Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

websearches - an unremovable bind


  • This topic is locked This topic is locked
10 replies to this topic

#1 bollemanneke

bollemanneke

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:58 AM

Posted 25 June 2014 - 07:56 AM

Hi everyone.

I've been searching frantically for a few hours now but this problem seems to be totally beyond my control, so I came here for advice. I'll try to be as detailed as possible.

Yesterday evening I wanted to download Mp3Gain from their official website. The setup turned out to be one of these online thingies in which you don't get a wizard but stay on the webpage. My screenreader (I'm blind) had trouble converting it all to braille so I wasn't able to read everything as usuaul, but I managed to install it anyway. Then the problems started. Suddenly my desktop was full of junk I never wanted to have: System Speedup, Websearches, etc, etc.

I immediately tried to remove as much as I could (including MP3Gain) using the Windows 7 Control Panel and most of the mess was easily removable. Wesearches was not. It immediately took over Internet Explorer (I can't use another browser) and even though I changed my home page back to Google multiple times, websearches  kept popping up. I tried to remove Websearches via the control panel, but basically the only thing that happened was me sitting here with a 'Please wait' dialog box for five minutes, and then it said the removal happened succesfully. Great, except for the fact that it didn't remove anything at all. The programme remained on my control panel but kept saying it was already removed.

I scanned my PC with aVG 2014 several times but it didn't come up with anything, so it can't be really dangerous. My frustrations finally got the better of me though, so I downloaded Perfect Uninstaller, but the wizard didn't make sense to me at all and it wasn't able to remove anything websearch-related. I ended up forcing it to delete websearches from my registry, which was possible, but it still is on my computer, it just doesn't show up anywhere as a programme anymore.

I searched some more and they say on some places that you have to remove the IE add-on called websearches. I tried to do that, but the thing is, there really is no such add-on in my list of add-ons at all.
I reset IE back to standard settings, did a system restore, but still, nothing.

WHAT ON EARTH DO I DO NOW? As far as I know, websearches is not really harmful, but it just has to be removed from my computer. I tried installing it again in order to be able to try and remove it properly, but the website seems to have removed the corrupted link to Mp3Gain.

Any thoughts, anyone? I can't afford to re-install Windows 7 at this time of year.



BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:58 AM

Posted 25 June 2014 - 08:21 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 
 
 
 
 
HijackThis is not the preferred initial scanning tool in this forum. With today's malware, a more comprehensive set of logs is required to determine the presence of malware.
 
 
 
 
Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)
 
  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.

 
 
 
 
 Scan with aswMBR

Please download aswMBR ( 4.5MB ) to your desktop.
  • Double click the aswMBR.exe icon, and click Run.
  • There will be a short delay before the next dialog box comes up. Please just wait a minute or two.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Typically this is about a 100MB download so depending on your connection speed it can take a short while to download and become ready.
  • Click the Scan button to start the scan once the update has finished downloading
  • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.

Note: There will also be a file on your desktop named MBR.dat do not delete this for now. It is an actual backup of the MBR (master boot record).


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 bollemanneke

bollemanneke
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:58 AM

Posted 25 June 2014 - 09:49 AM

Thank you very much for your extensive reply. Please give me until Friday to start this process. I need to revise for my last exam first, after that I'll start following your instructions at once.



#4 bollemanneke

bollemanneke
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:58 AM

Posted 25 June 2014 - 11:54 AM

Okay, I'm back, studying went well and I really appreciated your help so here are the results TSR gave me. I had to run the programme instead of saving it to the Desktop, though. Am I allowed to carry on with the next programme? Thank you again for your help!

 

FRST.TXT

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:25-06-2014
Ran by Vincent (administrator) on VINCENT-PC on 25-06-2014 18:44:35
Running from C:\Users\Vincent\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B9P2O7YT
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgrsx.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Creative Technology Ltd) C:\Program Files\Creative\Shared Files\CTAudSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Cherished Technololgy LIMITED) C:\ProgramData\IePluginServices\PluginService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgemcx.exe
(Egis Technology Inc.) C:\Program Files\Acer Bio Protection\BASVC.exe
(InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(O2Micro International) C:\Windows\System32\drivers\o2flash.exe
(ClientConnect Ltd.) C:\Program Files\Tbccint\ToolbarService\ToolbarService.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
() C:\Windows\PLFSetI.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Creative Technology Ltd.) C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
() C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Freedom Scientific BLV Group, LLC) C:\Program Files\Freedom Scientific\JAWS\11.0\jfw.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe
(Macrovision Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
(Impacct) C:\Program Files\Plustek\OpticBook 3600\Am32Plus.exe
(Freedom Scientific LLC.) C:\Program Files\Freedom Scientific\JAWS\11.0\fsATProxy.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Mail\wlmail.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Contacts\wlcomm.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(Farbar) C:\Users\Vincent\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B9P2O7YT\FRST[1].exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2009-12-23] (Intel

Corporation)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-06-30] (Advanced Micro

Devices, Inc.)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-02-11] (Intel

Corporation)
HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [200704 2008-07-29] ()
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1549608 2009-08-14] (Synaptics Incorporated)
HKLM\...\Run: [Module Loader] => C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe [57344 2007-07-23] (Creative

Technology Ltd.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems

Incorporated)
HKLM\...\Run: [VolPanel] => C:\Program Files\Creative\Sound Blaster X-Fi Surround 5.1 Pro\Volume Panel\VolPanlu.exe [241789 2010

-02-18] (Creative Technology Ltd)
HKLM\...\Run: [Creative SB Monitoring Utility] => C:\Windows\system32\sbavmon.dll [103936 2010-07-29] (Creative Technology Ltd.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2012-02-20]

(Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)
HKLM\...\Run: [WrtMon.exe] => C:\Windows\system32\spool\drivers\w32x86\3\WrtMon.exe [20480 2006-09-20] ()
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10996368 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [WinampAgent] => "C:\Program Files\Winamp\winampa.exe"
HKLM\...\Run: [JAWS] => C:\Program Files\Freedom Scientific\JAWS\11.0\jfw.exe [4471064 2010-05-17] (Freedom Scientific BLV Group,

LLC)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle

Corporation)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2014\avgui.exe [5181456 2014-05-13] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [fst_be_17] => [X]
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-1926034506-3658006345-3702480741-1001\...\Run: [Sidebar] => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
HKU\S-1-5-21-1926034506-3658006345-3702480741-1001\...\Run: [BitTorrent] => "C:\Program Files\BitTorrent\BitTorrent.exe"
HKU\S-1-5-21-1926034506-3658006345-3702480741-1001\...\Run: [RGSC] => C:\Program Files\Rockstar Games\Rockstar Games Social Club

\RGSCLauncher.exe /silent
HKU\S-1-5-21-1926034506-3658006345-3702480741-1001\...\Run: [Xvid] => C:\Program Files\XviD\CheckUpdate.exe [8192 2011-01-17] ()
HKU\S-1-5-21-1926034506-3658006345-3702480741-1001\...\Run: [ISUSPM] => C:\Program Files\Common Files\InstallShield

\UpdateService\ISUSPM.exe [213936 2006-03-20] (Macrovision Corporation)
HKU\S-1-5-21-1926034506-3658006345-3702480741-1001\...\Run: [AVG-Secure-Search-Update_1213b] => C:\Users\Vincent\AppData\Roaming

\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe /PROMPT /mid=507b9e5f92e04c77a5b4745918514964-

d6e7e112a8adc29b4e70f599b59e6ea1a47154c2 /CMPID=1213b
HKU\S-1-5-21-1926034506-3658006345-3702480741-1001\...\Run: [BackgroundContainerV2] => "C:\Windows\system32\Rundll32.exe" "C:

\Users\Vincent\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun
HKU\S-1-5-21-1926034506-3658006345-3702480741-1001\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x91000000
AppInit_DLLs: C:\PROGRA~1\SupTab\SEARCH~1.DLL => C:\Program Files\SupTab\SearchProtect32.dll [91248 2014-05-08] (Skytech Co.,

Ltd.)
Lsa: [Notification Packages] C:\Program Files\Acer Bio Protection\PwdFilter
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Action Express.lnk
ShortcutTarget: Action Express.lnk -> C:\Program Files\Plustek\OpticBook 3600\Am32Plus.exe (Impacct)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Audio Spooler.lnk
ShortcutTarget: Audio Spooler.lnk -> C:\Windows\Installer\{A7AB0D8F-9F5C-463B-8A07-0A0DCEF0F5F9}\AudioSpooler.exe (Macrovision

Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
ShortcutTarget: VPN Client.lnk -> C:\Windows\Installer\{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}\Icon3E5562ED7.ico ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://be.msn.com/default.aspx?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = nl-be
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.webssearches.com/web/?

type=ds&ts=1403635565&from=slbnew&uid=TOSHIBAXMK5055GSX_491JT0JATXX491JT0JAT&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://istart.webssearches.com/web/?

type=ds&ts=1403635565&from=slbnew&uid=TOSHIBAXMK5055GSX_491JT0JATXX491JT0JAT&q={searchTerms}
URLSearchHook: HKLM - (No Name) - {87775fdb-6972-41f9-ae51-8326e38cb206} -  No File
URLSearchHook: HKLM - NCH EN Toolbar - {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Users\Vincent\AppData\LocalLow\NCH_EN

\prxtbNCH_.dll (ClientConnect Ltd.)
URLSearchHook: HKLM - NCH Toolbar - {c2db4fe6-8409-45ce-8010-189a7b5cce86} - C:\Users\Vincent\AppData\LocalLow\NCH\prxtbNC0.dll

(ClientConnect Ltd.)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://istart.webssearches.com/?

type=sc&ts=1403635565&from=slbnew&uid=TOSHIBAXMK5055GSX_491JT0JATXX491JT0JAT
BHO: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files\SupTab\SupTab.dll (Thinknice Co. Limited)
BHO: NCH EN Toolbar - {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Users\Vincent\AppData\LocalLow\NCH_EN\prxtbNCH_.dll

(ClientConnect Ltd.)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper

\SearchHelper.dll (Microsoft Corp.)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle

Corporation)
BHO: No Name - {87775fdb-6972-41f9-ae51-8326e38cb206} -  No File
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared

\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer

\skypeieplugin.dll (Skype Technologies S.A.)
BHO: NCH Toolbar - {c2db4fe6-8409-45ce-8010-189a7b5cce86} - C:\Users\Vincent\AppData\LocalLow\NCH\prxtbNC0.dll (ClientConnect

Ltd.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle

Corporation)
BHO: DVDVideoSoft IE Extension - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files\Common Files\DVDVideoSoft\bin

\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
BHO: YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE

\4.6\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
Toolbar: HKLM - YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader

Toolbar\IE\4.6\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM - NCH EN Toolbar - {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Users\Vincent\AppData\LocalLow\NCH_EN\prxtbNCH_.dll

(ClientConnect Ltd.)
Toolbar: HKLM - NCH Toolbar - {c2db4fe6-8409-45ce-8010-189a7b5cce86} - C:\Users\Vincent\AppData\LocalLow\NCH\prxtbNC0.dll

(ClientConnect Ltd.)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - NCH EN Toolbar - {37483B40-C254-4A72-BDA4-22EE90182C1E} - C:\Users\Vincent\AppData\LocalLow\NCH_EN\prxtbNCH_.dll

(ClientConnect Ltd.)
Toolbar: HKCU - No Name - {87775FDB-6972-41F9-AE51-8326E38CB206} -  No File
Toolbar: HKCU - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKCU - No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} -  No File
Toolbar: HKCU - No Name - {4F524A2D-5637-006A-76A7-7A786E7484D7} -  No File
Toolbar: HKCU - NCH Toolbar - {C2DB4FE6-8409-45CE-8010-189A7B5CCE86} - C:\Users\Vincent\AppData\LocalLow\NCH\prxtbNC0.dll

(ClientConnect Ltd.)
Toolbar: HKCU - No Name - {4F524A2D-5637-4300-76A7-7A786E7484D7} -  No File
DPF: {2AB1C516-6654-4D3A-B3D6-2185BBCEB409} https://vpnua1.uantwerpen.be/+CSCOL+/csvrloader32.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL No File
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval

\MSITSS.DLL (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer

\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype

Technologies)
Winsock: Catalog5 10 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{CA98404E-D0F5-464B-B6C6-9C4C40F985DD}: [NameServer]8.8.8.8,8.8.4.4

FireFox:
========
FF ProfilePath: C:\Users\Vincent\AppData\Roaming\Mozilla\Firefox\Profiles\591fo89s.default
FF NewTab: chrome://quick_start/content/index.html
FF DefaultSearchEngine: webssearches
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: webssearches
FF Homepage: hxxp://istart.webssearches.com/?type=hp&ts=1403635565&from=slbnew&uid=TOSHIBAXMK5055GSX_491JT0JATXX491JT0JAT
FF Keyword.URL: hxxp://www.google.com/search?rls=org.mozilla:en-US:official&client=firefox-a&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft

Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.3 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin: @videolan.org/vlc;version=0.8.6h - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN Team)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\bolcom-nl.xml
FF Extension: Flash Video Downloader - Full HD Download - C:\Users\Vincent\AppData\Roaming\Mozilla\Firefox\Profiles

\591fo89s.default\Extensions\artur.dubovoy@gmail.com [2014-05-17]
FF Extension: Fast Start - C:\Users\Vincent\AppData\Roaming\Mozilla\Firefox\Profiles\591fo89s.default\Extensions

\faststartff@gmail.com [2014-06-24]
FF Extension: NCH  - C:\Users\Vincent\AppData\Roaming\Mozilla\Firefox\Profiles\591fo89s.default\Extensions\{c2db4fe6-8409-45ce-

8010-189a7b5cce86} [2014-06-08]
FF Extension: MEGA EXTENSION - C:\Users\Vincent\AppData\Roaming\Mozilla\Firefox\Profiles\591fo89s.default\Extensions

\firefox@mega.co.nz.xpi [2014-06-24]
FF Extension: FTdownloader V4.0 - C:\Users\Vincent\AppData\Roaming\Mozilla\Firefox\Profiles\591fo89s.default\Extensions

\ftdownloader4@ftdownloader.com.xpi [2013-05-28]
FF Extension: Test Pilot - C:\Users\Vincent\AppData\Roaming\Mozilla\Firefox\Profiles\591fo89s.default\Extensions

\testpilot@labs.mozilla.com.xpi [2012-04-29]
FF Extension: Adblock Plus - C:\Users\Vincent\AppData\Roaming\Mozilla\Firefox\Profiles\591fo89s.default\Extensions\{d10d0bf8-

f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-25]
FF Extension: User Agent Switcher - C:\Users\Vincent\AppData\Roaming\Mozilla\Firefox\Profiles\591fo89s.default\Extensions

\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi [2011-10-08]
FF HKLM\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff [2013-11-11]
FF HKLM\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\Vincent\AppData\Roaming\Mozilla\Firefox\Profiles

\591fo89s.default\extensions\faststartff@gmail.com
FF Extension: Fast Start - C:\Users\Vincent\AppData\Roaming\Mozilla\Firefox\Profiles\591fo89s.default\extensions

\faststartff@gmail.com [2014-06-24]
FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff [2013-11-11]

Chrome:
=======
CHR HomePage: hxxp://www.search.ask.com/?l=dis&o=APN10113&gct=hp
CHR DefaultSearchKeyword: ask.com
CHR DefaultSearchProvider: ask
CHR DefaultSearchURL: http://websearch.ask.com/redirect?client=cr&src=kw&tb=NCH2&o=APN10113&locale=nl_EU&apn_uid=&apn_ptnrs=

%5EA5O&apn_sauid=&apn_dtid=%5EYYYYYY%5EYY%5EBE&psv=&q={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\29.0.1547.76\PepperFlash\pepflashplayer.dll No File
CHR Extension: (Google Documenten) - C:\Users\Vincent\AppData\Local\Google\Chrome\User Data\Default\Extensions

\aohghmighlieiainnegkcijnfilokake [2013-02-19]
CHR Extension: (Google Drive) - C:\Users\Vincent\AppData\Local\Google\Chrome\User Data\Default\Extensions

\apdfllckaahabafndbhieahigkjlhalf [2013-02-19]
CHR Extension: (YouTube) - C:\Users\Vincent\AppData\Local\Google\Chrome\User Data\Default\Extensions

\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-02-19]
CHR Extension: (Google Zoeken) - C:\Users\Vincent\AppData\Local\Google\Chrome\User Data\Default\Extensions

\coobgpohoikkiipiblmjeljniedjpjpf [2013-02-19]
CHR Extension: (AVG Safe Search) - C:\Users\Vincent\AppData\Local\Google\Chrome\User Data\Default\Extensions

\jmfkcklnlgedgbglfkkgedjfmejoahla [2013-02-19]
CHR Extension: (Chrome In-App Payments service) - C:\Users\Vincent\AppData\Local\Google\Chrome\User Data\Default\Extensions

\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-29]
CHR Extension: (Gmail) - C:\Users\Vincent\AppData\Local\Google\Chrome\User Data\Default\Extensions

\pjkljhegncpnkpknbcohdijeoejaedia [2013-02-19]
CHR HKLM\...\Chrome\Extension: [aaaaojmikegpiepcfdkkjaplodkpfmlo] - C:\Users\Vincent\AppData\Local\APN\GoogleCRXs

\apnorjtoolbar.crx [2013-02-19]
CHR HKLM\...\Chrome\Extension: [bebnnlollpcjnfpkafhoclljaojgnfok] - C:\Program Files\FTDownloader.com\FTDownloader10.crx [2013-

02-19]

========================== Services (Whitelisted) =================

R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3644432 2014-05-13] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [292424 2014-05-13] (AVG Technologies CZ, s.r.o.)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360

2011-07-03] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360

2011-07-03] (Creative Labs) [File not signed]
S3 Creative Media Toolbox 6 Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [79360

2011-07-03] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files\Creative\Shared Files\CTAudSvc.exe [286720 2010-02-12] (Creative Technology Ltd) [File not

signed]
R2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1528616 2010-03-23] (Cisco Systems, Inc.)
S2 hasplms; C:\Windows\system32\hasplms.exe [1757696 2007-08-09] (Aladdin Knowledge Systems Ltd.) [File not signed]
R2 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe [704112 2014-05-08] (Cherished Technololgy LIMITED)
R2 IGBASVC; C:\Program Files\Acer Bio Protection\BASVC.exe [3450368 2009-09-05] (Egis Technology Inc.) [File not signed]
S3 JTVNCProxy_11.0; C:\Program Files\Freedom Scientific\JAWS\11.0\JTVNCProxy.exe [16152 2010-05-17] ()
R2 O2FLASH; C:\Windows\system32\DRIVERS\o2flash.exe [65536 2007-02-12] (O2Micro International)
R2 TBSrv; C:\Program Files\Tbccint\ToolbarService\ToolbarService.exe [350528 2014-04-10] (ClientConnect Ltd.)
S2 CltMngSvc; C:\PROGRA~1\SearchProtect\Main\bin\CltMngSvc.exe [X]

==================== Drivers (Whitelisted) ====================

R3 amdkmdag; C:\Windows\System32\DRIVERS\atipmdag.sys [5066752 2009-06-30] (ATI Technologies Inc.)
R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [122136 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [198936 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [149784 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [192280 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [237848 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [107288 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27416 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [210200 2014-05-13] (AVG Technologies CZ, s.r.o.)
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
R2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [308859 2010-03-23] (Cisco Systems, Inc.) [File not signed]
R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)
R2 FPSensor; C:\Windows\System32\Drivers\FPSensor.sys [29744 2011-04-21] (EgisTec)
R2 Freedom Scientific Kernel Manager; C:\Windows\system32\fsKMgr.dll [21864 2012-08-01] (Freedom Scientific BLV Group, LLC.)
R3 fsvidmir_service; C:\Windows\System32\DRIVERS\fsvidmir.sys [13672 2012-08-01] (Freedom Scientific BLV Group, LLC.)
R3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [57800 2009-10-22] (FTDI Ltd.)
R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] () [File not signed]
R3 intelkmd; C:\Windows\System32\DRIVERS\igdpmd32.sys [5915648 2009-06-30] (Intel Corporation)
S3 ksaud; C:\Windows\System32\drivers\ksaud.sys [1255168 2010-07-30] (Creative Technology Ltd.)
S3 nuvotoncir; C:\Windows\System32\DRIVERS\nuvotoncir.sys [44544 2009-06-24] (Nuvoton Technology Corporation) [File not signed]
R3 O2MDGRDR; C:\Windows\System32\DRIVERS\o2mdg.sys [58144 2009-05-07] (O2Micro )
R3 O2SDGRDR; C:\Windows\System32\DRIVERS\o2sdg.sys [41504 2009-05-07] (O2Micro )
S3 PowerBrl; C:\Windows\system32\Drivers\powerbrl.sys [14880 2010-05-17] (Freedom Scientific BLV Group, LLC.)
R3 winbondcir; C:\Windows\System32\DRIVERS\winbondcir.sys [43008 2007-03-28] (Winbond Electronics Corporation)
S2 6077757b; \??\C:\Windows\system32\drivers\regi.sys [X]
S2 aksfridge; \SystemRoot\system32\drivers\aksfridge.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-06-25 18:43 - 2014-06-25 18:44 - 00000000 ____D () C:\FRST
2014-06-25 11:45 - 2014-06-25 11:45 - 00000000 ____D () C:\Program Files\Adware-Removal-Tool
2014-06-25 00:07 - 2014-06-25 00:07 - 00000940 _____ () C:\Users\Vincent\Desktop\Perfect Uninstaller.lnk
2014-06-25 00:07 - 2014-06-25 00:07 - 00000042 _____ () C:\Windows\system32\AK083E209605E394C.lie
2014-06-24 20:46 - 2014-06-25 11:36 - 00000000 ____D () C:\Users\Vincent\AppData\Roaming\Advanced System Protector
2014-06-24 20:46 - 2014-06-25 11:36 - 00000000 ____D () C:\ProgramData\IePluginServices
2014-06-24 20:46 - 2014-06-25 11:36 - 00000000 ____D () C:\Program Files\SupTab
2014-06-24 20:46 - 2014-06-24 21:01 - 00000000 ____D () C:\ProgramData\WindowsProtectManger
2014-06-24 20:46 - 2014-06-24 20:46 - 00000000 ____D () C:\Users\Vincent\AppData\Roaming\SupTab
2014-06-24 20:33 - 2014-06-25 11:36 - 00000000 ____D () C:\Program Files\MP3 Normalizer
2014-06-24 20:33 - 2014-06-24 20:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP3 Normalizer
2014-06-24 20:33 - 2014-06-24 20:33 - 00000000 ____D () C:\Users\Vincent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs

\MP3 Normalizer
2014-06-24 18:46 - 2014-06-24 18:46 - 00001086 _____ () C:\Users\Vincent\Desktop\MidiTransform.exe.lnk
2014-06-22 20:23 - 2014-06-22 20:23 - 00141070 _____ () C:\Users\Vincent\Vibraphone.sf2
2014-06-21 22:40 - 2014-06-21 22:40 - 00000000 ____D () C:\Users\Vincent\Downloads\titanic
2014-06-21 12:53 - 2014-06-24 18:50 - 00000000 ____D () C:\Users\Vincent\Downloads\edited midis
2014-06-21 12:42 - 2014-06-21 12:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MidiTransform-full
2014-06-21 12:42 - 2014-06-21 12:42 - 00000000 ____D () C:\Program Files\MidiTransform-full
2014-06-20 19:39 - 2014-06-23 17:51 - 00000000 ____D () C:\Users\Vincent\Downloads\Ramin Djawadi - Game of Thrones [Music From

Game of Thrones] Season 1-3 (2011-2013)
2014-06-18 14:44 - 2014-06-18 14:44 - 00000000 ____T () C:\Users\Vincent\MOUNTAINPEOPLE2.prn
2014-06-18 14:38 - 2014-06-18 14:38 - 00000000 ____T () C:\Users\Vincent\MOUNTAINPEOPLE1.prn
2014-06-17 19:55 - 2014-06-17 19:55 - 00001199 _____ () C:\Users\Vincent\Desktop\Configure VirtualMIDISynth.lnk
2014-06-17 18:33 - 2014-06-21 12:42 - 00000000 ____D () C:\ProgramData\InstallMate
2014-06-17 18:33 - 2014-06-17 18:34 - 00000000 ____D () C:\Users\Vincent\AppData\Roaming\MIDItransform_prefs
2014-06-17 18:33 - 2014-06-17 18:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MidiTransform-demo
2014-06-17 18:33 - 2014-06-17 18:33 - 00000000 ____D () C:\Program Files\MidiTransform-demo
2014-06-16 13:47 - 2014-06-16 15:39 - 00000000 ____D () C:\My PDF
2014-06-16 13:43 - 2014-06-16 13:43 - 00000000 ____D () C:\Users\Vincent\AppData\Roaming\Smart PDF Converter Pro.INI
2014-06-16 13:42 - 2014-06-16 13:44 - 00000000 ____D () C:\Program Files\Smart PDF Converter Pro
2014-06-16 13:42 - 2014-06-16 13:42 - 00000000 ____D () C:\Users\Vincent\AppData\Roaming\Smart PDF Converter Pro
2014-06-16 13:35 - 2014-06-16 13:35 - 00000000 ____D () C:\ProgramData\ScanSoft
2014-06-16 13:28 - 2014-06-16 13:36 - 00000000 ____D () C:\Users\Vincent\AppData\Roaming\Zeon
2014-06-16 13:26 - 2014-06-16 13:26 - 00000000 ____D () C:\ProgramData\Zeon
2014-06-16 12:05 - 2014-06-16 16:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visiv
2014-06-12 21:53 - 2014-06-22 21:27 - 00000000 ____D () C:\Users\Vincent\superthree
2014-06-12 18:09 - 2014-06-11 14:38 - 00000000 ____D () C:\Users\Vincent\Downloads\brahms dances
2014-06-12 08:38 - 2014-05-28 01:49 - 00981504 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-12 08:38 - 2014-05-28 01:48 - 10992128 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-12 08:38 - 2014-05-28 01:48 - 06043136 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-12 08:38 - 2014-05-28 01:48 - 02078208 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-12 08:38 - 2014-05-28 01:48 - 01234432 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-12 08:38 - 2014-05-28 01:48 - 00627712 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-12 08:38 - 2014-05-28 01:48 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-12 08:38 - 2014-05-28 01:48 - 00132096 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-06-12 08:38 - 2014-05-28 01:48 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-12 08:38 - 2014-05-28 01:48 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-06-12 08:38 - 2014-05-28 01:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-12 08:38 - 2014-05-28 01:46 - 01466368 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-12 08:38 - 2014-05-28 01:46 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-12 08:38 - 2014-05-28 01:46 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-06-12 08:38 - 2014-05-28 01:46 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-06-12 08:38 - 2014-05-27 22:40 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-12 08:38 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-12 08:38 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-12 08:38 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-12 08:38 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-12 08:37 - 2014-06-08 10:48 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-12 08:37 - 2014-06-08 10:43 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-12 08:37 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-12 08:37 - 2014-04-05 04:25 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-12 08:37 - 2014-04-05 04:24 - 00187840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-11 19:52 - 2014-05-08 11:06 - 02742784 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-06-11 19:52 - 2014-05-08 11:06 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-06-10 16:39 - 2014-06-10 16:39 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-06-08 15:10 - 2014-06-21 11:58 - 00000000 ____D () C:\Users\Vincent\uni
2014-06-02 22:34 - 2014-06-02 22:34 - 00000000 ____D () C:\Users\Vincent\Downloads\NCH WavePad Sound Editor Master's Edition 4.40

Dark4m
2014-06-02 21:25 - 2014-06-02 21:25 - 00000000 ____D () C:\Program Files\NCH
2014-06-02 21:25 - 2014-06-02 21:25 - 00000000 ____D () C:\Program Files\Conduit
2014-06-02 18:55 - 2014-06-02 18:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WavePad
2014-06-02 18:10 - 2014-06-02 18:10 - 00000000 ____D () C:\Users\Vincent\AppData\Roaming\AVS4YOU
2014-05-31 23:08 - 2014-06-02 22:48 - 00000000 ____D () C:\Users\Vincent\Downloads\Practical Magic 47 Silvestri
2014-05-31 23:08 - 2013-06-06 02:49 - 00000000 ____D () C:\Users\Vincent\Downloads\Practical Magic Newman demos
2014-05-31 23:07 - 2013-06-06 01:48 - 00000000 ____D () C:\Users\Vincent\Downloads\Practical Magic 25 Nyman

==================== One Month Modified Files and Folders =======

2014-06-25 18:44 - 2014-06-25 18:43 - 00000000 ____D () C:\FRST
2014-06-25 18:40 - 2011-04-20 20:08 - 00000000 ____D () C:\ProgramData\MFAData
2014-06-25 18:22 - 2011-04-20 12:10 - 01825404 _____ () C:\Windows\WindowsUpdate.log
2014-06-25 18:21 - 2012-06-27 10:23 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-25 17:29 - 2009-07-14 06:39 - 00594739 _____ () C:\Windows\setupact.log
2014-06-25 12:52 - 2011-05-12 16:28 - 00000000 ____D () C:\Users\Vincent\AppData\Roaming\Skype
2014-06-25 11:46 - 2009-07-14 06:34 - 00019520 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-

A289-439d-8115-601632D005A0
2014-06-25 11:46 - 2009-07-14 06:34 - 00019520 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-

A289-439d-8115-601632D005A0
2014-06-25 11:45 - 2014-06-25 11:45 - 00000000 ____D () C:\Program Files\Adware-Removal-Tool
2014-06-25 11:39 - 2009-07-14 06:52 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-06-25 11:37 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-25 11:36 - 2014-06-24 20:46 - 00000000 ____D () C:\Users\Vincent\AppData\Roaming\Advanced System Protector
2014-06-25 11:36 - 2014-06-24 20:46 - 00000000 ____D () C:\ProgramData\IePluginServices
2014-06-25 11:36 - 2014-06-24 20:46 - 00000000 ____D () C:\Program Files\SupTab
2014-06-25 11:36 - 2014-06-24 20:33 - 00000000 ____D () C:\Program Files\MP3 Normalizer
2014-06-25 11:36 - 2014-04-30 16:22 - 00000000 ____D () C:\Windows\system32\VirtualMIDISynth
2014-06-25 11:36 - 2011-04-20 20:02 - 00000000 ____D () C:\Users\Vincent\AppData\Roaming\uTorrent
2014-06-25 11:36 - 2011-04-20 15:31 - 00000000 ____D () C:\Windows\system32\HJSMEM
2014-06-25 11:36 - 2011-04-20 12:30 - 00000000 ____D () C:\Users\Vincent
2014-06-25 11:36 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\registration
2014-06-25 00:07 - 2014-06-25 00:07 - 00000940 _____ () C:\Users\Vincent\Desktop\Perfect Uninstaller.lnk
2014-06-25 00:07 - 2014-06-25 00:07 - 00000042 _____ () C:\Windows\system32\AK083E209605E394C.lie
2014-06-24 22:39 - 2011-04-20 12:36 - 00323870 _____ () C:\Windows\PFRO.log
2014-06-24 22:36 - 2013-11-23 12:19 - 00000000 ____D () C:\ProgramData\AVG2014
2014-06-24 21:01 - 2014-06-24 20:46 - 00000000 ____D () C:\ProgramData\WindowsProtectManger
2014-06-24 20:58 - 2014-02-16 11:55 - 00000000 ____D () C:\Users\Vincent\AppData\Roaming\systweak
2014-06-24 20:58 - 2013-07-25 13:18 - 00000000 ____D () C:\Program Files\SubtitleCreator
2014-06-24 20:57 - 2011-04-20 21:57 - 00000000 ____D () C:\Program Files\NCH Software
2014-06-24 20:55 - 2011-08-14 22:15 - 00000000 ____D () C:\Users\Vincent\AppData\Local\MagicSoftware
2014-06-24 20:46 - 2014-06-24 20:46 - 00000000 ____D () C:\Users\Vincent\AppData\Roaming\SupTab
2014-06-24 20:46 - 2014-03-23 20:49 - 00001331 _____ () C:\Users\Vincent\Desktop\Mozilla Firefox.lnk
2014-06-24 20:46 - 2013-09-21 22:39 - 00001343 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-06-24 20:46 - 2011-05-12 16:01 - 00001609 _____ () C:\Users\Vincent\Desktop\Internet Explorer.lnk
2014-06-24 20:46 - 2011-04-20 12:31 - 00001639 _____ () C:\Users\Vincent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs

\Internet Explorer.lnk
2014-06-24 20:36 - 2014-06-24 20:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP3 Normalizer
2014-06-24 20:33 - 2014-06-24 20:33 - 00000000 ____D () C:\Users\Vincent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs

\MP3 Normalizer
2014-06-24 18:50 - 2014-06-21 12:53 - 00000000 ____D () C:\Users\Vincent\Downloads\edited midis
2014-06-24 18:46 - 2014-06-24 18:46 - 00001086 _____ () C:\Users\Vincent\Desktop\MidiTransform.exe.lnk
2014-06-24 00:12 - 2014-04-22 21:47 - 00000000 ____D () C:\Users\Vincent\Downloads\midi sound banks
2014-06-23 17:51 - 2014-06-20 19:39 - 00000000 ____D () C:\Users\Vincent\Downloads\Ramin Djawadi - Game of Thrones [Music From

Game of Thrones] Season 1-3 (2011-2013)
2014-06-23 11:13 - 2013-01-20 00:13 - 00005390 _____ () C:\Users\Vincent\my sessions.txt
2014-06-22 21:27 - 2014-06-12 21:53 - 00000000 ____D () C:\Users\Vincent\superthree
2014-06-22 21:25 - 2014-04-27 16:46 - 00000000 ____D () C:\Program Files\Viena
2014-06-22 21:25 - 2014-04-25 11:51 - 00000000 ____D () C:\Users\Vincent\AppData\Roaming\SynthFont
2014-06-22 20:23 - 2014-06-22 20:23 - 00141070 _____ () C:\Users\Vincent\Vibraphone.sf2
2014-06-21 23:57 - 2012-12-16 00:54 - 00001088 _____ () C:\Users\Vincent\config.ini
2014-06-21 22:40 - 2014-06-21 22:40 - 00000000 ____D () C:\Users\Vincent\Downloads\titanic
2014-06-21 22:20 - 2010-12-10 14:45 - 00287793 _____ () C:\Users\Vincent\dagboek.txt
2014-06-21 18:50 - 2010-12-10 15:21 - 00000000 ____D () C:\Users\Vincent\ondertitels
2014-06-21 12:53 - 2014-04-22 18:41 - 00000000 ____D () C:\Users\Vincent\Downloads\midis
2014-06-21 12:49 - 2014-05-01 14:37 - 00000000 ____D () C:\Users\Vincent\mocking bleep up2
2014-06-21 12:42 - 2014-06-21 12:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MidiTransform-full
2014-06-21 12:42 - 2014-06-21 12:42 - 00000000 ____D () C:\Program Files\MidiTransform-full
2014-06-21 12:42 - 2014-06-17 18:33 - 00000000 ____D () C:\ProgramData\InstallMate
2014-06-21 12:18 - 2010-12-10 15:20 - 00000000 ___RD () C:\Users\Vincent\Mijn muziek
2014-06-21 11:58 - 2014-06-08 15:10 - 00000000 ____D () C:\Users\Vincent\uni
2014-06-20 22:33 - 2010-12-10 15:21 - 00000000 ____D () C:\Users\Vincent\thuis
2014-06-20 17:17 - 2014-04-17 19:18 - 00000000 ____D () C:\Users\Vincent\Downloads\BAROQUE MASTERPIECES (60CD + CD-ROM) (2008)

(320)
2014-06-19 16:46 - 2014-01-07 00:10 - 00000000 ____D () C:\Users\Vincent\eye talk english
2014-06-19 10:39 - 2014-04-01 12:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-06-18 14:44 - 2014-06-18 14:44 - 00000000 ____T () C:\Users\Vincent\MOUNTAINPEOPLE2.prn
2014-06-18 14:38 - 2014-06-18 14:38 - 00000000 ____T () C:\Users\Vincent\MOUNTAINPEOPLE1.prn
2014-06-17 19:55 - 2014-06-17 19:55 - 00001199 _____ () C:\Users\Vincent\Desktop\Configure VirtualMIDISynth.lnk
2014-06-17 18:34 - 2014-06-17 18:33 - 00000000 ____D () C:\Users\Vincent\AppData\Roaming\MIDItransform_prefs
2014-06-17 18:33 - 2014-06-17 18:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MidiTransform-demo
2014-06-17 18:33 - 2014-06-17 18:33 - 00000000 ____D () C:\Program Files\MidiTransform-demo
2014-06-16 23:39 - 2011-09-15 19:02 - 00000000 ____D () C:\Users\Vincent\soundtracks harry potter
2014-06-16 16:34 - 2014-06-16 12:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visiv
2014-06-16 15:39 - 2014-06-16 13:47 - 00000000 ____D () C:\My PDF
2014-06-16 15:32 - 2011-06-16 11:23 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X .lnk
2014-06-16 13:44 - 2014-06-16 13:42 - 00000000 ____D () C:\Program Files\Smart PDF Converter Pro
2014-06-16 13:43 - 2014-06-16 13:43 - 00000000 ____D () C:\Users\Vincent\AppData\Roaming\Smart PDF Converter Pro.INI
2014-06-16 13:42 - 2014-06-16 13:42 - 00000000 ____D () C:\Users\Vincent\AppData\Roaming\Smart PDF Converter Pro
2014-06-16 13:42 - 2011-04-25 20:25 - 00000000 ____D () C:\Users\Vincent\AppData\Local\Adobe
2014-06-16 13:36 - 2014-06-16 13:28 - 00000000 ____D () C:\Users\Vincent\AppData\Roaming\Zeon
2014-06-16 13:36 - 2011-11-12 23:19 - 00000000 ____D () C:\Users\Vincent\AppData\Roaming\Nuance
2014-06-16 13:35 - 2014-06-16 13:35 - 00000000 ____D () C:\ProgramData\ScanSoft
2014-06-16 13:35 - 2011-11-12 23:19 - 00000000 ____D () C:\ProgramData\Nuance
2014-06-16 13:26 - 2014-06-16 13:26 - 00000000 ____D () C:\ProgramData\Zeon
2014-06-13 09:51 - 2014-05-07 00:20 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-12 15:01 - 2011-04-20 12:41 - 00782674 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-12 00:08 - 2013-07-14 15:20 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-12 00:04 - 2011-04-20 17:01 - 92708840 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-11 18:33 - 2013-01-27 16:07 - 00000769 _____ () C:\Users\Vincent\our wishes.txt
2014-06-11 14:59 - 2010-12-10 14:45 - 00012146 _____ () C:\Users\Vincent\SubRip.ini
2014-06-11 14:38 - 2014-06-12 18:09 - 00000000 ____D () C:\Users\Vincent\Downloads\brahms dances
2014-06-10 23:50 - 2013-05-12 21:15 - 00000000 ____D () C:\Users\Vincent\tagremover
2014-06-10 18:01 - 2014-05-11 14:18 - 00001111 _____ () C:\Users\Vincent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs

\SFPack.lnk
2014-06-10 16:39 - 2014-06-10 16:39 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-06-10 16:39 - 2011-05-12 16:27 - 00000000 ___RD () C:\Program Files\Skype
2014-06-10 16:39 - 2011-05-12 16:27 - 00000000 ____D () C:\ProgramData\Skype
2014-06-08 10:48 - 2014-06-12 08:37 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-08 10:43 - 2014-06-12 08:37 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-05 23:52 - 2012-04-06 16:57 - 00000000 ____D () C:\Users\Vincent\AppData\Roaming\foobar2000
2014-06-05 23:21 - 2014-01-22 18:58 - 00165823 _____ () C:\Users\Vincent\HARRY POTTER AND THE SORCERERS STONE.txt
2014-06-03 18:30 - 2011-04-20 21:40 - 00000000 ____D () C:\Users\Vincent\AppData\Roaming\NCH Swift Sound
2014-06-03 18:30 - 2011-04-20 21:40 - 00000000 ____D () C:\Program Files\NCH Swift Sound
2014-06-03 09:51 - 2009-07-14 06:33 - 00431336 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-06-02 22:48 - 2014-05-31 23:08 - 00000000 ____D () C:\Users\Vincent\Downloads\Practical Magic 47 Silvestri
2014-06-02 22:34 - 2014-06-02 22:34 - 00000000 ____D () C:\Users\Vincent\Downloads\NCH WavePad Sound Editor Master's Edition 4.40

Dark4m
2014-06-02 21:31 - 2011-04-21 21:46 - 00000000 ____D () C:\Users\Vincent\AppData\Local\Conduit
2014-06-02 21:25 - 2014-06-02 21:25 - 00000000 ____D () C:\Program Files\NCH
2014-06-02 21:25 - 2014-06-02 21:25 - 00000000 ____D () C:\Program Files\Conduit
2014-06-02 18:55 - 2014-06-02 18:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WavePad
2014-06-02 18:23 - 2011-05-29 19:14 - 00000000 ____D () C:\Program Files\Common Files\AVSMedia
2014-06-02 18:23 - 2011-05-29 19:14 - 00000000 ____D () C:\Program Files\AVS4YOU
2014-06-02 18:10 - 2014-06-02 18:10 - 00000000 ____D () C:\Users\Vincent\AppData\Roaming\AVS4YOU
2014-06-02 18:10 - 2011-04-20 14:30 - 00117280 _____ () C:\Users\Vincent\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-28 22:26 - 2011-04-23 13:31 - 03513856 ___SH () C:\Users\Vincent\Thumbs.db
2014-05-28 18:42 - 2011-05-13 13:18 - 00000000 ____D () C:\Program Files\Creative
2014-05-28 18:39 - 2011-05-13 13:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative
2014-05-28 18:34 - 2011-04-20 12:45 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-05-28 01:49 - 2014-06-12 08:38 - 00981504 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-28 01:48 - 2014-06-12 08:38 - 10992128 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-28 01:48 - 2014-06-12 08:38 - 06043136 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-28 01:48 - 2014-06-12 08:38 - 02078208 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-28 01:48 - 2014-06-12 08:38 - 01234432 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-28 01:48 - 2014-06-12 08:38 - 00627712 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-28 01:48 - 2014-06-12 08:38 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-28 01:48 - 2014-06-12 08:38 - 00132096 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-05-28 01:48 - 2014-06-12 08:38 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-28 01:48 - 2014-06-12 08:38 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-05-28 01:48 - 2014-06-12 08:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-28 01:46 - 2014-06-12 08:38 - 01466368 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-28 01:46 - 2014-06-12 08:38 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-28 01:46 - 2014-06-12 08:38 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-05-28 01:46 - 2014-06-12 08:38 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-05-27 22:40 - 2014-06-12 08:38 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

Files to move or delete:
====================
C:\Users\Vincent\lame_enc.dll
C:\Users\Vincent\PlayTime.exe
C:\Users\Vincent\SubRip.exe

Some content of TEMP:
====================
C:\Users\Vincent\AppData\Local\Temp\89844uninstall.exe
C:\Users\Vincent\AppData\Local\Temp\APNSetup.exe
C:\Users\Vincent\AppData\Local\Temp\avguidx.dll
C:\Users\Vincent\AppData\Local\Temp\ccittfax3.exe
C:\Users\Vincent\AppData\Local\Temp\csvrelay32.dll
C:\Users\Vincent\AppData\Local\Temp\csvrelay64.dll
C:\Users\Vincent\AppData\Local\Temp\DelayInst.exe
C:\Users\Vincent\AppData\Local\Temp\doxillionsetup.exe
C:\Users\Vincent\AppData\Local\Temp\ffmpeg15.exe
C:\Users\Vincent\AppData\Local\Temp\flacdec.exe
C:\Users\Vincent\AppData\Local\Temp\ginstall.dll
C:\Users\Vincent\AppData\Local\Temp\infozip2.exe
C:\Users\Vincent\AppData\Local\Temp\Installer.exe
C:\Users\Vincent\AppData\Local\Temp\installservice.exe
C:\Users\Vincent\AppData\Local\Temp\instructions.exe
C:\Users\Vincent\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Vincent\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Vincent\AppData\Local\Temp\littlecms.exe
C:\Users\Vincent\AppData\Local\Temp\MachineIdCreator.exe
C:\Users\Vincent\AppData\Local\Temp\n1s.exe
C:\Users\Vincent\AppData\Local\Temp\n2s.exe
C:\Users\Vincent\AppData\Local\Temp\nsf41F8.exe
C:\Users\Vincent\AppData\Local\Temp\nsk45C0.exe
C:\Users\Vincent\AppData\Local\Temp\nsu1C8B.exe
C:\Users\Vincent\AppData\Local\Temp\nsz2053.exe
C:\Users\Vincent\AppData\Local\Temp\oi_{D8395573-B555-445A-92E3-7F73CDE5731A}.exe
C:\Users\Vincent\AppData\Local\Temp\PCSpeedMaximizer.exe
C:\Users\Vincent\AppData\Local\Temp\proxy_vole1557638653399343657.dll
C:\Users\Vincent\AppData\Local\Temp\setup_somoto_fst_be_17.exe
C:\Users\Vincent\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Vincent\AppData\Local\Temp\SPSetup.exe
C:\Users\Vincent\AppData\Local\Temp\Sqlite3.dll
C:\Users\Vincent\AppData\Local\Temp\uninst.exe
C:\Users\Vincent\AppData\Local\Temp\uninstal.exe
C:\Users\Vincent\AppData\Local\Temp\UNINSTALL.EXE
C:\Users\Vincent\AppData\Local\Temp\utt82CA.tmp.exe
C:\Users\Vincent\AppData\Local\Temp\uttC356.tmp.exe
C:\Users\Vincent\AppData\Local\Temp\uttDFA8.tmp.exe
C:\Users\Vincent\AppData\Local\Temp\vpnclient_setup.exe
C:\Users\Vincent\AppData\Local\Temp\wavpackdec.exe
C:\Users\Vincent\AppData\Local\Temp\_is2566.exe
C:\Users\Vincent\AppData\Local\Temp\_is385E.exe
C:\Users\Vincent\AppData\Local\Temp\_isAE05.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-06-18 12:56

==================== End Of Log ============================

 

 

ADDITION.TXT

Additional scan result of Farbar Recovery Scan Tool (x86) Version:25-06-2014
Ran by Vincent at 2014-06-25 18:45:39
Running from C:\Users\Vincent\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B9P2O7YT
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

µTorrent (HKCU\...\uTorrent) (Version: 3.4.1.31395 - BitTorrent Inc.)
ABBYY FineReader 5.0 Sprint (HKLM\...\{D1696920-9794-4BBC-8A30-7A88763DE5A2}) (Version: 5.0.0.3881 - ABBYY Software House)
AC3Filter 2.4a (HKLM\...\AC3Filter_is1) (Version: 2.4a - Alexander Vigovsky)
Acer Bio Protection (HKLM\...\InstallShield_{E09664BB-BB08-45FA-87D1-33EAB0E017F5}) (Version: 6.2.56 - Egis Technology Inc.)
Acer Crystal Eye Webcam (HKLM\...\{7760D94E-B1B5-40A0-9AA0-ABF942108755}) (Version: 5.2.7.1 - Suyin Optronics Corp)
Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) - Nederlands (HKLM\...\{AC76BA86-7AD7-1043-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems

Incorporated)
AnalogX NetStat Live (HKLM\...\AnalogX NetStat Live) (Version:  - AnalogX)
Apple Application Support (HKLM\...\{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}) (Version: 2.1.7 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C23CD6DA-1958-43A5-ADD0-59396572E02E}) (Version: 3.4.1.2 - Apple Inc.)
Apple Software Update (HKLM\...\{C6579A65-9CAE-4B31-8B6B-3306E0630A66}) (Version: 2.1.3.127 - Apple Inc.)
ARIA Engine v1.6.6.9 (HKLM\...\ARIA Engine_is1) (Version: v1.6.6.9 - Plogue Art et Technologie, Inc)
ATI Catalyst Install Manager (HKLM\...\{571B8723-95A7-70CB-CF14-54D672F5070C}) (Version: 3.0.736.0 - ATI Technologies, Inc.)
Audacity 1.2.6 (HKLM\...\Audacity_is1) (Version:  - )
Auto Gordian Knot 2.55 (HKLM\...\AutoGK) (Version: 2.55 - len0x)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4592 - AVG Technologies)
AVG 2014 (Version: 14.0.3986 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4592 - AVG Technologies) Hidden
AVI/MPEG/RM/WMV Joiner 4.81 (HKLM\...\AVI MPEG RM WMV Joiner_is1) (Version:  - Boilsoft, Inc.)
AviSynth 2.5 (HKLM\...\AviSynth) (Version:  - )
Bolt PDF Printer (HKLM\...\BoltPDF) (Version: 1.19 - NCH Software)
Bonjour (HKLM\...\{C2E4B5BD-32DB-4817-A060-341AB17C3F90}) (Version: 2.0.5.0 - Apple Inc.)
Catalyst Control Center - Branding (Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (Version: 2009.0318.2141.37097 - ATI) Hidden
Catalyst Control Center Core Implementation (Version: 2009.0630.1718.29171 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (Version: 2009.0318.2141.37097 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (Version: 2009.0630.1718.29171 - ATI) Hidden
Catalyst Control Center Graphics Full New (Version: 2009.0318.2141.37097 - ATI) Hidden
Catalyst Control Center Graphics Full New (Version: 2009.0630.1718.29171 - ATI) Hidden
Catalyst Control Center Graphics Light (Version: 2009.0318.2141.37097 - ATI) Hidden
Catalyst Control Center Graphics Light (Version: 2009.0630.1718.29171 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (Version: 2009.0318.2141.37097 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (Version: 2009.0630.1718.29171 - ATI) Hidden
Catalyst Control Center InstallProxy (Version: 2009.0630.1718.29171 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (Version: 2009.0630.1718.29171 - ATI) Hidden
CCC Help Chinese Standard (Version: 2009.0630.1717.29171 - ATI) Hidden
CCC Help Chinese Traditional (Version: 2009.0630.1717.29171 - ATI) Hidden
CCC Help Czech (Version: 2009.0318.2140.37097 - ATI) Hidden
CCC Help Czech (Version: 2009.0630.1717.29171 - ATI) Hidden
CCC Help Danish (Version: 2009.0318.2140.37097 - ATI) Hidden
CCC Help Danish (Version: 2009.0630.1717.29171 - ATI) Hidden
CCC Help Dutch (Version: 2009.0630.1717.29171 - ATI) Hidden
CCC Help English (Version: 2009.0318.2140.37097 - ATI) Hidden
CCC Help English (Version: 2009.0630.1717.29171 - ATI) Hidden
CCC Help Finnish (Version: 2009.0318.2140.37097 - ATI) Hidden
CCC Help Finnish (Version: 2009.0630.1717.29171 - ATI) Hidden
CCC Help French (Version: 2009.0630.1717.29171 - ATI) Hidden
CCC Help German (Version: 2009.0318.2140.37097 - ATI) Hidden
CCC Help German (Version: 2009.0630.1717.29171 - ATI) Hidden
CCC Help Greek (Version: 2009.0318.2140.37097 - ATI) Hidden
CCC Help Greek (Version: 2009.0630.1717.29171 - ATI) Hidden
CCC Help Hungarian (Version: 2009.0630.1717.29171 - ATI) Hidden
CCC Help Italian (Version: 2009.0630.1717.29171 - ATI) Hidden
CCC Help Japanese (Version: 2009.0630.1717.29171 - ATI) Hidden
CCC Help Korean (Version: 2009.0630.1717.29171 - ATI) Hidden
CCC Help Norwegian (Version: 2009.0630.1717.29171 - ATI) Hidden
CCC Help Polish (Version: 2009.0630.1717.29171 - ATI) Hidden
CCC Help Portuguese (Version: 2009.0630.1717.29171 - ATI) Hidden
CCC Help Russian (Version: 2009.0630.1717.29171 - ATI) Hidden
CCC Help Spanish (Version: 2009.0318.2140.37097 - ATI) Hidden
CCC Help Spanish (Version: 2009.0630.1717.29171 - ATI) Hidden
CCC Help Swedish (Version: 2009.0630.1717.29171 - ATI) Hidden
CCC Help Thai (Version: 2009.0630.1717.29171 - ATI) Hidden
CCC Help Turkish (Version: 2009.0630.1717.29171 - ATI) Hidden
ccc-core-static (Version: 2009.0630.1718.29171 - Uw bedrijfsnaam) Hidden
ccc-utility (Version: 2009.0630.1718.29171 - ATI) Hidden
Cisco Systems VPN Client 5.0.07.0290 (HKLM\...\{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}) (Version: 5.0.6 - Cisco Systems, Inc.)
Compatibiliteitspakket voor het 2007 Microsoft Office system (HKLM\...\{90120000-0020-0413-0000-0000000FF1CE}) (Version:

12.0.6612.1000 - Microsoft Corporation)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 -

Microsoft Corporation)
ConvertXtoDVD 4.1.19.365 (HKLM\...\{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1) (Version: 4.1.19.365 - )
CoolSoft VirtualMIDISynth 1.9.0 (HKLM\...\CoolSoft VirtualMIDISynth) (Version: 1.9.0.0 - CoolSoft)
Creative Media Toolbox 6 (HKLM\...\{F1A14CB2-A048-45A6-AFDA-3571296E1D76}) (Version: 6.02 - Creative Technology Limited)
Creative Media Toolbox 6 (Shared Components) (HKLM\...\Uninstaller_B4736000_Creative Media Toolbox 6) (Version: 2.80.12 -

Creative Labs)
Creative System Information (HKLM\...\SysInfo) (Version: 1.10 - Creative Technology Limited)
Creative WaveStudio 7 (HKLM\...\WaveStudio 7) (Version: 7.12 - Creative Technology Limited)
Dolby Digital Live Pack (HKLM\...\Dolby Digital Live Pack) (Version: 3.01 - Creative Technology Limited)
Doxillion Document Converter (HKLM\...\Doxillion) (Version: 2.17 - NCH Software)
Driver Checker v2.7.4 (HKLM\...\Driver Checker_is1) (Version: 2.7.4 - driverchecker.com, Inc.)
DVD Audio Extractor 5.3.0 (HKLM\...\DVD Audio Extractor_is1) (Version:  - Computer Application Studio)
DVD Decrypter (Remove Only) (HKLM\...\DVD Decrypter) (Version:  - )
EchoSub (HKLM\...\EchoSub) (Version:  - )
ESDNOW Software Protection Technology v1.6.0 (HKLM\...\{76B97479-484D-46F1-AB16-F024CEA14D02}) (Version: 1.6.0 - ESDNOW)
Express Burn Disc Burning Software (HKLM\...\ExpressBurn) (Version:  - NCH Software)
Express Rip (HKLM\...\ExpressRip) (Version:  - NCH Software)
FileZilla Client 3.6.0.2 (HKLM\...\FileZilla Client) (Version: 3.6.0.2 - FileZilla Project)
Final Draft 7 (HKLM\...\{78D62D17-D970-42DA-B8CF-5E5576293B33}) (Version: 7.1.3.42 - Final Draft, Inc.)
Fingerprint Solution (Version: 6.1.56.0 - Egis Technology Inc.) Hidden
foobar2000 v1.2.9 (HKLM\...\foobar2000) (Version: 1.2.9 - Peter Pawlowski)
Free YouTube Download 3 version 3.0.12.804 (HKLM\...\Free YouTube Download 3_is1) (Version:  - DVDVideoSoft Limited.)
Free YouTube Download version 3.2.34.430 (HKLM\...\Free YouTube Download_is1) (Version: 3.2.34.430 - DVDVideoSoft Ltd.)
Freedom Scientific Braille (Version: 11.0.1007.0 - Freedom Scientific) Hidden
Freedom Scientific Document Server (Version: 10.19.2332.0 - Freedom Scientific) Hidden
Freedom Scientific Document Server (Version: 10.20.1175.0 - Freedom Scientific) Hidden
Freedom Scientific Document Server (Version: 11.0.1007.0 - Freedom Scientific) Hidden
Freedom Scientific Elevation (Version: 11.0.1007.0 - Freedom Scientific) Hidden
Freedom Scientific FSReader 2.0 (HKLM\...\FSReader2.0) (Version: 2.0.1051.0 - Freedom Scientific)
Freedom Scientific FSReader 2.0 (Version: 2.0.1051.0 - Freedom Scientific) Hidden
Freedom Scientific JAWS 11.0 (HKLM\...\JAWS11.0) (Version: 11.0.1447.400 - Freedom Scientific)
Freedom Scientific JAWS 11.0 (Version: 11.0.1447.400 - Freedom Scientific) Hidden
Freedom Scientific Ocr (HKLM\...\FSOcr) (Version: 12.0.089.0 - Freedom Scientific)
Freedom Scientific Ocr (Version: 12.0.089.0 - Freedom Scientific) Hidden
Freedom Scientific OmniPage (HKLM\...\FSOmniPage) (Version: 11.0.000.0 - Freedom Scientific)
Freedom Scientific OmniPage (Version: 11.0.000.0 - Freedom Scientific) Hidden
Freedom Scientific Synthesizer Eloquence (HKLM\...\{F4DA19E5-A560-4313-8623-3493DCE3C681}) (Version: 6.1.004 - Freedom

Scientific)
Freedom Scientific Talking Installer 11.0 (HKLM\...\{7BE5F2AE-7EF2-4DF1-B29E-2A0298ADA019}) (Version: 11.0.1447.400 - Freedom

Scientific)
Freedom Scientific Talking Installer 12.0 (HKLM\...\{06DE3C79-0F87-4ABD-BDC5-C11DC7BD795C}) (Version: 12.0.1161.400 - Freedom

Scientific)
Freedom Scientific Talking Installer 13.0 (HKLM\...\{570AC4FA-FA81-4E5D-AFB6-FCE6F9B70F45}) (Version: 13.0.1006.400 - Freedom

Scientific)
Freedom Scientific Utilities (Version: 11.0.1007.0 - Freedom Scientific) Hidden
Freedom Scientific Video Intercept (HKLM\...\FSVI) (Version: 11.0.1007.0 - Freedom Scientific)
Freedom Scientific Video Intercept (Version: 11.0.1007.0 - Freedom Scientific) Hidden
GTA San Andreas (HKLM\...\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}) (Version: 1.00.00001 - Rockstar Games)
Infovox Desktop 2.220 voices (HKLM\...\ID2220Voices) (Version:  - )
Intel® Control Center (HKLM\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.6.1001 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
InterVideo WinDVD 8 (HKLM\...\InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}) (Version: 8.0-B6.24 - InterVideo Inc.)
InterVideo WinDVD 8 (Version: 8.0-B6.24 - InterVideo Inc.) Hidden
Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java™ 7 Update 4 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217004F0}) (Version: 7.0.40 - Oracle)
JavaFX 2.1.0 (HKLM\...\{1111706F-666A-4037-7777-210328764D10}) (Version: 2.1.0 - Oracle Corporation)
Junk Mail filter update (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
K-Lite Codec Pack 8.8.9 (Full) (HKLM\...\KLiteCodecPack_is1) (Version: 8.8.9 - )
Kurzweil 1000 v.11 (HKLM\...\{A7AB0D8F-9F5C-463B-8A07-0A0DCEF0F5F9}) (Version: 11.00.0000 - Kurzweil Educational Systems)
Medieval CUE Splitter (HKLM\...\{B96D2269-568B-4CBF-9332-12FAE8B158F7}) (Version: 1.2.0 - Medieval Software)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft

Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE Redistributable (HKLM\...\{F2508213-9989-4E85-A078-72BE483917EF}) (Version: 3.5.88.0 -

Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft

Corporation)
Microsoft Office 2000 SR-1 Premium (HKLM\...\{00000409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.3821 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft

Corporation)
Microsoft Office Live Add-in 1.3 (HKLM\...\{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}) (Version: 2.0.2313.0 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft

Corporation)
Microsoft Office Outlook Connector (HKLM\...\{95140000-007A-0413-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft

Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft

Corporation)
Microsoft Search Enhancement Pack (Version: 1.2.123.0 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Text-to-Speech Engine 4.0 (English) (HKLM\...\MSTTS) (Version:  - )
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft

Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft

Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft

Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909})

(Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 -

Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version:

9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version:

9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version:

9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version:

10.0.40219 - Microsoft Corporation)
MIDI to WAV Converter 6.1 (HKLM\...\MIDI to WAV Converter_is1) (Version:  - MyMusicTools.com)
MidiTransform-demo  (HKLM\...\{C3BE84BD-B926-413F-AF9E-D1F5AC0218D7}) (Version:  - Skytopia)
MidiTransform-full  (HKLM\...\{AF8B2EE2-8D3A-44BB-BB63-7CA631A5B28B}) (Version:  - Skytopia)
Monkey's Audio (HKLM\...\Monkey's Audio_is1) (Version:  - )
Mozilla Firefox 29.0.1 (x86 nl) (HKLM\...\Mozilla Firefox 29.0.1 (x86 nl)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MP Manager (HKLM\...\{7C3085A2-30FD-4970-A3F6-132078C76941}) (Version: 1.0.5520 - MPMAN)
Mp3tag v2.39 (HKLM\...\Mp3tag) (Version: v2.39 - Florian Heidenreich)
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NCH EN Toolbar for IE (HKLM\...\IECT3282495) (Version: 6.20.0.10 - NCH EN)
NCH Toolbar for IE (HKLM\...\IECT3282502) (Version: 6.17.2.8 - NCH)
NextUp-Acapela Brightspeech Heather22 US English Voice (HKLM\...\{511ECAD8-3F08-4A16-A808-E20E5C44D93B}) (Version: 1.00.0000 -

NextUp Technologies, LLC)
NextUp-Acapela Elan Lucy22 UK English Voice (HKLM\...\{1D87A9A8-62B0-486D-BA10-69A1F8963F43}) (Version: 1.00.0000 - NextUp

Technologies, LLC)
O2Micro Flash Memory Card Windows Driver (HKLM\...\InstallShield_{4ED2A9E6-9C0A-4619-8A48-39DF5D38398D}) (Version: 2.0.08 -

O2Micro International LTD.)
O2Micro Flash Memory Card Windows Driver (Version: 2.0.08 - O2Micro International LTD.) Hidden
Perfect Uninstaller v6.3.3.9 (HKLM\...\Perfect Uninstaller_is1) (Version:  - www.PerfectUninstaller.net)
Plustek OpticBook 3600 (HKLM\...\{C043B8C1-E512-46AB-AEE2-009EBDEC0061}) (Version: 3.2.0 - )
Pocketwoordenboek Nederlands als tweede taal (HKLM\...\Pocketwoordenboek Nederlands als tweede taal) (Version:  - )
Presto! ImageFolio 4 (HKLM\...\{783033B0-D8E6-11D5-9293-0050BA073EEC}) (Version: 4.50.03 - NewSoft Technology Corporation)
Presto! PageManager 7.10 (HKLM\...\{99D5EF59-CF6F-4030-901B-4DDDB7F99403}) (Version: 7.10.03 - NewSoft Technology Corporation)
Prism Video File Converter (HKLM\...\Prism) (Version:  - NCH Software)
PX Profile Update (Version: 1.00.1. - AMD) Hidden
QuickTime (HKLM\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.)
RealSpeak Europe V4 (HKLM\...\{BA450AC1-5940-41D2-9149-9893F7A8CDC4}) (Version: 1.00.0000 - Kurzweil Educational Systems)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek

Semiconductor Corp.)
Sentinel System Driver Installer 7.5.0 (HKLM\...\{FAEE61D3-2A5E-4F7F-926F-77AAC08CE4DD}) (Version: 7.5.0 - SafeNet, Inc.)
SF2 Splitter 1.1 (HKLM\...\SF2 Splitter 1.1_is1) (Version: SF2 Splitter 1.1 - Tsvetozar)
sfArk (HKLM\...\sfArk) (Version:  - )
SFPack (HKLM\...\Megota Software SFPack Uninstall) (Version:  - )
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.9.12585 - Skype Technologies S.A.)
Skype™ 6.16 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Sound Blaster X-Fi Surround 5.1 Pro (HKLM\...\{0A9DA353-D0CD-4922-A54B-2F5F4EC90986}) (Version: 1.0 - Creative Technology

Limited)
SubSync (HKLM\...\ST6UNST #1) (Version:  - )
Subtitle Workshop 2.51 (HKLM\...\SubtitleWorkshop) (Version:  - )
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.0.3 - Synaptics Incorporated)
TeamViewer 6 (HKLM\...\TeamViewer 6) (Version: 6.0.11117 - TeamViewer GmbH)
uTorrentBar_NL Toolbar (HKLM\...\uTorrentBar_NL Toolbar) (Version: 6.9.0.16 - uTorrentBar_NL) <==== ATTENTION
Van Dale (HKLM\...\{13A10027-B38A-4A3A-B1E1-1D6DAC4F5030}) (Version: 5.1.0 - Sensotec NV)
Van Dale Groot woordenboek der Nederlandse taal (HKLM\...\{3FD4D03B-E1AE-4EB7-90AC-A91638BFBF9E}) (Version: 01.03.0000 - Van Dale

Lexicografie bv)
Van Dale Groot woordenboek hedendaags Nederlands (HKLM\...\Van Dale Groot woordenboek hedendaags Nederlands) (Version:  - )
Van Dale Groot woordenboek van de Nederlandse taal 14 (HKLM\...\vdegwn.exe) (Version:  - )
Van Dale Grote woordenboeken Duits (HKLM\...\Van Dale Grote woordenboeken Duits) (Version:  - )
Van Dale Grote woordenboeken Engels (HKLM\...\Van Dale Grote woordenboeken Engels) (Version:  - )
Van Dale Grote woordenboeken Frans (HKLM\...\Van Dale Grote woordenboeken Frans) (Version:  - )
Van Dale Grote woordenboeken Spaans (HKLM\...\Van Dale Grote woordenboeken Spaans) (Version:  - )
Van Dale pocketwoordenboeken (HKLM\...\Van Dale pocketwoordenboeken) (Version:  - )
VideoLAN VLC media player 0.8.6h (HKLM\...\VLC media player) (Version: 0.8.6h - VideoLAN Team)
VideoPad Video Editor (HKLM\...\VideoPad) (Version:  - NCH Software)
Viena (HKLM\...\Viena) (Version:  - )
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies

CZ, s.r.o.)
VobSub v2.23 (Remove Only) (HKLM\...\VobSub) (Version:  - )
VT-Bridget-M16-SAPI5 (HKLM\...\{C4367E67-52FE-45C6-889C-F48CE7883CA8}) (Version: 3.11.1.0 - VW)
WavePad Sound Editor (HKLM\...\WavePad) (Version:  - NCH Software)
Windows Live Call (Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Communications Platform (Version: 14.0.8098.930 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft

Corporation)
Windows Live Mail (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM\...\{C32CE55C-12BA-4951-8797-0967FDEF556F})

(Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2

- Microsoft Corporation)
Windows Live Messenger (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinRAR 4.00 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
XviD MPEG4 Video Codec (remove only) (HKLM\...\XviD MPEG4 Video Codec) (Version:  - )
Xvid Video Codec (HKLM\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)
YouTube Downloader Toolbar v4.6 (HKLM\...\{72A7495B-18CD-4751-AC38-5DBED9C6B1E7}) (Version: 4.6 - Spigot, Inc.) <==== ATTENTION

==================== Restore Points  =========================

14-05-2014 11:09:34 Scheduled Checkpoint
15-05-2014 22:06:17 Windows Update
23-05-2014 10:26:24 Scheduled Checkpoint
28-05-2014 16:35:03 Geïnstalleerd Creative Vienna SoundFont Studio
28-05-2014 16:39:22 Verwijderd Creative Vienna SoundFont Studio
05-06-2014 17:59:16 Scheduled Checkpoint
11-06-2014 22:03:25 Windows Update
12-06-2014 22:48:16 Windows Update
16-06-2014 11:22:14 Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
16-06-2014 11:25:40 Installed Nuance PDF Converter Enterprise 7.
16-06-2014 11:34:27 Removed Nuance PDF Converter Enterprise 7.
17-06-2014 08:31:08 Installed RealSpeak Europe V4.
24-06-2014 11:44:08 Scheduled Checkpoint
24-06-2014 18:55:57 Removed MP Manager
25-06-2014 09:29:51 Restore Operation

==================== Hosts content: ==========================

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {02CC1555-614E-49AA-BDE7-EDF0BDCDFC73} - System32\Tasks\NCH Swift Sound\expressburnShakeIcon => C:\Program Files\NCH Swift

Sound\ExpressBurn\ExpressBurn.exe [2013-12-22] (NCH Software)
Task: {2AF48614-FAD9-4F73-A2B3-C2005F68C169} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe
Task: {54297C28-20B7-4413-90AC-E3AD07573ECB} - System32\Tasks\{332AA60F-A75B-4670-8767-DF21BEF1F51E} => C:\Program Files\Skype\

\Phone\Skype.exe [2014-05-08] (Skype Technologies S.A.)
Task: {5FA8B167-1E47-4925-B4CF-84886DB622AC} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software

Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {66046747-5854-4AFB-B572-DD5FC038D0F1} - System32\Tasks\Advanced System Protector => C:\Program Files\RegClean Pro

\SystweakASP.exe <==== ATTENTION
Task: {66C552D6-E285-45B2-8083-568C25F96D93} - System32\Tasks\NCH Software\expressripShakeIcon => C:\Program Files\NCH Software

\ExpressRip\ExpressRip.exe [2013-07-08] (NCH Software)
Task: {6D07F6BE-CADE-43D7-9162-EB63CD16F6D0} - System32\Tasks\NCH Swift Sound\wavepadShakeIcon => C:\Program Files\NCH Swift

Sound\WavePad\WavePad.exe [2014-06-03] (NCH Software)
Task: {88C8C284-5850-491E-862C-7637CF6E6BE8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash

\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated)
Task: {8C6898EF-B963-46C1-9445-DCB183040822} - System32\Tasks\4908 => Wscript.exe C:\Users\Vincent\AppData\Local\Temp

\launchie.vbs //B <==== ATTENTION
Task: {C217E7DC-EBC7-4175-B3EB-B8402AD59851} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
Task: {DDAEB20D-ACE5-4655-AE13-A720DE4EAB6D} - System32\Tasks\Express Files Updater => C:\Program Files\ExpressFiles

\EFupdater.exe <==== ATTENTION
Task: {FBC04457-0881-48FD-AAAB-5551962483DB} - System32\Tasks\{8D5038F1-51F6-4ECB-9E9E-E0D724DAE425} => Iexplore.exe

http://ui.skype.com/ui/0/6.1.0.129.272/en/abandoninstall?page=tsProgressBar
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2010-03-23 13:26 - 2010-03-23 13:26 - 00201512 _____ () C:\Windows\system32\vpnapi.dll
2012-11-29 23:59 - 2012-11-29 23:59 - 00093696 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2010-05-17 11:25 - 2010-05-17 11:25 - 00228632 _____ () C:\Program Files\Freedom Scientific\Shared\FsDomSrv\2.0\FSDomNodeUIA.DLL
2011-04-20 12:45 - 2009-12-23 17:32 - 00058880 _____ () C:\Program Files\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2011-04-21 20:26 - 2008-07-29 19:29 - 00200704 _____ () C:\Windows\PLFSetI.exe
2011-07-03 14:17 - 2009-12-29 16:50 - 00073728 _____ () C:\Windows\SYSTEM32\CmdRtr.DLL
2011-07-03 14:17 - 2010-07-22 16:45 - 00181760 _____ () C:\Windows\SYSTEM32\APOMngr.DLL
2012-06-01 19:00 - 2006-09-20 08:35 - 00020480 _____ () C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe
2010-05-17 11:30 - 2010-05-17 11:30 - 00240408 _____ () C:\Program Files\Freedom Scientific\JAWS\11.0\FileFinderJAWS.DLL
2010-05-17 11:30 - 2010-05-17 11:30 - 00274712 _____ () C:\Program Files\Freedom Scientific\JAWS\11.0\FileFinderBase.DLL
2012-08-01 12:42 - 2012-08-01 12:42 - 00141704 _____ () C:\Program Files\Freedom Scientific\Shared\Braille\10.12\FsBraille.dll
2010-05-17 11:24 - 2010-05-17 11:24 - 00453400 _____ () C:\Program Files\Freedom Scientific\Shared\FsDomSrv\2.0\FsDomSrv.dll
2012-06-07 23:03 - 2012-06-07 05:57 - 01099264 _____ () C:\Windows\system32\ac3filter.acm
2012-06-01 19:00 - 2006-10-30 16:59 - 00024576 _____ () C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe
2012-06-01 18:54 - 2007-05-30 16:48 - 00167936 _____ () C:\Program Files\Common Files\iMpacct\ControlFunc.dll
2012-06-01 18:54 - 2006-05-15 15:24 - 00122938 _____ () C:\Program Files\Common Files\iMpacct\CommonFunc.dll
2012-06-01 18:54 - 2006-11-30 10:58 - 00061440 _____ () C:\Program Files\Plustek\OpticBook 3600\TWAINAPP.DLL
2012-06-01 18:54 - 2007-10-18 11:53 - 00299008 _____ () C:\Program Files\Plustek\OpticBook 3600\ScanAPI.dll
2012-06-01 18:54 - 2005-09-21 14:37 - 00077824 _____ () C:\Program Files\Plustek\OpticBook 3600\File Utility.dll
2012-06-01 18:54 - 2005-09-21 14:38 - 00077824 _____ () C:\Program Files\Plustek\OpticBook 3600\Scan Utility.dll
2012-06-01 18:54 - 2005-09-21 14:37 - 00081920 _____ () C:\Program Files\Plustek\OpticBook 3600\Email Utility.dll
2012-06-01 18:54 - 2005-09-21 14:38 - 00081920 _____ () C:\Program Files\Plustek\OpticBook 3600\Web Utility.dll
2012-06-01 18:54 - 2005-09-21 14:37 - 00073728 _____ () C:\Program Files\Plustek\OpticBook 3600\Copy Utility.dll
2012-06-01 18:54 - 2005-09-21 14:36 - 00061440 _____ () C:\Program Files\Plustek\OpticBook 3600\PrnDriver.dll
2012-06-01 18:54 - 2005-09-21 14:37 - 00069632 _____ () C:\Program Files\Plustek\OpticBook 3600\Fax Utility.dll
2012-06-01 18:54 - 2005-09-21 14:38 - 00065536 _____ () C:\Program Files\Plustek\OpticBook 3600\OCR Utility.dll
2012-06-01 18:54 - 2005-09-21 14:49 - 00045056 _____ () C:\Program Files\Plustek\OpticBook 3600\FineReader.dll
2012-06-01 18:54 - 2007-06-04 17:57 - 00036864 _____ () C:\Program Files\Plustek\OpticBook 3600\MaxReader.dll
2012-06-01 18:54 - 2004-01-07 13:47 - 00045056 _____ () C:\Program Files\Plustek\OpticBook 3600\FzOCR.dll
2012-06-01 18:54 - 2004-01-07 13:47 - 00045056 _____ () C:\Program Files\Plustek\OpticBook 3600\PenPower.dll
2012-06-01 18:54 - 2005-09-21 14:37 - 00065536 _____ () C:\Program Files\Plustek\OpticBook 3600\BCR Utility.dll
2012-06-01 18:54 - 2005-09-21 14:38 - 00090112 _____ () C:\Program Files\Plustek\OpticBook 3600\Wallpaper.dll
2012-06-01 18:54 - 2005-09-21 14:38 - 00069632 _____ () C:\Program Files\Plustek\OpticBook 3600\Negative Utility.dll
2012-06-01 18:54 - 2005-09-21 14:38 - 00069632 _____ () C:\Program Files\Plustek\OpticBook 3600\Positive Utility.dll
2012-06-01 18:54 - 2005-09-21 14:38 - 00045056 _____ () C:\Program Files\Plustek\OpticBook 3600\Power Save.dll
2012-06-01 18:54 - 2005-09-21 14:37 - 00045056 _____ () C:\Program Files\Plustek\OpticBook 3600\Button Config.dll
2010-05-17 11:25 - 2010-05-17 11:25 - 00006144 _____ () C:\Program Files\Freedom Scientific\Shared\FsDomSrv\2.0\FSDomSrv.enu
2010-05-17 11:24 - 2010-05-17 11:24 - 00348952 _____ () C:\Program Files\Freedom Scientific\Shared\FsDomSrv\2.0\FSDomNodeIE.DLL
2010-05-17 11:24 - 2010-05-17 11:24 - 00086296 _____ () C:\Program Files\Freedom Scientific\Shared\FsDomSrv\2.0\FSDomNodeMSAA.DLL

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:AD022376

==================== Safe Mode (whitelisted) ===================

==================== EXE Association (whitelisted) =============

==================== MSCONFIG/TASK MANAGER disabled items =========

==================== Faulty Device Manager Devices =============

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Cisco Systems VPN Adapter
Description: Cisco Systems VPN Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the

instructions.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: 6077757b
Description: 6077757b
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: 6077757b
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: aksfridge
Description: aksfridge
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: aksfridge
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: High Definition Audio Device
Description: High Definition Audio Device
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: HdAudAddService
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the

instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (06/25/2014 11:40:19 AM) (Source: System Restore) (EventID: 8210) (User: )
Description: An unspecified error occurred during System Restore: (Scheduled Checkpoint). Additional information: 0x80070005.

Error: (06/23/2014 09:57:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: helppane.exe, version: 6.1.7600.16385, time stamp: 0x4a5bcd83
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x008eaed8
Faulting process id: 0xb50
Faulting application start time: 0xhelppane.exe0
Faulting application path: helppane.exe1
Faulting module path: helppane.exe2
Report Id: helppane.exe3

Error: (06/23/2014 00:22:19 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (06/23/2014 00:20:27 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-

Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-

Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could

not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (06/23/2014 00:20:26 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-

Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-

Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could

not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (06/23/2014 00:20:26 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-

Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-

Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could

not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (06/22/2014 07:11:29 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (06/22/2014 07:08:43 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-

Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-

Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could

not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (06/22/2014 07:08:41 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-

Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-

Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could

not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (06/22/2014 07:08:41 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-

Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-

Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could

not be found.
Please use sxstrace.exe for detailed diagnosis.

System errors:
=============
Error: (06/25/2014 11:38:35 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Search Protect by Conduit Service service failed to start due to the following error:
%%2

Error: (06/25/2014 11:38:32 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HASP License Manager service failed to start due to the following error:
%%1053

Error: (06/25/2014 11:38:32 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the HASP License Manager service to connect.

Error: (06/25/2014 11:37:58 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The aksfridge service failed to start due to the following error:
%%2

Error: (06/25/2014 11:37:58 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The 6077757b service failed to start due to the following error:
%%2

Error: (06/25/2014 11:10:09 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Search Protect by Conduit Service service failed to start due to the following error:
%%2

Error: (06/25/2014 11:09:58 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The aksfridge service failed to start due to the following error:
%%2

Error: (06/25/2014 11:09:58 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The 6077757b service failed to start due to the following error:
%%2

Error: (06/25/2014 11:05:33 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Search Protect by Conduit Service service failed to start due to the following error:
%%2

Error: (06/25/2014 11:05:28 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HASP License Manager service failed to start due to the following error:
%%1053

Microsoft Office Sessions:
=========================
Error: (06/25/2014 11:40:19 AM) (Source: System Restore) (EventID: 8210) (User: )
Description: Scheduled Checkpoint0x80070005

Error: (06/23/2014 09:57:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: helppane.exe6.1.7600.163854a5bcd83unknown0.0.0.000000000c0000005008eaed8b5001cf8f1d6bceb459C:\Windows

\helppane.exeunknownab01049d-fb10-11e3-93c9-00242cebf602

Error: (06/23/2014 00:22:19 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: c:\program files\microsoft\search enhancement pack\search helper\searchhelper.dllc:\program files\microsoft\search

enhancement pack\search helper\searchhelper.dll2

Error: (06/23/2014 00:20:27 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-

Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:

\program files\driver checker\download\realtek_hd_audio for vista_vista64_win7_win7x64\Vista64\vncutil64.exe

Error: (06/23/2014 00:20:26 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-

Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:

\program files\driver checker\download\realtek_hd_audio for vista_vista64_win7_win7x64\Vista64\RAVCpl64.exe

Error: (06/23/2014 00:20:26 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-

Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:

\program files\driver checker\download\realtek_hd_audio for vista_vista64_win7_win7x64\Vista64\RAVBg64.exe

Error: (06/22/2014 07:11:29 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: c:\program files\microsoft\search enhancement pack\search helper\searchhelper.dllc:\program files\microsoft\search

enhancement pack\search helper\searchhelper.dll2

Error: (06/22/2014 07:08:43 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-

Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:

\program files\driver checker\download\realtek_hd_audio for vista_vista64_win7_win7x64\Vista64\vncutil64.exe

Error: (06/22/2014 07:08:41 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-

Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:

\program files\driver checker\download\realtek_hd_audio for vista_vista64_win7_win7x64\Vista64\RAVCpl64.exe

Error: (06/22/2014 07:08:41 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-

Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:

\program files\driver checker\download\realtek_hd_audio for vista_vista64_win7_win7x64\Vista64\RAVBg64.exe

CodeIntegrity Errors:
===================================
  Date: 2014-06-25 12:52:12.576
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows

\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-24 23:07:39.886
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows

\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-24 20:32:52.123
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows

\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-24 17:37:17.109
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows

\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-24 15:57:35.965
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows

\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-24 15:40:48.617
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows

\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-23 23:09:40.815
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows

\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-23 21:15:46.226
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows

\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-23 19:48:36.485
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows

\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-23 13:39:32.045
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows

\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Percentage of memory in use: 55%
Total physical RAM: 2972.86 MB
Available physical RAM: 1318.55 MB
Total Pagefile: 5944.02 MB
Available Pagefile: 4379.93 MB
Total Virtual: 2047.88 MB
Available Virtual: 1855.13 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:450.3 GB) (Free:153.72 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 7E433A1F)
Partition 1: (Not Active) - (Size=12 GB) - (Type=27)
Partition 2: (Active) - (Size=450 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=3 GB) - (Type=12)

==================== End Of Log ============================



#5 bollemanneke

bollemanneke
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:58 AM

Posted 25 June 2014 - 03:29 PM

Okay, here is the last batch of results:

 

aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software
Run date: 2014-06-25 21:00:33
-----------------------------
21:00:33.926    OS Version: Windows 6.1.7601 Service Pack 1
21:00:33.926    Number of processors: 4 586 0x170A
21:00:33.926    ComputerName: VINCENT-PC  UserName: Vincent
21:00:37.388    Initialize success
21:00:37.468    VM: initialized successfully
21:00:37.478    VM: Intel CPU supported
21:00:47.879    VM: disk I/O iaStor.sys
21:02:09.525    AVAST engine defs: 14062500
21:02:55.599    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:02:55.599    Disk 0 Vendor: TOSHIBA_ FG00 Size: 476940MB BusType: 3
21:02:55.769    Disk 0 MBR read successfully
21:02:55.779    Disk 0 MBR scan
21:02:55.779    Disk 0 Windows 7 default MBR code
21:02:55.799    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS        12288 MB offset 2048
21:02:55.819    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS       461107 MB offset 25167872
21:02:55.819    Disk 0 Boot: NTFS     code=2
21:02:55.859    Disk 0 Partition 3 00     12  Compaq diag NTFS         3543 MB offset 969515008
21:02:55.889    Disk 0 scanning sectors +976771072
21:02:56.139    Disk 0 scanning C:\Windows\system32\drivers
21:03:10.861    Service scanning
21:04:13.748    Modules scanning
21:04:34.310    Disk 0 trace - called modules:
21:04:34.340    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll iaStor.sys
21:04:34.350    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x872ed1c0]
21:04:34.350    3 CLASSPNP.SYS[8bd8359e] -> nt!IofCallDriver -> [0x86459500]
21:04:34.360    5 ACPI.sys[8b6b23d4] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8646a028]
21:04:36.510    AVAST engine scan C:\Windows
21:04:42.631    AVAST engine scan C:\Windows\system32
21:10:00.727    AVAST engine scan C:\Windows\system32\drivers
21:10:20.189    AVAST engine scan C:\Users\Vincent
21:16:55.518    File: C:\Users\Vincent\AppData\Local\Temp\DFF82CB2-BAB0-7891-8816-B8DE74419256\MyBabylonTB.exe  **INFECTED** Win32:Dropper-gen [Drp]
21:55:10.004    AVAST engine scan C:\ProgramData
21:58:07.533    Scan finished successfully
22:13:28.905    Disk 0 MBR has been saved successfully to "C:\Users\Vincent\Documents\MBR.dat"
22:13:28.915    The log file has been saved successfully to "C:\Users\Vincent\Documents\aswMBR.txt"

 



#6 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:58 AM

Posted 26 June 2014 - 03:41 AM

Fix with FRST (normal mode)

WARNING: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
 

  • Download the attached fixlist.txt and save it to the location where FRST is saved to.
  • Run FRST.exe (on 64bit, run FRST64.exe) and press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply.

 

 

 

 

Full System Scan with Malwarebytes Antimalware
 

  • If not existing, please download Malwarebytes Anti-Malware to your desktop.
  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

Attached Files


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#7 bollemanneke

bollemanneke
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:58 AM

Posted 26 June 2014 - 04:55 AM

Please find the fix log below. I was unable to copy the scanlog of Malwarebytes to my clipboard because at that point it crashed. However, it did apply actions and asks me to restart my computer (not done yet).

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:25-06-2014
Ran by Vincent at 2014-06-26 10:49:10 Run:1
Running from C:\Users\Vincent\fixing websearches
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
AlternateDataStreams: C:\ProgramData\TEMP:AD022376
Task: {8C6898EF-B963-46C1-9445-DCB183040822} - System32\Tasks\4908 => Wscript.exe C:\Users\Vincent\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {C217E7DC-EBC7-4175-B3EB-B8402AD59851} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
Task: {DDAEB20D-ACE5-4655-AE13-A720DE4EAB6D} - System32\Tasks\Express Files Updater => C:\Program Files\ExpressFiles\EFupdater.exe <==== ATTENTION
Task: {66046747-5854-4AFB-B572-DD5FC038D0F1} - System32\Tasks\Advanced System Protector => C:\Program Files\RegClean Pro\SystweakASP.exe <==== ATTENTION
CHR HKLM\...\Chrome\Extension: [aaaaojmikegpiepcfdkkjaplodkpfmlo] - C:\Users\Vincent\AppData\Local\APN\GoogleCRXs\apnorjtoolbar.crx [2013-02-19]
CHR HKLM\...\Chrome\Extension: [bebnnlollpcjnfpkafhoclljaojgnfok] - C:\Program Files\FTDownloader.com\FTDownloader10.crx [2013-02-19]
CHR HomePage: hxxp://www.search.ask.com/?l=dis&o=APN10113&gct=hp
CHR DefaultSearchKeyword: ask.com
CHR DefaultSearchProvider: ask
CHR DefaultSearchURL: http://websearch.ask.com/redirect?client=cr&src=kw&tb=NCH2&o=APN10113&locale=nl_EU&apn_uid=&apn_ptnrs=%5EA5O&apn_sauid=&apn_dtid=%5EYYYYYY%5EYY%5EBE&psv=&q={searchTerms}
FF Extension: FTdownloader V4.0 - C:\Users\Vincent\AppData\Roaming\Mozilla\Firefox\Profiles\591fo89s.default\Extensions\ftdownloader4@ftdownloader.com.xpi [2013-05-28]
FF Extension: NCH  - C:\Users\Vincent\AppData\Roaming\Mozilla\Firefox\Profiles\591fo89s.default\Extensions\{c2db4fe6-8409-45ce-8010-189a7b5cce86} [2014-06-08]
FF DefaultSearchEngine: webssearches
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: webssearches
FF Homepage: hxxp://istart.webssearches.com/?type=hp&ts=1403635565&from=slbnew&uid=TOSHIBAXMK5055GSX_491JT0JATXX491JT0JAT
BHO: DVDVideoSoft IE Extension - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
BHO: YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\4.6\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
Toolbar: HKLM - YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube DownloaderToolbar\IE\4.6\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM - NCH EN Toolbar - {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Users\Vincent\AppData\LocalLow\NCH_EN\prxtbNCH_.dll(ClientConnect Ltd.)
Toolbar: HKLM - NCH Toolbar - {c2db4fe6-8409-45ce-8010-189a7b5cce86} - C:\Users\Vincent\AppData\LocalLow\NCH\prxtbNC0.dll(ClientConnect Ltd.)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - NCH EN Toolbar - {37483B40-C254-4A72-BDA4-22EE90182C1E} - C:\Users\Vincent\AppData\LocalLow\NCH_EN\prxtbNCH_.dll(ClientConnect Ltd.)
Toolbar: HKCU - No Name - {87775FDB-6972-41F9-AE51-8326E38CB206} -  No File
Toolbar: HKCU - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKCU - No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} -  No File
Toolbar: HKCU - No Name - {4F524A2D-5637-006A-76A7-7A786E7484D7} -  No File
Toolbar: HKCU - NCH Toolbar - {C2DB4FE6-8409-45CE-8010-189A7B5CCE86} - C:\Users\Vincent\AppData\LocalLow\NCH\prxtbNC0.dll(ClientConnect Ltd.)
Toolbar: HKCU - No Name - {4F524A2D-5637-4300-76A7-7A786E7484D7} -  No File
BHO: NCH Toolbar - {c2db4fe6-8409-45ce-8010-189a7b5cce86} - C:\Users\Vincent\AppData\LocalLow\NCH\prxtbNC0.dll (ClientConnectLtd.)
BHO: No Name - {87775fdb-6972-41f9-ae51-8326e38cb206} -  No File
BHO: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files\SupTab\SupTab.dll (Thinknice Co. Limited)
BHO: NCH EN Toolbar - {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Users\Vincent\AppData\LocalLow\NCH_EN\prxtbNCH_.dll(ClientConnect Ltd.)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = nl-be
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.webssearches.com/web/?type=ds&ts=1403635565&from=slbnew&uid=TOSHIBAXMK5055GSX_491JT0JATXX491JT0JAT&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://istart.webssearches.com/web/?type=ds&ts=1403635565&from=slbnew&uid=TOSHIBAXMK5055GSX_491JT0JATXX491JT0JAT&q={searchTerms}
URLSearchHook: HKLM - (No Name) - {87775fdb-6972-41f9-ae51-8326e38cb206} -  No File
URLSearchHook: HKLM - NCH EN Toolbar - {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Users\Vincent\AppData\LocalLow\NCH_EN\prxtbNCH_.dll (ClientConnect Ltd.)
URLSearchHook: HKLM - NCH Toolbar - {c2db4fe6-8409-45ce-8010-189a7b5cce86} - C:\Users\Vincent\AppData\LocalLow\NCH\prxtbNC0.dll(ClientConnect Ltd.)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://istart.webssearches.com/?type=sc&ts=1403635565&from=slbnew&uid=TOSHIBAXMK5055GSX_491JT0JATXX491JT0JAT
AppInit_DLLs: C:\PROGRA~1\SupTab\SEARCH~1.DLL => C:\Program Files\SupTab\SearchProtect32.dll [91248 2014-05-08] (Skytech Co.,Ltd.)
HKU\S-1-5-21-1926034506-3658006345-3702480741-1001\...\Run: [BackgroundContainerV2] => "C:\Windows\system32\Rundll32.exe" "C:\Users\Vincent\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun

S2 6077757b; \??\C:\Windows\system32\drivers\regi.sys [X]
S2 CltMngSvc; C:\PROGRA~1\SearchProtect\Main\bin\CltMngSvc.exe [X]
R2 TBSrv; C:\Program Files\Tbccint\ToolbarService\ToolbarService.exe [350528 2014-04-10] (ClientConnect Ltd.)

C:\Users\Vincent\AppData\Local\Conduit
C:\Program Files\YouTube DownloaderToolbar
C:\Program Files\SupTab
C:\Users\Vincent\AppData\LocalLow\NCH_EN
C:\Program Files\Tbccint\ToolbarService
C:\PROGRA~1\SearchProtect
C:\Windows\system32\drivers\regi.sys
2014-06-02 21:31 - 2011-04-21 21:46 - 00000000 ____D () C:\Users\Vincent\AppData\Local\Conduit
2014-06-02 21:25 - 2014-06-02 21:25 - 00000000 ____D () C:\Program Files\NCH
2014-06-02 21:25 - 2014-06-02 21:25 - 00000000 ____D () C:\Program Files\Conduit
C:\Users\Vincent\AppData\Local\Temp\launchie.vbs
C:\Program Files\ExpressFiles
C:\Program Files\RegClean Pro
C:\Users\Vincent\lame_enc.dll
C:\Users\Vincent\PlayTime.exe
C:\Users\Vincent\SubRip.exe

YouTube Downloader Toolbar v4.6
uTorrentBar_NL Toolbar
*****************

C:\ProgramData\TEMP => ":AD022376" ADS removed successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8C6898EF-B963-46C1-9445-DCB183040822}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8C6898EF-B963-46C1-9445-DCB183040822}' => Key deleted successfully.
C:\Windows\System32\Tasks\4908 => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4908' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C217E7DC-EBC7-4175-B3EB-B8402AD59851}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C217E7DC-EBC7-4175-B3EB-B8402AD59851}' => Key deleted successfully.
C:\Windows\System32\Tasks\0 => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DDAEB20D-ACE5-4655-AE13-A720DE4EAB6D}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DDAEB20D-ACE5-4655-AE13-A720DE4EAB6D}' => Key deleted successfully.
C:\Windows\System32\Tasks\Express Files Updater => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Express Files Updater' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{66046747-5854-4AFB-B572-DD5FC038D0F1}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{66046747-5854-4AFB-B572-DD5FC038D0F1}' => Key deleted successfully.
C:\Windows\System32\Tasks\Advanced System Protector => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Advanced System Protector' => Key deleted successfully.
'HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo' => Key deleted successfully.
"C:\Users\Vincent\AppData\Local\APN\GoogleCRXs\apnorjtoolbar.crx" => File/Directory not found.
'HKLM\SOFTWARE\Google\Chrome\Extensions\bebnnlollpcjnfpkafhoclljaojgnfok' => Key deleted successfully.
"C:\Program Files\FTDownloader.com\FTDownloader10.crx" => File/Directory not found.
CHR HomePage: hxxp://www.search.ask.com/?l=dis&o=APN10113&gct=hp ==> The Chrome "Settings" can be used to fix the entry.
CHR DefaultSearchKeyword: ask.com ==> The Chrome "Settings" can be used to fix the entry.
CHR DefaultSearchProvider: ask ==> The Chrome "Settings" can be used to fix the entry.
CHR DefaultSearchURL: http://websearch.ask.com/redirect?client=cr&src=kw&tb=NCH2&o=APN10113&locale=nl_EU&apn_uid=&apn_ptnrs=%5EA5O&apn_sauid=&apn_dtid=%5EYYYYYY%5EYY%5EBE&psv=&q={searchTerms} ==> The Chrome "Settings" can be used to fix the entry.
C:\Users\Vincent\AppData\Roaming\Mozilla\Firefox\Profiles\591fo89s.default\Extensions\ftdownloader4@ftdownloader.com.xpi => Moved successfully.
C:\Users\Vincent\AppData\Roaming\Mozilla\Firefox\Profiles\591fo89s.default\Extensions\{c2db4fe6-8409-45ce-8010-189a7b5cce86} => Moved successfully.
Firefox DefaultSearchEngine deleted successfully.
Firefox SearchEngineOrder.1 deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
Firefox homepage deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}' => Key deleted successfully.
'HKCR\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3FEE66E-E034-436a-86E4-9690573BEE8A}' => Key deleted successfully.
'HKCR\CLSID\{F3FEE66E-E034-436a-86E4-9690573BEE8A}' => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{F3FEE66E-E034-436a-86E4-9690573BEE8A} => value deleted successfully.
'HKCR\CLSID\{F3FEE66E-E034-436a-86E4-9690573BEE8A}'=> Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113} => value deleted successfully.
'HKCR\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113}' => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{37483b40-c254-4a72-bda4-22ee90182c1e} => value deleted successfully.
'HKCR\CLSID\{37483b40-c254-4a72-bda4-22ee90182c1e}' => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{c2db4fe6-8409-45ce-8010-189a7b5cce86} => value deleted successfully.
'HKCR\CLSID\{c2db4fe6-8409-45ce-8010-189a7b5cce86}' => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.
'HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}'=> Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{37483B40-C254-4A72-BDA4-22EE90182C1E} => value deleted successfully.
'HKCR\CLSID\{37483B40-C254-4A72-BDA4-22EE90182C1E}'=> Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{87775FDB-6972-41F9-AE51-8326E38CB206} => value deleted successfully.
'HKCR\CLSID\{87775FDB-6972-41F9-AE51-8326E38CB206}'=> Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => value deleted successfully.
'HKCR\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}'=> Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} => value deleted successfully.
'HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}'=> Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => value deleted successfully.
'HKCR\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}' => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value deleted successfully.
'HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}'=> Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847} => value deleted successfully.
'HKCR\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}'=> Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4F524A2D-5637-006A-76A7-7A786E7484D7} => value deleted successfully.
'HKCR\CLSID\{4F524A2D-5637-006A-76A7-7A786E7484D7}'=> Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C2DB4FE6-8409-45CE-8010-189A7B5CCE86} => value deleted successfully.
'HKCR\CLSID\{C2DB4FE6-8409-45CE-8010-189A7B5CCE86}' => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4F524A2D-5637-4300-76A7-7A786E7484D7} => value deleted successfully.
'HKCR\CLSID\{4F524A2D-5637-4300-76A7-7A786E7484D7}'=> Key not found.
'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c2db4fe6-8409-45ce-8010-189a7b5cce86}' => Key deleted successfully.
'HKCR\CLSID\{c2db4fe6-8409-45ce-8010-189a7b5cce86}'=> Key not found.
'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{87775fdb-6972-41f9-ae51-8326e38cb206}' => Key deleted successfully.
'HKCR\CLSID\{87775fdb-6972-41f9-ae51-8326e38cb206}'=> Key not found.
'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}' => Key deleted successfully.
'HKCR\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{37483b40-c254-4a72-bda4-22ee90182c1e}' => Key deleted successfully.
'HKCR\CLSID\{37483b40-c254-4a72-bda4-22ee90182c1e}'=> Key not found.
'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}' => Key deleted successfully.
'HKCR\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}'=> Key not found.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs => value deleted successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\Software\Microsoft\Internet Explorer\URLSearchHooks\\{87775fdb-6972-41f9-ae51-8326e38cb206} => value deleted successfully.
HKLM\Software\Microsoft\Internet Explorer\URLSearchHooks\\{37483b40-c254-4a72-bda4-22ee90182c1e} => value deleted successfully.
HKLM\Software\Microsoft\Internet Explorer\URLSearchHooks\\{c2db4fe6-8409-45ce-8010-189a7b5cce86} => value deleted successfully.
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully.
"C:\PROGRA~1\SupTab\SEARCH~1.DLL" => Value Data removed successfully.
HKU\S-1-5-21-1926034506-3658006345-3702480741-1001\Software\Microsoft\Windows\CurrentVersion\Run\\BackgroundContainerV2 => value deleted successfully.
6077757b => Service deleted successfully.
CltMngSvc => Service deleted successfully.
TBSrv => Service stopped successfully.
TBSrv => Service deleted successfully.
C:\Users\Vincent\AppData\Local\Conduit => Moved successfully.
"C:\Program Files\YouTube DownloaderToolbar" => File/Directory not found.
C:\Program Files\SupTab => Moved successfully.
C:\Users\Vincent\AppData\LocalLow\NCH_EN => Moved successfully.
C:\Program Files\Tbccint\ToolbarService => Moved successfully.
"C:\PROGRA~1\SearchProtect" => File/Directory not found.
"C:\Windows\system32\drivers\regi.sys" => File/Directory not found.
"C:\Users\Vincent\AppData\Local\Conduit" => File/Directory not found.
C:\Program Files\NCH => Moved successfully.
C:\Program Files\Conduit => Moved successfully.
"C:\Users\Vincent\AppData\Local\Temp\launchie.vbs" => File/Directory not found.
C:\Program Files\ExpressFiles => Moved successfully.
"C:\Program Files\RegClean Pro" => File/Directory not found.
C:\Users\Vincent\lame_enc.dll => Moved successfully.
C:\Users\Vincent\PlayTime.exe => Moved successfully.
C:\Users\Vincent\SubRip.exe => Moved successfully.

==== End of Fixlog ====



#8 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:58 AM

Posted 26 June 2014 - 04:59 AM

Reboot!

 

 

You told us that you removed several items with Malwarebytes´ Antimalware. This tool creates a log on every run and we need to see them.


  • The logs can be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Zip any and all of these logs and attach the file to your next reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#9 bollemanneke

bollemanneke
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:58 AM

Posted 26 June 2014 - 05:12 AM

Okay, reboot complete. I'm very sorry, but there are no logs in either of these directories.



#10 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:58 AM

Posted 30 June 2014 - 01:57 AM

Skip malwarebytes.

 

 

 

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#11 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:58 AM

Posted 03 July 2014 - 04:04 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users