatamngrHlpFF9.dll    probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\Qoobox\Quarantine\C\ProgramData\TorrentEasy\extensions.exe.vir    a variant of Win32/Adware.GoodMedia.A application
C:\Qoobox\Quarantine\C\Users\Deblauwe\AppData\Roaming\KBDGKLM.dll.vir    a variant of Win32/Ponmocup.IS trojan
C:\Qoobox\Quarantine\C\Users\Deblauwe\AppData\Roaming\ReAgent5.dll.vir    a variant of Win32/Ponmocup.IS trojan
C:\Users\Deblauwe\Downloads\wzmp_8.exe    a variant of MSIL/AdvancedSystemProtector.A potentially unwanted application
C:\Windows\System32\Adobe\Shockwave 12\gt.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Windows\SysWOW64\Adobe\Shockwave 12\gt.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application
 

 

 

 

These are the logs from FRST:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-04-2014
Ran by Deblauwe (administrator) on DEBLAUWE-PC on 22-04-2014 14:51:34
Running from C:\Users\Deblauwe\Downloads\FRST
Windows 7 Home Premium Service Pack 1 (X64) OS Language: Dutch Standard
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
SearchScopes: HKLM-x32 - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_nlBE409
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 195.130.130.5 195.130.131.5

FireFox:
========
FF ProfilePath: C:\Users\Deblauwe\AppData\Roaming\Mozilla\Firefox\Profiles\wednoxxf.default-1373914836301
FF Homepage: hxxp://www.google.be/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_182.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 - C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\bolcom-nl.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\marktplaats-nl.xml

Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.95\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.95\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.95\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Computer, Inc.)
CHR Plugin: (QuickTime Plug-in 7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Computer, Inc.)
CHR Plugin: (QuickTime Plug-in 7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Computer, Inc.)
CHR Plugin: (QuickTime Plug-in 7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Computer, Inc.)
CHR Plugin: (QuickTime Plug-in 7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Computer, Inc.)
CHR Plugin: (QuickTime Plug-in 7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Computer, Inc.)
CHR Plugin: (QuickTime Plug-in 7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Computer, Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll No File
CHR Plugin: (RocketLife Secure Plug-In Layer) - C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\Deblauwe\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll No File

==================== Services (Whitelisted) =================

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
S3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-05-27] (Egis Technology Inc.)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-02] (Symantec Corporation)
R2 vToolbarUpdater15.3.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe [1598128 2013-06-27] (AVG Secure Search)

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [45856 2013-06-27] (AVG Technologies)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-22] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-22 14:49 - 2014-04-22 14:49 - 00007762 _____ () C:\Users\Deblauwe\Desktop\ESET.txt
2014-04-22 12:35 - 2014-04-22 12:35 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-04-22 12:34 - 2014-04-22 12:34 - 02347384 _____ (ESET) C:\Users\Deblauwe\Downloads\esetsmartinstaller_enu.exe
2014-04-22 12:28 - 2014-04-22 12:28 - 03529160 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Deblauwe\Downloads\avg_remover_stf_x64_2013_3341.exe
2014-04-22 12:28 - 2014-04-22 12:28 - 02899344 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Deblauwe\Downloads\avg_remover_stf_x64_2012_2125.exe
2014-04-22 12:23 - 2014-04-22 12:31 - 01027281 _____ () C:\Users\Deblauwe\Downloads\avgremover.log
2014-04-21 20:32 - 2014-04-21 20:32 - 03386520 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Deblauwe\Downloads\avg_remover_stf_x64_2014_4116.exe
2014-04-21 20:30 - 2014-04-21 20:30 - 00000000 ____D () C:\Users\Deblauwe\Downloads\Game of Thrones S04E03 HDTV x264-KILLERS[ettv]
2014-04-20 20:41 - 2014-04-22 14:51 - 00000000 ____D () C:\Users\Deblauwe\Downloads\FRST
2014-04-18 15:38 - 2014-04-22 14:51 - 00000000 ____D () C:\FRST
2014-04-18 15:35 - 2014-04-18 15:35 - 00025928 _____ () C:\ComboFix.txt
2014-04-15 19:55 - 2014-04-15 20:13 - 00000000 ____D () C:\Users\Deblauwe\Downloads\WWE.Raw.04.14.14.DSR.XviD-XWT
2014-04-14 21:52 - 2014-04-14 21:53 - 00000000 ____D () C:\Users\Deblauwe\Downloads\Game of Thrones S04E02 HDTV x264-2HD[ettv]
2014-04-14 21:48 - 2014-04-14 21:48 - 01671248 _____ (BitTorrent Inc.) C:\Users\Deblauwe\Downloads\uTorrent.exe
2014-04-11 14:08 - 2014-04-11 14:08 - 00688992 ____R (Swearware) C:\Users\Deblauwe\Downloads\dds.com
2014-04-11 13:47 - 2014-04-11 13:47 - 00000000 ____D () C:\Users\Deblauwe\AppData\Roaming\Macromedia
2014-04-11 12:57 - 2014-04-22 13:00 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-10 22:06 - 2014-04-10 22:06 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Deblauwe\Desktop\mbam-setup-2-0-1-1004.exe
2014-04-10 22:06 - 2014-04-10 22:06 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-10 22:06 - 2014-04-10 22:06 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-10 22:06 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-10 22:06 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-10 22:06 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-10 21:50 - 2014-04-18 15:10 - 05195154 ____R (Swearware) C:\Users\Deblauwe\Downloads\ComboFix.exe
2014-04-10 21:48 - 2014-04-10 22:02 - 00000000 ____D () C:\Users\Deblauwe\AppData\Roaming\Nico Mak Computing
2014-04-10 21:47 - 2014-04-10 21:47 - 04892480 _____ (WinZip International LLC ) C:\Users\Deblauwe\Downloads\wzmp_8.exe
2014-04-10 21:33 - 2014-04-10 21:35 - 00000000 ____D () C:\ProgramData\Max Secure
2014-04-10 21:31 - 2014-04-10 21:31 - 00000000 ____D () C:\Users\Deblauwe\AppData\Local\Max Secure Software
2014-04-10 21:30 - 2014-04-10 21:31 - 00000000 ____D () C:\Users\Deblauwe\AppData\Roaming\GetRightToGo
2014-04-10 21:30 - 2014-04-10 21:30 - 00368256 _____ (RegNow.com) C:\Users\Deblauwe\Downloads\Download_MaxSDDMnew.exe
2014-04-10 13:03 - 2014-03-31 03:16 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-10 13:03 - 2014-03-31 03:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-10 13:03 - 2014-03-31 02:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-10 13:03 - 2014-03-31 01:57 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-10 13:02 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-10 13:02 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-10 13:02 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-10 13:02 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-10 13:02 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-10 13:02 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-10 13:02 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-10 13:02 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-10 13:02 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-10 13:02 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-10 13:02 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-10 13:02 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-10 13:02 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-10 13:02 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-10 13:02 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-10 13:02 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-10 13:02 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-01 20:23 - 2014-04-01 20:26 - 252299708 _____ () C:\Users\Deblauwe\Downloads\The.Mentalist.S06E02.HDTV.x264-LOL.mp4
2014-04-01 20:22 - 2014-04-01 20:25 - 237272569 _____ () C:\Users\Deblauwe\Downloads\The.Mentalist.S06E01.HDTV.x264-LOL.mp4
2014-03-29 19:01 - 2014-03-29 19:02 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-27 22:45 - 2014-03-27 22:45 - 01866752 _____ () C:\Users\Deblauwe\Downloads\2013-03-07 Algemene presentatie - definitieve versie.ppt
2014-03-26 14:57 - 2014-03-26 14:57 - 00000000 ____D () C:\Users\Deblauwe\Downloads\The Dream
2014-03-26 14:29 - 2014-03-26 14:37 - 00000000 ____D () C:\Users\Deblauwe\Downloads\In This Moment - A Star-Crossed Wasteland CDRip [DE][MJN]
2014-03-26 14:27 - 2014-03-31 21:49 - 00000000 ____D () C:\Users\Deblauwe\Downloads\In This Moment - 2006-2012 - Дополнение к дискографии
2014-03-26 14:23 - 2014-03-26 14:45 - 00000000 ____D () C:\Users\Deblauwe\Downloads\Beautiful Tragedy

==================== One Month Modified Files and Folders =======

2014-04-22 14:51 - 2014-04-20 20:41 - 00000000 ____D () C:\Users\Deblauwe\Downloads\FRST
2014-04-22 14:51 - 2014-04-18 15:38 - 00000000 ____D () C:\FRST
2014-04-22 14:49 - 2014-04-22 14:49 - 00007762 _____ () C:\Users\Deblauwe\Desktop\ESET.txt
2014-04-22 14:38 - 2012-12-07 17:12 - 00000344 _____ () C:\Windows\Tasks\HP Photo Creations Communicator.job
2014-04-22 14:30 - 2012-10-10 20:37 - 00000940 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-22 14:26 - 2010-09-01 11:40 - 01173795 _____ () C:\Windows\WindowsUpdate.log
2014-04-22 13:00 - 2014-04-11 12:57 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-22 12:35 - 2014-04-22 12:35 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-04-22 12:34 - 2014-04-22 12:34 - 02347384 _____ (ESET) C:\Users\Deblauwe\Downloads\esetsmartinstaller_enu.exe
2014-04-22 12:32 - 2009-07-14 06:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-22 12:32 - 2009-07-14 06:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-22 12:31 - 2014-04-22 12:23 - 01027281 _____ () C:\Users\Deblauwe\Downloads\avgremover.log
2014-04-22 12:28 - 2014-04-22 12:28 - 03529160 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Deblauwe\Downloads\avg_remover_stf_x64_2013_3341.exe
2014-04-22 12:28 - 2014-04-22 12:28 - 02899344 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Deblauwe\Downloads\avg_remover_stf_x64_2012_2125.exe
2014-04-22 12:25 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-22 12:24 - 2010-09-01 11:37 - 00303800 _____ () C:\Windows\PFRO.log
2014-04-22 12:24 - 2009-07-14 06:51 - 00123366 _____ () C:\Windows\setupact.log
2014-04-21 22:46 - 2011-04-29 14:09 - 00000000 ____D () C:\Users\Deblauwe\AppData\Roaming\uTorrent
2014-04-21 20:32 - 2014-04-21 20:32 - 03386520 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Deblauwe\Downloads\avg_remover_stf_x64_2014_4116.exe
2014-04-21 20:30 - 2014-04-21 20:30 - 00000000 ____D () C:\Users\Deblauwe\Downloads\Game of Thrones S04E03 HDTV x264-KILLERS[ettv]
2014-04-19 13:33 - 2010-09-01 12:32 - 00750566 _____ () C:\Windows\system32\perfh013.dat
2014-04-19 13:33 - 2010-09-01 12:32 - 00156256 _____ () C:\Windows\system32\perfc013.dat
2014-04-19 13:33 - 2009-07-14 07:13 - 01684136 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-18 21:48 - 2011-04-08 13:12 - 00000000 ____D () C:\Users\Deblauwe\AppData\Local\Adobe
2014-04-18 21:47 - 2012-10-10 20:37 - 00003878 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-04-18 21:47 - 2012-06-04 19:08 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-04-18 21:47 - 2011-07-17 20:39 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-18 15:36 - 2013-07-05 20:32 - 00000000 ____D () C:\Qoobox
2014-04-18 15:35 - 2014-04-18 15:35 - 00025928 _____ () C:\ComboFix.txt
2014-04-18 15:30 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-04-18 15:10 - 2014-04-10 21:50 - 05195154 ____R (Swearware) C:\Users\Deblauwe\Downloads\ComboFix.exe
2014-04-16 22:00 - 2013-10-29 13:13 - 00000000 ____D () C:\Users\Deblauwe\Documents\HIG
2014-04-16 20:37 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-04-15 20:13 - 2014-04-15 19:55 - 00000000 ____D () C:\Users\Deblauwe\Downloads\WWE.Raw.04.14.14.DSR.XviD-XWT
2014-04-14 21:53 - 2014-04-14 21:52 - 00000000 ____D () C:\Users\Deblauwe\Downloads\Game of Thrones S04E02 HDTV x264-2HD[ettv]
2014-04-14 21:50 - 2013-09-11 11:29 - 00000861 _____ () C:\Users\Deblauwe\Desktop\µTorrent.lnk
2014-04-14 21:48 - 2014-04-14 21:48 - 01671248 _____ (BitTorrent Inc.) C:\Users\Deblauwe\Downloads\uTorrent.exe
2014-04-11 14:28 - 2013-12-06 22:42 - 00000000 ____D () C:\Program Files (x86)\Movies Toolbar
2014-04-11 14:27 - 2009-07-14 07:37 - 00000000 ____D () C:\Windows\DigitalLocker
2014-04-11 14:08 - 2014-04-11 14:08 - 00688992 ____R (Swearware) C:\Users\Deblauwe\Downloads\dds.com
2014-04-11 13:47 - 2014-04-11 13:47 - 00000000 ____D () C:\Users\Deblauwe\AppData\Roaming\Macromedia
2014-04-11 13:36 - 2013-12-06 22:42 - 00000000 ____D () C:\ProgramData\Wincert
2014-04-11 13:35 - 2010-12-10 16:41 - 00000000 ____D () C:\Users\Deblauwe
2014-04-11 12:53 - 2009-07-14 06:45 - 00418728 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-10 22:12 - 2013-12-16 21:49 - 00000000 ____D () C:\Users\Deblauwe\Documents\2013 10 13 Wat er ook op de usb stick staat
2014-04-10 22:06 - 2014-04-10 22:06 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Deblauwe\Desktop\mbam-setup-2-0-1-1004.exe
2014-04-10 22:06 - 2014-04-10 22:06 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-10 22:06 - 2014-04-10 22:06 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-10 22:06 - 2013-06-29 10:22 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-10 22:02 - 2014-04-10 21:48 - 00000000 ____D () C:\Users\Deblauwe\AppData\Roaming\Nico Mak Computing
2014-04-10 21:48 - 2010-12-10 16:42 - 00110080 _____ () C:\Users\Deblauwe\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-10 21:47 - 2014-04-10 21:47 - 04892480 _____ (WinZip International LLC ) C:\Users\Deblauwe\Downloads\wzmp_8.exe
2014-04-10 21:35 - 2014-04-10 21:33 - 00000000 ____D () C:\ProgramData\Max Secure
2014-04-10 21:31 - 2014-04-10 21:31 - 00000000 ____D () C:\Users\Deblauwe\AppData\Local\Max Secure Software
2014-04-10 21:31 - 2014-04-10 21:30 - 00000000 ____D () C:\Users\Deblauwe\AppData\Roaming\GetRightToGo
2014-04-10 21:30 - 2014-04-10 21:30 - 00368256 _____ (RegNow.com) C:\Users\Deblauwe\Downloads\Download_MaxSDDMnew.exe
2014-04-10 21:17 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2014-04-10 20:38 - 2014-01-31 13:54 - 00000000 ____D () C:\Program Files (x86)\Disney Interactive
2014-04-10 20:38 - 2014-01-31 13:53 - 00002419 _____ () C:\Windows\disney.ini
2014-04-10 15:51 - 2012-02-17 15:20 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-10 15:50 - 2012-01-29 18:31 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-08 18:00 - 2012-12-07 16:36 - 00000000 ____D () C:\Users\Deblauwe\AppData\Roaming\HpUpdate
2014-04-03 22:31 - 2013-04-18 18:01 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-04-03 22:31 - 2013-04-18 18:01 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-04-03 22:30 - 2013-04-18 18:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-04-03 09:51 - 2014-04-10 22:06 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-10 22:06 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-10 22:06 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-01 20:26 - 2014-04-01 20:23 - 252299708 _____ () C:\Users\Deblauwe\Downloads\The.Mentalist.S06E02.HDTV.x264-LOL.mp4
2014-04-01 20:25 - 2014-04-01 20:22 - 237272569 _____ () C:\Users\Deblauwe\Downloads\The.Mentalist.S06E01.HDTV.x264-LOL.mp4
2014-03-31 21:49 - 2014-03-26 14:27 - 00000000 ____D () C:\Users\Deblauwe\Downloads\In This Moment - 2006-2012 - Дополнение к дискографии
2014-03-31 03:16 - 2014-04-10 13:03 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-31 03:13 - 2014-04-10 13:03 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-31 02:13 - 2014-04-10 13:03 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-31 01:57 - 2014-04-10 13:03 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-30 10:31 - 2013-06-26 19:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-29 19:02 - 2014-03-29 19:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-28 19:10 - 2010-07-16 11:09 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-03-27 22:45 - 2014-03-27 22:45 - 01866752 _____ () C:\Users\Deblauwe\Downloads\2013-03-07 Algemene presentatie - definitieve versie.ppt
2014-03-26 14:57 - 2014-03-26 14:57 - 00000000 ____D () C:\Users\Deblauwe\Downloads\The Dream
2014-03-26 14:45 - 2014-03-26 14:23 - 00000000 ____D () C:\Users\Deblauwe\Downloads\Beautiful Tragedy
2014-03-26 14:37 - 2014-03-26 14:29 - 00000000 ____D () C:\Users\Deblauwe\Downloads\In This Moment - A Star-Crossed Wasteland CDRip [DE][MJN]

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-10 22:55

==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-04-2014
Ran by Deblauwe at 2014-04-22 14:52:35
Running from C:\Users\Deblauwe\Downloads\FRST
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

µTorrent (HKCU\...\uTorrent) (Version: 3.4.1.30768 - BitTorrent Inc.)
Acer Backup Manager (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.68 - NewTech Infosystems)
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3005 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3013 - Acer Incorporated)
Acer GameZone Console (HKLM-x32\...\{58F4D244-314F-4D26-B5EF-C28AB32E22CB}_is1) (Version: 6.1.0.9 - Oberon Media, Inc.)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.03.3003 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0707.2010 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3001 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.0.7220 - Adobe Systems Inc.) Hidden
Adobe Digital Editions (HKLM-x32\...\Digital Editions) (Version:  - )
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.182 - Adobe Systems Incorporated)
Adobe Reader 9.1 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
Backup Manager Basic (x32 Version: 2.0.0.68 - NewTech Infosystems) Hidden
Basissoftware voor HP Officejet 4620 series (HKLM\...\{D195201D-E7E6-4237-8DD4-CE311237670F}) (Version: 26.0.784.0 - Hewlett-Packard Co.)
Belle en het Beest - De Ster van het Bal (HKLM-x32\...\La Belle et la Bete - La Belle du bal) (Version:  - )
CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.2829.50 - CyberLink Corp.)
CyberLink PowerDVD 9 (x32 Version: 9.0.2829.50 - CyberLink Corp.) Hidden
De Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.50.56 - Electronic Arts)
De Sims™ 3 Bovennatuurlijk (HKLM-x32\...\{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}) (Version: 15.0.135 - Electronic Arts)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5971CA1F-6BDE-498F-952C-9F2BF94070A4}) (Version:  - Microsoft)
Disney's Assepoester (HKLM-x32\...\{680E5008-CA49-11D6-8940-0002A5E32BEF}) (Version:  - )
ETDWare PS/2-x64 7.0.6.5_WHQL (HKLM\...\Elantech) (Version: 7.0.6.5 - ELAN Microelectronics Corp.)
Explor@ Park (HKLM-x32\...\VTechDownloadManager) (Version:  - VTech)
GenoPro 2.5.4.1 (HKLM-x32\...\GenoPro) (Version:  - GenoPro Inc.)
High-Definition Video Playback 10 (x32 Version: 7.0.11400.29.0 - Nero AG) Hidden
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet 4620 series Haelp (HKLM-x32\...\{225F0E4C-A89A-4AC7-A56A-95B2A12DDC26}) (Version: 6.0.0 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.10712 - HP)
HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1892 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.2.1001 - Intel Corporation)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 4.0.12 - Acer Inc.)
LightScribe  1.4.44.1 (x32 Version: 1.4.44.1 - Integrator) Hidden
Malwarebytes Anti-Malware versie 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Media Player Utilities 4.37 (HKLM-x32\...\{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}) (Version: 4.37 -  )
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Nederlands) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1043) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (NLD) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (Dutch) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (Dutch) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (Dutch) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (Dutch) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (Dutch) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-0081-0413-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Office Outlook MUI (Dutch) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (Dutch) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Dutch) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (Dutch) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (Dutch) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (Dutch) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (Dutch) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (Dutch) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Mozilla Firefox 28.0 (x86 nl) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 nl)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyWinLocker (x32 Version: 3.1.212.0 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}) (Version: 3.1.212.0 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 3.1.212.0 - Egis Technology Inc.) Hidden
Nero 10 Menu TemplatePack Basic (x32 Version: 10.0.10600.6.0 - Nero AG) Hidden
Nero 10 Movie ThemePack Basic (x32 Version: 10.0.10600.6.0 - Nero AG) Hidden
Nero BackItUp 10 (HKLM-x32\...\{68AB6930-5BFF-4FF6-923B-516A91984FE6}) (Version: 5.4.11600.19.100 - Nero AG)
Nero BackItUp 10 Help (CHM) (x32 Version: 1.0.10700 - Nero AG) Hidden
Nero Burning ROM 10 (HKLM-x32\...\{7A5D731D-B4B3-490E-B339-75685712BAAB}) (Version: 10.0.11100.10.100 - Nero AG)
Nero BurningROM 10 Help (CHM) (x32 Version: 1.0.10700 - Nero AG) Hidden
Nero BurnRights 10 (HKLM-x32\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.0.11000.12.100 - Nero AG)
Nero BurnRights 10 Help (CHM) (x32 Version: 1.0.10600 - Nero AG) Hidden
Nero Control Center 10 (x32 Version: 10.0.12000.1.4 - Nero AG) Hidden
Nero ControlCenter 10 Help (CHM) (x32 Version: 1.0.10700 - Nero AG) Hidden
Nero Core Components 10 (x32 Version: 2.0.13700.0.1 - Nero AG) Hidden
Nero CoverDesigner 10 (HKLM-x32\...\{FCF00A6E-FB58-477A-ABE9-232907105521}) (Version: 5.0.10900.11.100 - Nero AG)
Nero CoverDesigner 10 Help (CHM) (x32 Version: 1.0.10600 - Nero AG) Hidden
Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.0.10800.7.100 - Nero AG)
Nero DiscSpeed 10 Help (CHM) (x32 Version: 1.0.10600 - Nero AG) Hidden
Nero Dolby Files 10 (x32 Version: 2.0.11000.0.10 - Nero AG) Hidden
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.0.11000.10.100 - Nero AG)
Nero Express 10 Help (CHM) (x32 Version: 1.0.10700 - Nero AG) Hidden
Nero InfoTool 10 (HKLM-x32\...\{F412B4AF-388C-4FF5-9B2F-33DB1C536953}) (Version: 7.0.10800.8.100 - Nero AG)
Nero InfoTool 10 Help (CHM) (x32 Version: 1.0.10600 - Nero AG) Hidden
Nero MediaHub 10 (HKLM-x32\...\{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}) (Version: 1.0.13400.11.100 - Nero AG)
Nero MediaHub 10 Help (CHM) (x32 Version: 1.0.10700 - Nero AG) Hidden
Nero Multimedia Suite 10 (HKLM-x32\...\{277C1559-4CF7-44FF-8D07-98AA9C13AABD}) (Version: 10.0.13100 - Nero AG)
Nero Recode 10 (HKLM-x32\...\{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}) (Version: 4.6.10900.4.100 - Nero AG)
Nero Recode 10 Help (CHM) (x32 Version: 1.0.10600 - Nero AG) Hidden
Nero RescueAgent 10 (HKLM-x32\...\{E337E787-CF61-4B7B-B84F-509202A54023}) (Version: 3.0.10900.9.100 - Nero AG)
Nero RescueAgent 10 Help (CHM) (x32 Version: 1.0.10700 - Nero AG) Hidden
Nero SoundTrax 10 (HKLM-x32\...\{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}) (Version: 4.6.10600.2.100 - Nero AG)
Nero SoundTrax 10 Help (CHM) (x32 Version: 1.0.10600 - Nero AG) Hidden
Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.0.11200.12.100 - Nero AG)
Nero StartSmart 10 Help (CHM) (x32 Version: 1.0.10700 - Nero AG) Hidden
Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0017 - Nero AG)
Nero Vision 10 (HKLM-x32\...\{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}) (Version: 7.0.11100.8.100 - Nero AG)
Nero Vision 10 Help (CHM) (x32 Version: 1.0.10600 - Nero AG) Hidden
Nero WaveEditor 10 (HKLM-x32\...\{EDCDFAD5-DF80-4600-A493-E9DAD6810230}) (Version: 5.6.10600.2.100 - Nero AG)
Nero WaveEditor 10 Help (CHM) (x32 Version: 1.0.10600 - Nero AG) Hidden
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
Origin (HKLM-x32\...\Origin) (Version: 8.6.0.357 - Electronic Arts, Inc.)
Pingu en zijn vrienden (HKLM-x32\...\{453EDAF5-D01B-487C-8BCE-2F4F07F8B9A9}) (Version: 1.00.0000 - Transposia)
Productverbeteringonderzoek HP Officejet 4620 series (HKLM\...\{C3FA1B2C-A5A9-4F3E-B021-3079B836B620}) (Version: 26.0.784.0 - Hewlett-Packard Co.)
QuickTime (HKLM-x32\...\InstallShield_{C21D5524-A970-42FA-AC8A-59B8C7CDCA31}) (Version: 7.1 - Apple Computer, Inc.)
QuickTime (x32 Version: 7.1 - Apple Computer, Inc.) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6151 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30121 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Shredder (Version: 2.0.8.3 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.3 - Egis Technology Inc.) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
The Treasures of Montezuma 2 (HKLM-x32\...\Denda Games The Treasures of Montezuma 2) (Version: 1.0.0.0 - Denda Games)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{C70D2038-A2C4-4A99-87DE-5272BB44F0CE}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{83B1B530-7D9E-4C6A-907F-E979CEE9C295}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0413-0000-0000000FF1CE}_Office14.PROPLUSR_{2CDD05C4-26E6-4125-8499-EB6D800614EE}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0413-0000-0000000FF1CE}_Office14.PROPLUSR_{F071F40F-CBA0-452D-A1CB-3F327CC8DF66}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2553444) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{799005D3-9B70-4219-AFE0-BC479614CC4D}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{8C55AA83-54C2-4236-A622-78440A411DC5}) (Version:  - Microsoft)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
VTech Download Agent Library (x32 Version: 1.00.0000 - VTech) Hidden
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3004 - Acer Incorporated)
Windows Live - Hulpprogramma voor uploaden (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Live aanmeldhulp (HKLM-x32\...\{1BD6AE96-4742-4498-9D03-9451C7E5A214}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Communications Platform (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 14.0.8091.0730 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 14.0.8081.709 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{CD19EDD9-1632-4002-9212-7478E4BA0423}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Writer (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
WinRAR 4.10 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.10.0 - win.rar GmbH)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version:  - )

==================== Restore Points  =========================

10-04-2014 19:37:57 Installed Spyware Detector
11-04-2014 11:00:33 Windows Update
14-04-2014 19:40:31 Windows Update
18-04-2014 13:16:53 ComboFix created restore point
18-04-2014 19:08:05 Windows Update
20-04-2014 18:29:57 Removed AVG 2013
20-04-2014 18:36:15 Removed AVG 2012

==================== Hosts content: ==========================

2009-07-14 04:34 - 2014-04-18 15:30 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {15939159-CC69-4B86-9407-BEECBF4C099B} - System32\Tasks\{F8DEA416-8B2C-4C57-A81B-454D5259F61C} => C:\Users\Deblauwe\Downloads\flashplayer10_2_p2_32bit_activex_011011.exe [2011-01-16] (Adobe Systems, Inc.)
Task: {86AAA6E1-1510-4F78-A744-A5D4F974E528} - System32\Tasks\{F5AF528A-8E9F-4458-851F-BD0B52280120} => C:\Program Files (x86)\Ahead\Nero StartSmart\NeroStartSmart.exe [2005-04-29] (Ahead Software AG)
Task: {8DB01ECC-F3F5-4CD3-B291-EF0CC0112B50} - System32\Tasks\HPCustParticipation HP Officejet 4620 series => C:\Program Files\HP\HP Officejet 4620 series\Bin\HPCustPartic.exe [2011-12-18] (Hewlett-Packard Co.)
Task: {949BEFB5-F72F-45F8-B3EB-73399DF3025E} - System32\Tasks\HP Photo Creations Communicator => C:\ProgramData\HP Photo Creations\Communicator.exe [2012-12-16] ()
Task: {99743961-8967-42EF-9941-DC1E19C60246} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-18] (Adobe Systems Incorporated)
Task: {A9A1AEF0-3FEF-41A6-B415-0B7CB479B55C} - System32\Tasks\{F42211CC-FC60-409E-B45D-65F8F46CFD26} => C:\Program Files (x86)\Ahead\Nero StartSmart\NeroStartSmart.exe [2005-04-29] (Ahead Software AG)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\Communicator.exe

==================== Loaded Modules (whitelisted) =============

2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-06-29 00:20 - 2010-06-29 00:20 - 00465576 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
2010-06-29 00:12 - 2010-06-29 00:12 - 01081600 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2014-02-13 20:59 - 2014-02-13 20:59 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\29335dc88d799664dcd97362bcb687e9\IsdiInterop.ni.dll
2010-07-16 11:09 - 2010-04-13 18:52 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2014-03-29 19:01 - 2014-03-29 19:02 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\Temp:33A7CC67

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"

==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupreg: Acer ePower Management => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AgentMonitor => C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe
MSCONFIG\startupreg: AVG_UI => "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
MSCONFIG\startupreg: BackupManagerTray => "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: EgisTecPMMUpdate => "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
MSCONFIG\startupreg: EgisUpdate => "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
MSCONFIG\startupreg: ETDWare => C:\Program Files\Elantech\ETDCtrl.exe
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: LManager => C:\Program Files (x86)\Launch Manager\LManager.exe
MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: mwlDaemon => C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
MSCONFIG\startupreg: NBAgent => "C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
MSCONFIG\startupreg: Norton Online Backup => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: SuiteTray => "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/22/2014 00:35:09 PM) (Source: SideBySide) (User: )
Description: Kan activeringscontext voor C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1 niet maken. Fout in manifest of beleidsbestand C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2 op regel C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Een onderdeelversie die nodig is voor de toepassing conflicteert met een andere onderdeelversie die reeds actief is.
Conflicterende onderdelen zijn:
Onderdeel 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Onderdeel 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (04/22/2014 00:35:05 PM) (Source: SideBySide) (User: )
Description: Kan activeringscontext voor C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1 niet maken. Fout in manifest of beleidsbestand C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2 op regel C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Een onderdeelversie die nodig is voor de toepassing conflicteert met een andere onderdeelversie die reeds actief is.
Conflicterende onderdelen zijn:
Onderdeel 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Onderdeel 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (04/22/2014 00:34:43 PM) (Source: SideBySide) (User: )
Description: Kan activeringscontext voor C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1 niet maken. Fout in manifest of beleidsbestand C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2 op regel C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Een onderdeelversie die nodig is voor de toepassing conflicteert met een andere onderdeelversie die reeds actief is.
Conflicterende onderdelen zijn:
Onderdeel 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Onderdeel 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (04/22/2014 00:34:43 PM) (Source: SideBySide) (User: )
Description: Kan activeringscontext voor C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1 niet maken. Fout in manifest of beleidsbestand C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2 op regel C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Een onderdeelversie die nodig is voor de toepassing conflicteert met een andere onderdeelversie die reeds actief is.
Conflicterende onderdelen zijn:
Onderdeel 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Onderdeel 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (04/18/2014 09:48:33 PM) (Source: Application Hang) (User: )
Description: Het programma firefox.exe, versie 28.0.0.5186 reageert niet meer op Windows en is afgesloten. Als u wilt zien of er meer informatie over het probleem beschikbaar is, raadpleegt u de probleemgeschiedenis in het onderdeel Onderhoudscentrum in het Configuratiescherm.

Proces-id: 10a0

Starttijd: 01cf5b3b7e3893fc

Eindtijd: 135

Toepassingspad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Rapport-id: 66e75fe9-c732-11e3-b022-88ae1d8af9f3

Error: (04/11/2014 01:02:34 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: De service Cryptografische services is mislukt tijdens het verwerken van aanroep OnIdentity() op het object System Writer.


Details:
AddLegacyDriverFiles: Unable to back up image of binary SDActMon.

System Error:
Het systeem kan het opgegeven bestand niet vinden.
.

Error: (04/11/2014 01:02:34 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: De service Cryptografische services is mislukt tijdens het verwerken van aanroep OnIdentity() op het object System Writer.


Details:
AddLegacyDriverFiles: Unable to back up image of binary MaxProtector64.

System Error:
Het systeem kan het opgegeven bestand niet vinden.
.

Error: (04/11/2014 01:02:34 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: De service Cryptografische services is mislukt tijdens het verwerken van aanroep OnIdentity() op het object System Writer.


Details:
AddLegacyDriverFiles: Unable to back up image of binary MaxProc64.

System Error:
Het systeem kan het opgegeven bestand niet vinden.
.

Error: (04/11/2014 01:02:34 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: De service Cryptografische services is mislukt tijdens het verwerken van aanroep OnIdentity() op het object System Writer.


Details:
AddLegacyDriverFiles: Unable to back up image of binary MaxMgr.

System Error:
Het systeem kan het opgegeven bestand niet vinden.
.

Error: (04/11/2014 00:57:09 PM) (Source: Application Error) (User: )
Description: Naam van toepassing met fout: firefox.exe, versie: 28.0.0.5186, tijdstempel: 0x53240e37
Naam van module met fout: xul.dll, versie: 28.0.0.5186, tijdstempel: 0x53240e04
Uitzonderingscode: 0xc0000005
Foutoffset: 0x00184729
Id van proces met fout: 0x348
Starttijd van toepassing met fout: 0xfirefox.exe0
Pad naar toepassing met fout: firefox.exe1
Pad naar module met fout: firefox.exe2
Rapport-id: firefox.exe3


System errors:
=============
Error: (04/21/2014 07:59:29 PM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0x80004005

Error: (04/18/2014 04:26:52 PM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (04/18/2014 03:30:27 PM) (Source: Service Control Manager) (User: )
Description: De PEVSystemStart-service staat aangeduid als een interactieve service. Het systeem is echter zodanig geconfigureerd dat interactieve services niet zijn toegestaan. Deze service werkt mogelijk niet juist.

Error: (04/18/2014 03:29:31 PM) (Source: Application Popup) (User: )
Description: \??\C:\ComboFix\catchme.sys kan niet worden geladen vanwege incompatibiliteit met dit systeem. Vraag de leverancier van de software om een compatibele versie van het stuurprogramma.

Error: (04/18/2014 03:29:31 PM) (Source: Application Popup) (User: )
Description: \??\C:\ComboFix\catchme.sys kan niet worden geladen vanwege incompatibiliteit met dit systeem. Vraag de leverancier van de software om een compatibele versie van het stuurprogramma.

Error: (04/18/2014 03:26:31 PM) (Source: Service Control Manager) (User: )
Description: De PEVSystemStart-service staat aangeduid als een interactieve service. Het systeem is echter zodanig geconfigureerd dat interactieve services niet zijn toegestaan. Deze service werkt mogelijk niet juist.

Error: (04/17/2014 08:22:28 PM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0x80004005

Error: (04/16/2014 06:22:56 PM) (Source: Service Control Manager) (User: )
Description: Time-out (30000 seconden) tijdens het wachten op een reactie op een transactie van deze service: Wlansvc.

Error: (04/14/2014 09:27:55 PM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (04/11/2014 02:30:15 PM) (Source: Service Control Manager) (User: )
Description: De WinHTTP Web Proxy Auto-Discovery Service-service is afhankelijk van de DHCP-client-service, die vanwege de volgende fout niet kan worden gestart:
%%1069


Microsoft Office Sessions:
=========================
Error: (04/22/2014 00:35:09 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Deblauwe\Downloads\esetsmartinstaller_enu.exe

Error: (04/22/2014 00:35:05 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Deblauwe\Downloads\esetsmartinstaller_enu.exe

Error: (04/22/2014 00:34:43 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Deblauwe\Downloads\esetsmartinstaller_enu.exe

Error: (04/22/2014 00:34:43 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Deblauwe\Downloads\esetsmartinstaller_enu.exe

Error: (04/18/2014 09:48:33 PM) (Source: Application Hang)(User: )
Description: firefox.exe28.0.0.518610a001cf5b3b7e3893fc135C:\Program Files (x86)\Mozilla Firefox\firefox.exe66e75fe9-c732-11e3-b022-88ae1d8af9f3

Error: (04/11/2014 01:02:34 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary SDActMon.

System Error:
Het systeem kan het opgegeven bestand niet vinden.

Error: (04/11/2014 01:02:34 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary MaxProtector64.

System Error:
Het systeem kan het opgegeven bestand niet vinden.

Error: (04/11/2014 01:02:34 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary MaxProc64.

System Error:
Het systeem kan het opgegeven bestand niet vinden.

Error: (04/11/2014 01:02:34 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary MaxMgr.

System Error:
Het systeem kan het opgegeven bestand niet vinden.

Error: (04/11/2014 00:57:09 PM) (Source: Application Error)(User: )
Description: firefox.exe28.0.0.518653240e37xul.dll28.0.0.518653240e04c00000050018472934801cf557498adfe6eC:\program files (x86)\mozilla firefox\firefox.exeC:\program files (x86)\mozilla firefox\xul.dll06c7694e-c168-11e3-8bb5-88ae1d8af9f3


CodeIntegrity Errors:
===================================
  Date: 2014-04-18 15:29:31.875
  Description: De integriteit van de kopie van het bestand \Device\HarddiskVolume3\ComboFix\catchme.sys kan niet worden geverifieerd omdat de bestands-hash niet is gevonden op het systeem. Tijdens een recente hardware- of softwarewijziging is mogelijk een bestand geïnstalleerd dat onjuist ondertekend of beschadigd is, of dat mogelijk kwaadwillende software van een onbekende bron is.

  Date: 2014-04-18 15:29:31.470
  Description: De integriteit van de kopie van het bestand \Device\HarddiskVolume3\ComboFix\catchme.sys kan niet worden geverifieerd omdat de bestands-hash niet is gevonden op het systeem. Tijdens een recente hardware- of softwarewijziging is mogelijk een bestand geïnstalleerd dat onjuist ondertekend of beschadigd is, of dat mogelijk kwaadwillende software van een onbekende bron is.

  Date: 2014-04-18 15:29:30.986
  Description: De integriteit van de kopie van het bestand \Device\HarddiskVolume3\ComboFix\catchme.sys kan niet worden geverifieerd omdat de bestands-hash niet is gevonden op het systeem. Tijdens een recente hardware- of softwarewijziging is mogelijk een bestand geïnstalleerd dat onjuist ondertekend of beschadigd is, of dat mogelijk kwaadwillende software van een onbekende bron is.

  Date: 2014-04-18 15:29:30.581
  Description: De integriteit van de kopie van het bestand \Device\HarddiskVolume3\ComboFix\catchme.sys kan niet worden geverifieerd omdat de bestands-hash niet is gevonden op het systeem. Tijdens een recente hardware- of softwarewijziging is mogelijk een bestand geïnstalleerd dat onjuist ondertekend of beschadigd is, of dat mogelijk kwaadwillende software van een onbekende bron is.

  Date: 2013-07-10 11:28:34.910
  Description: De integriteit van de kopie van het bestand \Device\HarddiskVolume3\ComboFix\catchme.sys kan niet worden geverifieerd omdat de bestands-hash niet is gevonden op het systeem. Tijdens een recente hardware- of softwarewijziging is mogelijk een bestand geïnstalleerd dat onjuist ondertekend of beschadigd is, of dat mogelijk kwaadwillende software van een onbekende bron is.

  Date: 2013-07-10 11:28:34.629
  Description: De integriteit van de kopie van het bestand \Device\HarddiskVolume3\ComboFix\catchme.sys kan niet worden geverifieerd omdat de bestands-hash niet is gevonden op het systeem. Tijdens een recente hardware- of softwarewijziging is mogelijk een bestand geïnstalleerd dat onjuist ondertekend of beschadigd is, of dat mogelijk kwaadwillende software van een onbekende bron is.


==================== Memory info ===========================

Percentage of memory in use: 60%
Total physical RAM: 1977.98 MB
Available physical RAM: 787.27 MB
Total Pagefile: 3955.96 MB
Available Pagefile: 2388.69 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:219.79 GB) (Free:101.14 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 41901DE2)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=220 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

 

I don't quite understand what you mean about Microsoft's msconfig and Autorun.  Could you please explain this a little more?

 

Thank you



#13 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:06:39 PM

Posted 22 April 2014 - 04:00 PM

Hi again Sequan!! :)
 

The problem isn't solved yet.

Logs look clean, and I think the Service is just stopped (in one of your earlier steps, ComboFix re-enabled it for you; and then the infection disabled it again)...

AVG Remover utlity removed most of the leftovers, though, a few of them have to be removed with a script... In the script, I will configure the Security Center, Windows Firewall and Windows Update Services to start automatically when Windows boots, so please let me know if the problem is gone after a reboot!

We need to run a fix with FRST:
  • Open Notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below into it:
    (AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe
    R2 vToolbarUpdater15.3.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe [1598128 2013-06-27] (AVG Secure Search)
    R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [45856 2013-06-27] (AVG Technologies)
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe
    C:\Windows\system32\drivers\avgtpx64.sys
    CMD: sc config MpsSvc start= auto
    CMD: sc config wscsvc start= delayed-auto
    CMD: sc config wuauserv start= delayed-auto
    Reboot:
    
  • Save the file as fixlist.txt in the same directory FRST is located in.
    Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply

I don't quite understand what you mean about Microsoft's msconfig and Autorun. Could you please explain this a little more?

No problem!
The Addition.txt logfile lists Startup entries disabled through the Microsoft's msconfig utility, for example:
 
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: SuiteTray => "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
It means that either you or somebody else who had access to this computer disabled these programs through msconfig.exe, so that they do not start with Windows... See this article for more information about the System Configuration (msconfig.exe) tool: How To Use the System Configuration Tool & All its Awesomeness!
And I just suggested that msconfig.exe tool is just a diagnostic utility, and it's not recommended to use it as a startup manager... Instead, I recommend Autoruns for Windows to manage what programs can start with Windows... :)

Please let me know if it's still unclear to you! :)
Posted Image
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#14 Sequan

Sequan
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:06:39 PM

Posted 23 April 2014 - 07:27 AM

Hi, Microsoft Security Essentials and firewall are enabled again, hopefully  it stays this way now.  Thank you for the info about autorun, I'll look into it.  I don't get how these things got disabled in msconfig.exe though, since I did'nt know what it was or where to find it and no one else in this house knows anything about computers.  Could this have been done through a virus or malware?

 

anyway, thank you very much for everything you have done for me so far!  you're a lifesaver since a have a thesis to finish and that's rather difficult if the computer doesn't work properly.

 

here's the fixlog:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-04-2014
Ran by Deblauwe at 2014-04-23 14:04:39 Run:2
Running from C:\Users\Deblauwe\Downloads\FRST
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe
R2 vToolbarUpdater15.3.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe [1598128 2013-06-27] (AVG Secure Search)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [45856 2013-06-27] (AVG Technologies)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
C:\Program Files (x86)\Common
Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe
C:\Windows\system32\drivers\avgtpx64.sys
CMD: sc config MpsSvc start= auto
CMD: sc config wscsvc start= delayed-auto
CMD: sc config wuauserv start= delayed-auto
Reboot:
*****************

[2456] C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe => Process closed successfully.
vToolbarUpdater15.3.0 => Service stopped successfully.
vToolbarUpdater15.3.0 => Service deleted successfully.
avgtp => Service stopped successfully.
avgtp => Service deleted successfully.
catchme => Service deleted successfully.
"C:\Program Files (x86)\Common" => File/Directory not found.
C:\Windows\system32\drivers\avgtpx64.sys => Moved successfully.

=========  sc config MpsSvc start= auto =========

[SC] ChangeServiceConfig VOLTOOID

========= End of CMD: =========


=========  sc config wscsvc start= delayed-auto =========

[SC] ChangeServiceConfig VOLTOOID

========= End of CMD: =========


=========  sc config wuauserv start= delayed-auto =========

[SC] ChangeServiceConfig VOLTOOID

========= End of CMD: =========



The system needed a reboot.

==== End of Fixlog ====



#15 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:06:39 PM

Posted 23 April 2014 - 04:11 PM

Hi again Sequan!! :)
 

Hi, Microsoft Security Essentials and firewall are enabled again, hopefully  it stays this way now.

 
That's good! And yes, it should be ok now!
 

Thank you for the info about autorun, I'll look into it.  I don't get how these things got disabled in msconfig.exe though, since I did'nt know what it was or where to find it and no one else in this house knows anything about computers.  Could this have been done through a virus or malware?

To say the truth, I've never experienced malware doing it... It wouldn't make much sense, as in your case only some Startup entries were disabled (and there are still a few more ways to load a process or a program)...

I took a quick look at the list of programs disabled through msconfig.exe, and I recommend re-enabling these:
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: mwlDaemon => C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe

You might also consider re-enabling these:
MSCONFIG\startupreg: ETDWare => C:\Program Files\Elantech\ETDCtrl.exe - related to a touchpad, one can easily change properties of a "Touch-Pad" or "Smartpad" thanks to this program...
MSCONFIG\startupreg: BackupManagerTray => "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k - not required if you don't use the service (Acer Backup Manager)...
MSCONFIG\startupreg: LManager => C:\Program Files (x86)\Launch Manager\LManager.exe - if disabled, you might not be able to use some multimedia keys on your laptop (for example a key to turn Wi-Fi on)...
MSCONFIG\startupreg: Norton Online Backup => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe - not required if you don't use the service (Norton Online Backup)...
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s - gives an access to some advanced audio controls...

In the future, you can refer for example to this community-maintained list: SystemLookup to check if the program is required to run on Startup (another database is on our forum as well: Startup Programs Database)...
 

you're a lifesaver since a have a thesis to finish and that's rather difficult if the computer doesn't work properly.

Thanks for your kind words! Good luck with your thesis!! :)


If no problem with your computer remains, I'll give you some computer security tips in my next post... In the meantime, please perform updates of the following programs (new versions contain critical security updates/fixes):

Go to Start -> Control Panel -> Programs and Features, highlight a program to see the available option on the toolbar for it. Choose Uninstall for:
Adobe Flash Player 12 ActiveX

If you do not use Internet Explorer browser on regular basis, you do not need to install the newest version of Adobe Flash Player for IE... Otherwise, please install (using Internet Explorer) the newest version from here: Adobe Flash Player ...

Note: I suggest you uncheck an optional, third-party download (eg. McAfee Security Scan Plus).

You're also using an old version of Adobe Acrobat Reader, this can leave your PC open to vulnerabilities. Unless Adobe Reader 9.1 is a paid product, please uninstall it and install the newest version from here: Adobe Reader (change the language of the program, and uncheck an optional install)...

If you're using the Adobe Shockwave Player program, please uninstall an old version and install the newest version from here: Adobe Shockwave Player ...

Then,
Go to Start -> Control Panel -> Programs and Features, highlight a program to see the available option on the toolbar for it. Choose Uninstall for:
Java 7 Update 51

Please reboot; then,
  • Download the latest version of Java Runtime Environment (JRE) 8.
  • Scroll down to where it says Java Platform, Standard Edition / "Java SE 8u5".
  • Click the Download button under "JRE".
  • In the Window that opens, check the box that says: "Accept License Agreement".
  • Click on the link: jre-8u5-windows-i586.exe to download an offline installer for Windows x86. Save the file to your Desktop.
  • Close any programs you may have running - especially your web browser.
  • Then from your Desktop double-click on the file that you've downloaded to install the newest version.
  • Note: you might be given an option to install optional Ask Toolbar, I suggest you do not install it (uncheck the option during an install)

Posted Image
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users