Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infection with Trojan Inject2.aeep: system severely compromised?


  • This topic is locked This topic is locked
6 replies to this topic

#1 wouter1

wouter1

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:56 PM

Posted 23 December 2014 - 03:26 PM

I have AVG as my main antivirus software. Recently it popped up with infections of Inject2.aeep and  q:\140066.NLD\office14\winworddc.exe. I restarted my laptop as AVG suggested. The infections seemed to have disappeared but still many things were not right. My internet connection got disabled and some of my personal documents had vanished apparantly. Only having rather superficial computer knowledge I reacted in a panic, doing and trying lots of things without always knowing exactly what I was doing. With the help of a small notebook I also have that didn’t seem to have been compromised I managed to find some info on the Inject2 Trojan online and downloaded and ran several programs on my infected laptop (Malwarebytes, Malwarebytes Anti-Rootkit,  ProtectorPlus W32/CleanInject Trojan, …) I ran these programs both in normal mode and safe mode. They didn’t find any infection. My attempts to set the computer back to a previous restore point failed. I changed all the passwords for important online services (Facebook, Outlook, online banking, …) I also changed password for the main user account of my laptop. Subsequently I made a backup of all my important files. Because repeated scans with several anti-malware programs didn’t produce any new infection results, I ran Complete Internet Repair and managed to get my laptop back online with it. As for the moment everything seems to work again. AVG still pops up once in a while detecting q:\140066.NLD\office14\winworddc.exe as being infected though, but as what I understand from several forums this might be a false alarm? Malwarebytes and Malwarebytes Anti-Rootkit are unable to find any current infection and TCPView doesn’t show any suspicious programs making use of open ports (at least as far as I’m able to determine). I was able to create a new restore point. I did not run ComboFix. Still I think my system has been compromised severely and consider myself in need of expert advice. My fear is some vicious software might still be active without me being able to detect it and some hacker might still be in control of my computer and personal data. Maybe it’s better to reset my entire system? Help!   PS: I’m had troubles posting this with the attachments at once L Every time I get an error message ‘Error 542 - Ray ID: 19d743e3490e0761- a timeout occurred’

BC AdBot (Login to Remove)

 


#2 wouter1

wouter1
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:56 PM

Posted 23 December 2014 - 03:29 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-12-2014
Ran by Wouter (administrator) on HAL1984 on 23-12-2014 20:50:44
Running from C:\Users\Wouter\Documents\Downloads
Loaded Profile: Wouter (Available profiles: Wouter & Gast)
Platform: Windows 8.1 Pro (X64) OS Language: Nederlands (Nederland)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareService.exe
(Lavasoft Limited) C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.2.9.5\LavasoftTcpService.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(Soluto) C:\Program Files\Soluto\SolutoLauncherService.exe
(Soluto) C:\Program Files\Soluto\SolutoService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe
() C:\Program Files (x86)\Elex-tech\YAC\iDesk.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(FSPro Labs) C:\Program Files\My Lockbox\My Lockbox\My Lockbox\mylbx.exe
(Guillemot Corporation S.A.) C:\Program Files (x86)\Hercules\Hercules Optical Glass\XtrCtrlEx.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Lavasoft) C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Dropbox, Inc.) C:\Users\Wouter\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
() C:\Windows\Samsung\PanelMgr\SSMMgr.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
() C:\Windows\Samsung\PanelMgr\caller64.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Sysinternals - www.sysinternals.com) C:\Program Files\TCPView\Tcpview.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(GlavSoft LLC.) C:\Program Files\Soluto\SolutoRemoteService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVH.EXE
() Q:\140066.nld\Office14\WINWORDC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
() C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\OFFICEVIRT.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
() Q:\140066.nld\Office14\OffSpon.EXE
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2280232 2010-07-29] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11785832 2011-03-10] (Realtek Semiconductor)
HKLM\...\Run: [mylbx] => C:\Program Files\My Lockbox\My Lockbox\My Lockbox\mylbx.exe [2211688 2012-07-24] (FSPro Labs)
HKLM\...\Run: [CamserviceOG] => C:\Program Files (x86)\Hercules\Hercules Optical Glass\XtrCtrlEx.exe [3382568 2011-09-07] (Guillemot Corporation S.A.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTray.exe [8947008 2014-12-18] ()
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe [295448 2012-01-05] (NTI Corporation)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-06-03] (CyberLink)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1081424 2011-03-14] (Dritek System Inc.)
HKLM-x32\...\Run: [Samsung PanelMgr] => C:\Windows\Samsung\PanelMgr\SSMMgr.exe [618496 2010-06-07] ()
HKLM-x32\...\Run: [ZALFree] => C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe [8200680 2014-12-13] (Zemana Ltd.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3653136 2014-11-09] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448856 2014-11-17] (DivX, LLC)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM Group Policy restriction on software: *.avi.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.com <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.com <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.com <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.scr <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.scr <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.pif <====== ATTENTION
HKLM Group Policy restriction on software: *‮* <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.scr <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.scr <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.com <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.com <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.scr <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.com <====== ATTENTION
HKLM Group Policy restriction on software: *.png.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.png.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.com <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\spotify\spotifylauncher.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\spotify\spotifylauncher.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\avg_update_0814av\avg-secure-search-update.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\avg_update_0814av\safeguard.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\browser extensions\button.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\avg_update_0814av\0814av_avg-secure-search-update.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\avg_update_0814av\safeguard.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\avg_update_0814av\avg-secure-search-update_0814av.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\avg_update_0814av\avg-secure-search-update_0814av.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\yontoo\yontoodesktop.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\yontoo\yontoodesktop.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\cryptopreventsetup.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\spotify\spotify_new.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\avg_update_0814av\avg-secure-search-update.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\avg_update_0814av\setup.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\browser extensions\button.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\avg_update_0814av\setup.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\avg_update_0814av\0814av_avg-secure-search-update.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\avg_update_0814av\0814av_avg-secure-search-update.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\utorrent\utorrent.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\avg_update_0814av\machineidcreator.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\utorrent\utorrent.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\browser extensions\button64.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\spotify\spotify.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\browser extensions\button64.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\avg_update_0814av\avg-secure-search-update_0814av.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\avg_update_0814av\setup.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\avg_update_0814av\avg-secure-search-update.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\spotify\spotifylauncher.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\avg_update_0814av\machineidcreator.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\avg_update_0814av\avg.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\spotify\spotify.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\avg_update_0814av\machineidcreator.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\avg_update_0814av\safeguard.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\avg_update_0814av\avg.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\yontoo\yontoodesktop.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\browser extensions\button64.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\avg_update_0814av\avg.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\spotify\spotify_new.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\spotify\spotify_new.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\spotify\spotify.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\browser extensions\button.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\utorrent\utorrent.exe <====== ATTENTION
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-813266232-3791934722-1737961828-1000\...\Run: [SkyDrive] => C:\Users\Wouter\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [277672 2014-09-25] (Microsoft Corporation)
HKU\S-1-5-21-813266232-3791934722-1737961828-1000\...\Run: [GoogleChromeAutoLaunch_214C8F788BE3D667FB07BDBD0D369B42] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [856904 2014-12-06] (Google Inc.)
HKU\S-1-5-21-813266232-3791934722-1737961828-1000\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [1367360 2014-12-16] (Lavasoft)
HKU\S-1-5-21-813266232-3791934722-1737961828-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
AppInit_DLLs: C:\PROGRA~2\KEYCRY~1\KEYCRY~4.DLL => C:\Program Files (x86)\KeyCryptSDK\KeyCrypt64(14).dll [96104 2014-12-13] (Zemana Ltd.)
AppInit_DLLs-x32: C:\PROGRA~2\KEYCRY~1\KEYCRY~3.DLL => C:\Program Files (x86)\KeyCryptSDK\KeyCrypt32(14).dll [87840 2014-12-13] (Zemana Ltd.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Wouter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Wouter\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Wouter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GigaTribe.lnk
ShortcutTarget: GigaTribe.lnk -> N:\GTRBE\GigaTribe\gigatribe.exe (No File)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-813266232-3791934722-1737961828-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
SearchScopes: HKLM -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKLM -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=APBTDF&pc=MAPB&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKLM-x32 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=APBTDF&pc=MAPB&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKU\.DEFAULT -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-813266232-3791934722-1737961828-1000 -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-813266232-3791934722-1737961828-1000 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-813266232-3791934722-1737961828-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: No Name -> {43D9786F-A485-683B-9B5B-ACC97ABC17FC} ->  No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-813266232-3791934722-1737961828-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler: WSIEChrome - {6D02ED5F-FD0D-4C4C -  No File
Winsock: Catalog9 01 C:\WINDOWS\SysWOW64\LavasoftTcpService.dll [312424] (Lavasoft Limited)
Winsock: Catalog9 02 C:\WINDOWS\SysWOW64\LavasoftTcpService.dll [312424] (Lavasoft Limited)
Winsock: Catalog9 03 C:\WINDOWS\SysWOW64\LavasoftTcpService.dll [312424] (Lavasoft Limited)
Winsock: Catalog9 04 C:\WINDOWS\SysWOW64\LavasoftTcpService.dll [312424] (Lavasoft Limited)
Winsock: Catalog9 15 C:\WINDOWS\SysWOW64\LavasoftTcpService.dll [312424] (Lavasoft Limited)
Winsock: Catalog9-x64 01 C:\WINDOWS\system32\LavasoftTcpService64.dll [358736] (Lavasoft Limited)
Winsock: Catalog9-x64 02 C:\WINDOWS\system32\LavasoftTcpService64.dll [358736] (Lavasoft Limited)
Winsock: Catalog9-x64 03 C:\WINDOWS\system32\LavasoftTcpService64.dll [358736] (Lavasoft Limited)
Winsock: Catalog9-x64 04 C:\WINDOWS\system32\LavasoftTcpService64.dll [358736] (Lavasoft Limited)
Winsock: Catalog9-x64 15 C:\WINDOWS\system32\LavasoftTcpService64.dll [358736] (Lavasoft Limited)
Tcpip\Parameters: [DhcpNameServer] 195.130.130.4 195.130.131.4
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.2.0\\npsitesafety.dll No File
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-813266232-3791934722-1737961828-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Wouter\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Extension: eID België - C:\Program Files (x86)\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be [2014-10-01]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.com [2014-04-06]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-04-06]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [Player@Wondershare.com] - C:\ProgramData\Wondershare\Player\Player@Wondershare.com
FF HKLM-x32\...\Firefox\Extensions: [belgiumeid@eid.belgium.be] - C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be
FF HKU\S-1-5-21-813266232-3791934722-1737961828-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR DefaultSearchKeyword: Default -> google
CHR DefaultSuggestURL: Default -> 
CHR Profile: C:\Users\Wouter\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Adblock Plus) - C:\Users\Wouter\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-11-12]
CHR Extension: (ZenMate Security & Privacy VPN) - C:\Users\Wouter\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2014-12-19]
CHR Extension: (Click&Clean) - C:\Users\Wouter\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod [2014-11-12]
CHR Extension: (AdBlock) - C:\Users\Wouter\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-12-19]
CHR Extension: (StayFocusd) - C:\Users\Wouter\AppData\Local\Google\Chrome\User Data\Default\Extensions\laankejkbhbdhmipfmgcngdelahlfoji [2014-12-19]
CHR Extension: (FVD Downloader) - C:\Users\Wouter\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp [2014-11-12]
CHR Extension: (No History) - C:\Users\Wouter\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljamgkbcojbnmcaonjokopmcblmmpfch [2014-11-12]
CHR Extension: (Hangouts) - C:\Users\Wouter\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2014-12-19]
CHR Extension: (Google Wallet) - C:\Users\Wouter\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-12]
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - No Path
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3488784 2014-11-09] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [298080 2014-11-09] (AVG Technologies CZ, s.r.o.)
R2 ePowerSvc; C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [872552 2011-05-10] (Acer Incorporated)
R2 GREGService; C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe [29696 2011-05-26] (Acer Incorporated) [File not signed]
R2 iSafeService; C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [120128 2014-12-18] (Elex do Brasil Participações Ltda)
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareService.exe [713568 2014-12-18] ()
R2 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.2.9.5\LavasoftTcpService.exe [1351512 2014-12-16] (Lavasoft Limited)
R2 Live Updater Service; C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [244624 2011-04-22] (Acer Incorporated)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
S4 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe [256536 2012-01-05] (NTI Corporation)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390672 2012-08-08] ()
S4 SearchProtectionService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe [15208 2014-12-16] ()
R2 SolutoLauncherService; C:\Program Files\Soluto\SolutoLauncherService.exe [221728 2013-12-08] (Soluto)
R3 SolutoRemoteService; C:\Program Files\Soluto\SolutoRemoteService.exe [1942016 2013-12-08] (GlavSoft LLC.) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
S2 vToolbarUpdater18.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.2.0\ToolbarUpdater.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [21136 2012-10-30] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [59728 2012-10-30] (AVAST Software)
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [263960 2014-10-29] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [124184 2014-10-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [277784 2014-09-24] (AVG Technologies CZ, s.r.o.)
R0 FSProFilter; C:\Windows\System32\Drivers\FSPFltd.sys [54848 2010-07-22] (FSPro Labs)
S3 hxctlflt; C:\Windows\System32\Drivers\hxctlflt.sys [111104 2009-02-08] (Guillemot Corporation)
R1 iSafeKrnl; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [249000 2014-12-18] (Elex do Brasil Participações Ltda)
S3 iSafeKrnlBoot; C:\Windows\System32\DRIVERS\iSafeKrnlBoot.sys [45224 2014-12-18] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlKit; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [99496 2014-12-18] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlR3; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [93352 2014-12-18] (Elex do Brasil Participações Ltda)
R1 iSafeNetFilter; C:\Windows\System32\DRIVERS\iSafeNetFilter.sys [52392 2014-12-12] (Elex do Brasil Participações Ltda)
R3 keycrypt; C:\Windows\System32\DRIVERS\KeyCrypt64.sys [121840 2014-12-13] (Zemana Ltd.)
S3 ManyCam; C:\Windows\system32\DRIVERS\mcvidrv.sys [52128 2013-11-27] (Visicom Media Inc.)
S3 MarvinBus; C:\Windows\System32\drivers\MarvinBus64.sys [261120 2005-09-23] (Pinnacle Systems GmbH) [File not signed]
R2 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [96472 2014-12-20] (Malwarebytes Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-23] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
S3 mcaudrv_simple; C:\Windows\system32\drivers\mcaudrv_x64.sys [35232 2013-12-06] (Visicom Media Inc.)
S3 pfc; C:\Windows\SysWOW64\drivers\pfc.sys [14604 2003-06-19] (Padus, Inc.) [File not signed]
S2 Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [142120 2007-04-27] (SafeNet, Inc.)
S3 SNP2UVC; C:\Windows\system32\DRIVERS\snp2uvc.sys [3565056 2011-04-29] ()
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [389240 2014-10-09] (BitDefender S.R.L.)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S3 cleanhlp; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [X]
R3 cpuz136; \??\C:\WINDOWS\TEMP\cpuz136\cpuz136_x64.sys [X]
U3 idsvc; No ImagePath
S3 MFE_RR; \??\C:\Users\Wouter\AppData\Local\Temp\mfe_rr.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-23 20:36 - 2014-12-23 20:50 - 00000000 ___DC () C:\FRST
2014-12-23 02:53 - 2014-12-13 02:44 - 00001662 ____C () C:\Users\Wouter\Desktop\MalwareBytes Anti-Rootkits.lnk
2014-12-22 04:36 - 2014-12-22 04:36 - 00000000 ___DC () C:\Users\Wouter\AppData\Roaming\LavasoftStatistics
2014-12-22 04:35 - 2014-12-22 04:36 - 00000000 ___DC () C:\Users\Wouter\AppData\Local\Lavasoft
2014-12-22 04:35 - 2014-12-22 04:35 - 00004688 _____ () C:\WINDOWS\SysWOW64\LavasoftTcpService.ini
2014-12-22 04:35 - 2014-12-22 04:35 - 00002520 _____ () C:\WINDOWS\SysWOW64\LavasoftTcpServiceOff.ini
2014-12-22 04:35 - 2014-12-22 04:35 - 00002520 _____ () C:\WINDOWS\system32\LavasoftTcpServiceOff.ini
2014-12-22 04:35 - 2014-12-16 12:10 - 00358736 _____ (Lavasoft Limited) C:\WINDOWS\system32\LavasoftTcpService64.dll
2014-12-22 04:35 - 2014-12-16 12:10 - 00312424 _____ (Lavasoft Limited) C:\WINDOWS\SysWOW64\LavasoftTcpService.dll
2014-12-22 04:34 - 2014-12-22 05:00 - 00000000 ___DC () C:\Users\Wouter\AppData\Roaming\Lavasoft
2014-12-22 04:34 - 2014-12-22 04:34 - 00000000 ___DC () C:\Program Files (x86)\Lavasoft
2014-12-22 04:33 - 2014-12-23 19:17 - 00002357 ____C () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2014-12-22 04:33 - 2014-12-22 04:34 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2014-12-22 04:33 - 2014-12-22 04:33 - 00000000 ___DC () C:\Program Files\Lavasoft
2014-12-22 04:30 - 2014-12-22 04:34 - 00000000 ___DC () C:\ProgramData\Lavasoft
2014-12-22 04:30 - 2014-12-22 04:30 - 00000000 ___DC () C:\Program Files\Common Files\Lavasoft
2014-12-22 03:55 - 2014-12-22 03:55 - 00001673 ____C () C:\Users\Wouter\Desktop\Malwarebytes Anti Rootkit.lnk
2014-12-21 03:20 - 2014-12-21 03:20 - 00000000 ____D () C:\WINDOWS\System32\Tasks\2BrightSparks
2014-12-21 02:56 - 2014-12-21 02:56 - 00000000 _____ () C:\WINDOWS\SysWOW64\sho2AD7.tmp
2014-12-20 21:13 - 2014-12-20 21:13 - 00000000 ___DC () C:\Users\Wouter\AppData\Local\{95AD1C9C-E946-442D-9131-157C615596E1}
2014-12-20 16:42 - 2014-12-20 16:42 - 00001368 ____C () C:\Users\Wouter\Desktop\Tcpview.lnk
2014-12-20 16:41 - 2014-12-20 16:41 - 00000000 ___DC () C:\Program Files\TCPView
2014-12-20 02:21 - 2014-12-20 02:21 - 00000000 _____ () C:\WINDOWS\SysWOW64\shoD09.tmp
2014-12-20 01:25 - 2014-12-20 01:25 - 00000000 ___DC () C:\Program Files\Malwarebytes Anti Rootkits
2014-12-20 00:12 - 2014-12-23 20:28 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-12-20 00:12 - 2014-12-20 01:25 - 00096472 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-12-20 00:12 - 2014-12-20 00:12 - 00001126 ____C () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-20 00:12 - 2014-12-20 00:12 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-20 00:12 - 2014-12-20 00:12 - 00000000 ___DC () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-20 00:12 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-12-20 00:12 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-12-19 08:19 - 2014-12-19 08:19 - 00001936 ____C () C:\ProgramData\Microsoft\Windows\Start Menu\YAC.lnk
2014-12-19 08:19 - 2014-12-19 08:19 - 00001930 ____C () C:\Users\Public\Desktop\YAC.lnk
2014-12-19 08:19 - 2014-12-19 08:19 - 00000000 ___DC () C:\Users\Wouter\AppData\Roaming\Elex-tech
2014-12-19 08:19 - 2014-12-19 08:19 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YAC
2014-12-19 08:19 - 2014-12-19 08:19 - 00000000 ___DC () C:\Program Files (x86)\Elex-tech
2014-12-19 08:19 - 2014-12-19 08:19 - 00000000 ____D () C:\WINDOWS\system32\log
2014-12-19 08:19 - 2014-12-18 10:51 - 00045224 _____ (Elex do Brasil Participações Ltda) C:\WINDOWS\system32\Drivers\iSafeKrnlBoot.sys
2014-12-19 08:19 - 2014-12-12 08:31 - 00052392 _____ (Elex do Brasil Participações Ltda) C:\WINDOWS\system32\Drivers\iSafeNetFilter.sys
2014-12-18 19:28 - 2014-12-23 19:43 - 01068523 _____ () C:\WINDOWS\WindowsUpdate.log
2014-12-18 19:06 - 2014-12-18 19:06 - 00001156 ____C () C:\Users\Wouter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware Guard.lnk
2014-12-18 18:41 - 2014-12-20 02:57 - 00000000 ___DC () C:\Users\Wouter\AppData\Roaming\eCyber
2014-12-18 17:48 - 2014-12-18 18:32 - 00000000 ___DC () C:\Program Files (x86)\Exterminate It!
2014-12-18 17:48 - 2014-12-18 17:48 - 00001105 ____C () C:\Users\Public\Desktop\Exterminate It!.lnk
2014-12-18 17:48 - 2014-12-18 17:48 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Exterminate It!
2014-12-18 16:04 - 2014-12-18 16:04 - 00000000 ___DC () C:\ProgramData\Emsisoft
2014-12-18 12:56 - 2014-12-19 08:14 - 00000000 ___DC () C:\Program Files (x86)\Emsisoft Anti-Malware
2014-12-18 01:19 - 2014-12-18 01:22 - 00000000 ___DC () C:\Users\Wouter\AppData\Roaming\GlarySoft
2014-12-18 01:19 - 2014-12-18 01:22 - 00000000 ___DC () C:\Program Files (x86)\Glarysoft
2014-12-18 01:19 - 2014-12-18 01:19 - 00000000 ___DC () C:\Users\Wouter\AppData\Roaming\DiskDefrag
2014-12-17 19:05 - 2014-12-17 19:05 - 00000000 ___DC () C:\Users\Wouter\Doctor Web
2014-12-17 18:46 - 2014-12-17 18:46 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HeavenWard
2014-12-17 18:46 - 2014-12-17 18:46 - 00000000 ___DC () C:\Program Files (x86)\HeavenWard
2014-12-17 15:04 - 2014-12-17 22:53 - 00000000 ____D () C:\WINDOWS\Minidump
2014-12-14 17:07 - 2014-12-14 17:07 - 00000000 ___DC () C:\ProgramData\Avg_Update_1214tb
2014-12-14 09:32 - 2014-12-14 09:32 - 00000950 ____C () C:\Users\Wouter\Desktop\HD Tune.lnk
2014-12-14 09:32 - 2014-12-14 09:32 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD Tune
2014-12-14 09:31 - 2014-12-14 09:32 - 00000000 ___DC () C:\Program Files (x86)\HD Tune
2014-12-13 02:39 - 2014-12-22 05:00 - 00000000 ___DC () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-12-13 01:19 - 2014-12-13 01:19 - 00000000 ___DC () C:\Users\Wouter\AppData\Roaming\Process Hacker 2
2014-12-12 22:51 - 2014-12-12 22:51 - 00000000 ___DC () C:\Users\Wouter\AppData\Local\{B191D350-44C0-4175-A1CA-3AD57B364502}
2014-12-12 21:16 - 2014-12-12 21:16 - 00001865 ____C () C:\Users\Wouter\Desktop\Process Hacker 2.lnk
2014-12-12 21:16 - 2014-12-12 21:16 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Process Hacker 2
2014-12-12 21:16 - 2014-12-12 21:16 - 00000000 ___DC () C:\Program Files\Process Hacker 2
2014-12-11 12:50 - 2014-10-30 23:37 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2014-12-11 12:50 - 2014-10-30 23:34 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2014-12-10 22:55 - 2014-12-10 22:55 - 00000000 ____C () C:\Program Files\izWrTe474839657829394328.tmp
2014-12-09 22:58 - 2014-11-10 03:29 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupStatusProvider.dll
2014-12-09 22:58 - 2014-11-10 02:51 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceSetupStatusProvider.dll
2014-12-09 22:57 - 2014-10-31 00:39 - 01970432 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2014-12-09 22:57 - 2014-10-31 00:38 - 01612992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2014-12-09 22:38 - 2014-11-07 05:16 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2014-12-09 22:38 - 2014-11-07 04:26 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2014-12-09 22:38 - 2014-11-01 00:57 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-12-09 22:38 - 2014-11-01 00:47 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2014-12-09 22:37 - 2014-10-13 03:43 - 00238912 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2014-12-09 22:37 - 2014-10-13 03:43 - 00153920 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2014-12-09 22:37 - 2014-10-13 03:43 - 00086336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2014-12-09 22:37 - 2014-10-13 03:43 - 00039744 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2014-12-09 22:36 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-12-09 22:36 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-12-09 22:36 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-12-09 22:36 - 2014-11-22 03:49 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2014-12-09 22:36 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-12-09 22:36 - 2014-11-22 03:35 - 00812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2014-12-09 22:36 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-12-09 22:36 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-12-09 22:36 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-12-09 22:36 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-12-09 22:36 - 2014-11-22 03:06 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2014-12-09 22:36 - 2014-11-22 03:06 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2014-12-09 22:36 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-12-09 22:36 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-12-09 22:36 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-12-09 22:36 - 2014-11-22 02:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2014-12-09 22:36 - 2014-11-22 02:55 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2014-12-09 22:36 - 2014-11-22 02:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2014-12-09 22:36 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-12-09 22:36 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-12-09 22:36 - 2014-11-22 02:49 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-12-09 22:36 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-12-09 22:36 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-12-09 22:36 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-12-09 22:36 - 2014-11-22 02:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2014-12-09 22:36 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-12-09 22:36 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-12-09 22:36 - 2014-11-22 02:29 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2014-12-09 22:36 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-12-09 22:36 - 2014-11-22 02:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2014-12-09 22:36 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-12-09 22:36 - 2014-11-22 02:23 - 00326656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-12-09 22:36 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-12-09 22:36 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-12-09 22:36 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-12-09 22:36 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-12-09 22:36 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-12-09 22:36 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-12-09 22:36 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-12-06 20:07 - 2014-12-06 20:07 - 00000000 ___DC () C:\Users\Wouter\AppData\Local\{13D7EB60-8620-453B-B6E6-58E230B07597}
2014-12-04 08:30 - 2014-12-04 08:40 - 00000139 ____C () C:\Users\Wouter\Desktop\hitachi rechte slijper.txt
2014-12-02 22:21 - 2014-12-02 22:32 - 00000000 ___DC () C:\Users\Wouter\Documents\Audio Recorder for Free
2014-12-02 22:21 - 2014-12-02 22:21 - 00000000 ___DC () C:\Users\Wouter\AppData\Roaming\Audio Recorder for Free
2014-12-02 18:01 - 2014-12-02 18:01 - 00000000 ___DC () C:\Users\Wouter\AppData\Local\{1B099131-C619-454E-B972-A7E5B5C82168}
2014-11-30 18:27 - 2014-11-30 18:27 - 00000000 ___DC () C:\Users\Wouter\AppData\Local\{9C78B62A-3D93-41E2-9E5B-C01EFD4E0434}
2014-11-30 15:14 - 2014-11-30 15:14 - 00000000 _SHDC () C:\Users\Wouter\AppData\Local\EmieBrowserModeList
2014-11-23 19:24 - 2014-11-23 19:24 - 00000000 ___DC () C:\Users\Wouter\AppData\Local\{D540E60D-6D23-41B7-ADB1-7E0B7B13F50A}
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-23 20:48 - 2012-11-29 02:45 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-813266232-3791934722-1737961828-1000
2014-12-23 20:46 - 2012-08-12 01:46 - 00000940 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-12-23 20:43 - 2012-02-04 03:41 - 00000000 ___DC () C:\Users\Wouter\AppData\Roaming\uTorrent
2014-12-23 20:02 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-12-23 19:56 - 2013-09-30 05:15 - 01824750 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-12-23 19:56 - 2013-09-30 04:59 - 00805906 _____ () C:\WINDOWS\system32\perfh013.dat
2014-12-23 19:56 - 2013-09-30 04:59 - 00162150 _____ () C:\WINDOWS\system32\perfc013.dat
2014-12-23 19:55 - 2013-08-09 21:50 - 00000948 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-813266232-3791934722-1737961828-1000UA.job
2014-12-23 19:53 - 2012-01-30 23:31 - 00001080 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-23 19:21 - 2013-04-09 03:09 - 00000000 __RDO () C:\Users\Wouter\SkyDrive
2014-12-23 19:21 - 2012-06-05 23:34 - 00000000 __RDC () C:\Users\Wouter\Dropbox
2014-12-23 19:21 - 2012-06-05 23:32 - 00000000 ___DC () C:\Users\Wouter\AppData\Roaming\Dropbox
2014-12-23 19:21 - 2012-02-01 03:35 - 00000000 ___DC () C:\ProgramData\MFAData
2014-12-23 19:18 - 2012-01-30 23:31 - 00001076 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-23 19:16 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-12-23 19:15 - 2013-08-22 14:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2014-12-23 06:46 - 2012-01-30 22:33 - 00000000 ___DC () C:\Users\Wouter\AppData\Roaming\SoftGrid Client
2014-12-23 06:39 - 2013-12-02 22:19 - 00003958 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{42C96D33-4858-4DDC-B4FB-F6E7833E2877}
2014-12-23 06:35 - 2012-02-02 04:40 - 00000000 ___DC () C:\Users\Wouter\AppData\Roaming\Skype
2014-12-23 02:37 - 2012-02-07 00:18 - 00000000 ___DC () C:\Users\Wouter\Documents\Mijn ontvangen bestanden
2014-12-23 00:43 - 2013-08-27 01:22 - 00000000 ___DC () C:\Program Files\Recuva
2014-12-23 00:43 - 2012-01-30 22:13 - 00000000 ___DC () C:\Users\Wouter\Documents\mijn teksten
2014-12-23 00:42 - 2013-11-14 21:17 - 00000000 ___DC () C:\Users\Wouter
2014-12-22 23:55 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-12-22 23:27 - 2014-03-13 03:03 - 00000000 ___DC () C:\Program Files\WhoCrashed
2014-12-22 22:55 - 2013-08-09 21:50 - 00000926 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-813266232-3791934722-1737961828-1000Core.job
2014-12-22 02:35 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-12-22 01:21 - 2014-07-24 21:43 - 00000000 ___DC () C:\Program Files (x86)\Avid
2014-12-22 01:19 - 2011-07-12 05:15 - 00000000 ___DC () C:\Program Files (x86)\CyberLink
2014-12-21 22:39 - 2012-01-31 18:14 - 00000099 ____C () C:\Users\Public\LMDebug.log
2014-12-21 19:24 - 2012-04-22 01:29 - 00000000 ___DC () C:\Users\Wouter\AppData\Roaming\RealNetworks
2014-12-21 19:24 - 2012-02-15 12:22 - 00000000 ___DC () C:\Users\Wouter\AppData\Roaming\Real
2014-12-21 19:24 - 2012-02-15 12:22 - 00000000 ___DC () C:\ProgramData\Real
2014-12-21 19:24 - 2012-02-15 12:22 - 00000000 ___DC () C:\Program Files (x86)\Real
2014-12-21 03:12 - 2012-11-03 05:13 - 00000000 ___DC () C:\Program Files\SyncBack
2014-12-21 02:15 - 2012-01-30 22:13 - 00000000 ___DC () C:\Users\Wouter\Documents\mijn beelden
2014-12-20 23:57 - 2012-09-07 15:23 - 00000000 ___DC () C:\Users\Wouter\AppData\Roaming\vlc
2014-12-20 00:28 - 2012-02-03 21:29 - 00000000 ___DC () C:\Users\Wouter\Documents\BSR Photos
2014-12-19 09:43 - 2013-08-22 15:44 - 00432208 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-12-19 08:12 - 2012-01-30 17:06 - 00000000 _SHDC () C:\Recovery
2014-12-19 03:15 - 2014-10-02 12:42 - 00000298 ____C () C:\Users\Wouter\AppData\Local\config.ini
2014-12-19 03:15 - 2014-10-02 12:42 - 00000000 ____C () C:\Users\Wouter\AppData\Local\simedit.log
2014-12-18 16:47 - 2013-11-14 21:17 - 00000000 ___DC () C:\Users\Gast
2014-12-18 16:33 - 2014-05-11 20:13 - 00000000 ___DC () C:\temp
2014-12-18 09:56 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-12-17 21:25 - 2012-02-02 04:40 - 00000000 __RDC () C:\Program Files (x86)\Skype
2014-12-17 21:25 - 2011-07-12 04:49 - 00000000 ___DC () C:\ProgramData\Skype
2014-12-17 14:33 - 2013-03-10 09:22 - 00000000 ___DC () C:\Program Files\HitmanPro
2014-12-16 21:27 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-12-16 10:14 - 2013-04-07 23:48 - 00000000 ___DC () C:\Users\Wouter\AppData\Local\AntiLogger Free
2014-12-15 20:52 - 2012-02-03 19:59 - 00000000 ___DC () C:\Users\Wouter\AppData\Roaming\Mozilla
2014-12-15 15:10 - 2013-04-07 23:48 - 00001164 ____C () C:\Users\Public\Desktop\AntiLogger Free.lnk
2014-12-15 15:10 - 2013-04-07 23:48 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiLogger Free
2014-12-15 15:10 - 2013-04-07 23:48 - 00000000 ___DC () C:\Program Files (x86)\Zemana AntiLogger Free
2014-12-15 15:10 - 2013-04-07 23:48 - 00000000 ___DC () C:\Program Files (x86)\KeyCryptSDK
2014-12-15 02:29 - 2014-09-24 22:06 - 00052000 _____ (AVG Technologies) C:\WINDOWS\system32\Drivers\avgtpx64.sys
2014-12-15 02:29 - 2014-09-24 22:06 - 00000000 ___DC () C:\Program Files\AVG SafeGuard toolbar
2014-12-14 01:38 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-12-13 14:16 - 2012-08-12 01:46 - 00003852 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-12-13 14:16 - 2012-01-30 17:11 - 00000000 ___DC () C:\Users\Wouter\AppData\Local\Adobe
2014-12-13 12:02 - 2013-04-07 23:48 - 00121840 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\KeyCrypt64.sys
2014-12-13 03:58 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-RS
2014-12-13 03:58 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-CS
2014-12-13 03:58 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2014-12-12 20:53 - 2012-06-05 23:34 - 00001081 ____C () C:\Users\Wouter\Desktop\Dropbox.lnk
2014-12-12 20:53 - 2012-06-05 23:32 - 00000000 ___DC () C:\Users\Wouter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-12-10 16:00 - 2013-08-05 19:42 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-12-10 01:54 - 2012-07-02 11:58 - 00002235 ____C () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-07 22:11 - 2013-09-13 12:04 - 00001643 ____C () C:\Users\Wouter\Desktop\DivX Movies.lnk
2014-12-07 22:11 - 2013-08-10 09:18 - 00000000 ___DC () C:\ProgramData\DivX
2014-12-07 22:10 - 2014-02-22 05:43 - 00001090 ____C () C:\Users\Public\Desktop\DivX Player.lnk
2014-12-07 22:10 - 2013-09-13 12:03 - 00001155 ____C () C:\Users\Public\Desktop\DivX Converter.lnk
2014-12-07 22:10 - 2013-09-13 12:03 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
2014-12-07 22:10 - 2013-08-10 09:19 - 00000000 ___DC () C:\Program Files (x86)\DivX
2014-12-07 21:25 - 2014-05-23 02:53 - 00000000 ____D () C:\WINDOWS\Power Video Downloader
2014-12-02 23:21 - 2014-11-07 04:57 - 00000000 ___DC () C:\My Works
2014-12-02 22:54 - 2013-06-27 14:06 - 00004573 ____C () C:\Users\Wouter\AppData\Roaming\CamStudio.cfg
2014-12-02 22:54 - 2013-06-27 14:06 - 00000408 ____C () C:\Users\Wouter\AppData\Roaming\CamShapes.ini
2014-12-02 22:54 - 2013-06-27 14:06 - 00000408 ____C () C:\Users\Wouter\AppData\Roaming\CamLayout.ini
2014-12-02 22:54 - 2013-06-27 14:06 - 00000181 ____C () C:\Users\Wouter\AppData\Roaming\Camdata.ini
2014-12-02 22:10 - 2014-10-23 09:57 - 00000000 ___DC () C:\ProgramData\AVG2015
2014-12-02 17:45 - 2014-02-16 23:06 - 00000000 ___DC () C:\Users\Wouter\AppData\Roaming\iSpy
2014-11-27 16:40 - 2012-02-10 22:49 - 112710672 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-11-26 22:10 - 2013-08-22 16:38 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-11-26 22:10 - 2013-08-22 16:38 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
 
Files to move or delete:
====================
C:\ProgramData\qjaxlkio.dss
 
 
Some content of TEMP:
====================
C:\Users\Wouter\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp0_ywly.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-12-23 02:42
 
==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-12-2014
Ran by Wouter at 2014-12-23 20:51:41
Running from C:\Users\Wouter\Documents\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Ad-Aware Antivirus (Disabled - Out of date) {D87B6541-12A1-DAEA-0033-9B8057AAB996}
AS: Ad-Aware Antivirus (Disabled - Out of date) {631A84A5-349B-D564-3A83-A0F22C2DF32B}
AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: Ad-Aware Firewall (Disabled) {E040E464-58CE-DBB2-2B6C-32B5A979FEED}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
ActiveX контрола на Windows Live Mesh за отдалечени връзки (HKLM-x32\...\{B3BA4D1C-23EF-4859-9C11-1B2CCB7FADBB}) (Version: 15.4.5722.2 - Microsoft Corporation)
ActiveX-kontroll för fjärranslutningar för Windows Live Mesh (HKLM-x32\...\{376D59B1-42D9-4FA2-B6CC-E346B6BE14F5}) (Version: 15.4.5722.2 - Microsoft Corporation)
Ad-Aware Antivirus (HKLM\...\{A5C0392D-46A7-4CB3-800B-5794909453BD}_AdAwareUpdater) (Version: 11.5.202.7299 - Lavasoft)
Ad-Aware Web Companion (x32 Version: 1.1.844.1586 - Lavasoft) Hidden
AdAwareInstaller (Version: 11.5.202.7299 - Lavasoft) Hidden
AdAwareUpdater (Version: 11.5.202.7299 - Lavasoft) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.2.1.650 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Photoshop Elements 9 (HKLM-x32\...\Adobe Photoshop Elements 9) (Version: 9.0.3.0 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
AntiLogger Free version 1.8.2.111 (HKLM-x32\...\{A80DB23D-0618-405B-89D9-28F99814E287}_is1) (Version: 1.8.2.111 - Zemana Ltd.)
AntimalwareEngine (Version: 3.0.0.56 - Lavasoft) Hidden
Any Audio Converter 3.3.1 (HKLM-x32\...\Any Audio Converter_is1) (Version:  - Any-Audio-Converter.com)
Any Video Converter 3.4.2 (HKLM-x32\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
Apowersoft Gratis Audiorecorder V2.1.7 (HKLM-x32\...\{E35F91E4-C68C-43E8-BE90-35CDEE4E5730}_is1) (Version: 2.1.7 - Apowersoft)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.36 - Atheros Communications Inc.)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5577 - AVG Technologies)
AVG 2015 (Version: 15.0.4257 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5577 - AVG Technologies) Hidden
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version:  - )
Backup Manager V3 (x32 Version: 3.0.0.100 - NTI Corporation) Hidden
Belgium e-ID middleware 4.0.7 (build 7453) (HKLM\...\{824563DE-75AD-4166-9DC0-B6482F207453}) (Version: 4.0.7453 - Belgian Government)
Belgium e-ID middleware 4.0.7 (build 7465) (HKLM\...\{824563DE-75AD-4166-9DC0-B6482F207465}) (Version: 4.0.7465 - Belgian Government)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
Camersoft Webcam Capture 2.2.32 (HKLM-x32\...\Camersoft Webcam Capture_is1) (Version:  - Camersoft Studio)
CamStudio version 2.7 (HKLM-x32\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7 - CamStudio Open Source)
CCleaner (HKLM\...\CCleaner) (Version: 3.25 - Piriform)
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
Control ActiveX del Windows Live Mesh per a connexions remotes (HKLM-x32\...\{76C064E2-BB99-4453-8FDA-42BC01AD0734}) (Version: 15.4.5722.2 - Microsoft Corporation)
Control ActiveX Windows Live Mesh pentru conexiuni la distanță (HKLM-x32\...\{260E3D78-94E6-47EC-8E29-46301572BB1E}) (Version: 15.4.5722.2 - Microsoft Corporation)
Controle ActiveX do Windows Live Mesh para Conexões Remotas (HKLM-x32\...\{39B3184E-0BFB-40FA-ADDC-E7E2D535CDA9}) (Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (HKLM-x32\...\{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}) (Version: 15.4.5722.2 - Microsoft Corporation)
CryptoPrevent v4.3.0 (HKLM-x32\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version:  - Foolish IT LLC)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1916 - CyberLink Corp.)
CyberLink MediaEspresso (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.1615_36053b - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3213 - CyberLink Corp.)
CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.2230.0 - CyberLink Corp.)
CyberLink PowerDirector 12 (Version: 12.0.2230.0 - Uw bedrijfsnaam) Hidden
CyberLink PowerDirector 12 Content Pack Premium (HKLM-x32\...\InstallShield_{0219CB86-A833-4581-8FF1-78F303F93AC3}) (Version: 12 - CyberLink Corp.)
CyberLink PowerDVD Copy (HKLM-x32\...\{E3D04529-6EDB-11D8-A372-0050BAE317E1}) (Version: 1.0.6720 - CyberLink Corp.)
CyberLink WaveEditor 2 (HKLM-x32\...\InstallShield_{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}) (Version: 2.0.4203 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Defraggler (HKLM\...\Defraggler) (Version: 2.17 - Piriform)
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.7.0.31 - DivX, LLC)
Dropbox (HKU\S-1-5-21-813266232-3791934722-1737961828-1000\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
Elements 9 Organizer (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Elements STI Installer (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Exterminate It! (HKLM-x32\...\Exterminate It!) (Version: 1.76.05.25 - Curio Lab)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
FastStone Image Viewer 4.9 (HKLM-x32\...\FastStone Image Viewer) (Version: 4.9 - FastStone Soft)
Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych (HKLM-x32\...\{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}) (Version: 15.4.5722.2 - Microsoft Corporation)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Free Audio Editor 2014 8.9.9 (HKLM-x32\...\Free Audio Editor 2014_is1) (Version:  - FAE Distribution, Inc.)
Free Duplicate Photo Finder (HKLM-x32\...\{00EBC706-8946-4967-9B64-16648DB3BA3A}) (Version: 1.0.0 - Free Picture Solutions)
Free Internet Eraser (HKLM-x32\...\{F7AD1EF2-2670-40C2-A541-939265AF2F98}_is1) (Version: Free Internet Eraser 3.60 - PrivacyEraser Computing, Inc.)
Free PDF Solutions PDF to WORD version 1.0 (HKLM-x32\...\Free PDF Solutions PDF to WORD_is1) (Version: 1.0 - )
Free Screen Recorder v2.9 (HKLM-x32\...\Free Screen Recorder_is1) (Version: 2.9 - Nbxsoft Software Development)
Free Screen Video Capture by Topviewsoft 4.1.7 (HKLM-x32\...\{180CAD6C-B0ED-42A9-8C4A-CF49C6682A06}_is1) (Version:  - Topviewsoft, Inc.)
Free SWF to AVI Converter (HKLM-x32\...\{44327031-4B00-4D21-8D25-620B6B476005}_is1) (Version:  - Recool Software Co., LTD)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotogràfica del Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Hard Disk Scrubber 3.3 (Remove Only) (HKLM-x32\...\{DE47ADD1-B82B-4B52-AF29-76AE7EF4E19D}_is1) (Version:  - Summit Computer Networks, Inc.)
Hardwipe 2.0.0 (HKLM-x32\...\{1921E7AC-4616-4A98-80E5-FAC4DCB31615}) (Version: 2.0.0 - Big Angry Dog)
HD Tune 2.55 (HKLM-x32\...\HD Tune_is1) (Version:  - EFD Software)
Hercules Optical Glass (HKLM-x32\...\{E6F043EB-FEF5-4C34-95AF-99B3EB68F7D9}) (Version: 4.0.2.1 - Hercules)
Hercules Webcam Station Evolution SE (HKLM-x32\...\{C3C44248-B8F7-4B20-A5C7-994870B60F55}) (Version: 4.1.1.2 - Hercules)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3006 - Packard Bell)
Index.dat Analyzer v2.5 (HKLM-x32\...\Index.dat Analyzer_is1) (Version: 2.5 - Systenance Software)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
iSpy (64 bit) (HKLM\...\{32511D73-E8F8-4ECC-BD63-5742353F9752}) (Version: 5.8.2 - iSpy)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Kontrola Windows Live Mesh ActiveX za daljinske veze (HKLM-x32\...\{19CBDE24-2761-49A5-816B-D2BA65D0CA8D}) (Version: 15.4.5722.2 - Microsoft Corporation)
Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave (HKLM-x32\...\{CA227A9D-09BE-4BFB-9764-48FED2DA5454}) (Version: 15.4.5722.2 - Microsoft Corporation)
Launch Manager (HKLM-x32\...\LManager) (Version: 5.1.4 - Packard Bell)
LavasoftTcpService (x32 Version: 2.2.9.5 - Lavasoft) Hidden
Logitech-webcamsoftware (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.80 - Logitech Inc.)
Malwarebytes Anti-Malware versie 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klik-en-Klaar 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - Nederlands (HKLM-x32\...\{90140011-0066-0413-0000-0000000FF1CE}) (Version: 14.0.5128.5002 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-813266232-3791934722-1737961828-1000\...\OneDriveSetup.exe) (Version: 17.3.1229.0918 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0413-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
My Lockbox 2.8.7 (HKLM\...\My Lockbox_is1) (Version: 2.8.7 - )
Nero Burning ROM 11 (HKLM-x32\...\{E656D89A-8CBB-497F-918F-8361A4071C26}) (Version: 11.0.10400 - Nero AG)
Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.2.10500.2.100 - Nero AG)
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.2.12000.21.100 - Nero AG)
Nero Multimedia Suite 10 Essentials (HKLM-x32\...\{62BF4BD3-B1F6-4FA2-8388-CC0647ACBF86}) (Version: 10.5.10300 - Nero AG)
Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.2.11600.14.100 - Nero AG)
NewBlue Video Essentials for PowerDirector (HKLM\...\NewBlue Video Essentials for Cyberlink) (Version: 3.0 - NewBlue)
NewBlue Video Essentials II for PowerDirector (HKLM\...\NewBlue Video Essentials II for Cyberlink) (Version: 3.0 - NewBlue)
NewBlue Video Essentials III for PowerDirector (HKLM\...\NewBlue Video Essentials III for Cyberlink) (Version: 3.0 - NewBlue)
Octoshape add-in for Adobe Flash Player (HKU\S-1-5-21-813266232-3791934722-1737961828-1000\...\Octoshape add-in for Adobe Flash Player) (Version:  - )
Onderhoud Samsung ML-1660 Series (HKLM-x32\...\Samsung ML-1660 Series) (Version:  - Samsung Electronics Co., Ltd.)
Ovládací prvek ActiveX platformy Windows Live Mesh pro vzdálená připojení (HKLM-x32\...\{B6190387-0036-4BEB-8D74-A0AFC5F14706}) (Version: 15.4.5722.2 - Microsoft Corporation)
Ovládací prvok ActiveX programu Windows Live Mesh pre vzdialené pripojenia (HKLM-x32\...\{C2FD7DB5-FE30-49B6-8A2F-C5652E053C31}) (Version: 15.4.5722.2 - Microsoft Corporation)
Packard Bell MyBackup (HKLM-x32\...\InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.0.100 - NTI Corporation)
Packard Bell Power Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3007 - Packard Bell)
Packard Bell Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3002 - Packard Bell)
Packard Bell Registration (HKLM-x32\...\Packard Bell Registration) (Version: 1.04.3501 - Packard Bell)
Packard Bell ScreenSaver (HKLM-x32\...\Packard Bell Screensaver) (Version: 1.1.1025.2010 - Packard Bell )
Packard Bell Social Networks (HKLM-x32\...\InstallShield_{64EF903E-D00A-414C-94A4-FBA368FFCDC9}) (Version: 2.0.2913 - CyberLink Corp.)
Packard Bell Social Networks (x32 Version: 2.0.2913 - CyberLink Corp.) Hidden
Packard Bell Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3500 - Packard Bell)
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
PowerDirector (Version: 12.0 - Uw bedrijfsnaam) Hidden
Process Hacker 2.33 (r5590) (HKLM\...\Process_Hacker2_is1) (Version: 2.33.0.5590 - wj32)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6329 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.00042 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.48 - Piriform)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SlimCleaner (HKLM-x32\...\{6B8D6199-EE44-4FD7-813A-6D8C62C9B384}) (Version: 4.0.30878 - SlimWare Utilities, Inc.)
SmartSound Quicktracks 5 (HKLM-x32\...\InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}) (Version: 5.1.8 - SmartSound Software Inc.)
SmartSound Quicktracks 5 (x32 Version: 5.1.8 - SmartSound Software Inc.) Hidden
Soluto (HKLM\...\{94EB0E2C-B6C4-4B44-8825-68E0774F2213}) (Version: 1.3.1497.1 - Soluto)
Spotify (HKU\S-1-5-21-813266232-3791934722-1737961828-1000\...\Spotify) (Version: 0.9.14.13.gba5645ad - Spotify AB)
StreamTransport version: 1.0.2.2171 (HKLM-x32\...\{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1) (Version:  - )
Stuurprogrammapakket voor Windows - Fedict SmartCard  (03/25/2014 4.0.7.4) (HKLM\...\B02255EDA75F867B4D85C5A5D23E13D9EF71E8AE) (Version: 03/25/2014 4.0.7.4 - Fedict)
SWFPlayer 2.6.2.0 (HKLM-x32\...\SWFPlayer_is1) (Version: 2.6.2.0 - Michael Faust, Alpha Interactive)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.6.0 - Synaptics Incorporated)
Unlocker 1.9.1-x64 (HKLM\...\Unlocker) (Version: 1.9.1 - Cedrick Collomb)
Urruneko konexioetarako Windows Live Mesh ActiveX kontrola (HKLM-x32\...\{7BA6DF02-B094-45D7-A3C9-BE3684253922}) (Version: 15.4.5722.2 - Microsoft Corporation)
Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi (HKLM-x32\...\{241E7104-937A-4366-AD57-8FDDDB003939}) (Version: 15.4.5722.2 - Microsoft Corporation)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Video Web Camera (HKLM-x32\...\InstallShield_{A0382E3C-7384-429A-9BFA-AF5888E5A193}) (Version: 1.5.2406.00 - CyberLink Corp.)
Video Web Camera (x32 Version: 1.5.2406.00 - CyberLink Corp.) Hidden
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WAV MP3 Converter v4.4 build 1429 (HKLM-x32\...\{A4A14B15-F25D-44F8-8483-291C1DF7C548}_is1) (Version:  - Hoo Technologies)
Web Companion (HKLM-x32\...\{D5116390-5C95-4FEA-A719-78C3C8B5DFB5}_WebCompanion) (Version: 1.1.844.1586 - Lavasoft)
Welcome Center (HKLM-x32\...\Packard Bell Welcome Center) (Version: 1.02.3501 - Packard Bell)
WhoCrashed 5.00 (HKLM\...\WhoCrashed_is1) (Version:  - Resplendence Software Projects Sp.)
WinDirStat 1.1.2 (HKU\S-1-5-21-813266232-3791934722-1737961828-1000\...\WinDirStat) (Version:  - )
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger (HKLM-x32\...\{09B7C7EB-3140-4B5E-842F-9C79A7137139}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-objekt til fjernforbindelser (HKLM-x32\...\{57220148-3B2B-412A-A2E0-82B9DF423696}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz (HKLM-x32\...\{6E29C4F7-C2C2-4B18-A15C-E09B92065F15}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Meshin etäyhteyksien ActiveX-komponentti (HKLM-x32\...\{4CF6F287-5121-483C-A5A2-07BDE19D8B4E}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
Xvid MPEG-4 Video Codec (HKLM\...\Xvid_is1) (Version:  - )
Xvid MPEG-4 Video Codec (HKLM-x32\...\Xvid_is1) (Version:  - )
YAC(Yet Another Cleaner!) (HKLM-x32\...\iSafe) (Version:  - ELEX DO BRASIL PARTICIPAÇÕES LTDA) <==== ATTENTION
Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις (HKLM-x32\...\{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Элемент управления Windows Live Mesh ActiveX для удаленных подключений (HKLM-x32\...\{BCB0D6F7-7EAB-4009-A6F2-8E0E7F317773}) (Version: 15.4.5722.2 - Microsoft Corporation)
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
פקד ActiveX של Windows Live Mesh עבור חיבורים מרוחקים (HKLM-x32\...\{9D4C7DFA-CBBB-4F06-BDAC-94D831406DF0}) (Version: 15.4.5722.2 - Microsoft Corporation)
عنصر تحكم ActiveX الخاص بـ Windows Live Mesh للاتصالات البعيدة (HKLM-x32\...\{E18B30AA-6E2D-480C-B918-AF61009F4010}) (Version: 15.4.5722.2 - Microsoft Corporation)
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
ตัวควบคุม ActiveX ใน Windows Live Mesh สำหรับการเชื่อมต่อระยะไกล (ไทย) (HKLM-x32\...\{A2EDAEEB-C981-46D5-8163-CF8F5F640EEE}) (Version: 15.4.5722.2 - Microsoft Corporation)
適用遠端連線的 Windows Live Mesh ActiveX 控制項 (HKLM-x32\...\{622DE1BE-9EDE-49D3-B349-29D64760342A}) (Version: 15.4.5722.2 - Microsoft Corporation)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-813266232-3791934722-1737961828-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Wouter\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-813266232-3791934722-1737961828-1000_Classes\CLSID\{BDA99C43-A768-455D-9E0E-DC42485189FA}\InprocServer32 -> C:\Program Files (x86)\Hardwipe\hwshell64.dll ()
CustomCLSID: HKU\S-1-5-21-813266232-3791934722-1737961828-1000_Classes\CLSID\{C73663ED-B7DD-4B6D-A7B7-D00ABF81281A}\InprocServer32 -> C:\Program Files (x86)\Hardwipe\hwshell64.dll ()
CustomCLSID: HKU\S-1-5-21-813266232-3791934722-1737961828-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Wouter\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-813266232-3791934722-1737961828-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Wouter\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-813266232-3791934722-1737961828-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Wouter\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-813266232-3791934722-1737961828-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Wouter\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-813266232-3791934722-1737961828-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Wouter\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-813266232-3791934722-1737961828-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Wouter\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-813266232-3791934722-1737961828-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Wouter\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-813266232-3791934722-1737961828-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Wouter\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-813266232-3791934722-1737961828-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Wouter\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
 
==================== Restore Points  =========================
 
18-12-2014 17:11:53 Herstelbewerking
19-12-2014 11:50:10 na trojan en terug internet maar nog niet alles safe
21-12-2014 23:44:21 herstelpunt na verwijdering realcloud en voor runnen regcurepro
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 14:25 - 2014-12-19 06:49 - 00000835 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {10754DA8-FE12-43CF-B521-C9DAB7B32D7A} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-813266232-3791934722-1737961828-1000Core => C:\Users\Wouter\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-08-09] (Facebook Inc.)
Task: {13EDD49B-EA5F-4684-A815-5C18D7986DEE} - System32\Tasks\{99642724-0374-48B0-8DC0-21618AEA2E1B} => C:\Program Files (x86)\CamStudio\CamStudio 2.6b\Recorder.exe
Task: {18BCE3F1-21DB-4283-910C-8919E17E32BE} - System32\Tasks\{8A1693BE-32DD-4E4B-9969-E698F5D335AF} => Firefox.exe 
Task: {1AD96EA9-7C2F-4F35-B4C1-D93C226B227A} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {1B2DCD1A-C017-41FD-8ACB-764B66CD366F} - System32\Tasks\Adobe-online actualiseringsprogramma => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04] (Adobe Systems Incorporated)
Task: {1D4FC72D-64C1-4D9F-AFD7-BCCB1D07DCE8} - System32\Tasks\{FBC1506A-83F3-49E5-BBB6-F2D84169713B} => C:\Program Files (x86)\CamStudio\CamStudio 2.6b\Recorder.exe
Task: {1FEEE256-6872-4129-8F0A-F88EE1CED9B5} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {2107E897-BDFF-4B19-A444-7EA5DA1C883B} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-813266232-3791934722-1737961828-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
Task: {2206E069-C924-4814-B1C5-A5155E728DE7} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {2C48B40C-C8A5-42BA-B87E-03C48B6B2583} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {2EB67BE8-17BC-4485-9720-4291F95BE7AE} - System32\Tasks\{D3B623C4-18A2-4E7F-9E80-CAC203A89FCA} => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
Task: {2FD10B09-365F-4382-BA58-39C84BF90ABE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {2FD784A6-1538-4562-A062-2FC6C90CC563} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe
Task: {35C392C4-B17F-486B-BCFD-0E6CCAE93EC3} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {39AE9F91-3B79-4ACD-B387-061E1C04069F} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-wouter.otten@hotmail.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-07-29] (Adobe Systems Incorporated)
Task: {3B499241-A554-4B38-A27B-C721AFAC4008} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-11-27] (Microsoft Corporation)
Task: {3D7F97C0-22CE-49B8-ACE8-089E717022D0} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-813266232-3791934722-1737961828-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {3F585CB1-9CAA-4E7F-90D0-0E10F2607F08} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-13] (Adobe Systems Incorporated)
Task: {44FA8609-E709-486E-9CFF-976F681F3B23} - System32\Tasks\{6C03042D-C12A-429C-901E-4BEBCBCAF00E} => C:\Program Files\BSR Screen Recorder\Screen Recorder 5.exe
Task: {47B7DA47-551F-45E9-A31D-B86813D983F0} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {48CA1328-D424-4DF2-9DC9-FC19E34C2CCA} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {4B19F9D0-5F62-4753-B497-4FD78CB6CE0A} - System32\Tasks\{8C7F457A-3FD6-44E9-94E8-0B697D1197C3} => pcalua.exe -a "C:\Program Files\HitmanPro\HitmanPro.exe" -d "C:\Program Files\HitmanPro"
Task: {4B2E5544-AD87-42B2-90E8-DEDADC3DF14F} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {506705DE-1258-4F66-AB13-8167024C3C0F} - System32\Tasks\{8FEA599F-77F6-4640-AB70-43953E0A1EBA} => C:\Program Files (x86)\QuickTime\QuickTimePlayer.exe [2014-10-07] (Apple Inc.)
Task: {5504E344-86A1-495D-B32C-DA3F25444676} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
Task: {56447930-5A0E-4B82-9328-7D59E6566DDA} - System32\Tasks\Open Chrome => Chrome.exe --new-window
Task: {579D2180-EABD-45B3-A9E5-32BCE09445A8} - \Advanced System Protector No Task File <==== ATTENTION
Task: {57DC0EAA-5305-4ED7-882C-6C19B4EE13DD} - System32\Tasks\{72351121-20FC-4E18-9C34-C541DFC2FE96} => pcalua.exe -a "C:\Program Files\BSR Screen Recorder\Bulent-Screen-Recorder-4.1.214.exe" -d "C:\Program Files\BSR Screen Recorder"
Task: {60F6C20E-B8A3-4E90-9B1B-D18C20C5D7F7} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {6447597E-96F1-44A6-A2B6-1D8AF679A5C3} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-813266232-3791934722-1737961828-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {647D9A32-FD06-4B75-B3BA-ED94089F878E} - \GoforFilesUpdate No Task File <==== ATTENTION
Task: {6B4F3E56-F1D6-4080-BE34-683D406AC99B} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-813266232-3791934722-1737961828-1000 => %localappdata%\Microsoft\SkyDrive\SkyDrive.exe
Task: {6C25784D-5ED1-4B03-AC28-7F300D201560} - System32\Tasks\AdobeAAMUpdater-1.0-HAL1984-Wouter => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-07-29] (Adobe Systems Incorporated)
Task: {6E345AAD-2BC3-4263-8618-D0925665FBD9} - System32\Tasks\{5E58B611-6ED2-4087-A134-D98FC8D21C0A} => C:\Program Files (x86)\CamStudio\CamStudio 2.6b\Recorder.exe
Task: {720256E6-6A1C-4698-9F65-43306C33B6FE} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {72D06CE8-4BED-4A28-A1B8-F9030E43E6B0} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {7865FB9A-0047-4954-AF8A-DAA497D21174} - System32\Tasks\Real Player-online actualiseringsprogramma => c:\program files (x86)\real\realplayer\Update\realsched.exe
Task: {805B1CCF-0909-4C2D-94E0-4FB8D5034544} - System32\Tasks\SlimCleaner Run => C:\Program Files (x86)\SlimCleaner\SlimCleaner.exe [2013-07-10] (SlimWare Utilities, Inc.)
Task: {823B464D-56FE-4B45-A281-30021E0AF6B4} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {8586B22A-6B13-45D1-9914-FD822A44386D} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-10-07] (Oracle Corporation)
Task: {85F2F365-F3DE-49DF-9838-5B4CDE7CD9DD} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {9D0EA4BA-68F0-4BFC-81FB-F5752E84FAB0} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {9D3E9593-5C7F-4E34-862F-10786C32E7E0} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {A2AD808A-5CD8-4825-8795-57605D8E4F13} - \RunAsStdUser No Task File <==== ATTENTION
Task: {A5C3CB52-EDB8-4265-BB23-EFD0CBB3F04C} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {A93AD1DA-1795-472D-A480-636C328346B2} - System32\Tasks\{E843B2B7-80B1-4B3E-B644-B9B278A0670E} => Firefox.exe 
Task: {A9686ED0-4A31-4E5E-857F-986C5D9ECAC6} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {ACB487D5-4C2D-4C2B-8348-927895195C1A} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-813266232-3791934722-1737961828-1000UA => C:\Users\Wouter\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-08-09] (Facebook Inc.)
Task: {B08E3CA0-4F36-4D61-8E7D-F78DCC648019} - System32\Tasks\{DEEA267D-FF08-467C-83FD-08475500E3AE} => C:\Program Files (x86)\CamStudio\CamStudio 2.6b\Recorder.exe
Task: {B15BD1F8-616D-4F55-A1B5-45396BBA643A} - System32\Tasks\{73E963EA-8261-4EFF-8FD5-17D9FE305DD6} => pcalua.exe -a "C:\Program Files (x86)\Zoom Downloader\uninstall.exe" -c /u /UserID=aa2037ae-3a32-4382-be5c-f595818756f8 /SourceID=299171
Task: {B78D6311-7896-4825-9FBF-FACF41595A1C} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {B865D082-46AC-41D6-969A-ABEF74173470} - System32\Tasks\{C3A6979D-813F-49CA-A96A-DE1CC69D4E9B} => Firefox.exe 
Task: {C3D47FF8-AF98-4EA0-8C8C-A5CAEB6AEF1B} - System32\Tasks\{14B66327-2FB7-4961-A472-E0928AC13C5E} => C:\Program Files\BSR Screen Recorder\Screen Recorder 5.exe
Task: {C7897811-4E96-4863-9DD1-AE0112949D5C} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {D6E69F85-F83A-4DD5-B00C-B7AEF71AA16D} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {DCFDA480-DAB9-45A6-B9C3-743D8E5C5B45} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-03-18] (Piriform Ltd)
Task: {DDA81445-EB29-441D-8112-354CD77F99E7} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {DEE8AC2A-802E-4517-9635-5ADFE06D9D19} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {E3BA970D-42AC-4AA8-B8A6-98D6FFE7303D} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {EDFC1F54-99D9-45CE-AC44-F02F5B136BC5} - System32\Tasks\{39233457-6DCC-4E55-944D-D21F2FE790F1} => Firefox.exe 
Task: {F24DD17E-02E1-49ED-8713-20C41EB1FEB9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
Task: {F25E07E5-CD99-4E1A-B3DE-61C1D0EEF91F} - System32\Tasks\1114tbUpdateInfo => C:\ProgramData\Avg_Update_1114tb\1114tb_{37FADC3C-BF70-46CE-B2A6-29E65E5CAFEB}.exe [2014-11-07] ()
Task: {FA8C6708-EC91-42A4-BF0F-8805D78D0CDC} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-813266232-3791934722-1737961828-1000Core.job => C:\Users\Wouter\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-813266232-3791934722-1737961828-1000UA.job => C:\Users\Wouter\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Open Chrome.job => c:\program files (x86)\Google\Chrome\Application\chrome.exe
Task: C:\WINDOWS\Tasks\SyncBack bonsai.job => C:\Program Files\SyncBack\SyncBackWouterTaak gemaakt door SyncBack.exe
 
==================== Loaded Modules (whitelisted) =============
 
2011-06-22 06:48 - 2011-06-22 06:48 - 00034304 _____ () C:\WINDOWS\System32\ssp7ml6.dll
2014-12-18 15:09 - 2014-12-18 15:09 - 00713568 ____C () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareService.exe
2014-12-18 15:22 - 2014-12-18 15:22 - 00107352 ____C () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_thread-vc100-mt-1_57.dll
2014-12-18 15:22 - 2014-12-18 15:22 - 00024408 ____C () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_system-vc100-mt-1_57.dll
2014-12-18 15:22 - 2014-12-18 15:22 - 00055648 ____C () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_date_time-vc100-mt-1_57.dll
2014-12-18 15:22 - 2014-12-18 15:22 - 00125792 ____C () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_filesystem-vc100-mt-1_57.dll
2014-12-18 15:22 - 2014-12-18 15:22 - 00033624 ____C () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_chrono-vc100-mt-1_57.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 12716368 ____C () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareServiceKernel.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 03396400 ____C () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\RCF.dll
2014-12-18 15:22 - 2014-12-18 15:22 - 00786264 ____C () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_regex-vc100-mt-1_57.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00736584 ____C () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareActivation.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00474968 ____C () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareApplicationUpdater.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00812360 ____C () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareGamingMode.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00099136 ____C () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareReset.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00119616 ____C () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTime.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00957784 ____C () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareDefinitionsUpdater.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00867688 ____C () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareDefinitionsUpdaterScheduler.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 01107272 ____C () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareIgnoreList.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00248648 ____C () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareQuarantine.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 01009496 ____C () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareAntiMalwareEngine.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00212824 ____C () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareAntiRootkitEngine.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 01171280 ____C () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareScannerHistory.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 01295680 ____C () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareScanner.dll
2014-12-18 15:22 - 2014-12-18 15:22 - 00035160 ____C () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_timer-vc100-mt-1_57.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00975704 ____C () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareScannerScheduler.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 01091416 ____C () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareRealTimeProtection.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00229200 ____C () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareIncompatibles.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00894280 ____C () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareAntiSpam.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00849232 ____C () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareAntiPhishing.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 03096912 ____C () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareParentalControl.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 02953040 ____C () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareWebProtection.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 01251664 ____C () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareEmailProtection.dll
2014-12-18 15:22 - 2014-12-18 15:22 - 00053600 ____C () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_iostreams-vc100-mt-1_57.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 01289048 ____C () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareNetworkProtection.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00968000 ____C () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwarePromo.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00360776 ____C () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareFeedback.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 02785112 ____C () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareThreatWorkAlliance.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 01228608 ____C () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwarePinCode.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00968000 ____C () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareNotice.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00957256 ____C () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareAvcEngine.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 01177960 ____C () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareRealTimeProtectionHistory.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00152896 ____C () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\SecurityCenter.dll
2014-07-25 01:15 - 2012-08-08 20:36 - 00390672 ____C () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2014-10-23 09:01 - 2014-10-23 09:01 - 00177664 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\PCGAppContr9a4addef#\7f2f3c6894e0d87169e8584b74551f62\PCGAppControlPluginLoader.ni.exe
2013-12-08 14:21 - 2013-12-08 14:21 - 00124480 ____C () C:\Program Files\Soluto\PCGDllExportInspector.dll
2013-12-08 14:21 - 2013-12-08 14:21 - 00054848 ___RC () C:\Program Files\Soluto\PCGDeviceScanLib.dll
2014-10-23 09:03 - 2014-10-23 09:03 - 00101376 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Management\5638c05aebdbb990686165fb14eb3c88\Windows.Management.ni.dll
2010-07-15 05:44 - 2010-07-15 05:44 - 00020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2012-04-02 08:05 - 2012-04-02 08:05 - 00563088 _____ () C:\Program Files (x86)\Hardwipe\hwshell64.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 02757456 ____C () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareShellExtension.dll
2014-12-19 08:19 - 2014-12-18 10:51 - 00585000 ____C () C:\Program Files (x86)\Elex-tech\YAC\iDesk.exe
2013-04-06 18:00 - 2009-03-13 14:35 - 00515584 _____ () C:\Program Files (x86)\Hercules\Hercules Optical Glass\highgui110_64.dll
2013-04-06 18:00 - 2009-03-13 14:34 - 01341952 _____ () C:\Program Files (x86)\Hercules\Hercules Optical Glass\cxcore110_64.dll
2013-04-06 18:00 - 2009-03-13 14:35 - 01195520 _____ () C:\Program Files (x86)\Hercules\Hercules Optical Glass\cv110_64.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 08947008 ____C () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTray.exe
2014-12-18 15:22 - 2014-12-18 15:22 - 00500056 ____C () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_locale-vc100-mt-1_57.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 02130752 ____C () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\HtmlFramework.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00066872 ____C () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\DllStorage.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00869712 ____C () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTrayDefaultSkin.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00811328 ____C () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\Localization.dll
2012-01-31 18:12 - 2010-06-07 11:35 - 00618496 _____ () C:\Windows\Samsung\PanelMgr\SSMMgr.exe
2012-01-31 18:12 - 2009-07-29 11:13 - 00306688 _____ () C:\Windows\Samsung\PanelMgr\caller64.exe
2012-09-13 00:38 - 2012-09-13 00:38 - 00264040 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
2010-02-28 02:33 - 2010-02-28 02:33 - 00077664 ____C () C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
2011-06-22 06:48 - 2011-06-22 06:48 - 00826880 _____ () C:\Windows\System32\spool\drivers\x64\3\ssp7mdu.dll
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 ____C () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-12-19 08:19 - 2014-12-18 10:46 - 00394088 ____C () C:\Program Files (x86)\Elex-tech\YAC\curlpp.dll
2014-12-19 08:19 - 2014-12-18 10:46 - 00185640 ____C () C:\Program Files (x86)\Elex-tech\YAC\libpng.dll
2014-12-19 08:19 - 2014-12-18 10:46 - 00065696 ____C () C:\Program Files (x86)\Elex-tech\YAC\zlib1.dll
2014-12-19 08:19 - 2014-12-18 10:46 - 01105408 ____C () C:\Program Files (x86)\Elex-tech\YAC\isafechlp.dll
2014-12-19 08:19 - 2014-12-18 10:53 - 00198440 ____C () C:\Program Files (x86)\Elex-tech\YAC\iTPMsgCenter.dll
2014-12-19 08:19 - 2014-12-18 10:51 - 00207656 ____C () C:\Program Files (x86)\Elex-tech\YAC\iddmgr.dll
2012-03-04 16:00 - 2010-06-30 13:03 - 00051512 _____ () C:\Program Files\My Lockbox\My Lockbox\My Lockbox\fspflt.dll
2014-12-16 12:08 - 2014-12-16 12:08 - 00070464 ____C () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Utils.dll
2014-12-16 12:08 - 2014-12-16 12:08 - 00171368 ____C () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Business.dll
2014-12-16 12:08 - 2014-12-16 12:08 - 00089928 ____C () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.adblocker.dll
2014-12-16 12:08 - 2014-12-16 12:08 - 00033136 ____C () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Repositories.dll
2014-12-16 12:08 - 2014-12-16 12:08 - 00015696 ____C () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Utils.SqlLite.dll
2014-12-16 12:10 - 2014-12-16 12:10 - 00041304 ____C () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.PUP.Management.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00750080 ____C () C:\Users\Wouter\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2014-12-23 19:19 - 2014-12-23 19:19 - 00043008 ____C () c:\users\wouter\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp0_ywly.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00047616 ____C () C:\Users\Wouter\AppData\Roaming\Dropbox\bin\libEGL.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00863744 ____C () C:\Users\Wouter\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00200704 ____C () C:\Users\Wouter\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 02144104 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 07955304 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00341352 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00028008 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00127336 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2012-09-13 00:39 - 2012-09-13 00:39 - 00336232 _____ () C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
2014-12-10 01:54 - 2014-12-06 02:50 - 01077064 ____C () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-10 01:54 - 2014-12-06 02:50 - 00211272 ____C () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
2014-12-10 01:54 - 2014-12-06 02:50 - 09009480 ____C () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-10 01:54 - 2014-12-06 02:50 - 01677128 ____C () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
2014-10-17 05:07 - 2014-10-17 05:07 - 00169984 _____ () C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\IsdiInterop\888ab4533ab915a9451bdae14d9c783e\IsdiInterop.ni.dll
2011-07-12 04:18 - 2011-01-13 01:56 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2014-12-10 01:54 - 2014-12-06 02:50 - 14913352 ____C () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\temp:list1
AlternateDataStreams: C:\temp:pid1
AlternateDataStreams: C:\temp:pid2
AlternateDataStreams: C:\ProgramData\Temp:CB0AACC9
AlternateDataStreams: C:\Users\Wouter\Cookies:HqDbHbTSdZ4taeyVdHluEJSxN69
AlternateDataStreams: C:\Users\Wouter\Downloads:ms-properties
AlternateDataStreams: C:\Users\Wouter\SkyDrive:ms-properties
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: SearchProtectionService => 2
HKLM\...\StartupApproved\Run32: => "Adobe Reader Speed Launcher"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "CLMLServer"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "BackupManagerTray"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "TkBellExe"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKU\S-1-5-21-813266232-3791934722-1737961828-1000\...\StartupApproved\StartupFolder: => "GigaTribe.lnk"
HKU\S-1-5-21-813266232-3791934722-1737961828-1000\...\StartupApproved\Run: => "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
HKU\S-1-5-21-813266232-3791934722-1737961828-1000\...\StartupApproved\Run: => "Viber"
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-813266232-3791934722-1737961828-500 - Administrator - Disabled)
DC1F1285685840AE97FF (S-1-5-21-813266232-3791934722-1737961828-1006 - Limited - Enabled)
Gast (S-1-5-21-813266232-3791934722-1737961828-501 - Limited - Enabled) => C:\Users\Gast
HomeGroupUser$ (S-1-5-21-813266232-3791934722-1737961828-1004 - Limited - Enabled)
Wouter (S-1-5-21-813266232-3791934722-1737961828-1000 - Administrator - Enabled) => C:\Users\Wouter
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/23/2014 07:18:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Naam van toepassing met fout: mbam.exe, versie: 1.0.1.711, tijdstempel: 0x542b53ec
Naam van module met fout: KERNELBASE.dll, versie: 6.3.9600.17278, tijdstempel: 0x53eeb4a3
Uitzonderingscode: 0xc0000142
Foutmarge: 0x00098f05
Id van proces met fout: 0x14ec
Starttijd van toepassing met fout: 0xmbam.exe0
Pad naar toepassing met fout: mbam.exe1
Pad naar module met fout: mbam.exe2
Rapport-id: mbam.exe3
Volledige pakketnaam met fout: mbam.exe4
Relatieve toepassings-id van pakket met fout: mbam.exe5
 
Error: (12/23/2014 07:12:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Naam van toepassing met fout: mbam.exe, versie: 1.0.1.711, tijdstempel: 0x542b53ec
Naam van module met fout: KERNELBASE.dll, versie: 6.3.9600.17278, tijdstempel: 0x53eeb4a3
Uitzonderingscode: 0xc0000142
Foutmarge: 0x00098f05
Id van proces met fout: 0x1adc
Starttijd van toepassing met fout: 0xmbam.exe0
Pad naar toepassing met fout: mbam.exe1
Pad naar module met fout: mbam.exe2
Rapport-id: mbam.exe3
Volledige pakketnaam met fout: mbam.exe4
Relatieve toepassings-id van pakket met fout: mbam.exe5
 
Error: (12/23/2014 07:10:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 44398688
 
Error: (12/23/2014 07:10:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 44398688
 
Error: (12/23/2014 07:10:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (12/23/2014 03:18:51 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname HAL1984.local already in use; will try HAL1984-2.local instead
 
Error: (12/23/2014 03:18:51 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister    4 HAL1984.local. Addr 192.168.0.156
 
Error: (12/23/2014 03:18:51 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.0.149:5353    4 HAL1984.local. Addr 192.168.0.149
 
Error: (12/23/2014 02:48:48 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname HAL1984.local already in use; will try HAL1984-2.local instead
 
Error: (12/23/2014 02:48:48 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister    4 HAL1984.local. Addr 192.168.0.156
 
 
System errors:
=============
Error: (12/23/2014 07:29:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: De Soluto-service kan vanwege de volgende fout niet worden gestart: 
%%31
 
Error: (12/23/2014 07:29:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: De Soluto-service kan vanwege de volgende fout niet worden gestart: 
%%31
 
Error: (12/23/2014 07:22:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: De AppX Deployment Service (AppXSVC)-service kan vanwege de volgende fout niet worden gestart: 
%%1053
 
Error: (12/23/2014 07:22:10 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Time-out (30000 seconden) tijdens het wachten op het verbinden van deze service: AppX Deployment Service (AppXSVC).
 
Error: (12/23/2014 07:21:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: De AppX Deployment Service (AppXSVC)-service kan vanwege de volgende fout niet worden gestart: 
%%1053
 
Error: (12/23/2014 07:21:32 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Time-out (30000 seconden) tijdens het wachten op het verbinden van deze service: AppX Deployment Service (AppXSVC).
 
Error: (12/23/2014 07:20:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: De AppX Deployment Service (AppXSVC)-service kan vanwege de volgende fout niet worden gestart: 
%%1053
 
Error: (12/23/2014 07:20:56 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Time-out (30000 seconden) tijdens het wachten op het verbinden van deze service: AppX Deployment Service (AppXSVC).
 
Error: (12/23/2014 07:17:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: De vToolbarUpdater18.2.0-service kan vanwege de volgende fout niet worden gestart: 
%%2
 
Error: (12/23/2014 07:16:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: De Sentinel64-service kan vanwege de volgende fout niet worden gestart: 
%%20
 
 
Microsoft Office Sessions:
=========================
Error: (12/23/2014 07:18:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.1.711542b53ecKERNELBASE.dll6.3.9600.1727853eeb4a3c000014200098f0514ec01d01edcd0a181a5C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeKERNELBASE.dll1488a79a-8ad0-11e4-bf9b-d0df9a8fb8ee
 
Error: (12/23/2014 07:12:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.1.711542b53ecKERNELBASE.dll6.3.9600.1727853eeb4a3c000014200098f051adc01d01edbefd2c9afC:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeKERNELBASE.dll345bbd12-8acf-11e4-bf9a-b870f4b49796
 
Error: (12/23/2014 07:10:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 44398688
 
Error: (12/23/2014 07:10:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 44398688
 
Error: (12/23/2014 07:10:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (12/23/2014 03:18:51 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname HAL1984.local already in use; will try HAL1984-2.local instead
 
Error: (12/23/2014 03:18:51 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister    4 HAL1984.local. Addr 192.168.0.156
 
Error: (12/23/2014 03:18:51 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.0.149:5353    4 HAL1984.local. Addr 192.168.0.149
 
Error: (12/23/2014 02:48:48 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname HAL1984.local already in use; will try HAL1984-2.local instead
 
Error: (12/23/2014 02:48:48 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister    4 HAL1984.local. Addr 192.168.0.156
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-12-23 19:22:36.974
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
 
  Date: 2014-12-23 19:22:36.849
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
 
  Date: 2014-12-23 19:22:36.724
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
 
  Date: 2014-12-23 19:22:36.596
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
 
  Date: 2014-12-23 06:01:47.100
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
 
  Date: 2014-12-23 06:01:46.840
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
 
  Date: 2014-12-23 06:01:46.716
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
 
  Date: 2014-12-23 05:57:10.692
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
 
  Date: 2014-12-23 02:55:08.716
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
 
  Date: 2014-12-23 02:55:08.612
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3-2330M CPU @ 2.20GHz
Percentage of memory in use: 54%
Total physical RAM: 5995.86 MB
Available physical RAM: 2757.48 MB
Total Pagefile: 12139.86 MB
Available Pagefile: 7146.66 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB
 
==================== Drives ================================
 
Drive c: (Packard Bell) (Fixed) (Total:445.66 GB) (Free:288.58 GB) NTFS
Drive e: () (Removable) (Total:57.66 GB) (Free:33.12 GB) exFAT
Drive f: () (Removable) (Total:57.59 GB) (Free:57.1 GB) exFAT
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: B86C9A2F)
Partition 1: (Not Active) - (Size=20 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=445.7 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 57.7 GB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=57.7 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 57.6 GB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=57.6 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#3 wouter1

wouter1
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:56 PM

Posted 23 December 2014 - 03:50 PM

Attachments

Attached Files



#4 wouter1

wouter1
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:56 PM

Posted 23 December 2014 - 07:41 PM

Sorry in advance to anyone reading my previous post and trying to help: things have changed already I'm afraid. Shortly after I posted my previous message I noticed some personal files disappeared from my laptop once again. Because of this frightening discovery I estimated the chances high some hacker still having control over my laptop despite the fact anti-malware software couldn't detect any new infections. Therefore I decided to perform a factory restore of my Packard Bell machine from a couple of cd's I burned shortly after purchase, in a final desperate attempt to get rid of whatever was compromising it. The events during the last couple of days made me pretty paranoid though, so I don't consider this topic closed: while I was running the factory restore I had to unexpectedly make a choice between a 'normal' factory restore and a factory restore that would also erase hidden folders. Not knowing what to do (I had my router plugged out and could thus not look up with my little notebook what what best) I chose for the normal restore mode. So now I'm worried the hidden files might still be contamined. I will run a new Farbar scan of my 'newly factory restored system' and post it subsequently. Thanks to you all for your patience in dealing with my already pretty chaotic post!



#5 wouter1

wouter1
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:56 PM

Posted 23 December 2014 - 07:53 PM

When I downloaded Farbar once again I got a virus alert from Norton AntiVirus (saying it contained 'WS.Reputation.1'), so I worked with DDS Tool instead now that I degraded back to Windows 7 anyway since the factory restore. I meanwhile downloaded and ran Malwarebytes again and it detected no infections.This is the log DDS Tool produced:

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 9.0.8112.16421
Run by Wouter at 1:48:17 on 2014-12-24
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.31.1043.18.5996.3952 [GMT 1:00]
.
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
C:\Program Files (x86)\Launch Manager\LMutilps32.exe
C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe
C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe
C:\Program Files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://packardbell.msn.com
uDefault_Page_URL = hxxp://packardbell.msn.com
mStart Page = hxxp://packardbell.msn.com
mDefault_Page_URL = hxxp://packardbell.msn.com
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\CoIEPlg.dll
BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\IPS\IPSBHO.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - 
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\CoIEPlg.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\CoIEPlg.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - 
mRun: [BackupManagerTray] "C:\Program Files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe" -h -k
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRunOnce: [SymSilent] "C:\Program Files (x86)\SymSilent\SymSilent.exe" /_spawn /service
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
TCP: NameServer = 195.130.130.4 195.130.131.4
TCP: Interfaces\{8FAA3C43-64C4-447D-A849-1B81B3FB255B} : DHCPNameServer = 195.130.130.4 195.130.131.4
TCP: Interfaces\{8FAA3C43-64C4-447D-A849-1B81B3FB255B}\4554C454E4544584F4D4543505F445 : DHCPNameServer = 195.130.130.134 195.130.131.134
TCP: Interfaces\{A42F22A6-403E-4F6A-BAD3-BA7668E70C45} : DHCPNameServer = 192.168.1.250
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = hxxp://packardbell.msn.com
x64-mDefault_Page_URL = hxxp://packardbell.msn.com
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [Power Management] C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2014-12-24 55856]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1205000.07D\SymDS64.sys [2011-7-12 450608]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1205000.07D\SymEFA64.sys [2011-7-12 802864]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20101123.003\BHDrvx64.sys [2011-7-12 953904]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20101201.001\IDSviA64.sys [2011-7-12 476792]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1205000.07D\Ironx64.sys [2011-7-12 171128]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1205000.07D\symnets.sys [2011-7-12 382072]
R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-9-30 169408]
R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2011-7-12 352336]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [2014-12-24 872552]
R2 GREGService;GREGService;C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe [2011-1-18 29696]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-7-12 13336]
R2 Live Updater Service;Live Updater Service;C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2011-7-12 244624]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-12-24 1871160]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-12-24 969016]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-5-4 503080]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe [2011-7-12 130000]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe [2011-3-9 257344]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-7-12 2656280]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-7-12 317440]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2011-7-12 76912]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-12-24 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-12-24 129752]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-12-24 63704]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\Windows\System32\drivers\rtl8192se.sys [2011-7-12 1222248]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-1 183560]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2011-7-12 247400]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
.
=============== Created Last 30 ================
.
2014-12-24 07:48:13 -------- d-----w- C:\Windows\SysWow64\XPSViewer
2014-12-24 07:48:13 -------- d-----w- C:\Windows\SysWow64\wbem\nl-NL
2014-12-24 07:48:13 -------- d-----w- C:\Windows\SysWow64\nl
2014-12-24 07:48:13 -------- d-----w- C:\Windows\SysWow64\drivers\UMDF\nl-NL
2014-12-24 07:48:13 -------- d-----w- C:\Windows\SysWow64\drivers\nl-NL
2014-12-24 07:48:13 -------- d-----w- C:\Windows\SysWow64\0413
2014-12-24 07:48:13 -------- d-----w- C:\Windows\System32\nl
2014-12-24 07:48:13 -------- d-----w- C:\Windows\System32\0413
2014-12-24 07:48:13 -------- d-----w- C:\Windows\nl-NL
2014-12-24 07:48:12 -------- d-----w- C:\Windows\System32\drivers\UMDF\nl-NL
2014-12-24 07:48:12 -------- d-----w- C:\Windows\System32\drivers\nl-NL
2014-12-24 07:48:11 -------- d-----w- C:\Windows\System32\wbem\nl-NL
2014-12-24 07:42:41 -------- d-----w- C:\Windows\NAPP_Dism_Log
2014-12-24 00:46:06 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
2014-12-24 00:08:04 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-12-24 00:07:45 96472 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-12-24 00:07:45 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-12-24 00:07:45 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-12-24 00:07:45 -------- d-----w- C:\ProgramData\Malwarebytes
2014-12-24 00:07:45 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-24 00:07:18 -------- d-----w- C:\Users\Wouter\AppData\Local\Programs
2014-12-24 00:00:43 -------- d-----w- C:\Users\Wouter\AppData\Local\Google
2014-12-24 00:00:33 -------- d-----w- C:\Users\Wouter\AppData\Local\Apps
2014-12-24 00:00:32 -------- d-----w- C:\Users\Wouter\AppData\Local\Deployment
2014-12-23 23:45:54 -------- d-----w- C:\Users\Wouter\AppData\Local\Adobe
2014-12-23 23:44:27 -------- d-----w- C:\Users\Wouter\AppData\Local\VirtualStore
2014-12-23 23:21:21 -------- d-----w- C:\Windows\SysWow64\wbem\en-US
2014-12-23 23:21:21 -------- d-----w- C:\Windows\System32\wbem\en-US
2014-12-23 23:14:24 -------- d-----w- C:\Program Files (x86)\Video Web Camera
2014-12-23 23:12:59 33000960 ----a-w- C:\ProgramData\Microsoft\OEMOffice14\OStarter\nl-nl\click2run64.msi
2014-12-23 23:12:59 26049536 ----a-w- C:\ProgramData\Microsoft\OEMOffice14\OStarter\nl-nl\click2run.msi
2014-12-23 23:12:58 2376704 ----a-w- C:\ProgramData\Microsoft\OEMOffice14\OOBE\oobe.msi
2014-12-23 23:12:58 101888 ----a-w- C:\ProgramData\Microsoft\OEMOffice14\OOBE\oobe-x-none.msp
2014-12-23 23:09:05 55856 ------w- C:\Windows\System32\drivers\PxHlpa64.sys
2014-12-23 23:09:05 10224 ------w- C:\Windows\System32\drivers\cdralw2k.sys
2014-12-23 23:09:05 10224 ------w- C:\Windows\System32\drivers\cdr4_xp.sys
2014-12-23 23:07:35 -------- d-----w- C:\Program Files (x86)\Common Files\Sonic Shared
2014-12-23 23:07:35 -------- d-----w- C:\Program Files (x86)\Common Files\PX Storage Engine
2014-12-23 23:06:49 -------- d-----w- C:\Program Files (x86)\Microsoft
2014-12-23 23:02:55 -------- d-----w- C:\Program Files\Synaptics
2014-12-23 23:01:12 -------- d-----w- C:\Program Files (x86)\Launch Manager
2014-12-23 22:59:15 -------- d---a-w- C:\book
2014-12-23 22:55:58 -------- d-----w- C:\Program Files\Common Files\Intel
2014-12-23 22:55:57 -------- d-----w- C:\Program Files (x86)\Common Files\Intel
.
==================== Find3M  ====================
.
2014-12-24 07:47:38 2560 ----a-w- C:\Windows\SysWow64\drivers\nl-NL\qwavedrv.sys.mui
2014-12-24 07:47:29 5632 ----a-w- C:\Windows\SysWow64\drivers\nl-NL\ndiscap.sys.mui
2014-12-24 07:47:24 50688 ----a-w- C:\Windows\SysWow64\drivers\nl-NL\tcpip.sys.mui
2014-12-24 07:47:22 26624 ----a-w- C:\Windows\SysWow64\drivers\nl-NL\bfe.dll.mui
2014-12-24 07:47:22 16896 ----a-w- C:\Windows\SysWow64\drivers\nl-NL\pacer.sys.mui
2014-12-24 07:47:16 2560 ----a-w- C:\Windows\SysWow64\drivers\nl-NL\scfilter.sys.mui
.
============= FINISH:  1:48:49,74 ===============

Edited by wouter1, 23 December 2014 - 07:55 PM.


#6 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:56 AM

Posted 28 December 2014 - 03:30 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/560803 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#7 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:56 AM

Posted 28 December 2014 - 05:45 PM

You have stated that you no longer need help with this issue, therefore I am closing this topic. If that is not the case and you need or wish to continue with this topic, please send any Moderator a Personal Message (PM) that you would like this topic re-opened.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users