Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Probably infected by virus that uses comhost.exe and conhost.exe. What to do?


  • Please log in to reply
11 replies to this topic

#1 Mariniertje

Mariniertje

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:19 PM

Posted 19 August 2014 - 03:47 PM

Hi all,

 

My computer has been acting up, since I tried to setup Tor browser bundle and I2P recently, because I prefer to be more anonymous online.

 

Windows Defender won't enable and just now had to reboot my laptop (running WIN8.1) because my keyboard was suddenly not working anymore.

 

Am I infected? By what? What to do now?

 

Can anybody please tell me how to permanently remove the virus and get my laptop clean and working again?

Any tips on best solution for remaining anonymous and configuration best-practice are welcome too.

 

Thanks,

 

Mariniertje

Output SecurityCheck:

 

 Results of screen317's Security Check version 0.99.87  

   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Windows Defender   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Java 7 Update 67  
 Adobe Flash Player 14.0.0.145  
 Adobe Reader XI  
 Mozilla Firefox (30.0) 
 Google Chrome 36.0.1985.125  
 Google Chrome 36.0.1985.143  
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 
 


BC AdBot (Login to Remove)

 


#2 Mariniertje

Mariniertje
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:19 PM

Posted 19 August 2014 - 04:09 PM

Output GMER:

 

GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-08-19 23:06:20
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\00000037 ST750LM022_HN-M750MBB rev.2AR10001 698,64GB
Running: t5z38l4r.exe; Driver: C:\Users\GODSMA~1\AppData\Local\Temp\kwlorkoc.sys
 
 
---- User code sections - GMER 2.1 ----
 
.text    C:\WINDOWS\system32\dwm.exe[392] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleInformation                           00007ffe835b28c0 7 bytes JMP 00007fff80c202d0
.text    C:\WINDOWS\system32\dwm.exe[392] C:\WINDOWS\system32\KERNEL32.DLL!RegQueryValueExW                                  00007ffe835b43d8 7 bytes JMP 00007fff80c20308
.text    C:\WINDOWS\system32\dwm.exe[392] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExA                                    00007ffe83661f20 7 bytes JMP 00007fff80c20378
.text    C:\WINDOWS\system32\dwm.exe[392] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExW                                    00007ffe836640b4 7 bytes JMP 00007fff80c203b0
.text    C:\WINDOWS\system32\dwm.exe[392] C:\WINDOWS\system32\KERNEL32.DLL!RegDeleteValueW                                   00007ffe83664510 7 bytes JMP 00007fff80c20340
.text    C:\WINDOWS\system32\dwm.exe[392] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleFileNameExW                           00007ffe83664af0 7 bytes JMP 00007fff80c20260
.text    C:\WINDOWS\system32\dwm.exe[392] C:\WINDOWS\system32\KERNEL32.DLL!K32EnumProcessModulesEx                           00007ffe8368cea0 7 bytes JMP 00007fff80c20228
.text    C:\WINDOWS\system32\dwm.exe[392] C:\WINDOWS\system32\KERNEL32.DLL!K32GetMappedFileNameW                             00007ffe8368cf10 7 bytes JMP 00007fff80c20298
.text    C:\WINDOWS\system32\dwm.exe[392] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleW                                00007ffe80c32300 7 bytes JMP 00007fff80c200d8
.text    C:\WINDOWS\system32\dwm.exe[392] C:\WINDOWS\system32\KERNELBASE.dll!FreeLibrary                                     00007ffe80c35770 5 bytes JMP 00007fff80c20180
.text    C:\WINDOWS\system32\dwm.exe[392] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW                                  00007ffe80c35860 5 bytes JMP 00007fff80c20148
.text    C:\WINDOWS\system32\dwm.exe[392] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleExW                              00007ffe80c35a30 5 bytes JMP 00007fff80c20110
.text    C:\WINDOWS\system32\dwm.exe[392] C:\WINDOWS\system32\USER32.dll!CreateWindowExW                                     00007ffe82e3b6f4 10 bytes JMP 00007fff80c20490
.text    C:\WINDOWS\system32\dwm.exe[392] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesW                                 00007ffe82e445d8 5 bytes JMP 00007fff80c20458
.text    C:\WINDOWS\system32\dwm.exe[392] C:\WINDOWS\system32\USER32.dll!DisplayConfigGetDeviceInfo                          00007ffe82e44750 9 bytes JMP 00007fff80c203e8
.text    C:\WINDOWS\system32\dwm.exe[392] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesA                                 00007ffe82e54fc0 5 bytes JMP 00007fff80c20420
.text    C:\WINDOWS\system32\dwm.exe[392] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList                             00007ffe830f1500 8 bytes JMP 00007fff80c201b8
.text    C:\WINDOWS\system32\dwm.exe[392] C:\WINDOWS\system32\GDI32.dll!D3DKMTQueryAdapterInfo                               00007ffe830f1750 8 bytes JMP 00007fff80c201f0
.text    C:\WINDOWS\system32\dwm.exe[392] C:\WINDOWS\system32\dxgi.dll!CreateDXGIFactory1                                    00007ffe7df37c28 5 bytes JMP 00007fff7dd80110
.text    C:\WINDOWS\system32\dwm.exe[392] C:\WINDOWS\system32\dxgi.dll!CreateDXGIFactory                                     00007ffe7df44b84 5 bytes JMP 00007fff7dd800d8
.text    C:\WINDOWS\system32\nvvsvc.exe[628] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506                          00007ffe8348169a 4 bytes [48, 83, FE, 7F]
.text    C:\WINDOWS\system32\nvvsvc.exe[628] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514                          00007ffe834816a2 4 bytes [48, 83, FE, 7F]
.text    C:\WINDOWS\system32\nvvsvc.exe[628] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118                             00007ffe8348181a 4 bytes [48, 83, FE, 7F]
.text    C:\WINDOWS\system32\nvvsvc.exe[628] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142                             00007ffe83481832 4 bytes [48, 83, FE, 7F]
.text    C:\WINDOWS\System32\snmp.exe[2116] C:\WINDOWS\System32\WSOCK32.dll!setsockopt + 194                                 00007ffe78ba1f6a 4 bytes [BA, 78, FE, 7F]
.text    C:\WINDOWS\System32\snmp.exe[2116] C:\WINDOWS\System32\WSOCK32.dll!setsockopt + 218                                 00007ffe78ba1f82 4 bytes [BA, 78, FE, 7F]
.text    C:\Windows\System32\igfxpers.exe[4836] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506                       00007ffe8348169a 4 bytes [48, 83, FE, 7F]
.text    C:\Windows\System32\igfxpers.exe[4836] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514                       00007ffe834816a2 4 bytes [48, 83, FE, 7F]
.text    C:\Windows\System32\igfxpers.exe[4836] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118                          00007ffe8348181a 4 bytes [48, 83, FE, 7F]
.text    C:\Windows\System32\igfxpers.exe[4836] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142                          00007ffe83481832 4 bytes [48, 83, FE, 7F]
 
---- Threads - GMER 2.1 ----
 
Thread   C:\WINDOWS\system32\csrss.exe [724:740]                                                                             fffff96000986b90
---- Processes - GMER 2.1 ----
 
Process  C:\ProgramData\27218346293184.exe (*** suspicious ***) @ C:\ProgramData\27218346293184.exe [5032] (FILE NOT FOUND)  0000000000150000
Process  C:\ProgramData\27218346293184.exe (*** suspicious ***) @ C:\ProgramData\27218346293184.exe [4284] (FILE NOT FOUND)  0000000000150000
Library  C:\ProgramData\27218346293184.exe (*** suspicious ***) @ C:\ProgramData\27218346293184.exe [4284] (FILE NOT FOUND)  0000000000400000
 
---- Disk sectors - GMER 2.1 ----
 
Disk     \Device\Harddisk0\DR0                                                                                               unknown MBR code
 
---- EOF - GMER 2.1 ----


#3 Mariniertje

Mariniertje
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:19 PM

Posted 19 August 2014 - 04:11 PM

I have tried to install and run Malwarebytes' Anti-Malware (aka MBAM), but it refuses to install. Get loads of errors, probably due to infection.

 

Get following error after clicking all the NEXT buttons and installation actually starts:

 

  • Internal error:Expression error 'Runtime Error (at 79:177):
    External exception E06D7363.'

But I seem to have fixed that one (something with me not having access to that folder, which is complete BS)....

 

But then it is supposed to automatically start MBAM, but throws following error:

 

  • Unable to execute file:
    C:\Program Files (x86)\Malwarebytes Anti-Malware/mbam.exe

    CreateProcess failed; code 2.
    The system cannot find the file specified.

 

It almost seems like the infection manipulated some Registry or Core Windows settings...because file is indeed in C:\Program Files (x86)\Malwarebytes Anti-Malware

But starting it throws error message: "Windows cannot find 'C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe'. Make sure you've typed the name correctly, then try again."

 

Hope one of you experts can help me on short notice....this is getting really annoying...  :smash:


Edited by Mariniertje, 19 August 2014 - 04:22 PM.


#4 Mariniertje

Mariniertje
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:19 PM

Posted 19 August 2014 - 04:46 PM

Think this might be the source of it all: auto-easy-mask-real-platinum-superhideip.x.x-patch.exe

 

Already removed that program yesterday, but I think this infected me.

 

And if I look in DETAILS tab of Task Manager, I think it is the file called 27218346293184.exe with zHabAAjQ as description, that keeps restarting and screwing up my system.


Edited by Mariniertje, 19 August 2014 - 04:48 PM.


#5 Mariniertje

Mariniertje
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:19 PM

Posted 19 August 2014 - 05:15 PM

Managed to run MBAM Rootkit:

 

Malwarebytes Anti-Rootkit BETA 1.07.0.1012
www.malwarebytes.org
 
Database version: v2014.08.19.10
 
Windows 8.1 x64 NTFS
Internet Explorer 11.0.9600.17207
GodsMarine :: GODSLAPTOP [administrator]
 
19-8-2014 23:58:48
mbar-log-2014-08-19 (23-58-48).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 368682
Time elapsed: 14 minute(s), 57 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 32
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\COMHOST.EXE (Trojan.Agent.ED) -> No action taken. [c5825077b0cbae887451ea4928d8659b]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\COMHOST.EXE (Trojan.Agent.ED) -> No action taken. [c5825077b0cbae887451ea4928d8659b]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avcenter.exe (Security.Hijack) -> No action taken. [2f180cbb4f2cfd39964dcdc1a85baf51]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avguard.exe (Security.Hijack) -> No action taken. [98af55725b20d3630ffdc5ca59aa827e]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\ccuac.exe (Security.Hijack) -> No action taken. [05427e492a514de941b0b5806c98d927]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\ComboFix.exe (Security.Hijack) -> No action taken. [b49318afec8f89adc6229bf4e71c44bc]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\hijackthis.exe (Security.Hijack) -> No action taken. [52f523a4a7d4ca6c24b6236d38cbec14]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\keyscrambler.exe (Security.Hijack) -> No action taken. [f156a5221d5ecf6716da102506fe13ed]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\mbam.exe (Security.Hijack) -> No action taken. [ee5913b4bcbf8caa05b0157ca75c916f]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MpCmdRun.exe (Security.Hijack) -> No action taken. [b09706c1eb90b97d7082167b08fb639d]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MSASCui.exe (Security.Hijack) -> No action taken. [4ef90abdf08bf541cb39286afb088080]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MsMpEng.exe (Security.Hijack) -> No action taken. [1a2d4e79790256e01ff890027c8752ae]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\msseces.exe (Security.Hijack) -> No action taken. [bf88b116413af244a8756f23cf3438c8]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\spybotsd.exe (Security.Hijack) -> No action taken. [bb8c10b780fb43f3229311020202857b]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\wireshark.exe (Security.Hijack) -> No action taken. [60e7c8ffa0dbc274e70bd362f311d52b]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\zlclient.exe (Security.Hijack) -> No action taken. [fb4c1daadba086b02e46e8adaa597f81]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVP.EXE (Security.Hijack) -> No action taken. [9aadbc0b87f40d290a25f59af1129868]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avcenter.exe (Security.Hijack) -> No action taken. [01460eb983f88ea8f1f2038b9073fa06]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avguard.exe (Security.Hijack) -> No action taken. [bd8aedda5e1dfd3940ccd3bc946f629e]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\ccuac.exe (Security.Hijack) -> No action taken. [9aad9c2b97e43204e40d2d08a85c06fa]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\ComboFix.exe (Security.Hijack) -> No action taken. [53f408bf3e3d43f3bd2b800f56ad56aa]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\hijackthis.exe (Security.Hijack) -> No action taken. [b59297308cef58dea238b4dcf50ef709]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\keyscrambler.exe (Security.Hijack) -> No action taken. [e760dfe8bcbf68ce02ee81b4ce3618e8]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\mbam.exe (Security.Hijack) -> No action taken. [25227f481764b3837b3a95fcab5826da]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MpCmdRun.exe (Security.Hijack) -> No action taken. [89bed2f54536cd692ec4e7aa6b980000]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MSASCui.exe (Security.Hijack) -> No action taken. [54f38641bdbec076db293f531de6669a]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MsMpEng.exe (Security.Hijack) -> No action taken. [df689b2cf28996a0c7502270f80b6d93]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\msseces.exe (Security.Hijack) -> No action taken. [67e00eb95f1ca690d845c3cf679c07f9]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\spybotsd.exe (Security.Hijack) -> No action taken. [a89f4e7936458aaceec75fb421e3c23e]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\wireshark.exe (Security.Hijack) -> No action taken. [fd4aa324512abf779b5790a5ea1a06fa]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\zlclient.exe (Security.Hijack) -> No action taken. [083fe4e376054fe7700434618d7641bf]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVP.EXE (Security.Hijack) -> No action taken. [87c05374e2992313ca658a05748f2ad6]
 
Registry Values Detected: 7
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVP.EXE|Debugger (Security.Hijack) -> Data: nsjw.exe -> No action taken. [9aadbc0b87f40d290a25f59af1129868]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\BDAGENT.EXE|Debugger (Security.Hijack) -> Data: nsjw.exe -> No action taken. [74d37453adce290d2243593642c12ad6]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\EGUI.EXE|Debugger (Security.Hijack) -> Data: nsjw.exe -> No action taken. [182fc007fe7dfc3af74f820e45be1ce4]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVP.EXE|Debugger (Security.Hijack) -> Data: nsjw.exe -> No action taken. [87c05374e2992313ca658a05748f2ad6]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\BDAGENT.EXE|Debugger (Security.Hijack) -> Data: nsjw.exe -> No action taken. [ed5a3b8c0675c86e51144e41de25d729]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\EGUI.EXE|Debugger (Security.Hijack) -> Data: nsjw.exe -> No action taken. [1c2bba0da6d526101f273e52f0136d93]
HKU\S-1-5-21-892915138-647889793-2056918317-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|Load (Backdoor.Bot) -> Data: C:\ProgramData\27218346293184.exe -> No action taken. [74d3b1163546bc7ad64ec1f34fb416ea]
 
Registry Data Items Detected: 1
HKU\S-1-5-21-892915138-647889793-2056918317-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|Load (Trojan.Agent.ED) -> Bad: (C:\ProgramData\27218346293184.exe) Good: () -> No action taken. [3a0d80474c2f4ee825a072c1817f3ac6]
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 3
C:\ProgramData\27218346293184.exe (Trojan.Agent.ED) -> No action taken. [3a0d80474c2f4ee825a072c1817f3ac6]
C:\ProgramData\{$1284-9213-2940-1289$}\comhost.exe (Trojan.Agent.ED) -> No action taken. [c5825077b0cbae887451ea4928d8659b]
C:\Users\GodsMarine\AppData\Roaming\msconfig.ini (Trojan.Agent) -> No action taken. [9ea9d8ef73083204b645f80be61e8878]
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)
 

Edited by Mariniertje, 19 August 2014 - 05:17 PM.


#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:19 PM

Posted 19 August 2014 - 08:20 PM

Hello this does appear to be a rojan...

Your MBAm log shows this "No action taken" after each find.. Did you NOT select remove infected items?


Please also do these.

Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
  • Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
    Note: When using "Reset FF Proxy Settings" option Firefox should be closed.



    Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
  • .
    .
    .
    ADW Cleaner

    Please download AdwCleaner by Xplode and save to your Desktop.
  • Double-click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
  • -- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on each one and uncheck any items you want to keep (except you cannot uncheck Chrome and Firefox preferences lines).


    .

    thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  • .
    .
    .
    .
  • Last run ESET.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 Mariniertje

Mariniertje
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:19 PM

Posted 20 August 2014 - 03:58 AM

Thanks, Boopme!

 

Below are the reports.

 

MiniToolBox:

 

MiniToolBox by Farbar  Version: 21-07-2014
Ran by GodsMarine (administrator) on 20-08-2014 at 10:37:54
Running from "C:\Users\GodsMarine\Desktop"
Microsoft Windows 8.1  (X64)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ============================== 
 
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
========================= Hosts content: =================================
 
 
 
 
127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm.licenses.adobe.com
 
========================= IP Configuration: ================================
 
Qualcomm Atheros AR9485WB-EG Wireless Network Adapter = WiFi (Connected)
Qualcomm Atheros AR8161 PCI-E Gigabit Ethernet Controller (NDIS 6.30) = Ethernet (Hardware not present)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Hardware not present)
TeamViewer VPN Adapter = Local Area Connection (Hardware not present)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="WiFi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Bluetooth Network Connection" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="other_1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="wireless_11" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 11" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="ethernet_3" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : GodsLaptop
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
 
Wireless LAN adapter Local Area Connection* 11:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
   Physical Address. . . . . . . . . : 1E-85-DE-3A-A7-AE
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter WiFi:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Qualcomm Atheros AR9485WB-EG Wireless Network Adapter
   Physical Address. . . . . . . . . : DC-85-DE-3A-A7-AE
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::9921:a100:f65b:2ecb%3(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.2.2(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : woensdag 20 augustus 2014 00:51:36
   Lease Expires . . . . . . . . . . : donderdag 21 augustus 2014 10:30:54
   Default Gateway . . . . . . . . . : 192.168.2.254
   DHCP Server . . . . . . . . . . . : 192.168.2.254
   DHCPv6 IAID . . . . . . . . . . . : 333219294
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-17-F7-EF-7F-50-46-5D-DF-84-5C
   DNS Servers . . . . . . . . . . . : 192.168.2.254
                                       195.121.1.34
                                       195.121.1.66
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Tunnel adapter isatap.{134A9B63-4FF6-4E49-B7EF-248075A10270}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Local Area Connection* 4:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fb:1c6a:1fe6:3f57:fdfd(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::1c6a:1fe6:3f57:fdfd%13(Preferred) 
   Default Gateway . . . . . . . . . : ::
   DHCPv6 IAID . . . . . . . . . . . : 218103808
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-17-F7-EF-7F-50-46-5D-DF-84-5C
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  UnKnown
Address:  192.168.2.254
 
Name:    google.com
Addresses:  2a00:1450:4013:c01::8b
 74.125.136.102
 
 
Pinging google.com [74.125.136.102] with 32 bytes of data:
Reply from 74.125.136.102: bytes=32 time=11ms TTL=48
Reply from 74.125.136.102: bytes=32 time=12ms TTL=47
 
Ping statistics for 74.125.136.102:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 11ms, Maximum = 12ms, Average = 11ms
Server:  UnKnown
Address:  192.168.2.254
 
Name:    yahoo.com
Address:  98.138.253.109
 
 
Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=132ms TTL=50
Reply from 98.138.253.109: bytes=32 time=125ms TTL=50
 
Ping statistics for 98.138.253.109:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 125ms, Maximum = 132ms, Average = 128ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 14...1e 85 de 3a a7 ae ......Microsoft Wi-Fi Direct Virtual Adapter
  3...dc 85 de 3a a7 ae ......Qualcomm Atheros AR9485WB-EG Wireless Network Adapter
  1...........................Software Loopback Interface 1
  8...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0    192.168.2.254      192.168.2.2     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.2.0    255.255.255.0         On-link       192.168.2.2    281
      192.168.2.2  255.255.255.255         On-link       192.168.2.2    281
    192.168.2.255  255.255.255.255         On-link       192.168.2.2    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.2.2    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.2.2    281
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 13    306 ::/0                     On-link
  1    306 ::1/128                  On-link
 13    306 2001::/32                On-link
 13    306 2001:0:5ef5:79fb:1c6a:1fe6:3f57:fdfd/128
                                    On-link
  3    281 fe80::/64                On-link
 13    306 fe80::/64                On-link
 13    306 fe80::1c6a:1fe6:3f57:fdfd/128
                                    On-link
  3    281 fe80::9921:a100:f65b:2ecb/128
                                    On-link
  1    306 ff00::/8                 On-link
  3    281 ff00::/8                 On-link
 13    306 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\WINDOWS\SysWOW64\napinsp.dll [53760] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\SysWOW64\pnrpnsp.dll [68096] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [68096] (Microsoft Corporation)
Catalog5 04 C:\WINDOWS\SysWOW64\NLAapi.dll [64000] (Microsoft Corporation)
Catalog5 05 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog5 06 C:\WINDOWS\SysWOW64\winrnr.dll [21504] (Microsoft Corporation)
Catalog5 07 C:\WINDOWS\SysWOW64\wshbth.dll [51200] (Microsoft Corporation)
Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [67584] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [84480] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [30208] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [63488] (Microsoft Corporation)
x64-Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (08/20/2014 01:21:53 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9453
 
Error: (08/20/2014 01:21:53 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9453
 
Error: (08/20/2014 01:21:53 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (08/20/2014 01:21:51 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8250
 
Error: (08/20/2014 01:21:51 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8250
 
Error: (08/20/2014 01:21:51 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (08/20/2014 01:21:50 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7047
 
Error: (08/20/2014 01:21:50 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7047
 
Error: (08/20/2014 01:21:50 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (08/20/2014 01:21:49 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5860
 
 
System errors:
=============
Error: (08/20/2014 00:51:43 AM) (Source: bowser) (User: )
Description: The browser driver has received too many illegal datagrams from the remote computer EXPERIA to name GODSLAPTOP on transport NetBT_Tcpip_{134A9B63-4FF6-4E49-B7EF-248075A10270}.  The data is the datagram.
No more events will be generated until the reset frequency has expired.
 
Error: (08/20/2014 00:51:41 AM) (Source: SNMP) (User: )
Description: The SNMP Service encountered an error while accessing the registry key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.
 
Error: (08/20/2014 00:50:38 AM) (Source: DCOM) (User: GodsLaptop)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
 
Error: (08/20/2014 00:50:35 AM) (Source: DCOM) (User: GodsLaptop)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
 
Error: (08/19/2014 10:57:03 PM) (Source: bowser) (User: )
Description: The browser driver has received too many illegal datagrams from the remote computer EXPERIA to name GODSLAPTOP on transport NetBT_Tcpip_{134A9B63-4FF6-4E49-B7EF-248075A10270}.  The data is the datagram.
No more events will be generated until the reset frequency has expired.
 
Error: (08/19/2014 10:56:58 PM) (Source: Service Control Manager) (User: )
Description: The Windows Defender Service service failed to start due to the following error: 
%%2
 
Error: (08/19/2014 10:56:52 PM) (Source: SNMP) (User: )
Description: The SNMP Service encountered an error while accessing the registry key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.
 
Error: (08/19/2014 10:56:31 PM) (Source: BugCheck) (User: )
Description: 0x00000124 (0x0000000000000000, 0xffffe0013bbf5028, 0x00000000fe200000, 0x0000000000041136)C:\WINDOWS\MEMORY.DMP081914-28750-01
 
Error: (08/19/2014 10:56:30 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 22:21:00 on ‎19/‎08/‎2014 was unexpected.
 
Error: (08/19/2014 10:28:47 PM) (Source: Service Control Manager) (User: )
Description: The RosettaStoneDaemon service terminated unexpectedly. It has done this 1 time(s).
 
 
Microsoft Office Sessions:
=========================
Error: (08/20/2014 01:21:53 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9453
 
Error: (08/20/2014 01:21:53 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9453
 
Error: (08/20/2014 01:21:53 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (08/20/2014 01:21:51 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8250
 
Error: (08/20/2014 01:21:51 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8250
 
Error: (08/20/2014 01:21:51 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (08/20/2014 01:21:50 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7047
 
Error: (08/20/2014 01:21:50 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7047
 
Error: (08/20/2014 01:21:50 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (08/20/2014 01:21:49 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5860
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-08-18 16:09:41.103
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-08-18 16:09:41.033
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-08-18 16:09:40.966
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-08-18 16:09:36.855
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-08-18 16:09:36.735
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-08-18 16:09:36.667
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-08-18 16:09:36.581
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-08-18 01:01:39.234
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-08-18 01:01:39.194
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-08-18 01:01:39.156
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
 
=========================== Installed Programs ============================
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Aangifte inkomstenbelasting 2013 (HKLM-x32\...\Aangifte inkomstenbelasting 2013) (Version:  - Belastingdienst)
Ableton Live 8 (HKLM-x32\...\{4941E15C-3C68-4FB7-B5A4-5061B92E9166}) (Version: 8.0.0.0 - Ableton)
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.10 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 4.0.0.1390 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Help Manager (x32 Version: 4.0.244 - Adobe Systems Incorporated) Hidden
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.1.151 - Adobe Systems, Inc.)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.)
Adobe Widget Browser (x32 Version: 2.0.348 - Adobe Systems Incorporated.) Hidden
Adobe® Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 3.3.0 - Adobe Systems Incorporated)
Adobe® Content Viewer (x32 Version: 3.3.0 - Adobe Systems Incorporated) Hidden
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 3.8.142.61628 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 3.8.142.61628 - Alcor Micro Corp.) Hidden
Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS Instant Connect (HKLM-x32\...\{89ECB85A-D933-4CEA-9116-5CBC9C2ED95B}) (Version: 1.2.8 - ASUS)
ASUS Instant Key (HKLM-x32\...\{D97A1B80-131F-4692-9543-E652956D8B99}) (Version: 1.0.5 - ASUS)
ASUS InstantOn (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 3.0.2 - ASUS)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.1.5 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.8 - ASUS)
ASUS Music Maker (HKLM-x32\...\MAGIX_{DD47370C-E0F1-407F-9DB0-3FF98907F1BC}) (Version: 17.0.2.38 - MAGIX AG)
ASUS Music Maker (x32 Version: 17.0.2.38 - MAGIX AG) Hidden
ASUS N Series Demo (HKLM-x32\...\{246B4AFF-6540-4B72-93E8-B9EB86D37589}) (Version: 1.0.0002 - ASUS)
ASUS Photo Designer (HKLM-x32\...\MAGIX_{2B962F32-78E6-4585-AF24-073AD36B6590}) (Version: 7.0.1.2 - MAGIX AG)
ASUS Photo Designer (x32 Version: 7.0.1.2 - MAGIX AG) Hidden
ASUS Photo Manager (HKLM-x32\...\MAGIX_{2A3A883D-B2AB-427D-B094-27D6241E0944}) (Version: 8.0.3.217 - MAGIX AG)
ASUS Photo Manager (x32 Version: 8.0.3.217 - MAGIX AG) Hidden
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 1.0.35 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.03.0004 - ASUS)
ASUS Tutor (HKLM-x32\...\{58172D66-2F69-4215-9AEC-ED8196023736}) (Version: 1.0.7 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.4 - ASUS)
ASUS Video Magic (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.4712 - CyberLink Corp.)
ASUS Video Magic (x32 Version: 6.0.4712 - CyberLink Corp.) Hidden
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.26 - ASUS)
ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.9.120 - ASUS Cloud Corporation)
ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4126.52 - CyberLink Corp.)
ASUSDVD (x32 Version: 10.0.4126.52 - CyberLink Corp.) Hidden
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.10.168 - ASUSTEK)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.7 - Atheros Communications Inc.)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0022 - ASUS)
Bandizip (HKCU\...\Bandizip) (Version: 3.09 - Bandisoft.com)
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 3.27 - Piriform)
Citrix Online Launcher (HKLM-x32\...\{AC7E7905-8C59-4806-A96D-30936A2B1FC5}) (Version: 1.0.168 - Citrix)
Classic Shell (HKLM\...\{7F34ADBE-77C0-47A0-BBC6-B3DA16CE8E68}) (Version: 3.6.7 - IvoSoft)
Command & Conquer™ 3 Tiberium Wars and Kane's Wrath (HKLM-x32\...\{35A2FE53-CC80-4D17-941F-3A7C82824FC7}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
Command & Conquer™ 4 Tiberian Twilight (HKLM-x32\...\{BA4C8F9F-D81B-4AFE-AE5A-3837830F5B89}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
Command & Conquer™ and The Covert Operations™ (HKLM-x32\...\{050E298D-C9B8-4582-A332-26201268A297}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
Command & Conquer™ Red Alert 2 and Yuri’s Revenge (HKLM-x32\...\{F5275D1C-D133-486D-8F07-D6C571F0A8EC}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
Command & Conquer™ Red Alert, Counterstrike and The Aftermath (HKLM-x32\...\{25456D58-2414-4CC4-AA1B-CF3A2BE00A79}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
Command & Conquer™ Red Alert™ 3 and Uprising (HKLM-x32\...\{3C315BF7-4B64-4024-8102-174A197437FA}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
Command & Conquer™ Renegade (HKLM-x32\...\{97B5E8B9-D5E6-49C4-8CDA-7E096BE2601A}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
Command & Conquer™ The Ultimate Collection Additional Content (HKLM-x32\...\{1A882F29-BC18-4AC2-A71E-0FC30FA32568}) (Version: 1.0.0.0 - Electronic Arts)
Command & Conquer™ Tiberian Sun™ and Firestorm™ (HKLM-x32\...\{517FAF1E-3045-49DE-8079-107C2851389E}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
Command & Conquer™: Generals and Zero Hour (HKLM-x32\...\{609F6FD5-4B22-4D7A-AD30-8C9DD480D5BE}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
CyberLink LabelPrint 2.5 (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.5415 - CyberLink Corp.)
CyberLink LabelPrint 2.5 (x32 Version: 2.5.5415 - CyberLink Corp.) Hidden
CyberLink MediaEspresso 6.5 (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.3019_44673 - CyberLink Corp.)
CyberLink MediaEspresso 6.5 (x32 Version: 6.5.3019_44673 - CyberLink Corp.) Hidden
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 7.0.0.2914 - CyberLink Corp.)
CyberLink Power2Go (x32 Version: 7.0.0.2914 - CyberLink Corp.) Hidden
CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.4905d - CyberLink Corp.)
CyberLink PowerDirector (x32 Version: 8.0.4905d - CyberLink Corp.) Hidden
Definition Update for Microsoft Office 2013 (KB2760587) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D1C35197-B856-45E2-BA67-5ABB6B0CA9C2}) (Version:  - Microsoft)
FileZilla Client 3.8.1 (HKLM-x32\...\FileZilla Client) (Version: 3.8.1 - Tim Kosse)
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{6C5F8503-55D2-4398-858C-362B7A7AF51C}) (Version: 2.1.31.0 - MAGIX AG)
GenTool (HKLM-x32\...\GenTool) (Version: 6.4 - xezon)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
GoToMeeting 6.0.0.1259 (HKCU\...\GoToMeeting) (Version: 6.0.0.1259 - CitrixOnline)
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
iTunes (HKLM\...\{5A68A656-979F-4168-8795-E2E368AA4DC2}) (Version: 11.2.2.3 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
MAGIX Online Print Service (HKLM-x32\...\MAGIX_{53915BC5-57FC-42E0-92D1-FBED45FB6E09}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Online Print Service (x32 Version: 1.0.0.0 - MAGIX AG) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft Access MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Access Setup Metadata MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft DCF MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Excel MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Groove MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft InfoPath MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Lync MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office 32-bit Components 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office OSM MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office OSM UX MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - English (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - Español (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - Nederlands (HKLM\...\{90150000-001F-0413-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Shared 32-bit MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft OneNote MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Outlook MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft PowerPoint MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Publisher MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Word MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
MockFlow Desktop (HKLM-x32\...\MockFlow) (Version: 10.3.6 - A Produle Systems Pvt. Ltd.)
MockFlow Desktop (x32 Version: 10.3.6 - A Produle Systems Pvt. Ltd.) Hidden
Mozilla Firefox 30.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mp3tag v2.58 (HKLM-x32\...\Mp3tag) (Version: v2.58 - Florian Heidenreich)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nero 2014 (HKLM-x32\...\{0128492C-AB60-43BE-9D9A-8CA622CAF06E}) (Version: 15.0.07700 - Nero AG)
Nero Audio Pack 1 (x32 Version: 11.0.11500.110.0 - Nero AG) Hidden
Nero Blu-ray Player (x32 Version: 12.0.20064 - Nero AG) Hidden
Nero Blu-ray Player Help (CHM) (x32 Version: 15.0.00015 - Nero AG) Hidden
Nero Burning Core (x32 Version: 15.0.25001 - Nero AG) Hidden
Nero Burning ROM (x32 Version: 15.0.25001 - Nero AG) Hidden
Nero Burning ROM Help (CHM) (x32 Version: 15.0.00021 - Nero AG) Hidden
Nero ControlCenter (x32 Version: 11.0.16700 - Nero AG) Hidden
Nero ControlCenter Help (CHM) (x32 Version: 15.0.00015 - Nero AG) Hidden
Nero Core Components (x32 Version: 11.0.23400 - Nero AG) Hidden
Nero CoverDesigner (HKLM-x32\...\{12391E45-23F7-4DEA-ABAE-2CA69CA87D92}) (Version: 12.0.02300 - Nero AG)
Nero CoverDesigner (x32 Version: 12.0.11000 - Nero AG) Hidden
Nero CoverDesigner Help (CHM) (x32 Version: 12.0.2000 - Nero AG) Hidden
Nero Device Updates (x32 Version: 15.0.1002 - Nero AG) Hidden
Nero Disc Menus Basic (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Disc to Device (x32 Version: 15.0.12032 - Nero AG) Hidden
Nero Effects Basic (x32 Version: 15.0.10011 - Nero AG) Hidden
Nero Express (x32 Version: 15.0.25001 - Nero AG) Hidden
Nero Express Help (CHM) (x32 Version: 15.0.00021 - Nero AG) Hidden
Nero Info (HKLM-x32\...\{B791E0AB-87A9-41A4-8D98-D13C2E37D928}) (Version: 15.1.0030 - Nero AG)
Nero Kwik Themes Basic (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Launcher (x32 Version: 15.0.12000 - Nero AG) Hidden
Nero MediaHome (x32 Version: 1.22.3600 - Nero AG) Hidden
Nero MediaHome Help (CHM) (x32 Version: 15.0.00021 - Nero AG) Hidden
Nero PiP Effects Basic (x32 Version: 15.0.10008 - Nero AG) Hidden
Nero Recode (x32 Version: 15.0.25000 - Nero AG) Hidden
Nero Recode Help (CHM) (x32 Version: 15.0.00021 - Nero AG) Hidden
Nero RescueAgent (x32 Version: 15.0.2000 - Nero AG) Hidden
Nero RescueAgent Help (CHM) (x32 Version: 15.0.00015 - Nero AG) Hidden
Nero SharedVideoCodecs (x32 Version: 1.0.15005 - Nero AG) Hidden
Nero Update (x32 Version: 11.0.13300.42.0 - Nero AG) Hidden
Nero Video (x32 Version: 15.0.23000 - Nero AG) Hidden
Nero Video Help (CHM) (x32 Version: 15.0.00021 - Nero AG) Hidden
Node.js (HKLM\...\{9A1CDF29-87B3-4A6D-B220-8484FD5B86C9}) (Version: 0.10.15 - Joyent, Inc. and other Node contributors)
Nullsoft Install System (HKLM-x32\...\NSIS) (Version: 3.0a2 - )
NVIDIA Control Panel 331.65 (Version: 331.65 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.65 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.26.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.26.4 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.133.889 - NVIDIA Corporation) Hidden
NVIDIA Optimus 9.3.21 (Version: 9.3.21 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.0725 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA Update Components (Version: 9.3.21 - NVIDIA Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 9.4.11.2806 - Electronic Arts, Inc.)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Passware Kit Professional 11.1 (HKLM-x32\...\{A56D0602-1968-4136-B925-B91007BEC614}) (Version: 11.1.4002 - Passware)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
Prerequisite installer (x32 Version: 15.0.0005 - Nero AG) Hidden
Privoxy (remove only) (HKLM-x32\...\Privoxy) (Version:  - )
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.206 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6710 - Realtek Semiconductor Corp.)
Rosetta Stone Ltd Services (HKLM-x32\...\{7BB2EF8A-5376-4BAE-96D0-38BE49501F40}) (Version: 3.2.17 - Rosetta Stone Ltd.)
Rosetta Stone TOTALe (HKLM-x32\...\com.rosettastone.rosettastonetotale) (Version: 4.1.15.1 - Rosetta Stone, Ltd)
Rosetta Stone TOTALe (x32 Version: 4.1.1 - Rosetta Stone, Ltd) Hidden
Rosetta Stone TOTALe (x32 Version: 4.1.15.1 - Rosetta Stone, Ltd) Hidden
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Samsung AllShare (HKLM-x32\...\InstallShield_{DF47ACA3-7C78-4C08-8007-AC682563C9F1}) (Version: 2.1.0.12031_10 - Samsung Electronics Co., Ltd.)
Samsung AllShare (x32 Version: 2.1.0.12031_10 - Samsung Electronics Co., Ltd.) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Sonos Controller (HKLM-x32\...\{7BBA9BF8-05DF-47D8-8880-82A9B99505B9}) (Version: 21.4.61250 - Sonos, Inc.)
Spotify (HKCU\...\Spotify) (Version: 0.9.11.27.g2b1a638c - Spotify AB)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab for Intel (HKLM-x32\...\{04C4B49D-45D9-4A28-9ED1-B45CBD99B8C7}) (Version: 4.5.24.0 - Husdawg, LLC)
TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.20202 - TeamViewer)
Titan Quest (HKLM-x32\...\{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}) (Version: 1.00.0000 - Iron Lore)
Titan Quest Immortal Throne (HKLM-x32\...\{B5C5C17E-FEF6-4062-8151-A427AE8AF9D7}) (Version: 1.00.0000 - Iron Lore)
Update for Microsoft Excel 2013 (KB2881085) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{58D92858-3C94-4C2F-A8E4-AEFF9304C3CF}) (Version:  - Microsoft)
Update for Microsoft Excel 2013 (KB2881085) 64-Bit Edition (HKLM\...\{90150000-0016-0409-1000-0000000FF1CE}_Office15.PROPLUS_{58D92858-3C94-4C2F-A8E4-AEFF9304C3CF}) (Version:  - Microsoft)
Update for Microsoft Excel 2013 (KB2881085) 64-Bit Edition (HKLM\...\{90150000-0018-0409-1000-0000000FF1CE}_Office15.PROPLUS_{58D92858-3C94-4C2F-A8E4-AEFF9304C3CF}) (Version:  - Microsoft)
Update for Microsoft Excel 2013 (KB2881085) 64-Bit Edition (HKLM\...\{90150000-001B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{58D92858-3C94-4C2F-A8E4-AEFF9304C3CF}) (Version:  - Microsoft)
Update for Microsoft Lync 2013 (KB2850074) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{F9F71CF8-8310-4EFC-869F-47BC0FEE269D}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760344) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{EF77B4A6-DFEC-4010-A87D-9B6BF87FABEC}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760544) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{62857CDD-2985-4939-91BA-19ED0B0031A5}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2768012) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{0814662C-FD28-4DE0-ACE5-EE50D1D6C8FB}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2817302) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{E79EFFDB-192A-4D9E-A2DB-C0F774E6EC32}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2817302) 64-Bit Edition (HKLM\...\{90150000-0016-0409-1000-0000000FF1CE}_Office15.PROPLUS_{E79EFFDB-192A-4D9E-A2DB-C0F774E6EC32}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2826040) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{C4AEA56A-0759-4D08-9FAB-31A92137D0B8}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2837644) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D692E9FF-84BF-4F44-A0EA-D58ECE0D538E}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2863843) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{290D80DE-03AB-47EC-9402-108AF4CE4F66}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880457) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{EC2AF602-2730-4B05-9438-06CDE43153F2}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880462) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{24584DD4-C680-4FEB-A464-D760C7A5B041}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880462) 64-Bit Edition (HKLM\...\{90150000-006E-0409-1000-0000000FF1CE}_Office15.PROPLUS_{24584DD4-C680-4FEB-A464-D760C7A5B041}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880462) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{24584DD4-C680-4FEB-A464-D760C7A5B041}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880464) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{88B29AA5-71EE-4692-91E2-E89407F0B783}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880478) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{8116ED50-F1E7-49E1-9D8D-421497D34B0F}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880987) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{6F540E80-4BB2-413F-9648-52031AA237B7}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880987) 64-Bit Edition (HKLM\...\{90150000-006E-0409-1000-0000000FF1CE}_Office15.PROPLUS_{6F540E80-4BB2-413F-9648-52031AA237B7}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880987) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{6F540E80-4BB2-413F-9648-52031AA237B7}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881035) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{885C981B-F1E3-430A-A099-31CA9D28C251}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881035) 64-Bit Edition (HKLM\...\{90150000-0016-0409-1000-0000000FF1CE}_Office15.PROPLUS_{885C981B-F1E3-430A-A099-31CA9D28C251}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881035) 64-Bit Edition (HKLM\...\{90150000-0090-0409-1000-0000000FF1CE}_Office15.PROPLUS_{885C981B-F1E3-430A-A099-31CA9D28C251}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881074) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{9A479F9C-C1EC-4833-A115-A8B7A60480BD}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881084) 64-Bit Edition (HKLM\...\{90150000-001F-0409-1000-0000000FF1CE}_Office15.PROPLUS_{3A12DFA2-3FF5-450E-BDB1-A742551A5D1A}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881084) 64-Bit Edition (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}_Office15.PROPLUS_{EA8072E8-E3CF-46DF-A5DE-9F5975344327}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881084) 64-Bit Edition (HKLM\...\{90150000-001F-0C0A-1000-0000000FF1CE}_Office15.PROPLUS_{1BABB09A-AB4C-427F-B23C-76A278737988}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881086) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{ED3A8E98-FDD4-493F-A0EC-141821573EC2}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881086) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{ED3A8E98-FDD4-493F-A0EC-141821573EC2}) (Version:  - Microsoft)
Update for Microsoft OneDrive for Business (KB2881087) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{3C6F4768-FB23-4ECF-8328-5C47E0664B65}) (Version:  - Microsoft)
Update for Microsoft OneDrive for Business (KB2881087) 64-Bit Edition (HKLM\...\{90150000-00BA-0409-1000-0000000FF1CE}_Office15.PROPLUS_{3C6F4768-FB23-4ECF-8328-5C47E0664B65}) (Version:  - Microsoft)
Update for Microsoft OneDrive for Business (KB2881087) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{3C6F4768-FB23-4ECF-8328-5C47E0664B65}) (Version:  - Microsoft)
Update for Microsoft OneDrive for Business (KB2881087) 64-Bit Edition (HKLM\...\{90150000-00C1-0409-1000-0000000FF1CE}_Office15.PROPLUS_{3C6F4768-FB23-4ECF-8328-5C47E0664B65}) (Version:  - Microsoft)
Update for Microsoft OneNote 2013 (KB2881082) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{BFD66A5D-F608-441E-9282-41E13F5E7412}) (Version:  - Microsoft)
Update for Microsoft OneNote 2013 (KB2881082) 64-Bit Edition (HKLM\...\{90150000-00A1-0409-1000-0000000FF1CE}_Office15.PROPLUS_{BFD66A5D-F608-441E-9282-41E13F5E7412}) (Version:  - Microsoft)
Update for Microsoft OneNote 2013 (KB2881082) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{BFD66A5D-F608-441E-9282-41E13F5E7412}) (Version:  - Microsoft)
Update for Microsoft Outlook 2013 (KB2880470) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{34A169EC-990A-4DAE-AC65-9F981158B7DB}) (Version:  - Microsoft)
Update for Microsoft Outlook 2013 (KB2880470) 64-Bit Edition (HKLM\...\{90150000-001A-0409-1000-0000000FF1CE}_Office15.PROPLUS_{34A169EC-990A-4DAE-AC65-9F981158B7DB}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2013 (KB2881075) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{C8955821-EDAC-4E65-BEF3-C9C0A049517A}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2013 (KB2881075) 64-Bit Edition (HKLM\...\{90150000-0018-0409-1000-0000000FF1CE}_Office15.PROPLUS_{C8955821-EDAC-4E65-BEF3-C9C0A049517A}) (Version:  - Microsoft)
Update for Microsoft Publisher 2013 (KB2880999) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{C07147B9-CC0B-4CC1-A107-A705889A54F2}) (Version:  - Microsoft)
Update for Microsoft Publisher 2013 (KB2880999) 64-Bit Edition (HKLM\...\{90150000-0019-0409-1000-0000000FF1CE}_Office15.PROPLUS_{C07147B9-CC0B-4CC1-A107-A705889A54F2}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2817301) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{8E5CD68A-CDF8-4930-88DF-B7778B1871A9}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2817301) 64-Bit Edition (HKLM\...\{90150000-006E-0409-1000-0000000FF1CE}_Office15.PROPLUS_{8E5CD68A-CDF8-4930-88DF-B7778B1871A9}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2878319) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{BC51FE30-3A56-4802-8D9E-E9BC05B56B49}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2881080) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{F96FE9BB-CD90-472B-852E-156342618C54}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2881080) 64-Bit Edition (HKLM\...\{90150000-001A-0409-1000-0000000FF1CE}_Office15.PROPLUS_{F96FE9BB-CD90-472B-852E-156342618C54}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2881080) 64-Bit Edition (HKLM\...\{90150000-001B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{F96FE9BB-CD90-472B-852E-156342618C54}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2881080) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{F96FE9BB-CD90-472B-852E-156342618C54}) (Version:  - Microsoft)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version:  - Elaborate Bytes)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WestwoodChat (HKLM-x32\...\{7CAE6A67-AF7B-4A6A-8705-8AFACA45BB60}) (Version: 1.0.0.0 - WestwoodChat)
WestwoodOnline (HKLM-x32\...\{BBCD6D56-8A26-4DDE-9482-DBC9C7B7341D}) (Version: 1.0.0.0 - WestwoodOnline)
Windows Driver Package - ASUS (ATP) Mouse  (10/29/2012 1.0.0.148) (HKLM\...\C01F56FBD9B141017E63E2A1A141E59934D4DC67) (Version: 10/29/2012 1.0.0.148 - ASUS)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.1 - ASUS)
WinHTTrack Website Copier 3.47-27 (x64) (HKLM\...\WinHTTrack Website Copier_is1) (Version: 3.47.27 - HTTrack)
 
========================= Devices: ================================
 
Name: TeamViewer VPN Adapter
Description: TeamViewer VPN Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TeamViewer GmbH
Service: teamviewervpn
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Bluetooth Device (Personal Area Network)
Description: Bluetooth Device (Personal Area Network)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: BthPan
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Qualcomm Atheros AR8161 PCI-E Gigabit Ethernet Controller (NDIS 6.30)
Description: Qualcomm Atheros AR8161 PCI-E Gigabit Ethernet Controller (NDIS 6.30)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Qualcomm Atheros
Service: L1C
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 24%
Total physical RAM: 8077.79 MB
Available physical RAM: 6093.67 MB
Total Pagefile: 16269.79 MB
Available Pagefile: 14060.87 MB
Total Virtual: 4095.88 MB
Available Virtual: 3972.81 MB
 
========================= Partitions: =====================================
 
1 Drive c: (OS) (Fixed) (Total:279.45 GB) (Free:24.17 GB) NTFS
2 Drive d: (DATA) (Fixed) (Total:398.18 GB) (Free:375.3 GB) NTFS
3 Drive e: (Downloads) (Fixed) (Total:349.32 GB) (Free:156.06 GB) NTFS
4 Drive f: (Music) (Fixed) (Total:349.32 GB) (Free:344.13 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\GODSLAPTOP
 
Administrator            GodsMarine               Guest                    
UpdatusUser              
 
========================= Minidump Files ==================================
 
No minidump file found
 
========================= Restore Points ==================================
 
18-08-2014 15:21:27 Removed Safari
19-08-2014 20:10:40 Removed Desktop Media Uploader
19-08-2014 22:49:38 Malwarebytes Anti-Rootkit Restore Point
 
**** End of log ****
 

 

TDSSKiller:

 

Nothing

 

ADW Cleaner:

 

# AdwCleaner v3.307 - Report created 20/08/2014 at 10:50:28
# Updated 17/08/2014 by Xplode
# Operating System : Windows 8.1  (64 bits)
# Username : GodsMarine - GODSLAPTOP
# Running from : C:\Users\GodsMarine\Desktop\06 - AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v0.0.0.0
 
 
-\\ Mozilla Firefox v30.0 (en-US)
 
[ File : C:\Users\GodsMarine\AppData\Roaming\Mozilla\Firefox\Profiles\29w801rx.default\prefs.js ]
 
 
-\\ Google Chrome v36.0.1985.143
 
[ File : C:\Users\GodsMarine\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [1045 octets] - [20/08/2014 10:44:06]
AdwCleaner[S0].txt - [970 octets] - [20/08/2014 10:50:28]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1029 octets] ##########


#8 Mariniertje

Mariniertje
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:19 PM

Posted 20 August 2014 - 07:21 AM

JunkwareRemovalTool:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8.1 x64
Ran by GodsMarine on wo 20-08-2014 at 10:59:07,24
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ FireFox
 
Emptied folder: C:\Users\GodsMarine\AppData\Roaming\mozilla\firefox\profiles\29w801rx.default\minidumps [2 files]
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on wo 20-08-2014 at 11:02:03,22
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#9 Mariniertje

Mariniertje
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:19 PM

Posted 20 August 2014 - 11:27 AM

ESET threats found: 13
 
C:\Users\GodsMarine\AppData\Local\Google\Chrome\User Data\Default\File System\011\t\00\00000004 a variant of Win32/SoftPulse.H potentially unwanted application deleted - quarantined
C:\Users\GodsMarine\Downloads\olympus11.rar.exe Win32/InstalleRex.L potentially unwanted application deleted - quarantined
C:\Users\GodsMarine\Downloads\Shockwave_Installer_Slim.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
C:\Users\GodsMarine\Downloads\ADOBE.CREATIVE.SUITE.6.0.MASTER.COLLECTION.LS16.ESD-ISO\MCCS6LS16.iso Win32/Keygen.HA potentially unsafe application deleted - quarantined
C:\Users\GodsMarine\Downloads\Nero 2014 Platinum 15.0.0770 Final + Keygen\Nero 2014 Platinum 15.0.0770.tgz a variant of Win32/Keygen.AR potentially unsafe application deleted - quarantined
C:\Users\GodsMarine\Downloads\Nero 2014 Platinum 15.0.0770 Final + Keygen\Nero 2014 Platinum 15.0.0770\~Get Your Software Here\Keygen\keygen.exe a variant of Win32/Keygen.AR potentially unsafe application deleted - quarantined
C:\Users\GodsMarine\Downloads\OO Defrag Professional v17.0.468 (x86-x64) Incl Keymaker-ZWT [TorDigger]\Keygen-ZWT\keygen.exe a variant of Win32/Keygen.GY potentially unsafe application deleted - quarantined
C:\Users\GodsMarine\Downloads\~AppMK Android Magazine App Maker Professional 1.2.0 + Patch\~AppMK Android Magazine App Maker Professional 1.2.0 + Patch.tgz a variant of Win32/HackTool.Patcher.T potentially unsafe application deleted - quarantined
E:\CCleaner Professional and Business Edition 3.27.1900\ccsetup327.exe a variant of Win32/TrojanDropper.Agent.QEO trojan cleaned by deleting - quarantined
E:\FL Studio 10.0.8 Producer Edition Final\flstudio_10.0.8.exe Win32/OpenCandy potentially unsafe application deleted - quarantined
E:\Games\Far Cry 3\rld-fc3a.iso a variant of Win32/Injector.AAUY trojan deleted - quarantined
E:\Games\Torchlight II RELOADED\rld-torc2.iso a variant of Win32/HackTool.Crack.BQ potentially unsafe application deleted - quarantined
E:\Games\Torchlight II RELOADED\Torchlight II Update 9 RELOADED\steam_api.dll a variant of Win32/HackTool.Crack.BQ potentially unsafe application deleted - quarantined
 


#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:19 PM

Posted 20 August 2014 - 11:52 AM

Ok, appears you infected yourself by installing a keygen app.. They usually come with malware.

Empty your temp folders using TFC (Temporary File Cleaner)

  • Please download TFC by Old Timer and save it to your desktop.
    alternate download link
  • Save any unsaved work. (TFC will close ALL open programs including your browser!)
  • Double-click on TFC.exe to run it. (If you are using Vista, right-click on the file and choose "Run As Administrator".)
  • Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
  • Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway allowing Windows to load normally (not into Safe Mode) to ensure a complete clean.

Anyway it looks removed.. I also do not see an antivirus. If you need a free one install and scan with this, Avira Antivir
 


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 Mariniertje

Mariniertje
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:19 PM

Posted 20 August 2014 - 03:32 PM

Thanks for everything, Boopme!

 

Also for the tip on Avira. Great product!

 

:thumbsup2: :clapping:  :thumbsup2:



#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:19 PM

Posted 20 August 2014 - 08:28 PM

Thanks for coming by!!
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users