Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I want have a chek


  • This topic is locked This topic is locked
16 replies to this topic

#1 M. de Jager

M. de Jager

  • Banned
  • 434 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:42 AM

Posted 31 October 2014 - 07:23 AM

Hi,

 

Can my laptop be chekked on infections, I'm sure it would do good. The first problem I can't run DDS:

eccxqAa.png
Malwarebytes wont also open.


Edited by Orange Blossom, 03 November 2014 - 02:38 PM.
Restored to log forum. ~ OB


BC AdBot (Login to Remove)

 


#2 M. de Jager

M. de Jager
  • Topic Starter

  • Banned
  • 434 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:42 AM

Posted 03 November 2014 - 06:58 AM

I see it [the topic] has been moved, okay I think? :s

 

Malwarebytes' Anti-Malware runned and here is the result...

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scandatum: 3-11-2014
Scantijd: 12:12:17
Logbestand: 
Beheerder: Ja
 
Versie: 2.00.3.1025
Malwaredatabase: v2014.11.03.04
Rootkitdatabase: v2014.11.01.02
Licentie: Premium
Malwarebescherming: Ingeschakeld
Kwaadaardige Website Bescherming: Ingeschakeld
Zelfbescherming: Uitgeschakeld
 
Besturingssysteem: Windows 8.1
Processor: x64
Bestandssysteem: NTFS
Gebruiker: Mark
 
Scantype: Bedreigingsscan
Resultaat: Voltooid
Objecten Gescand: 561478
Verstreken Tijd: 24 m, 30 s
 
Geheugen: Ingeschakeld
Opstarten: Ingeschakeld
Bestandssysteem: Ingeschakeld
Archieven: Ingeschakeld
Rootkits: Uitgeschakeld
Heuristiek: Ingeschakeld
POP: Ingeschakeld
POA: Ingeschakeld
 
Processen: 0
(Geen kwaadaardige items gedetecteerd)
 
Modules: 0
(Geen kwaadaardige items gedetecteerd)
 
Registersleutels: 0
(Geen kwaadaardige items gedetecteerd)
 
Registerwaardes: 0
(Geen kwaadaardige items gedetecteerd)
 
Registerdata: 0
(Geen kwaadaardige items gedetecteerd)
 
Mappen: 0
(Geen kwaadaardige items gedetecteerd)
 
Bestanden: 0
(Geen kwaadaardige items gedetecteerd)
 
Fysieke Sectoren: 0
(Geen kwaadaardige items gedetecteerd)
 
 
(end)

Edited by Orange Blossom, 03 November 2014 - 02:59 PM.
Clarified initial sentence. ~ OB


#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:42 AM

Posted 05 November 2014 - 08:50 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/554111 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 M. de Jager

M. de Jager
  • Topic Starter

  • Banned
  • 434 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:42 AM

Posted 05 November 2014 - 08:56 AM

I'm using Windows 8.1 so I can't run DDS.

 

The problem: I can't change my IPV4 settings and I think it is malware based, just want be sure that my computer is clean.

 

System info:

ONGbOrC.png


Edited by M. de Jager, 05 November 2014 - 09:00 AM.


#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,586 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:42 AM

Posted 06 November 2014 - 11:30 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

The DDS tool is not ready for Windows 8.

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.


Wait for further instructions.

#6 M. de Jager

M. de Jager
  • Topic Starter

  • Banned
  • 434 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:42 AM

Posted 06 November 2014 - 03:26 PM

Hi,

 

Thanks for the response. AdwCleaner log:

# AdwCleaner v3.311 - Rapport aangemaakt 06/11/2014 op 21:20:49
# Laatste Update 30/09/2014 door Xplode
# Besturingssysteem : Windows 8.1  (64 bits)
# Gebruikersnaam : Mark - TEAM-KORKEL
# Gestart vanuit : C:\Users\Mark\Documents\adwcleaner_3.311.exe
# Optie : Scannen
 
***** [ Services ] *****
 
Service Gevonden : hshld
Service Gevonden : hsstrayservice
 
***** [ Bestanden / Mappen ] *****
 
Map Gevonden : C:\Program Files (x86)\hotspot shield
Map Gevonden : C:\Program Files (x86)\Skillbrains
Map Gevonden : C:\ProgramData\~0
Map Gevonden : C:\ProgramData\AVG Secure Search
Map Gevonden : C:\ProgramData\hotspot shield
Map Gevonden : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\hotspot shield
Map Gevonden : C:\Users\Mark\AppData\Local\PackageAware
Map Gevonden : C:\Users\Mark\AppData\Local\Skillbrains
Map Gevonden : C:\Users\Mark\AppData\Local\Temp\hotspot shield
Map Gevonden : C:\Users\Mark\AppData\Roaming\hotspot shield
Map Gevonden : C:\Windows\SysWOW64\hotspot shield
 
***** [ Taken ] *****
 
Taak Gevonden : update-sys
Taak Gevonden : update-S-1-5-21-2752175657-93099683-495187216-1001
Taak Gevonden : update-sys
 
***** [ Snelkoppelingen ] *****
 
 
***** [ Register ] *****
 
Sleutel Gevonden : HKCU\Software\anchorfree
Sleutel Gevonden : HKCU\Software\IGearSettings
Sleutel Gevonden : HKCU\Software\SkillBrains
Sleutel Gevonden : [x64] HKCU\Software\anchorfree
Sleutel Gevonden : [x64] HKCU\Software\IGearSettings
Sleutel Gevonden : [x64] HKCU\Software\SkillBrains
Sleutel Gevonden : HKLM\SOFTWARE\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
Sleutel Gevonden : HKLM\SOFTWARE\hotspotshield
Sleutel Gevonden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1
Sleutel Gevonden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\hotspotshield
Sleutel Gevonden : HKLM\SOFTWARE\SkillBrains
Waarde Gevonden : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [LightShot]
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17344
 
 
-\\ Mozilla Firefox v33.0.2 (x86 en-US)
 
[ Bestand : C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\qt4q8es3.default-1413621769675\prefs.js ]
 
 
-\\ Google Chrome v38.0.2125.111
 
[ Bestand : C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [2381 octets] - [06/11/2014 21:20:49]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [2441 octets] ##########
--
Hotspotshield is a big problem, if I uninstall I lose my internet.
--
FRST:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-11-2014
Ran by Mark (administrator) on TEAM-KORKEL on 06-11-2014 21:22:47
Running from C:\Users\Mark\Desktop
Loaded Profile: Mark (Available profiles: Mark & Classic .NET AppPool & .NET v4.5 & DefaultAppPool & .NET v2.0 & .NET v4.5 Classic & .NET v2.0 Classic)
Platform: Windows 8.1 (X64) OS Language: Nederlands (Nederland)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.0.3.226\AsusWSWinService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
(AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\inetinfo.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
(Company) C:\Program Files (x86)\Popcorn Time\Updater.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\WMSvc.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(Bitsum LLC) C:\Program Files\Process Lasso\ProcessGovernor.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
(Bitsum LLC) C:\Program Files\Process Lasso\ProcessLasso.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Dropbox, Inc.) C:\Users\Mark\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Comodo Security Solutions, Inc.) C:\Program Files\COMODO\GeekBuddy\unit_manager.exe
(Comodo Security Solutions, Inc.) C:\Program Files\COMODO\GeekBuddy\unit.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office15\OUTLOOK.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\Mark\AppData\Local\Viber\Viber.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Opera Software) C:\Program Files (x86)\Opera\25.0.1614.68_0\opera.exe
() C:\Program Files (x86)\Opera\25.0.1614.68_0\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\25.0.1614.68_0\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\25.0.1614.68_0\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\25.0.1614.68_0\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\25.0.1614.68_0\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\25.0.1614.68_0\opera.exe
(Skillbrains) C:\Users\Mark\AppData\Local\Skillbrains\lightshot\5.1.4.9\Lightshot.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1387376 2014-08-28] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-01-21] (NVIDIA Corporation)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3216032 2013-12-13] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.1.12.424\ASUSWSLoader.exe
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [vmware-tray.exe] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [112856 2014-06-12] (VMware, Inc.)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [408888 2014-06-27] (Power Software Ltd)
HKLM-x32\...\Run: [EaseUS EPM Tray Agent] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.1\bin\TrayPopupE\TrayTipAgentE.exe [254024 2014-02-13] ()
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1284680 2014-03-25] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [453736 2013-02-19] (CANON INC.)
HKLM-x32\...\Run: [ComodoFSChrome] => "C:\Program Files (x86)\AdTrustMedia\PrivDog\FinalizeSetup.exe" /c
HKLM-x32\...\Run: [PrivDogService] => C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\trustedadssvc.exe [525480 2013-11-15] (AdTrustMedia)
HKLM-x32\...\Run: [tvncontrol] => C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2014-09-24] (Comodo Security Solutions, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoRecentDocsNetHood] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-2752175657-93099683-495187216-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Mark\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2752175657-93099683-495187216-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22869088 2014-10-21] (Google)
HKU\S-1-5-21-2752175657-93099683-495187216-1001\...\Run: [Jitbit Hotkey Macro Launcher] => C:\Program Files (x86)\MacroRecorder\MacroLauncher.exe [478208 2014-08-25] (Jitbit Macro Recorder)
HKU\S-1-5-21-2752175657-93099683-495187216-1001\...\Run: [LightShot] => C:\Users\Mark\AppData\Local\Skillbrains\lightshot\Lightshot.exe [226560 2014-06-18] ()
HKU\S-1-5-21-2752175657-93099683-495187216-1001\...\Run: [Viber] => C:\Users\Mark\AppData\Local\Viber\Viber.exe [936656 2014-09-02] ()
HKU\S-1-5-21-2752175657-93099683-495187216-1001\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-2752175657-93099683-495187216-1001\...\Policies\Explorer: [NoPreviewPane] 0
HKU\S-1-5-21-2752175657-93099683-495187216-1001\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-2752175657-93099683-495187216-1001\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-2752175657-93099683-495187216-1001\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-2752175657-93099683-495187216-1001\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\S-1-5-21-2752175657-93099683-495187216-1001\...\Policies\Explorer: [NoWinkeys] 0
HKU\S-1-5-21-2752175657-93099683-495187216-1001\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-2752175657-93099683-495187216-1001\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-2752175657-93099683-495187216-1001\...\Policies\Explorer: [HideSCANetwork] 0
HKU\S-1-5-21-2752175657-93099683-495187216-1001\...\Policies\Explorer: [HideSCAVolume] 0
HKU\S-1-5-21-2752175657-93099683-495187216-1001\...\MountPoints2: {700eccc3-bd7a-11e3-824e-806e6f6e6963} - "F:\modem.exe" 
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk
ShortcutTarget: Start GeekBuddy.lnk -> C:\Program Files\COMODO\GeekBuddy\launcher.exe (Comodo Security Solutions, Inc.)
Startup: C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Mark\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL No File
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL No File
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL No File
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.1.12.424\ASUSWSShellExt64.dll No File
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.1.12.424\ASUSWSShellExt64.dll No File
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.1.12.424\ASUSWSShellExt64.dll No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll No File
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
ShellIconOverlayIdentifiers: [SmartFTP Drop] -> {EA5A76F7-8138-4B53-B0F5-ADCC730CAFBD} => C:\Program Files\SmartFTP Client\ShellTools.dll No File
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BootExecute: autocheck autochk * PCloudBroom64.exe \systemroot\system32\BroomData.bit
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com/?pc=ASJB
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/nl-nl/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xFE0C490220F9CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = nl-NL,nl;q=0.5
HKU\S-1-5-21-2752175657-93099683-495187216-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASJB
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASJB
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASJB
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASJB
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll No File
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll No File
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL No File
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)
BHO: PrivDog Extension -> {FB16E5C3-A9E2-47A2-8EFC-319E775E62CC} -> C:\Program Files\AdTrustMedia\PrivDog\1.8.0.15\trustedads.dll (AdTrustMedia)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll No File
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll No File
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll No File
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL No File
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.254
 
FireFox:
========
FF ProfilePath: C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\qt4q8es3.default-1413621769675
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @ABNAMRO/BECON,version=1.00 -> C:\Program Files (x86)\ABN AMRO e.dentifier2\Mozilla\npBECON.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll No File
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-10-23]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.nl/
CHR StartupUrls: Default -> "https://www.google.nl/", "hxxp://nl.hardware.info/forum"
CHR Profile: C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Presentaties) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-08-28]
CHR Extension: (Angry Birds) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2014-09-14]
CHR Extension: (Google Documenten) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-28]
CHR Extension: (Google Drive) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-28]
CHR Extension: (Web Developer) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbameneiokkgbdmiekhjnmfkcnldhhm [2014-08-28]
CHR Extension: (Turn Off the Lights) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn [2014-08-28]
CHR Extension: (Brushed) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfjgbcjfpbbfepcccpaffkjofcmglifg [2014-08-28]
CHR Extension: (YouTube) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-28]
CHR Extension: (PrivDog) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja [2014-10-15]
CHR Extension: (Google Zoeken) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-28]
CHR Extension: (Fabulous for Facebook) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehhfialhajmaoobgcjlfmphcfphfpkkg [2014-11-03]
CHR Extension: (Blur (Formerly DoNotTrackMe)) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd [2014-11-02]
CHR Extension: (Google Spreadsheets) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-08-28]
CHR Extension: (AdBlock Premium) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\fndlhnanhedoklpdaacidomdnplcjcpj [2014-08-28]
CHR Extension: (Pastebin.com) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghipmampnddcpdlppkkamoankmkmcbmh [2014-08-28]
CHR Extension: (Turn Off the Lights) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\labjanboighjienkhiabgpefblkbmemd [2014-08-28]
CHR Extension: (Project Naptha) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\molncoemjfmpgdkbdlbjmhlcgniigdnf [2014-08-28]
CHR Extension: (Google Wallet) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-28]
CHR Extension: (Tor) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohielanlcdleofjibfmjbbkaajdcpoil [2014-08-28]
CHR Extension: (Google Publisher Toolbar) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\omioeahgfecgfpfldejlnideemfidnkc [2014-08-28]
CHR Extension: (Click&Clean App) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp [2014-08-28]
CHR Extension: (Gmail) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-28]
CHR Extension: (OMG! Ubuntu!) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmoodaljflkhbojjaiibgnlindbhebme [2014-08-28]
CHR HKLM-x32\...\Chrome\Extension: [cmaiofennmphjldldcpphcechfnnohja] - C:\Program Files (x86)\AdTrustMedia\PrivDog\PrivDog_chrome.crx [2014-10-14]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2014-10-23]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-10-23]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.0.3.226\AsusWSWinService.exe [71680 2013-08-16] (ASUS Cloud Corporation) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 CLPSLauncher; C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [70864 2014-09-25] (Comodo Security Solutions, Inc.)
R2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2135232 2014-05-21] ()
R2 ftpsvc; C:\Windows\system32\inetsrv\ftpsvc.dll [372224 2014-09-19] (Microsoft Corporation)
R2 GeekBuddyRSP; C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2014-09-24] (Comodo Security Solutions, Inc.)
R2 hshld; C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [919040 2014-05-17] (AnchorFree Inc.) [File not signed]
S3 HssTrayService; C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE [78512 2014-05-17] ()
S2 IBG_gds_db; C:\Program Files (x86)\Embarcadero\RAD Studio\10.0\InterBaseXE3\bin\ibguard.exe [630272 2012-08-08] (Embarcadero Technologies, Inc.) [File not signed]
S3 IBS_gds_db; C:\Program Files (x86)\Embarcadero\RAD Studio\10.0\InterBaseXE3\bin\ibserver.exe [4868608 2012-08-08] (Embarcadero Technologies, Inc.) [File not signed]
R2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [16896 2014-09-19] (Microsoft Corporation)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140936 2013-05-14] ()
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-16] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
R3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-22] (Microsoft Corporation)
S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-14] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 MsDepSvc; C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe [67400 2011-04-01] (Microsoft Corporation)
R2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [62379184 2014-07-10] (Microsoft Corporation)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-03-06] (Microsoft Corporation)
U2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-01-21] (NVIDIA Corporation)
S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-22] (Microsoft Corporation)
S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [442536 2014-07-10] (Microsoft Corporation)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-22] (Microsoft Corporation)
R2 Unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [111208 2014-11-03] (RaMMicHaeL)
R2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [179200 2014-10-09] (Company) [File not signed]
S3 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [14407384 2014-06-12] ()
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-09-19] (Microsoft Corporation)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [546304 2014-09-19] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)
R2 WMSVC; C:\Windows\system32\inetsrv\wmsvc.exe [10752 2014-09-19] (Microsoft Corporation)
S2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [X]
S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [X]
S2 ClickToRunSvc; "C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe" /service [X]
S2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [X]
S3 OpenVPNService; "C:\Program Files\OpenVPN\bin\openvpnserv.exe" [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 A2DDA; C:\EEK\BIN\a2ddax64.sys [26176 2014-09-13] (Emsisoft GmbH)
S0 aswRvrt; No ImagePath
S0 aswVmm; No ImagePath
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [70928 2014-02-13] (ASUS Corporation)
R1 CFRMD; C:\Windows\System32\DRIVERS\CFRMD.sys [40224 2014-06-26] (Windows ® Win 7 DDK provider)
S3 cleanhlp; C:\EEK\bin\cleanhlp64.sys [57024 2014-09-13] (Emsisoft GmbH)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [17480 2013-03-07] () [File not signed]
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [14920 2013-03-07] () [File not signed]
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9800 2013-03-07] () [File not signed]
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [9160 2013-03-07] () [File not signed]
R1 HMD; C:\Windows\system32\DRIVERS\hmd.sys [14888 2014-06-26] ()
R1 HssDRV6; C:\Windows\system32\DRIVERS\hssdrv6.sys [44744 2014-05-13] (AnchorFree Inc.)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [17280 2012-08-06] ( )
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-11-06] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R2 plctrl; C:\Program Files\ASUS\P4G\plctrl.sys [14136 2014-01-03] (Windows ® Win 7 DDK provider)
S4 RsFx0153; C:\Windows\System32\DRIVERS\RsFx0153.sys [322736 2014-07-10] (Microsoft Corporation)
R3 taphss6; C:\Windows\system32\DRIVERS\taphss6.sys [42184 2014-05-13] (Anchorfree Inc.)
R1 TRLNDISMON; C:\Windows\system32\DRIVERS\TRLNDISMON.sys [29856 2014-08-18] (Tarlogic)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [73296 2013-10-08] (VMware, Inc.)
R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [33872 2013-02-22] (VMware, Inc.)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
S2 aswHwid; \SystemRoot\system32\drivers\aswHwid.sys [X]
S2 aswMonFlt; \SystemRoot\system32\drivers\aswMonFlt.sys [X]
S1 aswRdr; \SystemRoot\system32\drivers\aswRdr2.sys [X]
S1 aswSnx; \SystemRoot\system32\drivers\aswSnx.sys [X]
S1 aswSP; \SystemRoot\system32\drivers\aswSP.sys [X]
S2 aswStm; \SystemRoot\system32\drivers\aswStm.sys [X]
S3 e.dentifier2; \SystemRoot\system32\DRIVERS\aabed2.sys [X]
S1 ESProtectionDriver; \??\C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [X]
U0 msahci; system32\drivers\msahci.sys
S3 PSKMAD; System32\DRIVERS\PSKMAD.sys [X]
S3 tap0901; \SystemRoot\system32\DRIVERS\tap0901.sys [X]
S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-06 21:22 - 2014-11-06 21:23 - 00034457 _____ () C:\Users\Mark\Desktop\FRST.txt
2014-11-06 21:22 - 2014-11-06 21:22 - 00000000 ____D () C:\FRST
2014-11-06 21:21 - 2014-11-06 21:21 - 02114560 _____ (Farbar) C:\Users\Mark\Desktop\FRST64.exe
2014-11-06 21:21 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-11-06 21:20 - 2014-11-06 21:21 - 00000000 ____D () C:\AdwCleaner
2014-11-06 21:20 - 2014-11-06 21:20 - 01375089 _____ () C:\Users\Mark\Documents\adwcleaner_3.311.exe
2014-11-06 18:55 - 2014-11-06 18:55 - 00000000 ____D () C:\Users\Default\AppData\Local\Google
2014-11-06 18:55 - 2014-11-06 18:55 - 00000000 ____D () C:\Users\Default User\AppData\Local\Google
2014-11-05 16:42 - 2014-11-05 16:42 - 00192975 _____ () C:\Users\Mark\Desktop\Tijger Megawereld.rar
2014-11-05 15:46 - 2014-11-05 15:46 - 00237869 _____ () C:\Users\Mark\Desktop\HungerGames Lubbo-Zone.rar
2014-11-05 14:36 - 2014-11-05 14:36 - 00000537 _____ () C:\Users\Mark\Desktop\fixlist (1).txt
2014-11-05 09:12 - 2014-11-05 09:12 - 00001157 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-11-05 09:11 - 2014-11-05 09:11 - 00244032 _____ () C:\Users\Mark\Downloads\Firefox Setup Stub 33.0.2.exe
2014-11-04 19:34 - 2014-11-04 19:36 - 00000000 ____D () C:\Users\Mark\AppData\Local\Apps\Windows 7 USB DVD Download Tool
2014-11-04 19:34 - 2014-11-04 19:34 - 00000000 ____D () C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 USB DVD Download Tool
2014-11-04 19:18 - 2014-11-04 19:18 - 00001255 _____ () C:\Users\Mark\Desktop\LEES MIJ EERST - INFORMATIE OVER PC.txt
2014-11-04 12:43 - 2014-11-04 12:44 - 00002551 _____ () C:\Users\Mark\Desktop\fixlist.txt
2014-11-03 11:49 - 2014-11-03 11:49 - 00880272 _____ (Google Inc.) C:\Users\Mark\Downloads\ChromeSetup.exe
2014-11-03 09:03 - 2014-11-03 09:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverToolkit
2014-11-03 09:03 - 2014-11-03 09:38 - 00000000 ____D () C:\Program Files (x86)\DriverToolkit
2014-11-03 09:03 - 2014-11-03 09:03 - 00000000 ____D () C:\Users\Mark\AppData\Local\DriverToolkit
2014-11-02 20:04 - 2014-11-02 20:04 - 00000000 ____D () C:\RegBackup
2014-11-02 14:22 - 2014-11-02 14:22 - 00000000 ____D () C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
2014-11-02 14:22 - 2014-11-02 14:22 - 00000000 ____D () C:\ProgramData\Sophos
2014-11-02 14:22 - 2014-11-02 14:22 - 00000000 ____D () C:\Program Files (x86)\Sophos
2014-11-02 12:54 - 2014-11-02 12:55 - 00000644 _____ () C:\DelFix.txt
2014-11-02 12:54 - 2014-11-02 12:54 - 00000000 ____D () C:\Windows\ERUNT
2014-11-02 12:19 - 2014-11-02 12:19 - 00000000 ____D () C:\Program Files\HitmanPro
2014-11-02 12:17 - 2014-11-02 12:34 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-11-02 12:10 - 2014-11-02 12:10 - 01472131 _____ () C:\Users\Mark\Desktop\vba32arkit.zip
2014-11-02 11:19 - 2014-11-02 11:19 - 00000000 ____D () C:\Program Files (x86)\Panda Security
2014-11-02 11:16 - 2014-11-02 18:59 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Exploit
2014-11-02 11:16 - 2014-11-02 17:07 - 00000000 ____D () C:\ProgramData\Malwarebytes Anti-Exploit
2014-11-01 21:36 - 2014-11-01 21:36 - 00003317 _____ () C:\Users\Mark\AppData\Local\recently-used.xbel
2014-11-01 20:46 - 2014-11-01 20:47 - 00000000 ____D () C:\Users\Mark\Pavark
2014-11-01 16:52 - 2014-11-06 20:50 - 00000000 ____D () C:\Users\Mark\Desktop\Horba Badges
2014-11-01 16:37 - 2014-11-01 16:37 - 00010209 _____ () C:\Users\Mark\Desktop\Horba Badges.rar
2014-11-01 10:40 - 2014-11-01 10:40 - 00000197 _____ () C:\Windows\system32\2014-11-01-09-40-29.012-AvastVBoxSVC.exe-9652.log
2014-11-01 10:38 - 2014-11-01 10:40 - 00000197 _____ () C:\Windows\system32\2014-11-01-09-38-34.017-AvastVBoxSVC.exe-4364.log
2014-11-01 10:36 - 2014-11-01 10:36 - 00000197 _____ () C:\Windows\system32\2014-11-01-09-36-31.008-AvastVBoxSVC.exe-4760.log
2014-11-01 10:24 - 2014-11-01 10:28 - 00000197 _____ () C:\Windows\system32\2014-11-01-09-24-26.041-AvastVBoxSVC.exe-1188.log
2014-10-31 21:38 - 2014-11-04 13:53 - 00000000 ____D () C:\Users\Mark\Desktop\Memes
2014-10-31 18:08 - 2014-10-31 18:11 - 00000197 _____ () C:\Windows\system32\2014-10-31-17-08-12.043-AvastVBoxSVC.exe-4108.log
2014-10-31 12:34 - 2014-10-31 12:37 - 00000197 _____ () C:\Windows\system32\2014-10-31-11-34-36.047-AvastVBoxSVC.exe-4600.log
2014-10-31 12:24 - 2014-10-31 12:26 - 00000197 _____ () C:\Windows\system32\2014-10-31-11-24-17.003-AvastVBoxSVC.exe-136.log
2014-10-31 11:50 - 2014-10-31 11:52 - 00000197 _____ () C:\Windows\system32\2014-10-31-10-50-41.027-AvastVBoxSVC.exe-4620.log
2014-10-31 08:32 - 2014-10-31 08:34 - 00000197 _____ () C:\Windows\system32\2014-10-31-07-32-22.075-AvastVBoxSVC.exe-4920.log
2014-10-30 21:57 - 2014-10-31 10:03 - 00020843 ____H () C:\Users\Mark\Desktop\~WRL0371.tmp
2014-10-30 10:27 - 2014-10-30 10:27 - 00000247 _____ () C:\Windows\system32\2014-10-30-09-27-10.022-aswFe.exe-9476.log
2014-10-30 10:20 - 2014-10-30 10:26 - 00000247 _____ () C:\Windows\system32\2014-10-30-09-20-19.068-aswFe.exe-9972.log
2014-10-30 10:05 - 2014-10-30 10:05 - 00000197 _____ () C:\Windows\system32\2014-10-30-09-05-02.040-AvastVBoxSVC.exe-8816.log
2014-10-29 13:35 - 2014-10-29 13:35 - 00000000 ___RD () C:\Users\Mark\OneDrive
2014-10-29 13:35 - 2014-10-29 13:35 - 00000000 ____D () C:\ProgramData\Microsoft OneDrive
2014-10-29 13:22 - 2014-10-29 13:22 - 00000000 ____D () C:\Users\Mark\Documents\OneNote-notitieblokken
2014-10-29 13:19 - 2014-11-02 18:45 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-10-29 08:31 - 2014-10-29 08:31 - 00000197 _____ () C:\Windows\system32\2014-10-29-07-31-13.041-AvastVBoxSVC.exe-3844.log
2014-10-28 20:21 - 2014-11-03 09:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN
2014-10-28 20:21 - 2014-11-03 09:38 - 00000000 ____D () C:\Program Files\TAP-Windows
2014-10-28 20:21 - 2014-11-03 09:38 - 00000000 ____D () C:\Program Files\OpenVPN
2014-10-28 15:47 - 2014-11-03 09:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MCShield
2014-10-28 15:47 - 2014-11-03 09:38 - 00000000 ____D () C:\ProgramData\MCShield
2014-10-28 15:47 - 2014-11-03 09:38 - 00000000 ____D () C:\Program Files (x86)\MCShield
2014-10-28 08:30 - 2014-10-28 08:31 - 00000197 _____ () C:\Windows\system32\2014-10-28-07-30-45.000-AvastVBoxSVC.exe-936.log
2014-10-27 20:01 - 2014-10-27 20:04 - 00000197 _____ () C:\Windows\system32\2014-10-27-19-01-32.069-AvastVBoxSVC.exe-4376.log
2014-10-27 19:07 - 2014-10-27 19:09 - 00000197 _____ () C:\Windows\system32\2014-10-27-18-07-41.099-AvastVBoxSVC.exe-1904.log
2014-10-27 08:43 - 2014-10-27 08:44 - 00000197 _____ () C:\Windows\system32\2014-10-27-07-43-47.012-AvastVBoxSVC.exe-76.log
2014-10-26 19:11 - 2014-11-03 09:38 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client
2014-10-26 19:11 - 2014-10-28 19:59 - 00000000 ____D () C:\Users\Mark\AppData\Roaming\FileZilla
2014-10-26 19:08 - 2014-10-26 19:08 - 00000000 ____D () C:\Windows\System32\Tasks\SmartFTP
2014-10-26 19:07 - 2014-10-26 19:07 - 00000000 ____D () C:\Users\Mark\AppData\Roaming\SmartFTP
2014-10-26 19:04 - 2014-11-03 09:38 - 00000000 ____D () C:\Program Files\SmartFTP Client
2014-10-26 09:39 - 2014-10-26 09:42 - 00000197 _____ () C:\Windows\system32\2014-10-26-08-39-07.072-AvastVBoxSVC.exe-2596.log
2014-10-25 20:03 - 2014-10-25 20:05 - 00000197 _____ () C:\Windows\system32\2014-10-25-19-03-48.013-AvastVBoxSVC.exe-264.log
2014-10-25 17:32 - 2014-11-02 18:49 - 00000000 ____D () C:\Users\Mark\AppData\Roaming\Steam
2014-10-25 17:23 - 2014-11-02 18:49 - 00000000 ____D () C:\Users\Mark\AppData\Roaming\Alien Isolation
2014-10-25 16:49 - 2014-11-02 18:43 - 00000000 ____D () C:\Program Files (x86)\R.G. Mechanics
2014-10-25 16:33 - 2014-11-03 09:38 - 00000000 ____D () C:\Program Files (x86)\ABN AMRO e.dentifier2
2014-10-25 16:33 - 2014-10-25 16:33 - 00004500 _____ () C:\Windows\DPINST.LOG
2014-10-25 16:25 - 2014-10-25 16:25 - 00000197 _____ () C:\Windows\system32\2014-10-25-15-25-12.044-AvastVBoxSVC.exe-3212.log
2014-10-25 15:50 - 2014-11-03 09:38 - 00000000 ____D () C:\Program Files (x86)\Alien Isolation
2014-10-25 08:58 - 2014-10-25 09:00 - 00000197 _____ () C:\Windows\system32\2014-10-25-07-58-51.032-AvastVBoxSVC.exe-2476.log
2014-10-24 15:26 - 2014-10-24 15:26 - 00000000 ____D () C:\Users\Mark\AppData\Local\Unity
2014-10-24 08:20 - 2014-10-24 08:20 - 00000247 _____ () C:\Windows\system32\2014-10-24-07-20-25.043-aswFe.exe-4480.log
2014-10-24 08:13 - 2014-10-24 08:20 - 00000247 _____ () C:\Windows\system32\2014-10-24-07-13-36.080-aswFe.exe-5760.log
2014-10-24 08:13 - 2014-10-24 08:13 - 00000197 _____ () C:\Windows\system32\2014-10-24-07-13-34.019-AvastVBoxSVC.exe-4676.log
2014-10-23 17:43 - 2014-10-23 17:43 - 00000000 ____D () C:\Users\Mark\AppData\Roaming\AVAST Software
2014-10-23 17:40 - 2014-10-23 17:40 - 00000000 ____D () C:\Program Files\AVAST Software
2014-10-21 18:15 - 2014-10-21 18:15 - 00001352 _____ () C:\Users\Mark\Documents\AutoHotkey.ahk
2014-10-21 18:12 - 2014-11-03 09:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoHotkey
2014-10-21 18:12 - 2014-11-03 09:38 - 00000000 ____D () C:\Program Files (x86)\AutoHotkey
2014-10-20 13:44 - 2014-10-20 13:45 - 00000000 ____D () C:\Users\Mark\AppData\Local\PAYDAY
2014-10-18 09:09 - 2014-10-18 09:09 - 00001904 _____ () C:\Users\Public\Desktop\COMODO Internet Security.lnk
2014-10-18 09:08 - 2014-11-03 09:39 - 00000000 ___SD () C:\ProgramData\Shared Space
2014-10-18 09:08 - 2014-11-03 09:39 - 00000000 ____D () C:\Windows\System32\Tasks\COMODO
2014-10-15 17:34 - 2014-10-15 17:34 - 00000000 ____D () C:\Windows\SysWOW64\Hotspot Shield
2014-10-15 08:40 - 2014-09-27 23:25 - 04183040 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-15 08:40 - 2014-09-04 01:10 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\winbici.dll
2014-10-15 08:40 - 2014-09-04 00:57 - 00921600 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
2014-10-15 08:40 - 2014-09-04 00:49 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll
2014-10-15 08:35 - 2014-09-08 04:15 - 00054752 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-10-15 08:35 - 2014-09-08 02:46 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-10-15 08:35 - 2014-09-08 02:46 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-10-15 08:35 - 2014-09-08 01:08 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-10-15 08:35 - 2014-09-08 01:07 - 00137728 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-10-15 08:35 - 2014-09-08 01:05 - 03448320 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-10-15 08:35 - 2014-09-08 01:04 - 00388608 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-10-15 08:35 - 2014-09-08 01:04 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-10-15 08:35 - 2014-09-08 01:03 - 01702400 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-10-15 08:35 - 2014-09-08 01:03 - 00839680 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-10-15 08:35 - 2014-09-08 00:59 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-10-15 08:35 - 2014-09-08 00:59 - 00031232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-10-15 08:35 - 2014-09-08 00:56 - 00672256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-10-15 08:35 - 2014-09-08 00:56 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-10-15 08:30 - 2014-09-25 23:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-15 08:30 - 2014-09-25 23:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-15 08:30 - 2014-09-19 03:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-15 08:30 - 2014-09-19 02:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-15 08:30 - 2014-09-19 02:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-15 08:30 - 2014-09-19 02:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-15 08:29 - 2014-09-25 23:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-15 08:29 - 2014-09-25 23:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-15 08:29 - 2014-09-25 23:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-15 08:29 - 2014-09-25 23:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-15 08:29 - 2014-09-19 02:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-15 08:29 - 2014-09-19 02:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-15 08:29 - 2014-09-19 02:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-15 08:29 - 2014-09-19 02:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-15 08:29 - 2014-09-19 02:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-15 08:29 - 2014-09-19 02:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-15 08:29 - 2014-09-19 01:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-15 08:29 - 2014-09-19 01:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-15 08:29 - 2014-09-19 01:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-15 08:29 - 2014-09-19 01:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-15 08:29 - 2014-09-19 01:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-15 08:29 - 2014-09-19 01:42 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-15 08:29 - 2014-09-19 01:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-15 08:29 - 2014-09-19 01:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-15 08:29 - 2014-09-19 01:20 - 00315904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-15 08:29 - 2014-09-19 01:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-15 08:29 - 2014-09-19 00:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-15 08:29 - 2014-09-19 00:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-15 08:29 - 2014-09-19 00:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-15 08:29 - 2014-09-19 00:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-15 08:29 - 2014-09-13 07:29 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-15 08:29 - 2014-09-13 06:49 - 00068608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-15 08:28 - 2014-10-09 23:16 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-15 08:28 - 2014-10-08 23:09 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-15 08:28 - 2014-09-19 02:24 - 00527360 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-15 08:28 - 2014-09-13 07:02 - 02779648 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-15 08:28 - 2014-09-13 06:30 - 03117568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-15 08:28 - 2014-09-04 01:12 - 00590336 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-15 08:28 - 2014-09-04 01:01 - 00514048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-14 19:26 - 2014-10-20 13:40 - 01474832 _____ () C:\Windows\system32\Drivers\sfi.dat
2014-10-14 19:25 - 2014-10-14 19:25 - 01060864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc71.dll
2014-10-14 19:24 - 2014-10-14 19:25 - 00000000 ____D () C:\Program Files\COMODO
2014-10-14 19:24 - 2014-10-14 19:24 - 00000000 ____D () C:\ProgramData\Adtrustmedia
2014-10-14 19:24 - 2014-10-14 19:24 - 00000000 ____D () C:\Program Files\AdTrustMedia
2014-10-14 19:24 - 2014-10-14 19:24 - 00000000 ____D () C:\Program Files (x86)\AdTrustMedia
2014-10-14 19:23 - 2014-11-03 09:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
2014-10-14 19:23 - 2014-10-14 19:25 - 00000000 ____D () C:\Program Files (x86)\Comodo
2014-10-14 19:23 - 2014-10-14 19:23 - 00057096 _____ (COMODO CA Limited) C:\Windows\system32\certsentry.dll
2014-10-14 19:23 - 2014-10-14 19:23 - 00000000 ____D () C:\Users\Mark\AppData\Local\Comodo
2014-10-14 19:23 - 2014-10-14 19:23 - 00000000 ____D () C:\ProgramData\Comodo Downloader
2014-10-14 19:20 - 2014-10-14 19:26 - 00000000 ____D () C:\ProgramData\Comodo
2014-10-13 19:53 - 2014-10-13 19:53 - 00000044 _____ () C:\Users\Mark\jagex_cl_runescape_LIVE1.dat
2014-10-13 19:53 - 2014-10-13 19:53 - 00000000 ____D () C:\Users\Mark\jagexcache1
2014-10-12 20:24 - 2014-10-14 20:00 - 00000000 ____D () C:\Users\Mark\AppData\Roaming\mIRC
2014-10-12 20:24 - 2014-10-12 20:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mIRC
2014-10-12 20:24 - 2014-10-12 20:24 - 00000000 ____D () C:\Program Files (x86)\mIRC
2014-10-12 17:40 - 2014-11-03 09:39 - 00000000 ____D () C:\ProgramData\Hotspot Shield
2014-10-12 17:40 - 2014-10-17 18:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotspot Shield
2014-10-12 17:40 - 2014-05-13 20:54 - 00044744 _____ (AnchorFree Inc.) C:\Windows\system32\Drivers\hssdrv6.sys
2014-10-12 17:39 - 2014-10-17 18:03 - 00000000 ____D () C:\Program Files (x86)\Hotspot Shield
2014-10-12 17:39 - 2014-10-17 18:01 - 00000000 ____D () C:\Users\Mark\AppData\Roaming\Hotspot Shield
2014-10-11 12:58 - 2014-10-11 13:03 - 00000000 ___HD () C:\ProgramData\CanonIJMIG
2014-10-11 12:57 - 2014-10-11 12:58 - 00000000 ___HD () C:\ProgramData\CanonIJScan
2014-10-11 12:57 - 2014-10-11 12:58 - 00000000 ____D () C:\Users\Mark\AppData\Roaming\Canon
2014-10-11 12:57 - 2014-10-11 12:57 - 00000000 ___HD () C:\ProgramData\CanonIJQuickMenu
2014-10-11 12:55 - 2014-11-01 18:59 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-10-11 12:55 - 2013-04-04 04:00 - 00394240 _____ (CANON INC.) C:\Windows\system32\CNMXLMBU.DLL
2014-10-11 12:54 - 2014-10-11 12:54 - 00000000 ____D () C:\Windows\system32\STRING
2014-10-11 12:54 - 2014-10-11 12:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gebruikersregistratie voor Canon MG5500 series
2014-10-11 12:54 - 2014-10-11 12:54 - 00000000 ____D () C:\ProgramData\Canon IJ Network Tool
2014-10-11 12:54 - 2013-02-04 14:10 - 00321536 _____ (CANON INC.) C:\Windows\SysWOW64\CNC_BUL.dll
2014-10-11 12:54 - 2013-01-24 15:24 - 00359936 _____ (CANON INC.) C:\Windows\system32\CNMN6PPM.DLL
2014-10-11 12:54 - 2013-01-24 15:24 - 00039424 _____ (CANON INC.) C:\Windows\system32\CNMN6UI.DLL
2014-10-11 12:54 - 2013-01-24 15:23 - 00366592 _____ (CANON INC.) C:\Windows\SysWOW64\CNMNPPM.DLL
2014-10-11 12:54 - 2012-11-26 11:24 - 00095744 _____ () C:\Windows\SysWOW64\CNC1771D.TBL
2014-10-11 12:54 - 2008-08-25 17:02 - 00015872 _____ (CANON INC.) C:\Windows\SysWOW64\CNHMCA.dll
2014-10-11 12:53 - 2014-10-11 12:53 - 00000000 ____D () C:\ProgramData\CanonIJWSpt
2014-10-11 12:49 - 2014-10-11 12:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2014-10-11 12:49 - 2014-10-11 12:53 - 00000000 ____D () C:\Program Files\Canon
2014-10-11 12:49 - 2014-10-11 12:49 - 00000000 ___HD () C:\Program Files\CanonBJ
2014-10-11 12:49 - 2014-10-11 12:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG5500 series Manual
2014-10-11 12:45 - 2014-10-11 12:57 - 00000000 ____D () C:\Program Files (x86)\Canon
2014-10-11 12:34 - 2013-02-04 14:12 - 00367104 _____ (CANON INC.) C:\Windows\system32\CNC_BUL.dll
2014-10-11 12:34 - 2012-11-26 11:24 - 00095744 _____ () C:\Windows\system32\CNC1771D.TBL
2014-10-11 12:34 - 2012-11-08 12:04 - 00282624 _____ (CANON INC.) C:\Windows\system32\CNC_BUC.dll
2014-10-11 12:34 - 2012-11-08 12:03 - 00106496 _____ (CANON INC.) C:\Windows\system32\CNC_BUI.dll
2014-10-11 12:34 - 2008-08-25 17:02 - 00017920 _____ (CANON INC.) C:\Windows\system32\CNHMCA6.dll
2014-10-11 11:04 - 2014-10-11 11:07 - 00001120 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-10-11 11:04 - 2014-10-11 11:07 - 00001108 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-10-11 11:04 - 2014-10-11 11:04 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-10-10 11:19 - 2014-11-06 14:42 - 00000000 ____D () C:\Users\Mark\Desktop\Studentenraad
2014-10-09 19:48 - 2014-11-06 17:46 - 00000000 ____D () C:\Users\Mark\AppData\Roaming\ViberPC
2014-10-09 19:48 - 2014-10-09 19:48 - 00001110 _____ () C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Viber.lnk
2014-10-09 19:47 - 2014-11-06 17:46 - 00000000 ____D () C:\Users\Mark\AppData\Local\Viber
2014-10-08 19:37 - 2014-10-08 19:37 - 00000000 ____D () C:\Users\Mark\AppData\Roaming\HD Tune Pro
2014-10-08 19:36 - 2014-10-08 19:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD Tune Pro
2014-10-08 19:36 - 2014-10-08 19:36 - 00000000 ____D () C:\Program Files (x86)\HD Tune Pro
2014-10-08 12:51 - 2014-10-08 12:51 - 00000000 ____D () C:\ProgramData\Pivot Animator
2014-10-08 12:51 - 2014-10-08 12:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pivot Animator
2014-10-08 12:50 - 2014-10-08 12:51 - 00000000 ____D () C:\Program Files (x86)\Pivot Animator
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-06 21:17 - 2014-09-14 18:18 - 00002246 ____H () C:\Users\Mark\Documents\Default.rdp
2014-11-06 21:16 - 2014-08-28 03:55 - 00000000 ____D () C:\Users\Mark\AppData\Roaming\Skype
2014-11-06 21:12 - 2014-09-16 07:52 - 00000000 ____D () C:\Users\Mark\Documents\Outlook-bestanden
2014-11-06 21:02 - 2014-08-28 09:26 - 00000000 ____D () C:\Users\Mark\AppData\Roaming\ClassicShell
2014-11-06 21:00 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru
2014-11-06 20:54 - 2014-08-28 03:50 - 00001076 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-06 20:28 - 2014-08-28 12:24 - 00000940 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-06 20:09 - 2014-04-06 12:21 - 01567594 _____ () C:\Windows\WindowsUpdate.log
2014-11-06 19:51 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-11-06 19:45 - 2014-08-28 09:14 - 00000410 _____ () C:\Windows\Tasks\update-sys.job
2014-11-06 19:03 - 2013-12-13 12:27 - 00997126 _____ () C:\Windows\system32\perfh013.dat
2014-11-06 19:03 - 2013-12-13 12:27 - 00238140 _____ () C:\Windows\system32\perfc013.dat
2014-11-06 19:03 - 2013-12-13 12:20 - 00978436 _____ () C:\Windows\system32\perfh010.dat
2014-11-06 19:03 - 2013-12-13 12:20 - 00229616 _____ () C:\Windows\system32\perfc010.dat
2014-11-06 19:03 - 2013-12-13 05:09 - 03547896 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-06 19:00 - 2014-08-28 03:53 - 00003592 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2752175657-93099683-495187216-1001
2014-11-06 18:55 - 2014-08-28 10:29 - 00002060 _____ () C:\Users\Public\Desktop\Google Slides.lnk
2014-11-06 18:55 - 2014-08-28 10:29 - 00002058 _____ () C:\Users\Public\Desktop\Google Sheets.lnk
2014-11-06 18:55 - 2014-08-28 10:29 - 00002048 _____ () C:\Users\Public\Desktop\Google Docs.lnk
2014-11-06 18:55 - 2014-08-28 10:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-11-06 17:35 - 2014-09-05 18:01 - 00000000 ___RD () C:\Users\Mark\Dropbox
2014-11-06 17:35 - 2014-08-28 04:17 - 00000000 ____D () C:\Users\Mark\AppData\Roaming\Dropbox
2014-11-06 17:35 - 2014-08-28 03:48 - 00000000 ___DO () C:\Users\Mark\SkyDrive
2014-11-06 17:34 - 2014-08-28 03:47 - 00000074 _____ () C:\Users\Mark\AppData\Roaming\sp_data.sys
2014-11-06 17:33 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\inetsrv
2014-11-06 17:32 - 2014-10-02 21:04 - 00000000 ____D () C:\ProgramData\Embarcadero
2014-11-06 17:32 - 2014-08-28 11:00 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-06 17:31 - 2014-08-28 13:26 - 00000000 ____D () C:\ProgramData\VMware
2014-11-06 17:30 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-06 16:11 - 2014-08-28 03:46 - 00000000 ____D () C:\Users\Mark\AppData\Local\Packages
2014-11-06 14:51 - 2014-08-28 03:49 - 00003822 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{3BE9D995-312E-4BCC-B8C8-475DA1F171A9}
2014-11-06 14:26 - 2014-08-28 09:14 - 00000410 _____ () C:\Windows\Tasks\update-S-1-5-21-2752175657-93099683-495187216-1001.job
2014-11-06 11:08 - 2014-08-28 10:00 - 03047936 ___SH () C:\Users\Mark\Desktop\Thumbs.db
2014-11-06 08:43 - 2014-09-04 11:53 - 00000000 ____D () C:\Users\Mark\AppData\Local\Adobe
2014-11-06 08:38 - 2014-09-11 18:38 - 00000000 ___RD () C:\Users\Mark\Google Drive
2014-11-06 08:35 - 2014-09-14 11:09 - 00990906 _____ () C:\Windows\PFRO.log
2014-11-06 08:35 - 2014-08-28 10:25 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-06 08:35 - 2014-08-28 10:25 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-05 22:28 - 2014-08-27 21:21 - 00000000 ____D () C:\Users\Mark\AppData\Roaming\uTorrent
2014-11-05 22:28 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-11-05 18:52 - 2014-09-16 07:31 - 00008335 _____ () C:\Windows\setupact.log
2014-11-05 09:12 - 2014-08-28 10:25 - 00001169 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-11-04 21:48 - 2014-09-25 14:08 - 00000000 ____D () C:\Users\Mark\Desktop\Limehotel.nl Badges
2014-11-04 10:18 - 2014-09-22 08:18 - 00000600 _____ () C:\Users\Mark\AppData\Local\PUTTY.RND
2014-11-03 11:50 - 2014-09-11 08:07 - 00003258 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for TEAM-KORKEL-Mark Team-Korkel
2014-11-03 11:50 - 2014-09-08 14:56 - 00000000 ____D () C:\Program Files\Process Lasso
2014-11-03 11:50 - 2014-09-08 14:46 - 00000000 ____D () C:\Users\Mark\AppData\Roaming\ProcessLasso
2014-11-03 11:50 - 2014-08-28 03:51 - 00002293 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-11-03 11:49 - 2014-08-28 03:50 - 00004048 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-03 11:49 - 2014-08-28 03:50 - 00003812 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-03 11:49 - 2014-08-28 03:50 - 00001072 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-03 11:46 - 2014-08-28 10:28 - 00003836 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1409218091
2014-11-03 11:46 - 2014-08-28 10:28 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-11-03 11:32 - 2014-08-28 10:14 - 00000000 ____D () C:\Windows\pss
2014-11-03 09:48 - 2014-08-28 03:45 - 00000000 ____D () C:\Users\Mark
2014-11-03 09:41 - 2013-08-22 15:44 - 00404816 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-03 09:40 - 2014-09-19 19:35 - 00000000 ____D () C:\Users\DefaultAppPool
2014-11-03 09:40 - 2014-09-19 19:11 - 00000000 ____D () C:\Users\.NET v4.5 Classic
2014-11-03 09:40 - 2014-09-19 19:11 - 00000000 ____D () C:\Users\.NET v4.5
2014-11-03 09:40 - 2014-09-19 19:11 - 00000000 ____D () C:\Users\.NET v2.0
2014-11-03 09:40 - 2014-09-19 19:10 - 00000000 ____D () C:\Users\Classic .NET AppPool
2014-11-03 09:40 - 2014-09-19 19:10 - 00000000 ____D () C:\Users\.NET v2.0 Classic
2014-11-03 09:39 - 2014-09-20 12:58 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-11-03 09:39 - 2014-09-16 12:00 - 00000000 ____D () C:\Users\Mark\AppData\Local\3CX VoIP Phone
2014-11-03 09:39 - 2014-09-16 11:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unchecky
2014-11-03 09:39 - 2014-09-16 11:13 - 00000000 ____D () C:\Program Files (x86)\Unchecky
2014-11-03 09:39 - 2014-09-13 09:17 - 00000000 ____D () C:\Users\Mark\AppData\Roaming\PowerISO
2014-11-03 09:39 - 2014-09-09 08:10 - 00000000 ____D () C:\Users\Mark\AppData\Local\Akamai
2014-11-03 09:39 - 2014-09-05 07:53 - 00000000 ____D () C:\Users\Mark\AppData\Roaming\KeePass
2014-11-03 09:39 - 2014-08-29 14:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-11-03 09:39 - 2014-08-28 10:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-03 09:39 - 2014-08-28 10:39 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-03 09:39 - 2014-08-28 09:26 - 00000000 ____D () C:\ProgramData\ClassicShell
2014-11-03 09:39 - 2014-08-28 03:55 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-11-03 09:39 - 2014-08-28 03:55 - 00000000 ____D () C:\ProgramData\Skype
2014-11-03 09:39 - 2014-08-28 03:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-11-03 09:39 - 2014-08-28 03:50 - 00000000 ____D () C:\Users\Mark\AppData\Roaming\WebStorage
2014-11-03 09:39 - 2014-08-28 03:46 - 00000000 ____D () C:\Users\Mark\AppData\Local\ASUS
2014-11-03 09:39 - 2013-12-13 05:10 - 00000000 ____D () C:\ProgramData\WebStorage
2014-11-03 09:39 - 2013-12-13 05:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2014-11-03 09:39 - 2013-12-13 05:10 - 00000000 ____D () C:\ProgramData\ASUS WebStorage
2014-11-03 09:39 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\rescache
2014-11-03 09:38 - 2014-10-05 13:36 - 00000000 ____D () C:\.jagex_cache_32
2014-11-03 09:38 - 2014-10-03 07:58 - 00000000 ____D () C:\Program Files (x86)\FastReports
2014-11-03 09:38 - 2014-09-14 16:05 - 00000000 ____D () C:\EEK
2014-11-03 09:37 - 2014-09-09 17:24 - 00000000 ____D () C:\Windows\AutoKMS
2014-11-03 09:30 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\registration
2014-11-03 09:23 - 2014-09-09 16:39 - 00000000 __RHD () C:\MSOCache
2014-11-02 11:08 - 2014-08-29 14:20 - 00000024 _____ () C:\Users\Mark\random.dat
2014-11-02 10:43 - 2014-10-05 13:36 - 00000024 _____ () C:\Users\Mark\jagexappletviewer.preferences
2014-11-02 10:38 - 2014-08-29 14:20 - 00000043 _____ () C:\Users\Mark\jagex_cl_runescape_LIVE.dat
2014-11-01 21:36 - 2014-09-01 09:56 - 00000000 ____D () C:\Users\Mark\.gimp-2.8
2014-10-31 12:17 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-10-31 12:11 - 2014-08-29 21:01 - 00000000 ____D () C:\Users\Mark\AppData\Local\VMware
2014-10-30 12:25 - 2014-09-21 16:10 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-29 21:58 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\BBI(51)
2014-10-29 08:47 - 2014-08-28 03:53 - 00000000 __SHD () C:\aws
2014-10-25 17:23 - 2014-10-05 18:16 - 00017990 _____ () C:\Windows\DirectX.log
2014-10-24 21:28 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\BBI(34)
2014-10-23 17:40 - 2014-08-28 04:01 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-10-21 19:35 - 2014-08-29 14:19 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-21 12:57 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-20 07:27 - 2014-08-28 12:24 - 00003828 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-10-19 21:14 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\BBI(85)
2014-10-19 12:21 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp
2014-10-19 11:07 - 2014-09-09 16:42 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-19 11:06 - 2014-09-09 16:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-10-18 09:27 - 2014-09-16 12:00 - 00000000 ____D () C:\Program Files (x86)\3CXPhone
2014-10-18 09:07 - 2014-09-16 11:13 - 00000000 ____D () C:\ProgramData\Unchecky
2014-10-17 18:01 - 2014-09-27 21:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MetaGeek
2014-10-17 18:01 - 2013-08-22 16:36 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-10-17 18:01 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-10-17 17:55 - 2014-09-30 13:21 - 00000000 ____D () C:\Program Files\MySQL
2014-10-17 17:55 - 2014-09-27 21:44 - 00000000 ____D () C:\Program Files (x86)\MetaGeek
2014-10-17 17:55 - 2014-09-21 17:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MySQL
2014-10-17 17:55 - 2014-08-29 14:16 - 00000000 ____D () C:\Program Files (x86)\Java
2014-10-16 20:59 - 2014-09-16 08:08 - 00000000 ____D () C:\Users\Mark\Desktop\Stage
2014-10-15 17:41 - 2014-08-28 10:28 - 00001059 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2014-10-15 17:32 - 2014-09-01 17:04 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-15 17:32 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\MediaViewer
2014-10-15 17:32 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\FileManager
2014-10-15 17:32 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\Camera
2014-10-15 17:27 - 2013-08-22 14:25 - 00000199 _____ () C:\Windows\win.ini
2014-10-15 08:15 - 2014-08-29 16:17 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-15 08:03 - 2014-08-29 16:17 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-14 19:27 - 2014-09-11 18:38 - 00001898 _____ () C:\Users\Mark\Desktop\Google Drive.lnk
2014-10-14 19:27 - 2014-08-28 10:31 - 00001264 _____ () C:\Users\Mark\Desktop\Dropbox.lnk
2014-10-14 17:14 - 2014-08-28 20:55 - 00000000 ____D () C:\Program Files (x86)\Popcorn Time
2014-10-14 07:53 - 2014-09-17 07:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2014-10-14 07:53 - 2014-09-17 07:41 - 00000000 ____D () C:\Program Files (x86)\K-Lite Codec Pack
2014-10-14 07:53 - 2014-08-28 20:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Popcorn Time
2014-10-11 12:54 - 2013-08-22 16:36 - 00000000 __RSD () C:\Windows\Media
2014-10-11 11:02 - 2014-08-31 17:45 - 00000000 ____D () C:\Users\Mark\AppData\Roaming\TeamViewer
2014-10-10 17:12 - 2014-08-29 21:01 - 00000000 ____D () C:\Users\Mark\AppData\Roaming\VMware
2014-10-08 13:26 - 2014-09-22 12:54 - 00000186 _____ () C:\Users\Mark\.packettracer
2014-10-08 07:40 - 2014-09-28 11:17 - 00000000 ____D () C:\ProgramData\Origin
2014-10-08 07:38 - 2014-09-28 12:54 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-10-07 11:56 - 2014-09-22 13:30 - 00000000 ____D () C:\Users\Mark\Documents\Navicat
 
Files to move or delete:
====================
C:\ProgramData\SetStretch.exe
C:\ProgramData\SetStretch.VBS
C:\Users\Mark\jagex_cl_runescape_LIVE.dat
C:\Users\Mark\jagex_cl_runescape_LIVE1.dat
C:\Users\Mark\random.dat
 
 
Some content of TEMP:
====================
C:\Users\Mark\AppData\Local\Temp\A1D76FF97175BF79025AB7AA1DDF0A2A.dll
C:\Users\Mark\AppData\Local\Temp\avguidx.dll
C:\Users\Mark\AppData\Local\Temp\bassmod.dll
C:\Users\Mark\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpqzmbxt.dll
C:\Users\Mark\AppData\Local\Temp\ICReinstall_Pivot_v4-1.exe
C:\Users\Mark\AppData\Local\Temp\install_flashplayer15x32au_mssd_aaa_aih.exe
C:\Users\Mark\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Mark\AppData\Local\Temp\MachineIdCreator.exe
C:\Users\Mark\AppData\Local\Temp\mirc736.exe
C:\Users\Mark\AppData\Local\Temp\MSETUP4.EXE
C:\Users\Mark\AppData\Local\Temp\npp.6.6.9.Installer.exe
C:\Users\Mark\AppData\Local\Temp\oi_{87EF0F16-639F-4B9D-8D97-D1B2A42ED1FD}.exe
C:\Users\Mark\AppData\Local\Temp\php_pdo_sqlsrv_53_nts.dll
C:\Users\Mark\AppData\Local\Temp\php_pdo_sqlsrv_54_nts.dll
C:\Users\Mark\AppData\Local\Temp\php_sqlsrv_53_nts.dll
C:\Users\Mark\AppData\Local\Temp\php_sqlsrv_54_nts.dll
C:\Users\Mark\AppData\Local\Temp\VirtualDJ New Version.exe
C:\Users\Mark\AppData\Local\Temp\VSUSetup.exe
C:\Users\Mark\AppData\Local\Temp\xmlUpdater.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-10-30 18:36
 
==================== End Of Log ============================
--
Addition:
Attached File  Addition.txt   56.63KB   1 downloads
--

Can you tell me, do I got infections? Oh, I know about uTorrent and use it not much.


Edited by M. de Jager, 06 November 2014 - 03:32 PM.


#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,586 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:42 AM

Posted 07 November 2014 - 07:54 AM

What I have found is that you have some PUP (Potentially Unwanted Program) installed without your consent.
You should run the AdwCleaner tool and clean all that is found.
===

Run this tool to clean your Temporary files/Folders.

Download TFC to your desktop
  • Close any open windows.
  • Double click the TFC icon to run the program.
  • TFC will close all open programs itself in order to run.
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted, it should not take long to finish.
  • Once it's finished, click OK to reboot.
  • If it does not reboot, reboot your system manually.

  • ===

    Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
    start
    
    (AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe
    ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL No File
    ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL No File
    ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL No File
    ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.1.12.424\ASUSWSShellExt64.dll No File
    ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.1.12.424\ASUSWSShellExt64.dll No File
    ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.1.12.424\ASUSWSShellExt64.dll No File
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll No File
    ShellIconOverlayIdentifiers: [SmartFTP Drop] -> {EA5A76F7-8138-4B53-B0F5-ADCC730CAFBD} => C:\Program Files\SmartFTP Client\ShellTools.dll No File
    HKU\S-1-5-21-2752175657-93099683-495187216-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASJB
    SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASJB
    SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASJB
    SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASJB
    SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll No File
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll No File
    BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL No File
    BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll No File
    Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL No File
    FF Plugin-x32: @ABNAMRO/BECON,version=1.00 -> C:\Program Files (x86)\ABN AMRO e.dentifier2\Mozilla\npBECON.dll No File
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL No File
    CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2014-10-23]
    R2 hshld; C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [919040 2014-05-17] (AnchorFree Inc.) [File not signed]
    S2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [X]
    S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [X]
    S2 ClickToRunSvc; "C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe" /service [X]
    S2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [X]
    S3 OpenVPNService; "C:\Program Files\OpenVPN\bin\openvpnserv.exe" [X]
    S0 aswRvrt; No ImagePath
    S0 aswVmm; No ImagePath
    S2 aswHwid; \SystemRoot\system32\drivers\aswHwid.sys [X]
    S2 aswMonFlt; \SystemRoot\system32\drivers\aswMonFlt.sys [X]
    S1 aswRdr; \SystemRoot\system32\drivers\aswRdr2.sys [X]
    S1 aswSnx; \SystemRoot\system32\drivers\aswSnx.sys [X]
    S1 aswSP; \SystemRoot\system32\drivers\aswSP.sys [X]
    S2 aswStm; \SystemRoot\system32\drivers\aswStm.sys [X]
    S3 e.dentifier2; \SystemRoot\system32\DRIVERS\aabed2.sys [X]
    S1 ESProtectionDriver; \??\C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [X]
    S3 PSKMAD; System32\DRIVERS\PSKMAD.sys [X]
    S3 tap0901; \SystemRoot\system32\DRIVERS\tap0901.sys [X]
    S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
    Task: {0A3D1418-32A0-4A16-80BE-8BD102488802} - \Driver Booster SkipUAC (Mark) No Task File <==== ATTENTION
    Task: {38AD7FAF-19A9-4BC9-B42F-FF9F2BD5D447} - \{074F2035-D6B3-4765-8098-12B0A8AD6216} No Task File <==== ATTENTION
    Task: {8927B746-BD4C-4665-A312-5E39DD0445E1} - \avast! Emergency Update No Task File <==== ATTENTION
    Task: {9733B9E5-5675-479E-B0DC-36DEC993319C} - \AutoKMS No Task File <==== ATTENTION
    Task: {A5D63BAB-B3E4-42B5-A9AB-39D2F178F3E8} - \Microsoft\Office\Office Automatic Updates No Task File <==== ATTENTION
    Task: {C686CE2F-CDAF-4D6C-BDCE-515DC4908FF3} - \DriverToolkit Autorun No Task File <==== ATTENTION
    Task: {E7481153-748C-492B-9E9F-9B5BC844D52E} - \Microsoft OneDrive Auto Update Task-S-1-5-21-2752175657-93099683-495187216-1001 No Task File <==== ATTENTION
    
    End
    
    Save the files as fixlist.txt into the same folder as FRST

    Run FRST and click Fix only once and wait.

    Restart the computer normally to reset the registry.

    The tool will create a log Fixlog.txt please post it to your reply.
    ===

    Download Security Check by screen317 from here.
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
    p.s.
    If the SecurityCheck program fails to run for any reason, run it as an Administrator.

    If the site is busy or not available use this mirror site:
    http://www.bleepingcomputer.com/download/securitycheck/

    How is the computer running now?


#8 M. de Jager

M. de Jager
  • Topic Starter

  • Banned
  • 434 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:42 AM

Posted 07 November 2014 - 08:17 AM

FRST fixlog:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-11-2014
Ran by Mark at 2014-11-07 14:06:19 Run:1
Running from C:\Users\Mark\Desktop
Loaded Profile: Mark (Available profiles: Mark & Classic .NET AppPool & .NET v4.5 & DefaultAppPool & .NET v2.0 & .NET v4.5 Classic & .NET v2.0 Classic)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
 
(AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL No File
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL No File
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL No File
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.1.12.424\ASUSWSShellExt64.dll No File
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.1.12.424\ASUSWSShellExt64.dll No File
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.1.12.424\ASUSWSShellExt64.dll No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll No File
ShellIconOverlayIdentifiers: [SmartFTP Drop] -> {EA5A76F7-8138-4B53-B0F5-ADCC730CAFBD} => C:\Program Files\SmartFTP Client\ShellTools.dll No File
HKU\S-1-5-21-2752175657-93099683-495187216-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASJB
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASJB
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASJB
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASJB
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll No File
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll No File
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL No File
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL No File
FF Plugin-x32: @ABNAMRO/BECON,version=1.00 -> C:\Program Files (x86)\ABN AMRO e.dentifier2\Mozilla\npBECON.dll No File
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL No File
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2014-10-23]
R2 hshld; C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [919040 2014-05-17] (AnchorFree Inc.) [File not signed]
S2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [X]
S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [X]
S2 ClickToRunSvc; "C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe" /service [X]
S2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [X]
S3 OpenVPNService; "C:\Program Files\OpenVPN\bin\openvpnserv.exe" [X]
S0 aswRvrt; No ImagePath
S0 aswVmm; No ImagePath
S2 aswHwid; \SystemRoot\system32\drivers\aswHwid.sys [X]
S2 aswMonFlt; \SystemRoot\system32\drivers\aswMonFlt.sys [X]
S1 aswRdr; \SystemRoot\system32\drivers\aswRdr2.sys [X]
S1 aswSnx; \SystemRoot\system32\drivers\aswSnx.sys [X]
S1 aswSP; \SystemRoot\system32\drivers\aswSP.sys [X]
S2 aswStm; \SystemRoot\system32\drivers\aswStm.sys [X]
S3 e.dentifier2; \SystemRoot\system32\DRIVERS\aabed2.sys [X]
S1 ESProtectionDriver; \??\C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [X]
S3 PSKMAD; System32\DRIVERS\PSKMAD.sys [X]
S3 tap0901; \SystemRoot\system32\DRIVERS\tap0901.sys [X]
S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
Task: {0A3D1418-32A0-4A16-80BE-8BD102488802} - \Driver Booster SkipUAC (Mark) No Task File <==== ATTENTION
Task: {38AD7FAF-19A9-4BC9-B42F-FF9F2BD5D447} - \{074F2035-D6B3-4765-8098-12B0A8AD6216} No Task File <==== ATTENTION
Task: {8927B746-BD4C-4665-A312-5E39DD0445E1} - \avast! Emergency Update No Task File <==== ATTENTION
Task: {9733B9E5-5675-479E-B0DC-36DEC993319C} - \AutoKMS No Task File <==== ATTENTION
Task: {A5D63BAB-B3E4-42B5-A9AB-39D2F178F3E8} - \Microsoft\Office\Office Automatic Updates No Task File <==== ATTENTION
Task: {C686CE2F-CDAF-4D6C-BDCE-515DC4908FF3} - \DriverToolkit Autorun No Task File <==== ATTENTION
Task: {E7481153-748C-492B-9E9F-9B5BC844D52E} - \Microsoft OneDrive Auto Update Task-S-1-5-21-2752175657-93099683-495187216-1001 No Task File <==== ATTENTION
 
End
*****************
 
[2084] C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe => Process closed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrivePro1 (ErrorConflict)" => Key deleted successfully.
"HKCR\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}" => Key deleted successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrivePro2 (SyncInProgress)" => Key deleted successfully.
"HKCR\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}" => Key deleted successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrivePro3 (InSync)" => Key deleted successfully.
"HKCR\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}" => Key deleted successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\!AsusWSShellExt_B" => Key deleted successfully.
"HKCR\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7191}" => Key deleted successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\!AsusWSShellExt_O" => Key deleted successfully.
"HKCR\CLSID\{64174815-8D98-4CE6-8646-4C039977D809}" => Key deleted successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\!AsusWSShellExt_U" => Key deleted successfully.
"HKCR\CLSID\{1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E}" => Key deleted successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => Key deleted successfully.
"HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}" => Key deleted successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SmartFTP Drop" => Key deleted successfully.
"HKCR\CLSID\{EA5A76F7-8138-4B53-B0F5-ADCC730CAFBD}" => Key deleted successfully.
"HKU\S-1-5-21-2752175657-93099683-495187216-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
"HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
"HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}" => Key deleted successfully.
"HKCR\CLSID\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}" => Key deleted successfully.
"HKCR\CLSID\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}" => Key deleted successfully.
"HKCR\CLSID\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}" => Key deleted successfully.
"HKCR\Wow6432Node\PROTOCOLS\Handler\osf" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{D924BDC6-C83A-4BD5-90D0-095128A113D1}" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@ABNAMRO/BECON,version=1.00" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck" => Key deleted successfully.
C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx => Moved successfully.
hshld => Unable to stop service
hshld => Service deleted successfully.
avast! Antivirus => Service deleted successfully.
AvastVBoxSvc => Service deleted successfully.
ClickToRunSvc => Service deleted successfully.
MbaeSvc => Service deleted successfully.
OpenVPNService => Service deleted successfully.
aswRvrt => Service deleted successfully.
aswVmm => Service deleted successfully.
aswHwid => Service deleted successfully.
aswMonFlt => Service deleted successfully.
aswRdr => Service deleted successfully.
aswSnx => Service deleted successfully.
aswSP => Service deleted successfully.
aswStm => Service deleted successfully.
e.dentifier2 => Service deleted successfully.
ESProtectionDriver => Service deleted successfully.
PSKMAD => Service deleted successfully.
tap0901 => Service deleted successfully.
VBoxAswDrv => Service deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0A3D1418-32A0-4A16-80BE-8BD102488802}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0A3D1418-32A0-4A16-80BE-8BD102488802}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster SkipUAC (Mark)" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{38AD7FAF-19A9-4BC9-B42F-FF9F2BD5D447}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{38AD7FAF-19A9-4BC9-B42F-FF9F2BD5D447}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{074F2035-D6B3-4765-8098-12B0A8AD6216}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8927B746-BD4C-4665-A312-5E39DD0445E1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8927B746-BD4C-4665-A312-5E39DD0445E1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\avast! Emergency Update" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{9733B9E5-5675-479E-B0DC-36DEC993319C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9733B9E5-5675-479E-B0DC-36DEC993319C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A5D63BAB-B3E4-42B5-A9AB-39D2F178F3E8}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A5D63BAB-B3E4-42B5-A9AB-39D2F178F3E8}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Office\Office Automatic Updates" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C686CE2F-CDAF-4D6C-BDCE-515DC4908FF3}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C686CE2F-CDAF-4D6C-BDCE-515DC4908FF3}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DriverToolkit Autorun" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E7481153-748C-492B-9E9F-9B5BC844D52E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E7481153-748C-492B-9E9F-9B5BC844D52E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft OneDrive Auto Update Task-S-1-5-21-2752175657-93099683-495187216-1001" => Key deleted successfully.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====
SecurityChek:
 Results of screen317's Security Check version 0.99.89  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Windows Defender   
COMODO Antivirus   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Panda Cloud Cleaner   
 Java 7 Update 67  
 Java 8 Update 25  
 Adobe Flash Player 15.0.0.189  
 Adobe Reader XI  
 Mozilla Firefox (33.0.2) 
 Google Chrome 38.0.2125.111  
````````Process Check: objlist.exe by Laurent````````  
 Windows Defender MSMpEng.exe 
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 
 
 
Can you tell me what the fixlist for FRST did? I'm really intressed in that.  And my computer, starts slow and I still can't change my IPV4/6 settings.


#9 M. de Jager

M. de Jager
  • Topic Starter

  • Banned
  • 434 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:42 AM

Posted 07 November 2014 - 08:27 AM

AdwCleaner as you suggested:

# AdwCleaner v3.311 - Rapport aangemaakt 07/11/2014 op 14:20:10
# Laatste Update 30/09/2014 door Xplode
# Besturingssysteem : Windows 8.1  (64 bits)
# Gebruikersnaam : Mark - TEAM-KORKEL
# Gestart vanuit : C:\Users\Mark\Desktop\adwcleaner_3.311.exe
# Optie : Verwijderen
 
***** [ Services ] *****
 
[#] Service Verwijderd : hsstrayservice
 
***** [ Bestanden / Mappen ] *****
 
Map Verwijderd : C:\ProgramData\~0
Map Verwijderd : C:\ProgramData\AVG Secure Search
Map Verwijderd : C:\ProgramData\hotspot shield
Map Verwijderd : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\hotspot shield
Map Verwijderd : C:\Program Files (x86)\hotspot shield
Map Verwijderd : C:\Program Files (x86)\Skillbrains
Map Verwijderd : C:\Windows\SysWOW64\hotspot shield
Map Verwijderd : C:\Users\Mark\AppData\Local\PackageAware
Map Verwijderd : C:\Users\Mark\AppData\Local\Skillbrains
Map Verwijderd : C:\Users\Mark\AppData\Roaming\hotspot shield
 
***** [ Taken ] *****
 
Taak Verwijderd : update-sys
Taak Verwijderd : update-S-1-5-21-2752175657-93099683-495187216-1001
 
***** [ Snelkoppelingen ] *****
 
 
***** [ Register ] *****
 
Waarde Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [LightShot]
Sleutel Verwijderd : HKCU\Software\anchorfree
Sleutel Verwijderd : HKCU\Software\IGearSettings
Sleutel Verwijderd : HKCU\Software\SkillBrains
Sleutel Verwijderd : HKLM\SOFTWARE\hotspotshield
Sleutel Verwijderd : HKLM\SOFTWARE\SkillBrains
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\hotspotshield
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17344
 
 
-\\ Mozilla Firefox v33.0.2 (x86 en-US)
 
[ Bestand : C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\qt4q8es3.default-1413621769675\prefs.js ]
 
 
-\\ Google Chrome v38.0.2125.111
 
[ Bestand : C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [2533 octets] - [06/11/2014 21:20:49]
AdwCleaner[R1].txt - [2409 octets] - [07/11/2014 14:18:53]
AdwCleaner[S0].txt - [2194 octets] - [07/11/2014 14:20:10]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2254 octets] ##########


#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,586 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:42 AM

Posted 07 November 2014 - 09:22 AM

Looking good.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#11 M. de Jager

M. de Jager
  • Topic Starter

  • Banned
  • 434 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:42 AM

Posted 07 November 2014 - 09:41 AM

Well, I can't change my IPV4 settings.



#12 nasdaq

nasdaq

  • Malware Response Team
  • 39,586 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:42 AM

Posted 07 November 2014 - 11:16 AM

A number of fixes are suggested here.

http://answers.microsoft.com/en-us/windows/forum/windows_7-networking/i-cant-change-the-tcpip-ipv4-settings-as-windows/4820f4f1-6875-4f5d-af53-a179a0954949

If still no joy start a new topic in the Networking Forum and expert in that field should be able to help you.
This is not my forte.

The forum link.
http://www.bleepingcomputer.com/forums/f/21/networking/

#13 M. de Jager

M. de Jager
  • Topic Starter

  • Banned
  • 434 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:42 AM

Posted 07 November 2014 - 11:22 AM

Okay, but my system is clean now? If yes, I can run Delfix to remove used tools, clean up the system restore etc.?

 

Thanks for the help, accept donations?



#14 nasdaq

nasdaq

  • Malware Response Team
  • 39,586 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:42 AM

Posted 07 November 2014 - 01:13 PM

My services are free.

Thanks for the offer.

#15 M. de Jager

M. de Jager
  • Topic Starter

  • Banned
  • 434 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:42 AM

Posted 07 November 2014 - 01:43 PM

No problem! I can run delfix? If yes, can be closed.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users