Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Chrome keeps adding extension addware: Reguelar Dealos


  • This topic is locked This topic is locked
6 replies to this topic

#1 pjotrb

pjotrb

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Amsterdam
  • Local time:07:15 AM

Posted 30 May 2014 - 08:14 AM

My browsers show adds because of extension: Reguelar Dealos. I can remove this, but the next time I start Chrome, it is back.
I'v allready tried many removers: hitmanpro, adwcleaer, jrt, otl, malwarebytes etc. My "Programs & Features" shows no strange installed programs.
I followed the instructions on this topic and have run DDS. See also the attachment.
Hope someone can help !!! :inlove:
 
 
DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.7600.16385  BrowserJavaVersion: 10.25.2
Run by Peter at 14:59:20 on 2014-05-30
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.31.1033.18.2046.499 [GMT 2:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
D:\Program Files\Cloud System Booster\CSBSvc.exe
D:\Program Files\Slim Toolbar\ToolBarService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\xampp\xampp-control.exe
c:\xampp\apache\bin\httpd.exe
C:\Windows\system32\conhost.exe
c:\xampp\mysql\bin\mysqld.exe
C:\xampp\apache\bin\httpd.exe
D:\Program Files\NetBeans 7.4\bin\netbeans.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\xplorer2_ult\xplorer2_UC.exe
C:\Users\Peter\AppData\Roaming\uTorrent\uTorrent.exe
C:\Program Files\Foxit Reader\Foxit Reader.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Cobian Backup 11\Cobian.exe
C:\Program Files\Cobian Backup 11\cbInterface.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - c:\program files\mcafee security scan\3.8.130\McAfeeMSS_IE.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: LastPass - c:\users\peter\appdata\locallow\lastpass\context.html?cmd=lastpass
IE: LastPass Invulformulieren - c:\users\peter\appdata\locallow\lastpass\context.html?cmd=fillforms
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - c:\program files\lastpass\LPToolbar.dll
TCP: NameServer = 212.54.44.54 212.54.40.25
TCP: Interfaces\{AC22A116-361D-43C9-A409-4BFB26317847} : DHCPNameServer = 212.54.44.54 212.54.40.25
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\belarcadvisor\system\BAVoilaX.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\32.0.1700.102\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\peter\appdata\roaming\mozilla\firefox\profiles\zka1ysaz.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://nl.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=888596&p=
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\abn amro e.dentifier2\mozilla\npBECON.dll
FF - plugin: c:\program files\common files\adobe\oobe\pdapp\ccm\utilities\npAdobeAAMDetect32.dll
FF - plugin: c:\program files\common files\adobe\oobe\pdapp\ccm\utilities\npAdobeAAMDetect64.dll
FF - plugin: c:\program files\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\google\update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: c:\program files\mcafee security scan\3.8.130\npMcAfeeMSS.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1202122.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_13_0_0_206.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - plugin: d:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: d:\program files\picasa3\npPicasa3.dll
FF - plugin: d:\program files\vlc\npvlc.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2013-5-17 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2013-5-17 180632]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswsnx.sys [2013-5-17 777488]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [2013-5-17 411680]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2013-5-17 242240]
R2 AnviCsbSvc;Anvi Cloud System Booster Speed Service;d:\program files\cloud system booster\CSBSvc.exe [2014-2-24 42680]
R2 astsvr;Anvi Slim Toolbar Guard Service;d:\program files\slim toolbar\ToolBarService.exe [2014-3-3 119504]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-4-23 24184]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-5-17 67824]
R2 aswStm;aswStm;c:\windows\system32\drivers\aswstm.sys [2013-12-29 68312]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2014-4-23 50344]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 e.dentifier2;SmartCard Reader ABN AMRO e.dentifier2;c:\windows\system32\drivers\aabed2.sys [2008-3-20 23040]
S3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys [2014-5-14 30976]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.8.130\McCHSvc.exe [2013-9-6 235216]
S4 TeamViewer9;TeamViewer 9;c:\program files\teamviewer\version9\TeamViewer_Service.exe [2014-5-8 5024576]
.
=============== File Associations ===============
.
FileExt: .txt: Applications\gvim.exe="d:\program files\vim\vim73\gvim.exe" "%1" [UserChoice]
FileExt: .ini: Applications\gvim.exe="d:\program files\vim\vim73\gvim.exe" "%1" [UserChoice]
FileExt: .js: Applications\gvim.exe="d:\program files\vim\vim73\gvim.exe" "%1" [UserChoice]
ShellExec: dreamweaver.exe: Open="c:\program files\dreamweaver\adobe dreamweaver cs6\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2014-05-30 12:04:09 -------- d-----w- c:\program files\Cobian Backup 11
2014-05-27 13:13:02 -------- d-----w- c:\users\peter\appdata\local\Anvisoft
2014-05-20 20:13:35 -------- d-----w- c:\users\peter\appdata\roaming\Xirrus
2014-05-20 19:45:50 -------- d-----w- c:\users\peter\appdata\roaming\LizardSystems
2014-05-20 19:08:49 -------- d-----w- c:\users\peter\appdata\local\Diagnostics
2014-05-14 18:49:58 30976 ----a-w- c:\windows\system32\drivers\hitmanpro37.sys
2014-05-08 11:35:13 -------- d-----w- c:\users\peter\appdata\roaming\npm
2014-05-07 20:51:34 -------- d-----w- c:\program files\lessc
2014-05-07 20:05:08 -------- d-----w- c:\users\peter\appdata\roaming\Titanium
2014-05-07 20:03:40 -------- d-----w- c:\program files\SimpLESS
2014-05-07 20:03:04 -------- d-----w- c:\users\peter\New folder
2014-05-07 18:42:08 -------- d-----w- c:\users\peter\appdata\roaming\npm-cache
2014-05-07 18:42:05 -------- d-----w- c:\users\peter\appdata\roaming\WinLess
.
==================== Find3M  ====================
.
2014-05-15 09:11:50 777488 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-05-15 09:11:50 68312 ----a-w- c:\windows\system32\drivers\aswstm.sys
2014-05-14 17:50:26 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-05-14 17:50:26 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-04-23 15:05:56 81768 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-04-23 15:05:56 776976 ----a-w- c:\windows\system32\drivers\aswsnx.sys.1400145109677
2014-04-23 15:05:56 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-04-23 15:05:56 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-04-23 15:05:56 43152 ----a-w- c:\windows\avastSS.scr
2014-04-23 15:05:56 411552 ----a-w- c:\windows\system32\drivers\aswsp.sys.1400145109677
2014-04-23 15:05:56 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-04-23 15:05:56 180632 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-04-18 09:59:01 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2013-06-10 10:00:18 11019776 ----a-w- c:\program files\common files\lpuninstall.exe
.
============= FINISH: 14:59:46,88 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,950 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:15 AM

Posted 03 June 2014 - 09:28 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download the correct version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.

Wait for further instructions.

#3 pjotrb

pjotrb
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Amsterdam
  • Local time:07:15 AM

Posted 03 June 2014 - 10:37 AM

Hi nasdaq, thanks for helping me !!

 

Right here is the FRST.txt. In my next reply I paste the Additon.txt.

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:02-06-2014
Ran by Peter (administrator) on DESKTOP1 on 03-06-2014 17:23:26
Running from Q:\TorrentNew
Platform: Microsoft Windows 7 Ultimate  (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(brother Industries Ltd) C:\Windows\System32\BRSVC01A.EXE
(brother Industries Ltd) C:\Windows\System32\BRSS01A.EXE
(Anvisoft) D:\Program Files\Cloud System Booster\CSBSvc.exe
(Anvisoft) D:\Program Files\Slim Toolbar\ToolBarService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
() C:\xampp\xampp-control.exe
(Apache Software Foundation) C:\xampp\apache\bin\httpd.exe
() C:\xampp\mysql\bin\mysqld.exe
(Apache Software Foundation) C:\xampp\apache\bin\httpd.exe
(Oracle Corporation) D:\Program Files\NetBeans 7.4\bin\netbeans.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3888648 2014-05-26] (AVAST Software)
HKU\S-1-5-21-1376620848-993144447-736196336-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
HKU\S-1-5-21-1376620848-993144447-736196336-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1376620848-993144447-736196336-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-1376620848-993144447-736196336-1000\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x91000000
HKU\S-1-5-21-1376620848-993144447-736196336-1000\...\MountPoints2: {220fc78b-beb1-11e2-b93b-001aa09ad3de} - G:\setup.exe
HKU\S-1-5-21-1376620848-993144447-736196336-1000\...\MountPoints2: {6dc5395b-be32-11e2-ad5e-806e6f6e6963} - R:\start.exe
HKU\S-1-5-21-1376620848-993144447-736196336-1000\...\MountPoints2: {f05a03dd-ab49-11e3-97a9-001aa09ad3de} - I:\LGAutoRun.exe
GroupPolicyUsers\S-1-5-21-1376620848-993144447-736196336-1001\User: Group Policy restriction detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://nl.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xB2261F933385CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = nl
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 212.54.44.54 212.54.40.25
 
FireFox:
========
FF ProfilePath: C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\zka1ysaz.default
FF SelectedSearchEngine: Google
FF Keyword.URL: hxxp://nl.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=888596&p=
FF Plugin: @ABNAMRO/BECON,version=1.00 - C:\Program Files\ABN AMRO e.dentifier2\Mozilla\npBECON.dll (ABN AMRO)
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @google.com/npPicasa3,version=3.0.0 - D:\Program Files\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - D:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.8 - D:\Program Files\VLC\npvlc.dll (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF SearchPlugin: C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\zka1ysaz.default\searchplugins\yahoo_ff.xml
FF Extension: SecretSauce - C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\zka1ysaz.default\Extensions\firefox@secretsauce.biz.xpi [2014-01-24]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-05-17]
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files\Firefox\firefox.exe
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com/ncr
CHR StartupUrls: "hxxp://www.anvisoft.com/resources/how-to-remove-awesomehp-com-redirect-browser-hijacker-removal-guide/", "hxxp://www.anvisoft.com/cloud-system-booster.html?refer=resources-tinna-0122-1", "hxxp://download.cnet.com/Cloud-System-Booster/3000-18512_4-75713450.html?part=dl-&subj=dl&tag=button"
CHR DefaultSearchKeyword: google.com
CHR DefaultSearchProvider: Google
CHR DefaultSearchURL: {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultNewTabURL: 
CHR Plugin: (Shockwave Flash) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\PepperFlash\11.7.700.202\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\32.0.1700.102\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\32.0.1700.102\pdf.dll ()
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Foxit Reader Plugin for Mozilla) - C:\Program Files\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VLC\npvlc.dll No File
CHR Extension: (TV) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\beobeededemalmllhkmnkinmfembdimh [2014-01-26]
CHR Extension: (YouTube) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-26]
CHR Extension: (Pool) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\cedbddnnmhgnedpamoenmdkhnpnfbpjb [2014-01-26]
CHR Extension: (Google Zoeken) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-26]
CHR Extension: (Xdebug helper) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\eadndfjplgieldjbigjakmdgkmoaaaoc [2014-01-26]
CHR Extension: (Chess) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcoafacoamancaniegeddbpojbjkfgbc [2014-01-26]
CHR Extension: (AdBlock) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-03-15]
CHR Extension: (avast! Online Security) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-01-26]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2013-05-28]
CHR Extension: (Google Maps) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2014-01-26]
CHR Extension: (Flashcontrol) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe [2014-01-26]
CHR Extension: (LastPass Vault) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncliohomlfopnmlfkepkcbnhmeijkhhf [2014-01-26]
CHR Extension: (PHP Console) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfhmhhlpfleoednkpnnnkolmclajemef [2014-01-26]
CHR Extension: (Shuffler.fm) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\njgfhnajhpjmlbfpieplfnocnodbkcfh [2014-01-26]
CHR Extension: (Google Wallet) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (Gmail) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-26]
CHR Extension: (ReguelarDealos) - C:\ProgramData\nedaljejbiadmokbpinjpjbmengbabjj [2014-01-01]
CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - C:\Program Files\LastPass\lpchrome.crx [2013-06-10]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
========================== Services (Whitelisted) =================
 
R2 AnviCsbSvc; D:\Program Files\Cloud System Booster\CSBSvc.exe [42680 2014-02-24] (Anvisoft)
R2 astsvr; D:\Program Files\Slim Toolbar\ToolBarService.exe [119504 2014-03-03] (Anvisoft)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-23] (AVAST Software)
R2 Brother XP spl Service; C:\Windows\system32\brsvc01a.exe [57344 2002-04-12] (brother Industries Ltd)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [235216 2013-09-06] (McAfee, Inc.)
 
==================== Drivers (Whitelisted) ====================
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-04-23] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-04-23] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-04-23] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-04-23] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [777488 2014-05-15] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [411680 2014-05-15] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [68312 2014-05-15] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [180632 2014-04-23] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2013-05-17] (DT Soft Ltd)
S3 e.dentifier2; C:\Windows\System32\DRIVERS\aabed2.sys [23040 2008-03-20] (Todos Data System AB)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [30976 2014-05-14] ()
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-06-03 17:21 - 2014-06-03 17:21 - 00007642 _____ () C:\Users\Peter\AppData\Local\recently-used.xbel
2014-06-03 16:50 - 2014-02-14 17:22 - 00040824 _____ () C:\Users\Peter\The Counselor (2013) BRRip (xvid) NL Subs. DMT_.torrent
2014-06-03 16:22 - 2014-06-03 16:22 - 00000200 _____ () C:\Users\Peter\Blue.Ruin.2013.720p.WEBRIP.x264.AC3.SiMPLE.torrent
2014-06-03 14:32 - 2014-06-03 14:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-06-03 14:28 - 2012-12-16 16:25 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2014-06-03 14:28 - 2012-12-16 16:25 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2014-06-03 14:28 - 2009-09-10 07:52 - 00257024 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-06-03 14:17 - 2014-06-03 14:17 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-03 14:17 - 2014-05-04 17:14 - 90547776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-03 14:14 - 2012-03-01 07:53 - 00019312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fs_rec.sys
2014-06-03 14:14 - 2012-03-01 07:45 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2014-06-03 14:14 - 2012-03-01 07:40 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\wmi.dll
2014-06-03 14:14 - 2010-02-11 09:10 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\browserchoice.exe
2014-06-03 14:13 - 2014-06-03 14:14 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Temp
2014-06-03 14:13 - 2014-06-03 14:13 - 00000020 ___SH () C:\Users\UpdatusUser\ntuser.ini
2014-06-03 14:13 - 2013-10-19 13:45 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Google
2014-06-03 14:13 - 2009-07-14 06:42 - 00000000 ___RD () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-06-03 14:13 - 2009-07-14 06:37 - 00000000 ___RD () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-06-03 14:12 - 2014-06-03 16:10 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-06-03 14:12 - 2014-06-03 14:13 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-06-03 14:12 - 2014-06-03 14:12 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-06-03 14:12 - 2013-02-26 00:22 - 00053024 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2014-06-03 14:12 - 2013-01-18 16:21 - 04133664 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2014-06-03 14:12 - 2013-01-18 16:21 - 03005728 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc.dll
2014-06-03 14:12 - 2013-01-18 16:20 - 02557728 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2014-06-03 14:12 - 2013-01-18 16:20 - 00639776 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2014-06-03 14:12 - 2013-01-18 16:20 - 00108832 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2014-06-03 14:12 - 2013-01-18 16:20 - 00062752 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2014-06-03 11:00 - 2014-06-03 15:41 - 00000499 _____ () C:\Windows\BRWMARK.INI
2014-06-03 11:00 - 2014-06-03 15:41 - 00000026 _____ () C:\Windows\BRPP2KA.INI
2014-06-03 11:00 - 2014-06-03 11:01 - 00000040 _____ () C:\Windows\opt_1430.ini
2014-06-03 11:00 - 2014-06-03 11:00 - 00013109 _____ () C:\Windows\HL-1430.INI
2014-06-03 11:00 - 2014-06-03 11:00 - 00002078 _____ () C:\Users\Public\Desktop\HL-1430 Interactieve Help.lnk
2014-06-03 11:00 - 2014-06-03 11:00 - 00000184 _____ () C:\Windows\system32\brsvc01a.bsi
2014-06-03 11:00 - 2014-06-03 11:00 - 00000141 _____ () C:\Windows\BRVIDEO.INI
2014-06-03 11:00 - 2014-06-03 11:00 - 00000039 _____ () C:\Windows\BRDIAG.INI
2014-06-03 11:00 - 2014-06-03 11:00 - 00000030 _____ () C:\Windows\system32\BRSS01A.ini
2014-06-03 11:00 - 2014-06-03 11:00 - 00000023 _____ () C:\Windows\Brownie.ini
2014-06-03 11:00 - 2014-06-03 11:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother HL-1430
2014-06-03 11:00 - 2014-06-03 11:00 - 00000000 ____D () C:\Program Files\Common Files\InstallShield
2014-06-03 11:00 - 2014-06-03 11:00 - 00000000 ____D () C:\Program Files\Brownie
2014-06-03 11:00 - 2014-06-03 11:00 - 00000000 ____D () C:\Program Files\Brother
2014-06-03 11:00 - 2014-06-03 11:00 - 00000000 _____ () C:\Windows\BROHL143.INI
2014-06-03 11:00 - 2014-06-03 11:00 - 00000000 _____ () C:\Windows\brmx2001.ini
2014-06-03 11:00 - 2003-02-24 01:46 - 00171962 _____ () C:\Windows\system32\BRDIAG.HLP
2014-06-03 11:00 - 2003-02-24 01:46 - 00157945 _____ () C:\Windows\system32\BRDIAG2.HLP
2014-06-03 11:00 - 2003-02-19 00:01 - 00040960 _____ (brother industries, ltd ) C:\Windows\system32\BRVPD95A.DLL
2014-06-03 11:00 - 2002-12-20 02:00 - 00163840 _____ (Brother Industries, Ltd) C:\Windows\system32\BRSPL01A.DLL
2014-06-03 11:00 - 2002-11-12 00:03 - 00049152 _____ (brother Industries Ltd) C:\Windows\system32\BRVPDNTA.DLL
2014-06-03 11:00 - 2002-11-11 02:47 - 00176128 _____ (brother Industries, Ltd) C:\Windows\system32\Brdiag2.exe
2014-06-03 11:00 - 2002-10-31 01:09 - 00081920 ____N (brother) C:\Windows\system32\BrWebIns.dll
2014-06-03 11:00 - 2002-10-31 01:08 - 00065536 ____N (brother) C:\Windows\system32\BRWEBUP.EXE
2014-06-03 11:00 - 2002-10-04 01:18 - 00180224 _____ (brother) C:\Windows\system32\PDRVINST.DLL
2014-06-03 11:00 - 2002-09-19 00:00 - 00073728 _____ (Brother Industries Ltd) C:\Windows\system32\brrbtool.exe
2014-06-03 11:00 - 2002-09-11 02:03 - 00077824 _____ (Brother Industries, Ltd) C:\Windows\system32\BRSPL2KB.DLL
2014-06-03 11:00 - 2002-08-30 02:00 - 00102400 _____ (Brother Industries,ltd) C:\Windows\system32\BRSPL01A.EXE
2014-06-03 11:00 - 2002-06-10 02:02 - 00081920 _____ (brother Industries Ltd) C:\Windows\system32\BRSPLWMK.DLL
2014-06-03 11:00 - 2002-04-12 02:00 - 00057344 _____ (brother Industries Ltd) C:\Windows\system32\BRSVC01A.EXE
2014-06-03 11:00 - 2001-12-13 02:01 - 00045056 _____ (brother Industries Ltd) C:\Windows\system32\BRSS01A.EXE
2014-06-03 11:00 - 2000-09-14 01:00 - 00077824 _____ () C:\Windows\system32\BROSNMP.DLL
2014-06-03 11:00 - 2000-09-06 17:47 - 00026624 _____ () C:\Windows\system32\BRGSRC32.DLL
2014-06-03 11:00 - 2000-09-06 17:11 - 00004608 _____ () C:\Windows\system32\BRGSRC16.DLL
2014-06-03 11:00 - 2000-07-24 01:01 - 00019537 _____ (Brother Industries Ltd.) C:\Windows\system32\Drivers\BRPAR.SYS
2014-06-03 10:59 - 2014-06-03 10:59 - 00000000 __RSH () C:\MSDOS.SYS
2014-06-03 10:59 - 2014-06-03 10:59 - 00000000 __RSH () C:\IO.SYS
2014-06-03 10:59 - 1998-01-23 12:20 - 00305152 _____ (InstallShield Software Corporation) C:\Windows\IsUn0413.exe
2014-06-03 07:23 - 2014-06-03 07:40 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\FileZilla
2014-06-03 07:23 - 2014-06-03 07:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2014-06-02 21:15 - 2014-06-03 17:20 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\deluge
2014-06-02 21:15 - 2014-06-02 21:15 - 00000669 _____ () C:\Users\Public\Desktop\Deluge.lnk
2014-06-02 21:15 - 2014-06-02 21:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Deluge
2014-06-02 19:37 - 2014-06-03 17:08 - 00000600 _____ () C:\Users\Peter\AppData\Local\PUTTY.RND
2014-06-02 19:23 - 2014-06-02 19:23 - 00000921 _____ () C:\Users\Public\Desktop\PuTTY.lnk
2014-06-02 19:23 - 2014-06-02 19:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PuTTY
2014-06-02 19:23 - 2014-06-02 19:23 - 00000000 ____D () C:\Program Files\PuTTY
2014-06-01 12:28 - 2014-06-01 12:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image Writer
2014-05-31 16:20 - 2014-05-31 16:20 - 00001908 _____ () C:\Windows\diagwrn.xml
2014-05-31 16:20 - 2014-05-31 16:20 - 00001908 _____ () C:\Windows\diagerr.xml
2014-05-30 14:59 - 2014-05-30 14:59 - 00010912 _____ () C:\Users\Peter\Desktop\dds.txt
2014-05-30 14:59 - 2014-05-30 14:59 - 00004710 _____ () C:\Users\Peter\Desktop\attach.txt
2014-05-30 14:04 - 2014-05-30 14:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cobian Backup 11
2014-05-30 14:04 - 2014-05-30 14:04 - 00000000 ____D () C:\Program Files\Cobian Backup 11
2014-05-27 15:18 - 2014-05-27 15:18 - 00000718 _____ () C:\Users\Public\Desktop\Slim Toolbar.lnk
2014-05-27 15:13 - 2014-05-27 15:13 - 00000000 ____D () C:\Users\Peter\AppData\Local\Anvisoft
2014-05-27 15:10 - 2014-05-27 15:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvisoft
2014-05-27 15:10 - 2014-05-27 15:10 - 00000779 _____ () C:\Users\Public\Desktop\Cloud System Booster.lnk
2014-05-23 19:15 - 2014-05-23 19:15 - 00000750 _____ () C:\Users\Peter\Desktop\Revo Uninstaller.lnk
2014-05-20 22:15 - 2014-05-20 22:15 - 00000849 _____ () C:\Users\Public\Desktop\Xirrus Wi-Fi Inspector.lnk
2014-05-20 22:15 - 2014-05-20 22:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xirrus
2014-05-20 22:13 - 2014-05-20 22:13 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\Xirrus
2014-05-20 22:01 - 2014-05-20 22:01 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft Wireless Network Watcher
2014-05-20 21:45 - 2014-05-20 21:45 - 00000730 _____ () C:\Users\Peter\Desktop\Network Scanner.lnk
2014-05-20 21:45 - 2014-05-20 21:45 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\LizardSystems
2014-05-20 21:45 - 2014-05-20 21:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LizardSystems
2014-05-20 21:41 - 2014-05-20 21:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Dude
2014-05-19 15:18 - 2014-05-19 15:18 - 00002018 _____ () C:\Users\Public\Desktop\WD Link.lnk
2014-05-19 15:18 - 2014-05-19 15:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WD Link
2014-05-16 14:53 - 2014-05-16 14:53 - 00046601 _____ () C:\Windows\system32\style-inline.grep
2014-05-14 20:51 - 2014-05-14 20:51 - 00002140 _____ () C:\Windows\system32\.crusader
2014-05-14 20:49 - 2014-05-14 20:52 - 00030976 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2014-05-14 20:03 - 2014-05-14 20:03 - 00018597 _____ () C:\Users\Peter\AppData\Local\soulseek-client.dat.1400090591567
2014-05-10 19:52 - 2014-05-10 19:52 - 00017650 _____ () C:\Users\Peter\AppData\Local\soulseek-client.dat.1399744344824
2014-05-10 15:25 - 2014-05-10 15:25 - 00024907 _____ () C:\Users\Peter\AppData\Local\soulseek-client.dat.1399728304009
2014-05-08 13:56 - 2014-05-08 13:56 - 00001132 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-05-08 13:56 - 2014-05-08 13:56 - 00001120 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-05-08 13:54 - 2014-05-08 13:54 - 05676624 _____ (TeamViewer) C:\Users\Peter\Desktop\TeamViewerQS.exe
2014-05-08 13:47 - 2014-05-08 13:47 - 05676624 _____ (TeamViewer) C:\Users\Peter\Desktop\teamviewerqs (1).exe
2014-05-08 13:35 - 2014-05-08 13:35 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\npm
2014-05-07 22:51 - 2014-05-07 22:51 - 00000000 ____D () C:\Program Files\lessc
2014-05-07 22:05 - 2014-05-07 22:05 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\Titanium
2014-05-07 22:03 - 2014-05-07 22:03 - 00000000 ____D () C:\Users\Peter\New folder
2014-05-07 22:03 - 2014-05-07 22:03 - 00000000 ____D () C:\Program Files\SimpLESS
2014-05-07 20:42 - 2014-05-08 13:35 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\npm-cache
2014-05-07 20:42 - 2014-05-07 20:42 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\WinLess
 
==================== One Month Modified Files and Folders =======
 
2014-06-03 17:23 - 2014-03-16 21:35 - 00000000 ____D () C:\FRST
2014-06-03 17:23 - 2014-01-03 14:59 - 00000000 ____D () C:\Users\Peter\AppData\Local\Temp
2014-06-03 17:21 - 2014-06-03 17:21 - 00007642 _____ () C:\Users\Peter\AppData\Local\recently-used.xbel
2014-06-03 17:20 - 2014-06-02 21:15 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\deluge
2014-06-03 17:18 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-06-03 17:08 - 2014-06-02 19:37 - 00000600 _____ () C:\Users\Peter\AppData\Local\PUTTY.RND
2014-06-03 17:00 - 2014-01-31 00:19 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-03 16:50 - 2013-05-16 16:25 - 00001042 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-03 16:50 - 2013-05-16 16:22 - 00000000 ____D () C:\Users\Peter
2014-06-03 16:22 - 2014-06-03 16:22 - 00000200 _____ () C:\Users\Peter\Blue.Ruin.2013.720p.WEBRIP.x264.AC3.SiMPLE.torrent
2014-06-03 16:16 - 2013-05-16 16:26 - 00785302 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-03 16:16 - 2009-07-14 06:34 - 00017136 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-03 16:16 - 2009-07-14 06:34 - 00017136 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-03 16:11 - 2013-05-17 09:58 - 00000312 _____ () C:\Windows\Tasks\GlaryInitialize.job
2014-06-03 16:11 - 2013-05-16 16:25 - 00001038 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-03 16:10 - 2014-06-03 14:12 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-06-03 16:10 - 2014-01-13 10:08 - 00001059 _____ () C:\Windows\setupact.log
2014-06-03 16:10 - 2013-05-16 16:18 - 01420399 _____ () C:\Windows\WindowsUpdate.log
2014-06-03 16:10 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-03 15:41 - 2014-06-03 11:00 - 00000499 _____ () C:\Windows\BRWMARK.INI
2014-06-03 15:41 - 2014-06-03 11:00 - 00000026 _____ () C:\Windows\BRPP2KA.INI
2014-06-03 14:32 - 2014-06-03 14:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-06-03 14:31 - 2009-07-14 06:33 - 03810032 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-06-03 14:30 - 2009-07-14 09:50 - 00000000 ____D () C:\Program Files\Windows Journal
2014-06-03 14:30 - 2009-07-14 04:37 - 00000000 ____D () C:\Program Files\Common Files\System
2014-06-03 14:19 - 2014-06-03 14:17 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-03 14:14 - 2014-06-03 14:13 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Temp
2014-06-03 14:13 - 2014-06-03 14:13 - 00000020 ___SH () C:\Users\UpdatusUser\ntuser.ini
2014-06-03 14:13 - 2014-06-03 14:12 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-06-03 14:12 - 2014-06-03 14:12 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-06-03 14:12 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Help
2014-06-03 11:01 - 2014-06-03 11:00 - 00000040 _____ () C:\Windows\opt_1430.ini
2014-06-03 11:00 - 2014-06-03 11:00 - 00013109 _____ () C:\Windows\HL-1430.INI
2014-06-03 11:00 - 2014-06-03 11:00 - 00002078 _____ () C:\Users\Public\Desktop\HL-1430 Interactieve Help.lnk
2014-06-03 11:00 - 2014-06-03 11:00 - 00000184 _____ () C:\Windows\system32\brsvc01a.bsi
2014-06-03 11:00 - 2014-06-03 11:00 - 00000141 _____ () C:\Windows\BRVIDEO.INI
2014-06-03 11:00 - 2014-06-03 11:00 - 00000039 _____ () C:\Windows\BRDIAG.INI
2014-06-03 11:00 - 2014-06-03 11:00 - 00000030 _____ () C:\Windows\system32\BRSS01A.ini
2014-06-03 11:00 - 2014-06-03 11:00 - 00000023 _____ () C:\Windows\Brownie.ini
2014-06-03 11:00 - 2014-06-03 11:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother HL-1430
2014-06-03 11:00 - 2014-06-03 11:00 - 00000000 ____D () C:\Program Files\Common Files\InstallShield
2014-06-03 11:00 - 2014-06-03 11:00 - 00000000 ____D () C:\Program Files\Brownie
2014-06-03 11:00 - 2014-06-03 11:00 - 00000000 ____D () C:\Program Files\Brother
2014-06-03 11:00 - 2014-06-03 11:00 - 00000000 _____ () C:\Windows\BROHL143.INI
2014-06-03 11:00 - 2014-06-03 11:00 - 00000000 _____ () C:\Windows\brmx2001.ini
2014-06-03 10:59 - 2014-06-03 10:59 - 00000000 __RSH () C:\MSDOS.SYS
2014-06-03 10:59 - 2014-06-03 10:59 - 00000000 __RSH () C:\IO.SYS
2014-06-03 10:11 - 2013-05-17 09:56 - 00021392 _____ () C:\Users\Peter\_viminfo
2014-06-03 08:58 - 2013-05-16 18:44 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\vlc
2014-06-03 07:40 - 2014-06-03 07:23 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\FileZilla
2014-06-03 07:23 - 2014-06-03 07:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2014-06-02 22:50 - 2013-05-17 09:10 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\uTorrent
2014-06-02 21:15 - 2014-06-02 21:15 - 00000669 _____ () C:\Users\Public\Desktop\Deluge.lnk
2014-06-02 21:15 - 2014-06-02 21:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Deluge
2014-06-02 19:23 - 2014-06-02 19:23 - 00000921 _____ () C:\Users\Public\Desktop\PuTTY.lnk
2014-06-02 19:23 - 2014-06-02 19:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PuTTY
2014-06-02 19:23 - 2014-06-02 19:23 - 00000000 ____D () C:\Program Files\PuTTY
2014-06-02 18:00 - 2013-07-12 08:50 - 00000372 _____ () C:\Windows\Tasks\Allway Sync_{43674515F8A3790442124059D80191B4}.job
2014-06-01 12:55 - 2013-05-28 22:18 - 00000000 ____D () C:\Users\Peter\AppData\Local\CrashDumps
2014-06-01 12:28 - 2014-06-01 12:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image Writer
2014-05-31 16:20 - 2014-05-31 16:20 - 00001908 _____ () C:\Windows\diagwrn.xml
2014-05-31 16:20 - 2014-05-31 16:20 - 00001908 _____ () C:\Windows\diagerr.xml
2014-05-31 16:20 - 2014-01-13 10:08 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-31 16:20 - 2013-05-17 09:23 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\DAEMON Tools Lite
2014-05-30 14:59 - 2014-05-30 14:59 - 00010912 _____ () C:\Users\Peter\Desktop\dds.txt
2014-05-30 14:59 - 2014-05-30 14:59 - 00004710 _____ () C:\Users\Peter\Desktop\attach.txt
2014-05-30 14:04 - 2014-05-30 14:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cobian Backup 11
2014-05-30 14:04 - 2014-05-30 14:04 - 00000000 ____D () C:\Program Files\Cobian Backup 11
2014-05-30 11:07 - 2014-01-01 18:03 - 00000000 ____D () C:\ProgramData\nedaljejbiadmokbpinjpjbmengbabjj
2014-05-27 15:34 - 2014-04-23 20:08 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\SQLyog
2014-05-27 15:19 - 2014-01-06 09:27 - 00001440 _____ () C:\Users\Peter\Desktop\App-opstartprogramma van Chrome.lnk
2014-05-27 15:19 - 2013-05-16 16:25 - 00002223 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-27 15:18 - 2014-05-27 15:18 - 00000718 _____ () C:\Users\Public\Desktop\Slim Toolbar.lnk
2014-05-27 15:18 - 2014-05-27 15:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvisoft
2014-05-27 15:18 - 2014-04-18 12:45 - 00000000 ____D () C:\Users\Peter\Desktop\Hellemans
2014-05-27 15:13 - 2014-05-27 15:13 - 00000000 ____D () C:\Users\Peter\AppData\Local\Anvisoft
2014-05-27 15:10 - 2014-05-27 15:10 - 00000779 _____ () C:\Users\Public\Desktop\Cloud System Booster.lnk
2014-05-24 11:20 - 2014-01-03 14:59 - 00000000 ____D () C:\Users\Marloes\AppData\Local\Temp
2014-05-24 10:47 - 2013-06-12 17:08 - 00108824 _____ () C:\Users\Marloes\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-23 19:15 - 2014-05-23 19:15 - 00000750 _____ () C:\Users\Peter\Desktop\Revo Uninstaller.lnk
2014-05-23 19:15 - 2013-05-23 21:30 - 00000000 ___RD () C:\Users\Peter\Desktop\PC Tools
2014-05-23 14:41 - 2014-01-03 14:59 - 00000000 ____D () C:\Users\Freek\AppData\Local\Temp
2014-05-22 09:44 - 2014-01-25 11:54 - 00009974 _____ () C:\Windows\PFRO.log
2014-05-22 09:38 - 2014-02-05 13:36 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\JAM Software
2014-05-20 22:15 - 2014-05-20 22:15 - 00000849 _____ () C:\Users\Public\Desktop\Xirrus Wi-Fi Inspector.lnk
2014-05-20 22:15 - 2014-05-20 22:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xirrus
2014-05-20 22:13 - 2014-05-20 22:13 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\Xirrus
2014-05-20 22:01 - 2014-05-20 22:01 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft Wireless Network Watcher
2014-05-20 21:57 - 2013-05-20 16:38 - 00000000 ____D () C:\ProgramData\TEMP
2014-05-20 21:45 - 2014-05-20 21:45 - 00000730 _____ () C:\Users\Peter\Desktop\Network Scanner.lnk
2014-05-20 21:45 - 2014-05-20 21:45 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\LizardSystems
2014-05-20 21:45 - 2014-05-20 21:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LizardSystems
2014-05-20 21:41 - 2014-05-20 21:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Dude
2014-05-20 21:09 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-05-19 15:18 - 2014-05-19 15:18 - 00002018 _____ () C:\Users\Public\Desktop\WD Link.lnk
2014-05-19 15:18 - 2014-05-19 15:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WD Link
2014-05-19 15:18 - 2013-05-16 19:28 - 00000000 ____D () C:\Program Files\Western Digital
2014-05-16 14:53 - 2014-05-16 14:53 - 00046601 _____ () C:\Windows\system32\style-inline.grep
2014-05-15 11:11 - 2013-12-29 12:49 - 00068312 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-05-15 11:11 - 2013-05-17 09:13 - 00777488 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-05-15 11:11 - 2013-05-17 09:13 - 00411680 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-05-14 21:01 - 2013-05-17 10:04 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\GlarySoft
2014-05-14 20:55 - 2013-05-30 21:58 - 00000000 ___RD () C:\Users\Peter\Dropbox
2014-05-14 20:54 - 2013-05-28 21:33 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\Dropbox
2014-05-14 20:52 - 2014-05-14 20:49 - 00030976 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2014-05-14 20:51 - 2014-05-14 20:51 - 00002140 _____ () C:\Windows\system32\.crusader
2014-05-14 20:51 - 2014-04-18 12:05 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-05-14 20:45 - 2014-03-16 21:41 - 00003966 _____ () C:\Users\Peter\Desktop\Rkill.txt
2014-05-14 20:03 - 2014-05-14 20:03 - 00018597 _____ () C:\Users\Peter\AppData\Local\soulseek-client.dat.1400090591567
2014-05-14 19:50 - 2014-01-13 10:16 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-05-14 19:50 - 2014-01-13 10:16 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-05-14 09:00 - 2014-04-17 11:22 - 00001017 _____ () C:\Users\Peter\Desktop\Dropbox.lnk
2014-05-14 09:00 - 2014-04-01 10:18 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-12 11:32 - 2014-01-03 14:59 - 00000000 ____D () C:\Users\Iris\AppData\Local\Temp
2014-05-12 11:27 - 2009-07-14 06:52 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-05-10 19:52 - 2014-05-10 19:52 - 00017650 _____ () C:\Users\Peter\AppData\Local\soulseek-client.dat.1399744344824
2014-05-10 15:25 - 2014-05-10 15:25 - 00024907 _____ () C:\Users\Peter\AppData\Local\soulseek-client.dat.1399728304009
2014-05-10 14:54 - 2014-04-16 19:31 - 00006144 _____ () C:\Users\Peter\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-05-10 11:02 - 2013-06-21 20:27 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\Spotify
2014-05-09 22:19 - 2013-06-21 20:27 - 00000000 ____D () C:\Users\Peter\AppData\Local\Spotify
2014-05-09 09:08 - 2013-05-16 16:25 - 00108824 _____ () C:\Users\Peter\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-08 13:56 - 2014-05-08 13:56 - 00001132 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-05-08 13:56 - 2014-05-08 13:56 - 00001120 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-05-08 13:56 - 2013-07-31 11:13 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\TeamViewer
2014-05-08 13:56 - 2013-07-07 10:06 - 00000000 ____D () C:\Program Files\TeamViewer
2014-05-08 13:54 - 2014-05-08 13:54 - 05676624 _____ (TeamViewer) C:\Users\Peter\Desktop\TeamViewerQS.exe
2014-05-08 13:47 - 2014-05-08 13:47 - 05676624 _____ (TeamViewer) C:\Users\Peter\Desktop\teamviewerqs (1).exe
2014-05-08 13:35 - 2014-05-08 13:35 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\npm
2014-05-08 13:35 - 2014-05-07 20:42 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\npm-cache
2014-05-07 22:51 - 2014-05-07 22:51 - 00000000 ____D () C:\Program Files\lessc
2014-05-07 22:05 - 2014-05-07 22:05 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\Titanium
2014-05-07 22:05 - 2013-06-19 17:57 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\Apple Computer
2014-05-07 22:05 - 2013-06-19 17:57 - 00000000 ____D () C:\Users\Peter\AppData\Local\Apple Computer
2014-05-07 22:03 - 2014-05-07 22:03 - 00000000 ____D () C:\Users\Peter\New folder
2014-05-07 22:03 - 2014-05-07 22:03 - 00000000 ____D () C:\Program Files\SimpLESS
2014-05-07 20:42 - 2014-05-07 20:42 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\WinLess
2014-05-04 17:14 - 2014-06-03 14:17 - 90547776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
 
Some content of TEMP:
====================
C:\Users\Freek\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\Marloes\AppData\Local\Temp\install_flashplayer12x32ax_gtba_chra_dy_awc_aih[1].exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-05-29 12:10
 
==================== End Of Log ============================

Addition.txt:

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:02-06-2014
Ran by Peter at 2014-06-03 17:28:42
Running from Q:\TorrentNew
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
µTorrent (HKCU\...\uTorrent) (Version: 3.4.1.31139 - BitTorrent Inc.)
7-Zip 9.20 (HKLM\...\{23170F69-40C1-2701-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
ABN AMRO e.dentifier2 software (HKLM\...\{55BF7E3E-F00A-4A3D-BB76-09228B35FFD6}) (Version: 02.00 - ABN AMRO BANK)
Adobe Dreamweaver CS6 (HKLM\...\{A4ED5E53-7AA0-11E1-BF04-B2D4D4A5360E}) (Version: 12 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 9.0.124.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.)
Apple Application Support (HKLM\...\{21FC2093-6E43-460B-B9B0-5F5AA35BBB0F}) (Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{10E3A6DD-84D8-4D8A-BB11-5E5314BCA7FD}) (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
avast! Free Antivirus (HKLM\...\avast) (Version: 9.0.2018 - Avast Software)
Belarc Advisor 8.3 (HKLM\...\Belarc Advisor) (Version: 8.3.2.0 - Belarc Inc.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Brother HL-1430 (HKLM\...\Brother HL-1430) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 4.07 - Piriform)
Cloud System Booster (HKLM\...\Cloud System Booster) (Version: 3.2 - Anvisoft)
Cobian Backup 11 Gravity (HKLM\...\CobBackup11) (Version:  - )
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.47.1.0333 - Disc Soft Ltd)
De Simsâ„¢ 3 (HKLM\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.50.56 - Electronic Arts)
Deluge 1.3.6 (HKLM\...\Deluge) (Version:  - )
Dropbox (HKCU\...\Dropbox) (Version: 2.6.33 - Dropbox, Inc.)
EA Download Manager (HKLM\...\EADM) (Version: 5.0.0.255 - Electronic Arts, Inc.)
FileZilla Client 3.8.1 (HKLM\...\FileZilla Client) (Version: 3.8.1 - Tim Kosse)
Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 6.0.2.413 - Foxit Corporation)
Glary Utilities Pro 2.52.0.1698 (HKLM\...\Glary Utilities_is1) (Version: 2.52.0.1698 - Glarysoft Ltd)
Google Chrome (HKLM\...\Google Chrome) (Version: 32.0.1700.102 - Google Inc.)
Google Drive (HKLM\...\{56D4499E-AC3E-4B8D-91C9-C700C148C44B}) (Version: 1.13.5782.599 - Google, Inc.)
Google Update Helper (Version: 1.3.22.3 - Google Inc.) Hidden
HiJackThis (HKLM\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.216 - SurfRight B.V.)
iTunes (HKLM\...\{C4780F70-8F21-4F0C-95FE-32FF3E2F9247}) (Version: 11.1.4.62 - Apple Inc.)
Java 7 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)
Java Auto Updater (Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden
LastPass(alleen deïnstalleren) (HKLM\...\LastPass) (Version:  - LastPass)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (Dutch) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (Dutch) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (Dutch) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (Dutch) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Language Pack 2010 - Dutch/Nederlands (HKLM\...\Office14.OMUI.nl-nl) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office O MUI (Dutch) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (Dutch) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (Dutch) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (Dutch) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Dutch) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (Dutch) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (Dutch) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (Dutch) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office SharePoint Designer MUI (Dutch) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (Dutch) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office X MUI (Dutch) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Mozilla Firefox 26.0 (x86 nl) (HKLM\...\Mozilla Firefox 26.0 (x86 nl)) (Version: 26.0 - Mozilla)
Mp3tag v2.57 (HKLM\...\Mp3tag) (Version: v2.57 - Florian Heidenreich)
MusicBee 2.0 (HKLM\...\MusicBee) (Version: 2.0 - Steven Mayall)
NetBeans IDE 7.4 (HKLM\...\nbi-nb-base-7.4.0.0.201310111528) (Version: 7.4 - NetBeans.org)
Network Scanner version 3.3.0.160 (HKLM\...\Network Scanner_is1) (Version:  - LizardSystems)
NirSoft Wireless Network Watcher (HKLM\...\NirSoft Wireless Network Watcher) (Version:  - )
NVIDIA 3D Vision Driver 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Control Panel 311.06 (Version: 311.06 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.108.688 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.1106 - NVIDIA Corporation) Hidden
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PuTTY version 0.63 (HKLM\...\PuTTY_is1) (Version: 0.63 - Simon Tatham)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
SABnzbd 0.7.12 (HKLM\...\SABnzbd) (Version: 0.7.12 - The SABnzbd Team)
Slim Toolbar 1.3 (HKLM\...\Slim Toolbar) (Version: 1.3 - Anvisoft)
Snagit 11 (HKLM\...\{44BD21C2-9132-48DB-B65B-23817E4C6F4B}) (Version: 11.2.0 - TechSmith Corporation)
SoulseekQt (HKLM\...\SoulseekQt) (Version:  - )
SpotGrit (HKLM\...\{CAE3F0B1-E487-40DF-A9DE-8E56D02B75C1}) (Version: 1.4.0 - SpotGrit)
Spotify (HKCU\...\Spotify) (Version: 0.9.8.296.g91f68827 - Spotify AB)
Spotnet (HKLM\...\{12947715-B6F0-4597-816F-5E13FB647921}_is1) (Version: 1.8.1 - Spotnet)
SQLyog 10.0 Beta1 (HKLM\...\SQLyog) (Version: 10.0 Beta1 - Webyog Inc.)
TeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.28223 - TeamViewer)
The Dude (HKLM\...\Dude) (Version:  - )
Vim 7.3 (self-installing) (HKLM\...\Vim 7.3) (Version:  - )
VLC media player 2.0.8 (HKLM\...\VLC media player) (Version: 2.0.8 - VideoLAN)
WD Link (HKLM\...\WD Link) (Version: 1.00.03 - Western Digital)
Win32DiskImager version 0.9.5 (HKLM\...\{D074CE74-912A-4AD3-A0BF-3937D9D01F17}_is1) (Version: 0.9.5 - ImageWriter Developers)
WinDirStat 1.1.2 (HKCU\...\WinDirStat) (Version:  - )
XAMPP 1.8.1-0 (HKLM\...\xampp) (Version: 1.8.1-0 - BitNami)
Xirrus Wi-Fi Inspector (HKLM\...\{BBB21AB1-2C45-435D-A05A-B563072E7B9B}) (Version: 1.2.1.4 - Xirrus)
xplorer² lite 32 bit (HKLM\...\xplorer2l) (Version: 2.3.0.1 - Zabkat)
xplorer² Ultimate 32 bit (HKLM\...\xplorer2p_u) (Version: 2.3.0.1 - Zabkat)
 
==================== Restore Points  =========================
 
20-05-2014 20:14:02 Installed Xirrus Wi-Fi Inspector
22-05-2014 07:37:48 Davilex Cash Personal is verwijderd
22-05-2014 07:39:52 Removed grepWin
23-05-2014 17:17:16 Revo Uninstaller's restore point - Free Video to iPod Converter version 5.0.25.610
27-05-2014 13:10:41 Anvi CSB 3.2
03-06-2014 12:11:09 Windows Update
 
==================== Hosts content: ==========================
 
2009-07-14 04:04 - 2014-05-22 16:27 - 00001883 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 loc
127.0.0.1 symfony.loc
127.0.0.1 rabo.loc
127.0.0.1 energievoor
127.0.0.1 bs3
127.0.0.1 demo
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 adobe.activate.com
127.0.0.1 hl2rcv.adobe.com
127.0.0.1 209.34.83.73:443
127.0.0.1 209.34.83.73:43
127.0.0.1 209.34.83.73
127.0.0.1 209.34.83.67:443
127.0.0.1 209.34.83.67:43
127.0.0.1 209.34.83.67
127.0.0.1 ood.opsource.net
 
There are 6 more lines.
 
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {10F8B70F-6BEB-4142-A1D8-F898DBBE8FC6} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {15F95FAB-8861-4375-979D-B8E6FABB4CB9} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-10-22] (Piriform Ltd)
Task: {2DF50E26-FC98-4830-AA57-B9BA26D0933B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-05-16] (Google Inc.)
Task: {3D767B57-9EF7-4AC8-A054-309FB8C3E2BA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-05-16] (Google Inc.)
Task: {67D8A674-DC46-428A-9F6A-9C078D3798B1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated)
Task: {7CD45FB6-6E94-4C8D-A30E-B0E7B313AA42} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-04-23] (AVAST Software)
Task: {8953B7EF-0DE8-42F1-B7BF-DC3182567B6D} - System32\Tasks\GlaryInitialize => C:\Program Files\Glary Utilities\initialize.exe [2013-01-05] (Glarysoft Ltd)
Task: {B344460A-1713-4227-B5A6-E875E887C53D} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2013-05-31] ()
Task: {D154B13E-44F5-401C-9C70-F70C1C0832C0} - System32\Tasks\Allway Sync_{43674515F8A3790442124059D80191B4} => D:\Program Files\Allway Sync\Bin\syncappw.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Allway Sync_{43674515F8A3790442124059D80191B4}.job => D:\Program Files\Allway Sync\Bin\syncappw.exe
Task: C:\Windows\Tasks\GlaryInitialize.job => C:\Program Files\Glary Utilities\initialize.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-06-03 14:12 - 2013-01-18 16:20 - 00079648 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2014-06-03 11:26 - 2014-06-03 11:26 - 02260480 _____ () C:\Program Files\AVAST Software\Avast\defs\14060300\algo.dll
2014-06-01 11:08 - 2014-06-01 11:08 - 00035328 _____ () D:\Program Files\FileZilla FTP Client\fzshellext.dll
2014-05-24 18:41 - 2014-05-24 18:41 - 00091648 _____ () D:\Program Files\FileZilla FTP Client\libgcc_s_sjlj-1.dll
2014-05-24 18:41 - 2014-05-24 18:41 - 00892416 _____ () D:\Program Files\FileZilla FTP Client\libstdc++-6.dll
2013-12-02 09:57 - 2013-12-02 09:57 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-05-17 12:52 - 2012-09-21 00:24 - 02564096 _____ () C:\xampp\xampp-control.exe
2013-05-17 12:53 - 2012-04-04 18:47 - 00108032 _____ () c:\xampp\apache\bin\pcre.dll
2013-05-17 12:54 - 2012-09-17 12:05 - 00025088 _____ () C:\xampp\php\php5apache2_4.dll
2013-05-17 12:53 - 2012-07-20 20:08 - 08186368 _____ () c:\xampp\mysql\bin\mysqld.exe
2013-05-17 12:53 - 2012-04-04 18:47 - 00108032 _____ () C:\xampp\apache\bin\pcre.dll
2013-10-25 14:08 - 2013-10-11 16:50 - 00054129 _____ () D:\Program Files\NetBeans 7.4\ide\modules\lib\extbrowser.dll
2014-01-30 23:55 - 2014-01-23 07:56 - 00715544 _____ () C:\Program Files\Google\Chrome\Application\32.0.1700.102\libglesv2.dll
2014-01-30 23:55 - 2014-01-23 07:56 - 00100120 _____ () C:\Program Files\Google\Chrome\Application\32.0.1700.102\libegl.dll
2014-01-30 23:55 - 2014-01-23 07:56 - 04055320 _____ () C:\Program Files\Google\Chrome\Application\32.0.1700.102\pdf.dll
2014-01-30 23:55 - 2014-01-23 07:57 - 00399640 _____ () C:\Program Files\Google\Chrome\Application\32.0.1700.102\ppGoogleNaClPluginChrome.dll
2014-01-30 23:55 - 2014-01-23 07:55 - 01634584 _____ () C:\Program Files\Google\Chrome\Application\32.0.1700.102\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
AlternateDataStreams: C:\ProgramData\TEMP:0348410E
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== EXE Association (whitelisted) =============
 
 
==================== Disabled items from MSCONFIG ==============
 
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: cbVSCService11 => 2
MSCONFIG\Services: CobianBackup11 => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: TeamViewer8 => 2
MSCONFIG\Services: TeamViewer9 => 2
MSCONFIG\Services: TwonkyProxy => 3
MSCONFIG\Services: TwonkyServer => 3
MSCONFIG\Services: TwonkyWebDav => 3
MSCONFIG\Services: Update SecretSauce => 2
MSCONFIG\Services: Util SecretSauce => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Install LastPass FF RunOnce.lnk => C:\Windows\pss\Install LastPass FF RunOnce.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Install LastPass IE RunOnce.lnk => C:\Windows\pss\Install LastPass IE RunOnce.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^MediaServer.lnk => C:\Windows\pss\MediaServer.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Peter^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Peter^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Schermopname en Snel starten.lnk => C:\Windows\pss\OneNote 2010 Schermopname en Snel starten.lnk.Startup
MSCONFIG\startupreg: 20131121 => C:\Program Files\AVAST Software\Avast\setup\emupdate\24f77fdb-630b-482a-bb83-84940a0075dd.exe /check
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: CFA4BAFF5696A87DDBFEBDBB843936345DB9A8D9._service_run => "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=service
MSCONFIG\startupreg: CloudSystemBooster => "D:\Program Files\Cloud System Booster\CloudSystemBooster.exe"  /hide /autorun
MSCONFIG\startupreg: Cobian Backup 11 interface => "D:\Program Files\Cobian Backup 11\cbInterface.exe" -service
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: GoogleChromeAutoLaunch_14883A56D9D426BB697F73C8366CAF1F => "C:\Program Files\Google\Chrome\Application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: GoogleDriveSync => "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: mobilegeni daemon => C:\Program Files\Mobogenie\DaemonProcess.exe
MSCONFIG\startupreg: NextLive => C:\Windows\system32\rundll32.exe "C:\Users\Peter\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Peter\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: ToolbarTray => D:\Program Files\Slim Toolbar\ToolbarTray.exe
MSCONFIG\startupreg: WinLess => C:\Program Files\Mark Lagendijk\WinLess\WinLess.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/01/2014 00:54:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Win32DiskImager.exe, version: 0.9.5.0, time stamp: 0x53126554
Faulting module name: libgcc_s_dw2-1.dll, version: 0.0.0.0, time stamp: 0x516ee128
Exception code: 0xc0000094
Fault offset: 0x0000756d
Faulting process id: 0x1534
Faulting application start time: 0xWin32DiskImager.exe0
Faulting application path: Win32DiskImager.exe1
Faulting module path: Win32DiskImager.exe2
Report Id: Win32DiskImager.exe3
 
Error: (05/31/2014 02:53:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13166
 
Error: (05/31/2014 02:53:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13166
 
Error: (05/31/2014 02:53:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (05/31/2014 02:53:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12152
 
Error: (05/31/2014 02:53:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 12152
 
Error: (05/31/2014 02:53:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (05/31/2014 02:53:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11138
 
Error: (05/31/2014 02:53:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 11138
 
Error: (05/31/2014 02:53:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
 
System errors:
=============
Error: (06/03/2014 04:10:58 PM) (Source: Service Control Manager) (EventID: 7002) (User: )
Description: The BrPar service depends on the Parallel arbitrator group and no member of this group started.
 
Error: (06/03/2014 02:31:12 PM) (Source: Service Control Manager) (EventID: 7002) (User: )
Description: The BrPar service depends on the Parallel arbitrator group and no member of this group started.
 
Error: (06/03/2014 11:00:31 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The BrPar service depends on the Parallel port driver service which failed to start because of the following error: 
%%1058
 
Error: (06/03/2014 11:00:24 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The BrSplService service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (05/30/2014 11:02:28 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 22:52:32 on ‎29-‎5-‎2014 was unexpected.
 
Error: (05/25/2014 00:20:15 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
 
Error: (05/14/2014 08:52:36 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The HitmanPro 3.7 Crusader (Boot) service terminated with service-specific error %%0.
 
Error: (05/14/2014 08:52:00 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (05/14/2014 08:48:35 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (05/14/2014 08:48:35 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
 
Microsoft Office Sessions:
=========================
Error: (06/01/2014 00:54:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Win32DiskImager.exe0.9.5.053126554libgcc_s_dw2-1.dll0.0.0.0516ee128c00000940000756d153401cf7d844da9b884D:\Program Files\ImageWriter\Win32DiskImager.exeD:\Program Files\ImageWriter\libgcc_s_dw2-1.dll294136bd-e97b-11e3-a67d-001aa09ad3de
 
Error: (05/31/2014 02:53:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13166
 
Error: (05/31/2014 02:53:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13166
 
Error: (05/31/2014 02:53:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (05/31/2014 02:53:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12152
 
Error: (05/31/2014 02:53:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 12152
 
Error: (05/31/2014 02:53:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (05/31/2014 02:53:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11138
 
Error: (05/31/2014 02:53:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 11138
 
Error: (05/31/2014 02:53:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
 
CodeIntegrity Errors:
===================================
  Date: 2013-08-21 20:39:40.666
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6000.16386_none_6d564c64c358b59e\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-08-21 20:39:40.620
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6000.16386_none_6d564c64c358b59e\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-08-21 20:39:40.573
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6000.16386_none_6d564c64c358b59e\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-08-21 20:39:37.281
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.0.6000.16386_none_32a3e3ecf533e7fe\fveapi.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-08-21 20:39:37.234
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.0.6000.16386_none_32a3e3ecf533e7fe\fveapi.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-08-21 20:39:37.188
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.0.6000.16386_none_32a3e3ecf533e7fe\fveapi.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-08-21 20:39:13.585
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6000.16386_none_ec55d170f27a97bb\bcrypt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-08-21 20:39:13.538
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6000.16386_none_ec55d170f27a97bb\bcrypt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-08-21 20:39:13.491
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6000.16386_none_ec55d170f27a97bb\bcrypt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-08-21 20:38:27.455
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\Backup\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6000.16386_none_ec55d170f27a97bb_bcrypt.dll_e2f091ac because the set of per-page image hashes could not be found on the system.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,950 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:15 AM

Posted 03 June 2014 - 01:04 PM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start
(Oracle Corporation) D:\Program Files\NetBeans 7.4\bin\netbeans.exeSearchScopes: HKLM - DefaultScope value is missing.
FF Extension: SecretSauce - C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\zka1ysaz.default\Extensions\firefox@secretsauce.biz.xpi [2014-01-24]
CHR StartupUrls: "hxxp://www.anvisoft.com/resources/how-to-remove-awesomehp-com-redirect-browser-hijacker-removal-guide/", "hxxp://www.anvisoft.com/cloud-system-booster.html?refer=resources-tinna-0122-1", "hxxp://download.cnet.com/Cloud-System-Booster/3000-18512_4-75713450.html?part=dl-&subj=dl&tag=button"
CHR Plugin: (Shockwave Flash) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\PepperFlash\11.7.700.202\pepflashplayer.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VLC\npvlc.dll No File
CHR Extension: (ReguelarDealos) - C:\ProgramData\nedaljejbiadmokbpinjpjbmengbabjj [2014-01-01]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:0348410E
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.
===

How is the computer performing now?

#5 pjotrb

pjotrb
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Amsterdam
  • Local time:07:15 AM

Posted 04 June 2014 - 01:53 PM

Hi nasdaq,

Below the post of Fixlog.txt.  I notice that the virus extension isn't present anymore in the Chrome Extensions !! Thanks for that !!

Can you point out which application was the troublemaker ?

 

Thanks again..   pjotrb.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:02-06-2014
Ran by Peter at 2014-06-04 20:43:00 Run:1
Running from C:\Users\Peter\Desktop\PC Tools\Virus
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
start
(Oracle Corporation) D:\Program Files\NetBeans 7.4\bin\netbeans.exeSearchScopes: HKLM - DefaultScope value is missing.
FF Extension: SecretSauce -
C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\zka1ysaz.default\Extensions\firefox@secretsauce.biz.xpi [2014-01-24]
CHR StartupUrls: "hxxp://www.anvisoft.com/resources/how-to-remove-awesomehp-com-redirect-browser-hijacker-removal-guide/", "hxxp://www.anvisoft.com/cloud-system-booster.html?refer=resources-tinna-0122-1", "hxxp://download.cnet.com/Cloud-System-Booster/3000-18512_4-75713450.html?part=dl-&subj=dl&tag=button"
CHR Plugin: (Shockwave Flash) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\PepperFlash\11.7.700.202\pepflashplayer.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VLC\npvlc.dll No File
CHR Extension: (ReguelarDealos) - C:\ProgramData\nedaljejbiadmokbpinjpjbmengbabjj [2014-01-01]
CHR HKLM\SOFTWARE\Policies\Google: Policy
restriction <======= ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:0348410E
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1
 
End
 
 
*****************
 
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
FF Extension: SecretSauce - => not found.
"C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\zka1ysaz.default\Extensions\firefox@secretsauce.biz.xpi [2014-01-24]" => File/Directory not found.
CHR StartupUrls: "hxxp://www.anvisoft.com/resources/how-to-remove-awesomehp-com-redirect-browser-hijacker-removal-guide/", "hxxp://www.anvisoft.com/cloud-system-booster.html?refer=resources-tinna-0122-1", "hxxp://download.cnet.com/Cloud-System-Booster/3000-18512_4-75713450.html?part=dl-&subj=dl&tag=button" ==> The Chrome "Settings" can be used to fix the entry.
C:\Users\Peter\AppData\Local\Google\Chrome\User Data\PepperFlash\11.7.700.202\pepflashplayer.dll not found.
C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll not found.
C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll not found.
C:\Program Files\VLC\npvlc.dll not found.
C:\ProgramData\nedaljejbiadmokbpinjpjbmengbabjj => Moved successfully.
HKLM\SOFTWARE\Policies\Google => Key deleted successfully.
C:\ProgramData\TEMP => ":0348410E" ADS removed successfully.
C:\ProgramData\TEMP => ":D1B5B4F1" ADS removed successfully.
 
==== End of Fixlog ====

Hi Nasdaq,

 

Hereby the results of the checkup program:

 

 Results of screen317's Security Check version 0.99.83  
 Windows 7 Service Pack 1 x86 (UAC is enabled)  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware version 1.75.0.1300  
 CCleaner     
 Java 7 Update 25  
 Java version out of Date! 
 Adobe Flash Player 13.0.0.214  
 Mozilla Firefox (26.0) 
 Google Chrome 31.0.1650.63  
 Google Chrome 32.0.1700.102  
````````Process Check: objlist.exe by Laurent````````  
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast avastui.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 10% 
````````````````````End of Log`````````````````````` 


#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,950 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:15 AM

Posted 05 June 2014 - 07:26 AM

CHR StartupUrls: "hxxp://www.anvisoft.com/resources/how-to-remove-awesomehp-com-redirect-browser-hijacker-removal-guide/", "hxxp://www.anvisoft.com/cloud-system-booster.html?refer=resources-tinna-0122-1", "hxxp://download.cnet.com/Cloud-System-Booster/3000-18512_4-75713450.html?part=dl-&subj=dl&tag=button" ==> The Chrome "Settings" can be used to fix the entry


Reset Chrome...
Click on "Customize and control Google Chrome":
 
p22003758.gif
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Restart Chrome.
====
 

Can you point out which application was the troublemaker ?


This Chrome extension from (ReguelarDealos)
C:\ProgramData\nedaljejbiadmokbpinjpjbmengbabjj => Moved successfully.

Read about it.
http://malwaretips.com/blogs/ads-by-regular-deals-virus/
===

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Latest version is Java JRE 7u60.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882


If present remove the old version(s) of Java using the Add/Remove Programs applet.

Java 7 Update 25

===

If all is well:

Please consider using these ideas to help secure your computer. While there is no way to guarantee safety when you use a computer, these steps will make it much less likely that you will need to endure another infection. While we really like to help people, we would rather help you protect yourself so that you won't need that help in the future.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates or get into the habit of checking Windows Update regularly. They usually have security updates every month. You can set Windows to notify you of Updates so that you can choose, but only do this if you believe you are able to understand which ones are needed. This is a crucial security measure.

Having an effective antivirus is a must for everyone.
In addition to many excellent commercial products there are plenty of good free antivirus programs available. I can recommend:

If you are satisfied with your current protection programs you can ignore the instructions on Antivirus or Firewall listed below.In addition to an antivirus I recommend using a firewall. A software firewall is a software program that helps screen out hackers, viruses, and worms that try to reach your computer over the Internet. I can recommend one of the following free products:Please note: Many installer offer third-party downloads that are installed automatically when you do not uncheck certain checkboxes. While most of the time not being malicious you usually do not want these on your computer. Be careful during the installation process and you will avoid seeing tons of new unwanted toolbars in your favorite web browser.

Please consider installing and running some of the following programs; they are either free or have free versions of commercial programs:

Malwarebytes Anti-Malware (MBAM)
The free version of MBAM can be used to scan the system for traces of malware. Scanning your system regularly will make it harder for malware to reside on your system.
A tutorial on using MBAM can be found here.
Please Note: Only the paid for version has real time capabilities.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent malware from ever installing on your computer may be found here.

Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster can be run with any of them.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.

Please keep your programs up to date. This applies to Java, Adobe Flashplayer, Adobe Reader and your Internet Browsers in particular. Vulnerabilities in these programs are often exploited in order to install malware on your PC. Visiting a prepared web page suffices to infect your system.

In general Firefox, Opera and Google Chrome are considered to be more secure than Internet Explorer. In addition there are many useful add-ons that can protect you from possible risks:
  • WOT will warn you when you try to visit sites with poor reputation. The reputation is based on user ratings and is usually very accurate.
  • Script Blocker can help blocking many attempts to infect your system via malicious websites by only allowing scripts at sites you trust.
  • NoScript is a popular Firefox addon,
  • ScriptNo a popular Google Chrome addon.
For much more useful information, please also read Tony Klein's excellent article: How did I get infected in the first place

Hopefully these steps will help to keep you error free. If you run into more difficulty, we will certainly do what we can to help.
===

#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,950 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:15 AM

Posted 11 June 2014 - 08:08 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users