Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't open DDS tool for "kingsoft" virus help


  • This topic is locked This topic is locked
16 replies to this topic

#1 Benjidebenji

Benjidebenji

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:43 PM

Posted 05 January 2015 - 08:36 PM

Sorry, I'm not really a computer guy,

 

I followed the steps for requesting help but when I start DDS tool I get the message "can't start in compability mode" and can't find anything on forums about that problem.



BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:43 PM

Posted 06 January 2015 - 04:53 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

  • Important: To help me reviewing your logs, please post them in code boxes. You can create them by clicking on the <>-symbol on top of the reply window.

 
 
 
 
HijackThis is not the preferred initial scanning tool in this forum. With today's malware, a more comprehensive set of logs is required to determine the presence of malware.
 
 
  
Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)
 
  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.

 
 
Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.
  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )
  • Leave everything else as it is.
  • Close all other running programs as well as your Browser.
  • Click the Scan button & wait for it to finish.
  • Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop.
  • Please post the content of the ark.txt here.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.zip and extract to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt


Please attach this file to your next reply.
 


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 Benjidebenji

Benjidebenji
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:43 PM

Posted 06 January 2015 - 06:49 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-01-2015
Ran by BenjaminA (administrator) on BENJAMIN on 07-01-2015 00:41:58
Running from C:\Users\BenjaminA\Downloads
Loaded Profiles: UpdatusUser & BenjaminA (Available profiles: UpdatusUser & BenjaminA)
Platform: Windows 8.1 (X64) OS Language: Nederlands (Nederland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Kingsoft Corporation) C:\Program Files (x86)\kingsoft\kingsoft antivirus\kxescore.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\n360.exe
(Symantec) C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\StartManSvc.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\n360.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Facebook Inc.) C:\Users\BenjaminA\AppData\Local\Facebook\Update\FacebookUpdate.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\SSDMonitor.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\Gaming Mouse\Monitor.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Kingsoft Corporation) C:\Program Files (x86)\kingsoft\shoujizhushou\kphonetray.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Kingsoft Corporation) C:\Program Files (x86)\kingsoft\shoujizhushou\sjk_daemon.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\nacl64.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coNatHst.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\nacl64.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9654.17499_x64__8wekyb3d8bbwe\glcnd.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Kingsoft Corporation) C:\Program Files (x86)\kingsoft\kingsoft antivirus\kislive.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [765056 2012-09-29] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-09-29] (Qualcomm Atheros Commnucations)
HKLM\...\Run: [ACMON] => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [107192 2012-09-11] (ASUS)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-06-13] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe [3417984 2012-08-28] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [SSDMonitor] => C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\SSDMonitor.exe [106112 2014-01-27] (Symantec Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-09-11] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2013-08-29] ()
HKLM-x32\...\Run: [Gaming mouse] => C:\Program Files (x86)\Gaming Mouse\Monitor.exe [495616 2013-12-02] ()
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [kxesc] => c:\program files (x86)\kingsoft\kingsoft antivirus\kxetray.exe [2351048 2014-12-09] (Kingsoft Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-3281146613-2168281291-3785735229-1001\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2013-08-22] (Microsoft Corporation)
HKU\S-1-5-21-3281146613-2168281291-3785735229-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [1940160 2014-11-18] (Valve Corporation)
HKU\S-1-5-21-3281146613-2168281291-3785735229-1002\...\Run: [Facebook Update] => C:\Users\BenjaminA\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-07-21] (Facebook Inc.)
HKU\S-1-5-21-3281146613-2168281291-3785735229-1002\...\Run: [Lync] => C:\Program Files (x86)\Microsoft Office\Office15\lync.exe [19102872 2014-11-12] (Microsoft Corporation)
HKU\S-1-5-21-3281146613-2168281291-3785735229-1002\...\Run: [MurGee.com Auto Clicker] => C:\Users\BenjaminA\AppData\Local\Auto Clicker\AutoClicker.exe [100728 2014-03-11] (MurGee.com)
HKU\S-1-5-21-3281146613-2168281291-3785735229-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7063832 2014-11-21] (Piriform Ltd)
HKU\S-1-5-21-3281146613-2168281291-3785735229-1002\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil11g_Plugin.exe [250528 2014-11-15] (Adobe Systems, Inc.)
HKU\S-1-5-21-3281146613-2168281291-3785735229-1002\...\Policies\Explorer: [NoCDBurning] 1
HKU\S-1-5-21-3281146613-2168281291-3785735229-1002\...\Policies\Explorer: [nolowdiskspacechecks] 1
HKU\S-1-5-21-3281146613-2168281291-3785735229-1002\...\MountPoints2: {d7821dfa-4e30-11e4-be9d-2016d8479fa1} - "F:\LaunchU3.exe" -a
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2013-09-05] (NVIDIA Corporation)
Startup: C:\Users\BenjaminA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\BenjaminA\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x64.dll ()
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sweet-page.com/?type=hp&ts=1406717673&from=cor&uid=ST1000DM003-9YN162_S1D58X4JXXXXS1D58X4J
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.sweet-page.com/?type=hp&ts=1406717673&from=cor&uid=ST1000DM003-9YN162_S1D58X4JXXXXS1D58X4J
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-page.com/web/?type=ds&ts=1406717673&from=cor&uid=ST1000DM003-9YN162_S1D58X4JXXXXS1D58X4J&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-page.com/web/?type=ds&ts=1406717673&from=cor&uid=ST1000DM003-9YN162_S1D58X4JXXXXS1D58X4J&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sweet-page.com/?type=hp&ts=1406717673&from=cor&uid=ST1000DM003-9YN162_S1D58X4JXXXXS1D58X4J
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sweet-page.com/?type=hp&ts=1406717673&from=cor&uid=ST1000DM003-9YN162_S1D58X4JXXXXS1D58X4J
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-page.com/web/?type=ds&ts=1406717673&from=cor&uid=ST1000DM003-9YN162_S1D58X4JXXXXS1D58X4J&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-page.com/web/?type=ds&ts=1406717673&from=cor&uid=ST1000DM003-9YN162_S1D58X4JXXXXS1D58X4J&q={searchTerms}
HKU\S-1-5-21-3281146613-2168281291-3785735229-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sweet-page.com/?type=hp&ts=1406717673&from=cor&uid=ST1000DM003-9YN162_S1D58X4JXXXXS1D58X4J
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.sweet-page.com/web/?type=ds&ts=1406717673&from=cor&uid=ST1000DM003-9YN162_S1D58X4JXXXXS1D58X4J&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.sweet-page.com/web/?type=ds&ts=1406717673&from=cor&uid=ST1000DM003-9YN162_S1D58X4JXXXXS1D58X4J&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.sweet-page.com/web/?type=ds&ts=1406717673&from=cor&uid=ST1000DM003-9YN162_S1D58X4JXXXXS1D58X4J&q={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.sweet-page.com/web/?type=ds&ts=1406717673&from=cor&uid=ST1000DM003-9YN162_S1D58X4JXXXXS1D58X4J&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3281146613-2168281291-3785735229-1002 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKU\S-1-5-21-3281146613-2168281291-3785735229-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3281146613-2168281291-3785735229-1002 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=NIS&chn=retail&geo=NL&ver=21&locale=nl_NL&gct=kwd&qsrc=2869
SearchScopes: HKU\S-1-5-21-3281146613-2168281291-3785735229-1002 -> {DA404389-B6A1-437B-ACFF-9AF4D02C8281} URL = http://www.google.nl/search?hl=nl&q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_11_1_102.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @kingsfot.com/npkws -> c:\program files (x86)\kingsoft\kingsoft antivirus\npkws.dll (Kingsoft Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\Microsoft Office\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKU\S-1-5-21-3281146613-2168281291-3785735229-1002: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\BenjaminA\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKU\S-1-5-21-3281146613-2168281291-3785735229-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\BenjaminA\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Extension: eID België - C:\Program Files (x86)\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be [2013-06-16]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.3.0.12\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.3.0.12\IPSFF [2014-06-22]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.3.0.12\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.3.0.12\coFFPlgn [2014-12-17]

Chrome: 
=======
CHR HomePage: Default -> https://www.google.be/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\BenjaminA\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Windows Media Player Extension for HTML5) - C:\Users\BenjaminA\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak [2013-06-14]
CHR Extension: (Norton Identity Safe) - C:\Users\BenjaminA\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-08-11]
CHR Extension: (Facebook Invite All) - C:\Users\BenjaminA\AppData\Local\Google\Chrome\User Data\Default\Extensions\inmmhkeajgflmokoaaoadgkhhmibjbpj [2014-11-09]
CHR Extension: (Norton Security Toolbar) - C:\Users\BenjaminA\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-06-22]
CHR Extension: (Google Wallet) - C:\Users\BenjaminA\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-05]
CHR HKLM-x32\...\Chrome\Extension: [aaaajpbjobobnmcnepdoldijfgmgogbe] - No Path
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-05]
CHR HKLM-x32\...\Chrome\Extension: [nbmafkdmkkckhggblphicnnhlgljnoje] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [220288 2012-09-29] (Qualcomm Atheros Commnucations)
S3 DiskDoctorService; C:\Program Files (x86)\Symantec\Norton Utilities 16\Tools\Disk Doctor\DiskDoctorSrv.exe [1147424 2012-09-29] (Symantec Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-17] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R2 kxescore; c:\program files (x86)\kingsoft\kingsoft antivirus\kxescore.exe [280024 2014-12-04] (Kingsoft Corporation)
R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe [265040 2014-09-21] (Symantec Corporation)
R2 NU16StartManagerSvc; C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\StartManSvc.exe [792608 2012-09-29] (Symantec)
S3 SpeedDiskService; C:\Program Files (x86)\Symantec\Norton Utilities 16\Tools\SpeedDisk\SpeedDiskSrv.exe [1160224 2012-09-29] (Symantec Corporation)
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1025408 2013-06-27] (Enigma Software Group USA, LLC.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-09-29] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [61824 2012-10-31] (ASUS Corporation)
R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.3.0.12\Definitions\BASHDefs\20141209.001\BHDrvx64.sys [1587416 2014-10-03] (Symantec Corporation)
R0 bootsafe; C:\Windows\System32\Drivers\bootsafe64.sys [33128 2014-12-03] (Kingsoft Corporation)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-09-29] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys [162392 2014-02-21] (Symantec Corporation)
S3 cxbu0x64; C:\Windows\system32\DRIVERS\cxbu0x64.sys [147576 2014-05-14] (HID Global Corporation)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-12-11] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-12-11] (Symantec Corporation)
S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [13088 2011-03-02] ()
R2 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2012-06-22] ()
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.3.0.12\Definitions\IPSDefs\20150102.001\IDSvia64.sys [637656 2014-11-18] (Symantec Corporation)
R0 KAVBootC; C:\Windows\System32\Drivers\KAVBootC64.sys [31848 2014-12-03] (Kingsoft Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
R1 KDHacker; c:\program files (x86)\kingsoft\kingsoft antivirus\security\kxescan\kdhacker64.sys [189240 2014-12-29] (Kingsoft Corporation)
R2 kisknl; C:\WINDOWS\system32\drivers\kisknl.sys [228664 2014-12-29] (Kingsoft Corporation)
R1 kisnetm; c:\program files (x86)\kingsoft\kingsoft antivirus\security\ksnetm\kisnetm64.sys [109880 2014-12-04] (Kingsoft Corporation)
S3 ksapi64; C:\WINDOWS\system32\drivers\ksapi64.sys [56680 2014-12-04] (Kingsoft Corporation)
R3 ManyCam; C:\Windows\system32\DRIVERS\mcvidrv.sys [49776 2014-07-25] (Visicom Media Inc.)
R3 mcaudrv_simple; C:\Windows\system32\drivers\mcaudrv_x64.sys [35440 2014-05-13] (Visicom Media Inc.)
R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.3.0.12\Definitions\VirusDefs\20150104.024\ENG64.SYS [129752 2014-08-21] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.3.0.12\Definitions\VirusDefs\20150104.024\EX64.SYS [2137304 2014-08-21] (Symantec Corporation)
R1 SRTSP; C:\Windows\System32\Drivers\N360x64\1506000.020\SRTSP64.SYS [876248 2014-08-26] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS [37592 2014-08-26] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1506000.020\SYMDS64.SYS [493656 2013-10-30] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1506000.020\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\N360x64\1506000.020\SymELAM.sys [23568 2013-10-30] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-06-22] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-07 00:42 - 2015-01-07 00:42 - 00380416 _____ () C:\Users\BenjaminA\Downloads\0omw3qk9.exe
2015-01-07 00:41 - 2015-01-07 00:42 - 00030058 _____ () C:\Users\BenjaminA\Downloads\FRST.txt
2015-01-07 00:41 - 2015-01-07 00:42 - 00000000 ____D () C:\FRST
2015-01-07 00:41 - 2015-01-07 00:41 - 02123776 _____ (Farbar) C:\Users\BenjaminA\Downloads\frst64.exe
2015-01-07 00:39 - 2015-01-07 00:39 - 01115136 _____ (Farbar) C:\Users\BenjaminA\Downloads\frst.exe
2015-01-06 03:42 - 2015-01-07 00:38 - 00051527 _____ () C:\WINDOWS\WindowsUpdate.log
2015-01-06 02:29 - 2015-01-06 02:30 - 00688992 _____ (Swearware) C:\Users\BenjaminA\Downloads\dds (1).com
2015-01-06 02:26 - 2015-01-06 02:26 - 00688992 _____ (Swearware) C:\Users\BenjaminA\Desktop\dds.com
2015-01-06 01:16 - 2015-01-06 01:16 - 01195846 _____ () C:\Users\BenjaminA\Desktop\Winter Wonderland.rtfd.zip
2015-01-02 15:56 - 2015-01-02 15:56 - 00000000 ____D () C:\Users\BenjaminA\.android
2014-12-23 19:00 - 2015-01-01 02:21 - 00056260 _____ () C:\WINDOWS\SysWOW64\AppLog.log
2014-12-17 23:01 - 2015-01-02 15:56 - 00000000 ____D () C:\Users\BenjaminA\AppData\Roaming\shoujizhushou
2014-12-17 22:53 - 2014-12-29 17:56 - 00228664 _____ (Kingsoft Corporation) C:\WINDOWS\system32\Drivers\kisknl.sys
2014-12-17 22:52 - 2014-11-26 22:10 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-12-17 22:52 - 2014-11-26 22:10 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-14 20:44 - 2014-10-30 23:37 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2014-12-14 20:44 - 2014-10-30 23:34 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2014-12-14 18:19 - 2014-11-10 03:29 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupStatusProvider.dll
2014-12-14 18:19 - 2014-11-10 02:51 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceSetupStatusProvider.dll
2014-12-11 21:08 - 2014-12-11 21:08 - 00008274 _____ () C:\Users\BenjaminA\Downloads\kerstmarkten.xlsx
2014-12-11 20:56 - 2014-12-04 01:54 - 00228152 _____ (Kingsoft Corporation) C:\WINDOWS\system32\Drivers\kisknl_del.sys
2014-12-11 08:43 - 2014-10-13 03:43 - 00238912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2014-12-11 08:43 - 2014-10-13 03:43 - 00153920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2014-12-11 08:43 - 2014-10-13 03:43 - 00086336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2014-12-11 08:43 - 2014-10-13 03:43 - 00039744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2014-12-11 08:41 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-12-11 08:41 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-12-11 08:41 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-12-11 08:41 - 2014-11-22 03:49 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2014-12-11 08:41 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-12-11 08:41 - 2014-11-22 03:35 - 00812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2014-12-11 08:41 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-12-11 08:41 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-12-11 08:41 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-12-11 08:41 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-12-11 08:41 - 2014-11-22 03:06 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2014-12-11 08:41 - 2014-11-22 03:06 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2014-12-11 08:41 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-12-11 08:41 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-12-11 08:41 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-12-11 08:41 - 2014-11-22 02:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2014-12-11 08:41 - 2014-11-22 02:55 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2014-12-11 08:41 - 2014-11-22 02:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2014-12-11 08:41 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-12-11 08:41 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-12-11 08:41 - 2014-11-22 02:49 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-12-11 08:41 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-12-11 08:41 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-12-11 08:41 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-12-11 08:41 - 2014-11-22 02:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2014-12-11 08:41 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-12-11 08:41 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-12-11 08:41 - 2014-11-22 02:29 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2014-12-11 08:41 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-12-11 08:41 - 2014-11-22 02:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2014-12-11 08:41 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-12-11 08:41 - 2014-11-22 02:23 - 00326656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-12-11 08:41 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-12-11 08:41 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-12-11 08:41 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-12-11 08:41 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-12-11 08:41 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-12-11 08:41 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-12-11 08:41 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-12-11 08:41 - 2014-11-07 05:16 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2014-12-11 08:41 - 2014-11-07 04:26 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2014-12-11 08:41 - 2014-11-01 00:57 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-12-11 08:41 - 2014-11-01 00:47 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2014-12-10 05:29 - 2014-12-10 05:31 - 07027810 _____ () C:\Users\BenjaminA\Downloads\L1114.avi
2014-12-10 02:32 - 2014-12-10 02:33 - 23735712 _____ () C:\ProgramData\SMRResults430.dat
2014-12-09 20:13 - 2014-12-09 20:13 - 00856904 _____ (Google Inc.) C:\Users\BenjaminA\Downloads\chrome.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-07 00:38 - 2014-04-25 04:59 - 00003974 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{0B6B49D7-5E59-48F6-BAAB-E115DAB974C2}
2015-01-07 00:36 - 2013-05-02 01:43 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-01-07 00:35 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-01-06 03:35 - 2014-11-13 12:30 - 00001082 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-06 02:40 - 2013-05-02 01:14 - 00000000 ____D () C:\Users\BenjaminA\AppData\Local\CrashDumps
2015-01-06 02:39 - 2014-12-04 01:24 - 00000000 ____D () C:\Program Files\CCleaner
2015-01-06 02:39 - 2013-08-24 18:23 - 00000000 ____D () C:\Users\BenjaminA\Documents\Outlook Files
2015-01-06 02:38 - 2013-04-30 20:50 - 00000000 ____D () C:\Users\BenjaminA\Desktop\Werk
2015-01-06 02:38 - 2013-04-29 17:03 - 00000000 ____D () C:\Users\BenjaminA\AppData\Local\Packages
2015-01-06 01:26 - 2014-03-18 16:28 - 01823174 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-01-06 01:26 - 2014-03-18 16:00 - 00806704 _____ () C:\WINDOWS\system32\perfh013.dat
2015-01-06 01:26 - 2014-03-18 16:00 - 00162170 _____ () C:\WINDOWS\system32\perfc013.dat
2015-01-02 16:10 - 2014-12-03 23:17 - 00000000 ____D () C:\ProgramData\kingsoft
2015-01-02 15:56 - 2014-04-14 09:45 - 00000000 ____D () C:\Users\BenjaminA
2015-01-02 15:55 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-01-01 02:21 - 2013-06-07 12:50 - 00000306 _____ () C:\WINDOWS\Tasks\NUSchedule.job
2015-01-01 02:21 - 2012-12-28 20:11 - 00000000 ____D () C:\ProgramData\Temp
2014-12-29 19:04 - 2013-04-29 17:10 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3281146613-2168281291-3785735229-1002
2014-12-29 18:18 - 2014-12-03 23:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\金山毒霸
2014-12-29 17:55 - 2014-12-03 23:17 - 00189240 _____ (Kingsoft Corporation) C:\WINDOWS\system32\Drivers\kdhacker64.sys
2014-12-29 17:55 - 2014-12-03 23:17 - 00145208 _____ (Kingsoft Corporation) C:\WINDOWS\system32\Drivers\kdhacker.sys
2014-12-17 23:28 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-12-17 23:08 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-12-17 22:55 - 2013-06-07 12:50 - 00000314 _____ () C:\WINDOWS\Tasks\NUAutoUpdate.job
2014-12-17 22:55 - 2013-04-29 17:05 - 00000401 _____ () C:\Users\BenjaminA\AppData\Roaming\sp_data.sys
2014-12-17 22:52 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-12-17 22:52 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-12-17 09:10 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-12-17 09:06 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-RS
2014-12-17 09:06 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-CS
2014-12-17 09:06 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2014-12-17 09:04 - 2013-04-30 09:45 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-13 21:36 - 2013-06-15 15:25 - 00002225 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-13 21:24 - 2013-04-30 09:46 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-12-11 20:59 - 2013-08-19 18:10 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-12-11 20:54 - 2013-05-02 01:03 - 112710672 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-12-10 20:27 - 2013-07-11 13:25 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-12-10 02:47 - 2014-12-03 23:17 - 00000000 ____D () C:\Program Files (x86)\kingsoft
2014-12-10 02:38 - 2013-09-19 21:40 - 00003512 _____ () C:\WINDOWS\System32\Tasks\AdobeAAMUpdater-1.0-Benjamin-BenjaminA
2014-12-10 02:38 - 2013-07-21 15:51 - 00003820 _____ () C:\WINDOWS\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3281146613-2168281291-3785735229-1002UA
2014-12-10 02:38 - 2013-07-21 15:51 - 00003470 _____ () C:\WINDOWS\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3281146613-2168281291-3785735229-1002Core
2014-12-10 02:38 - 2013-07-21 15:51 - 00000962 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3281146613-2168281291-3785735229-1002UA.job_
2014-12-10 02:38 - 2013-07-21 15:51 - 00000940 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3281146613-2168281291-3785735229-1002Core.job_
2014-12-10 02:36 - 2014-04-14 10:13 - 00000000 ___DO () C:\Users\BenjaminA\OneDrive
2014-12-10 02:10 - 2013-09-19 21:37 - 00000000 ____D () C:\Users\BenjaminA\AppData\Local\Adobe
2014-12-09 18:31 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-12-09 15:01 - 2013-08-31 14:22 - 00000322 _____ () C:\WINDOWS\Tasks\Registry Optimizer_DEFAULT.job
2014-12-09 14:45 - 2014-08-01 06:54 - 00000000 ____D () C:\Users\BenjaminA\AppData\Local\NPE

Files to move or delete:
====================
C:\ProgramData\SetStretch.exe
C:\ProgramData\SMRResults430.dat
C:\Users\BenjaminA\jagex_cl_oldschool_LIVE.dat
C:\Users\BenjaminA\random.dat


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-04 06:41

==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-01-2015
Ran by BenjaminA at 2015-01-07 00:43:17
Running from C:\Users\BenjaminA\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: 新毒霸铠甲防御 (Disabled - Up to date) {B6A51389-A795-5AC9-13BA-F569D73F3FE8}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton 360 Premier Edition (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton 360 Premier Edition (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: 新毒霸铠甲防御 (Disabled - Up to date) {0DC4F26D-81AF-5547-290A-CE1BACB87555}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton 360 Premier Edition (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.1.2.232 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (x64) (HKLM\...\{F7090575-8BDC-4A14-8D00-C0FB2BC914BD}) (Version: 11.1.102.63 - Adobe Systems Incorporated)
Adobe Photoshop CC (HKLM-x32\...\{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}) (Version: 14.0 - Adobe Systems Incorporated)
Adobe Reader X MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.0.0 - Adobe Systems Incorporated)
AnyCAD SkpViewer 5.0 (HKLM-x32\...\{AB509C35-F695-40BD-9B63-CD10B51A9A6D}) (Version: 5.0.0 - AnyCAD Inc.)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ask Toolbar (HKLM-x32\...\{4D594333-2D56-3700-76A7-A758B70C0300}) (Version: 12.3.0.881 - APN, LLC) <==== ATTENTION
ASUS Instant Connect (HKLM-x32\...\{89ECB85A-D933-4CEA-9116-5CBC9C2ED95B}) (Version: 1.2.8 - ASUS)
ASUS InstantOn (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 3.0.4 - ASUS)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.1.9 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.9 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 2.0.4 - ASUS)
ASUS Product Demo Movie  (HKLM-x32\...\{DC06C90B-C5BE-42F6-B74D-A9503170998C}) (Version: 1.0.3 - ASUS )
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 1.0.35 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.03.0005 - ASUS)
ASUS Tutor (HKLM-x32\...\{58172D66-2F69-4215-9AEC-ED8196023736}) (Version: 1.0.7 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.5 - ASUS)
ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.9.120 - ASUS Cloud Corporation)
ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4126.52 - CyberLink Corp.)
ASUSDVD (x32 Version: 10.0.4126.52 - CyberLink Corp.) Hidden
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0023 - ASUS)
Auto Clicker v1.6 (HKLM-x32\...\{C0A7E4F3-82CC-416B-82C6-BA06AACFD635}_is1) (Version: 1.6 - MurGee.com)
Belgium e-ID middleware 4.0.7 (build 7453) (HKLM\...\{824563DE-75AD-4166-9DC0-B6482F207453}) (Version: 4.0.7453 - Belgian Government)
BitTorrent (HKU\S-1-5-21-3281146613-2168281291-3785735229-1002\...\BitTorrent) (Version: 7.9.2.36047 - BitTorrent Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brorsoft Video Converter Ver 1.3.1.5065 (HKLM-x32\...\{3231B80A-455C-497a-8425-3E44C006D76C}_is1) (Version:  - )
Casino.Net (HKLM-x32\...\Casino.Net ) (Version:  - Boss Media AB)
CCleaner (HKLM\...\CCleaner) (Version: 5.00 - Piriform)
Cheat Engine 6.3 (HKLM-x32\...\Cheat Engine 6.3_is1) (Version:  - Cheat Engine)
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.87 - DivX, LLC)
Dropbox (HKU\S-1-5-21-3281146613-2168281291-3785735229-1002\...\Dropbox) (Version: 2.10.52 - Dropbox, Inc.)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
FileViewPro (HKLM\...\FileViewPro_is1) (Version: 4.0 - Solvusoft Corporation)
Gaming Mouse Driver (HKLM-x32\...\{2F9C99E1-A1D2-4ADB-AFA0-3A1ED9471811}) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
HandBrake 0.9.9 (HKLM-x32\...\HandBrake) (Version: 0.9.9 - )
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
iStonsoft FLV Converter (HKU\S-1-5-21-3281146613-2168281291-3785735229-1002\...\iStonsoft FLV Converter) (Version: 2.1.4 - iStonsoft)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)
ManyCam 4.0.110 (HKLM-x32\...\ManyCam) (Version: 4.0.110 - Visicom Media Inc.)
Medieval II Total War (HKLM-x32\...\{C0698BDA-0D29-40EE-8570-A31106DF9AB1}) (Version: 1.03.000 - SEGA)
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mount&Blade Warband (HKLM-x32\...\Mount&Blade Warband) (Version:  - )
Napoleon: Total War (HKLM-x32\...\Steam App 34030) (Version:  - The Creative Assembly)
Napoleonic Wars (HKLM-x32\...\Napoleonic Wars) (Version: 1.0 - Mount&Blade Napoleonic Wars)
Nero BurningROM 12 (HKLM-x32\...\{4AC7B4F3-1B75-4BA7-82C4-F9A22B430A3D}) (Version: 12.5.00900 - Nero AG)
Norton 360 (HKLM-x32\...\N360) (Version: 21.6.0.32 - Symantec Corporation)
Norton Utilities 16 (HKLM-x32\...\Norton Utilities 16_is1) (Version: 16.0 - Symantec Corporation)
NVIDIA Graphics Driver 306.68 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 306.68 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.0613 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0613 - NVIDIA Corporation)
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Perfect Uninstaller v6.3.3.9 (HKLM\...\Perfect Uninstaller_is1) (Version:  - www.PerfectUninstaller.com)
Plus500 (HKLM-x32\...\Plus500) (Version:  - )
Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.210 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
RarZilla Free Unrar (HKLM-x32\...\RarZilla Free Unrar) (Version: 4.80 - Philipp Winterberg)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6657 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39029 - Realtek Semiconductor Corp.)
RegClean-Pro (HKLM-x32\...\RegClean-Pro_is1) (Version: 6.21 - Systweak Inc) <==== ATTENTION
Riva FLV Encoder 2.0 (HKLM-x32\...\Riva FLV Encoder 2.0_is1) (Version: 2.00.0005 - Rothenberger & Partner)
Romae Bellum 3.0 (HKLM-x32\...\Romae Bellum) (Version: 3.0 - )
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.14.0 - SAMSUNG Electronics Co., Ltd.)
Savings Addon (HKLM-x32\...\Savings Addon) (Version: 1.27.153.1 - Innovative Apps)
Serato DJ  (HKLM-x32\...\{08e57b0a-70dc-4825-bc3c-4c404c1a89f9}) (Version: 1.7.1.3310 - )
Serato DJ  (x32 Version: 1.7.1.3310 - Serato) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version:  - Microsoft)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - 2K Games, Inc.)
SketchUp 2015 (HKLM\...\{C630FC42-E196-4B6D-B12B-4CB8D5F399D7}) (Version: 15.1.106 - Trimble Navigation Limited)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
SpyHunter (HKLM\...\{67E1227E-D553-4A6A-96CD-40CCBBC705D8}) (Version: 4.14.5.4268 - Enigma Software Group USA, LLC)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Stuurprogrammapakket voor Windows - Fedict SmartCard  (03/25/2014 4.0.7.4) (HKLM\...\B02255EDA75F867B4D85C5A5D23E13D9EF71E8AE) (Version: 03/25/2014 4.0.7.4 - Fedict)
sweet-page uninstall (HKLM-x32\...\sweet-page uninstall) (Version:  - sweet-page) <==== ATTENTION
The Elder Scrolls Online (HKLM-x32\...\The Elder Scrolls Online) (Version: 1.0.0.0 - Zenimax Online Studios)
Total War: ROME II (HKLM-x32\...\Steam App 214950) (Version:  - Creative Assembly)
Total War: SHOGUN 2 (HKLM-x32\...\Steam App 34330) (Version:  - The Creative Assembly)
Unity Web Player (HKU\S-1-5-21-3281146613-2168281291-3785735229-1002\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VirtualDJ 8 (HKLM-x32\...\{9ADBBA93-4625-4898-BB0D-BCE7EA9F8B4A}) (Version: 8.0.0 - Atomix Productions)
Windows Driver Package - ASUS (ATP) Mouse  (10/29/2012 1.0.0.148) (HKLM\...\C01F56FBD9B141017E63E2A1A141E59934D4DC67) (Version: 10/29/2012 1.0.0.148 - ASUS)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.1 - ASUS)
WinZip Registry Optimizer (HKLM-x32\...\WinZip Registry Optimizer_is1) (Version: 1.0 - WinZip International LLC)
新毒霸(悟空) (HKLM-x32\...\Kingsoft Internet Security) (Version: 2015.0.3 - Kingsoft Internet Security)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3281146613-2168281291-3785735229-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\BenjaminA\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3281146613-2168281291-3785735229-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\BenjaminA\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3281146613-2168281291-3785735229-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\BenjaminA\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3281146613-2168281291-3785735229-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\BenjaminA\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3281146613-2168281291-3785735229-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\BenjaminA\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3281146613-2168281291-3785735229-1002_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\BenjaminA\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3281146613-2168281291-3785735229-1002_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\BenjaminA\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3281146613-2168281291-3785735229-1002_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\BenjaminA\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3281146613-2168281291-3785735229-1002_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\BenjaminA\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

11-12-2014 20:46:59 Windows Update
17-12-2014 09:03:12 Windows Update
29-12-2014 19:06:07 Gepland controlepunt

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {00E0AD68-D63E-4148-B059-5D7F82F80DE2} - System32\Tasks\Updater21426.exe => C:\Users\BenjaminA\AppData\Local\Updater21426\Updater21426.exe <==== ATTENTION
Task: {1FA149AA-2711-40C8-9545-E00DD1999100} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {2000B0D9-AA08-42FA-AC58-26F4365EAE76} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-12-11] (Microsoft Corporation)
Task: {2602FD03-4ED0-49B2-8855-39AE6623CB66} - System32\Tasks\{50296191-2793-405D-B123-D0D74DF16934} => pcalua.exe -a "c:\program files (x86)\kingsoft\kingsoft antivirus\uni0nst.exe"
Task: {37D90B06-8F5A-4788-BEDA-82D858EA371A} - System32\Tasks\Registry Optimizer_UPDATES => C:\Program Files (x86)\WinZip Registry Optimizer\Winzipro.exe
Task: {3B69A9A0-C162-44DD-9559-412A96210CF1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-11-21] (Piriform Ltd)
Task: {419A966F-A868-4018-ACF3-C33588E941BD} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3281146613-2168281291-3785735229-1002UA => C:\Users\BenjaminA\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-07-21] (Facebook Inc.)
Task: {4533C4EE-0048-4768-8597-3EF7E249206D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {64DA63C8-0F7C-4D16-8E5C-60ACB95AAC44} - System32\Tasks\Desk 365 RunAsStdUser => C:\Program Files (x86)\Desk 365\desk365.exe <==== ATTENTION
Task: {665C30DE-4BE8-4A2E-99C5-7206FC09B851} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {6711AAFF-A16F-4525-895E-19195E0697CD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-15] (Google Inc.)
Task: {6C3AC0DA-B555-4428-ACB4-906F3247CE24} - System32\Tasks\ASUS InstantOn Config => C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe [2012-09-24] (ASUS)
Task: {84452AEA-09B6-452E-ADAA-C2366A43C63B} - System32\Tasks\Registry Optimizer => C:\Program Files (x86)\WinZip Registry Optimizer\Winzipro.exe
Task: {8B82A0D8-8AA4-43A9-ADA2-8CEB573BC8D1} - System32\Tasks\NUSchedule => C:\Program Files (x86)\Symantec\Norton Utilities 16\nu.exe [2014-12-10] (Symantec)
Task: {8F17FD40-4CCD-48D7-8D1E-A56E74DBCA13} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-08-24] (ASUS)
Task: {9179CB02-716A-4FC3-BFC4-F276F66E79FE} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-08-22] (ASUSTeK Computer Inc.)
Task: {963F9BB7-EA73-4347-9E18-294030807614} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-09-18] (ASUSTek Computer Inc.)
Task: {AC022FE7-623A-4881-B808-219DAD34E6EB} - System32\Tasks\ASUS Touchpad Launcher (x64) => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2012-10-31] (AsusTek)
Task: {B575BE5A-D80F-4F48-B7B5-5B7B518A2F68} - System32\Tasks\Registry Optimizer_DEFAULT => C:\Program Files (x86)\WinZip Registry Optimizer\Winzipro.exe
Task: {B885DBBB-7D19-4943-AEEE-A326B8168F16} - System32\Tasks\AdobeAAMUpdater-1.0-Benjamin-BenjaminA => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-06-13] (Adobe Systems Incorporated)
Task: {CABA7040-78B4-4B04-BFFE-850A8C9DFB66} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-15] (Google Inc.)
Task: {CFB9A0EB-35E0-439A-8B92-A68C535AD972} - System32\Tasks\NUAutoUpdate => C:\Program Files (x86)\Symantec\Norton Utilities 16\SULauncher.exe [2013-11-03] (Symantec)
Task: {E17D2ACA-0BF0-459D-9807-5897C827B488} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {EA655562-5C6F-41C0-A141-9BD31D1FCDB4} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation)
Task: {EF3513D6-445B-4EDC-A625-F8BAB10370C3} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {F0CD7FC2-8EA3-49BF-8FFD-A47CB1EBB96A} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3281146613-2168281291-3785735229-1002Core => C:\Users\BenjaminA\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-07-21] (Facebook Inc.)
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3281146613-2168281291-3785735229-1002Core.job_ => C:\Users\BenjaminA\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3281146613-2168281291-3785735229-1002UA.job_ => C:\Users\BenjaminA\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\NUAutoUpdate.job => C:\Program Files (x86)\Symantec\Norton Utilities 16\SULauncher.exe
Task: C:\WINDOWS\Tasks\NUSchedule.job => C:\Program Files (x86)\Symantec\Norton Utilities 16\nu.exe
Task: C:\WINDOWS\Tasks\Registry Optimizer_DEFAULT.job => C:\Program Files (x86)\WinZip Registry Optimizer\Winzipro.exe
Task: C:\WINDOWS\Tasks\Registry Optimizer_UPDATES.job => C:\Program Files (x86)\WinZip Registry Optimizer\Winzipro.exe

==================== Loaded Modules (whitelisted) =============

2013-09-05 01:36 - 2013-09-05 01:36 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2013-08-30 09:01 - 2013-08-30 09:01 - 03358064 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x64.dll
2014-10-14 23:27 - 2014-10-14 23:27 - 08897696 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2012-08-24 18:26 - 2012-08-24 18:26 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2014-06-05 19:25 - 2013-12-02 17:15 - 00495616 _____ () C:\Program Files (x86)\Gaming Mouse\Monitor.exe
2014-11-22 01:03 - 2014-11-22 01:03 - 00050688 _____ () C:\Program Files\CCleaner\lang\lang-1043.dll
2014-04-14 20:41 - 2014-04-14 20:41 - 00039192 _____ () C:\Program Files\CCleaner\branding.dll
2014-10-11 13:06 - 2014-10-11 13:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-12-28 20:03 - 2012-06-25 03:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2012-09-11 15:01 - 2012-09-11 15:01 - 00009216 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2014-06-05 19:25 - 2013-11-29 14:11 - 00057344 _____ () C:\Program Files (x86)\Gaming Mouse\lan.dll
2014-06-05 19:25 - 2013-11-01 11:57 - 00049152 _____ () C:\Program Files (x86)\Gaming Mouse\hiddriver.dll
2014-12-10 04:21 - 2014-12-10 04:13 - 00158368 _____ () C:\Program Files (x86)\kingsoft\shoujizhushou\zlib1.dll
2014-12-10 04:21 - 2014-12-10 02:48 - 00104096 _____ () C:\Program Files (x86)\kingsoft\shoujizhushou\AdbWinApi2.dll
2014-11-17 17:01 - 2014-11-11 19:48 - 01171456 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2014-11-17 17:01 - 2014-11-11 19:48 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2014-11-17 17:01 - 2014-11-11 19:48 - 00442368 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2014-11-17 17:01 - 2014-11-11 19:47 - 00774656 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2014-11-21 15:16 - 2014-11-18 21:23 - 02227904 _____ () C:\Program Files (x86)\Steam\video.dll
2014-11-17 17:01 - 2014-11-11 19:48 - 00403968 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2014-11-17 17:01 - 2014-11-11 19:48 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2014-11-21 15:16 - 2014-11-18 21:23 - 00690880 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2014-11-21 15:16 - 2014-11-18 21:23 - 00138432 _____ () C:\Program Files (x86)\Steam\bin\audio.dll
2014-11-17 17:01 - 2014-11-11 19:48 - 00071680 _____ () C:\Program Files (x86)\Steam\bin\mssmp3.asi
2014-11-17 17:01 - 2014-11-11 19:48 - 00153088 _____ () C:\Program Files (x86)\Steam\bin\mssvoice.asi
2014-11-17 17:01 - 2014-11-11 19:48 - 34589888 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2014-11-17 17:01 - 2014-11-11 19:48 - 00837824 _____ () C:\Program Files (x86)\Steam\bin\ffmpegsumo.dll
2014-12-13 21:36 - 2014-12-06 02:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-13 21:36 - 2014-12-06 02:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
2014-12-13 21:36 - 2014-12-06 02:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-13 21:36 - 2014-12-06 02:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm
AlternateDataStreams: C:\ProgramData\Temp:792D4CF1
AlternateDataStreams: C:\Users\BenjaminA\OneDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "BtTray"
HKLM\...\StartupApproved\Run: => "BtvStack"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "DivXMediaServer"
HKLM\...\StartupApproved\Run32: => "DivXUpdate"
HKU\S-1-5-21-3281146613-2168281291-3785735229-1002\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
HKU\S-1-5-21-3281146613-2168281291-3785735229-1002\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-3281146613-2168281291-3785735229-1002\...\StartupApproved\Run: => "Lync"
HKU\S-1-5-21-3281146613-2168281291-3785735229-1002\...\StartupApproved\Run: => "ManyCam"

========================= Accounts: ==========================

Administrator (S-1-5-21-3281146613-2168281291-3785735229-500 - Administrator - Disabled)
BenjaminA (S-1-5-21-3281146613-2168281291-3785735229-1002 - Administrator - Enabled) => C:\Users\BenjaminA
Gast (S-1-5-21-3281146613-2168281291-3785735229-501 - Limited - Disabled)
UpdatusUser (S-1-5-21-3281146613-2168281291-3785735229-1001 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============

Name: Bluetooth Audio Device
Description: Bluetooth Audio Device
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Qualcomm Atheros Communications
Service: BTATH_A2DP
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Virtual Bluetooth Support (Include Audio)
Description: Virtual Bluetooth Support (Include Audio)
Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Manufacturer: Qualcomm Atheros Communications
Service: AthBTPort
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Bluetooth LWFLT Device
Description: Bluetooth LWFLT Device
Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Manufacturer: Qualcomm Atheros Communications
Service: BTATH_LWFLT
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver


==================== Event log errors: =========================

Application errors:
==================
Error: (01/07/2015 00:43:53 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Naam van toepassing met fout: 0omw3qk9.exe, versie: 2.1.19357.0, tijdstempel: 0x52e7ea83
Naam van module met fout: 0omw3qk9.exe, versie: 2.1.19357.0, tijdstempel: 0x52e7ea83
Uitzonderingscode: 0xc0000005
Foutmarge: 0x000011aa
Id van proces met fout: 0xad8
Starttijd van toepassing met fout: 0x0omw3qk9.exe0
Pad naar toepassing met fout: 0omw3qk9.exe1
Pad naar module met fout: 0omw3qk9.exe2
Rapport-id: 0omw3qk9.exe3
Volledige pakketnaam met fout: 0omw3qk9.exe4
Relatieve toepassings-id van pakket met fout: 0omw3qk9.exe5

Error: (01/07/2015 00:43:09 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Naam van toepassing met fout: 0omw3qk9.exe, versie: 2.1.19357.0, tijdstempel: 0x52e7ea83
Naam van module met fout: 0omw3qk9.exe, versie: 2.1.19357.0, tijdstempel: 0x52e7ea83
Uitzonderingscode: 0xc0000005
Foutmarge: 0x000011aa
Id van proces met fout: 0x1028
Starttijd van toepassing met fout: 0x0omw3qk9.exe0
Pad naar toepassing met fout: 0omw3qk9.exe1
Pad naar module met fout: 0omw3qk9.exe2
Rapport-id: 0omw3qk9.exe3
Volledige pakketnaam met fout: 0omw3qk9.exe4
Relatieve toepassings-id van pakket met fout: 0omw3qk9.exe5

Error: (01/06/2015 03:47:48 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2438

Error: (01/06/2015 03:47:48 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2438

Error: (01/06/2015 03:47:48 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/06/2015 03:47:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1172

Error: (01/06/2015 03:47:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1172

Error: (01/06/2015 03:47:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/06/2015 03:44:24 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Kan activeringscontext voor 'Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"1' niet maken.
Kan afhankelijke assembly Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762" niet vinden.
Gebruik sxstrace.exe voor een gedetailleerde diagnose.

Error: (01/06/2015 03:44:24 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Kan activeringscontext voor 'Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"1' niet maken.
Kan afhankelijke assembly Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762" niet vinden.
Gebruik sxstrace.exe voor een gedetailleerde diagnose.


System errors:
=============
Error: (01/06/2015 03:42:55 AM) (Source: DCOM) (EventID: 10010) (User: BENJAMIN)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (01/06/2015 03:42:25 AM) (Source: DCOM) (EventID: 10010) (User: BENJAMIN)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (01/06/2015 00:28:26 AM) (Source: DCOM) (EventID: 10010) (User: BENJAMIN)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (01/06/2015 00:28:11 AM) (Source: DCOM) (EventID: 10010) (User: BENJAMIN)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (01/04/2015 06:42:39 AM) (Source: DCOM) (EventID: 10010) (User: BENJAMIN)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (01/04/2015 06:42:08 AM) (Source: DCOM) (EventID: 10010) (User: BENJAMIN)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (12/31/2014 06:21:14 PM) (Source: DCOM) (EventID: 10016) (User: BENJAMIN)
Description: toepassingsspecifiekLokaalActiveren{9E175B6D-F52A-11D8-B9A5-505054503030}{9E175B9C-F52A-11D8-B9A5-505054503030}BenjaminBenjaminAS-1-5-21-3281146613-2168281291-3785735229-1002LocalHost (via LRPC)Niet beschikbaarS-1-15-2-2842188903-3391423967-1894430457-1339949618-3297534351-2759210102-2513908706

Error: (12/29/2014 07:05:25 PM) (Source: DCOM) (EventID: 10010) (User: BENJAMIN)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (12/29/2014 07:04:55 PM) (Source: DCOM) (EventID: 10010) (User: BENJAMIN)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (12/26/2014 00:14:55 AM) (Source: DCOM) (EventID: 10010) (User: BENJAMIN)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}


Microsoft Office Sessions:
=========================
Error: (01/07/2015 00:43:53 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: 0omw3qk9.exe2.1.19357.052e7ea830omw3qk9.exe2.1.19357.052e7ea83c0000005000011aaad801d02a0a999923a7C:\Users\BenjaminA\Downloads\0omw3qk9.exeC:\Users\BenjaminA\Downloads\0omw3qk9.exeded56969-95fd-11e4-beaa-2016d8479fa1

Error: (01/07/2015 00:43:09 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: 0omw3qk9.exe2.1.19357.052e7ea830omw3qk9.exe2.1.19357.052e7ea83c0000005000011aa102801d02a0a7d8b35edC:\Users\BenjaminA\Downloads\0omw3qk9.exeC:\Users\BenjaminA\Downloads\0omw3qk9.exec4920a71-95fd-11e4-beaa-2016d8479fa1

Error: (01/06/2015 03:47:48 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2438

Error: (01/06/2015 03:47:48 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2438

Error: (01/06/2015 03:47:48 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/06/2015 03:47:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1172

Error: (01/06/2015 03:47:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1172

Error: (01/06/2015 03:47:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/06/2015 03:44:24 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"c:\program files (x86)\kingsoft\kingsoft antivirus\update\reboot_update\ksysprescan.exe

Error: (01/06/2015 03:44:24 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"c:\program files (x86)\kingsoft\kingsoft antivirus\update\reboot_update\ksetupwiz.exe


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-3630QM CPU @ 2.40GHz
Percentage of memory in use: 43%
Total physical RAM: 8069.52 MB
Available physical RAM: 4565.7 MB
Total Pagefile: 9349.52 MB
Available Pagefile: 5195.75 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:372.17 GB) (Free:239.19 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Data) (Fixed) (Total:537.6 GB) (Free:449.36 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: F306CAF5)

Partition: GPT Partition Type.

==================== End Of Log ============================


#4 Benjidebenji

Benjidebenji
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:43 PM

Posted 06 January 2015 - 06:49 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-01-2015
Ran by BenjaminA (administrator) on BENJAMIN on 07-01-2015 00:41:58
Running from C:\Users\BenjaminA\Downloads
Loaded Profiles: UpdatusUser & BenjaminA (Available profiles: UpdatusUser & BenjaminA)
Platform: Windows 8.1 (X64) OS Language: Nederlands (Nederland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Kingsoft Corporation) C:\Program Files (x86)\kingsoft\kingsoft antivirus\kxescore.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\n360.exe
(Symantec) C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\StartManSvc.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\n360.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Facebook Inc.) C:\Users\BenjaminA\AppData\Local\Facebook\Update\FacebookUpdate.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\SSDMonitor.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\Gaming Mouse\Monitor.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Kingsoft Corporation) C:\Program Files (x86)\kingsoft\shoujizhushou\kphonetray.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Kingsoft Corporation) C:\Program Files (x86)\kingsoft\shoujizhushou\sjk_daemon.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\nacl64.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coNatHst.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\nacl64.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9654.17499_x64__8wekyb3d8bbwe\glcnd.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Kingsoft Corporation) C:\Program Files (x86)\kingsoft\kingsoft antivirus\kislive.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [765056 2012-09-29] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-09-29] (Qualcomm Atheros Commnucations)
HKLM\...\Run: [ACMON] => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [107192 2012-09-11] (ASUS)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-06-13] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe [3417984 2012-08-28] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [SSDMonitor] => C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\SSDMonitor.exe [106112 2014-01-27] (Symantec Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-09-11] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2013-08-29] ()
HKLM-x32\...\Run: [Gaming mouse] => C:\Program Files (x86)\Gaming Mouse\Monitor.exe [495616 2013-12-02] ()
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [kxesc] => c:\program files (x86)\kingsoft\kingsoft antivirus\kxetray.exe [2351048 2014-12-09] (Kingsoft Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-3281146613-2168281291-3785735229-1001\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2013-08-22] (Microsoft Corporation)
HKU\S-1-5-21-3281146613-2168281291-3785735229-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [1940160 2014-11-18] (Valve Corporation)
HKU\S-1-5-21-3281146613-2168281291-3785735229-1002\...\Run: [Facebook Update] => C:\Users\BenjaminA\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-07-21] (Facebook Inc.)
HKU\S-1-5-21-3281146613-2168281291-3785735229-1002\...\Run: [Lync] => C:\Program Files (x86)\Microsoft Office\Office15\lync.exe [19102872 2014-11-12] (Microsoft Corporation)
HKU\S-1-5-21-3281146613-2168281291-3785735229-1002\...\Run: [MurGee.com Auto Clicker] => C:\Users\BenjaminA\AppData\Local\Auto Clicker\AutoClicker.exe [100728 2014-03-11] (MurGee.com)
HKU\S-1-5-21-3281146613-2168281291-3785735229-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7063832 2014-11-21] (Piriform Ltd)
HKU\S-1-5-21-3281146613-2168281291-3785735229-1002\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil11g_Plugin.exe [250528 2014-11-15] (Adobe Systems, Inc.)
HKU\S-1-5-21-3281146613-2168281291-3785735229-1002\...\Policies\Explorer: [NoCDBurning] 1
HKU\S-1-5-21-3281146613-2168281291-3785735229-1002\...\Policies\Explorer: [nolowdiskspacechecks] 1
HKU\S-1-5-21-3281146613-2168281291-3785735229-1002\...\MountPoints2: {d7821dfa-4e30-11e4-be9d-2016d8479fa1} - "F:\LaunchU3.exe" -a
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2013-09-05] (NVIDIA Corporation)
Startup: C:\Users\BenjaminA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\BenjaminA\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x64.dll ()
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sweet-page.com/?type=hp&ts=1406717673&from=cor&uid=ST1000DM003-9YN162_S1D58X4JXXXXS1D58X4J
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.sweet-page.com/?type=hp&ts=1406717673&from=cor&uid=ST1000DM003-9YN162_S1D58X4JXXXXS1D58X4J
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-page.com/web/?type=ds&ts=1406717673&from=cor&uid=ST1000DM003-9YN162_S1D58X4JXXXXS1D58X4J&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-page.com/web/?type=ds&ts=1406717673&from=cor&uid=ST1000DM003-9YN162_S1D58X4JXXXXS1D58X4J&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sweet-page.com/?type=hp&ts=1406717673&from=cor&uid=ST1000DM003-9YN162_S1D58X4JXXXXS1D58X4J
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sweet-page.com/?type=hp&ts=1406717673&from=cor&uid=ST1000DM003-9YN162_S1D58X4JXXXXS1D58X4J
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-page.com/web/?type=ds&ts=1406717673&from=cor&uid=ST1000DM003-9YN162_S1D58X4JXXXXS1D58X4J&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-page.com/web/?type=ds&ts=1406717673&from=cor&uid=ST1000DM003-9YN162_S1D58X4JXXXXS1D58X4J&q={searchTerms}
HKU\S-1-5-21-3281146613-2168281291-3785735229-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sweet-page.com/?type=hp&ts=1406717673&from=cor&uid=ST1000DM003-9YN162_S1D58X4JXXXXS1D58X4J
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.sweet-page.com/web/?type=ds&ts=1406717673&from=cor&uid=ST1000DM003-9YN162_S1D58X4JXXXXS1D58X4J&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.sweet-page.com/web/?type=ds&ts=1406717673&from=cor&uid=ST1000DM003-9YN162_S1D58X4JXXXXS1D58X4J&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.sweet-page.com/web/?type=ds&ts=1406717673&from=cor&uid=ST1000DM003-9YN162_S1D58X4JXXXXS1D58X4J&q={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.sweet-page.com/web/?type=ds&ts=1406717673&from=cor&uid=ST1000DM003-9YN162_S1D58X4JXXXXS1D58X4J&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3281146613-2168281291-3785735229-1002 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKU\S-1-5-21-3281146613-2168281291-3785735229-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3281146613-2168281291-3785735229-1002 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=NIS&chn=retail&geo=NL&ver=21&locale=nl_NL&gct=kwd&qsrc=2869
SearchScopes: HKU\S-1-5-21-3281146613-2168281291-3785735229-1002 -> {DA404389-B6A1-437B-ACFF-9AF4D02C8281} URL = http://www.google.nl/search?hl=nl&q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_11_1_102.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @kingsfot.com/npkws -> c:\program files (x86)\kingsoft\kingsoft antivirus\npkws.dll (Kingsoft Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\Microsoft Office\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKU\S-1-5-21-3281146613-2168281291-3785735229-1002: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\BenjaminA\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKU\S-1-5-21-3281146613-2168281291-3785735229-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\BenjaminA\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Extension: eID België - C:\Program Files (x86)\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be [2013-06-16]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.3.0.12\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.3.0.12\IPSFF [2014-06-22]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.3.0.12\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.3.0.12\coFFPlgn [2014-12-17]

Chrome: 
=======
CHR HomePage: Default -> https://www.google.be/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\BenjaminA\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Windows Media Player Extension for HTML5) - C:\Users\BenjaminA\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak [2013-06-14]
CHR Extension: (Norton Identity Safe) - C:\Users\BenjaminA\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-08-11]
CHR Extension: (Facebook Invite All) - C:\Users\BenjaminA\AppData\Local\Google\Chrome\User Data\Default\Extensions\inmmhkeajgflmokoaaoadgkhhmibjbpj [2014-11-09]
CHR Extension: (Norton Security Toolbar) - C:\Users\BenjaminA\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-06-22]
CHR Extension: (Google Wallet) - C:\Users\BenjaminA\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-05]
CHR HKLM-x32\...\Chrome\Extension: [aaaajpbjobobnmcnepdoldijfgmgogbe] - No Path
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-05]
CHR HKLM-x32\...\Chrome\Extension: [nbmafkdmkkckhggblphicnnhlgljnoje] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [220288 2012-09-29] (Qualcomm Atheros Commnucations)
S3 DiskDoctorService; C:\Program Files (x86)\Symantec\Norton Utilities 16\Tools\Disk Doctor\DiskDoctorSrv.exe [1147424 2012-09-29] (Symantec Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-17] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R2 kxescore; c:\program files (x86)\kingsoft\kingsoft antivirus\kxescore.exe [280024 2014-12-04] (Kingsoft Corporation)
R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe [265040 2014-09-21] (Symantec Corporation)
R2 NU16StartManagerSvc; C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\StartManSvc.exe [792608 2012-09-29] (Symantec)
S3 SpeedDiskService; C:\Program Files (x86)\Symantec\Norton Utilities 16\Tools\SpeedDisk\SpeedDiskSrv.exe [1160224 2012-09-29] (Symantec Corporation)
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1025408 2013-06-27] (Enigma Software Group USA, LLC.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-09-29] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [61824 2012-10-31] (ASUS Corporation)
R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.3.0.12\Definitions\BASHDefs\20141209.001\BHDrvx64.sys [1587416 2014-10-03] (Symantec Corporation)
R0 bootsafe; C:\Windows\System32\Drivers\bootsafe64.sys [33128 2014-12-03] (Kingsoft Corporation)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-09-29] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys [162392 2014-02-21] (Symantec Corporation)
S3 cxbu0x64; C:\Windows\system32\DRIVERS\cxbu0x64.sys [147576 2014-05-14] (HID Global Corporation)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-12-11] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-12-11] (Symantec Corporation)
S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [13088 2011-03-02] ()
R2 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2012-06-22] ()
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.3.0.12\Definitions\IPSDefs\20150102.001\IDSvia64.sys [637656 2014-11-18] (Symantec Corporation)
R0 KAVBootC; C:\Windows\System32\Drivers\KAVBootC64.sys [31848 2014-12-03] (Kingsoft Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
R1 KDHacker; c:\program files (x86)\kingsoft\kingsoft antivirus\security\kxescan\kdhacker64.sys [189240 2014-12-29] (Kingsoft Corporation)
R2 kisknl; C:\WINDOWS\system32\drivers\kisknl.sys [228664 2014-12-29] (Kingsoft Corporation)
R1 kisnetm; c:\program files (x86)\kingsoft\kingsoft antivirus\security\ksnetm\kisnetm64.sys [109880 2014-12-04] (Kingsoft Corporation)
S3 ksapi64; C:\WINDOWS\system32\drivers\ksapi64.sys [56680 2014-12-04] (Kingsoft Corporation)
R3 ManyCam; C:\Windows\system32\DRIVERS\mcvidrv.sys [49776 2014-07-25] (Visicom Media Inc.)
R3 mcaudrv_simple; C:\Windows\system32\drivers\mcaudrv_x64.sys [35440 2014-05-13] (Visicom Media Inc.)
R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.3.0.12\Definitions\VirusDefs\20150104.024\ENG64.SYS [129752 2014-08-21] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.3.0.12\Definitions\VirusDefs\20150104.024\EX64.SYS [2137304 2014-08-21] (Symantec Corporation)
R1 SRTSP; C:\Windows\System32\Drivers\N360x64\1506000.020\SRTSP64.SYS [876248 2014-08-26] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS [37592 2014-08-26] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1506000.020\SYMDS64.SYS [493656 2013-10-30] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1506000.020\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\N360x64\1506000.020\SymELAM.sys [23568 2013-10-30] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-06-22] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-07 00:42 - 2015-01-07 00:42 - 00380416 _____ () C:\Users\BenjaminA\Downloads\0omw3qk9.exe
2015-01-07 00:41 - 2015-01-07 00:42 - 00030058 _____ () C:\Users\BenjaminA\Downloads\FRST.txt
2015-01-07 00:41 - 2015-01-07 00:42 - 00000000 ____D () C:\FRST
2015-01-07 00:41 - 2015-01-07 00:41 - 02123776 _____ (Farbar) C:\Users\BenjaminA\Downloads\frst64.exe
2015-01-07 00:39 - 2015-01-07 00:39 - 01115136 _____ (Farbar) C:\Users\BenjaminA\Downloads\frst.exe
2015-01-06 03:42 - 2015-01-07 00:38 - 00051527 _____ () C:\WINDOWS\WindowsUpdate.log
2015-01-06 02:29 - 2015-01-06 02:30 - 00688992 _____ (Swearware) C:\Users\BenjaminA\Downloads\dds (1).com
2015-01-06 02:26 - 2015-01-06 02:26 - 00688992 _____ (Swearware) C:\Users\BenjaminA\Desktop\dds.com
2015-01-06 01:16 - 2015-01-06 01:16 - 01195846 _____ () C:\Users\BenjaminA\Desktop\Winter Wonderland.rtfd.zip
2015-01-02 15:56 - 2015-01-02 15:56 - 00000000 ____D () C:\Users\BenjaminA\.android
2014-12-23 19:00 - 2015-01-01 02:21 - 00056260 _____ () C:\WINDOWS\SysWOW64\AppLog.log
2014-12-17 23:01 - 2015-01-02 15:56 - 00000000 ____D () C:\Users\BenjaminA\AppData\Roaming\shoujizhushou
2014-12-17 22:53 - 2014-12-29 17:56 - 00228664 _____ (Kingsoft Corporation) C:\WINDOWS\system32\Drivers\kisknl.sys
2014-12-17 22:52 - 2014-11-26 22:10 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-12-17 22:52 - 2014-11-26 22:10 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-14 20:44 - 2014-10-30 23:37 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2014-12-14 20:44 - 2014-10-30 23:34 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2014-12-14 18:19 - 2014-11-10 03:29 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupStatusProvider.dll
2014-12-14 18:19 - 2014-11-10 02:51 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceSetupStatusProvider.dll
2014-12-11 21:08 - 2014-12-11 21:08 - 00008274 _____ () C:\Users\BenjaminA\Downloads\kerstmarkten.xlsx
2014-12-11 20:56 - 2014-12-04 01:54 - 00228152 _____ (Kingsoft Corporation) C:\WINDOWS\system32\Drivers\kisknl_del.sys
2014-12-11 08:43 - 2014-10-13 03:43 - 00238912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2014-12-11 08:43 - 2014-10-13 03:43 - 00153920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2014-12-11 08:43 - 2014-10-13 03:43 - 00086336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2014-12-11 08:43 - 2014-10-13 03:43 - 00039744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2014-12-11 08:41 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-12-11 08:41 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-12-11 08:41 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-12-11 08:41 - 2014-11-22 03:49 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2014-12-11 08:41 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-12-11 08:41 - 2014-11-22 03:35 - 00812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2014-12-11 08:41 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-12-11 08:41 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-12-11 08:41 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-12-11 08:41 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-12-11 08:41 - 2014-11-22 03:06 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2014-12-11 08:41 - 2014-11-22 03:06 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2014-12-11 08:41 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-12-11 08:41 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-12-11 08:41 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-12-11 08:41 - 2014-11-22 02:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2014-12-11 08:41 - 2014-11-22 02:55 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2014-12-11 08:41 - 2014-11-22 02:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2014-12-11 08:41 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-12-11 08:41 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-12-11 08:41 - 2014-11-22 02:49 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-12-11 08:41 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-12-11 08:41 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-12-11 08:41 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-12-11 08:41 - 2014-11-22 02:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2014-12-11 08:41 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-12-11 08:41 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-12-11 08:41 - 2014-11-22 02:29 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2014-12-11 08:41 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-12-11 08:41 - 2014-11-22 02:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2014-12-11 08:41 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-12-11 08:41 - 2014-11-22 02:23 - 00326656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-12-11 08:41 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-12-11 08:41 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-12-11 08:41 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-12-11 08:41 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-12-11 08:41 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-12-11 08:41 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-12-11 08:41 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-12-11 08:41 - 2014-11-07 05:16 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2014-12-11 08:41 - 2014-11-07 04:26 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2014-12-11 08:41 - 2014-11-01 00:57 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-12-11 08:41 - 2014-11-01 00:47 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2014-12-10 05:29 - 2014-12-10 05:31 - 07027810 _____ () C:\Users\BenjaminA\Downloads\L1114.avi
2014-12-10 02:32 - 2014-12-10 02:33 - 23735712 _____ () C:\ProgramData\SMRResults430.dat
2014-12-09 20:13 - 2014-12-09 20:13 - 00856904 _____ (Google Inc.) C:\Users\BenjaminA\Downloads\chrome.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-07 00:38 - 2014-04-25 04:59 - 00003974 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{0B6B49D7-5E59-48F6-BAAB-E115DAB974C2}
2015-01-07 00:36 - 2013-05-02 01:43 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-01-07 00:35 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-01-06 03:35 - 2014-11-13 12:30 - 00001082 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-06 02:40 - 2013-05-02 01:14 - 00000000 ____D () C:\Users\BenjaminA\AppData\Local\CrashDumps
2015-01-06 02:39 - 2014-12-04 01:24 - 00000000 ____D () C:\Program Files\CCleaner
2015-01-06 02:39 - 2013-08-24 18:23 - 00000000 ____D () C:\Users\BenjaminA\Documents\Outlook Files
2015-01-06 02:38 - 2013-04-30 20:50 - 00000000 ____D () C:\Users\BenjaminA\Desktop\Werk
2015-01-06 02:38 - 2013-04-29 17:03 - 00000000 ____D () C:\Users\BenjaminA\AppData\Local\Packages
2015-01-06 01:26 - 2014-03-18 16:28 - 01823174 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-01-06 01:26 - 2014-03-18 16:00 - 00806704 _____ () C:\WINDOWS\system32\perfh013.dat
2015-01-06 01:26 - 2014-03-18 16:00 - 00162170 _____ () C:\WINDOWS\system32\perfc013.dat
2015-01-02 16:10 - 2014-12-03 23:17 - 00000000 ____D () C:\ProgramData\kingsoft
2015-01-02 15:56 - 2014-04-14 09:45 - 00000000 ____D () C:\Users\BenjaminA
2015-01-02 15:55 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-01-01 02:21 - 2013-06-07 12:50 - 00000306 _____ () C:\WINDOWS\Tasks\NUSchedule.job
2015-01-01 02:21 - 2012-12-28 20:11 - 00000000 ____D () C:\ProgramData\Temp
2014-12-29 19:04 - 2013-04-29 17:10 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3281146613-2168281291-3785735229-1002
2014-12-29 18:18 - 2014-12-03 23:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\金山毒霸
2014-12-29 17:55 - 2014-12-03 23:17 - 00189240 _____ (Kingsoft Corporation) C:\WINDOWS\system32\Drivers\kdhacker64.sys
2014-12-29 17:55 - 2014-12-03 23:17 - 00145208 _____ (Kingsoft Corporation) C:\WINDOWS\system32\Drivers\kdhacker.sys
2014-12-17 23:28 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-12-17 23:08 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-12-17 22:55 - 2013-06-07 12:50 - 00000314 _____ () C:\WINDOWS\Tasks\NUAutoUpdate.job
2014-12-17 22:55 - 2013-04-29 17:05 - 00000401 _____ () C:\Users\BenjaminA\AppData\Roaming\sp_data.sys
2014-12-17 22:52 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-12-17 22:52 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-12-17 09:10 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-12-17 09:06 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-RS
2014-12-17 09:06 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-CS
2014-12-17 09:06 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2014-12-17 09:04 - 2013-04-30 09:45 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-13 21:36 - 2013-06-15 15:25 - 00002225 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-13 21:24 - 2013-04-30 09:46 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-12-11 20:59 - 2013-08-19 18:10 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-12-11 20:54 - 2013-05-02 01:03 - 112710672 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-12-10 20:27 - 2013-07-11 13:25 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-12-10 02:47 - 2014-12-03 23:17 - 00000000 ____D () C:\Program Files (x86)\kingsoft
2014-12-10 02:38 - 2013-09-19 21:40 - 00003512 _____ () C:\WINDOWS\System32\Tasks\AdobeAAMUpdater-1.0-Benjamin-BenjaminA
2014-12-10 02:38 - 2013-07-21 15:51 - 00003820 _____ () C:\WINDOWS\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3281146613-2168281291-3785735229-1002UA
2014-12-10 02:38 - 2013-07-21 15:51 - 00003470 _____ () C:\WINDOWS\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3281146613-2168281291-3785735229-1002Core
2014-12-10 02:38 - 2013-07-21 15:51 - 00000962 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3281146613-2168281291-3785735229-1002UA.job_
2014-12-10 02:38 - 2013-07-21 15:51 - 00000940 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3281146613-2168281291-3785735229-1002Core.job_
2014-12-10 02:36 - 2014-04-14 10:13 - 00000000 ___DO () C:\Users\BenjaminA\OneDrive
2014-12-10 02:10 - 2013-09-19 21:37 - 00000000 ____D () C:\Users\BenjaminA\AppData\Local\Adobe
2014-12-09 18:31 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-12-09 15:01 - 2013-08-31 14:22 - 00000322 _____ () C:\WINDOWS\Tasks\Registry Optimizer_DEFAULT.job
2014-12-09 14:45 - 2014-08-01 06:54 - 00000000 ____D () C:\Users\BenjaminA\AppData\Local\NPE

Files to move or delete:
====================
C:\ProgramData\SetStretch.exe
C:\ProgramData\SMRResults430.dat
C:\Users\BenjaminA\jagex_cl_oldschool_LIVE.dat
C:\Users\BenjaminA\random.dat


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-04 06:41

==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-01-2015
Ran by BenjaminA at 2015-01-07 00:43:17
Running from C:\Users\BenjaminA\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: 新毒霸铠甲防御 (Disabled - Up to date) {B6A51389-A795-5AC9-13BA-F569D73F3FE8}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton 360 Premier Edition (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton 360 Premier Edition (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: 新毒霸铠甲防御 (Disabled - Up to date) {0DC4F26D-81AF-5547-290A-CE1BACB87555}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton 360 Premier Edition (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.1.2.232 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (x64) (HKLM\...\{F7090575-8BDC-4A14-8D00-C0FB2BC914BD}) (Version: 11.1.102.63 - Adobe Systems Incorporated)
Adobe Photoshop CC (HKLM-x32\...\{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}) (Version: 14.0 - Adobe Systems Incorporated)
Adobe Reader X MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.0.0 - Adobe Systems Incorporated)
AnyCAD SkpViewer 5.0 (HKLM-x32\...\{AB509C35-F695-40BD-9B63-CD10B51A9A6D}) (Version: 5.0.0 - AnyCAD Inc.)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ask Toolbar (HKLM-x32\...\{4D594333-2D56-3700-76A7-A758B70C0300}) (Version: 12.3.0.881 - APN, LLC) <==== ATTENTION
ASUS Instant Connect (HKLM-x32\...\{89ECB85A-D933-4CEA-9116-5CBC9C2ED95B}) (Version: 1.2.8 - ASUS)
ASUS InstantOn (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 3.0.4 - ASUS)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.1.9 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.9 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 2.0.4 - ASUS)
ASUS Product Demo Movie  (HKLM-x32\...\{DC06C90B-C5BE-42F6-B74D-A9503170998C}) (Version: 1.0.3 - ASUS )
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 1.0.35 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.03.0005 - ASUS)
ASUS Tutor (HKLM-x32\...\{58172D66-2F69-4215-9AEC-ED8196023736}) (Version: 1.0.7 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.5 - ASUS)
ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.9.120 - ASUS Cloud Corporation)
ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4126.52 - CyberLink Corp.)
ASUSDVD (x32 Version: 10.0.4126.52 - CyberLink Corp.) Hidden
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0023 - ASUS)
Auto Clicker v1.6 (HKLM-x32\...\{C0A7E4F3-82CC-416B-82C6-BA06AACFD635}_is1) (Version: 1.6 - MurGee.com)
Belgium e-ID middleware 4.0.7 (build 7453) (HKLM\...\{824563DE-75AD-4166-9DC0-B6482F207453}) (Version: 4.0.7453 - Belgian Government)
BitTorrent (HKU\S-1-5-21-3281146613-2168281291-3785735229-1002\...\BitTorrent) (Version: 7.9.2.36047 - BitTorrent Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brorsoft Video Converter Ver 1.3.1.5065 (HKLM-x32\...\{3231B80A-455C-497a-8425-3E44C006D76C}_is1) (Version:  - )
Casino.Net (HKLM-x32\...\Casino.Net ) (Version:  - Boss Media AB)
CCleaner (HKLM\...\CCleaner) (Version: 5.00 - Piriform)
Cheat Engine 6.3 (HKLM-x32\...\Cheat Engine 6.3_is1) (Version:  - Cheat Engine)
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.87 - DivX, LLC)
Dropbox (HKU\S-1-5-21-3281146613-2168281291-3785735229-1002\...\Dropbox) (Version: 2.10.52 - Dropbox, Inc.)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
FileViewPro (HKLM\...\FileViewPro_is1) (Version: 4.0 - Solvusoft Corporation)
Gaming Mouse Driver (HKLM-x32\...\{2F9C99E1-A1D2-4ADB-AFA0-3A1ED9471811}) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
HandBrake 0.9.9 (HKLM-x32\...\HandBrake) (Version: 0.9.9 - )
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
iStonsoft FLV Converter (HKU\S-1-5-21-3281146613-2168281291-3785735229-1002\...\iStonsoft FLV Converter) (Version: 2.1.4 - iStonsoft)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)
ManyCam 4.0.110 (HKLM-x32\...\ManyCam) (Version: 4.0.110 - Visicom Media Inc.)
Medieval II Total War (HKLM-x32\...\{C0698BDA-0D29-40EE-8570-A31106DF9AB1}) (Version: 1.03.000 - SEGA)
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mount&Blade Warband (HKLM-x32\...\Mount&Blade Warband) (Version:  - )
Napoleon: Total War (HKLM-x32\...\Steam App 34030) (Version:  - The Creative Assembly)
Napoleonic Wars (HKLM-x32\...\Napoleonic Wars) (Version: 1.0 - Mount&Blade Napoleonic Wars)
Nero BurningROM 12 (HKLM-x32\...\{4AC7B4F3-1B75-4BA7-82C4-F9A22B430A3D}) (Version: 12.5.00900 - Nero AG)
Norton 360 (HKLM-x32\...\N360) (Version: 21.6.0.32 - Symantec Corporation)
Norton Utilities 16 (HKLM-x32\...\Norton Utilities 16_is1) (Version: 16.0 - Symantec Corporation)
NVIDIA Graphics Driver 306.68 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 306.68 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.0613 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0613 - NVIDIA Corporation)
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Perfect Uninstaller v6.3.3.9 (HKLM\...\Perfect Uninstaller_is1) (Version:  - www.PerfectUninstaller.com)
Plus500 (HKLM-x32\...\Plus500) (Version:  - )
Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.210 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
RarZilla Free Unrar (HKLM-x32\...\RarZilla Free Unrar) (Version: 4.80 - Philipp Winterberg)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6657 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39029 - Realtek Semiconductor Corp.)
RegClean-Pro (HKLM-x32\...\RegClean-Pro_is1) (Version: 6.21 - Systweak Inc) <==== ATTENTION
Riva FLV Encoder 2.0 (HKLM-x32\...\Riva FLV Encoder 2.0_is1) (Version: 2.00.0005 - Rothenberger & Partner)
Romae Bellum 3.0 (HKLM-x32\...\Romae Bellum) (Version: 3.0 - )
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.14.0 - SAMSUNG Electronics Co., Ltd.)
Savings Addon (HKLM-x32\...\Savings Addon) (Version: 1.27.153.1 - Innovative Apps)
Serato DJ  (HKLM-x32\...\{08e57b0a-70dc-4825-bc3c-4c404c1a89f9}) (Version: 1.7.1.3310 - )
Serato DJ  (x32 Version: 1.7.1.3310 - Serato) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version:  - Microsoft)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - 2K Games, Inc.)
SketchUp 2015 (HKLM\...\{C630FC42-E196-4B6D-B12B-4CB8D5F399D7}) (Version: 15.1.106 - Trimble Navigation Limited)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
SpyHunter (HKLM\...\{67E1227E-D553-4A6A-96CD-40CCBBC705D8}) (Version: 4.14.5.4268 - Enigma Software Group USA, LLC)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Stuurprogrammapakket voor Windows - Fedict SmartCard  (03/25/2014 4.0.7.4) (HKLM\...\B02255EDA75F867B4D85C5A5D23E13D9EF71E8AE) (Version: 03/25/2014 4.0.7.4 - Fedict)
sweet-page uninstall (HKLM-x32\...\sweet-page uninstall) (Version:  - sweet-page) <==== ATTENTION
The Elder Scrolls Online (HKLM-x32\...\The Elder Scrolls Online) (Version: 1.0.0.0 - Zenimax Online Studios)
Total War: ROME II (HKLM-x32\...\Steam App 214950) (Version:  - Creative Assembly)
Total War: SHOGUN 2 (HKLM-x32\...\Steam App 34330) (Version:  - The Creative Assembly)
Unity Web Player (HKU\S-1-5-21-3281146613-2168281291-3785735229-1002\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VirtualDJ 8 (HKLM-x32\...\{9ADBBA93-4625-4898-BB0D-BCE7EA9F8B4A}) (Version: 8.0.0 - Atomix Productions)
Windows Driver Package - ASUS (ATP) Mouse  (10/29/2012 1.0.0.148) (HKLM\...\C01F56FBD9B141017E63E2A1A141E59934D4DC67) (Version: 10/29/2012 1.0.0.148 - ASUS)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.1 - ASUS)
WinZip Registry Optimizer (HKLM-x32\...\WinZip Registry Optimizer_is1) (Version: 1.0 - WinZip International LLC)
新毒霸(悟空) (HKLM-x32\...\Kingsoft Internet Security) (Version: 2015.0.3 - Kingsoft Internet Security)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3281146613-2168281291-3785735229-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\BenjaminA\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3281146613-2168281291-3785735229-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\BenjaminA\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3281146613-2168281291-3785735229-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\BenjaminA\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3281146613-2168281291-3785735229-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\BenjaminA\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3281146613-2168281291-3785735229-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\BenjaminA\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3281146613-2168281291-3785735229-1002_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\BenjaminA\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3281146613-2168281291-3785735229-1002_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\BenjaminA\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3281146613-2168281291-3785735229-1002_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\BenjaminA\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3281146613-2168281291-3785735229-1002_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\BenjaminA\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

11-12-2014 20:46:59 Windows Update
17-12-2014 09:03:12 Windows Update
29-12-2014 19:06:07 Gepland controlepunt

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {00E0AD68-D63E-4148-B059-5D7F82F80DE2} - System32\Tasks\Updater21426.exe => C:\Users\BenjaminA\AppData\Local\Updater21426\Updater21426.exe <==== ATTENTION
Task: {1FA149AA-2711-40C8-9545-E00DD1999100} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {2000B0D9-AA08-42FA-AC58-26F4365EAE76} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-12-11] (Microsoft Corporation)
Task: {2602FD03-4ED0-49B2-8855-39AE6623CB66} - System32\Tasks\{50296191-2793-405D-B123-D0D74DF16934} => pcalua.exe -a "c:\program files (x86)\kingsoft\kingsoft antivirus\uni0nst.exe"
Task: {37D90B06-8F5A-4788-BEDA-82D858EA371A} - System32\Tasks\Registry Optimizer_UPDATES => C:\Program Files (x86)\WinZip Registry Optimizer\Winzipro.exe
Task: {3B69A9A0-C162-44DD-9559-412A96210CF1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-11-21] (Piriform Ltd)
Task: {419A966F-A868-4018-ACF3-C33588E941BD} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3281146613-2168281291-3785735229-1002UA => C:\Users\BenjaminA\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-07-21] (Facebook Inc.)
Task: {4533C4EE-0048-4768-8597-3EF7E249206D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {64DA63C8-0F7C-4D16-8E5C-60ACB95AAC44} - System32\Tasks\Desk 365 RunAsStdUser => C:\Program Files (x86)\Desk 365\desk365.exe <==== ATTENTION
Task: {665C30DE-4BE8-4A2E-99C5-7206FC09B851} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {6711AAFF-A16F-4525-895E-19195E0697CD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-15] (Google Inc.)
Task: {6C3AC0DA-B555-4428-ACB4-906F3247CE24} - System32\Tasks\ASUS InstantOn Config => C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe [2012-09-24] (ASUS)
Task: {84452AEA-09B6-452E-ADAA-C2366A43C63B} - System32\Tasks\Registry Optimizer => C:\Program Files (x86)\WinZip Registry Optimizer\Winzipro.exe
Task: {8B82A0D8-8AA4-43A9-ADA2-8CEB573BC8D1} - System32\Tasks\NUSchedule => C:\Program Files (x86)\Symantec\Norton Utilities 16\nu.exe [2014-12-10] (Symantec)
Task: {8F17FD40-4CCD-48D7-8D1E-A56E74DBCA13} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-08-24] (ASUS)
Task: {9179CB02-716A-4FC3-BFC4-F276F66E79FE} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-08-22] (ASUSTeK Computer Inc.)
Task: {963F9BB7-EA73-4347-9E18-294030807614} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-09-18] (ASUSTek Computer Inc.)
Task: {AC022FE7-623A-4881-B808-219DAD34E6EB} - System32\Tasks\ASUS Touchpad Launcher (x64) => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2012-10-31] (AsusTek)
Task: {B575BE5A-D80F-4F48-B7B5-5B7B518A2F68} - System32\Tasks\Registry Optimizer_DEFAULT => C:\Program Files (x86)\WinZip Registry Optimizer\Winzipro.exe
Task: {B885DBBB-7D19-4943-AEEE-A326B8168F16} - System32\Tasks\AdobeAAMUpdater-1.0-Benjamin-BenjaminA => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-06-13] (Adobe Systems Incorporated)
Task: {CABA7040-78B4-4B04-BFFE-850A8C9DFB66} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-15] (Google Inc.)
Task: {CFB9A0EB-35E0-439A-8B92-A68C535AD972} - System32\Tasks\NUAutoUpdate => C:\Program Files (x86)\Symantec\Norton Utilities 16\SULauncher.exe [2013-11-03] (Symantec)
Task: {E17D2ACA-0BF0-459D-9807-5897C827B488} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {EA655562-5C6F-41C0-A141-9BD31D1FCDB4} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation)
Task: {EF3513D6-445B-4EDC-A625-F8BAB10370C3} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {F0CD7FC2-8EA3-49BF-8FFD-A47CB1EBB96A} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3281146613-2168281291-3785735229-1002Core => C:\Users\BenjaminA\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-07-21] (Facebook Inc.)
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3281146613-2168281291-3785735229-1002Core.job_ => C:\Users\BenjaminA\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3281146613-2168281291-3785735229-1002UA.job_ => C:\Users\BenjaminA\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\NUAutoUpdate.job => C:\Program Files (x86)\Symantec\Norton Utilities 16\SULauncher.exe
Task: C:\WINDOWS\Tasks\NUSchedule.job => C:\Program Files (x86)\Symantec\Norton Utilities 16\nu.exe
Task: C:\WINDOWS\Tasks\Registry Optimizer_DEFAULT.job => C:\Program Files (x86)\WinZip Registry Optimizer\Winzipro.exe
Task: C:\WINDOWS\Tasks\Registry Optimizer_UPDATES.job => C:\Program Files (x86)\WinZip Registry Optimizer\Winzipro.exe

==================== Loaded Modules (whitelisted) =============

2013-09-05 01:36 - 2013-09-05 01:36 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2013-08-30 09:01 - 2013-08-30 09:01 - 03358064 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x64.dll
2014-10-14 23:27 - 2014-10-14 23:27 - 08897696 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2012-08-24 18:26 - 2012-08-24 18:26 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2014-06-05 19:25 - 2013-12-02 17:15 - 00495616 _____ () C:\Program Files (x86)\Gaming Mouse\Monitor.exe
2014-11-22 01:03 - 2014-11-22 01:03 - 00050688 _____ () C:\Program Files\CCleaner\lang\lang-1043.dll
2014-04-14 20:41 - 2014-04-14 20:41 - 00039192 _____ () C:\Program Files\CCleaner\branding.dll
2014-10-11 13:06 - 2014-10-11 13:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-12-28 20:03 - 2012-06-25 03:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2012-09-11 15:01 - 2012-09-11 15:01 - 00009216 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2014-06-05 19:25 - 2013-11-29 14:11 - 00057344 _____ () C:\Program Files (x86)\Gaming Mouse\lan.dll
2014-06-05 19:25 - 2013-11-01 11:57 - 00049152 _____ () C:\Program Files (x86)\Gaming Mouse\hiddriver.dll
2014-12-10 04:21 - 2014-12-10 04:13 - 00158368 _____ () C:\Program Files (x86)\kingsoft\shoujizhushou\zlib1.dll
2014-12-10 04:21 - 2014-12-10 02:48 - 00104096 _____ () C:\Program Files (x86)\kingsoft\shoujizhushou\AdbWinApi2.dll
2014-11-17 17:01 - 2014-11-11 19:48 - 01171456 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2014-11-17 17:01 - 2014-11-11 19:48 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2014-11-17 17:01 - 2014-11-11 19:48 - 00442368 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2014-11-17 17:01 - 2014-11-11 19:47 - 00774656 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2014-11-21 15:16 - 2014-11-18 21:23 - 02227904 _____ () C:\Program Files (x86)\Steam\video.dll
2014-11-17 17:01 - 2014-11-11 19:48 - 00403968 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2014-11-17 17:01 - 2014-11-11 19:48 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2014-11-21 15:16 - 2014-11-18 21:23 - 00690880 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2014-11-21 15:16 - 2014-11-18 21:23 - 00138432 _____ () C:\Program Files (x86)\Steam\bin\audio.dll
2014-11-17 17:01 - 2014-11-11 19:48 - 00071680 _____ () C:\Program Files (x86)\Steam\bin\mssmp3.asi
2014-11-17 17:01 - 2014-11-11 19:48 - 00153088 _____ () C:\Program Files (x86)\Steam\bin\mssvoice.asi
2014-11-17 17:01 - 2014-11-11 19:48 - 34589888 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2014-11-17 17:01 - 2014-11-11 19:48 - 00837824 _____ () C:\Program Files (x86)\Steam\bin\ffmpegsumo.dll
2014-12-13 21:36 - 2014-12-06 02:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-13 21:36 - 2014-12-06 02:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
2014-12-13 21:36 - 2014-12-06 02:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-13 21:36 - 2014-12-06 02:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm
AlternateDataStreams: C:\ProgramData\Temp:792D4CF1
AlternateDataStreams: C:\Users\BenjaminA\OneDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "BtTray"
HKLM\...\StartupApproved\Run: => "BtvStack"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "DivXMediaServer"
HKLM\...\StartupApproved\Run32: => "DivXUpdate"
HKU\S-1-5-21-3281146613-2168281291-3785735229-1002\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
HKU\S-1-5-21-3281146613-2168281291-3785735229-1002\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-3281146613-2168281291-3785735229-1002\...\StartupApproved\Run: => "Lync"
HKU\S-1-5-21-3281146613-2168281291-3785735229-1002\...\StartupApproved\Run: => "ManyCam"

========================= Accounts: ==========================

Administrator (S-1-5-21-3281146613-2168281291-3785735229-500 - Administrator - Disabled)
BenjaminA (S-1-5-21-3281146613-2168281291-3785735229-1002 - Administrator - Enabled) => C:\Users\BenjaminA
Gast (S-1-5-21-3281146613-2168281291-3785735229-501 - Limited - Disabled)
UpdatusUser (S-1-5-21-3281146613-2168281291-3785735229-1001 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============

Name: Bluetooth Audio Device
Description: Bluetooth Audio Device
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Qualcomm Atheros Communications
Service: BTATH_A2DP
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Virtual Bluetooth Support (Include Audio)
Description: Virtual Bluetooth Support (Include Audio)
Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Manufacturer: Qualcomm Atheros Communications
Service: AthBTPort
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Bluetooth LWFLT Device
Description: Bluetooth LWFLT Device
Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Manufacturer: Qualcomm Atheros Communications
Service: BTATH_LWFLT
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver


==================== Event log errors: =========================

Application errors:
==================
Error: (01/07/2015 00:43:53 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Naam van toepassing met fout: 0omw3qk9.exe, versie: 2.1.19357.0, tijdstempel: 0x52e7ea83
Naam van module met fout: 0omw3qk9.exe, versie: 2.1.19357.0, tijdstempel: 0x52e7ea83
Uitzonderingscode: 0xc0000005
Foutmarge: 0x000011aa
Id van proces met fout: 0xad8
Starttijd van toepassing met fout: 0x0omw3qk9.exe0
Pad naar toepassing met fout: 0omw3qk9.exe1
Pad naar module met fout: 0omw3qk9.exe2
Rapport-id: 0omw3qk9.exe3
Volledige pakketnaam met fout: 0omw3qk9.exe4
Relatieve toepassings-id van pakket met fout: 0omw3qk9.exe5

Error: (01/07/2015 00:43:09 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Naam van toepassing met fout: 0omw3qk9.exe, versie: 2.1.19357.0, tijdstempel: 0x52e7ea83
Naam van module met fout: 0omw3qk9.exe, versie: 2.1.19357.0, tijdstempel: 0x52e7ea83
Uitzonderingscode: 0xc0000005
Foutmarge: 0x000011aa
Id van proces met fout: 0x1028
Starttijd van toepassing met fout: 0x0omw3qk9.exe0
Pad naar toepassing met fout: 0omw3qk9.exe1
Pad naar module met fout: 0omw3qk9.exe2
Rapport-id: 0omw3qk9.exe3
Volledige pakketnaam met fout: 0omw3qk9.exe4
Relatieve toepassings-id van pakket met fout: 0omw3qk9.exe5

Error: (01/06/2015 03:47:48 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2438

Error: (01/06/2015 03:47:48 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2438

Error: (01/06/2015 03:47:48 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/06/2015 03:47:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1172

Error: (01/06/2015 03:47:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1172

Error: (01/06/2015 03:47:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/06/2015 03:44:24 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Kan activeringscontext voor 'Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"1' niet maken.
Kan afhankelijke assembly Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762" niet vinden.
Gebruik sxstrace.exe voor een gedetailleerde diagnose.

Error: (01/06/2015 03:44:24 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Kan activeringscontext voor 'Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"1' niet maken.
Kan afhankelijke assembly Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762" niet vinden.
Gebruik sxstrace.exe voor een gedetailleerde diagnose.


System errors:
=============
Error: (01/06/2015 03:42:55 AM) (Source: DCOM) (EventID: 10010) (User: BENJAMIN)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (01/06/2015 03:42:25 AM) (Source: DCOM) (EventID: 10010) (User: BENJAMIN)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (01/06/2015 00:28:26 AM) (Source: DCOM) (EventID: 10010) (User: BENJAMIN)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (01/06/2015 00:28:11 AM) (Source: DCOM) (EventID: 10010) (User: BENJAMIN)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (01/04/2015 06:42:39 AM) (Source: DCOM) (EventID: 10010) (User: BENJAMIN)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (01/04/2015 06:42:08 AM) (Source: DCOM) (EventID: 10010) (User: BENJAMIN)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (12/31/2014 06:21:14 PM) (Source: DCOM) (EventID: 10016) (User: BENJAMIN)
Description: toepassingsspecifiekLokaalActiveren{9E175B6D-F52A-11D8-B9A5-505054503030}{9E175B9C-F52A-11D8-B9A5-505054503030}BenjaminBenjaminAS-1-5-21-3281146613-2168281291-3785735229-1002LocalHost (via LRPC)Niet beschikbaarS-1-15-2-2842188903-3391423967-1894430457-1339949618-3297534351-2759210102-2513908706

Error: (12/29/2014 07:05:25 PM) (Source: DCOM) (EventID: 10010) (User: BENJAMIN)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (12/29/2014 07:04:55 PM) (Source: DCOM) (EventID: 10010) (User: BENJAMIN)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (12/26/2014 00:14:55 AM) (Source: DCOM) (EventID: 10010) (User: BENJAMIN)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}


Microsoft Office Sessions:
=========================
Error: (01/07/2015 00:43:53 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: 0omw3qk9.exe2.1.19357.052e7ea830omw3qk9.exe2.1.19357.052e7ea83c0000005000011aaad801d02a0a999923a7C:\Users\BenjaminA\Downloads\0omw3qk9.exeC:\Users\BenjaminA\Downloads\0omw3qk9.exeded56969-95fd-11e4-beaa-2016d8479fa1

Error: (01/07/2015 00:43:09 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: 0omw3qk9.exe2.1.19357.052e7ea830omw3qk9.exe2.1.19357.052e7ea83c0000005000011aa102801d02a0a7d8b35edC:\Users\BenjaminA\Downloads\0omw3qk9.exeC:\Users\BenjaminA\Downloads\0omw3qk9.exec4920a71-95fd-11e4-beaa-2016d8479fa1

Error: (01/06/2015 03:47:48 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2438

Error: (01/06/2015 03:47:48 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2438

Error: (01/06/2015 03:47:48 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/06/2015 03:47:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1172

Error: (01/06/2015 03:47:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1172

Error: (01/06/2015 03:47:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/06/2015 03:44:24 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"c:\program files (x86)\kingsoft\kingsoft antivirus\update\reboot_update\ksysprescan.exe

Error: (01/06/2015 03:44:24 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"c:\program files (x86)\kingsoft\kingsoft antivirus\update\reboot_update\ksetupwiz.exe


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-3630QM CPU @ 2.40GHz
Percentage of memory in use: 43%
Total physical RAM: 8069.52 MB
Available physical RAM: 4565.7 MB
Total Pagefile: 9349.52 MB
Available Pagefile: 5195.75 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:372.17 GB) (Free:239.19 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Data) (Fixed) (Total:537.6 GB) (Free:449.36 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: F306CAF5)

Partition: GPT Partition Type.

==================== End Of Log ============================


#5 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:43 PM

Posted 08 January 2015 - 05:22 AM

We need to remove some programs with Revo Uninstaller Free:


Note: Revo Uninstaller is more thorough in deleting programs on your computer than using the Add/Remove option in Windows. Since it is a more powerful tool, please be sure to follow the instructions carefully.
Note: If the program you want to uninstall is not listed by Revo, let me know and we will try an altenate method of removal.

  • Please download and install Revo Uninstaller Free
    note: there is no need to click anything on that page, the download will start automatically
  • Double click Revo Uninstaller to run it
  • From the list of programs double click on the listed program(s), or anything similar, to remove it:
    sweet-page uninstall
    
    RegClean-Pro
    
    Ask Toolbar
  • When prompted if you want to uninstall click Yes
  • Be sure the Moderate option is selected then click Next
  • The program will run, If prompted again click Yes
  • When the built-in uninstaller is finished click on Next
  • Once the program has searched for leftovers click Next
  • Check the items in bold only on the list then click Delete
    note: you may have to expand some folders by clicking the "+" mark
  • When prompted click on Yes and then on Next
  • Put a check on any folders that are found and select Delete
  • When prompted select Yes then Next
  • Once done click Finish

 

 

 

Fix with FRST (normal mode)

WARNING: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
 

  • Download the attached fixlist.txt and save it to the location where FRST is saved to.
  • Run FRST.exe (on 64bit, run FRST64.exe) and press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply.

 

 

 

 

Full System Scan with Malwarebytes Antimalware
 

  • If not existing, please download Malwarebytes Anti-Malware to your desktop.
  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

Attached Files


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#6 Benjidebenji

Benjidebenji
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:43 PM

Posted 08 January 2015 - 06:47 PM

Revo uninstaller didn't show regclean pro, but I think the last one got it. 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-01-2015
Ran by BenjaminA at 2015-01-09 00:16:32 Run:1
Running from C:\Users\BenjaminA\Downloads
Loaded Profiles: UpdatusUser & BenjaminA (Available profiles: UpdatusUser & BenjaminA)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm
AlternateDataStreams: C:\ProgramData\Temp:792D4CF1
AlternateDataStreams: C:\Users\BenjaminA\OneDrive:ms-properties
Task: C:\WINDOWS\Tasks\Registry Optimizer_DEFAULT.job => C:\Program Files (x86)\WinZip Registry Optimizer\Winzipro.exe
Task: C:\WINDOWS\Tasks\Registry Optimizer_UPDATES.job => C:\Program Files (x86)\WinZip Registry Optimizer\Winzipro.exe
Task: {64DA63C8-0F7C-4D16-8E5C-60ACB95AAC44} - System32\Tasks\Desk 365 RunAsStdUser => C:\Program Files (x86)\Desk 365\desk365.exe <==== ATTENTION
Task: {37D90B06-8F5A-4788-BEDA-82D858EA371A} - System32\Tasks\Registry Optimizer_UPDATES => C:\Program Files (x86)\WinZip Registry Optimizer\Winzipro.exe
Task: {00E0AD68-D63E-4148-B059-5D7F82F80DE2} - System32\Tasks\Updater21426.exe => C:\Users\BenjaminA\AppData\Local\Updater21426\Updater21426.exe <==== ATTENTION

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sweet-page.com/?type=hp&ts=1406717673&from=cor&uid=ST1000DM003-9YN162_S1D58X4JXXXXS1D58X4J
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.sweet-page.com/?type=hp&ts=1406717673&from=cor&uid=ST1000DM003-9YN162_S1D58X4JXXXXS1D58X4J
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-page.com/web/?type=ds&ts=1406717673&from=cor&uid=ST1000DM003-9YN162_S1D58X4JXXXXS1D58X4J&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-page.com/web/?type=ds&ts=1406717673&from=cor&uid=ST1000DM003-9YN162_S1D58X4JXXXXS1D58X4J&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sweet-page.com/?type=hp&ts=1406717673&from=cor&uid=ST1000DM003-9YN162_S1D58X4JXXXXS1D58X4J
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sweet-page.com/?type=hp&ts=1406717673&from=cor&uid=ST1000DM003-9YN162_S1D58X4JXXXXS1D58X4J
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-page.com/web/?type=ds&ts=1406717673&from=cor&uid=ST1000DM003-9YN162_S1D58X4JXXXXS1D58X4J&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-page.com/web/?type=ds&ts=1406717673&from=cor&uid=ST1000DM003-9YN162_S1D58X4JXXXXS1D58X4J&q={searchTerms}
HKU\S-1-5-21-3281146613-2168281291-3785735229-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sweet-page.com/?type=hp&ts=1406717673&from=cor&uid=ST1000DM003-9YN162_S1D58X4JXXXXS1D58X4J
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.sweet-page.com/web/?type=ds&ts=1406717673&from=cor&uid=ST1000DM003-9YN162_S1D58X4JXXXXS1D58X4J&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.sweet-page.com/web/?type=ds&ts=1406717673&from=cor&uid=ST1000DM003-9YN162_S1D58X4JXXXXS1D58X4J&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.sweet-page.com/web/?type=ds&ts=1406717673&from=cor&uid=ST1000DM003-9YN162_S1D58X4JXXXXS1D58X4J&q={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.sweet-page.com/web/?type=ds&ts=1406717673&from=cor&uid=ST1000DM003-9YN162_S1D58X4JXXXXS1D58X4J&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3281146613-2168281291-3785735229-1002 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKU\S-1-5-21-3281146613-2168281291-3785735229-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3281146613-2168281291-3785735229-1002 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=NIS&chn=retail&geo=NL&ver=21&locale=nl_NL&gct=kwd&qsrc=2869

C:\Users\BenjaminA\AppData\Local\Updater21426
C:\Program Files (x86)\WinZip Registry Optimizer
C:\Program Files (x86)\Desk 365
C:\ProgramData\SetStretch.exe
C:\ProgramData\SMRResults430.dat
C:\Users\BenjaminA\jagex_cl_oldschool_LIVE.dat
C:\Users\BenjaminA\random.dat

EmptyTemp:

*****************

C:\ProgramData\Reprise => ":wupeogjxldtlfudivq`qsp`26hfm" ADS removed successfully.
C:\ProgramData\Temp => ":792D4CF1" ADS removed successfully.
C:\Users\BenjaminA\OneDrive => ":ms-properties" ADS removed successfully.
C:\WINDOWS\Tasks\Registry Optimizer_DEFAULT.job => Moved successfully.
C:\WINDOWS\Tasks\Registry Optimizer_UPDATES.job => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{64DA63C8-0F7C-4D16-8E5C-60ACB95AAC44}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{64DA63C8-0F7C-4D16-8E5C-60ACB95AAC44}" => Key deleted successfully.
C:\Windows\System32\Tasks\Desk 365 RunAsStdUser => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Desk 365 RunAsStdUser" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{37D90B06-8F5A-4788-BEDA-82D858EA371A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{37D90B06-8F5A-4788-BEDA-82D858EA371A}" => Key deleted successfully.
C:\Windows\System32\Tasks\Registry Optimizer_UPDATES => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Registry Optimizer_UPDATES" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{00E0AD68-D63E-4148-B059-5D7F82F80DE2}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{00E0AD68-D63E-4148-B059-5D7F82F80DE2}" => Key deleted successfully.
C:\Windows\System32\Tasks\Updater21426.exe => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Updater21426.exe" => Key deleted successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKU\S-1-5-21-3281146613-2168281291-3785735229-1002\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found. 
HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found. 
HKCR\Wow6432Node\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found. 
HKU\S-1-5-21-3281146613-2168281291-3785735229-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-3281146613-2168281291-3785735229-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. 
"HKU\S-1-5-21-3281146613-2168281291-3785735229-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}" => Key deleted successfully.
HKCR\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} => Key not found. 
"C:\Users\BenjaminA\AppData\Local\Updater21426" => File/Directory not found.
"C:\Program Files (x86)\WinZip Registry Optimizer" => File/Directory not found.
"C:\Program Files (x86)\Desk 365" => File/Directory not found.
C:\ProgramData\SetStretch.exe => Moved successfully.
C:\ProgramData\SMRResults430.dat => Moved successfully.
C:\Users\BenjaminA\jagex_cl_oldschool_LIVE.dat => Moved successfully.
C:\Users\BenjaminA\random.dat => Moved successfully.
EmptyTemp: => Removed 358.4 MB temporary data.


The system needed a reboot. 

==== End of Fixlog 00:17:04 ====
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 9-1-2015
Scan Time: 00:25:33
Logfile: 
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.01.08.18
Rootkit Database: v2015.01.07.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: BenjaminA

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 393685
Time Elapsed: 12 min, 1 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 9
PUP.Optional.SavingsAddon.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Savings Addon, Quarantined, [1be74aab8009e6502c1cb4f2728f1be5], 
PUP.Optional.MyStart.A, HKLM\SOFTWARE\WOW6432NODE\mystarttb, Quarantined, [32d004f15c2def47b92ea0deed1633cd], 
PUP.Optional.SavingsAddon.A, HKLM\SOFTWARE\WOW6432NODE\Savings Addon, Quarantined, [6e94e5107e0b6bcb7d3bc0207391d42c], 
PUP.Optional.SweetPage.A, HKLM\SOFTWARE\WOW6432NODE\sweet-pageSoftware, Quarantined, [57abbf3684053600eef96d697f85cd33], 
PUP.Optional.TornTV.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\nbmafkdmkkckhggblphicnnhlgljnoje, Quarantined, [b9499263a3e649edfaf1a4ef51b29868], 
PUP.Optional.SystemSpeedup, HKLM\SOFTWARE\WOW6432NODE\SYSTWEAK\ssd, Quarantined, [778b3abbacdd55e1bcd99cebdb286799], 
PUP.Optional.SavingsAddon.A, HKU\S-1-5-21-3281146613-2168281291-3785735229-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Savings Addon, Quarantined, [24de7184a5e49b9b6f4b0fd132d2f40c], 
PUP.Optional.InstallCore.A, HKU\S-1-5-21-3281146613-2168281291-3785735229-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, Quarantined, [907204f12d5c35015a108c20927117e9], 
PUP.Optional.InstallCore.A, HKU\S-1-5-21-3281146613-2168281291-3785735229-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, Quarantined, [b9493fb65b2e51e5324ef0d25ca85fa1], 

Registry Values: 1
PUP.Optional.InstallCore.A, HKU\S-1-5-21-3281146613-2168281291-3785735229-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0Z1B1L2Z1S, Quarantined, [b9493fb65b2e51e5324ef0d25ca85fa1]

Registry Data: 0
(No malicious items detected)

Folders: 3
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP, Quarantined, [d929aa4b1970de58bbd43ba9b64e639d], 
PUP.Optional.SavingsAddon.A, C:\Users\BenjaminA\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_iklfnijkecmmkjhjoamnpoemkpoppafe_0, Quarantined, [e41ece270683999df9d4fb4a0af9718f], 
PUP.Optional.SavingsAddon.A, C:\Program Files (x86)\SAVINGS ADDON, Quarantined, [7989e015a8e184b2745c8eb7689bab55], 

Files: 37
PUP.Optional.SavingsAddon.A, C:\Program Files (x86)\Savings Addon\Savings Addon-bg.exe, Quarantined, [f50d9d58404942f456f28c1adf22d42c], 
PUP.Optional.SavingsAddon.A, C:\Program Files (x86)\Savings Addon\Savings Addon-buttonutil64.exe, Quarantined, [2bd724d1c4c55cdab1971294d22ffa06], 
PUP.Optional.SavingsAddon.A, C:\Program Files (x86)\Savings Addon\Uninstall.exe, Quarantined, [1be74aab8009e6502c1cb4f2728f1be5], 
PUP.Optional.SweetIM, C:\Windows\Installer\8a4ce54.msi, Quarantined, [0df525d08ffa9f978dea23908c79c53b], 
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\CHINESE_RCP.INI, Quarantined, [d929aa4b1970de58bbd43ba9b64e639d], 
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\Danish_rcp.ini, Quarantined, [d929aa4b1970de58bbd43ba9b64e639d], 
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\Dutch_rcp.ini, Quarantined, [d929aa4b1970de58bbd43ba9b64e639d], 
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\eng_rcp.ini, Quarantined, [d929aa4b1970de58bbd43ba9b64e639d], 
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\Finnish_rcp_fi.ini, Quarantined, [d929aa4b1970de58bbd43ba9b64e639d], 
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\French_rcp.ini, Quarantined, [d929aa4b1970de58bbd43ba9b64e639d], 
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\German_rcp.ini, Quarantined, [d929aa4b1970de58bbd43ba9b64e639d], 
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\greek_rcp_el.ini, Quarantined, [d929aa4b1970de58bbd43ba9b64e639d], 
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\install_left_image.bmp, Quarantined, [d929aa4b1970de58bbd43ba9b64e639d], 
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\Italian_rcp.ini, Quarantined, [d929aa4b1970de58bbd43ba9b64e639d], 
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\Japanese_rcp.ini, Quarantined, [d929aa4b1970de58bbd43ba9b64e639d], 
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\korean_rcp_ko.ini, Quarantined, [d929aa4b1970de58bbd43ba9b64e639d], 
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\Norwegian_rcp.ini, Quarantined, [d929aa4b1970de58bbd43ba9b64e639d], 
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\polish_rcp_pl.ini, Quarantined, [d929aa4b1970de58bbd43ba9b64e639d], 
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\portugese_rcp_pt.ini, Quarantined, [d929aa4b1970de58bbd43ba9b64e639d], 
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\Portuguese_rcp.ini, Quarantined, [d929aa4b1970de58bbd43ba9b64e639d], 
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\russian_rcp_ru.ini, Quarantined, [d929aa4b1970de58bbd43ba9b64e639d], 
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\Spanish_rcp.ini, Quarantined, [d929aa4b1970de58bbd43ba9b64e639d], 
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\Swedish_rcp.ini, Quarantined, [d929aa4b1970de58bbd43ba9b64e639d], 
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\TPS.ico, Quarantined, [d929aa4b1970de58bbd43ba9b64e639d], 
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\TraditionalCn_rcp_zh-tw.ini, Quarantined, [d929aa4b1970de58bbd43ba9b64e639d], 
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\turkish_rcp_tr.ini, Quarantined, [d929aa4b1970de58bbd43ba9b64e639d], 
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\unins000.dat, Quarantined, [d929aa4b1970de58bbd43ba9b64e639d], 
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\unins000.msg, Quarantined, [d929aa4b1970de58bbd43ba9b64e639d], 
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\xmllite.dll, Quarantined, [d929aa4b1970de58bbd43ba9b64e639d], 
PUP.Optional.SavingsAddon.A, C:\Users\BenjaminA\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_iklfnijkecmmkjhjoamnpoemkpoppafe_0\1, Quarantined, [e41ece270683999df9d4fb4a0af9718f], 
PUP.Optional.SavingsAddon.A, C:\Users\BenjaminA\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_iklfnijkecmmkjhjoamnpoemkpoppafe_0\2, Quarantined, [e41ece270683999df9d4fb4a0af9718f], 
PUP.Optional.SavingsAddon.A, C:\Program Files (x86)\Savings Addon\background.html, Quarantined, [7989e015a8e184b2745c8eb7689bab55], 
PUP.Optional.SavingsAddon.A, C:\Program Files (x86)\Savings Addon\Installer.log, Quarantined, [7989e015a8e184b2745c8eb7689bab55], 
PUP.Optional.SavingsAddon.A, C:\Program Files (x86)\Savings Addon\Savings Addon-buttonutil.dll, Quarantined, [7989e015a8e184b2745c8eb7689bab55], 
PUP.Optional.SavingsAddon.A, C:\Program Files (x86)\Savings Addon\Savings Addon-buttonutil64.dll, Quarantined, [7989e015a8e184b2745c8eb7689bab55], 
PUP.Optional.SavingsAddon.A, C:\Program Files (x86)\Savings Addon\Savings Addon-helper.exe, Quarantined, [7989e015a8e184b2745c8eb7689bab55], 
PUP.Optional.SavingsAddon.A, C:\Program Files (x86)\Savings Addon\Savings Addon.ico, Quarantined, [7989e015a8e184b2745c8eb7689bab55], 

Physical Sectors: 0
(No malicious items detected)


(end)


#7 Benjidebenji

Benjidebenji
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:43 PM

Posted 08 January 2015 - 06:54 PM

It's still there :-(2ngc2mf.png



#8 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:43 PM

Posted 09 January 2015 - 07:35 AM

Scan with ESET Online Scan

Go here to run an online scannner from ESET. Windows Vista/Windows 7/Windows 8 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

  • Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Here's how.
  • Click the blue Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the program to install the "OnlineScanner.cab" activex control by clicking the Install button
  • Once the activex control is installed, on the next screen click on Enable detection of potentially unwanted applications
  • Click on Advanced Settings
  • Make sure that the option Remove found threats is unticked.
  • Ensure these options are ticked
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start
  • Wait for the scan to finish
  • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
  • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
  • Close the ESET online scan, and let me know how things are now.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#9 Benjidebenji

Benjidebenji
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:43 PM

Posted 12 January 2015 - 06:14 PM

C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe.vir	a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\APNSetup.exe.vir	a variant of Win32/Bundled.Toolbar.Ask.E potentially unsafe application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\UpdateManager.exe.vir	a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\MYC3-V7\Source\program files\AskPartnerNetwork\Toolbar\apnmcp.exe.vir	a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\MYC3-V7\Source\program files\AskPartnerNetwork\Toolbar\searchhook.dll.vir	a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\MYC3-V7\Source\program files\AskPartnerNetwork\Toolbar\ServiceLocator.exe.vir	a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\MYC3-V7\Source\program files\AskPartnerNetwork\Toolbar\SO.dll.vir	a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\MYC3-V7\Source\program files\AskPartnerNetwork\Toolbar\toolbar.dll.vir	a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\MYC3-V7\Source\program files\AskPartnerNetwork\Toolbar\Toolbar.exe.vir	a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\MYC3-V7\Source\program files\AskPartnerNetwork\Toolbar\ToolbarPS.dll.vir	a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\MYC3-V7\Source\program files\AskPartnerNetwork\Toolbar\UpdateManager.exe.vir	a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\MYC3-V7\Source\program files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe.vir	a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\MYC3-V7\Source\program files\AskPartnerNetwork\Toolbar\{PartnerID}\Passport.dll.vir	a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe.vir	a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe.vir	a variant of Win32/Conduit.SearchProtect.H potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\SPTool.dll.vir	a variant of Win32/Conduit.SearchProtect.H potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\uninstall.exe.vir	Win32/Conduit.SearchProtect.Q potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe.vir	a variant of Win32/Conduit.SearchProtect.I potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPTool64.exe.vir	a variant of Win64/Conduit.SearchProtect.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32.dll.vir	a variant of Win32/Conduit.SearchProtect.H potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll.vir	a variant of Win32/Conduit.SearchProtect.H potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64.dll.vir	a variant of Win64/Conduit.SearchProtect.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll.vir	a variant of Win64/Conduit.SearchProtect.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\WinZip Registry Optimizer\CleanSchedule.exe.vir	Win32/Systweak.O potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\WinZip Registry Optimizer\Winzipro.exe.vir	a variant of Win32/Systweak potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\WinZip Registry Optimizer\WROUninstall.exe.vir	a variant of Win32/Systweak.P potentially unwanted application
C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir	a variant of Win64/Systweak.A potentially unwanted application
C:\Program Files (x86)\Cheat Engine 6.3\cheatengine-i386.exe	a variant of Win32/HackTool.CheatEngine.AB potentially unsafe application
C:\Program Files (x86)\Cheat Engine 6.3\standalonephase1.dat	a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application
C:\Program Files (x86)\EnterDigital\bin\EnterDigital.PurBrowse64.exe	a variant of Win64/BrowseFox.CL potentially unwanted application
C:\Users\BenjaminA\Documents\APNSetup.exe	a variant of Win32/Bundled.Toolbar.Ask.E potentially unsafe application



#10 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:43 PM

Posted 13 January 2015 - 10:24 AM

Combofix

Combofix should only be run when adviced by a team member!

Link


Important - Save the file to your desktop!


  • Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
  • Run Combofix.exe


When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.

Note: When receiving an error message containing ""Illegal operation attempted on a registry key that has been marked for deletion" simply restart your computer to fix this.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#11 Benjidebenji

Benjidebenji
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:43 PM

Posted 14 January 2015 - 01:58 PM

2ppa542.png

 

:(



#12 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:43 PM

Posted 17 January 2015 - 05:50 AM

My mistake! :wacko:

Are you still facing the issue and, if yes, may this symbol be part of your kingsoft software?


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#13 Benjidebenji

Benjidebenji
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:43 PM

Posted 19 January 2015 - 03:24 AM

The problem is... I'm running windows 8 and the Kingsoft is part of my problem. I'm guessing it's just using the Kingsoft name... 



#14 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:43 PM

Posted 19 January 2015 - 06:20 AM

We need to remove some programs with Revo Uninstaller Free:


Note: Revo Uninstaller is more thorough in deleting programs on your computer than using the Add/Remove option in Windows. Since it is a more powerful tool, please be sure to follow the instructions carefully.
Note: If the program you want to uninstall is not listed by Revo, let me know and we will try an altenate method of removal.

  • Please download and install Revo Uninstaller Free
    note: there is no need to click anything on that page, the download will start automatically
  • Double click Revo Uninstaller to run it
  • From the list of programs double click on the listed program(s), or anything similar, to remove it:

    WinZip Registry Optimizer
    新毒霸(悟空)
  • When prompted if you want to uninstall click Yes
  • Be sure the Moderate option is selected then click Next
  • The program will run, If prompted again click Yes
  • When the built-in uninstaller is finished click on Next
  • Once the program has searched for leftovers click Next
  • Check the items in bold only on the list then click Delete
    note: you may have to expand some folders by clicking the "+" mark
  • When prompted click on Yes and then on Next
  • Put a check on any folders that are found and select Delete
  • When prompted select Yes then Next
  • Once done click Finish

Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#15 Benjidebenji

Benjidebenji
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:43 PM

Posted 20 January 2015 - 02:58 AM

 When I restarted my computer after removing that using Revo I get these pop-ups. I tried again with Revo but can't find it anymore. 

 

My Chinese isn't that good to uninstall that or find out what it is.. :-(.

 

 

20pucgi.png






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users