Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

slow, adverts in browser and clickable links


  • This topic is locked This topic is locked
6 replies to this topic

#1 Kiwi1990

Kiwi1990

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:01:50 AM

Posted 02 July 2014 - 04:39 PM

Hi all.

A friend of mine needed help cleaning up her laptop, though its so slow and unworkable for me that i came here to ask for help. She has extra clickable links in her browser (chrome) that shoudnt be there, aswell as extra adds. Malwarebytes found around 400 PuPs but crashed during quarantining and the scanlog shows up completly empty. Here is the dds.txt and the attach. I hope someone can help us clean this laptop up :)

edit: i also noticed that the programs and features option in configuration panel doesnt show the list of installed programs anymore. Ot only shows google chrome, but not the rest of installed programs like avira and malwarebytes etc.

 

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 11.0.9600.17126
Run by Robert at 23:23:42 on 2014-07-02
Microsoft Windows 7 Starter   6.1.7601.1.1252.31.1043.18.1012.158 [GMT 2:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\IDT\WDM\STacSV.exe
C:\ProgramData\IePluginService\PluginService.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\ProgramData\IePluginServices\PluginService.exe
C:\ProgramData\WPM\wprotectmanager.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\explorer.exe
C:\Program Files\IDT\WDM\aestsrv.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
C:\Users\Robert\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Robert\AppData\Local\WeatherAlerts\DesktopWeatherAlertsApp.exe
C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
C:\Users\Robert\AppData\Local\WeatherAlerts\WeatherAlerts.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Users\Robert\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Robert\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Robert\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\Robert\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Robert\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Users\Robert\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\msiexec.exe
C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k SDRSVC
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://istart.webssearches.com/?type=hp&ts=1397855522&from=tugs&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1397855522&from=tugs&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG&q={searchTerms}
uDefault_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1397855522&from=tugs&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG
uDefault_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1397855522&from=tugs&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG&q={searchTerms}
mStart Page = hxxp://istart.webssearches.com/?type=hp&ts=1397855522&from=tugs&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG
mSearch Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1397855522&from=tugs&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG&q={searchTerms}
mDefault_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1397855522&from=tugs&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG
mDefault_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1397855522&from=tugs&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG&q={searchTerms}
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: {87775fdb-6972-41f9-ae51-8326e38cb206} - <orphaned>
uWinlogon: Shell = expstart.exe
BHO: MediaPlayerplus: {11111111-1111-1111-1111-110511421146} - c:\program files\mediaplayerplus\MediaPlayerplus-bho.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - <orphaned>
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - 
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - c:\program files\hewlett-packard\hp support framework\resources\hpnetworkcheck\HPNetworkCheckPlugin.dll
uRun: [Google Update] "c:\users\robert\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe"
uRun: [OfficeSyncProcess] "c:\program files\microsoft office\office14\MSOSYNC.EXE"
uRun: [Facebook Update] "c:\users\robert\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver
uRun: [Syncables] c:\program files\hewlett-packard\hp quicksync\QuickSync.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [GoogleChromeAutoLaunch_8CC0C224CAA679A6B63017BE99A17B85] "c:\users\robert\appdata\local\google\chrome\application\chrome.exe" --no-startup-window
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [HP Quick Launch] c:\program files\hewlett-packard\hp quick launch\HPMSGSVC.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [HPWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\delayedappstarter.exe 120 c:\program files\hewlett-packard\hp wireless assistant\HPWA_Main.exe /hidden
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [Avira Systray] c:\program files\avira\my avira\Avira.OE.Systray.exe
mRunOnce: [NCPluginUpdater] "c:\program files\hewlett-packard\hp health check\activecheck\product_line\NCPluginUpdater.exe" Update
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\mif5ba~1\office14\ONBttnIE.dll/105
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - c:\program files\hewlett-packard\hp support framework\resources\hpnetworkcheck\NCLauncherFromIE.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{FEEEBFC1-BB09-42F2-BE24-6A07ED7CBCE3} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{FEEEBFC1-BB09-42F2-BE24-6A07ED7CBCE3}\14256573531393535473531334 : DHCPNameServer = 192.168.2.254
TCP: Interfaces\{FEEEBFC1-BB09-42F2-BE24-6A07ED7CBCE3}\6716E6A516E64756E613 : DHCPNameServer = 192.168.2.254
TCP: Interfaces\{FEEEBFC1-BB09-42F2-BE24-6A07ED7CBCE3}\75C414E4 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{FEEEBFC1-BB09-42F2-BE24-6A07ED7CBCE3}\84232303E4834343441443F5548545 : DHCPNameServer = 192.168.2.3
TCP: Interfaces\{FEEEBFC1-BB09-42F2-BE24-6A07ED7CBCE3}\A597F507279667164756F565931455D425 : DHCPNameServer = 192.168.1.254 195.241.77.55 195.241.77.58
TCP: Interfaces\{FEEEBFC1-BB09-42F2-BE24-6A07ED7CBCE3}\C496E6B6379737025433030303 : DHCPNameServer = 213.46.228.196 62.179.104.196 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
STS: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - c:\windows\system32\DreamScene.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R1 DVMIO;DeviceVM IO Service;c:\windows\system32\drivers\dvmio.sys [2009-11-11 18136]
R2 AESTFilters;Andrea ST Filters Service;c:\program files\idt\wdm\AEstSrv.exe [2010-9-18 81920]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files\hewlett-packard\hp support framework\HPSA_Service.exe [2013-11-4 92160]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\drivers\RtsPStor.sys [2010-9-18 230944]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-9-18 267880]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-14 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-14 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-14 661504]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-7-31 52224]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-7-14 311296]
.
=============== Created Last 30 ================
.
2014-07-02 21:06:54 -------- d-----w- c:\program files\Avira
2014-07-02 21:06:50 -------- d-----w- c:\programdata\Avira
2014-07-02 21:06:32 -------- d-----w- c:\programdata\Package Cache
2014-07-02 21:06:03 -------- d-----w- C:\OETemp
2014-07-02 20:24:30 8140904 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{a45ae812-6c0f-488d-90d7-a0c2770b9e7a}\mpengine.dll
2014-07-02 20:12:39 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-07-02 20:11:37 74456 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-07-02 20:11:37 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-07-02 20:11:37 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-07-02 20:11:36 -------- d-----w- c:\programdata\Malwarebytes
2014-07-02 20:11:36 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-06-12 11:19:53 -------- d-----w- c:\users\robert\appdata\roaming\337Games
2014-06-12 11:19:42 -------- d-----w- c:\programdata\IePluginServices
2014-06-11 18:13:01 32256 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-06-11 18:13:00 51200 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-06-11 18:13:00 38400 ----a-w- c:\program files\internet explorer\DiagnosticsHub_is.dll
2014-06-11 18:13:00 215552 ----a-w- c:\program files\internet explorer\DiagnosticsHub.ScriptedSandboxPlugin.dll
2014-06-11 18:13:00 108032 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-06-11 18:11:52 455168 ----a-w- c:\windows\system32\vbscript.dll
2014-06-11 18:11:49 4244992 ----a-w- c:\windows\system32\jscript9.dll
2014-06-11 18:11:33 1389056 ----a-w- c:\windows\system32\msxml6.dll
2014-06-11 18:11:31 1237504 ----a-w- c:\windows\system32\msxml3.dll
2014-06-11 18:11:30 2048 ----a-w- c:\windows\system32\msxml6r.dll
2014-06-11 18:11:30 2048 ----a-w- c:\windows\system32\msxml3r.dll
2014-06-11 18:11:23 1294272 ----a-w- c:\windows\system32\drivers\tcpip.sys
2014-06-11 18:11:22 240576 ----a-w- c:\windows\system32\drivers\netio.sys
2014-06-11 18:11:21 187840 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2014-06-11 18:11:08 626688 ----a-w- c:\windows\system32\usp10.dll
.
==================== Find3M  ====================
.
2014-05-30 09:02:39 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-05-30 09:02:03 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-05-30 08:43:06 61952 ----a-w- c:\windows\system32\iesetup.dll
2014-05-30 08:28:33 112128 ----a-w- c:\windows\system32\ieUnatt.exe
2014-05-30 08:27:56 592896 ----a-w- c:\windows\system32\jscript9diag.dll
2014-05-30 08:21:36 646144 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-05-30 07:50:09 1068032 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-05-30 07:49:38 1964544 ----a-w- c:\windows\system32\inetcpl.cpl
2014-05-30 07:21:10 1790976 ----a-w- c:\windows\system32\wininet.dll
2014-05-13 19:30:56 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-05-13 19:30:55 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-04-15 00:34:10 1070232 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2014-04-12 02:15:13 67520 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2014-04-12 02:15:13 136640 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2014-04-12 02:12:09 15872 ----a-w- c:\windows\system32\sspisrv.dll
2014-04-12 02:12:09 100352 ----a-w- c:\windows\system32\sspicli.dll
2014-04-12 02:12:06 22016 ----a-w- c:\windows\system32\secur32.dll
2014-04-12 02:11:58 1059840 ----a-w- c:\windows\system32\lsasrv.dll
2014-04-12 02:11:22 22528 ----a-w- c:\windows\system32\lsass.exe
.
============= FINISH: 23:32:17,67 ===============

Attached Files


Edited by Kiwi1990, 02 July 2014 - 06:32 PM.


BC AdBot (Login to Remove)

 


m

#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,271 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:50 PM

Posted 07 July 2014 - 07:47 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the correct version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

Let me know what problem persists.

#3 Kiwi1990

Kiwi1990
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:01:50 AM

Posted 07 July 2014 - 11:54 AM

Heya, ty for your help and reply. Here are the scanlogs.

The laptop is a tiny bit quicker, but is stil slow opening up a new window or being able to type the adress in a browser for example.

Also is the Programs and features list stil empty. (except for chrome). The adds and clickable links in the browser are gone so far i can see.

 

# AdwCleaner v3.214 - Rapport aangemaakt 07/07/2014 op 18:30:59
# Laatste Update 29/06/2014 door Xplode
# Besturingssysteem : Windows 7 Starter Service Pack 1 (32 bits)
# Gebruikersnaam : Robert - ROBERT-HP
# Gestart vanuit : C:\Users\Robert\Desktop\adwcleaner_3.214.exe
# Optie : Verwijderen
 
***** [ Services ] *****
 
 
***** [ Bestanden / Mappen ] *****
 
Map Verwijderd : C:\ProgramData\Tarma Installer
Map Verwijderd : C:\ProgramData\WPM
Map Verwijderd : C:\Program Files\Conduit
Map Verwijderd : C:\Program Files\SupTab
Map Verwijderd : C:\Users\Robert\AppData\Local\Conduit
Map Verwijderd : C:\Users\Robert\AppData\LocalLow\Conduit
Map Verwijderd : C:\Users\Robert\AppData\LocalLow\PriceGong
Map Verwijderd : C:\Users\Robert\AppData\Roaming\337Games
Map Verwijderd : C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogfjmhfnldnajmfaofeiaepghjenbgjo
Bestand Verwijderd : C:\END
Bestand Verwijderd : C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\ep.crx
 
***** [ Snelkoppelingen ] *****
 
 
***** [ Register ] *****
 
Sleutel Verwijderd : HKLM\SOFTWARE\Google\Chrome\Extensions\ainbkicbloikcngphmjfpjdemblcojdd
Sleutel Verwijderd : HKLM\SOFTWARE\Google\Chrome\Extensions\ogfjmhfnldnajmfaofeiaepghjenbgjo
[#] Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1EC9510D-A439-4950-9399-B6399EDF9EA7}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Toolbar.CT2865317
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Sleutel Verwijderd : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Sleutel Verwijderd : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Sleutel Verwijderd : HKCU\Software\installedbrowserextensions
Sleutel Verwijderd : HKCU\Software\AppDataLow\Software\Conduit
Sleutel Verwijderd : HKLM\Software\Conduit
Sleutel Verwijderd : HKLM\Software\delta-homesSoftware
Sleutel Verwijderd : HKLM\Software\dlQUE
Sleutel Verwijderd : HKLM\Software\installedbrowserextensions
Sleutel Verwijderd : HKLM\Software\SupDp
Sleutel Verwijderd : HKLM\Software\SupTab
Sleutel Verwijderd : HKLM\Software\supWPM
Sleutel Verwijderd : HKLM\Software\Tarma Installer
Sleutel Verwijderd : HKLM\Software\Wpm
Sleutel Verwijderd : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17126
 
Instelling Hersteld : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
Instelling Hersteld : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
 
-\\ Mozilla Firefox v
 
-\\ Google Chrome v
 
[ Bestand : C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Verwijderd [Search Provider] : hxxp://istart.webssearches.com/web/?type=dspp&ts=1402508807&from=tugs&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG&q={searchTerms}
Verwijderd [Search Provider] : hxxp://istart.webssearches.com/web/?type=ds&ts=1397855522&from=tugs&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG&q={searchTerms}
Verwijderd [Search Provider] : hxxp://search.delta-homes.com/web/?type=ds&ts=1402571896&from=wpm0612&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG&q={searchTerms}
Verwijderd [Startup_urls] : hxxp://istart.webssearches.com/?type=hp&ts=1397855522&from=tugs&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG
Verwijderd [Startup_urls] : hxxp://istart.webssearches.com/?type=hppp&ts=1397902474&from=tugs&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG
Verwijderd [Startup_urls] : hxxp://istart.webssearches.com/?type=hppp&ts=1397984447&from=tugs&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG
Verwijderd [Startup_urls] : hxxp://istart.webssearches.com/?type=hppp&ts=1397984972&from=tugs&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG
Verwijderd [Startup_urls] : hxxp://istart.webssearches.com/?type=hppp&ts=1398076695&from=tugs&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG
Verwijderd [Startup_urls] : hxxp://istart.webssearches.com/?type=hppp&ts=1398159342&from=tugs&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG
Verwijderd [Startup_urls] : hxxp://istart.webssearches.com/?type=hppp&ts=1398243483&from=tugs&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG
Verwijderd [Startup_urls] : hxxp://istart.webssearches.com/?type=hppp&ts=1398338702&from=tugs&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG
Verwijderd [Startup_urls] : hxxp://istart.webssearches.com/?type=hppp&ts=1398358167&from=tugs&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG
Verwijderd [Startup_urls] : hxxp://istart.webssearches.com/?type=hppp&ts=1398408894&from=tugs&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG
Verwijderd [Startup_urls] : hxxp://istart.webssearches.com/?type=hppp&ts=1398425112&from=tugs&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG
Verwijderd [Startup_urls] : hxxp://istart.webssearches.com/?type=hppp&ts=1398608666&from=tugs&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG
Verwijderd [Startup_urls] : hxxp://istart.webssearches.com/?type=hppp&ts=1398668455&from=tugs&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG
Verwijderd [Startup_urls] : hxxp://istart.webssearches.com/?type=hppp&ts=1398808549&from=tugs&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG
Verwijderd [Startup_urls] : hxxp://istart.webssearches.com/?type=hppp&ts=1398852968&from=tugs&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG
Verwijderd [Startup_urls] : hxxp://istart.webssearches.com/?type=hppp&ts=1399014253&from=tugs&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG
Verwijderd [Startup_urls] : hxxp://istart.webssearches.com/?type=hppp&ts=1399115699&from=tugs&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG
Verwijderd [Startup_urls] : hxxp://istart.webssearches.com/?type=hppp&ts=1399445789&from=tugs&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG
Verwijderd [Startup_urls] : hxxp://istart.webssearches.com/?type=hppp&ts=1399456488&from=tugs&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG
Verwijderd [Startup_urls] : hxxp://istart.webssearches.com/?type=hppp&ts=1399481660&from=tugs&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG
Verwijderd [Startup_urls] : hxxp://istart.webssearches.com/?type=hppp&ts=1399544744&from=tugs&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG
Verwijderd [Startup_urls] : hxxp://istart.webssearches.com/?type=hppp&ts=1399551459&from=tugs&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG
Verwijderd [Startup_urls] : hxxp://istart.webssearches.com/?type=hppp&ts=1399621412&from=tugs&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG
Verwijderd [Startup_urls] : hxxp://istart.webssearches.com/?type=hppp&ts=1399621852&from=tugs&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG
Verwijderd [Startup_urls] : hxxp://istart.webssearches.com/?type=hppp&ts=1399732594&from=tugs&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG
Verwijderd [Startup_urls] : hxxp://istart.webssearches.com/?type=hppp&ts=1399752405&from=tugs&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG
Verwijderd [Startup_urls] : hxxp://istart.webssearches.com/?type=hppp&ts=1399829966&from=tugs&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG
Verwijderd [Startup_urls] : hxxp://istart.webssearches.com/?type=hppp&ts=1399831433&from=tugs&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG
Verwijderd [Startup_urls] : hxxp://istart.webssearches.com/?type=hppp&ts=1399892301&from=tugs&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG
Verwijderd [Startup_urls] : hxxp://istart.webssearches.com/?type=hppp&ts=1399918845&from=tugs&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG
Verwijderd [Startup_urls] : hxxp://istart.webssearches.com/?type=hppp&ts=1399986581&from=tugs&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG
Verwijderd [Startup_urls] : hxxp://istart.webssearches.com/?type=hppp&ts=1400061050&from=tugs&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG
Verwijderd [Startup_urls] : hxxp://istart.webssearches.com/?type=hppp&ts=1400148543&from=tugs&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG
Verwijderd [Startup_urls] : hxxp://istart.webssearches.com/?type=hppp&ts=1400182506&from=tugs&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG
Verwijderd [Startup_urls] : hxxp://istart.webssearches.com/?type=hppp&ts=1400240181&from=tugs&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG
Verwijderd [Startup_urls] : hxxp://istart.webssearches.com/?type=hppp&ts=1400414075&from=tugs&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG
Verwijderd [Startup_urls] : hxxp://istart.webssearches.com/?type=hppp&ts=1400426802&from=tugs&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG
Verwijderd [Startup_urls] : hxxp://istart.webssearches.com/?type=hppp&ts=1400505379&from=tugs&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG
Verwijderd [Startup_urls] : hxxp://istart.webssearches.com/?type=hppp&ts=1400505910&from=tugs&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG
Verwijderd [Startup_urls] : hxxp://istart.webssearches.com/?type=hppp&ts=1400520811&from=tugs&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG
Verwijderd [Startup_urls] : hxxp://istart.webssearches.com/?type=hppp&ts=1400586977&from=tugs&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG
Verwijderd [Startup_urls] : hxxp://istart.webssearches.com/?type=hppp&ts=1400695507&from=tugs&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG
Verwijderd [Startup_urls] : hxxp://istart.webssearches.com/?type=hppp&ts=1400739026&from=tugs&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG
Verwijderd [Startup_urls] : hxxp://istart.webssearches.com/?type=hppp&ts=1400842066&from=tugs&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG
Verwijderd [Startup_urls] : hxxp://istart.webssearches.com/?type=hppp&ts=1400942871&from=tugs&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG
Verwijderd [Startup_urls] : hxxp://istart.webssearches.com/?type=hppp&ts=1401018938&from=tugs&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG
Verwijderd [Startup_urls] : hxxp://istart.webssearches.com/?type=hppp&ts=1401129131&from=tugs&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG
Verwijderd [Startup_urls] : hxxp://istart.webssearches.com/?type=hppp&ts=1401178333&from=tugs&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG
Verwijderd [Startup_urls] : hxxp://istart.webssearches.com/?type=hppp&ts=1401225464&from=tugs&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG
Verwijderd [Startup_urls] : hxxp://istart.webssearches.com/?type=hppp&ts=1401268325&from=tugs&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG
Verwijderd [Startup_urls] : hxxp://istart.webssearches.com/?type=hppp&ts=1401275540&from=tugs&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG
Verwijderd [Startup_urls] : hxxp://istart.webssearches.com/?type=hppp&ts=1401377749&from=tugs&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG
Verwijderd [Startup_urls] : hxxp://istart.webssearches.com/?type=hppp&ts=1401394459&from=tugs&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG
Verwijderd [Startup_urls] : hxxp://istart.webssearches.com/?type=hppp&ts=1401455687&from=tugs&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG
Verwijderd [Startup_urls] : hxxp://istart.webssearches.com/?type=hppp&ts=1401531465&from=tugs&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG
Verwijderd [Startup_urls] : hxxp://istart.webssearches.com/?type=hppp&ts=1401629421&from=tugs&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG
Verwijderd [Startup_urls] : hxxp://istart.webssearches.com/?type=hppp&ts=1401739628&from=tugs&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG
Verwijderd [Startup_urls] : hxxp://istart.webssearches.com/?type=hppp&ts=1401789709&from=tugs&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG
Verwijderd [Startup_urls] : hxxp://istart.webssearches.com/?type=hppp&ts=1401906723&from=tugs&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG
Verwijderd [Startup_urls] : hxxp://istart.webssearches.com/?type=hppp&ts=1401962542&from=tugs&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG
Verwijderd [Startup_urls] : hxxp://istart.webssearches.com/?type=hppp&ts=1402047601&from=tugs&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG
Verwijderd [Startup_urls] : hxxp://istart.webssearches.com/?type=hppp&ts=1402226431&from=tugs&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG
Verwijderd [Startup_urls] : hxxp://istart.webssearches.com/?type=hppp&ts=1402228741&from=tugs&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG
Verwijderd [Startup_urls] : hxxp://istart.webssearches.com/?type=hppp&ts=1402508807&from=tugs&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG
Verwijderd [Startup_urls] : hxxp://www.delta-homes.com/?type=hp&ts=1402571896&from=wpm0612&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG
Verwijderd [Extension] : ainbkicbloikcngphmjfpjdemblcojdd
Verwijderd [Extension] : majjphhgppkndjjkmhhnbgafooenebhd
Verwijderd [Extension] : ogfjmhfnldnajmfaofeiaepghjenbgjo
Verwijderd [Extension] : pelmeidfhdlhlbjimpabfcbnnojbboma
 
*************************
 
AdwCleaner[R0].txt - [12459 octets] - [07/07/2014 18:26:55]
AdwCleaner[S0].txt - [12813 octets] - [07/07/2014 18:30:59]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [12874 octets] ##########
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:05-07-2014 01
Ran by Robert (administrator) on ROBERT-HP on 07-07-2014 18:39:19
Running from C:\Users\Robert\Desktop
Platform: Microsoft Windows 7 Starter  Service Pack 1 (X86) OS Language: Nederlands (Nederland)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AEstSrv.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
() C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
(Google Inc.) C:\Users\Robert\AppData\Local\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Users\Robert\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Google Inc.) C:\Users\Robert\AppData\Local\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
(Google Inc.) C:\Users\Robert\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Robert\AppData\Local\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-10-13] (Intel Corporation)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [495708 2010-06-09] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2299176 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [HP Quick Launch] => C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [602680 2010-07-02] (Hewlett-Packard Company)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [HPWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-06-18] (Hewlett-Packard Company)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [187984 2014-06-30] (Avira Operations GmbH & Co. KG)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-05-27] (Hewlett-Packard)
HKU\S-1-5-21-2234141994-840407592-3228085236-1000\...\Run: [Google Update] => C:\Users\Robert\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-04-18] (Google Inc.)
HKU\S-1-5-21-2234141994-840407592-3228085236-1000\...\Run: [RocketDock] => "C:\Program Files\RocketDock\RocketDock.exe"
HKU\S-1-5-21-2234141994-840407592-3228085236-1000\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [720064 2013-04-22] (Microsoft Corporation)
HKU\S-1-5-21-2234141994-840407592-3228085236-1000\...\Run: [Syncables] => C:\Program Files\Hewlett-Packard\HP QuickSync\QuickSync.exe
HKU\S-1-5-21-2234141994-840407592-3228085236-1000\...\Run: [msnmsgr] => "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
HKU\S-1-5-21-2234141994-840407592-3228085236-1000\...\Run: [GoogleChromeAutoLaunch_8CC0C224CAA679A6B63017BE99A17B85] => C:\Users\Robert\AppData\Local\Google\Chrome\Application\chrome.exe [860488 2014-06-05] (Google Inc.)
HKU\S-1-5-21-2234141994-840407592-3228085236-1000\...\MountPoints2: E - E:\setup\rsrc\Autorun.exe
HKU\S-1-5-21-2234141994-840407592-3228085236-1000\...\Winlogon: [Shell] C:\Windows\expstart.exe [916480 2013-01-08] () <==== ATTENTION 
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {1A07D29E-B64A-4105-A014-984DA3287B6C} URL = http://nl.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM - {FE3D0869-7E1E-48C2-AAB1-20AE254796D6} URL = http://nl.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKCU - {1A07D29E-B64A-4105-A014-984DA3287B6C} URL = http://nl.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKCU - {FE3D0869-7E1E-48C2-AAB1-20AE254796D6} URL = http://nl.wikipedia.org/wiki/Special:Search?search={searchTerms}
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: No Name - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -  No File
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=1.6.0_37 - C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Robert\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Robert\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Extension: OneClickDownloader - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\profiles\extensions\OneClickDownload@OneClickDownload.com [2012-07-31]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
 
Chrome: 
=======
CHR StartupUrls: "https://www.google.nl/", "hxxp://www.google.com/", "hxxp://istart.webssearches.com/?type=hp&ts=1397855522&from=tugs&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG", "hxxp://istart.webssearches.com/?type=hppp&ts=1397902474&from=tugs&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG", "hxxp://istart.webssearches.com/?type=hppp&ts=1397984447&from=tugs&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG", "hxxp://istart.webssearches.com/?type=hppp&ts=1397984972&from=tugs&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG", "hxxp://istart.webssearches.com/?type=hppp&ts=1398076695&from=tugs&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG", "hxxp://istart.webssearches.com/?type=hppp&ts=1398159342&from=tugs&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG", "hxxp://istart.webssearches.com/?type=hppp&ts=1398243483&from=tugs&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG", "hxxp://istart.webssearches.com/?type=hppp&ts=1398338702&from=tugs&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG", "hxxp://istart.webssearches.com/?type=hppp&ts=1398358167&from=tugs&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG", "hxxp://istart.webssearches.com/?type=hppp&ts=1398408894&from=tugs&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG", "hxxp://istart.webssearches.com/?type=hppp&ts=1398425112&from=tugs&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG", "hxxp://istart.webssearches.com/?type=hppp&ts=1398608666&from=tugs&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG", "hxxp://istart.webssearches.com/?type=hppp&ts=1398668455&from=tugs&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG", "hxxp://istart.webssearches.com/?type=hppp&ts=1398808549&from=tugs&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG", "hxxp://istart.webssearches.com/?type=hppp&ts=1398852968&from=tugs&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG", "hxxp://istart.webssearches.com/?type=hppp&ts=1399014253&from=tugs&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG", "hxxp://istart.webssearches.com/?type=hppp&ts=1399115699&from=tugs&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG", "hxxp://istart.webssearches.com/?type=hppp&ts=1399445789&from=tugs&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG", "hxxp://istart.webssearches.com/?type=hppp&ts=1399456488&from=tugs&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG", "hxxp://istart.webssearches.com/?type=hppp&ts=1399481660&from=tugs&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG", "hxxp://istart.webssearches.com/?type=hppp&ts=1399544744&from=tugs&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG", "hxxp://istart.webssearches.com/?type=hppp&ts=1399551459&from=tugs&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG", "hxxp://istart.webssearches.com/?type=hppp&ts=1399621412&from=tugs&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG", "hxxp://istart.webssearches.com/?type=hppp&ts=1399621852&from=tugs&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG", "hxxp://istart.webssearches.com/?type=hppp&ts=1399732594&from=tugs&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG", "hxxp://istart.webssearches.com/?type=hppp&ts=1399752405&from=tugs&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG", "hxxp://istart.webssearches.com/?type=hppp&ts=1399829966&from=tugs&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG", "hxxp://istart.webssearches.com/?type=hppp&ts=1399831433&from=tugs&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG", "hxxp://istart.webssearches.com/?type=hppp&ts=1399892301&from=tugs&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG", "hxxp://istart.webssearches.com/?type=hppp&ts=1399918845&from=tugs&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG", "hxxp://istart.webssearches.com/?type=hppp&ts=1399986581&from=tugs&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG", "hxxp://istart.webssearches.com/?type=hppp&ts=1400061050&from=tugs&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG", "hxxp://istart.webssearches.com/?type=hppp&ts=1400148543&from=tugs&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG", "hxxp://istart.webssearches.com/?type=hppp&ts=1400182506&from=tugs&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG", "hxxp://istart.webssearches.com/?type=hppp&ts=1400240181&from=tugs&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG", "hxxp://istart.webssearches.com/?type=hppp&ts=1400414075&from=tugs&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG", "hxxp://istart.webssearches.com/?type=hppp&ts=1400426802&from=tugs&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG", "hxxp://istart.webssearches.com/?type=hppp&ts=1400505379&from=tugs&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG", "hxxp://istart.webssearches.com/?type=hppp&ts=1400505910&from=tugs&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG", "hxxp://istart.webssearches.com/?type=hppp&ts=1400520811&from=tugs&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG", "hxxp://istart.webssearches.com/?type=hppp&ts=1400586977&from=tugs&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG", "hxxp://istart.webssearches.com/?type=hppp&ts=1400695507&from=tugs&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG", "hxxp://istart.webssearches.com/?type=hppp&ts=1400739026&from=tugs&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG", "hxxp://istart.webssearches.com/?type=hppp&ts=1400842066&from=tugs&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG", "hxxp://istart.webssearches.com/?type=hppp&ts=1400942871&from=tugs&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG", "hxxp://istart.webssearches.com/?type=hppp&ts=1401018938&from=tugs&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG", "hxxp://istart.webssearches.com/?type=hppp&ts=1401129131&from=tugs&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG", "hxxp://istart.webssearches.com/?type=hppp&ts=1401178333&from=tugs&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG", "hxxp://istart.webssearches.com/?type=hppp&ts=1401225464&from=tugs&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG", "hxxp://istart.webssearches.com/?type=hppp&ts=1401268325&from=tugs&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG", "hxxp://istart.webssearches.com/?type=hppp&ts=1401275540&from=tugs&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG", "hxxp://istart.webssearches.com/?type=hppp&ts=1401377749&from=tugs&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG", "hxxp://istart.webssearches.com/?type=hppp&ts=1401394459&from=tugs&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG", "hxxp://istart.webssearches.com/?type=hppp&ts=1401455687&from=tugs&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG", "hxxp://istart.webssearches.com/?type=hppp&ts=1401531465&from=tugs&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG", "hxxp://istart.webssearches.com/?type=hppp&ts=1401629421&from=tugs&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG", "hxxp://istart.webssearches.com/?type=hppp&ts=1401739628&from=tugs&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG", "hxxp://istart.webssearches.com/?type=hppp&ts=1401789709&from=tugs&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG", "hxxp://istart.webssearches.com/?type=hppp&ts=1401906723&from=tugs&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG", "hxxp://istart.webssearches.com/?type=hppp&ts=1401962542&from=tugs&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG", "hxxp://istart.webssearches.com/?type=hppp&ts=1402047601&from=tugs&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG", "hxxp://istart.webssearches.com/?type=hppp&ts=1402226431&from=tugs&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG", "hxxp://istart.webssearches.com/?type=hppp&ts=1402228741&from=tugs&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG", "hxxp://istart.webssearches.com/?type=hppp&ts=1402508807&from=tugs&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG", "hxxp://www.delta-homes.com/?type=hp&ts=1402571896&from=wpm0612&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG"
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Robert\AppData\Local\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Robert\AppData\Local\Google\Chrome\Application\35.0.1916.153\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Robert\AppData\Local\Google\Chrome\Application\35.0.1916.153\gcswf32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.200.2) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 6 U20) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Users\Robert\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File
CHR Extension: (YouTube) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-11-11]
CHR Extension: (Adblock Plus) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-03-18]
CHR Extension: (Google Zoeken) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-11-11]
CHR Extension: (Text Highlighter) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\majjphhgppkndjjkmhhnbgafooenebhd [2014-07-07]
CHR Extension: (Privacy Palette) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjkcflkplhgpebknipkekjggglimnone [2013-03-18]
CHR Extension: (ScrewAds - Block, Skip, Remove YouTube Ads) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmbnjoljpgkhiaicaejkdcjbfjknipnc [2013-04-18]
CHR Extension: (Google Wallet) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-29]
CHR Extension: (Gmail) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-11-11]
CHR HKLM\...\Chrome\Extension: [cjofdnhdkbflacojpfpkchgafjahijbb] - C:\Users\Robert\AppData\Local\Temp\ccex.crx [2012-11-11]
CHR StartMenuInternet: Google Chrome - C:\Users\Robert\AppData\Local\Google\Chrome\Application\chrome.exe
 
========================== Services (Whitelisted) =================
 
S2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [138832 2014-06-30] (Avira Operations GmbH & Co. KG)
R2 HP Support Assistant Service; C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 HP Wireless Assistant Service; C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [103992 2010-06-18] (Hewlett-Packard Company)
R2 HPWMISVC; C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [27192 2010-07-02] ()
R2 STacSV; C:\Program Files\IDT\WDM\STacSV.exe [237650 2010-06-09] (IDT, Inc.)
R2 Themes; C:\Windows\system32\themeservice.dll [37376 2012-08-01] (Microsoft Corporation) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
R1 DVMIO; C:\Windows\System32\DRIVERS\dvmio.sys [18136 2009-11-11] (DeviceVM, Inc.)
R3 RSPCIESTOR; C:\Windows\System32\DRIVERS\RtsPStor.sys [230944 2010-05-07] (Realtek Semiconductor Corp.)
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [45056 2012-12-13] (Apple, Inc.) [File not signed]
S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x32.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-07-07 18:39 - 2014-07-07 18:41 - 00020939 _____ () C:\Users\Robert\Desktop\FRST.txt
2014-07-07 18:38 - 2014-07-07 18:39 - 00000000 ____D () C:\FRST
2014-07-07 18:37 - 2014-07-07 18:37 - 01074688 _____ (Farbar) C:\Users\Robert\Desktop\FRST.exe
2014-07-07 18:26 - 2014-07-07 18:31 - 00000000 ____D () C:\AdwCleaner
2014-07-07 18:25 - 2014-07-07 18:26 - 01346519 _____ () C:\Users\Robert\Desktop\adwcleaner_3.214.exe
2014-07-02 23:32 - 2014-07-02 23:32 - 00015304 _____ () C:\Users\Robert\Desktop\dds.txt
2014-07-02 23:32 - 2014-07-02 23:32 - 00001673 _____ () C:\Users\Robert\Desktop\attach.txt
2014-07-02 23:23 - 2014-07-02 23:23 - 00688992 ____R (Swearware) C:\Users\Robert\Desktop\dds.com
2014-07-02 23:07 - 2014-07-03 01:28 - 00001025 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-07-02 23:07 - 2014-07-02 23:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-07-02 23:06 - 2014-07-03 00:35 - 00000000 ____D () C:\OETemp
2014-07-02 23:06 - 2014-07-02 23:06 - 00000000 ____D () C:\ProgramData\Package Cache
2014-07-02 23:06 - 2014-07-02 23:06 - 00000000 ____D () C:\ProgramData\Avira
2014-07-02 23:06 - 2014-07-02 23:06 - 00000000 ____D () C:\Program Files\Avira
2014-07-02 22:12 - 2014-07-03 01:23 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-02 22:11 - 2014-07-02 22:11 - 00001020 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-02 22:11 - 2014-07-02 22:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-02 22:11 - 2014-07-02 22:11 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-02 22:11 - 2014-07-02 22:11 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-07-02 22:11 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-02 22:11 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-02 22:11 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-02 22:08 - 2014-07-02 22:10 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Robert\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-16 07:51 - 2014-06-16 07:57 - 00000000 ____D () C:\Users\Robert\Downloads\Game of Thrones S04E10 HDTV x264 [E-Subs] [VectoR & DexzAery]
2014-06-11 20:13 - 2014-05-30 10:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-11 20:13 - 2014-05-30 10:28 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-11 20:13 - 2014-05-30 10:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-11 20:12 - 2014-05-30 11:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-11 20:12 - 2014-05-30 11:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-11 20:12 - 2014-05-30 10:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-11 20:12 - 2014-05-30 10:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-11 20:12 - 2014-05-30 10:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-11 20:12 - 2014-05-30 10:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-11 20:12 - 2014-05-30 10:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-11 20:12 - 2014-05-30 10:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-11 20:12 - 2014-05-30 10:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-11 20:12 - 2014-05-30 10:21 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-11 20:12 - 2014-05-30 10:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-11 20:12 - 2014-05-30 10:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-11 20:12 - 2014-05-30 10:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-11 20:12 - 2014-05-30 10:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-11 20:12 - 2014-05-30 09:57 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-11 20:12 - 2014-05-30 09:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-11 20:12 - 2014-05-30 09:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-11 20:12 - 2014-05-30 09:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-11 20:12 - 2014-05-30 09:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-11 20:12 - 2014-05-30 09:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-11 20:12 - 2014-05-30 09:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-11 20:12 - 2014-05-30 09:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-11 20:11 - 2014-05-30 11:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-11 20:11 - 2014-05-30 10:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-11 20:11 - 2014-05-30 09:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-11 20:11 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-11 20:11 - 2014-04-05 04:25 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-11 20:11 - 2014-04-05 04:24 - 00187840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-11 20:11 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-11 20:11 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-11 20:11 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-11 20:11 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-11 20:11 - 2013-11-26 13:11 - 00240576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
 
==================== One Month Modified Files and Folders =======
 
2014-07-07 18:41 - 2014-07-07 18:39 - 00020939 _____ () C:\Users\Robert\Desktop\FRST.txt
2014-07-07 18:41 - 2010-09-18 03:25 - 01184636 _____ () C:\Windows\WindowsUpdate.log
2014-07-07 18:39 - 2014-07-07 18:38 - 00000000 ____D () C:\FRST
2014-07-07 18:37 - 2014-07-07 18:37 - 01074688 _____ (Farbar) C:\Users\Robert\Desktop\FRST.exe
2014-07-07 18:34 - 2014-01-17 00:47 - 00016454 _____ () C:\Windows\setupact.log
2014-07-07 18:34 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-07 18:33 - 2012-04-18 19:21 - 00342376 _____ () C:\Windows\PFRO.log
2014-07-07 18:33 - 2009-07-14 06:34 - 00014128 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-07 18:33 - 2009-07-14 06:34 - 00014128 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-07 18:31 - 2014-07-07 18:26 - 00000000 ____D () C:\AdwCleaner
2014-07-07 18:26 - 2014-07-07 18:25 - 01346519 _____ () C:\Users\Robert\Desktop\adwcleaner_3.214.exe
2014-07-07 18:26 - 2012-08-07 19:58 - 00000940 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-03 09:46 - 2012-04-18 19:51 - 00001070 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2234141994-840407592-3228085236-1000UA.job
2014-07-03 01:28 - 2014-07-02 23:07 - 00001025 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-07-03 01:23 - 2014-07-02 22:12 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-03 00:41 - 2013-01-02 01:36 - 00000000 ____D () C:\Users\Robert\AppData\Local\Facebook
2014-07-03 00:35 - 2014-07-02 23:06 - 00000000 ____D () C:\OETemp
2014-07-02 23:32 - 2014-07-02 23:32 - 00015304 _____ () C:\Users\Robert\Desktop\dds.txt
2014-07-02 23:32 - 2014-07-02 23:32 - 00001673 _____ () C:\Users\Robert\Desktop\attach.txt
2014-07-02 23:23 - 2014-07-02 23:23 - 00688992 ____R (Swearware) C:\Users\Robert\Desktop\dds.com
2014-07-02 23:18 - 2012-04-18 19:26 - 00000000 ____D () C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-07-02 23:17 - 2014-05-31 16:53 - 00002351 _____ () C:\Users\Robert\Desktop\Google Chrome.lnk
2014-07-02 23:16 - 2012-06-04 16:35 - 00000000 ____D () C:\Program Files\Android
2014-07-02 23:12 - 2010-08-14 21:35 - 00000000 ____D () C:\Program Files\Hewlett-Packard
2014-07-02 23:07 - 2014-07-02 23:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-07-02 23:06 - 2014-07-02 23:06 - 00000000 ____D () C:\ProgramData\Package Cache
2014-07-02 23:06 - 2014-07-02 23:06 - 00000000 ____D () C:\ProgramData\Avira
2014-07-02 23:06 - 2014-07-02 23:06 - 00000000 ____D () C:\Program Files\Avira
2014-07-02 22:43 - 2012-08-04 23:09 - 00000000 ____D () C:\Users\Robert\AppData\Local\CrashDumps
2014-07-02 22:11 - 2014-07-02 22:11 - 00001020 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-02 22:11 - 2014-07-02 22:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-02 22:11 - 2014-07-02 22:11 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-02 22:11 - 2014-07-02 22:11 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-07-02 22:10 - 2014-07-02 22:08 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Robert\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-02 22:03 - 2013-01-28 00:08 - 00001944 _____ () C:\Users\Public\Desktop\Adobe Reader 9.lnk
2014-07-02 22:03 - 2010-08-14 22:57 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
2014-06-30 22:36 - 2012-08-08 18:52 - 00000000 ____D () C:\Users\Robert\AppData\Roaming\vlc
2014-06-28 10:50 - 2012-04-18 19:51 - 00001018 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2234141994-840407592-3228085236-1000Core.job
2014-06-22 23:50 - 2012-08-17 19:27 - 00000000 ____D () C:\Users\Robert\AppData\Roaming\Skype
2014-06-16 08:57 - 2012-04-18 19:54 - 00000000 ____D () C:\Users\Robert\AppData\Roaming\uTorrent
2014-06-16 07:57 - 2014-06-16 07:51 - 00000000 ____D () C:\Users\Robert\Downloads\Game of Thrones S04E10 HDTV x264 [E-Subs] [VectoR & DexzAery]
2014-06-12 15:01 - 2012-08-17 22:46 - 00000000 ____D () C:\Windows\rescache
2014-06-12 00:53 - 2012-07-31 20:23 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-12 00:52 - 2013-08-15 12:35 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-12 00:47 - 2012-07-31 16:36 - 92708840 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
 
Some content of TEMP:
====================
C:\Users\Robert\AppData\Local\Temp\Quarantine.exe
C:\Users\Robert\AppData\Local\Temp\sp64126.exe
C:\Users\Robert\AppData\Local\Temp\SpotifyUninstall.exe
C:\Users\Robert\AppData\Local\Temp\UninstallHPSA.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-06-28 12:23
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version:05-07-2014 01
Ran by Robert at 2014-07-07 18:43:13
Running from C:\Users\Robert\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
Avira (HKLM\...\{356ECF26-71E8-4F4A-A197-59C91657DD43}) (Version:  - )
Google Chrome (HKCU\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
 
==================== Restore Points  =========================
 
15-05-2014 10:21:27 Windows Update
21-05-2014 18:19:46 Windows Update
30-05-2014 13:30:56 Windows Update
03-06-2014 15:51:21 Windows Update
11-06-2014 18:03:41 Windows Update
11-06-2014 22:43:43 Windows Update
17-06-2014 13:38:31 Windows Update
24-06-2014 09:10:25 Windows Update
27-06-2014 10:59:17 Windows Update
02-07-2014 20:07:00 Windows Update
02-07-2014 21:11:48 Removed Energy Star Digital Logo
02-07-2014 21:13:32 Removed Facebook Video Calling 2.0.0.447
07-07-2014 16:29:52 Windows Update
 
==================== Hosts content: ==========================
 
2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {1AC3D39F-00FA-4E13-BCEA-7F97BF2D6D89} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-03-21] (Hewlett-Packard)
Task: {1DC1D332-FABE-43F7-8A73-726BFD153BFE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {2A8C6DD8-128E-4085-8B40-4B23D28CA62A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2014-05-27] (Microsoft)
Task: {333C0FE7-33E8-4833-9361-56CE577DDCDF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-13] (Adobe Systems Incorporated)
Task: {4BA1D877-0628-4E8C-A229-F26B2970847B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {51BCEC78-1225-4002-8886-3B630937A7C2} - System32\Tasks\Registration => C:\Program Files\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-25] ()
Task: {6B2BC87B-5DF0-4B87-AAB2-95E43A6496C4} - System32\Tasks\RecoveryCDWin7 => C:\Program Files\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-25] ()
Task: {6BD37588-F0A1-46A7-ABBF-D774A91ACA02} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2234141994-840407592-3228085236-1000UA => C:\Users\Robert\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-18] (Google Inc.)
Task: {B53C2CAA-9F53-407F-A6EC-C0A29DAC70D2} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2234141994-840407592-3228085236-1000Core => C:\Users\Robert\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-18] (Google Inc.)
Task: {C0AB7E41-8D42-4D32-92B8-CAA7F4CEFE05} - System32\Tasks\{2CDF5D7C-B108-4463-9127-A97C96DCCFDC} => Chrome.exe http://ui.skype.com/ui/0/5.10.0.116/nl/abandoninstall?source=lightinstaller&amp;page=tsInstall
Task: {C8BF3793-8807-42B0-91A2-6260FCB4DD1B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {CFBC7146-03B2-4CF0-A16A-A6C7B06C1EDF} - System32\Tasks\ServicePlan => C:\Program Files\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-25] ()
Task: {DBA1AADF-B9E6-4C9A-B9ED-1BFC4445FAED} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {F6BFF59F-C933-46D6-8573-69486845DEF1} - System32\Tasks\{E6255C03-85E1-4C3C-A0AE-F041ADE94160} => C:\Program Files\Counter-Strike 1.6 Non-Steam V40.1\launcher.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2234141994-840407592-3228085236-1000Core.job => C:\Users\Robert\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2234141994-840407592-3228085236-1000UA.job => C:\Users\Robert\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2009-07-14 01:35 - 2011-08-09 17:00 - 00035840 _____ () C:\Windows\system32\slc.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2009-07-14 01:35 - 2011-08-09 17:00 - 00035840 _____ () C:\Windows\System32\slc.dll
2009-07-14 01:35 - 2011-08-09 17:00 - 00035840 _____ () c:\windows\system32\slc.dll
2010-07-02 11:51 - 2010-07-02 11:51 - 00027192 _____ () C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
2014-06-13 12:47 - 2014-06-05 15:58 - 00716616 _____ () C:\Users\Robert\AppData\Local\Google\Chrome\Application\35.0.1916.153\libglesv2.dll
2014-06-13 12:47 - 2014-06-05 15:58 - 00126280 _____ () C:\Users\Robert\AppData\Local\Google\Chrome\Application\35.0.1916.153\libegl.dll
2014-06-13 12:47 - 2014-06-05 15:58 - 04217672 _____ () C:\Users\Robert\AppData\Local\Google\Chrome\Application\35.0.1916.153\pdf.dll
2014-06-13 12:47 - 2014-06-05 15:58 - 00414536 _____ () C:\Users\Robert\AppData\Local\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll
2014-06-13 12:47 - 2014-06-05 15:58 - 01732424 _____ () C:\Users\Robert\AppData\Local\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll
2010-06-18 16:26 - 2010-06-18 16:26 - 00030264 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_LogicLayer.dll
2010-06-18 16:26 - 2010-06-18 16:26 - 00052280 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HardwareAccess.dll
2010-06-18 16:26 - 2010-06-18 16:26 - 00267832 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPCommon.XmlSerializers.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== EXE Association (whitelisted) =============
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
 
==================== Faulty Device Manager Devices =============
 
Name: Unknown Device
Description: Unknown Device
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standaard USB Host Controller)
Service: 
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. 
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/07/2014 06:36:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Naam van toepassing met fout: Avira.OE.ServiceHost.exe, versie: 1.1.16.30000, tijdstempel: 0x53b136a5
Naam van module met fout: KERNELBASE.dll, versie: 6.1.7601.18409, tijdstempel: 0x531599f6
Uitzonderingscode: 0xe0434352
Foutoffset: 0x0000812f
Id van proces met fout: 0xff4
Starttijd van toepassing met fout: 0xAvira.OE.ServiceHost.exe0
Pad naar toepassing met fout: Avira.OE.ServiceHost.exe1
Pad naar module met fout: Avira.OE.ServiceHost.exe2
Rapport-id: Avira.OE.ServiceHost.exe3
 
Error: (07/07/2014 06:36:04 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Toepassing: Avira.OE.ServiceHost.exe
Framework-versie: v4.0.30319
Beschrijving: het proces is beëindigd als gevolg van een onverwerkte uitzondering.
Uitzonderingsinformatie: System.ComponentModel.Composition.CompositionException
Stack:
   bij System.ComponentModel.Composition.Hosting.CompositionServices.GetExportedValueFromComposedPart(System.ComponentModel.Composition.Hosting.ImportEngine, System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition)
   bij System.ComponentModel.Composition.Hosting.CatalogExportProvider.GetExportedValue(System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition, Boolean)
   bij System.ComponentModel.Composition.Hosting.CatalogExportProvider+CatalogExport.GetExportedValueCore()
   bij System.ComponentModel.Composition.Primitives.Export.get_Value()
   bij System.ComponentModel.Composition.ExportServices.GetExportedValueFromLazy[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.ComponentModel.Composition.Primitives.Export)
   bij System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValuesCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String)
   bij Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
   bij System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   bij System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bij System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   bij System.Threading.ThreadPoolWorkQueue.Dispatch()
   bij System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
 
Error: (07/07/2014 06:35:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Naam van toepassing met fout: Avira.OE.ServiceHost.exe, versie: 1.1.16.30000, tijdstempel: 0x53b136a5
Naam van module met fout: KERNELBASE.dll, versie: 6.1.7601.18409, tijdstempel: 0x531599f6
Uitzonderingscode: 0xe0434352
Foutoffset: 0x0000812f
Id van proces met fout: 0x72c
Starttijd van toepassing met fout: 0xAvira.OE.ServiceHost.exe0
Pad naar toepassing met fout: Avira.OE.ServiceHost.exe1
Pad naar module met fout: Avira.OE.ServiceHost.exe2
Rapport-id: Avira.OE.ServiceHost.exe3
 
Error: (07/07/2014 06:35:45 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Toepassing: Avira.OE.ServiceHost.exe
Framework-versie: v4.0.30319
Beschrijving: het proces is beëindigd als gevolg van een onverwerkte uitzondering.
Uitzonderingsinformatie: System.ComponentModel.Composition.CompositionException
Stack:
   bij System.ComponentModel.Composition.Hosting.CompositionServices.GetExportedValueFromComposedPart(System.ComponentModel.Composition.Hosting.ImportEngine, System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition)
   bij System.ComponentModel.Composition.Hosting.CatalogExportProvider.GetExportedValue(System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition, Boolean)
   bij System.ComponentModel.Composition.Hosting.CatalogExportProvider+CatalogExport.GetExportedValueCore()
   bij System.ComponentModel.Composition.Primitives.Export.get_Value()
   bij System.ComponentModel.Composition.ExportServices.GetExportedValueFromLazy[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.ComponentModel.Composition.Primitives.Export)
   bij System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValuesCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String)
   bij Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
   bij System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   bij System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bij System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   bij System.Threading.ThreadPoolWorkQueue.Dispatch()
   bij System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
 
Error: (07/07/2014 06:35:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Naam van toepassing met fout: Avira.OE.ServiceHost.exe, versie: 1.1.16.30000, tijdstempel: 0x53b136a5
Naam van module met fout: KERNELBASE.dll, versie: 6.1.7601.18409, tijdstempel: 0x531599f6
Uitzonderingscode: 0xe0434352
Foutoffset: 0x0000812f
Id van proces met fout: 0x928
Starttijd van toepassing met fout: 0xAvira.OE.ServiceHost.exe0
Pad naar toepassing met fout: Avira.OE.ServiceHost.exe1
Pad naar module met fout: Avira.OE.ServiceHost.exe2
Rapport-id: Avira.OE.ServiceHost.exe3
 
Error: (07/07/2014 06:34:58 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Toepassing: Avira.OE.ServiceHost.exe
Framework-versie: v4.0.30319
Beschrijving: het proces is beëindigd als gevolg van een onverwerkte uitzondering.
Uitzonderingsinformatie: System.ComponentModel.Composition.CompositionException
Stack:
   bij System.ComponentModel.Composition.Hosting.CompositionServices.GetExportedValueFromComposedPart(System.ComponentModel.Composition.Hosting.ImportEngine, System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition)
   bij System.ComponentModel.Composition.Hosting.CatalogExportProvider.GetExportedValue(System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition, Boolean)
   bij System.ComponentModel.Composition.Hosting.CatalogExportProvider+CatalogExport.GetExportedValueCore()
   bij System.ComponentModel.Composition.Primitives.Export.get_Value()
   bij System.ComponentModel.Composition.ExportServices.GetExportedValueFromLazy[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.ComponentModel.Composition.Primitives.Export)
   bij System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValuesCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String)
   bij Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
   bij System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   bij System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bij System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   bij System.Threading.ThreadPoolWorkQueue.Dispatch()
   bij System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
 
Error: (07/07/2014 06:23:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Naam van toepassing met fout: Avira.OE.ServiceHost.exe, versie: 1.1.16.30000, tijdstempel: 0x53b136a5
Naam van module met fout: KERNELBASE.dll, versie: 6.1.7601.18409, tijdstempel: 0x531599f6
Uitzonderingscode: 0xe0434352
Foutoffset: 0x0000812f
Id van proces met fout: 0xc18
Starttijd van toepassing met fout: 0xAvira.OE.ServiceHost.exe0
Pad naar toepassing met fout: Avira.OE.ServiceHost.exe1
Pad naar module met fout: Avira.OE.ServiceHost.exe2
Rapport-id: Avira.OE.ServiceHost.exe3
 
Error: (07/07/2014 06:23:05 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Toepassing: Avira.OE.ServiceHost.exe
Framework-versie: v4.0.30319
Beschrijving: het proces is beëindigd als gevolg van een onverwerkte uitzondering.
Uitzonderingsinformatie: System.ComponentModel.Composition.CompositionException
Stack:
   bij System.ComponentModel.Composition.Hosting.CompositionServices.GetExportedValueFromComposedPart(System.ComponentModel.Composition.Hosting.ImportEngine, System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition)
   bij System.ComponentModel.Composition.Hosting.CatalogExportProvider.GetExportedValue(System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition, Boolean)
   bij System.ComponentModel.Composition.Hosting.CatalogExportProvider+CatalogExport.GetExportedValueCore()
   bij System.ComponentModel.Composition.Primitives.Export.get_Value()
   bij System.ComponentModel.Composition.ExportServices.GetExportedValueFromLazy[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.ComponentModel.Composition.Primitives.Export)
   bij System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValuesCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String)
   bij Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
   bij System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   bij System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bij System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   bij System.Threading.ThreadPoolWorkQueue.Dispatch()
   bij System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
 
Error: (07/07/2014 06:22:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Naam van toepassing met fout: Avira.OE.ServiceHost.exe, versie: 1.1.16.30000, tijdstempel: 0x53b136a5
Naam van module met fout: KERNELBASE.dll, versie: 6.1.7601.18409, tijdstempel: 0x531599f6
Uitzonderingscode: 0xe0434352
Foutoffset: 0x0000812f
Id van proces met fout: 0xa88
Starttijd van toepassing met fout: 0xAvira.OE.ServiceHost.exe0
Pad naar toepassing met fout: Avira.OE.ServiceHost.exe1
Pad naar module met fout: Avira.OE.ServiceHost.exe2
Rapport-id: Avira.OE.ServiceHost.exe3
 
Error: (07/07/2014 06:22:46 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Toepassing: Avira.OE.ServiceHost.exe
Framework-versie: v4.0.30319
Beschrijving: het proces is beëindigd als gevolg van een onverwerkte uitzondering.
Uitzonderingsinformatie: System.ComponentModel.Composition.CompositionException
Stack:
   bij System.ComponentModel.Composition.Hosting.CompositionServices.GetExportedValueFromComposedPart(System.ComponentModel.Composition.Hosting.ImportEngine, System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition)
   bij System.ComponentModel.Composition.Hosting.CatalogExportProvider.GetExportedValue(System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition, Boolean)
   bij System.ComponentModel.Composition.Hosting.CatalogExportProvider+CatalogExport.GetExportedValueCore()
   bij System.ComponentModel.Composition.Primitives.Export.get_Value()
   bij System.ComponentModel.Composition.ExportServices.GetExportedValueFromLazy[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.ComponentModel.Composition.Primitives.Export)
   bij System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValuesCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String)
   bij Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
   bij System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   bij System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bij System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   bij System.Threading.ThreadPoolWorkQueue.Dispatch()
   bij System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
 
 
System errors:
=============
Error: (07/07/2014 06:36:06 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: De Avira Service Host-service is onverwacht beëindigd. Dit is nu 3 keer gebeurd.
 
Error: (07/07/2014 06:35:51 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: De Avira Service Host-service is onverwacht gestopt. Dit is 2 keer gebeurd. De volgende herstelbewerking zal over 10000 milliseconden worden uitgevoerd: Service opnieuw starten.
 
Error: (07/07/2014 06:35:23 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: De Avira Service Host-service is onverwacht gestopt. Dit is 1 keer gebeurd. De volgende herstelbewerking zal over 10000 milliseconden worden uitgevoerd: Service opnieuw starten.
 
Error: (07/07/2014 06:34:49 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: De volgende opstartstuurprogramma's zijn niet geladen: 
cdrom
 
Error: (07/07/2014 06:33:26 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN-uitbreidingsmodule is onverwacht gestopt.
 
Pad naar module: C:\Windows\System32\bcmihvsrv.dll
 
Error: (07/07/2014 06:33:26 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN-uitbreidingsmodule is onverwacht gestopt.
 
Pad naar module: C:\Windows\System32\bcmihvsrv.dll
 
Error: (07/07/2014 06:33:11 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installatiefout: de volgende update kan niet worden geïnstalleerd, foutcode 0x800706be: Definition Update for Windows Defender - KB915597 (Definition 1.177.1634.0).
 
Error: (07/07/2014 06:33:02 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN-uitbreidingsmodule is onverwacht gestopt.
 
Pad naar module: C:\Windows\System32\bcmihvsrv.dll
 
Error: (07/07/2014 06:33:00 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Servicebesturingsbeheer heeft na het onverwachte afsluiten van de Windows Modules Installer-service geprobeerd een herstelactie (Service opnieuw starten) uit te voeren, maar deze actie is met de volgende fout mislukt: 
%%1056
 
Error: (07/07/2014 06:31:57 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: De Windows Media Player Network Sharing Service-service is onverwacht gestopt. Dit is 2 keer gebeurd. De volgende herstelbewerking zal over 30000 milliseconden worden uitgevoerd: Service opnieuw starten.
 
 
Microsoft Office Sessions:
=========================
Error: (07/07/2014 06:36:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Avira.OE.ServiceHost.exe1.1.16.3000053b136a5KERNELBASE.dll6.1.7601.18409531599f6e04343520000812fff401cf9a0189b96e7dC:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exeC:\Windows\system32\KERNELBASE.dllc96fc359-05f4-11e4-bdb7-0021cc592ead
 
Error: (07/07/2014 06:36:04 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Toepassing: Avira.OE.ServiceHost.exe
Framework-versie: v4.0.30319
Beschrijving: het proces is beëindigd als gevolg van een onverwerkte uitzondering.
Uitzonderingsinformatie: System.ComponentModel.Composition.CompositionException
Stack:
   bij System.ComponentModel.Composition.Hosting.CompositionServices.GetExportedValueFromComposedPart(System.ComponentModel.Composition.Hosting.ImportEngine, System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition)
   bij System.ComponentModel.Composition.Hosting.CatalogExportProvider.GetExportedValue(System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition, Boolean)
   bij System.ComponentModel.Composition.Hosting.CatalogExportProvider+CatalogExport.GetExportedValueCore()
   bij System.ComponentModel.Composition.Primitives.Export.get_Value()
   bij System.ComponentModel.Composition.ExportServices.GetExportedValueFromLazy[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.ComponentModel.Composition.Primitives.Export)
   bij System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValuesCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String)
   bij Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
   bij System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   bij System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bij System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   bij System.Threading.ThreadPoolWorkQueue.Dispatch()
   bij System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
 
Error: (07/07/2014 06:35:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Avira.OE.ServiceHost.exe1.1.16.3000053b136a5KERNELBASE.dll6.1.7601.18409531599f6e04343520000812f72c01cf9a0178f46e50C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exeC:\Windows\system32\KERNELBASE.dllbf1f141f-05f4-11e4-bdb7-0021cc592ead
 
Error: (07/07/2014 06:35:45 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Toepassing: Avira.OE.ServiceHost.exe
Framework-versie: v4.0.30319
Beschrijving: het proces is beëindigd als gevolg van een onverwerkte uitzondering.
Uitzonderingsinformatie: System.ComponentModel.Composition.CompositionException
Stack:
   bij System.ComponentModel.Composition.Hosting.CompositionServices.GetExportedValueFromComposedPart(System.ComponentModel.Composition.Hosting.ImportEngine, System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition)
   bij System.ComponentModel.Composition.Hosting.CatalogExportProvider.GetExportedValue(System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition, Boolean)
   bij System.ComponentModel.Composition.Hosting.CatalogExportProvider+CatalogExport.GetExportedValueCore()
   bij System.ComponentModel.Composition.Primitives.Export.get_Value()
   bij System.ComponentModel.Composition.ExportServices.GetExportedValueFromLazy[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.ComponentModel.Composition.Primitives.Export)
   bij System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValuesCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String)
   bij Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
   bij System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   bij System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bij System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   bij System.Threading.ThreadPoolWorkQueue.Dispatch()
   bij System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
 
Error: (07/07/2014 06:35:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Avira.OE.ServiceHost.exe1.1.16.3000053b136a5KERNELBASE.dll6.1.7601.18409531599f6e04343520000812f92801cf9a0158aede37C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exeC:\Windows\system32\KERNELBASE.dlla360ba2e-05f4-11e4-bdb7-0021cc592ead
 
Error: (07/07/2014 06:34:58 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Toepassing: Avira.OE.ServiceHost.exe
Framework-versie: v4.0.30319
Beschrijving: het proces is beëindigd als gevolg van een onverwerkte uitzondering.
Uitzonderingsinformatie: System.ComponentModel.Composition.CompositionException
Stack:
   bij System.ComponentModel.Composition.Hosting.CompositionServices.GetExportedValueFromComposedPart(System.ComponentModel.Composition.Hosting.ImportEngine, System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition)
   bij System.ComponentModel.Composition.Hosting.CatalogExportProvider.GetExportedValue(System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition, Boolean)
   bij System.ComponentModel.Composition.Hosting.CatalogExportProvider+CatalogExport.GetExportedValueCore()
   bij System.ComponentModel.Composition.Primitives.Export.get_Value()
   bij System.ComponentModel.Composition.ExportServices.GetExportedValueFromLazy[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.ComponentModel.Composition.Primitives.Export)
   bij System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValuesCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String)
   bij Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
   bij System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   bij System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bij System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   bij System.Threading.ThreadPoolWorkQueue.Dispatch()
   bij System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
 
Error: (07/07/2014 06:23:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Avira.OE.ServiceHost.exe1.1.16.3000053b136a5KERNELBASE.dll6.1.7601.18409531599f6e04343520000812fc1801cf99ffb92fa7acC:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exeC:\Windows\system32\KERNELBASE.dllf932ec3b-05f2-11e4-8387-0021cc592ead
 
Error: (07/07/2014 06:23:05 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Toepassing: Avira.OE.ServiceHost.exe
Framework-versie: v4.0.30319
Beschrijving: het proces is beëindigd als gevolg van een onverwerkte uitzondering.
Uitzonderingsinformatie: System.ComponentModel.Composition.CompositionException
Stack:
   bij System.ComponentModel.Composition.Hosting.CompositionServices.GetExportedValueFromComposedPart(System.ComponentModel.Composition.Hosting.ImportEngine, System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition)
   bij System.ComponentModel.Composition.Hosting.CatalogExportProvider.GetExportedValue(System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition, Boolean)
   bij System.ComponentModel.Composition.Hosting.CatalogExportProvider+CatalogExport.GetExportedValueCore()
   bij System.ComponentModel.Composition.Primitives.Export.get_Value()
   bij System.ComponentModel.Composition.ExportServices.GetExportedValueFromLazy[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.ComponentModel.Composition.Primitives.Export)
   bij System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValuesCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String)
   bij Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
   bij System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   bij System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bij System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   bij System.Threading.ThreadPoolWorkQueue.Dispatch()
   bij System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
 
Error: (07/07/2014 06:22:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Avira.OE.ServiceHost.exe1.1.16.3000053b136a5KERNELBASE.dll6.1.7601.18409531599f6e04343520000812fa8801cf99ffa7ffc78aC:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exeC:\Windows\system32\KERNELBASE.dllee1f9f7f-05f2-11e4-8387-0021cc592ead
 
Error: (07/07/2014 06:22:46 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Toepassing: Avira.OE.ServiceHost.exe
Framework-versie: v4.0.30319
Beschrijving: het proces is beëindigd als gevolg van een onverwerkte uitzondering.
Uitzonderingsinformatie: System.ComponentModel.Composition.CompositionException
Stack:
   bij System.ComponentModel.Composition.Hosting.CompositionServices.GetExportedValueFromComposedPart(System.ComponentModel.Composition.Hosting.ImportEngine, System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition)
   bij System.ComponentModel.Composition.Hosting.CatalogExportProvider.GetExportedValue(System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition, Boolean)
   bij System.ComponentModel.Composition.Hosting.CatalogExportProvider+CatalogExport.GetExportedValueCore()
   bij System.ComponentModel.Composition.Primitives.Export.get_Value()
   bij System.ComponentModel.Composition.ExportServices.GetExportedValueFromLazy[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.ComponentModel.Composition.Primitives.Export)
   bij System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValuesCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String)
   bij Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
   bij System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   bij System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bij System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   bij System.Threading.ThreadPoolWorkQueue.Dispatch()
   bij System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 68%
Total physical RAM: 1011.9 MB
Available physical RAM: 318.59 MB
Total Pagefile: 2035.9 MB
Available Pagefile: 816.75 MB
Total Virtual: 2047.88 MB
Available Virtual: 1905.98 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:215.36 GB) (Free:162.31 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:17.23 GB) (Free:2.49 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 233 GB) (Disk ID: CF96B430)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=215 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=17 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)
 
==================== End Of Log ============================

 



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,271 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:50 PM

Posted 07 July 2014 - 12:30 PM


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.

start

HKU\S-1-5-21-2234141994-840407592-3228085236-1000\...\Winlogon: [Shell] C:\Windows\expstart.exe [916480 2013-01-08] () <==== ATTENTION
SearchScopes: HKLM - DefaultScope value is missing.
BHO: No Name - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -  No File
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
FF Extension: OneClickDownloader - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\profiles\extensions\OneClickDownload@OneClickDownload.com [2012-07-31]
CHR StartupUrls: "https://www.google.nl/", "hxxp://www.google.com/", "hxxp://istart.webssearches.com/?type=hp&ts=1397855522&from=tugs&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG", "hxxp://istart.webssearches.com/?type=hppp&ts=1397902474&from=tugs&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG", "hxxp://istart.webssearches.com/?type=hppp&ts=1402508807&from=tugs&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG", "hxxp://www.delta-homes.com/?type=hp&ts=1402571896&from=wpm0612&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG"
CHR Plugin: (Shockwave Flash) - C:\Users\Robert\AppData\Local\Google\Chrome\Application\35.0.1916.153\gcswf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.200.2) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 6 U20) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Google Update) - C:\Users\Robert\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File
CHR Extension: (Text Highlighter) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\majjphhgppkndjjkmhhnbgafooenebhd [2014-07-07]
CHR HKLM\...\Chrome\Extension: [cjofdnhdkbflacojpfpkchgafjahijbb] - C:\Users\Robert\AppData\Local\Temp\ccex.crx [2012-11-11]
S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x32.sys [X]
C:\Users\Robert\AppData\Local\Temp\Quarantine.exe
C:\Users\Robert\AppData\Local\Temp\sp64126.exe
C:\Users\Robert\AppData\Local\Temp\SpotifyUninstall.exe
C:\Users\Robert\AppData\Local\Temp\UninstallHPSA.exe

end
Save the files as fixlist.txt in to the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/
===

How is the computer running now?

#5 Kiwi1990

Kiwi1990
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:01:50 AM

Posted 07 July 2014 - 01:14 PM

The computer is running a lot smoother. Dont think it can get much faster than this.(its pretty old).

All the problems related to the browser seem to be gone now. Though the programs and features in control panel is stil screwed up. Cant deinstall a part of avira this way and thus not use it to scan. (they desided to bloat it with some sort of profile bleepe, to reach the normal scan panel of avira that thing has to go.)

 

Here's the logs:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:05-07-2014 01
Ran by Robert at 2014-07-07 19:57:29 Run:1
Running from C:\Users\Robert\Desktop
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
start
 
HKU\S-1-5-21-2234141994-840407592-3228085236-1000\...\Winlogon: [Shell] C:\Windows\expstart.exe [916480 2013-01-08] () <==== ATTENTION
SearchScopes: HKLM - DefaultScope value is missing.
BHO: No Name - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -  No File
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
FF Extension: OneClickDownloader - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\profiles\extensions\OneClickDownload@OneClickDownload.com [2012-07-31]
CHR StartupUrls: "https://www.google.nl/", "hxxp://www.google.com/", "hxxp://istart.webssearches.com/?type=hp&ts=1397855522&from=tugs&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG", "hxxp://istart.webssearches.com/?type=hppp&ts=1397902474&from=tugs&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG", "hxxp://istart.webssearches.com/?type=hppp&ts=1402508807&from=tugs&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG", "hxxp://www.delta-homes.com/?type=hp&ts=1402571896&from=wpm0612&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG"
CHR Plugin: (Shockwave Flash) - C:\Users\Robert\AppData\Local\Google\Chrome\Application\35.0.1916.153\gcswf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.200.2) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 6 U20) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Google Update) - C:\Users\Robert\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File
CHR Extension: (Text Highlighter) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\majjphhgppkndjjkmhhnbgafooenebhd [2014-07-07]
CHR HKLM\...\Chrome\Extension: [cjofdnhdkbflacojpfpkchgafjahijbb] - C:\Users\Robert\AppData\Local\Temp\ccex.crx [2012-11-11]
S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x32.sys [X]
C:\Users\Robert\AppData\Local\Temp\Quarantine.exe
C:\Users\Robert\AppData\Local\Temp\sp64126.exe
C:\Users\Robert\AppData\Local\Temp\SpotifyUninstall.exe
C:\Users\Robert\AppData\Local\Temp\UninstallHPSA.exe
 
end
*****************
 
HKU\S-1-5-21-2234141994-840407592-3228085236-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}' => Key deleted successfully.
'HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}'=> Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => value deleted successfully.
'HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}'=> Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value deleted successfully.
'HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}'=> Key not found.
C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\profiles\extensions\OneClickDownload@OneClickDownload.com => Moved successfully.
CHR StartupUrls: "https://www.google.nl/", "hxxp://www.google.com/", "hxxp://istart.webssearches.com/?type=hp&ts=1397855522&from=tugs&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG", "hxxp://istart.webssearches.com/?type=hppp&ts=1397902474&from=tugs&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG", "hxxp://istart.webssearches.com/?type=hppp&ts=1402508807&from=tugs&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG", "hxxp://www.delta-homes.com/?type=hp&ts=1402571896&from=wpm0612&uid=ST9250315AS_5VCK61NGXXXX5VCK61NG" ==> The Chrome "Settings" can be used to fix the entry.
C:\Users\Robert\AppData\Local\Google\Chrome\Application\35.0.1916.153\gcswf32.dll not found.
C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll not found.
C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll not found.
C:\Users\Robert\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll not found.
c:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll not found.
C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\majjphhgppkndjjkmhhnbgafooenebhd => Moved successfully.
'HKLM\SOFTWARE\Google\Chrome\Extensions\cjofdnhdkbflacojpfpkchgafjahijbb' => Key deleted successfully.
"C:\Users\Robert\AppData\Local\Temp\ccex.crx" => File/Directory not found.
cpuz135 => Service deleted successfully.
C:\Users\Robert\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Robert\AppData\Local\Temp\sp64126.exe => Moved successfully.
C:\Users\Robert\AppData\Local\Temp\SpotifyUninstall.exe => Moved successfully.
C:\Users\Robert\AppData\Local\Temp\UninstallHPSA.exe => Moved successfully.
 
==== End of Fixlog ====
 

 Results of screen317's Security Check version 0.99.85  
 Windows 7 Service Pack 1 x86 (UAC is disabled!)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Google Chrome 35.0.1916.114  
 Google Chrome 35.0.1916.153  
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log`````````````````````` 
 


#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,271 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:50 PM

Posted 08 July 2014 - 08:12 AM


You will find the Avira removal program here.
Download and run it.

http://answers.microsoft.com/en-us/protect/forum/mse-protect_start/list-of-anti-malware-product-removal-tools/407bf6da-c05d-4546-8788-0aa4c25a1f91

===

If you do not want to re-install the program I suggest you install the Microsoft Security Essentials. It will disable the Windows Defender which is of age.
http://windows.microsoft.com/en-CA/windows/security-essentials-download

#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,271 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:50 PM

Posted 14 July 2014 - 08:11 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users