Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help! Keylogger on my pc


  • This topic is locked This topic is locked
18 replies to this topic

#1 Jezustepaard

Jezustepaard

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:50 PM

Posted 10 May 2014 - 02:25 PM

so thanks to a download i got keylogged and my email got hacked and my account on a game I was playing got hacked. I ran several keylogdetectors, virusscanners etc, but none of them found anything or could do anything about it. I heard from someone that combofix might help but I don't know if its safe. can anybody help me?



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,733 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:50 PM

Posted 15 May 2014 - 02:30 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/533903 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Jezustepaard

Jezustepaard
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:50 PM

Posted 15 May 2014 - 03:05 PM

1. Thanks to a download i got keylogged and my email got hacked and my account on a game I was playing got hacked. I ran several keylogdetectors, virusscanners etc, but none of them found anything or could do anything about it. So I ran Combofix but I don't know if it helped. furthermore I looked video's on youtube on how to detect keyloggers but that hasn't helped me that much. so now I did a DDS scan and here's the log:

 

2. 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17041  BrowserJavaVersion: 10.55.2
Run by Joey at 22:03:28 on 2014-05-15
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.31.1043.18.8139.6380 [GMT 2:00]
.
AV: McAfeeAntivirus en antispyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfeeAntivirus en antispyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfeeFirewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
C:\Windows\system32\atieclxx.exe
C:\Program Files\HitmanPro\hmpsched.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Cyberlink\MediaEspresso\DeviceDetector\DeviceDetector.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\EgisTec IPS\PMMUpdate.exe
C:\Program Files\EgisTec IPS\EgisUpdate.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
mSearch Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1399834972&from=sof&uid=WDCXWD10EARX-22N0YB0_WD-WMC0S057489074890&q={searchTerms}
mDefault_Page_URL = about:blank
mDefault_Search_URL = hxxp://www.google.com
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files (x86)\SolarWinds Log and Event Manager Reports\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
dRunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid}
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: &Verzenden naar OneNote - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: E&xporteren naar Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 212.54.40.25 212.54.35.25
TCP: Interfaces\{08310062-336B-410A-AD2F-FFD62E485114} : DHCPNameServer = 212.54.40.25 212.54.35.25
TCP: Interfaces\{08310062-336B-410A-AD2F-FFD62E485114}\C696E6B6379737 : DHCPNameServer = 212.54.40.25 212.54.35.25
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = about:blank
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-3-7 16152]
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2011-8-15 783864]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2011-8-15 345456]
R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\System32\drivers\ctxusbm.sys [2009-9-8 87600]
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\System32\drivers\mwlPSDFilter.sys [2012-3-7 22648]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\System32\drivers\mwlPSDNserv.sys [2012-3-7 20520]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\System32\drivers\mwlPSDVDisk.sys [2012-3-7 62776]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2013-10-11 144152]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-3-7 204288]
R2 EgisTec Ticket Service;EgisTec Ticket Service;C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2011-6-21 173424]
R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2012-2-29 28264]
R2 HitmanProScheduler;HitmanPro Scheduler;C:\Program Files\HitmanPro\hmpsched.exe [2014-5-12 127752]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2014-4-7 13592]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-2 628448]
R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2014-4-7 128280]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2014-4-7 161560]
R2 Live Updater Service;Live Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2012-3-7 255376]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2012-3-7 199272]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2012-3-7 219752]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2012-3-7 185792]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-7-23 690472]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-2 2804568]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2014-4-7 363800]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-3-7 93712]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-3-7 355096]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-3-7 786200]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2011-8-15 311600]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2011-8-15 522360]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2012-3-7 1014624]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\System32\drivers\ssadadb.sys [2011-5-13 36328]
S3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2011-8-15 70592]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-5-2 111616]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2011-8-15 100912]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\System32\drivers\ssadbus.sys [2011-5-13 157672]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\System32\drivers\ssadmdfl.sys [2011-5-13 16872]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\System32\drivers\ssadmdm.sys [2011-5-13 177640]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\Windows\System32\drivers\ssadserd.sys [2011-5-13 146920]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-4-7 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
.
=============== Created Last 30 ================
.
2014-05-14 17:42:31 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-05-14 17:42:31 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-05-14 16:08:17 -------- d-----w- C:\Users\Joey\.businessobjects
2014-05-14 15:48:24 69632 ----a-r- C:\Users\Joey\AppData\Roaming\Microsoft\Installer\{F1594066-22DF-4B63-88BD-9CBD0596E137}\NewShortcut1_9ABF10778A074CF8A13E9570102FCFFF.exe
2014-05-14 15:48:24 339968 ----a-r- C:\Users\Joey\AppData\Roaming\Microsoft\Installer\{F1594066-22DF-4B63-88BD-9CBD0596E137}\ARPPRODUCTICON.exe
2014-05-14 15:48:07 -------- d-----w- C:\Program Files (x86)\SolarWinds Log and Event Manager Reports
2014-05-14 15:47:21 -------- d-----w- C:\Program Files (x86)\Common Files\Business Objects
2014-05-14 15:47:21 -------- d-----w- C:\Program Files (x86)\Business Objects
2014-05-14 15:47:18 -------- d-----w- C:\Users\Joey\AppData\Local\Downloaded Installations
2014-05-13 22:25:36 -------- d-----w- C:\ProgramData\Citrix
2014-05-13 22:25:25 -------- d-----w- C:\Users\Joey\AppData\Roaming\ICAClient
2014-05-13 22:25:25 -------- d-----w- C:\Users\Joey\AppData\Local\Citrix
2014-05-13 22:25:21 -------- d-----w- C:\Program Files (x86)\Citrix
2014-05-13 06:25:00 10651704 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2B0C9A49-047E-4F18-8141-205E6D3606AB}\mpengine.dll
2014-05-12 19:16:36 -------- d-sh--w- C:\$RECYCLE.BIN
2014-05-12 13:44:15 -------- d-----w- C:\Program Files\HitmanPro
2014-05-12 13:43:24 -------- d-----w- C:\ProgramData\HitmanPro
2014-05-12 13:32:00 88280 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-05-12 13:32:00 63192 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-05-12 13:32:00 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-05-12 13:32:00 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-11 19:22:31 -------- d-----w- C:\ProgramData\Systweak
2014-05-11 19:22:30 -------- d-----w- C:\Program Files (x86)\VideoLAN
2014-05-11 19:22:29 16896 ----a-w- C:\Windows\System32\sasnative64.exe
2014-05-11 19:20:31 -------- d-----w- C:\Users\Joey\AppData\Roaming\Systweak
2014-05-11 19:20:14 -------- d-----w- C:\Users\Joey\.android
2014-05-11 19:20:12 -------- d-----w- C:\Users\Joey\AppData\Local\cache
2014-05-11 19:14:29 -------- d-----w- C:\SUPERDelete
2014-05-11 19:02:52 -------- d-----w- C:\Users\Joey\AppData\Roaming\sweet-page
2014-05-11 18:55:36 48648 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2014-05-11 18:55:33 856712 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2014-05-11 18:54:43 -------- d-----w- C:\Users\Joey\AppData\Local\{B0E13FE3-F50F-438B-B08C-AB03DC71BC11}
2014-05-11 18:54:43 -------- d-----w- C:\Users\Joey\AppData\Local\{A166113B-9735-448A-B736-627D1F0FB0BE}
2014-05-11 12:08:43 10651704 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2014-05-10 19:15:23 536576 ----a-w- C:\Windows\SysWow64\sqlite3.dll
2014-05-10 19:15:11 -------- d-----w- C:\AdwCleaner
2014-05-10 15:07:43 -------- d-----w- C:\Users\Joey\AppData\Roaming\SUPERAntiSpyware.com
2014-05-10 15:07:12 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2014-05-10 15:07:12 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2014-05-07 17:51:48 98816 ----a-w- C:\Windows\sed.exe
2014-05-07 17:51:48 256000 ----a-w- C:\Windows\PEV.exe
2014-05-07 17:51:48 208896 ----a-w- C:\Windows\MBR.exe
2014-05-07 17:36:14 -------- d-----w- C:\Users\Joey\AppData\Roaming\LavasoftStatistics
2014-05-07 17:34:27 -------- d-sh--w- C:\Users\Joey\AppData\Local\EmieUserList
2014-05-07 17:34:27 -------- d-sh--w- C:\Users\Joey\AppData\Local\EmieSiteList
2014-05-06 19:46:10 81920 ----a-w- C:\Windows\eSellerateControl350.dll
2014-05-06 19:46:10 356352 ----a-w- C:\Windows\eSellerateEngine.dll
2014-05-06 19:46:10 274432 ----a-w- C:\Windows\SysWow64\ssleay32.dll
2014-05-06 19:46:10 1122304 ----a-w- C:\Windows\SysWow64\libeay32.dll
2014-05-06 18:16:07 -------- d-----w- C:\ProgramData\AVAST Software
2014-05-06 14:26:55 -------- d-----w- C:\Users\Joey\AppData\Local\EgisTec
2014-05-06 14:19:05 -------- d-----w- C:\Program Files (x86)\Lavasoft
2014-05-06 07:46:15 -------- d-s---w- C:\Windows\System32\CompatTel
2014-05-04 22:27:50 -------- d-----w- C:\Windows\System32\MRT
2014-05-03 17:10:58 591360 ----a-w- C:\Windows\utimcache.exe
2014-05-03 17:10:56 420864 ----a-w- C:\Windows\stidraw32.exe
2014-05-03 17:10:53 646144 ----a-w- C:\Windows\sysnadr64.exe
2014-05-03 17:10:41 3586560 ----a-w- C:\Windows\diskediag.exe
2014-05-03 17:10:41 304 ----a-w- C:\Windows\km32hlpr.dll
2014-05-03 17:10:41 0 ----a-w- C:\Windows\wnsperf32.dll
2014-05-03 17:10:41 0 ----a-w- C:\Windows\winid332.dll
2014-05-03 17:10:41 0 ----a-w- C:\Windows\stdensrv.dll
2014-05-03 17:10:41 0 ----a-w- C:\Windows\javexisb.dll
2014-05-03 17:10:41 0 ----a-w- C:\Windows\javexisa.dll
2014-05-03 17:10:41 0 ----a-w- C:\Windows\cr2gui32.dll
2014-05-03 17:10:40 4021 ----a-w- C:\Windows\memgprep.dll
2014-05-03 17:10:40 -------- d-----w- C:\Windows\ServiceLECache
2014-05-03 14:45:11 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2014-05-03 14:45:01 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-04-17 20:11:20 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-04-17 15:51:23 -------- d-----w- C:\Program Files (x86)\Freestyle GunZ
2014-04-15 20:20:36 212240 ----a-w- C:\Windows\SysWow64\RICHTX32.OCX
2014-04-15 20:20:35 117507 ----a-w- C:\Windows\SysWow64\msinet.ocx
2014-04-15 20:20:35 109248 ----a-w- C:\Windows\SysWow64\MSWINSCK.OCX
2014-04-15 20:20:35 -------- d-----w- C:\ProgramData\SwiftKit
2014-04-15 20:20:34 -------- d-----w- C:\Program Files (x86)\SwiftKit
.
==================== Find3M  ====================
.
2014-05-12 13:32:22 119512 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-05-09 06:14:03 477184 ----a-w- C:\Windows\System32\aepdu.dll
2014-05-09 06:11:23 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-05-03 17:11:27 6246400 ----a-w- C:\Windows\sspro.exe
2014-05-03 17:11:04 24576 ----a-w- C:\Windows\svcextend32.exe
2014-05-03 17:11:04 224256 ----a-w- C:\Windows\svcreng.dll
2014-04-15 00:34:10 1070232 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2014-04-12 02:22:05 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2014-04-12 02:22:05 155072 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2014-04-12 02:19:38 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2014-04-12 02:19:38 136192 ----a-w- C:\Windows\System32\sspicli.dll
2014-04-12 02:19:37 28160 ----a-w- C:\Windows\System32\secur32.dll
2014-04-12 02:19:32 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-04-12 02:19:05 31232 ----a-w- C:\Windows\System32\lsass.exe
2014-04-12 02:12:06 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-04-12 02:10:56 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-04-07 08:11:55 2560 ----a-w- C:\Windows\SysWow64\drivers\nl-NL\qwavedrv.sys.mui
2014-04-07 08:11:50 5632 ----a-w- C:\Windows\SysWow64\drivers\nl-NL\ndiscap.sys.mui
2014-04-07 08:11:48 50688 ----a-w- C:\Windows\SysWow64\drivers\nl-NL\tcpip.sys.mui
2014-04-07 08:11:47 26624 ----a-w- C:\Windows\SysWow64\drivers\nl-NL\bfe.dll.mui
2014-04-07 08:11:47 16896 ----a-w- C:\Windows\SysWow64\drivers\nl-NL\pacer.sys.mui
2014-04-07 08:11:43 2560 ----a-w- C:\Windows\SysWow64\drivers\nl-NL\scfilter.sys.mui
2014-04-06 22:24:45 0 ----a-w- C:\Windows\ativpsrm.bin
2014-03-31 07:35:08 270496 ------w- C:\Windows\System32\MpSigStub.exe
2014-03-17 17:02:08 70592 ----a-w- C:\Windows\System32\drivers\cfwids.sys
2014-03-17 16:54:54 345456 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys
2014-03-17 16:54:26 185792 ----a-w- C:\Windows\System32\mfevtps.exe
2014-03-17 16:49:44 783864 ----a-w- C:\Windows\System32\drivers\mfehidk.sys
2014-03-17 16:47:30 522360 ----a-w- C:\Windows\System32\drivers\mfefirek.sys
2014-03-17 16:45:38 311600 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys
2014-03-17 16:44:40 180272 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys
2014-03-06 09:31:33 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-03-06 08:59:04 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-03-06 08:57:34 548352 ----a-w- C:\Windows\System32\vbscript.dll
2014-03-06 08:57:20 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-03-06 08:29:40 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-03-06 08:29:14 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-03-06 08:28:15 752640 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-03-06 08:15:54 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-03-06 08:11:41 5784064 ----a-w- C:\Windows\System32\jscript9.dll
2014-03-06 08:02:34 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-03-06 08:02:33 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-03-06 08:01:01 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-03-06 07:56:43 38400 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-03-06 07:46:36 4254720 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-03-06 07:38:13 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-03-06 07:36:40 592896 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-03-06 07:13:43 32256 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-03-06 07:11:15 2043904 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-03-06 06:40:39 1967104 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-03-06 06:22:40 2260480 ----a-w- C:\Windows\System32\wininet.dll
2014-03-06 05:41:49 1789440 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-03-04 09:47:01 5550016 ----a-w- C:\Windows\System32\ntoskrnl.exe
2014-03-04 09:44:21 362496 ----a-w- C:\Windows\System32\wow64win.dll
2014-03-04 09:44:21 243712 ----a-w- C:\Windows\System32\wow64.dll
2014-03-04 09:44:21 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2014-03-04 09:44:20 39936 ----a-w- C:\Windows\System32\wincredprovider.dll
2014-03-04 09:44:10 210944 ----a-w- C:\Windows\System32\wdigest.dll
2014-03-04 09:44:08 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2014-03-04 09:44:06 340992 ----a-w- C:\Windows\System32\schannel.dll
2014-03-04 09:44:03 722944 ----a-w- C:\Windows\System32\objsel.dll
2014-03-04 09:44:03 314880 ----a-w- C:\Windows\System32\msv1_0.dll
2014-03-04 09:44:03 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2014-03-04 09:44:00 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-03-04 09:44:00 424960 ----a-w- C:\Windows\System32\KernelBase.dll
2014-03-04 09:43:56 57344 ----a-w- C:\Windows\System32\cngprovider.dll
2014-03-04 09:43:56 52736 ----a-w- C:\Windows\System32\dpapiprovider.dll
2014-03-04 09:43:56 44544 ----a-w- C:\Windows\System32\dimsroam.dll
2014-03-04 09:43:56 22016 ----a-w- C:\Windows\System32\credssp.dll
2014-03-04 09:43:55 56832 ----a-w- C:\Windows\System32\adprovider.dll
2014-03-04 09:43:55 53760 ----a-w- C:\Windows\System32\capiprovider.dll
2014-03-04 09:43:50 455168 ----a-w- C:\Windows\System32\winlogon.exe
2014-03-04 09:20:11 3969984 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2014-03-04 09:20:11 3914176 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2014-03-04 09:16:54 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2014-03-04 09:16:18 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2014-03-04 09:16:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2014-03-04 08:09:30 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2014-03-04 08:09:29 2048 ----a-w- C:\Windows\SysWow64\user.exe
.
============= FINISH: 22:03:35,27 ===============
 
 
3. I don't have an original windows CD.
 
Thanks for the help! =)


#4 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:04:50 PM

Posted 17 May 2014 - 01:33 PM

Hello jezustepaard,
 
My name is Cody and I'll be helping you clean up your computer. :)
 
I will reply as soon as possible (typically within 24 hours). In turn, I ask that you please respond within 72 hours. If you know you will be away longer than that, I just ask for notice ahead of time.
 
Please do note any time differences between us. If I do not respond within 48 hours, feel free to send me a private message.
 
==========================================================================
 
Some points for you to keep in mind:
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Do not attach logs or use code boxes, just copy and paste the text.
  • Periodically update me on the condition of your computer, and provide detail in every post.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • Once things seem to be working again, please do not abandon the thread. I will give an "all-clean" message at the very end with some additional information on how to stay malware-free.
  • Lastly, I would like to remind you that most members here are volunteers, and sometimes "real life" can get in the way of our malware hunt. I will notify you if I know I will need to be away for longer than 48 hours.
NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planned. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

==========================================================================

Farbar Recovery Scan Tool (FRST)
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen.
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
==========================================================================

Also, please change the password on both your email and video game account, along with any other accounts you want to avoid being potentially compromised.

==========================================================================

What I'd like to see in your next post:
  • FRST Scan log
  • Confirmation of password change

Edited by TheShooter93, 17 May 2014 - 02:30 PM.

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#5 Jezustepaard

Jezustepaard
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:50 PM

Posted 18 May 2014 - 05:41 AM

Hi Cody Thanks for helping me =)

 

Here are the scan logs and iI've changed the passwords.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-05-2014
Ran by Joey (administrator) on JOEY-PC on 18-05-2014 12:38:41
Running from C:\Users\Joey\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Dutch Standard
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(AMD) C:\Windows\System32\atiesrxx.exe
(Egis Technology Inc. ) C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(CyberLink) C:\Program Files (x86)\Cyberlink\MediaEspresso\DeviceDetector\DeviceDetector.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13353064 2011-11-14] (Realtek Semiconductor)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-06-22] (Egis Technology Inc.)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-02] (Symantec Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-11-09] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [103768 2009-09-12] (Citrix Systems, Inc.)
HKU\.DEFAULT\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-1097324902-2733340136-445737211-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6563608 2014-01-06] (SUPERAntiSpyware)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files (x86)\SolarWinds Log and Event Manager Reports\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 212.54.40.25 212.54.35.25
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
Chrome: 
=======
CHR HomePage: hxxp://isearch.avg.com/?cid={F0CCA943-CD8C-4561-BC1B-FC1B85FCA02E}&mid=7ffbd51661ff47d199eed1543442f7e0-06ce4fc639803a2e3563922518183d8e94088cb9&lang=nl&ds=AVG&pr=fr&d=2012-06-25 10:05:51&v=11.1.0.7&sap=hp
CHR StartupUrls: "https://www.google.nl/"
CHR Extension: (Google Documenten) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-12]
CHR Extension: (Google Drive) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-12]
CHR Extension: (YouTube) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-12]
CHR Extension: (Google Zoeken) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-12]
CHR Extension: (Google Wallet) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-12]
CHR Extension: (Gmail) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-12]
 
==================== Services (Whitelisted) =================
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-11] (SUPERAntiSpyware.com)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2014-05-12] (SurfRight B.V.)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-07] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [199272 2012-02-22] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-03-17] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [185792 2014-03-17] (McAfee, Inc.)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-02] (Symantec Corporation)
 
==================== Drivers (Whitelisted) ====================
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70592 2014-03-17] (McAfee, Inc.)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [180272 2014-03-17] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311600 2014-03-17] (McAfee, Inc.)
U3 mfeavfk01; No ImagePath
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [522360 2014-03-17] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [783864 2014-03-17] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [100912 2012-02-22] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [345456 2014-03-17] (McAfee, Inc.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S0 hitmanpro37duringboot; system32\drivers\hitmanpro37.sys [X]
U4 WPM; 
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-05-18 12:38 - 2014-05-18 12:38 - 00012533 _____ () C:\Users\Joey\Desktop\FRST.txt
2014-05-18 12:38 - 2014-05-18 12:38 - 00000000 ____D () C:\FRST
2014-05-18 12:36 - 2014-05-18 12:36 - 02067456 _____ (Farbar) C:\Users\Joey\Desktop\FRST64.exe
2014-05-15 21:54 - 2014-05-15 22:03 - 00026117 _____ () C:\Users\Joey\Desktop\dds.txt
2014-05-15 21:54 - 2014-05-15 22:03 - 00009710 _____ () C:\Users\Joey\Desktop\attach.txt
2014-05-15 21:54 - 2014-05-15 21:54 - 00688992 ____R (Swearware) C:\Users\Joey\Desktop\dds.com
2014-05-14 19:42 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-14 19:42 - 2014-05-06 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-14 19:42 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-14 19:42 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-14 19:42 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-14 19:42 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-14 19:22 - 2014-05-14 19:24 - 55526407 _____ () C:\Users\Joey\Downloads\SolarWinds-NTA-v4.0.1-Eval.zip
2014-05-14 18:08 - 2014-05-14 18:08 - 00000000 ____D () C:\Users\Joey\.businessobjects
2014-05-14 17:48 - 2014-05-14 17:48 - 00000000 ____D () C:\Users\Joey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SolarWinds Log and Event Manager
2014-05-14 17:48 - 2014-05-14 17:48 - 00000000 ____D () C:\Program Files (x86)\SolarWinds Log and Event Manager Reports
2014-05-14 17:47 - 2014-05-14 17:47 - 00000000 ____D () C:\Users\Joey\AppData\Local\Downloaded Installations
2014-05-14 17:47 - 2014-05-14 17:47 - 00000000 ____D () C:\Program Files (x86)\Business Objects
2014-05-14 17:44 - 2014-05-14 17:45 - 00000000 ____D () C:\Users\Joey\Desktop\SolarWinds Log and Event Manager
2014-05-14 17:24 - 2014-05-14 17:44 - 1377136901 _____ (SolarWinds, support@solarwinds.com) C:\Users\Joey\Downloads\SolarWinds-LEM-v5.7.0-Evaluation-VMware-p1520.exe
2014-05-14 08:02 - 2014-05-09 08:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-14 08:02 - 2014-05-09 08:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-14 08:02 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-14 08:02 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-14 08:02 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-14 08:02 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-14 08:02 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-14 08:02 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-14 08:02 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-14 08:02 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-14 08:02 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-14 08:02 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-14 08:02 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-14 08:02 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-14 08:02 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-14 08:02 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-14 08:02 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-14 08:02 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-14 08:02 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-14 08:02 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-14 08:02 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-14 08:02 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-14 08:02 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-14 08:02 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-14 08:02 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-14 08:02 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-14 08:02 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-14 08:02 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-14 08:02 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-14 08:02 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-14 08:02 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-14 08:02 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-14 08:02 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-14 08:02 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-14 08:02 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-14 08:02 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-14 08:02 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-14 08:02 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-14 08:02 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-14 08:02 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-14 08:02 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-14 08:02 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-14 08:02 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-14 08:02 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-14 08:02 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-14 00:25 - 2014-05-14 00:27 - 00000000 ____D () C:\Users\Joey\AppData\Roaming\ICAClient
2014-05-14 00:25 - 2014-05-14 00:25 - 00000000 ____D () C:\Users\Joey\AppData\Local\Citrix
2014-05-14 00:25 - 2014-05-14 00:25 - 00000000 ____D () C:\ProgramData\Citrix
2014-05-14 00:25 - 2014-05-14 00:25 - 00000000 ____D () C:\Program Files (x86)\Citrix
2014-05-14 00:24 - 2014-05-14 00:25 - 11605360 _____ (Citrix Systems, Inc.) C:\Users\Joey\Downloads\CitrixOnlinePluginWeb.exe
2014-05-12 21:16 - 2014-05-12 21:16 - 00032354 _____ () C:\ComboFix.txt
2014-05-12 20:13 - 2014-05-15 20:21 - 00002207 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-12 20:13 - 2014-05-12 20:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-05-12 20:12 - 2014-05-18 12:31 - 00001048 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-12 20:12 - 2014-05-17 19:17 - 00001052 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-12 20:12 - 2014-05-12 20:12 - 00004048 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-12 20:12 - 2014-05-12 20:12 - 00003796 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-12 17:21 - 2014-05-12 17:47 - 00012053 _____ () C:\Users\Joey\Desktop\hijackthis.log
2014-05-12 17:17 - 2014-05-12 17:17 - 00012060 _____ () C:\Users\Joey\Downloads\hijackthis.log
2014-05-12 17:14 - 2014-05-12 17:14 - 00218112 _____ (Soeperman Enterprises Ltd.) C:\Users\Joey\Desktop\hijackthis.exe
2014-05-12 17:06 - 2014-05-12 17:06 - 02406064 _____ (Trend Micro Inc.) C:\Users\Joey\Downloads\HousecallLauncher64.exe
2014-05-12 17:06 - 2014-05-12 17:06 - 00000036 _____ () C:\Users\Joey\AppData\Local\housecall.guid.cache
2014-05-12 15:47 - 2014-05-12 15:47 - 00003722 _____ () C:\Windows\system32\.crusader
2014-05-12 15:44 - 2014-05-12 15:44 - 00001883 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2014-05-12 15:44 - 2014-05-12 15:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2014-05-12 15:44 - 2014-05-12 15:44 - 00000000 ____D () C:\Program Files\HitmanPro
2014-05-12 15:43 - 2014-05-12 15:48 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-05-12 15:43 - 2014-05-12 15:43 - 10971424 _____ (SurfRight B.V.) C:\Users\Joey\Downloads\HitmanPro36_x64.exe
2014-05-12 15:43 - 2014-05-12 15:43 - 09096848 _____ (SurfRight B.V.) C:\Users\Joey\Downloads\HitmanPro36.exe
2014-05-12 15:32 - 2014-05-12 15:32 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-12 15:32 - 2014-05-12 15:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-12 15:32 - 2014-05-12 15:32 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-12 15:32 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 15:32 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 15:32 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-12 15:31 - 2014-05-12 15:31 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Joey\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-11 21:23 - 2014-05-12 20:05 - 00000000 ____D () C:\Users\Joey\AppData\Roaming\vlc
2014-05-11 21:23 - 2014-05-11 21:37 - 00003120 _____ () C:\Windows\System32\Tasks\Advanced System Protector_startup
2014-05-11 21:23 - 2014-05-11 21:23 - 00001070 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-05-11 21:23 - 2014-05-11 21:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-05-11 21:22 - 2014-05-11 21:40 - 00000000 ____D () C:\ProgramData\Systweak
2014-05-11 21:22 - 2014-05-11 21:22 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-05-11 21:22 - 2012-07-25 12:03 - 00016896 _____ () C:\Windows\system32\sasnative64.exe
2014-05-11 21:20 - 2014-05-11 21:40 - 00000000 ____D () C:\Users\Joey\AppData\Roaming\Systweak
2014-05-11 21:20 - 2014-05-11 21:20 - 00003314 _____ () C:\Windows\System32\Tasks\Advanced System Protector
2014-05-11 21:20 - 2014-05-11 21:20 - 00003108 _____ () C:\Windows\System32\Tasks\RegClean Pro
2014-05-11 21:20 - 2014-05-11 21:20 - 00000000 ____D () C:\Users\Joey\AppData\Local\cache
2014-05-11 21:20 - 2014-05-11 21:20 - 00000000 ____D () C:\Users\Joey\.android
2014-05-11 21:20 - 2014-05-11 21:20 - 00000000 _____ () C:\Users\Joey\daemonprocess.txt
2014-05-11 21:17 - 2014-05-11 21:21 - 24677393 _____ () C:\Users\Joey\Downloads\vlc-2.1.3-win32.exe
2014-05-11 21:14 - 2014-05-12 19:30 - 00000000 ____D () C:\SUPERDelete
2014-05-11 21:02 - 2014-05-11 21:49 - 00000000 ____D () C:\Users\Joey\AppData\Roaming\sweet-page
2014-05-11 20:54 - 2014-05-11 20:54 - 00000000 ____D () C:\Users\Joey\AppData\Local\{B0E13FE3-F50F-438B-B08C-AB03DC71BC11}
2014-05-11 20:54 - 2014-05-11 20:54 - 00000000 ____D () C:\Users\Joey\AppData\Local\{A166113B-9735-448A-B736-627D1F0FB0BE}
2014-05-11 20:52 - 2014-05-11 20:52 - 00003150 _____ () C:\Windows\System32\Tasks\{3E589D94-47F2-4602-B4B5-FB961031159E}
2014-05-11 20:52 - 2014-05-11 20:52 - 00001003 _____ () C:\Windows\wmsetup.log
2014-05-11 20:42 - 2014-05-11 20:49 - 134200562 _____ () C:\Users\Joey\Desktop\bandicam 2014-05-11 19-39-22-464.avi
2014-05-10 21:15 - 2014-05-10 21:18 - 00000000 ____D () C:\AdwCleaner
2014-05-10 21:15 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-05-10 17:07 - 2014-05-17 17:07 - 00000508 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 60b613de-6afe-400a-b5a5-5eaa7524e8db.job
2014-05-10 17:07 - 2014-05-10 18:25 - 00000508 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 66e76b43-cc23-4575-8582-a8d353f90f82.job
2014-05-10 17:07 - 2014-05-10 17:07 - 00003578 _____ () C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 66e76b43-cc23-4575-8582-a8d353f90f82
2014-05-10 17:07 - 2014-05-10 17:07 - 00003504 _____ () C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 60b613de-6afe-400a-b5a5-5eaa7524e8db
2014-05-10 17:07 - 2014-05-10 17:07 - 00001812 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
2014-05-10 17:07 - 2014-05-10 17:07 - 00000000 ____D () C:\Users\Joey\AppData\Roaming\SUPERAntiSpyware.com
2014-05-10 17:07 - 2014-05-10 17:07 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-05-10 17:07 - 2014-05-10 17:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-05-10 17:07 - 2014-05-10 17:07 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-05-10 17:06 - 2014-05-10 17:07 - 19032152 _____ (SUPERAntiSpyware) C:\Users\Joey\Downloads\SUPERAntiSpyware.exe
2014-05-10 14:57 - 2014-05-10 14:58 - 05200347 ____R (Swearware) C:\Users\Joey\Desktop\ComboFix.exe
2014-05-08 13:40 - 2014-05-08 13:42 - 00014360 _____ () C:\Users\Joey\Documents\Fitnesstrainer 1.odt
2014-05-08 12:50 - 2014-05-08 12:50 - 00001473 _____ () C:\Users\Joey\Desktop\AALO verslag.lnk
2014-05-07 19:51 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-05-07 19:51 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-05-07 19:51 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-05-07 19:51 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-05-07 19:51 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-05-07 19:51 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-05-07 19:51 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-05-07 19:51 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-05-07 19:36 - 2014-05-07 19:36 - 00000000 ____D () C:\Users\Joey\AppData\Roaming\LavasoftStatistics
2014-05-07 19:34 - 2014-05-07 19:34 - 00000000 __SHD () C:\Users\Joey\AppData\Local\EmieUserList
2014-05-07 19:34 - 2014-05-07 19:34 - 00000000 __SHD () C:\Users\Joey\AppData\Local\EmieSiteList
2014-05-07 19:30 - 2014-05-12 21:16 - 00000000 ____D () C:\Qoobox
2014-05-07 19:29 - 2014-05-07 19:59 - 00000000 ____D () C:\Windows\erdnt
2014-05-06 21:46 - 2013-11-05 14:38 - 01122304 _____ (The OpenSSL Project, http://www.openssl.org/) C:\Windows\SysWOW64\libeay32.dll
2014-05-06 21:46 - 2013-11-05 14:38 - 00274432 _____ (The OpenSSL Project, http://www.openssl.org/) C:\Windows\SysWOW64\ssleay32.dll
2014-05-06 21:46 - 2012-12-10 11:04 - 00356352 _____ (eSellerate Inc.) C:\Windows\eSellerateEngine.dll
2014-05-06 21:46 - 2012-12-10 11:04 - 00081920 _____ (eSellerate Inc.) C:\Windows\eSellerateControl350.dll
2014-05-06 20:16 - 2014-05-07 19:48 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-05-06 16:26 - 2014-05-06 16:26 - 00000000 ____D () C:\Users\Joey\AppData\Local\EgisTec
2014-05-06 16:19 - 2014-05-06 16:19 - 00000000 ____D () C:\Program Files (x86)\Lavasoft
2014-05-06 16:17 - 2014-05-06 16:17 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-05-06 09:46 - 2014-05-15 17:30 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-05 20:07 - 2014-05-05 23:05 - 00005085 _____ () C:\Users\Joey\Desktop\open solicitatie body action.odt
2014-05-05 19:44 - 2014-05-05 19:47 - 00007053 _____ () C:\Users\Joey\Documents\Curriculum Vitae Joey de Nijs.odt
2014-05-05 00:27 - 2014-05-14 08:02 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-05 00:27 - 2014-05-14 08:01 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-04 17:47 - 2014-05-04 17:47 - 00000162 ____H () C:\Users\Joey\Documents\~$SLB P3.odt
2014-05-04 16:01 - 2009-06-10 23:00 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20140504-160106.backup
2014-05-03 19:22 - 2014-05-10 15:00 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-05-03 19:12 - 2014-05-03 19:12 - 00000000 ____D () C:\Users\Joey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Surveillance Pro v7.2
2014-05-03 19:12 - 2013-10-28 07:53 - 00036625 _____ () C:\Windows\prfsmgr.chm
2014-05-03 19:11 - 2014-05-03 19:11 - 06246400 _____ ( ) C:\Windows\sspro.exe
2014-05-03 19:11 - 2014-05-03 19:11 - 00224256 _____ (GPS) C:\Windows\svcreng.dll
2014-05-03 19:11 - 2014-05-03 19:11 - 00024576 _____ () C:\Windows\svcextend32.exe
2014-05-03 19:11 - 2014-05-03 19:11 - 00000000 ___HD () C:\Windows\CoreComp
2014-05-03 19:11 - 2012-12-12 18:29 - 01970176 _____ (Chilkat Software, Inc.) C:\Windows\SysWOW64\ChilkatXml.dll
2014-05-03 19:11 - 2012-12-12 18:27 - 02121728 _____ (Chilkat Software, Inc.) C:\Windows\SysWOW64\ChilkatHttp.dll
2014-05-03 19:11 - 2012-08-06 17:39 - 02555904 _____ (Chilkat Software, Inc.) C:\Windows\SysWOW64\ChilkatMail2.dll
2014-05-03 19:11 - 2012-08-06 17:39 - 02416640 _____ (Chilkat Software, Inc.) C:\Windows\SysWOW64\ChilkatZip2.dll
2014-05-03 19:11 - 2012-08-06 17:39 - 00647168 _____ (Chilkat Software, Inc.) C:\Windows\SysWOW64\CkString.dll
2014-05-03 19:11 - 2012-08-06 17:38 - 01576960 _____ (Chilkat Software, Inc.) C:\Windows\SysWOW64\ChilkatCrypt2.dll
2014-05-03 19:11 - 2012-08-06 17:38 - 00720896 _____ (Chilkat Software, Inc.) C:\Windows\SysWOW64\HtmlToXml.dll
2014-05-03 19:11 - 2012-05-25 11:28 - 02746400 _____ (Codejock Software) C:\Windows\SysWOW64\Codejock.CommandBars.v15.3.1.ocx
2014-05-03 19:11 - 2012-05-25 11:28 - 01931296 _____ (Codejock Software) C:\Windows\SysWOW64\Codejock.Controls.v15.3.1.ocx
2014-05-03 19:11 - 2012-05-25 11:28 - 01427488 _____ (Codejock Software) C:\Windows\SysWOW64\Codejock.ReportControl.v15.3.1.ocx
2014-05-03 19:11 - 2012-05-25 11:28 - 00899104 _____ (Codejock Software) C:\Windows\SysWOW64\Codejock.TaskPanel.v15.3.1.ocx
2014-05-03 19:11 - 2012-05-25 11:28 - 00837664 _____ (Codejock Software) C:\Windows\SysWOW64\Codejock.DockingPane.v15.3.1.ocx
2014-05-03 19:11 - 2012-05-25 11:28 - 00780320 _____ (Codejock Software) C:\Windows\SysWOW64\Codejock.Markup.v15.3.1.ocx
2014-05-03 19:11 - 2012-05-25 11:27 - 02672672 _____ (Codejock Software) C:\Windows\SysWOW64\Codejock.Calendar.v15.3.1.ocx
2014-05-03 19:11 - 2011-03-25 16:52 - 02196992 _____ (Debenu Pty Ltd) C:\Windows\SysWOW64\QuickPDFAX0724.dll
2014-05-03 19:11 - 2011-02-21 17:25 - 02323520 _____ (gdpicture.com) C:\Windows\SysWOW64\gdpicturepro5.ocx
2014-05-03 19:11 - 2009-11-29 21:09 - 00453632 _____ () C:\Windows\SysWOW64\SetACL.ocx
2014-05-03 19:11 - 2005-03-19 13:40 - 00196608 _____ (Personal) C:\Windows\SysWOW64\VBSplitter.ocx
2014-05-03 19:11 - 2002-08-21 17:26 - 00102469 _____ (Microsoft) C:\Windows\SysWOW64\VBPrnDlg.dll
2014-05-03 19:10 - 2014-05-07 19:33 - 00004021 _____ () C:\Windows\memgprep.dll
2014-05-03 19:10 - 2014-05-03 19:13 - 00000000 ____D () C:\Windows\ServiceLECache
2014-05-03 19:10 - 2014-05-03 19:11 - 00591360 _____ (GP Systems Integration) C:\Windows\utimcache.exe
2014-05-03 19:10 - 2014-05-03 19:10 - 03586560 _____ (GP Systems Integration) C:\Windows\diskediag.exe
2014-05-03 19:10 - 2014-05-03 19:10 - 00646144 _____ (GP Systems Integration) C:\Windows\sysnadr64.exe
2014-05-03 19:10 - 2014-05-03 19:10 - 00420864 _____ (GP Systems Integration) C:\Windows\stidraw32.exe
2014-05-03 19:10 - 2011-03-27 21:21 - 00000304 _____ () C:\Windows\km32hlpr.dll
2014-05-03 19:10 - 2011-03-06 13:03 - 00000000 _____ () C:\Windows\wnsperf32.dll
2014-05-03 19:10 - 2010-08-21 15:03 - 00000000 _____ () C:\Windows\winid332.dll
2014-05-03 19:10 - 2010-08-21 15:03 - 00000000 _____ () C:\Windows\stdensrv.dll
2014-05-03 19:10 - 2010-08-21 15:03 - 00000000 _____ () C:\Windows\cr2gui32.dll
2014-05-03 19:10 - 2010-08-21 15:02 - 00000000 _____ () C:\Windows\javexisa.dll
2014-05-03 19:10 - 2010-04-17 09:35 - 00000000 _____ () C:\Windows\javexisb.dll
2014-05-03 19:06 - 2014-05-03 19:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MNS 4.2
2014-05-03 16:45 - 2014-05-07 19:48 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-05-03 16:45 - 2014-05-07 19:36 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-05-03 16:45 - 2014-05-03 16:45 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-05-02 22:13 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-02 22:13 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-02 22:13 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-02 22:13 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-02 22:13 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-02 22:13 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-02 22:13 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-02 22:13 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-02 22:13 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-02 22:13 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-02 22:13 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-02 22:13 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-02 22:13 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-02 22:13 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-02 22:13 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-02 22:13 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-02 22:13 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-02 22:13 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-05-02 22:13 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-02 22:13 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-02 22:13 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-02 22:13 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-02 22:13 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-02 22:13 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-02 22:13 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-02 22:13 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-02 22:13 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-02 22:13 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-05-02 22:13 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-02 22:13 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-02 22:13 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-02 22:13 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-02 22:13 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-02 22:13 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-02 22:13 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-02 22:13 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-02 22:13 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-02 22:13 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-02 22:13 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-02 22:13 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-02 22:13 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-02 22:13 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-05-02 22:13 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-02 22:13 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-24 20:58 - 2014-04-24 20:58 - 00027599 _____ () C:\Users\Joey\Documents\hotmail.odt
2014-04-24 15:12 - 2014-05-06 09:34 - 00180640 _____ () C:\Users\Joey\Desktop\SLB P3 Joey de Nijs (541022) 1C3.odt
2014-04-24 14:54 - 2014-04-24 14:54 - 01188352 _____ () C:\Users\Joey\Downloads\SLB jaar 1 P3 en P4 (1).ppt
2014-04-24 14:08 - 2014-04-24 14:08 - 01188352 _____ () C:\Users\Joey\Downloads\SLB jaar 1 P3 en P4.ppt
2014-04-24 11:34 - 2014-05-11 21:38 - 00000000 ____D () C:\Users\Joey\AppData\Roaming\Skype
2014-04-22 17:49 - 2014-04-22 17:49 - 00233267 _____ () C:\Users\Joey\Desktop\H2 Interne analyse verbeterd.odt
2014-04-18 20:31 - 2014-04-18 20:31 - 00000000 ____D () C:\Users\Joey\Documents\Freestyle Gunz
 
==================== One Month Modified Files and Folders =======
 
2014-05-18 12:38 - 2014-05-18 12:38 - 00012533 _____ () C:\Users\Joey\Desktop\FRST.txt
2014-05-18 12:38 - 2014-05-18 12:38 - 00000000 ____D () C:\FRST
2014-05-18 12:36 - 2014-05-18 12:36 - 02067456 _____ (Farbar) C:\Users\Joey\Desktop\FRST64.exe
2014-05-18 12:31 - 2014-05-12 20:12 - 00001048 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-18 12:31 - 2014-04-07 00:32 - 00000828 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2014-05-18 12:29 - 2009-07-14 06:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-18 12:29 - 2009-07-14 06:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-18 12:25 - 2014-04-07 00:19 - 01211785 _____ () C:\Windows\WindowsUpdate.log
2014-05-18 12:21 - 2012-03-07 08:59 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-18 12:21 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-18 12:21 - 2009-07-14 06:51 - 00057606 _____ () C:\Windows\setupact.log
2014-05-17 19:17 - 2014-05-12 20:12 - 00001052 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-17 19:17 - 2012-03-07 08:59 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-17 17:07 - 2014-05-10 17:07 - 00000508 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 60b613de-6afe-400a-b5a5-5eaa7524e8db.job
2014-05-17 16:34 - 2014-04-07 09:11 - 00000043 _____ () C:\Users\Joey\jagex_cl_runescape_LIVE.dat
2014-05-15 23:39 - 2014-04-07 15:44 - 00027845 _____ () C:\Users\Joey\Desktop\Weekplan.xlsx
2014-05-15 22:03 - 2014-05-15 21:54 - 00026117 _____ () C:\Users\Joey\Desktop\dds.txt
2014-05-15 22:03 - 2014-05-15 21:54 - 00009710 _____ () C:\Users\Joey\Desktop\attach.txt
2014-05-15 21:54 - 2014-05-15 21:54 - 00688992 ____R (Swearware) C:\Users\Joey\Desktop\dds.com
2014-05-15 20:21 - 2014-05-12 20:13 - 00002207 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-15 17:32 - 2014-04-07 01:02 - 00000000 ___RD () C:\Users\Joey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-15 17:32 - 2014-04-07 01:02 - 00000000 ___RD () C:\Users\Joey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-15 17:31 - 2009-07-14 06:45 - 00418064 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-15 17:30 - 2014-05-06 09:46 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-14 19:43 - 2014-04-07 08:35 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-14 19:24 - 2014-05-14 19:22 - 55526407 _____ () C:\Users\Joey\Downloads\SolarWinds-NTA-v4.0.1-Eval.zip
2014-05-14 18:16 - 2014-04-07 01:00 - 00109456 _____ () C:\Users\Joey\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-14 18:08 - 2014-05-14 18:08 - 00000000 ____D () C:\Users\Joey\.businessobjects
2014-05-14 18:08 - 2014-04-07 00:59 - 00000000 ____D () C:\Users\Joey
2014-05-14 17:48 - 2014-05-14 17:48 - 00000000 ____D () C:\Users\Joey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SolarWinds Log and Event Manager
2014-05-14 17:48 - 2014-05-14 17:48 - 00000000 ____D () C:\Program Files (x86)\SolarWinds Log and Event Manager Reports
2014-05-14 17:47 - 2014-05-14 17:47 - 00000000 ____D () C:\Users\Joey\AppData\Local\Downloaded Installations
2014-05-14 17:47 - 2014-05-14 17:47 - 00000000 ____D () C:\Program Files (x86)\Business Objects
2014-05-14 17:47 - 2009-07-14 04:34 - 00017486 _____ () C:\Windows\system32\Drivers\etc\services
2014-05-14 17:45 - 2014-05-14 17:44 - 00000000 ____D () C:\Users\Joey\Desktop\SolarWinds Log and Event Manager
2014-05-14 17:44 - 2014-05-14 17:24 - 1377136901 _____ (SolarWinds, support@solarwinds.com) C:\Users\Joey\Downloads\SolarWinds-LEM-v5.7.0-Evaluation-VMware-p1520.exe
2014-05-14 08:02 - 2014-05-05 00:27 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-14 08:01 - 2014-05-05 00:27 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-14 00:27 - 2014-05-14 00:25 - 00000000 ____D () C:\Users\Joey\AppData\Roaming\ICAClient
2014-05-14 00:25 - 2014-05-14 00:25 - 00000000 ____D () C:\Users\Joey\AppData\Local\Citrix
2014-05-14 00:25 - 2014-05-14 00:25 - 00000000 ____D () C:\ProgramData\Citrix
2014-05-14 00:25 - 2014-05-14 00:25 - 00000000 ____D () C:\Program Files (x86)\Citrix
2014-05-14 00:25 - 2014-05-14 00:24 - 11605360 _____ (Citrix Systems, Inc.) C:\Users\Joey\Downloads\CitrixOnlinePluginWeb.exe
2014-05-13 19:59 - 2014-04-07 00:32 - 00000830 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2014-05-13 19:27 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-05-13 08:19 - 2010-11-21 05:47 - 00507282 _____ () C:\Windows\PFRO.log
2014-05-12 21:16 - 2014-05-12 21:16 - 00032354 _____ () C:\ComboFix.txt
2014-05-12 21:16 - 2014-05-07 19:30 - 00000000 ____D () C:\Qoobox
2014-05-12 21:15 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-05-12 20:13 - 2014-05-12 20:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-05-12 20:13 - 2014-04-07 13:17 - 00000000 ____D () C:\Users\Joey\AppData\Local\Google
2014-05-12 20:13 - 2014-04-07 13:17 - 00000000 ____D () C:\Program Files (x86)\Google
2014-05-12 20:12 - 2014-05-12 20:12 - 00004048 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-12 20:12 - 2014-05-12 20:12 - 00003796 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-12 20:12 - 2014-04-07 13:16 - 00000000 ____D () C:\Users\Joey\AppData\Local\Deployment
2014-05-12 20:12 - 2014-04-07 13:16 - 00000000 ____D () C:\Users\Joey\AppData\Local\Apps\2.0
2014-05-12 20:05 - 2014-05-11 21:23 - 00000000 ____D () C:\Users\Joey\AppData\Roaming\vlc
2014-05-12 20:02 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-05-12 19:30 - 2014-05-11 21:14 - 00000000 ____D () C:\SUPERDelete
2014-05-12 17:47 - 2014-05-12 17:21 - 00012053 _____ () C:\Users\Joey\Desktop\hijackthis.log
2014-05-12 17:17 - 2014-05-12 17:17 - 00012060 _____ () C:\Users\Joey\Downloads\hijackthis.log
2014-05-12 17:15 - 2014-04-07 01:00 - 00000000 ____D () C:\Users\Joey\AppData\Local\VirtualStore
2014-05-12 17:14 - 2014-05-12 17:14 - 00218112 _____ (Soeperman Enterprises Ltd.) C:\Users\Joey\Desktop\hijackthis.exe
2014-05-12 17:06 - 2014-05-12 17:06 - 02406064 _____ (Trend Micro Inc.) C:\Users\Joey\Downloads\HousecallLauncher64.exe
2014-05-12 17:06 - 2014-05-12 17:06 - 00000036 _____ () C:\Users\Joey\AppData\Local\housecall.guid.cache
2014-05-12 15:48 - 2014-05-12 15:43 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-05-12 15:47 - 2014-05-12 15:47 - 00003722 _____ () C:\Windows\system32\.crusader
2014-05-12 15:44 - 2014-05-12 15:44 - 00001883 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2014-05-12 15:44 - 2014-05-12 15:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2014-05-12 15:44 - 2014-05-12 15:44 - 00000000 ____D () C:\Program Files\HitmanPro
2014-05-12 15:43 - 2014-05-12 15:43 - 10971424 _____ (SurfRight B.V.) C:\Users\Joey\Downloads\HitmanPro36_x64.exe
2014-05-12 15:43 - 2014-05-12 15:43 - 09096848 _____ (SurfRight B.V.) C:\Users\Joey\Downloads\HitmanPro36.exe
2014-05-12 15:32 - 2014-05-12 15:32 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-12 15:32 - 2014-05-12 15:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-12 15:32 - 2014-05-12 15:32 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-12 15:32 - 2014-04-07 13:21 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-12 15:31 - 2014-05-12 15:31 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Joey\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-12 15:27 - 2012-03-07 08:29 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-05-11 21:49 - 2014-05-11 21:02 - 00000000 ____D () C:\Users\Joey\AppData\Roaming\sweet-page
2014-05-11 21:48 - 2014-04-07 01:02 - 00001405 _____ () C:\Users\Joey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-05-11 21:40 - 2014-05-11 21:22 - 00000000 ____D () C:\ProgramData\Systweak
2014-05-11 21:40 - 2014-05-11 21:20 - 00000000 ____D () C:\Users\Joey\AppData\Roaming\Systweak
2014-05-11 21:38 - 2014-04-24 11:34 - 00000000 ____D () C:\Users\Joey\AppData\Roaming\Skype
2014-05-11 21:37 - 2014-05-11 21:23 - 00003120 _____ () C:\Windows\System32\Tasks\Advanced System Protector_startup
2014-05-11 21:23 - 2014-05-11 21:23 - 00001070 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-05-11 21:23 - 2014-05-11 21:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-05-11 21:22 - 2014-05-11 21:22 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-05-11 21:21 - 2014-05-11 21:17 - 24677393 _____ () C:\Users\Joey\Downloads\vlc-2.1.3-win32.exe
2014-05-11 21:20 - 2014-05-11 21:20 - 00003314 _____ () C:\Windows\System32\Tasks\Advanced System Protector
2014-05-11 21:20 - 2014-05-11 21:20 - 00003108 _____ () C:\Windows\System32\Tasks\RegClean Pro
2014-05-11 21:20 - 2014-05-11 21:20 - 00000000 ____D () C:\Users\Joey\AppData\Local\cache
2014-05-11 21:20 - 2014-05-11 21:20 - 00000000 ____D () C:\Users\Joey\.android
2014-05-11 21:20 - 2014-05-11 21:20 - 00000000 _____ () C:\Users\Joey\daemonprocess.txt
2014-05-11 20:54 - 2014-05-11 20:54 - 00000000 ____D () C:\Users\Joey\AppData\Local\{B0E13FE3-F50F-438B-B08C-AB03DC71BC11}
2014-05-11 20:54 - 2014-05-11 20:54 - 00000000 ____D () C:\Users\Joey\AppData\Local\{A166113B-9735-448A-B736-627D1F0FB0BE}
2014-05-11 20:54 - 2010-11-21 09:16 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-05-11 20:52 - 2014-05-11 20:52 - 00003150 _____ () C:\Windows\System32\Tasks\{3E589D94-47F2-4602-B4B5-FB961031159E}
2014-05-11 20:52 - 2014-05-11 20:52 - 00001003 _____ () C:\Windows\wmsetup.log
2014-05-11 20:49 - 2014-05-11 20:42 - 134200562 _____ () C:\Users\Joey\Desktop\bandicam 2014-05-11 19-39-22-464.avi
2014-05-11 19:50 - 2014-04-17 17:51 - 00000000 ____D () C:\Program Files (x86)\Freestyle GunZ
2014-05-10 21:18 - 2014-05-10 21:15 - 00000000 ____D () C:\AdwCleaner
2014-05-10 18:25 - 2014-05-10 17:07 - 00000508 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 66e76b43-cc23-4575-8582-a8d353f90f82.job
2014-05-10 17:07 - 2014-05-10 17:07 - 00003578 _____ () C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 66e76b43-cc23-4575-8582-a8d353f90f82
2014-05-10 17:07 - 2014-05-10 17:07 - 00003504 _____ () C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 60b613de-6afe-400a-b5a5-5eaa7524e8db
2014-05-10 17:07 - 2014-05-10 17:07 - 00001812 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
2014-05-10 17:07 - 2014-05-10 17:07 - 00000000 ____D () C:\Users\Joey\AppData\Roaming\SUPERAntiSpyware.com
2014-05-10 17:07 - 2014-05-10 17:07 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-05-10 17:07 - 2014-05-10 17:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-05-10 17:07 - 2014-05-10 17:07 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-05-10 17:07 - 2014-05-10 17:06 - 19032152 _____ (SUPERAntiSpyware) C:\Users\Joey\Downloads\SUPERAntiSpyware.exe
2014-05-10 15:00 - 2014-05-03 19:22 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-05-10 14:58 - 2014-05-10 14:57 - 05200347 ____R (Swearware) C:\Users\Joey\Desktop\ComboFix.exe
2014-05-09 08:14 - 2014-05-14 08:02 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 08:11 - 2014-05-14 08:02 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-08 21:31 - 2014-04-07 09:16 - 00000043 _____ () C:\Users\Joey\jagex_cl_oldschool_LIVE.dat
2014-05-08 15:19 - 2014-04-07 10:12 - 00745020 _____ () C:\Windows\system32\perfh013.dat
2014-05-08 15:19 - 2014-04-07 10:12 - 00152972 _____ () C:\Windows\system32\perfc013.dat
2014-05-08 15:19 - 2009-07-14 07:13 - 01668596 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-08 13:42 - 2014-05-08 13:40 - 00014360 _____ () C:\Users\Joey\Documents\Fitnesstrainer 1.odt
2014-05-08 13:36 - 2014-04-07 08:35 - 00000000 ____D () C:\Users\Joey\AppData\Local\Microsoft Help
2014-05-08 12:50 - 2014-05-08 12:50 - 00001473 _____ () C:\Users\Joey\Desktop\AALO verslag.lnk
2014-05-07 20:00 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-05-07 19:59 - 2014-05-07 19:29 - 00000000 ____D () C:\Windows\erdnt
2014-05-07 19:49 - 2012-03-07 08:26 - 00000000 ____D () C:\ProgramData\McAfee
2014-05-07 19:49 - 2012-03-07 08:26 - 00000000 ____D () C:\Program Files\mcafee
2014-05-07 19:49 - 2012-03-07 08:26 - 00000000 ____D () C:\Program Files\Common Files\mcafee
2014-05-07 19:49 - 2012-03-07 08:26 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-05-07 19:48 - 2014-05-06 20:16 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-05-07 19:48 - 2014-05-03 16:45 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-05-07 19:48 - 2014-04-07 14:43 - 00000000 ____D () C:\ProgramData\AVG2014
2014-05-07 19:48 - 2014-04-07 13:46 - 00000000 ____D () C:\ProgramData\MFAData
2014-05-07 19:42 - 2014-04-07 13:46 - 00000000 ____D () C:\Users\Joey\AppData\Local\Avg2014
2014-05-07 19:41 - 2014-04-07 15:44 - 00000000 ____D () C:\Users\Joey\Desktop\Motivation
2014-05-07 19:39 - 2014-04-07 14:43 - 00000000 ____D () C:\$AVG
2014-05-07 19:36 - 2014-05-07 19:36 - 00000000 ____D () C:\Users\Joey\AppData\Roaming\LavasoftStatistics
2014-05-07 19:36 - 2014-05-03 16:45 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-05-07 19:34 - 2014-05-07 19:34 - 00000000 __SHD () C:\Users\Joey\AppData\Local\EmieUserList
2014-05-07 19:34 - 2014-05-07 19:34 - 00000000 __SHD () C:\Users\Joey\AppData\Local\EmieSiteList
2014-05-07 19:33 - 2014-05-03 19:10 - 00004021 _____ () C:\Windows\memgprep.dll
2014-05-06 16:31 - 2012-03-07 08:47 - 00000000 ____D () C:\Windows\tr
2014-05-06 16:26 - 2014-05-06 16:26 - 00000000 ____D () C:\Users\Joey\AppData\Local\EgisTec
2014-05-06 16:19 - 2014-05-06 16:19 - 00000000 ____D () C:\Program Files (x86)\Lavasoft
2014-05-06 16:17 - 2014-05-06 16:17 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-05-06 09:34 - 2014-04-24 15:12 - 00180640 _____ () C:\Users\Joey\Desktop\SLB P3 Joey de Nijs (541022) 1C3.odt
2014-05-06 06:40 - 2014-05-14 19:42 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 06:17 - 2014-05-14 19:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 05:25 - 2014-05-14 19:42 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-06 05:07 - 2014-05-14 19:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-06 05:00 - 2014-05-14 19:42 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-06 04:10 - 2014-05-14 19:42 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-05 23:05 - 2014-05-05 20:07 - 00005085 _____ () C:\Users\Joey\Desktop\open solicitatie body action.odt
2014-05-05 19:47 - 2014-05-05 19:44 - 00007053 _____ () C:\Users\Joey\Documents\Curriculum Vitae Joey de Nijs.odt
2014-05-04 17:47 - 2014-05-04 17:47 - 00000162 ____H () C:\Users\Joey\Documents\~$SLB P3.odt
2014-05-04 15:44 - 2014-04-15 22:20 - 00000000 ____D () C:\Program Files (x86)\SwiftKit
2014-05-03 19:13 - 2014-05-03 19:10 - 00000000 ____D () C:\Windows\ServiceLECache
2014-05-03 19:12 - 2014-05-03 19:12 - 00000000 ____D () C:\Users\Joey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Surveillance Pro v7.2
2014-05-03 19:11 - 2014-05-03 19:11 - 06246400 _____ ( ) C:\Windows\sspro.exe
2014-05-03 19:11 - 2014-05-03 19:11 - 00224256 _____ (GPS) C:\Windows\svcreng.dll
2014-05-03 19:11 - 2014-05-03 19:11 - 00024576 _____ () C:\Windows\svcextend32.exe
2014-05-03 19:11 - 2014-05-03 19:11 - 00000000 ___HD () C:\Windows\CoreComp
2014-05-03 19:11 - 2014-05-03 19:10 - 00591360 _____ (GP Systems Integration) C:\Windows\utimcache.exe
2014-05-03 19:10 - 2014-05-03 19:10 - 03586560 _____ (GP Systems Integration) C:\Windows\diskediag.exe
2014-05-03 19:10 - 2014-05-03 19:10 - 00646144 _____ (GP Systems Integration) C:\Windows\sysnadr64.exe
2014-05-03 19:10 - 2014-05-03 19:10 - 00420864 _____ (GP Systems Integration) C:\Windows\stidraw32.exe
2014-05-03 19:06 - 2014-05-03 19:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MNS 4.2
2014-05-03 16:45 - 2014-05-03 16:45 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-05-03 10:33 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-04-25 00:16 - 2014-04-16 13:41 - 00000000 ____D () C:\Users\Joey\Desktop\Periode 4
2014-04-24 20:58 - 2014-04-24 20:58 - 00027599 _____ () C:\Users\Joey\Documents\hotmail.odt
2014-04-24 14:54 - 2014-04-24 14:54 - 01188352 _____ () C:\Users\Joey\Downloads\SLB jaar 1 P3 en P4 (1).ppt
2014-04-24 14:08 - 2014-04-24 14:08 - 01188352 _____ () C:\Users\Joey\Downloads\SLB jaar 1 P3 en P4.ppt
2014-04-24 11:34 - 2014-04-07 10:12 - 00002691 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-04-24 11:34 - 2014-04-07 10:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-04-24 11:34 - 2012-03-07 08:26 - 00000000 ____D () C:\ProgramData\Skype
2014-04-22 17:49 - 2014-04-22 17:49 - 00233267 _____ () C:\Users\Joey\Desktop\H2 Interne analyse verbeterd.odt
2014-04-18 20:31 - 2014-04-18 20:31 - 00000000 ____D () C:\Users\Joey\Documents\Freestyle Gunz
 
Files to move or delete:
====================
C:\Users\Joey\jagex_cl_oldschool_LIVE.dat
C:\Users\Joey\jagex_cl_runescape_LIVE.dat
C:\Users\Joey\random.dat
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe
[2014-05-14 08:02] - [2014-03-04 11:43] - 0455168 ____A (Microsoft Corporation) 88AB9B72B4BF3963A0DE0820B4B0B06C
 
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-05-13 19:19
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-05-2014
Ran by Joey at 2014-05-18 12:39:14
Running from C:\Users\Joey\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: McAfeeAntivirus en antispyware (Disabled - Up to date) {86355677-4064-3EA7-ABB3-1B136EB04637}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfeeAntivirus en antispyware (Disabled - Up to date) {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfeeFirewall (Disabled) {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
 
==================== Installed Programs ======================
 
 clear.fi SDK - MVP 2 (x32 Version: 2.0.1505 - CyberLink Corp.) Hidden
 clear.fi SDK- Movie 2 (x32 Version: 2.0.1502 - CyberLink Corp.) Hidden
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3507 - Acer Incorporated)
Acer Games (HKLM-x32\...\WildTangent acer Master Uninstall) (Version: 1.0.2.5 - WildTangent)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.04.3506 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0609.2011 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3501 - Acer Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19120 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 2.6.0.19120 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 ActiveX 64-bit (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.2.202.222 - Adobe Systems Incorporated)
Adobe Reader X (10.1.0) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.0 - Adobe Systems Incorporated)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden
AMD APP SDK Runtime (Version: 10.0.831.4 - Advanced Micro Devices Inc.) Hidden
AMD AVIVO64 Codecs (Version: 11.7.0.11109 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{3F2E3651-6FF9-7D20-63F1-B41B69FD90FB}) (Version: 3.0.855.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.61109.2218 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (x32 Version: 2011.1109.2212.39826 - Uw bedrijfsnaam) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2011.1109.2212.39826 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2011.1109.2212.39826 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2011.1109.2211.39826 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2011.1109.2211.39826 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2011.1109.2211.39826 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2011.1109.2211.39826 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2011.1109.2211.39826 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2011.1109.2211.39826 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2011.1109.2211.39826 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2011.1109.2211.39826 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2011.1109.2211.39826 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2011.1109.2211.39826 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2011.1109.2211.39826 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2011.1109.2211.39826 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2011.1109.2211.39826 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2011.1109.2211.39826 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2011.1109.2211.39826 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2011.1109.2211.39826 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2011.1109.2211.39826 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2011.1109.2211.39826 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2011.1109.2211.39826 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2011.1109.2211.39826 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2011.1109.2211.39826 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2011.1109.2211.39826 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2011.1109.2212.39826 - Advanced Micro Devices, Inc.) Hidden
Citrix online plug-in - web (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 11.2.0.31560 - Citrix Systems, Inc.)
Citrix online plug-in (DV) (x32 Version: 11.2.0.31560 - Citrix Systems, Inc.) Hidden
Citrix online plug-in (HDX) (x32 Version: 11.2.0.31560 - Citrix Systems, Inc.) Hidden
Citrix online plug-in (USB) (x32 Version: 11.2.0.31560 - Citrix Systems, Inc.) Hidden
Citrix online plug-in (Web) (x32 Version: 11.2.0.31560 - Citrix Systems, Inc.) Hidden
clear.fi Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.00.3004 - Acer Incorporated)
clear.fi Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.00.3004 - Acer Incorporated)
Crystal Reports v11 Runtime (HKLM-x32\...\{DDE752E5-1980-41A6-AB7D-019D49A77950}) (Version: 4.0.0002 - TriGeo Network Security, Inc.)
CyberLink MediaEspresso (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.1720_38230 - CyberLink Corp.)
CyberLink MediaEspresso (x32 Version: 6.5.1720_38230 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{349F73CA-653A-43A6-AE77-970B07D6EDA0}) (Version:  - Microsoft)
eBay Worldwide (HKLM-x32\...\{D3E5A972-9A15-427D-AE78-8181A5FD943C}) (Version: 2.2.0409 - OEM)
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
Final Drive: Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Freestyle GunZ version 7.0 (HKLM-x32\...\{B46FB5E0-11F2-4C63-A2A5-32E30106CD0C}_is1) (Version: 7.0 - FreestylersWorld)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotogràfica del Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.137 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
HijackThis 1.99.1 (HKLM-x32\...\HijackThis) (Version: 1.99.1 - Soeperman Enterprises Ltd.)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.216 - SurfRight B.V.)
Hotkey Utility (HKLM-x32\...\Hotkey Utility) (Version: 2.05.3510 - Acer Incorporated)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Acer Incorporated)
Insaniquarium Deluxe (x32 Version: 2.2.0.97 - WildTangent) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.35342 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.2.1410 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.1.209 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Jewel Quest Mysteries: The Seventh Gate Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware versie 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Access MUI (Dutch) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (Dutch) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (Dutch) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (Dutch) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (Dutch) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (Dutch) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (Dutch) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Dutch) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (Dutch) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (Dutch) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (Dutch) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (Dutch) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (Dutch) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MyWinLocker (Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.18 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.18 - Egis Technology Inc.) Hidden
Nero Control Center 10 (x32 Version: 10.6.13200.0.12 - Nero AG) Hidden
Nero ControlCenter 10 Help (CHM) (x32 Version: 10.6.10800 - Nero AG) Hidden
Nero Core Components 10 (x32 Version: 2.0.20500.9.16 - Nero AG) Hidden
Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.4.10500.1.100 - Nero AG)
Nero DiscSpeed 10 Help (CHM) (x32 Version: 10.6.10700 - Nero AG) Hidden
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.6.10700.5.100 - Nero AG)
Nero Express 10 Help (CHM) (x32 Version: 10.6.10700 - Nero AG) Hidden
Nero Multimedia Suite 10 Essentials (HKLM-x32\...\{62BF4BD3-B1F6-4FA2-8388-CC0647ACBF86}) (Version: 10.6.10300 - Nero AG)
Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.6.10600.4.100 - Nero AG)
Nero StartSmart 10 Help (CHM) (x32 Version: 10.6.10700 - Nero AG) Hidden
Nero Update (x32 Version: 11.0.10022.15.0 - Nero AG) Hidden
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6505 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Slingo Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
SolarWinds Log and Event Manager Reports (HKLM-x32\...\{F1594066-22DF-4B63-88BD-9CBD0596E137}) (Version: 5.7.0002 - SolarWinds)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1018 - SUPERAntiSpyware.com)
Torchlight (x32 Version: 2.2.0.98 - WildTangent) Hidden
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{C70D2038-A2C4-4A99-87DE-5272BB44F0CE}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0413-0000-0000000FF1CE}_Office14.PROPLUSR_{2CDD05C4-26E6-4125-8499-EB6D800614EE}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0413-0000-0000000FF1CE}_Office14.PROPLUSR_{F071F40F-CBA0-452D-A1CB-3F327CC8DF66}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.97 - WildTangent) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Wedding Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3507 - Acer Incorporated)
WildTangent Games App (Acer Games) (x32 Version: 4.0.5.32 - WildTangent) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogaléria (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalleri (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotoğraf Galerisi (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotótár (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Galeria de Fotos (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Galerija fotografija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Корпорация Майкрософт) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Temel Parçalar (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 影像中心 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 程式集 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven asennustyökalu (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven sähköposti (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven valokuvavalikoima (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
 
==================== Restore Points  =========================
 
07-05-2014 17:35:27 AA11
07-05-2014 17:37:21 avast! antivirus system restore point
07-05-2014 17:38:26 Removed AVG 2014
07-05-2014 17:42:20 Removed AVG 2014
10-05-2014 10:54:45 Windows Update
10-05-2014 19:07:30 OTL Restore Point - 10-5-2014 21:07:27
11-05-2014 19:30:46 RegClean Pro zo, mei 11, 14  21:30
12-05-2014 13:26:23 Removed Fooz Kids
12-05-2014 13:27:00 Removed Fooz Kids Platform
12-05-2014 13:27:38 AVG PC TuneUp 2014 is verwijderd
12-05-2014 13:28:05 AVG PC TuneUp 2014 (nl-NL) is verwijderd
12-05-2014 13:29:32 Removed MSXML 4.0 SP2 (KB973688)
12-05-2014 16:32:34 Removed Evernote v. 4.5.2
14-05-2014 05:59:26 Windows Update
14-05-2014 17:41:20 Windows Update
 
==================== Hosts content: ==========================
 
2009-07-14 04:34 - 2014-05-12 15:38 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {0BB31211-A9D4-46F2-92E6-E762EBC6F5A5} - System32\Tasks\SUPERAntiSpyware Scheduled Task 66e76b43-cc23-4575-8582-a8d353f90f82 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {1E89F138-80BD-42AC-AE53-539214310D4F} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\Cyberlink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2011-05-20] (CyberLink)
Task: {2642B25E-8228-46A3-A92C-18E97AC478AE} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2011-03-29] (Egis Technology Inc.)
Task: {271C196A-AEB8-4559-AE23-9A4031FD4B1A} - System32\Tasks\Advanced System Protector_startup => C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe <==== ATTENTION
Task: {354B0841-C693-4C8E-8957-EE45B084CA32} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {35BD9F35-EE70-44C2-B932-2707FDF5654A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-12] (Google Inc.)
Task: {592D74B2-EDE7-4E22-B48C-72C74BC1E4F5} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2011-03-29] (Egis Technology Inc.)
Task: {69F67F8A-1EA4-4B56-954D-F3B53DC4DC23} - System32\Tasks\SUPERAntiSpyware Scheduled Task 60b613de-6afe-400a-b5a5-5eaa7524e8db => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {6CA9FDEF-5A47-4A7D-95B3-ACB71027D1D2} - System32\Tasks\Recovery Management\Burn Notification => C:\Program Files\Acer\Acer eRecovery Management\NotificationCenter\Notification.exe [2012-01-19] (Acer)
Task: {729F17B1-6F71-41F8-A8B7-D34C7AE92BAD} - System32\Tasks\Advanced System Protector => C:\Program Files (x86)\RegClean Pro\SystweakASP.exe <==== ATTENTION
Task: {773E19B3-3166-4DCB-A156-2ABF64A458E9} - System32\Tasks\Adobe-online actualiseringsprogramma => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-06-06] (Adobe Systems Incorporated)
Task: {ADF00ECC-D939-4947-9227-915EA93EA96A} - System32\Tasks\UALU notificatin => C:\Program Files\Acer\Acer Updater\UALU.exe [2012-02-07] (Acer Incorporated)
Task: {AED6BDCA-87C6-4711-AF42-98FCB0F9A271} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-12] (Google Inc.)
Task: {BBA26CE4-4E65-413F-80C9-D3523E80B205} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
Task: {C4251F8A-F291-4AF6-9B86-A57F3BA40E8B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-07] (Adobe Systems Incorporated)
Task: {F3B45AFE-1368-4825-916F-5C4A62289DBA} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {F456CA7E-B284-4DEF-B3A4-BB8C1527F2C7} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {F8C48515-B23E-4720-ADE6-41CF494B4F4E} - System32\Tasks\RegClean Pro => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 60b613de-6afe-400a-b5a5-5eaa7524e8db.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 66e76b43-cc23-4575-8582-a8d353f90f82.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-04-07 00:32 - 2012-02-07 12:04 - 00128280 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2014-04-07 13:54 - 2014-04-07 13:54 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\b162055347700182d96325676dd591c4\IsdiInterop.ni.dll
2014-04-07 00:31 - 2011-11-29 20:00 - 00059392 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2014-04-07 00:32 - 2012-02-07 11:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2014-05-15 20:20 - 2014-05-08 01:29 - 00065352 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\chrome_elf.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2014-05-15 20:20 - 2014-05-08 01:29 - 00674632 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\libglesv2.dll
2014-05-15 20:20 - 2014-05-08 01:29 - 00093000 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\libegl.dll
2014-05-15 20:20 - 2014-05-08 01:29 - 04081480 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\pdf.dll
2014-05-15 20:20 - 2014-05-08 01:29 - 00390472 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\ppGoogleNaClPluginChrome.dll
2014-05-15 20:20 - 2014-05-08 01:29 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\ffmpegsumo.dll
2014-05-15 20:20 - 2014-05-08 01:29 - 13695816 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
 
==================== EXE Association (whitelisted) =============
 
 
==================== Disabled items from MSCONFIG ==============
 
MSCONFIG\startupreg: Hotkey Utility => C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
MSCONFIG\startupreg: MemoryMangerExi => C:\Windows\diskediag.exe
MSCONFIG\startupreg: mobilegeni daemon => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/18/2014 00:23:55 PM) (Source: McLogEvent) (EventID: 5022) (User: NT AUTHORITY)
Description: MCSCAN32 Engine Initialisation failed.
Engine returned error : 1
 
Error: (05/18/2014 00:23:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/17/2014 04:28:33 PM) (Source: McLogEvent) (EventID: 5022) (User: NT AUTHORITY)
Description: MCSCAN32 Engine Initialisation failed.
Engine returned error : 1
 
Error: (05/17/2014 04:27:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/17/2014 11:38:40 AM) (Source: McLogEvent) (EventID: 5022) (User: NT AUTHORITY)
Description: MCSCAN32 Engine Initialisation failed.
Engine returned error : 1
 
Error: (05/17/2014 11:38:09 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/16/2014 01:27:28 PM) (Source: McLogEvent) (EventID: 5022) (User: NT AUTHORITY)
Description: MCSCAN32 Engine Initialisation failed.
Engine returned error : 1
 
Error: (05/16/2014 01:26:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/15/2014 08:42:14 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to compile: System.ServiceModel, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x80070020
 
Error: (05/15/2014 08:40:41 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to compile: System.ServiceModel, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x80070020
 
 
System errors:
=============
Error: (05/12/2014 09:15:15 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: De PEVSystemStart-service staat aangeduid als een interactieve service. Het systeem is echter zodanig geconfigureerd dat interactieve services niet zijn toegestaan. Deze service werkt mogelijk niet juist.
 
Error: (05/12/2014 09:13:55 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: De PEVSystemStart-service staat aangeduid als een interactieve service. Het systeem is echter zodanig geconfigureerd dat interactieve services niet zijn toegestaan. Deze service werkt mogelijk niet juist.
 
Error: (05/12/2014 09:06:59 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
 
Error: (05/12/2014 08:54:59 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: De PEVSystemStart-service staat aangeduid als een interactieve service. Het systeem is echter zodanig geconfigureerd dat interactieve services niet zijn toegestaan. Deze service werkt mogelijk niet juist.
 
Error: (05/12/2014 08:53:29 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: De PEVSystemStart-service staat aangeduid als een interactieve service. Het systeem is echter zodanig geconfigureerd dat interactieve services niet zijn toegestaan. Deze service werkt mogelijk niet juist.
 
Error: (05/12/2014 06:01:15 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: De PEVSystemStart-service staat aangeduid als een interactieve service. Het systeem is echter zodanig geconfigureerd dat interactieve services niet zijn toegestaan. Deze service werkt mogelijk niet juist.
 
Error: (05/12/2014 05:59:43 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: De PEVSystemStart-service staat aangeduid als een interactieve service. Het systeem is echter zodanig geconfigureerd dat interactieve services niet zijn toegestaan. Deze service werkt mogelijk niet juist.
 
Error: (05/12/2014 05:41:52 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: De PEVSystemStart-service staat aangeduid als een interactieve service. Het systeem is echter zodanig geconfigureerd dat interactieve services niet zijn toegestaan. Deze service werkt mogelijk niet juist.
 
Error: (05/12/2014 05:40:03 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: De PEVSystemStart-service staat aangeduid als een interactieve service. Het systeem is echter zodanig geconfigureerd dat interactieve services niet zijn toegestaan. Deze service werkt mogelijk niet juist.
 
Error: (05/12/2014 03:49:19 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: De HitmanPro 3.7 Crusader (Boot)-service is gestopt met de specifieke servicefout %%0.
 
 
Microsoft Office Sessions:
=========================
Error: (05/18/2014 00:23:55 PM) (Source: McLogEvent) (EventID: 5022) (User: NT AUTHORITY)
Description: 1
 
Error: (05/18/2014 00:23:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/17/2014 04:28:33 PM) (Source: McLogEvent) (EventID: 5022) (User: NT AUTHORITY)
Description: 1
 
Error: (05/17/2014 04:27:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/17/2014 11:38:40 AM) (Source: McLogEvent) (EventID: 5022) (User: NT AUTHORITY)
Description: 1
 
Error: (05/17/2014 11:38:09 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/16/2014 01:27:28 PM) (Source: McLogEvent) (EventID: 5022) (User: NT AUTHORITY)
Description: 1
 
Error: (05/16/2014 01:26:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/15/2014 08:42:14 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to compile: System.ServiceModel, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x80070020 
System.ServiceModel, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
 
Error: (05/15/2014 08:40:41 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to compile: System.ServiceModel, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x80070020 
System.ServiceModel, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-05-12 15:38:07.759
  Description: De integriteit van de kopie van het bestand \Device\HarddiskVolume3\ComboFix\catchme.sys kan niet worden geverifieerd omdat de bestands-hash niet is gevonden op het systeem. Tijdens een recente hardware- of softwarewijziging is mogelijk een bestand geïnstalleerd dat onjuist ondertekend of beschadigd is, of dat mogelijk kwaadwillende software van een onbekende bron is.
 
  Date: 2014-05-12 15:38:07.712
  Description: De integriteit van de kopie van het bestand \Device\HarddiskVolume3\ComboFix\catchme.sys kan niet worden geverifieerd omdat de bestands-hash niet is gevonden op het systeem. Tijdens een recente hardware- of softwarewijziging is mogelijk een bestand geïnstalleerd dat onjuist ondertekend of beschadigd is, of dat mogelijk kwaadwillende software van een onbekende bron is.
 
  Date: 2014-05-12 15:38:07.665
  Description: De integriteit van de kopie van het bestand \Device\HarddiskVolume3\ComboFix\catchme.sys kan niet worden geverifieerd omdat de bestands-hash niet is gevonden op het systeem. Tijdens een recente hardware- of softwarewijziging is mogelijk een bestand geïnstalleerd dat onjuist ondertekend of beschadigd is, of dat mogelijk kwaadwillende software van een onbekende bron is.
 
  Date: 2014-05-12 15:38:07.478
  Description: De integriteit van de kopie van het bestand \Device\HarddiskVolume3\ComboFix\catchme.sys kan niet worden geverifieerd omdat de bestands-hash niet is gevonden op het systeem. Tijdens een recente hardware- of softwarewijziging is mogelijk een bestand geïnstalleerd dat onjuist ondertekend of beschadigd is, of dat mogelijk kwaadwillende software van een onbekende bron is.
 
  Date: 2014-05-07 19:58:13.763
  Description: De integriteit van de kopie van het bestand \Device\HarddiskVolume3\ComboFix\catchme.sys kan niet worden geverifieerd omdat de bestands-hash niet is gevonden op het systeem. Tijdens een recente hardware- of softwarewijziging is mogelijk een bestand geïnstalleerd dat onjuist ondertekend of beschadigd is, of dat mogelijk kwaadwillende software van een onbekende bron is.
 
  Date: 2014-05-07 19:58:13.724
  Description: De integriteit van de kopie van het bestand \Device\HarddiskVolume3\ComboFix\catchme.sys kan niet worden geverifieerd omdat de bestands-hash niet is gevonden op het systeem. Tijdens een recente hardware- of softwarewijziging is mogelijk een bestand geïnstalleerd dat onjuist ondertekend of beschadigd is, of dat mogelijk kwaadwillende software van een onbekende bron is.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 21%
Total physical RAM: 8139.2 MB
Available physical RAM: 6362.71 MB
Total Pagefile: 16276.59 MB
Available Pagefile: 14248.89 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: (Acer) (Fixed) (Total:456.45 GB) (Free:390.7 GB) NTFS
Drive d: (DATA) (Fixed) (Total:456.96 GB) (Free:456.81 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 444E9252)
Partition 1: (Not Active) - (Size=18 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=456 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=457 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#6 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:04:50 PM

Posted 18 May 2014 - 08:35 PM

Hello,

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt

CHR HomePage: hxxp://isearch.avg.com/?cid={F0CCA943-CD8C-4561-BC1B-FC1B85FCA02E}&mid=7ffbd51661ff47d199eed1543442f7e0-06ce4fc639803a2e3563922518183d8e94088cb9&lang=nl&ds=AVG&pr=fr&d=2012-06-25 10:05:51&v=11.1.0.7&sap=hp
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.

Please provide a fresh FRST log in your next reply as well.

===================================================

Also, your logs indicate that you have "registry cleaners/optimizers" installed on your computer.

Registry Cleaners

You should never use registry cleaners, optimizers, etc.

While the programs claim to speed up your computer, they can actually wreck havoc on them and even corrupt the operating system so the system cannot boot.

The use of these programs may or may not be related to problems you're experiencing.

===================================================

Lastly, some advice about passwords:

Password Security
 
I suspect that one or more of your passwords have been cracked. It's something that is very easily done in most cases, unfortunately.
 
A site such as How Secure is My Password shows an expected time (by their calculations - I'm not saying it's entirely accurate) it would take for a desktop computer to crack an input string of characters.
 
When you change your password or create new ones in the future, I highly suggest using as many keys as possible including the following:

  • upper and lower case letters
  • numbers
  • special characters

A good example of this would be Bl33p!nGc0mput3R! which according to the website I linked, would take 931 trillion years to crack - not bad. Though usually you wouldn't want to make the password a familiar name such as this, even with the inclusion of number and special characters.

===================================================

What I'd like to see in your next response:  :thumbup2:

  • Fixlog.txt
  • Fresh FRST scan log

Edited by TheShooter93, 19 May 2014 - 08:37 AM.

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#7 Jezustepaard

Jezustepaard
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:50 PM

Posted 19 May 2014 - 12:34 PM

Hello, 

 

Here's the fresh log:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-05-2014
Ran by Joey (administrator) on JOEY-PC on 19-05-2014 19:32:03
Running from C:\Users\Joey\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Dutch Standard
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Egis Technology Inc. ) C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(CyberLink) C:\Program Files (x86)\Cyberlink\MediaEspresso\DeviceDetector\DeviceDetector.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13353064 2011-11-14] (Realtek Semiconductor)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-06-22] (Egis Technology Inc.)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-02] (Symantec Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-11-09] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [103768 2009-09-12] (Citrix Systems, Inc.)
HKU\.DEFAULT\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 212.54.40.25 212.54.35.25
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
Chrome: 
=======
CHR HomePage: hxxp://isearch.avg.com/?cid={F0CCA943-CD8C-4561-BC1B-FC1B85FCA02E}&mid=7ffbd51661ff47d199eed1543442f7e0-06ce4fc639803a2e3563922518183d8e94088cb9&lang=nl&ds=AVG&pr=fr&d=2012-06-25 10:05:51&v=11.1.0.7&sap=hp
CHR StartupUrls: "https://www.google.nl/"
CHR Extension: (Google Documenten) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-12]
CHR Extension: (Google Drive) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-12]
CHR Extension: (YouTube) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-12]
CHR Extension: (Google Zoeken) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-12]
CHR Extension: (Google Wallet) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-12]
CHR Extension: (Gmail) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-12]
 
==================== Services (Whitelisted) =================
 
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-07] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [199272 2012-02-22] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-03-17] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [185792 2014-03-17] (McAfee, Inc.)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-02] (Symantec Corporation)
 
==================== Drivers (Whitelisted) ====================
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70592 2014-03-17] (McAfee, Inc.)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [180272 2014-03-17] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311600 2014-03-17] (McAfee, Inc.)
U3 mfeavfk01; No ImagePath
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [522360 2014-03-17] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [783864 2014-03-17] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [100912 2012-02-22] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [345456 2014-03-17] (McAfee, Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S0 hitmanpro37duringboot; system32\drivers\hitmanpro37.sys [X]
U4 WPM; 
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-05-18 12:42 - 2014-05-18 12:43 - 50703877 _____ () C:\Users\Joey\Desktop\Nieuwe gecomprimeerde (gezipte) map.zip
2014-05-18 12:39 - 2014-05-18 12:39 - 00046931 _____ () C:\Users\Joey\Desktop\Addition.txt
2014-05-18 12:38 - 2014-05-19 19:32 - 00011522 _____ () C:\Users\Joey\Desktop\FRST.txt
2014-05-18 12:38 - 2014-05-19 19:32 - 00000000 ____D () C:\FRST
2014-05-18 12:36 - 2014-05-18 12:36 - 02067456 _____ (Farbar) C:\Users\Joey\Desktop\FRST64.exe
2014-05-15 21:54 - 2014-05-15 22:03 - 00026117 _____ () C:\Users\Joey\Desktop\dds.txt
2014-05-15 21:54 - 2014-05-15 22:03 - 00009710 _____ () C:\Users\Joey\Desktop\attach.txt
2014-05-15 21:54 - 2014-05-15 21:54 - 00688992 ____R (Swearware) C:\Users\Joey\Desktop\dds.com
2014-05-14 19:42 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-14 19:42 - 2014-05-06 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-14 19:42 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-14 19:42 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-14 19:42 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-14 19:42 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-14 19:22 - 2014-05-14 19:24 - 55526407 _____ () C:\Users\Joey\Downloads\SolarWinds-NTA-v4.0.1-Eval.zip
2014-05-14 18:08 - 2014-05-14 18:08 - 00000000 ____D () C:\Users\Joey\.businessobjects
2014-05-14 17:47 - 2014-05-14 17:47 - 00000000 ____D () C:\Users\Joey\AppData\Local\Downloaded Installations
2014-05-14 17:44 - 2014-05-14 17:45 - 00000000 ____D () C:\Users\Joey\Desktop\SolarWinds Log and Event Manager
2014-05-14 17:24 - 2014-05-14 17:44 - 1377136901 _____ (SolarWinds, support@solarwinds.com) C:\Users\Joey\Downloads\SolarWinds-LEM-v5.7.0-Evaluation-VMware-p1520.exe
2014-05-14 08:02 - 2014-05-09 08:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-14 08:02 - 2014-05-09 08:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-14 08:02 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-14 08:02 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-14 08:02 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-14 08:02 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-14 08:02 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-14 08:02 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-14 08:02 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-14 08:02 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-14 08:02 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-14 08:02 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-14 08:02 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-14 08:02 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-14 08:02 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-14 08:02 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-14 08:02 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-14 08:02 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-14 08:02 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-14 08:02 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-14 08:02 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-14 08:02 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-14 08:02 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-14 08:02 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-14 08:02 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-14 08:02 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-14 08:02 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-14 08:02 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-14 08:02 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-14 08:02 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-14 08:02 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-14 08:02 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-14 08:02 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-14 08:02 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-14 08:02 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-14 08:02 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-14 08:02 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-14 08:02 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-14 08:02 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-14 08:02 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-14 08:02 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-14 08:02 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-14 08:02 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-14 08:02 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-14 08:02 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-14 00:25 - 2014-05-14 00:27 - 00000000 ____D () C:\Users\Joey\AppData\Roaming\ICAClient
2014-05-14 00:25 - 2014-05-14 00:25 - 00000000 ____D () C:\Users\Joey\AppData\Local\Citrix
2014-05-14 00:25 - 2014-05-14 00:25 - 00000000 ____D () C:\ProgramData\Citrix
2014-05-14 00:25 - 2014-05-14 00:25 - 00000000 ____D () C:\Program Files (x86)\Citrix
2014-05-14 00:24 - 2014-05-14 00:25 - 11605360 _____ (Citrix Systems, Inc.) C:\Users\Joey\Downloads\CitrixOnlinePluginWeb.exe
2014-05-12 21:16 - 2014-05-12 21:16 - 00032354 _____ () C:\ComboFix.txt
2014-05-12 20:13 - 2014-05-15 20:21 - 00002207 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-12 20:13 - 2014-05-12 20:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-05-12 20:12 - 2014-05-19 18:17 - 00001052 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-12 20:12 - 2014-05-19 17:41 - 00001048 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-12 20:12 - 2014-05-12 20:12 - 00004048 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-12 20:12 - 2014-05-12 20:12 - 00003796 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-12 17:21 - 2014-05-12 17:47 - 00012053 _____ () C:\Users\Joey\Desktop\hijackthis.log
2014-05-12 17:17 - 2014-05-12 17:17 - 00012060 _____ () C:\Users\Joey\Downloads\hijackthis.log
2014-05-12 17:14 - 2014-05-12 17:14 - 00218112 _____ (Soeperman Enterprises Ltd.) C:\Users\Joey\Desktop\hijackthis.exe
2014-05-12 17:06 - 2014-05-12 17:06 - 02406064 _____ (Trend Micro Inc.) C:\Users\Joey\Downloads\HousecallLauncher64.exe
2014-05-12 17:06 - 2014-05-12 17:06 - 00000036 _____ () C:\Users\Joey\AppData\Local\housecall.guid.cache
2014-05-12 15:47 - 2014-05-12 15:47 - 00003722 _____ () C:\Windows\system32\.crusader
2014-05-12 15:43 - 2014-05-12 15:48 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-05-12 15:43 - 2014-05-12 15:43 - 10971424 _____ (SurfRight B.V.) C:\Users\Joey\Downloads\HitmanPro36_x64.exe
2014-05-12 15:43 - 2014-05-12 15:43 - 09096848 _____ (SurfRight B.V.) C:\Users\Joey\Downloads\HitmanPro36.exe
2014-05-12 15:31 - 2014-05-12 15:31 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Joey\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-11 21:23 - 2014-05-12 20:05 - 00000000 ____D () C:\Users\Joey\AppData\Roaming\vlc
2014-05-11 21:23 - 2014-05-11 21:37 - 00003120 _____ () C:\Windows\System32\Tasks\Advanced System Protector_startup
2014-05-11 21:23 - 2014-05-11 21:23 - 00001070 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-05-11 21:23 - 2014-05-11 21:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-05-11 21:22 - 2014-05-11 21:40 - 00000000 ____D () C:\ProgramData\Systweak
2014-05-11 21:22 - 2014-05-11 21:22 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-05-11 21:22 - 2012-07-25 12:03 - 00016896 _____ () C:\Windows\system32\sasnative64.exe
2014-05-11 21:20 - 2014-05-11 21:40 - 00000000 ____D () C:\Users\Joey\AppData\Roaming\Systweak
2014-05-11 21:20 - 2014-05-11 21:20 - 00003314 _____ () C:\Windows\System32\Tasks\Advanced System Protector
2014-05-11 21:20 - 2014-05-11 21:20 - 00003108 _____ () C:\Windows\System32\Tasks\RegClean Pro
2014-05-11 21:20 - 2014-05-11 21:20 - 00000000 ____D () C:\Users\Joey\AppData\Local\cache
2014-05-11 21:20 - 2014-05-11 21:20 - 00000000 ____D () C:\Users\Joey\.android
2014-05-11 21:20 - 2014-05-11 21:20 - 00000000 _____ () C:\Users\Joey\daemonprocess.txt
2014-05-11 21:17 - 2014-05-11 21:21 - 24677393 _____ () C:\Users\Joey\Downloads\vlc-2.1.3-win32.exe
2014-05-11 21:14 - 2014-05-12 19:30 - 00000000 ____D () C:\SUPERDelete
2014-05-11 21:02 - 2014-05-11 21:49 - 00000000 ____D () C:\Users\Joey\AppData\Roaming\sweet-page
2014-05-11 20:54 - 2014-05-11 20:54 - 00000000 ____D () C:\Users\Joey\AppData\Local\{B0E13FE3-F50F-438B-B08C-AB03DC71BC11}
2014-05-11 20:54 - 2014-05-11 20:54 - 00000000 ____D () C:\Users\Joey\AppData\Local\{A166113B-9735-448A-B736-627D1F0FB0BE}
2014-05-11 20:52 - 2014-05-11 20:52 - 00003150 _____ () C:\Windows\System32\Tasks\{3E589D94-47F2-4602-B4B5-FB961031159E}
2014-05-11 20:52 - 2014-05-11 20:52 - 00001003 _____ () C:\Windows\wmsetup.log
2014-05-11 20:42 - 2014-05-11 20:49 - 134200562 _____ () C:\Users\Joey\Desktop\bandicam 2014-05-11 19-39-22-464.avi
2014-05-10 21:15 - 2014-05-10 21:18 - 00000000 ____D () C:\AdwCleaner
2014-05-10 21:15 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-05-10 17:07 - 2014-05-19 19:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-05-10 17:07 - 2014-05-10 17:07 - 00001812 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
2014-05-10 17:07 - 2014-05-10 17:07 - 00000000 ____D () C:\Users\Joey\AppData\Roaming\SUPERAntiSpyware.com
2014-05-10 17:06 - 2014-05-10 17:07 - 19032152 _____ (SUPERAntiSpyware) C:\Users\Joey\Downloads\SUPERAntiSpyware.exe
2014-05-10 14:57 - 2014-05-10 14:58 - 05200347 ____R (Swearware) C:\Users\Joey\Desktop\ComboFix.exe
2014-05-08 13:40 - 2014-05-08 13:42 - 00014360 _____ () C:\Users\Joey\Documents\Fitnesstrainer 1.odt
2014-05-08 12:50 - 2014-05-08 12:50 - 00001473 _____ () C:\Users\Joey\Desktop\AALO verslag.lnk
2014-05-07 19:51 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-05-07 19:51 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-05-07 19:51 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-05-07 19:51 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-05-07 19:51 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-05-07 19:51 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-05-07 19:51 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-05-07 19:51 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-05-07 19:36 - 2014-05-07 19:36 - 00000000 ____D () C:\Users\Joey\AppData\Roaming\LavasoftStatistics
2014-05-07 19:34 - 2014-05-07 19:34 - 00000000 __SHD () C:\Users\Joey\AppData\Local\EmieUserList
2014-05-07 19:34 - 2014-05-07 19:34 - 00000000 __SHD () C:\Users\Joey\AppData\Local\EmieSiteList
2014-05-07 19:30 - 2014-05-12 21:16 - 00000000 ____D () C:\Qoobox
2014-05-07 19:29 - 2014-05-07 19:59 - 00000000 ____D () C:\Windows\erdnt
2014-05-06 21:46 - 2013-11-05 14:38 - 01122304 _____ (The OpenSSL Project, http://www.openssl.org/) C:\Windows\SysWOW64\libeay32.dll
2014-05-06 21:46 - 2013-11-05 14:38 - 00274432 _____ (The OpenSSL Project, http://www.openssl.org/) C:\Windows\SysWOW64\ssleay32.dll
2014-05-06 21:46 - 2012-12-10 11:04 - 00356352 _____ (eSellerate Inc.) C:\Windows\eSellerateEngine.dll
2014-05-06 21:46 - 2012-12-10 11:04 - 00081920 _____ (eSellerate Inc.) C:\Windows\eSellerateControl350.dll
2014-05-06 20:16 - 2014-05-07 19:48 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-05-06 16:26 - 2014-05-06 16:26 - 00000000 ____D () C:\Users\Joey\AppData\Local\EgisTec
2014-05-06 16:19 - 2014-05-06 16:19 - 00000000 ____D () C:\Program Files (x86)\Lavasoft
2014-05-06 16:17 - 2014-05-06 16:17 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-05-06 09:46 - 2014-05-15 17:30 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-05 20:07 - 2014-05-05 23:05 - 00005085 _____ () C:\Users\Joey\Desktop\open solicitatie body action.odt
2014-05-05 19:44 - 2014-05-05 19:47 - 00007053 _____ () C:\Users\Joey\Documents\Curriculum Vitae Joey de Nijs.odt
2014-05-05 00:27 - 2014-05-14 08:02 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-05 00:27 - 2014-05-14 08:01 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-04 17:47 - 2014-05-04 17:47 - 00000162 ____H () C:\Users\Joey\Documents\~$SLB P3.odt
2014-05-04 16:01 - 2009-06-10 23:00 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20140504-160106.backup
2014-05-03 19:22 - 2014-05-10 15:00 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-05-03 19:12 - 2014-05-03 19:12 - 00000000 ____D () C:\Users\Joey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Surveillance Pro v7.2
2014-05-03 19:12 - 2013-10-28 07:53 - 00036625 _____ () C:\Windows\prfsmgr.chm
2014-05-03 19:11 - 2014-05-03 19:11 - 06246400 _____ ( ) C:\Windows\sspro.exe
2014-05-03 19:11 - 2014-05-03 19:11 - 00224256 _____ (GPS) C:\Windows\svcreng.dll
2014-05-03 19:11 - 2014-05-03 19:11 - 00024576 _____ () C:\Windows\svcextend32.exe
2014-05-03 19:11 - 2014-05-03 19:11 - 00000000 ___HD () C:\Windows\CoreComp
2014-05-03 19:11 - 2012-12-12 18:29 - 01970176 _____ (Chilkat Software, Inc.) C:\Windows\SysWOW64\ChilkatXml.dll
2014-05-03 19:11 - 2012-12-12 18:27 - 02121728 _____ (Chilkat Software, Inc.) C:\Windows\SysWOW64\ChilkatHttp.dll
2014-05-03 19:11 - 2012-08-06 17:39 - 02555904 _____ (Chilkat Software, Inc.) C:\Windows\SysWOW64\ChilkatMail2.dll
2014-05-03 19:11 - 2012-08-06 17:39 - 02416640 _____ (Chilkat Software, Inc.) C:\Windows\SysWOW64\ChilkatZip2.dll
2014-05-03 19:11 - 2012-08-06 17:39 - 00647168 _____ (Chilkat Software, Inc.) C:\Windows\SysWOW64\CkString.dll
2014-05-03 19:11 - 2012-08-06 17:38 - 01576960 _____ (Chilkat Software, Inc.) C:\Windows\SysWOW64\ChilkatCrypt2.dll
2014-05-03 19:11 - 2012-08-06 17:38 - 00720896 _____ (Chilkat Software, Inc.) C:\Windows\SysWOW64\HtmlToXml.dll
2014-05-03 19:11 - 2012-05-25 11:28 - 02746400 _____ (Codejock Software) C:\Windows\SysWOW64\Codejock.CommandBars.v15.3.1.ocx
2014-05-03 19:11 - 2012-05-25 11:28 - 01931296 _____ (Codejock Software) C:\Windows\SysWOW64\Codejock.Controls.v15.3.1.ocx
2014-05-03 19:11 - 2012-05-25 11:28 - 01427488 _____ (Codejock Software) C:\Windows\SysWOW64\Codejock.ReportControl.v15.3.1.ocx
2014-05-03 19:11 - 2012-05-25 11:28 - 00899104 _____ (Codejock Software) C:\Windows\SysWOW64\Codejock.TaskPanel.v15.3.1.ocx
2014-05-03 19:11 - 2012-05-25 11:28 - 00837664 _____ (Codejock Software) C:\Windows\SysWOW64\Codejock.DockingPane.v15.3.1.ocx
2014-05-03 19:11 - 2012-05-25 11:28 - 00780320 _____ (Codejock Software) C:\Windows\SysWOW64\Codejock.Markup.v15.3.1.ocx
2014-05-03 19:11 - 2012-05-25 11:27 - 02672672 _____ (Codejock Software) C:\Windows\SysWOW64\Codejock.Calendar.v15.3.1.ocx
2014-05-03 19:11 - 2011-03-25 16:52 - 02196992 _____ (Debenu Pty Ltd) C:\Windows\SysWOW64\QuickPDFAX0724.dll
2014-05-03 19:11 - 2011-02-21 17:25 - 02323520 _____ (gdpicture.com) C:\Windows\SysWOW64\gdpicturepro5.ocx
2014-05-03 19:11 - 2009-11-29 21:09 - 00453632 _____ () C:\Windows\SysWOW64\SetACL.ocx
2014-05-03 19:11 - 2005-03-19 13:40 - 00196608 _____ (Personal) C:\Windows\SysWOW64\VBSplitter.ocx
2014-05-03 19:11 - 2002-08-21 17:26 - 00102469 _____ (Microsoft) C:\Windows\SysWOW64\VBPrnDlg.dll
2014-05-03 19:10 - 2014-05-07 19:33 - 00004021 _____ () C:\Windows\memgprep.dll
2014-05-03 19:10 - 2014-05-03 19:13 - 00000000 ____D () C:\Windows\ServiceLECache
2014-05-03 19:10 - 2014-05-03 19:11 - 00591360 _____ (GP Systems Integration) C:\Windows\utimcache.exe
2014-05-03 19:10 - 2014-05-03 19:10 - 03586560 _____ (GP Systems Integration) C:\Windows\diskediag.exe
2014-05-03 19:10 - 2014-05-03 19:10 - 00646144 _____ (GP Systems Integration) C:\Windows\sysnadr64.exe
2014-05-03 19:10 - 2014-05-03 19:10 - 00420864 _____ (GP Systems Integration) C:\Windows\stidraw32.exe
2014-05-03 19:10 - 2011-03-27 21:21 - 00000304 _____ () C:\Windows\km32hlpr.dll
2014-05-03 19:10 - 2011-03-06 13:03 - 00000000 _____ () C:\Windows\wnsperf32.dll
2014-05-03 19:10 - 2010-08-21 15:03 - 00000000 _____ () C:\Windows\winid332.dll
2014-05-03 19:10 - 2010-08-21 15:03 - 00000000 _____ () C:\Windows\stdensrv.dll
2014-05-03 19:10 - 2010-08-21 15:03 - 00000000 _____ () C:\Windows\cr2gui32.dll
2014-05-03 19:10 - 2010-08-21 15:02 - 00000000 _____ () C:\Windows\javexisa.dll
2014-05-03 19:10 - 2010-04-17 09:35 - 00000000 _____ () C:\Windows\javexisb.dll
2014-05-03 19:06 - 2014-05-03 19:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MNS 4.2
2014-05-03 16:45 - 2014-05-07 19:48 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-05-03 16:45 - 2014-05-07 19:36 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-05-03 16:45 - 2014-05-03 16:45 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-05-02 22:13 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-02 22:13 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-02 22:13 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-02 22:13 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-02 22:13 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-02 22:13 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-02 22:13 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-02 22:13 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-02 22:13 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-02 22:13 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-02 22:13 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-02 22:13 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-02 22:13 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-02 22:13 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-02 22:13 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-02 22:13 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-02 22:13 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-02 22:13 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-05-02 22:13 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-02 22:13 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-02 22:13 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-02 22:13 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-02 22:13 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-02 22:13 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-02 22:13 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-02 22:13 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-02 22:13 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-02 22:13 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-05-02 22:13 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-02 22:13 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-02 22:13 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-02 22:13 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-02 22:13 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-02 22:13 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-02 22:13 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-02 22:13 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-02 22:13 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-02 22:13 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-02 22:13 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-02 22:13 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-02 22:13 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-02 22:13 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-05-02 22:13 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-02 22:13 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-24 20:58 - 2014-04-24 20:58 - 00027599 _____ () C:\Users\Joey\Documents\hotmail.odt
2014-04-24 15:12 - 2014-05-06 09:34 - 00180640 _____ () C:\Users\Joey\Desktop\SLB P3 Joey de Nijs (541022) 1C3.odt
2014-04-24 14:54 - 2014-04-24 14:54 - 01188352 _____ () C:\Users\Joey\Downloads\SLB jaar 1 P3 en P4 (1).ppt
2014-04-24 14:08 - 2014-04-24 14:08 - 01188352 _____ () C:\Users\Joey\Downloads\SLB jaar 1 P3 en P4.ppt
2014-04-24 11:34 - 2014-05-11 21:38 - 00000000 ____D () C:\Users\Joey\AppData\Roaming\Skype
2014-04-22 17:49 - 2014-04-22 17:49 - 00233267 _____ () C:\Users\Joey\Desktop\H2 Interne analyse verbeterd.odt
 
==================== One Month Modified Files and Folders =======
 
2014-05-19 19:32 - 2014-05-18 12:38 - 00011522 _____ () C:\Users\Joey\Desktop\FRST.txt
2014-05-19 19:32 - 2014-05-18 12:38 - 00000000 ____D () C:\FRST
2014-05-19 19:27 - 2014-05-10 17:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-05-19 19:27 - 2009-07-14 04:34 - 00017463 _____ () C:\Windows\system32\Drivers\etc\services
2014-05-19 19:21 - 2009-07-14 06:51 - 00057942 _____ () C:\Windows\setupact.log
2014-05-19 18:45 - 2014-04-07 09:11 - 00000043 _____ () C:\Users\Joey\jagex_cl_runescape_LIVE.dat
2014-05-19 18:17 - 2014-05-12 20:12 - 00001052 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-19 18:17 - 2012-03-07 08:59 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-19 18:17 - 2012-03-07 08:59 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-19 17:47 - 2009-07-14 06:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-19 17:47 - 2009-07-14 06:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-19 17:45 - 2014-04-07 00:19 - 01253234 _____ () C:\Windows\WindowsUpdate.log
2014-05-19 17:41 - 2014-05-12 20:12 - 00001048 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-19 17:41 - 2014-04-07 00:32 - 00000828 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2014-05-19 17:40 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-18 12:43 - 2014-05-18 12:42 - 50703877 _____ () C:\Users\Joey\Desktop\Nieuwe gecomprimeerde (gezipte) map.zip
2014-05-18 12:39 - 2014-05-18 12:39 - 00046931 _____ () C:\Users\Joey\Desktop\Addition.txt
2014-05-18 12:36 - 2014-05-18 12:36 - 02067456 _____ (Farbar) C:\Users\Joey\Desktop\FRST64.exe
2014-05-15 23:39 - 2014-04-07 15:44 - 00027845 _____ () C:\Users\Joey\Desktop\Weekplan.xlsx
2014-05-15 22:03 - 2014-05-15 21:54 - 00026117 _____ () C:\Users\Joey\Desktop\dds.txt
2014-05-15 22:03 - 2014-05-15 21:54 - 00009710 _____ () C:\Users\Joey\Desktop\attach.txt
2014-05-15 21:54 - 2014-05-15 21:54 - 00688992 ____R (Swearware) C:\Users\Joey\Desktop\dds.com
2014-05-15 20:21 - 2014-05-12 20:13 - 00002207 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-15 17:32 - 2014-04-07 01:02 - 00000000 ___RD () C:\Users\Joey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-15 17:32 - 2014-04-07 01:02 - 00000000 ___RD () C:\Users\Joey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-15 17:31 - 2009-07-14 06:45 - 00418064 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-15 17:30 - 2014-05-06 09:46 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-14 19:43 - 2014-04-07 08:35 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-14 19:24 - 2014-05-14 19:22 - 55526407 _____ () C:\Users\Joey\Downloads\SolarWinds-NTA-v4.0.1-Eval.zip
2014-05-14 18:16 - 2014-04-07 01:00 - 00109456 _____ () C:\Users\Joey\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-14 18:08 - 2014-05-14 18:08 - 00000000 ____D () C:\Users\Joey\.businessobjects
2014-05-14 18:08 - 2014-04-07 00:59 - 00000000 ____D () C:\Users\Joey
2014-05-14 17:47 - 2014-05-14 17:47 - 00000000 ____D () C:\Users\Joey\AppData\Local\Downloaded Installations
2014-05-14 17:45 - 2014-05-14 17:44 - 00000000 ____D () C:\Users\Joey\Desktop\SolarWinds Log and Event Manager
2014-05-14 17:44 - 2014-05-14 17:24 - 1377136901 _____ (SolarWinds, support@solarwinds.com) C:\Users\Joey\Downloads\SolarWinds-LEM-v5.7.0-Evaluation-VMware-p1520.exe
2014-05-14 08:02 - 2014-05-05 00:27 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-14 08:01 - 2014-05-05 00:27 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-14 00:27 - 2014-05-14 00:25 - 00000000 ____D () C:\Users\Joey\AppData\Roaming\ICAClient
2014-05-14 00:25 - 2014-05-14 00:25 - 00000000 ____D () C:\Users\Joey\AppData\Local\Citrix
2014-05-14 00:25 - 2014-05-14 00:25 - 00000000 ____D () C:\ProgramData\Citrix
2014-05-14 00:25 - 2014-05-14 00:25 - 00000000 ____D () C:\Program Files (x86)\Citrix
2014-05-14 00:25 - 2014-05-14 00:24 - 11605360 _____ (Citrix Systems, Inc.) C:\Users\Joey\Downloads\CitrixOnlinePluginWeb.exe
2014-05-13 19:59 - 2014-04-07 00:32 - 00000830 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2014-05-13 19:27 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-05-13 08:19 - 2010-11-21 05:47 - 00507282 _____ () C:\Windows\PFRO.log
2014-05-12 21:16 - 2014-05-12 21:16 - 00032354 _____ () C:\ComboFix.txt
2014-05-12 21:16 - 2014-05-07 19:30 - 00000000 ____D () C:\Qoobox
2014-05-12 21:15 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-05-12 20:13 - 2014-05-12 20:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-05-12 20:13 - 2014-04-07 13:17 - 00000000 ____D () C:\Users\Joey\AppData\Local\Google
2014-05-12 20:13 - 2014-04-07 13:17 - 00000000 ____D () C:\Program Files (x86)\Google
2014-05-12 20:12 - 2014-05-12 20:12 - 00004048 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-12 20:12 - 2014-05-12 20:12 - 00003796 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-12 20:12 - 2014-04-07 13:16 - 00000000 ____D () C:\Users\Joey\AppData\Local\Deployment
2014-05-12 20:12 - 2014-04-07 13:16 - 00000000 ____D () C:\Users\Joey\AppData\Local\Apps\2.0
2014-05-12 20:05 - 2014-05-11 21:23 - 00000000 ____D () C:\Users\Joey\AppData\Roaming\vlc
2014-05-12 20:02 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-05-12 19:30 - 2014-05-11 21:14 - 00000000 ____D () C:\SUPERDelete
2014-05-12 17:47 - 2014-05-12 17:21 - 00012053 _____ () C:\Users\Joey\Desktop\hijackthis.log
2014-05-12 17:17 - 2014-05-12 17:17 - 00012060 _____ () C:\Users\Joey\Downloads\hijackthis.log
2014-05-12 17:15 - 2014-04-07 01:00 - 00000000 ____D () C:\Users\Joey\AppData\Local\VirtualStore
2014-05-12 17:14 - 2014-05-12 17:14 - 00218112 _____ (Soeperman Enterprises Ltd.) C:\Users\Joey\Desktop\hijackthis.exe
2014-05-12 17:06 - 2014-05-12 17:06 - 02406064 _____ (Trend Micro Inc.) C:\Users\Joey\Downloads\HousecallLauncher64.exe
2014-05-12 17:06 - 2014-05-12 17:06 - 00000036 _____ () C:\Users\Joey\AppData\Local\housecall.guid.cache
2014-05-12 15:48 - 2014-05-12 15:43 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-05-12 15:47 - 2014-05-12 15:47 - 00003722 _____ () C:\Windows\system32\.crusader
2014-05-12 15:43 - 2014-05-12 15:43 - 10971424 _____ (SurfRight B.V.) C:\Users\Joey\Downloads\HitmanPro36_x64.exe
2014-05-12 15:43 - 2014-05-12 15:43 - 09096848 _____ (SurfRight B.V.) C:\Users\Joey\Downloads\HitmanPro36.exe
2014-05-12 15:32 - 2014-04-07 13:21 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-12 15:31 - 2014-05-12 15:31 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Joey\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-12 15:27 - 2012-03-07 08:29 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-05-11 21:49 - 2014-05-11 21:02 - 00000000 ____D () C:\Users\Joey\AppData\Roaming\sweet-page
2014-05-11 21:48 - 2014-04-07 01:02 - 00001405 _____ () C:\Users\Joey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-05-11 21:40 - 2014-05-11 21:22 - 00000000 ____D () C:\ProgramData\Systweak
2014-05-11 21:40 - 2014-05-11 21:20 - 00000000 ____D () C:\Users\Joey\AppData\Roaming\Systweak
2014-05-11 21:38 - 2014-04-24 11:34 - 00000000 ____D () C:\Users\Joey\AppData\Roaming\Skype
2014-05-11 21:37 - 2014-05-11 21:23 - 00003120 _____ () C:\Windows\System32\Tasks\Advanced System Protector_startup
2014-05-11 21:23 - 2014-05-11 21:23 - 00001070 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-05-11 21:23 - 2014-05-11 21:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-05-11 21:22 - 2014-05-11 21:22 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-05-11 21:21 - 2014-05-11 21:17 - 24677393 _____ () C:\Users\Joey\Downloads\vlc-2.1.3-win32.exe
2014-05-11 21:20 - 2014-05-11 21:20 - 00003314 _____ () C:\Windows\System32\Tasks\Advanced System Protector
2014-05-11 21:20 - 2014-05-11 21:20 - 00003108 _____ () C:\Windows\System32\Tasks\RegClean Pro
2014-05-11 21:20 - 2014-05-11 21:20 - 00000000 ____D () C:\Users\Joey\AppData\Local\cache
2014-05-11 21:20 - 2014-05-11 21:20 - 00000000 ____D () C:\Users\Joey\.android
2014-05-11 21:20 - 2014-05-11 21:20 - 00000000 _____ () C:\Users\Joey\daemonprocess.txt
2014-05-11 20:54 - 2014-05-11 20:54 - 00000000 ____D () C:\Users\Joey\AppData\Local\{B0E13FE3-F50F-438B-B08C-AB03DC71BC11}
2014-05-11 20:54 - 2014-05-11 20:54 - 00000000 ____D () C:\Users\Joey\AppData\Local\{A166113B-9735-448A-B736-627D1F0FB0BE}
2014-05-11 20:54 - 2010-11-21 09:16 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-05-11 20:52 - 2014-05-11 20:52 - 00003150 _____ () C:\Windows\System32\Tasks\{3E589D94-47F2-4602-B4B5-FB961031159E}
2014-05-11 20:52 - 2014-05-11 20:52 - 00001003 _____ () C:\Windows\wmsetup.log
2014-05-11 20:49 - 2014-05-11 20:42 - 134200562 _____ () C:\Users\Joey\Desktop\bandicam 2014-05-11 19-39-22-464.avi
2014-05-11 19:50 - 2014-04-17 17:51 - 00000000 ____D () C:\Program Files (x86)\Freestyle GunZ
2014-05-10 21:18 - 2014-05-10 21:15 - 00000000 ____D () C:\AdwCleaner
2014-05-10 17:07 - 2014-05-10 17:07 - 00001812 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
2014-05-10 17:07 - 2014-05-10 17:07 - 00000000 ____D () C:\Users\Joey\AppData\Roaming\SUPERAntiSpyware.com
2014-05-10 17:07 - 2014-05-10 17:06 - 19032152 _____ (SUPERAntiSpyware) C:\Users\Joey\Downloads\SUPERAntiSpyware.exe
2014-05-10 15:00 - 2014-05-03 19:22 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-05-10 14:58 - 2014-05-10 14:57 - 05200347 ____R (Swearware) C:\Users\Joey\Desktop\ComboFix.exe
2014-05-09 08:14 - 2014-05-14 08:02 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 08:11 - 2014-05-14 08:02 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-08 21:31 - 2014-04-07 09:16 - 00000043 _____ () C:\Users\Joey\jagex_cl_oldschool_LIVE.dat
2014-05-08 15:19 - 2014-04-07 10:12 - 00745020 _____ () C:\Windows\system32\perfh013.dat
2014-05-08 15:19 - 2014-04-07 10:12 - 00152972 _____ () C:\Windows\system32\perfc013.dat
2014-05-08 15:19 - 2009-07-14 07:13 - 01668596 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-08 13:42 - 2014-05-08 13:40 - 00014360 _____ () C:\Users\Joey\Documents\Fitnesstrainer 1.odt
2014-05-08 13:36 - 2014-04-07 08:35 - 00000000 ____D () C:\Users\Joey\AppData\Local\Microsoft Help
2014-05-08 12:50 - 2014-05-08 12:50 - 00001473 _____ () C:\Users\Joey\Desktop\AALO verslag.lnk
2014-05-07 20:00 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-05-07 19:59 - 2014-05-07 19:29 - 00000000 ____D () C:\Windows\erdnt
2014-05-07 19:49 - 2012-03-07 08:26 - 00000000 ____D () C:\ProgramData\McAfee
2014-05-07 19:49 - 2012-03-07 08:26 - 00000000 ____D () C:\Program Files\mcafee
2014-05-07 19:49 - 2012-03-07 08:26 - 00000000 ____D () C:\Program Files\Common Files\mcafee
2014-05-07 19:49 - 2012-03-07 08:26 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-05-07 19:48 - 2014-05-06 20:16 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-05-07 19:48 - 2014-05-03 16:45 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-05-07 19:48 - 2014-04-07 14:43 - 00000000 ____D () C:\ProgramData\AVG2014
2014-05-07 19:48 - 2014-04-07 13:46 - 00000000 ____D () C:\ProgramData\MFAData
2014-05-07 19:42 - 2014-04-07 13:46 - 00000000 ____D () C:\Users\Joey\AppData\Local\Avg2014
2014-05-07 19:41 - 2014-04-07 15:44 - 00000000 ____D () C:\Users\Joey\Desktop\Motivation
2014-05-07 19:39 - 2014-04-07 14:43 - 00000000 ____D () C:\$AVG
2014-05-07 19:36 - 2014-05-07 19:36 - 00000000 ____D () C:\Users\Joey\AppData\Roaming\LavasoftStatistics
2014-05-07 19:36 - 2014-05-03 16:45 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-05-07 19:34 - 2014-05-07 19:34 - 00000000 __SHD () C:\Users\Joey\AppData\Local\EmieUserList
2014-05-07 19:34 - 2014-05-07 19:34 - 00000000 __SHD () C:\Users\Joey\AppData\Local\EmieSiteList
2014-05-07 19:33 - 2014-05-03 19:10 - 00004021 _____ () C:\Windows\memgprep.dll
2014-05-06 16:31 - 2012-03-07 08:47 - 00000000 ____D () C:\Windows\tr
2014-05-06 16:26 - 2014-05-06 16:26 - 00000000 ____D () C:\Users\Joey\AppData\Local\EgisTec
2014-05-06 16:19 - 2014-05-06 16:19 - 00000000 ____D () C:\Program Files (x86)\Lavasoft
2014-05-06 16:17 - 2014-05-06 16:17 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-05-06 09:34 - 2014-04-24 15:12 - 00180640 _____ () C:\Users\Joey\Desktop\SLB P3 Joey de Nijs (541022) 1C3.odt
2014-05-06 06:40 - 2014-05-14 19:42 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 06:17 - 2014-05-14 19:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 05:25 - 2014-05-14 19:42 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-06 05:07 - 2014-05-14 19:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-06 05:00 - 2014-05-14 19:42 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-06 04:10 - 2014-05-14 19:42 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-05 23:05 - 2014-05-05 20:07 - 00005085 _____ () C:\Users\Joey\Desktop\open solicitatie body action.odt
2014-05-05 19:47 - 2014-05-05 19:44 - 00007053 _____ () C:\Users\Joey\Documents\Curriculum Vitae Joey de Nijs.odt
2014-05-04 17:47 - 2014-05-04 17:47 - 00000162 ____H () C:\Users\Joey\Documents\~$SLB P3.odt
2014-05-04 15:44 - 2014-04-15 22:20 - 00000000 ____D () C:\Program Files (x86)\SwiftKit
2014-05-03 19:13 - 2014-05-03 19:10 - 00000000 ____D () C:\Windows\ServiceLECache
2014-05-03 19:12 - 2014-05-03 19:12 - 00000000 ____D () C:\Users\Joey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Surveillance Pro v7.2
2014-05-03 19:11 - 2014-05-03 19:11 - 06246400 _____ ( ) C:\Windows\sspro.exe
2014-05-03 19:11 - 2014-05-03 19:11 - 00224256 _____ (GPS) C:\Windows\svcreng.dll
2014-05-03 19:11 - 2014-05-03 19:11 - 00024576 _____ () C:\Windows\svcextend32.exe
2014-05-03 19:11 - 2014-05-03 19:11 - 00000000 ___HD () C:\Windows\CoreComp
2014-05-03 19:11 - 2014-05-03 19:10 - 00591360 _____ (GP Systems Integration) C:\Windows\utimcache.exe
2014-05-03 19:10 - 2014-05-03 19:10 - 03586560 _____ (GP Systems Integration) C:\Windows\diskediag.exe
2014-05-03 19:10 - 2014-05-03 19:10 - 00646144 _____ (GP Systems Integration) C:\Windows\sysnadr64.exe
2014-05-03 19:10 - 2014-05-03 19:10 - 00420864 _____ (GP Systems Integration) C:\Windows\stidraw32.exe
2014-05-03 19:06 - 2014-05-03 19:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MNS 4.2
2014-05-03 16:45 - 2014-05-03 16:45 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-05-03 10:33 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-04-25 00:16 - 2014-04-16 13:41 - 00000000 ____D () C:\Users\Joey\Desktop\Periode 4
2014-04-24 20:58 - 2014-04-24 20:58 - 00027599 _____ () C:\Users\Joey\Documents\hotmail.odt
2014-04-24 14:54 - 2014-04-24 14:54 - 01188352 _____ () C:\Users\Joey\Downloads\SLB jaar 1 P3 en P4 (1).ppt
2014-04-24 14:08 - 2014-04-24 14:08 - 01188352 _____ () C:\Users\Joey\Downloads\SLB jaar 1 P3 en P4.ppt
2014-04-24 11:34 - 2014-04-07 10:12 - 00002691 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-04-24 11:34 - 2014-04-07 10:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-04-24 11:34 - 2012-03-07 08:26 - 00000000 ____D () C:\ProgramData\Skype
2014-04-22 17:49 - 2014-04-22 17:49 - 00233267 _____ () C:\Users\Joey\Desktop\H2 Interne analyse verbeterd.odt
 
Files to move or delete:
====================
C:\Users\Joey\jagex_cl_oldschool_LIVE.dat
C:\Users\Joey\jagex_cl_runescape_LIVE.dat
C:\Users\Joey\random.dat
 
 
Some content of TEMP:
====================
C:\Users\Joey\AppData\Local\Temp\HitmanPro.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe
[2014-05-14 08:02] - [2014-03-04 11:43] - 0455168 ____A (Microsoft Corporation) 88AB9B72B4BF3963A0DE0820B4B0B06C
 
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-05-13 19:19
 
==================== End Of Log ============================
 
And the fixlog

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-05-2014
Ran by Joey at 2014-05-19 19:29:44 Run:1
Running from C:\Users\Joey\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
CHR HomePage: hxxp://isearch.avg.com/?cid={F0CCA943-CD8C-4561-BC1B-FC1B85FCA02E}&mid=7ffbd51661ff47d199eed1543442f7e0-06ce4fc639803a2e3563922518183d8e94088cb9&lang=nl&ds=AVG&pr=fr&d=2012-06-25 10:05:51&v=11.1.0.7&sap=hp
*****************
 
CHR HomePage: hxxp://isearch.avg.com/?cid={F0CCA943-CD8C-4561-BC1B-FC1B85FCA02E}&mid=7ffbd51661ff47d199eed1543442f7e0-06ce4fc639803a2e3563922518183d8e94088cb9&lang=nl&ds=AVG&pr=fr&d=2012-06-25 10:05:51&v=11.1.0.7&sap=hp ==> The Chrome "Settings" can be used to fix the entry.
 
==== End of Fixlog ====


#8 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:04:50 PM

Posted 20 May 2014 - 09:05 AM

Hello,

 

Please do the following for me:

 

Change Google Chrome Homepage

  • Launch Google Chrome.
  • Click the Menu button (3 horizontal lines in the top-right corner).
  • Click Settings.
  • Under the On startup section, click the radio button next to Open a specific set of pages, then click Set Pages.
  • Hover your cursor over each entry listed here and click the X to remove them.
  • Then input a new homepage: Might I suggest Bleepingcomputer.com?  :)
  • Click OK.
  • Restart Google Chrome.
  • After you've done this, please let me know of any symptoms/unusual behavior you're still experiencing.

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#9 Jezustepaard

Jezustepaard
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:50 PM

Posted 20 May 2014 - 01:25 PM

When I Open a specific set of pages, then click Set Pages. there is only one page set and thats google.com so I cant remove any. so I added Bleepingcomputer.com



#10 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:04:50 PM

Posted 21 May 2014 - 10:28 AM

Hello Jezustepaard,
 
Java and Adobe Updates

Please download and install the latest version of each of the following pieces of software:

Adobe Flash Player

Adobe Reader

Not keeping these programs updated leaves your computer open to malware that exploit the use of non-updated versions of this software.
 
-------------------------------------------------------------------------------------------------------
 
Also, how is your computer running? Any unusual symptoms to report?
 
-------------------------------------------------------------------------------------------------------
 
What I'd like to see in your next post:   :thumbsup2: 

  • Confirmation of software updates
  • How is your computer running?

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#11 Jezustepaard

Jezustepaard
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:50 PM

Posted 22 May 2014 - 05:19 AM

Hi Cody, 

 

I downloaded adobe and now it says I don't have virus and spyware protection and no web security. 

 

My computer is running good I haven't noticed any activity from the keylogger but I'm not sure if it's still on my computer or not.



#12 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:04:50 PM

Posted 22 May 2014 - 08:15 AM

Your earlier logs indicate that you have McAfee Antivirus installed on your computer, but that it is currently disabled.

 

Do you want to continue with McAfee (assuming you have a paid subscription), or are you looking for an alternative?

 

------------------------------------------------------------------------

 

As for the infection, your logs look clean, and as I said I don't have any reason ton believe there is or was a keylogger on your system - just that your password(s) were cracked. Now that you have changed them, I was hoping you would be symptom free. :thumbsup2:


Edited by TheShooter93, 22 May 2014 - 08:16 AM.

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#13 Jezustepaard

Jezustepaard
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:50 PM

Posted 24 May 2014 - 05:49 AM

I'm not sure what antivirusprogram is good but It would of course be best if theres a free one out there.

 

Yes i don't have any symptoms anymore. Thank you for your help!



#14 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:04:50 PM

Posted 24 May 2014 - 06:51 PM

Hello jezustepaard,

 

If you would no longer like to use McAfee, please follow these steps:

 

McAfee Removal

========================================================

 

There are a number of free antivirus programs available, but my two favorites are:

Please note that you only want to have 1 antivirus program installed and running at the same time -- that means you will need to pick one of these, not download both. Using multiple antivirus programs on your computer not only uses large amounts of system resources, but it also can create security holes and cause both pieces of software to improperly function.

 

Once you've successfully installed one of these, make sure to download all definition updates available for it so you are as protected as possible.

 

========================================================

 

After you're finished with that, let me know and I will post my "all-clean" message to you which will contain helpful information regarding computer security, among other things.  :)


Edited by TheShooter93, 24 May 2014 - 06:53 PM.

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#15 Jezustepaard

Jezustepaard
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:50 PM

Posted 25 May 2014 - 04:43 AM

Something unusual happened today, I got an email from someone with just "hello" in it but the email adress was almost exactly like mine. Is this just a little prank from someone or am i getting paranoid?

 

For the antivirus programs I installed 1 of them.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users