Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

cbt locker


  • This topic is locked This topic is locked
2 replies to this topic

#1 funbester

funbester

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:07:05 AM

Posted 22 January 2015 - 03:32 PM

Don't know how to remove it.

 

Need one Word-document that is encrypted..

 

frst-log:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-01-2015
Ran by funbester (administrator) on MICHAEL on 21-01-2015 20:41:33
Running from C:\Users\funbester\AppData\Local\Microsoft\Windows\INetCache\IE\URDEPQA1
Loaded Profiles: funbester (Available profiles: funbester)
Platform: Microsoft Windows 8.1 Pro N (X86) OS Language: Nederlands (Nederland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Just Develop It) C:\Program Files\MyPC Backup\BackupStack.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX86\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(XTab system) C:\Program Files\XTab\ProtectService.exe
(Elex do Brasil Participações Ltda) C:\Program Files\Elex-tech\YAC\iSafeTray.exe
(SearchProtect) C:\Program Files\XTab\CmdShell.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
(XTab system) C:\Program Files\XTab\HPNotify.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(BitTorrent Inc.) C:\Users\funbester\AppData\Roaming\uTorrent\uTorrent.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngtool.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\msosync.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\mftutil.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(AVG Technologies) C:\Users\funbester\AppData\Local\Microsoft\Windows\INetCache\IE\3PTY84YB\avg_free_stb_eu_2015_5645_free.exe
(AVG Technologies CZ, s.r.o.) C:\Users\funbester\AppData\Local\Temp\7zS91F4.tmp\avgmfapx.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x86__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\SrTasks.exe
(Microsoft Corporation) C:\Windows\System32\RuntimeBroker.exe
(Microsoft Corporation) C:\Windows\System32\SrTasks.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgidsagent.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgwdsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgemcx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgcsrvx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avguirux.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgrsx.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2419440 2013-08-20] (Synaptics Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-20] (AVAST Software)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2015\avgui.exe [3667472 2014-12-18] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-297319761-413857168-1725417465-1001\...\Run: [uTorrent] => C:\Users\funbester\AppData\Roaming\uTorrent\uTorrent.exe [1374032 2015-01-20] (BitTorrent Inc.)
HKU\S-1-5-21-297319761-413857168-1725417465-1001\...\Run: [GoogleChromeAutoLaunch_7F807182F5C74409F20033BE31793322] => C:\Program Files\Google\Chrome\Application\chrome.exe [856904 2015-01-09] (Google Inc.)
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browsemngr.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browsermngr.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\bundlesweetimsetup.exe: [Debugger] tasklist.exe
IFEO\cltmngsvc.exe: [Debugger]
IFEO\delta babylon.exe: [Debugger] tasklist.exe
IFEO\delta tb.exe: [Debugger] tasklist.exe
IFEO\delta2.exe: [Debugger] tasklist.exe
IFEO\deltainstaller.exe: [Debugger] tasklist.exe
IFEO\deltasetup.exe: [Debugger] tasklist.exe
IFEO\deltatb.exe: [Debugger] tasklist.exe
IFEO\deltatb_2501-c733154b.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\iminentsetup.exe: [Debugger] tasklist.exe
IFEO\jumpflip: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\rjatydimofu.exe: [Debugger] tasklist.exe
IFEO\searchinstaller.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\searchsettings.exe: [Debugger] tasklist.exe
IFEO\searchsettings64.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\sweetimsetup.exe: [Debugger] tasklist.exe
IFEO\tbdelta.exetoolbar783881609.exe: [Debugger] tasklist.exe
IFEO\umbrella.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
IFEO\websteroids.exe: [Debugger] tasklist.exe
IFEO\websteroidsservice.exe: [Debugger] tasklist.exe
Startup: C:\Users\funbester\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files\MyPC Backup\MyPC Backup.exe (No File)
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-297319761-413857168-1725417465-1001\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-297319761-413857168-1725417465-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
HKU\S-1-5-21-297319761-413857168-1725417465-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.be.msn.com/
HKU\S-1-5-21-297319761-413857168-1725417465-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
SearchScopes: HKLM -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=dspp&ts=1421781703&from=wpc&uid=TOSHIBAXMK3263GSXN_50LNT4NYTXX50LNT4NYT&q={searchTerms}
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = http://www.default-search.net/search?sid=476&aid=135&itype=n&ver=11471&tm=304&src=ds&p={searchTerms}
SearchScopes: HKLM -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-297319761-413857168-1725417465-1001 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-297319761-413857168-1725417465-1001 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com/Results.aspx?gd=&ctid=CT3325580&octid=EB_ORIGINAL_CTID&ISID=M91DE72AC-926D-43C5-8A7D-54B16C2910A3&SearchSource=58&CUI=&UM=2&UP=SP1CE71E5C-D45C-4A8A-B666-9DB130B0C5D4&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-297319761-413857168-1725417465-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=dspp&ts=1421781703&from=wpc&uid=TOSHIBAXMK3263GSXN_50LNT4NYTXX50LNT4NYT&q={searchTerms}
SearchScopes: HKU\S-1-5-21-297319761-413857168-1725417465-1001 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = http://www.default-search.net/search?sid=476&aid=135&itype=n&ver=11471&tm=304&src=ds&p={searchTerms}
SearchScopes: HKU\S-1-5-21-297319761-413857168-1725417465-1001 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO: No Name -> {5e8a33bc-a383-418b-b0e9-ada51d32e19a} ->  No File
BHO: No Name -> {739b7f03-5daa-4ec2-8ee6-2da79c7f1505} ->  No File
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: No Name -> {a3144ffd-a759-4258-9488-cc3961c95096} ->  No File
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 195.130.130.5 195.130.131.5

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3522.0110 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKU\S-1-5-21-297319761-413857168-1725417465-1001: vasco.com/VascoCardReaderPlugin -> C:\Users\funbester\AppData\Roaming\VASCO\VascoCardReaderPlugin\3.2.3.4\npVascoCardReaderPlugin.dll (VASCO Data Security)
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-01-20]
FF Extension: No Name - C:\Program Files\RichMediaViewV1\RichMediaViewV1release3358\ff [Not Found]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR DefaultSearchKeyword: Default -> B0A9C2E7E782BB9715E09C2B71A632F979567AA4155F00054210F2EC3C91E30D
CHR DefaultSearchURL: Default -> FF4E4608C9462A6AF1A2DB661E3E5E0B6A9C73B028598E183F4CDFD22E14AE0C
CHR Profile: C:\Users\funbester\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Documenten) - C:\Users\funbester\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-01]
CHR Extension: (Google Drive) - C:\Users\funbester\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-01]
CHR Extension: (YouTube) - C:\Users\funbester\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-01]
CHR Extension: (Google Zoeken) - C:\Users\funbester\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-01]
CHR Extension: (AdBlock) - C:\Users\funbester\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-04-06]
CHR Extension: (Avast Online Security) - C:\Users\funbester\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-01-20]
CHR Extension: (Top Eleven) - C:\Users\funbester\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljphpjlafmmdmegmfbkacafhbegjfkkn [2015-01-04]
CHR Extension: (Google Wallet) - C:\Users\funbester\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-01]
CHR Extension: (Gmail) - C:\Users\funbester\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-01]
CHR Extension: (Gett on Outlookcom) - C:\Users\funbester\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppmjceoiaemcohnikoniifdmoemkegej [2015-01-20]
CHR Extension: (unIsalEs) - C:\ProgramData\bkjiaindpmlnnfahggiomnikoepjcaol\ [2015-01-20]
CHR Extension: (unisaleS) - C:\ProgramData\ohkmbbaiokcajnmfpaadbhdefggaplkf\ [2015-01-20]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-01-20]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-01-20] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3192344 2015-01-20] (Avast Software)
R2 avgfws; C:\Program Files\AVG\AVG2015\avgfws.exe [1486664 2014-12-18] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2015\avgidsagent.exe [3432976 2014-12-18] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [298080 2014-12-18] (AVG Technologies CZ, s.r.o.)
R2 BackupStack; C:\Program Files\MyPC Backup\BackupStack.exe [53832 2014-11-25] (Just Develop It) <==== ATTENTION
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX86\OfficeClickToRun.exe [1679536 2014-11-11] (Microsoft Corporation)
R2 IHProtect Service; C:\Program Files\XTab\ProtectService.exe [158864 2014-12-29] (XTab system)
R2 iSafeService; C:\Program Files\Elex-tech\YAC\iSafeSvc.exe [120128 2015-01-19] (Elex do Brasil Participações Ltda)
S3 ScDeviceEnum; C:\Windows\System32\ScDeviceEnum.dll [105472 2013-08-22] (Microsoft Corporation)
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [770944 2015-01-20] (Enigma Software Group USA, LLC.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [288128 2014-09-22] (Microsoft Corporation)
S3 WEPHOSTSVC; C:\Windows\system32\wephostsvc.dll [20992 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [22192 2014-09-22] (Microsoft Corporation)
S3 workfolderssvc; C:\Windows\system32\workfolderssvc.dll [1222144 2014-07-24] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2015-01-20] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [73480 2015-01-20] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2015-01-20] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2015-01-20] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2015-01-20] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423784 2015-01-20] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [91496 2015-01-20] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2015-01-20] ()
S3 AthDfu; C:\Windows\System32\Drivers\AthDfu.sys [47144 2012-08-22] (Windows ® Win 7 DDK provider)
S0 Avgbootx; C:\Windows\System32\DRIVERS\avgbootx.sys [17424 2013-09-04] (AVG Technologies CZ, s.r.o.)
R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [121624 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\system32\DRIVERS\avgfwd6x.sys [47928 2013-09-26] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [208152 2014-12-08] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [154904 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\system32\DRIVERS\avgidsshimw8x.sys [21272 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [192792 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [230680 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [98584 2014-10-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27416 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpx; C:\Windows\system32\DRIVERS\avgwfpx.sys [207128 2014-09-24] (AVG Technologies CZ, s.r.o.)
R1 BasicRender; C:\Windows\System32\drivers\BasicRender.sys [25600 2014-02-22] (Microsoft Corporation)
S3 BtFilter; C:\Windows\system32\DRIVERS\btfilter.sys [509224 2014-04-28] (Qualcomm Atheros)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [19984 2015-01-20] ()
S3 GPIO; C:\Windows\System32\drivers\iaiogpio.sys [22016 2013-07-23] (Intel Corporation)
R1 iSafeKrnl; C:\Program Files\Elex-tech\YAC\iSafeKrnl.sys [215336 2015-01-19] (Elex do Brasil Participações Ltda)
S3 iSafeKrnlBoot; C:\Windows\System32\DRIVERS\iSafeKrnlBoot.sys [40744 2015-01-19] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlKit; C:\Program Files\Elex-tech\YAC\iSafeKrnlKit.sys [83112 2015-01-19] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlMon; C:\Program Files\Elex-tech\YAC\iSafeKrnlMon.sys [34856 2015-01-19] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlR3; C:\Program Files\Elex-tech\YAC\iSafeKrnlR3.sys [63400 2015-01-19] (Elex do Brasil Participações Ltda)
R1 iSafeNetFilter; C:\Windows\System32\DRIVERS\iSafeNetFilter.sys [44712 2015-01-03] (Elex do Brasil Participações Ltda)
S1 MpKsl165deddf; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F643B035-8210-4DAF-B947-BD56B42F371D}\MpKsl165deddf.sys [39464 2015-01-20] () [File not signed]
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [27888 2013-08-20] (Synaptics Incorporated)
S3 tap0901; C:\Windows\system32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [22016 2013-08-29] (Windows ® Win 7 DDK provider)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [218192 2015-01-20] (Avast Software)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [84800 2014-09-22] (Microsoft Corporation)
R0 Wof; C:\Windows\system32\Drivers\Wof.sys [138584 2014-03-13] (Microsoft Corporation)
S3 WUDFWpdMtp; C:\Windows\system32\DRIVERS\WUDFRd.sys [188416 2014-05-31] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-21 20:41 - 2015-01-21 20:41 - 00000000 ____D () C:\Users\funbester\AppData\Roaming\AVG2015
2015-01-21 20:41 - 2015-01-21 20:41 - 00000000 ____D () C:\FRST
2015-01-21 20:40 - 2015-01-21 20:40 - 00000965 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2015-01-21 20:40 - 2015-01-21 20:40 - 00000000 ____D () C:\Users\funbester\AppData\Roaming\TuneUp Software
2015-01-21 20:40 - 2015-01-21 20:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-01-21 20:38 - 2015-01-21 20:40 - 00000000 ____D () C:\ProgramData\AVG2015
2015-01-21 20:38 - 2015-01-21 20:38 - 00000000 ___HD () C:\$AVG
2015-01-21 20:38 - 2015-01-21 20:38 - 00000000 ____D () C:\Program Files\AVG
2015-01-21 20:36 - 2015-01-21 20:41 - 00000000 ____D () C:\Users\funbester\AppData\Local\Avg2015
2015-01-21 20:36 - 2015-01-21 20:40 - 00000000 ____D () C:\ProgramData\MFAData
2015-01-21 20:36 - 2015-01-21 20:36 - 00000000 ____D () C:\Users\funbester\AppData\Local\MFAData
2015-01-20 22:25 - 2015-01-20 22:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UndeleteMyFiles
2015-01-20 22:25 - 2015-01-20 22:25 - 00000000 ____D () C:\Program Files\UndeleteMyFiles
2015-01-20 22:21 - 2015-01-20 22:21 - 00001886 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\YAC.lnk
2015-01-20 22:21 - 2015-01-20 22:21 - 00001880 _____ () C:\Users\Public\Desktop\YAC.lnk
2015-01-20 22:21 - 2015-01-20 22:21 - 00000000 ____D () C:\Users\funbester\AppData\Roaming\Elex-tech
2015-01-20 22:21 - 2015-01-20 22:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YAC
2015-01-20 22:21 - 2015-01-20 22:21 - 00000000 ____D () C:\Program Files\Elex-tech
2015-01-20 22:21 - 2015-01-19 12:04 - 00040744 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeKrnlBoot.sys
2015-01-20 22:21 - 2015-01-03 09:56 - 00044712 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeNetFilter.sys
2015-01-20 22:20 - 2015-01-20 22:20 - 00000000 ____D () C:\Users\funbester\AppData\Roaming\eCyber
2015-01-20 22:17 - 2015-01-20 22:17 - 00013728 _____ () C:\Users\funbester\Desktop\oberhausen.zip
2015-01-20 22:11 - 2015-01-20 22:11 - 00000000 ____D () C:\Users\funbester\AppData\Local\Microsoft Help
2015-01-20 21:05 - 2015-01-20 21:26 - 00000000 ____D () C:\Windows\system32\vbox
2015-01-20 20:50 - 2015-01-20 21:13 - 00000000 ____D () C:\Users\funbester\AppData\Roaming\Dropbox
2015-01-20 20:46 - 2015-01-20 20:46 - 00000000 ____D () C:\Users\funbester\AppData\Roaming\AVAST Software
2015-01-20 20:45 - 2015-01-20 20:45 - 00002137 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-01-20 20:45 - 2015-01-20 20:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-01-20 20:44 - 2015-01-20 20:45 - 00787800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2015-01-20 20:44 - 2015-01-20 20:45 - 00423784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2015-01-20 20:44 - 2015-01-20 20:45 - 00073480 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2015-01-20 20:44 - 2015-01-20 20:44 - 00291352 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-01-20 20:44 - 2015-01-20 20:44 - 00206248 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-01-20 20:44 - 2015-01-20 20:44 - 00091496 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-01-20 20:44 - 2015-01-20 20:44 - 00081768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-01-20 20:44 - 2015-01-20 20:44 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-01-20 20:44 - 2015-01-20 20:44 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-01-20 20:44 - 2015-01-20 20:44 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-01-20 20:42 - 2015-01-20 20:42 - 00000000 ____D () C:\Program Files\AVAST Software
2015-01-20 20:41 - 2015-01-20 20:42 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-01-20 20:32 - 2015-01-20 20:32 - 00000000 ____D () C:\Windows\system32\X86
2015-01-20 20:32 - 2015-01-20 20:32 - 00000000 ____D () C:\Windows\system32\AMD64
2015-01-20 20:32 - 2015-01-20 20:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EZDownloader
2015-01-20 20:30 - 2015-01-20 20:30 - 00000000 ____D () C:\Users\funbester\AppData\Local\SearchProtect
2015-01-20 20:30 - 2015-01-20 20:30 - 00000000 ____D () C:\ProgramData\bkjiaindpmlnnfahggiomnikoepjcaol
2015-01-20 20:30 - 2015-01-20 20:30 - 00000000 ____D () C:\Program Files\SearchProtect
2015-01-20 20:29 - 2015-01-20 21:03 - 00000000 ____D () C:\ProgramData\{767d44c9-ed96-9a8d-767d-d44c9ed91327}
2015-01-20 20:29 - 2015-01-20 21:02 - 00000000 ____D () C:\ProgramData\{38bdb457-d1b3-1f06-38bd-db457d1bd15f}
2015-01-20 20:28 - 2015-01-20 20:28 - 00000000 __SHD () C:\Users\funbester\AppData\Local\EmieBrowserModeList
2015-01-20 20:26 - 2015-01-20 20:26 - 00000000 ____D () C:\Users\funbester\AppData\Roaming\EZDownloader
2015-01-20 20:24 - 2015-01-20 20:24 - 00001931 _____ () C:\Users\funbester\Desktop\Sync Folder.lnk
2015-01-20 20:23 - 2015-01-20 20:32 - 00001911 _____ () C:\Users\Public\Desktop\EZDownloader.lnk
2015-01-20 20:23 - 2015-01-20 20:23 - 00001043 _____ () C:\Users\funbester\Desktop\MyPC Backup.lnk
2015-01-20 20:23 - 2015-01-20 20:23 - 00000000 ____D () C:\Users\funbester\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
2015-01-20 20:22 - 2015-01-21 20:41 - 00000000 ____D () C:\Program Files\MyPC Backup
2015-01-20 20:21 - 2015-01-20 20:22 - 00000000 ____D () C:\Program Files\XTab
2015-01-20 20:21 - 2015-01-20 20:21 - 00000000 ____D () C:\ProgramData\IHProtectUpDate
2015-01-20 20:20 - 2015-01-20 21:34 - 00000000 ____D () C:\Program Files\Gett on Outlookcom
2015-01-20 20:18 - 2015-01-20 20:18 - 00000000 ____D () C:\ProgramData\ohkmbbaiokcajnmfpaadbhdefggaplkf
2015-01-20 20:18 - 2015-01-20 20:18 - 00000000 ____D () C:\ProgramData\3657328309546891649
2015-01-20 20:17 - 2015-01-20 20:17 - 00000000 ____D () C:\ProgramData\{49db8a63-4b52-9612-49db-b8a634b5298d}
2015-01-20 19:08 - 2015-01-20 19:08 - 00000000 ____D () C:\Users\funbester\AppData\Roaming\Enigma Software Group
2015-01-20 19:06 - 2015-01-20 19:06 - 00019984 _____ () C:\Windows\system32\Drivers\EsgScanner.sys
2015-01-20 19:06 - 2015-01-20 19:06 - 00001260 _____ () C:\Users\funbester\Desktop\SpyHunter.lnk
2015-01-20 19:06 - 2015-01-20 19:06 - 00000000 ____D () C:\Program Files\Enigma Software Group
2015-01-20 18:51 - 2015-01-20 18:51 - 00000000 ____D () C:\Users\funbester\AppData\Roaming\VASCO
2015-01-19 18:38 - 2015-01-19 18:56 - 01068359 _____ () C:\ProgramData\qhdnbrb.html
2015-01-19 17:06 - 2015-01-19 17:06 - 00046512 _____ () C:\Users\funbester\Desktop\basketball.JPG.mddxeck
2015-01-19 17:06 - 2014-12-02 19:18 - 00009888 _____ () C:\Users\funbester\Desktop\CV Clarysse Michael.DOC.mddxeck
2015-01-19 17:06 - 2014-09-21 17:45 - 00013008 _____ () C:\Users\funbester\Desktop\scheidsrechtersrapport 21 sept 14 wedstrijd 7008.RTF.mddxeck
2015-01-19 17:06 - 2014-08-31 12:37 - 00068448 _____ () C:\Users\funbester\Desktop\Kalender 20142015 definitief (1).XLSX.mddxeck
2015-01-13 20:44 - 2014-12-19 06:46 - 00124928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-13 20:44 - 2014-12-12 02:34 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-13 20:44 - 2014-12-12 01:46 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ahcache.sys
2015-01-13 20:44 - 2014-12-09 04:42 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-13 20:44 - 2014-12-08 20:46 - 00485544 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-01-13 20:44 - 2014-12-08 20:46 - 00108944 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-01-13 20:44 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2015-01-13 20:44 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2015-01-13 20:44 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe
2015-01-13 20:44 - 2014-12-06 03:36 - 00273408 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-01-13 20:44 - 2014-12-06 02:28 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-13 20:44 - 2014-12-06 02:23 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2015-01-13 20:44 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
2015-01-13 20:44 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
2015-01-13 20:44 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-01-13 20:44 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-01-13 20:44 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-01-13 20:44 - 2014-10-29 04:07 - 00213336 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-01-13 20:44 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
2015-01-13 20:44 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-01-13 20:44 - 2014-10-29 01:49 - 00694272 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-01-12 14:19 - 2015-01-12 14:19 - 02349664 _____ (VASCO Data Security) C:\Users\funbester\Downloads\VASCOSmartCardReaderPlugin (1).exe
2015-01-12 14:18 - 2015-01-12 14:18 - 02349664 _____ (VASCO Data Security) C:\Users\funbester\Downloads\VASCOSmartCardReaderPlugin.exe
2015-01-12 14:18 - 2015-01-12 14:18 - 00000000 ____D () C:\Users\funbester\AppData\Local\Package Cache
2015-01-12 14:10 - 2015-01-12 14:10 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WUDFUsbccidDriver_01_11_00.Wdf
2015-01-05 11:10 - 2015-01-05 11:10 - 00056433 _____ () C:\Users\funbester\Downloads\Castle.S01E01.DVDRip.XviD-SAiNTS94455.srt
2015-01-01 09:22 - 2015-01-01 09:22 - 00019330 _____ () C:\Users\funbester\Downloads\[www.seedpeer.eu] Castle Season 1 Hdtv Nl Subs Swanheart.SEEDPEER.torrent
2014-12-30 18:54 - 2014-12-30 19:00 - 01209726 ____H () C:\Users\funbester\Desktop\~WRL2622.tmp
2014-12-30 18:54 - 2014-12-30 18:54 - 00000144 ____H () C:\Users\funbester\Desktop\~$rprise.DOCX.mddxeck
2014-12-30 18:54 - 2014-12-30 18:54 - 00000144 ____H () C:\Users\funbester\Desktop\~$rprise (Hersteld).DOCX.mddxeck
2014-12-30 18:54 - 2014-08-31 10:49 - 00000096 ____H () C:\Users\funbester\Desktop\~$Kalender 20142015 definitief (1).XLSX.mddxeck

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-21 20:40 - 2014-04-15 16:10 - 00000000 ____D () C:\Users\funbester\AppData\Roaming\uTorrent
2015-01-21 20:40 - 2013-08-22 09:17 - 00000000 ___HD () C:\Windows\ELAMBKUP
2015-01-21 20:38 - 2014-04-01 13:11 - 00001068 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-21 20:38 - 2014-04-01 13:11 - 00001064 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-21 20:35 - 2014-04-01 12:06 - 01994853 _____ () C:\Windows\WindowsUpdate.log
2015-01-21 20:34 - 2013-08-22 09:17 - 00000000 ____D () C:\Windows\AppReadiness
2015-01-21 20:26 - 2014-04-21 20:45 - 00000000 ___DO () C:\Users\funbester\SkyDrive
2015-01-21 20:23 - 2013-08-22 08:23 - 00021437 _____ () C:\Windows\setupact.log
2015-01-21 20:23 - 2013-08-22 08:23 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-20 22:23 - 2014-04-01 13:11 - 00002383 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-20 22:23 - 2014-04-01 12:07 - 00001644 _____ () C:\Users\funbester\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-20 21:47 - 2014-04-01 12:06 - 00000000 ____D () C:\Users\funbester
2015-01-20 21:45 - 2014-04-01 12:00 - 00094688 _____ () C:\Windows\PFRO.log
2015-01-20 21:34 - 2014-10-02 21:50 - 00000000 ____D () C:\Users\funbester\AppData\Local\22718
2015-01-20 21:34 - 2014-04-01 16:12 - 00000000 ____D () C:\ProgramData\Wincert
2015-01-20 20:52 - 2014-04-01 12:02 - 00000000 __SHD () C:\Recovery
2015-01-20 20:23 - 2013-08-22 09:17 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-01-20 20:00 - 2013-08-22 09:17 - 00000000 ____D () C:\Windows\system32\sru
2015-01-20 18:57 - 2013-08-22 07:13 - 00524288 ___SH () C:\Windows\system32\config\BBI
2015-01-19 22:34 - 2014-08-19 15:59 - 00000000 ____D () C:\Users\funbester\Desktop\white collar
2015-01-19 18:50 - 2014-07-28 10:11 - 00000000 ____D () C:\Users\funbester\Downloads\Person.of.Interest.season.3.2013.deel.21.t,m.23.NL-subs.hdtv.xvid.(DutchreleaseTeam)
2015-01-19 18:49 - 2014-07-06 22:01 - 00000000 ____D () C:\Users\funbester\Desktop\Reis Tunesie
2015-01-19 18:48 - 2014-05-20 11:55 - 00000000 ____D () C:\Users\funbester\Desktop\match kampioen koekelare
2015-01-19 18:44 - 2014-05-06 12:15 - 00000000 ____D () C:\Users\funbester\Documents\scans
2015-01-19 18:44 - 2014-04-24 14:46 - 00000000 ____D () C:\Users\funbester\Desktop\JSF25 KRB Jabbeke 2013-2014
2015-01-19 18:44 - 2014-04-24 12:47 - 00000000 ____D () C:\Users\funbester\Desktop\jeugdsubsidie2013 KRB Jabbeke
2015-01-19 18:43 - 2014-08-19 17:14 - 00000000 ____D () C:\Users\funbester\Downloads\White Collar S01E06 All in HDTV XviD DutchReleaseTeam
2015-01-19 18:43 - 2014-08-19 16:56 - 00000000 ____D () C:\Users\funbester\Downloads\White Collar S01E09 Bad Judgement HDTV XviD DutchReleaseTeam
2015-01-19 18:43 - 2014-08-19 16:56 - 00000000 ____D () C:\Users\funbester\Downloads\White Collar S01E08 Hard Sell HDTV Xvid DutchReleaseTeam
2015-01-19 18:43 - 2014-08-19 16:55 - 00000000 ____D () C:\Users\funbester\Downloads\White Collar S01E07 Free Fall HDTV XviD DutchReleaseTeam
2015-01-19 18:43 - 2014-08-19 16:03 - 00000000 ____D () C:\Users\funbester\Downloads\White Collar S01E10 Vital Signs HDTV XviD DutchReleaseTeam
2015-01-19 18:43 - 2014-04-01 13:52 - 00000000 ____D () C:\Users\funbester\Desktop\krachtbal initiator
2015-01-19 18:39 - 2014-04-15 16:12 - 00000000 ____D () C:\Users\funbester\Downloads\Convert X to DVD v4.1.19.365 Including Keys [h33t][iahq76]
2015-01-19 18:38 - 2014-08-19 19:02 - 00000000 ____D () C:\Users\funbester\Downloads\White Collar S01E12 Bottlenecked HDTV XviD DutchReleaseTeam
2015-01-19 18:38 - 2014-08-19 16:56 - 00000000 ____D () C:\Users\funbester\Downloads\White Collar S01E13 Front Man HDTV XviD DutchReleaseTeam
2015-01-19 18:38 - 2014-08-19 16:08 - 00000000 ____D () C:\Users\funbester\Downloads\White Collar S01E03 Books of Hours HDTV XviD DutchReleaseTeam
2015-01-19 18:38 - 2014-08-19 16:02 - 00000000 ____D () C:\Users\funbester\Downloads\White Collar S01E04 Flip of the Coin HDTV XviD DutchReleaseTeam
2015-01-19 18:38 - 2014-08-19 16:02 - 00000000 ____D () C:\Users\funbester\Downloads\White Collar S01E02 Threads HDTV XviD DutchReleaseTeam
2015-01-19 18:38 - 2014-08-19 16:02 - 00000000 ____D () C:\Users\funbester\Downloads\White Collar S01E01 Pilot HDTV XviD DutchReleaseTeam
2015-01-19 18:38 - 2014-08-19 15:58 - 00000000 ____D () C:\Users\funbester\Downloads\White Collar S01E05 The Portrait HDTV XviD DutchReleaseTeam
2015-01-19 18:38 - 2014-07-28 10:09 - 00000000 ____D () C:\Users\funbester\Downloads\Person.of.Interest.season.3.2013.deel.19&20.NL-subs.hdtv.xvid.(DutchreleaseTeam)
2015-01-19 18:38 - 2014-07-28 10:09 - 00000000 ____D () C:\Users\funbester\Downloads\Person.of.Interest.season.3.2013.deel.15&16.NL-subs.hdtv.xvid.(DutchreleaseTeam)
2015-01-19 18:38 - 2014-07-28 10:08 - 00000000 ____D () C:\Users\funbester\Downloads\Person.of.Interest.season.3.2013.deel.17&18.NL-subs.hdtv.xvid.(DutchreleaseTeam)
2015-01-19 18:38 - 2014-07-28 10:08 - 00000000 ____D () C:\Users\funbester\Downloads\Person.of.Interest.season.3.2013.deel.11&12.NL-subs.hdtv.xvid.(DutchreleaseTeam)
2015-01-19 18:35 - 2014-04-01 16:56 - 00000000 ____D () C:\ProgramData\BrowserProtect
2015-01-19 18:16 - 2014-09-17 21:09 - 00540064 _____ () C:\Users\funbester\Desktop\test fotoronde.DOCX.mddxeck
2015-01-19 18:15 - 2014-09-17 21:09 - 00540208 _____ () C:\Users\funbester\Desktop\fotoronde.DOCX.mddxeck
2015-01-19 16:51 - 2014-05-31 18:21 - 00552912 _____ () C:\Users\funbester\Downloads\Overlapronde 1.PDF.mddxeck
2015-01-19 14:24 - 2014-05-31 18:21 - 01761936 _____ () C:\Users\funbester\Downloads\city-guide-essen.PDF.mddxeck
2015-01-19 12:06 - 2014-04-05 14:44 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-19 12:06 - 2013-08-22 09:06 - 00000000 ____D () C:\Windows\CbsTemp
2015-01-19 12:00 - 2014-04-05 14:44 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-19 11:57 - 2013-08-22 09:16 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-01-18 18:34 - 2014-04-15 08:33 - 00000000 ____D () C:\Users\funbester\AppData\Roaming\vlc
2015-01-12 11:31 - 2014-05-31 18:21 - 00838544 _____ () C:\Users\funbester\Downloads\feinstaubplakette-ratgeber.PDF.mddxeck
2015-01-06 01:08 - 2014-06-20 20:33 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-01-06 01:08 - 2014-06-20 20:33 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-01-05 11:24 - 2014-05-31 17:08 - 08444352 _____ () C:\Users\funbester\Downloads\salora-40led8100cs-nl-en-fr.PDF.mddxeck
2015-01-05 11:24 - 2014-05-31 17:08 - 08444352 _____ () C:\Users\funbester\Downloads\salora-40led8100cs-nl-en-fr (1).PDF.mddxeck
2015-01-05 11:00 - 2014-05-31 18:21 - 00028096 _____ () C:\Users\funbester\Downloads\Telenet-25165723.PDF.mddxeck
2015-01-05 10:34 - 2014-05-31 18:21 - 00028096 _____ () C:\Users\funbester\Downloads\Telenet-25165165.PDF.mddxeck
2015-01-04 21:56 - 2014-09-17 21:09 - 00638640 _____ () C:\Users\funbester\Desktop\surprise (Hersteld).DOCX.mddxeck
2015-01-04 12:33 - 2014-05-31 18:21 - 00753664 _____ () C:\Users\funbester\Downloads\powerline_devolo_i13_instal_press.PDF.mddxeck
2015-01-02 21:53 - 2014-04-01 12:09 - 00005430 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-02 21:53 - 2013-08-22 15:35 - 01381922 _____ () C:\Windows\system32\perfh013.dat
2015-01-02 21:53 - 2013-08-22 15:35 - 00346536 _____ () C:\Windows\system32\perfc013.dat
2015-01-02 18:39 - 2014-05-31 18:21 - 00421840 _____ () C:\Users\funbester\Downloads\Castle.Season.1.Ep.1-10.RAR.mddxeck
2014-12-31 12:13 - 2014-04-05 13:49 - 00249488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-12-29 22:32 - 2014-09-17 21:09 - 00307504 _____ () C:\Users\funbester\Desktop\surprise.DOCX.mddxeck
2014-12-23 21:06 - 2014-09-17 21:09 - 00173376 _____ () C:\Users\funbester\Desktop\tussenronde1.PDF.mddxeck
2014-12-22 19:32 - 2014-04-01 13:44 - 00000000 ____D () C:\Program Files\Microsoft Office 15

==================== Files in the root of some directories =======
2014-04-15 11:26 - 2014-04-15 11:26 - 0087608 _____ () C:\Users\funbester\AppData\Roaming\inst.exe
2014-04-15 11:26 - 2014-04-15 11:26 - 0007887 _____ () C:\Users\funbester\AppData\Roaming\pcouffin.cat
2014-04-15 11:26 - 2014-04-15 11:26 - 0001144 _____ () C:\Users\funbester\AppData\Roaming\pcouffin.inf
2014-04-15 11:26 - 2014-04-15 11:26 - 0000055 _____ () C:\Users\funbester\AppData\Roaming\pcouffin.log
2014-04-15 11:26 - 2014-04-15 11:26 - 0047360 _____ (VSO Software) C:\Users\funbester\AppData\Roaming\pcouffin.sys
2014-04-15 16:20 - 2014-04-20 20:45 - 0001189 _____ () C:\Users\funbester\AppData\Roaming\vso_ts_preview.xml
2014-04-11 17:31 - 2014-04-11 17:31 - 0000057 _____ () C:\ProgramData\Ament.ini
2015-01-19 18:38 - 2015-01-19 18:56 - 1068359 _____ () C:\ProgramData\qhdnbrb.html

Some content of TEMP:
====================
C:\Users\funbester\AppData\Local\Temp\2F77.exe
C:\Users\funbester\AppData\Local\Temp\673431824a.exe
C:\Users\funbester\AppData\Local\Temp\BuenoSearchTB.exe
C:\Users\funbester\AppData\Local\Temp\BundleSweetIMSetup.exe
C:\Users\funbester\AppData\Local\Temp\d9341C.exe
C:\Users\funbester\AppData\Local\Temp\Delta.exe
C:\Users\funbester\AppData\Local\Temp\DeltaTB.exe
C:\Users\funbester\AppData\Local\Temp\dlLogic.exe
C:\Users\funbester\AppData\Local\Temp\dltr.exe
C:\Users\funbester\AppData\Local\Temp\drv2184.exe
C:\Users\funbester\AppData\Local\Temp\drvinst-1.exe
C:\Users\funbester\AppData\Local\Temp\GCVerifier.dll
C:\Users\funbester\AppData\Local\Temp\MybabylonTB.exe
C:\Users\funbester\AppData\Local\Temp\OnlineBackup.exe
C:\Users\funbester\AppData\Local\Temp\PidGenX.dll
C:\Users\funbester\AppData\Local\Temp\SettingsManagerSetup.exe
C:\Users\funbester\AppData\Local\Temp\Softonic_NL_1-5-10_NL-Production_10_CleanRelease.exe
C:\Users\funbester\AppData\Local\Temp\upd6685.exe
C:\Users\funbester\AppData\Local\Temp\vcredist_x86.exe
C:\Users\funbester\AppData\Local\Temp\verifier.exe
C:\Users\funbester\AppData\Local\Temp\WSSetup.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-12-31 09:47

==================== End Of Log ============================

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-01-2015
Ran by funbester (administrator) on MICHAEL on 21-01-2015 20:41:33
Running from C:\Users\funbester\AppData\Local\Microsoft\Windows\INetCache\IE\URDEPQA1
Loaded Profiles: funbester (Available profiles: funbester)
Platform: Microsoft Windows 8.1 Pro N (X86) OS Language: Nederlands (Nederland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Just Develop It) C:\Program Files\MyPC Backup\BackupStack.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX86\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(XTab system) C:\Program Files\XTab\ProtectService.exe
(Elex do Brasil Participações Ltda) C:\Program Files\Elex-tech\YAC\iSafeTray.exe
(SearchProtect) C:\Program Files\XTab\CmdShell.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
(XTab system) C:\Program Files\XTab\HPNotify.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(BitTorrent Inc.) C:\Users\funbester\AppData\Roaming\uTorrent\uTorrent.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngtool.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\msosync.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\mftutil.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(AVG Technologies) C:\Users\funbester\AppData\Local\Microsoft\Windows\INetCache\IE\3PTY84YB\avg_free_stb_eu_2015_5645_free.exe
(AVG Technologies CZ, s.r.o.) C:\Users\funbester\AppData\Local\Temp\7zS91F4.tmp\avgmfapx.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x86__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\SrTasks.exe
(Microsoft Corporation) C:\Windows\System32\RuntimeBroker.exe
(Microsoft Corporation) C:\Windows\System32\SrTasks.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgidsagent.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgwdsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgemcx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgcsrvx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avguirux.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgrsx.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2419440 2013-08-20] (Synaptics Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-20] (AVAST Software)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2015\avgui.exe [3667472 2014-12-18] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-297319761-413857168-1725417465-1001\...\Run: [uTorrent] => C:\Users\funbester\AppData\Roaming\uTorrent\uTorrent.exe [1374032 2015-01-20] (BitTorrent Inc.)
HKU\S-1-5-21-297319761-413857168-1725417465-1001\...\Run: [GoogleChromeAutoLaunch_7F807182F5C74409F20033BE31793322] => C:\Program Files\Google\Chrome\Application\chrome.exe [856904 2015-01-09] (Google Inc.)
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browsemngr.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browsermngr.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\bundlesweetimsetup.exe: [Debugger] tasklist.exe
IFEO\cltmngsvc.exe: [Debugger]
IFEO\delta babylon.exe: [Debugger] tasklist.exe
IFEO\delta tb.exe: [Debugger] tasklist.exe
IFEO\delta2.exe: [Debugger] tasklist.exe
IFEO\deltainstaller.exe: [Debugger] tasklist.exe
IFEO\deltasetup.exe: [Debugger] tasklist.exe
IFEO\deltatb.exe: [Debugger] tasklist.exe
IFEO\deltatb_2501-c733154b.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\iminentsetup.exe: [Debugger] tasklist.exe
IFEO\jumpflip: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\rjatydimofu.exe: [Debugger] tasklist.exe
IFEO\searchinstaller.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\searchsettings.exe: [Debugger] tasklist.exe
IFEO\searchsettings64.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\sweetimsetup.exe: [Debugger] tasklist.exe
IFEO\tbdelta.exetoolbar783881609.exe: [Debugger] tasklist.exe
IFEO\umbrella.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
IFEO\websteroids.exe: [Debugger] tasklist.exe
IFEO\websteroidsservice.exe: [Debugger] tasklist.exe
Startup: C:\Users\funbester\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files\MyPC Backup\MyPC Backup.exe (No File)
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-297319761-413857168-1725417465-1001\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-297319761-413857168-1725417465-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
HKU\S-1-5-21-297319761-413857168-1725417465-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.be.msn.com/
HKU\S-1-5-21-297319761-413857168-1725417465-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
SearchScopes: HKLM -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=dspp&ts=1421781703&from=wpc&uid=TOSHIBAXMK3263GSXN_50LNT4NYTXX50LNT4NYT&q={searchTerms}
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = http://www.default-search.net/search?sid=476&aid=135&itype=n&ver=11471&tm=304&src=ds&p={searchTerms}
SearchScopes: HKLM -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-297319761-413857168-1725417465-1001 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-297319761-413857168-1725417465-1001 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com/Results.aspx?gd=&ctid=CT3325580&octid=EB_ORIGINAL_CTID&ISID=M91DE72AC-926D-43C5-8A7D-54B16C2910A3&SearchSource=58&CUI=&UM=2&UP=SP1CE71E5C-D45C-4A8A-B666-9DB130B0C5D4&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-297319761-413857168-1725417465-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=dspp&ts=1421781703&from=wpc&uid=TOSHIBAXMK3263GSXN_50LNT4NYTXX50LNT4NYT&q={searchTerms}
SearchScopes: HKU\S-1-5-21-297319761-413857168-1725417465-1001 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = http://www.default-search.net/search?sid=476&aid=135&itype=n&ver=11471&tm=304&src=ds&p={searchTerms}
SearchScopes: HKU\S-1-5-21-297319761-413857168-1725417465-1001 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO: No Name -> {5e8a33bc-a383-418b-b0e9-ada51d32e19a} ->  No File
BHO: No Name -> {739b7f03-5daa-4ec2-8ee6-2da79c7f1505} ->  No File
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: No Name -> {a3144ffd-a759-4258-9488-cc3961c95096} ->  No File
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 195.130.130.5 195.130.131.5

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3522.0110 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKU\S-1-5-21-297319761-413857168-1725417465-1001: vasco.com/VascoCardReaderPlugin -> C:\Users\funbester\AppData\Roaming\VASCO\VascoCardReaderPlugin\3.2.3.4\npVascoCardReaderPlugin.dll (VASCO Data Security)
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-01-20]
FF Extension: No Name - C:\Program Files\RichMediaViewV1\RichMediaViewV1release3358\ff [Not Found]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR DefaultSearchKeyword: Default -> B0A9C2E7E782BB9715E09C2B71A632F979567AA4155F00054210F2EC3C91E30D
CHR DefaultSearchURL: Default -> FF4E4608C9462A6AF1A2DB661E3E5E0B6A9C73B028598E183F4CDFD22E14AE0C
CHR Profile: C:\Users\funbester\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Documenten) - C:\Users\funbester\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-01]
CHR Extension: (Google Drive) - C:\Users\funbester\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-01]
CHR Extension: (YouTube) - C:\Users\funbester\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-01]
CHR Extension: (Google Zoeken) - C:\Users\funbester\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-01]
CHR Extension: (AdBlock) - C:\Users\funbester\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-04-06]
CHR Extension: (Avast Online Security) - C:\Users\funbester\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-01-20]
CHR Extension: (Top Eleven) - C:\Users\funbester\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljphpjlafmmdmegmfbkacafhbegjfkkn [2015-01-04]
CHR Extension: (Google Wallet) - C:\Users\funbester\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-01]
CHR Extension: (Gmail) - C:\Users\funbester\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-01]
CHR Extension: (Gett on Outlookcom) - C:\Users\funbester\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppmjceoiaemcohnikoniifdmoemkegej [2015-01-20]
CHR Extension: (unIsalEs) - C:\ProgramData\bkjiaindpmlnnfahggiomnikoepjcaol\ [2015-01-20]
CHR Extension: (unisaleS) - C:\ProgramData\ohkmbbaiokcajnmfpaadbhdefggaplkf\ [2015-01-20]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-01-20]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-01-20] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3192344 2015-01-20] (Avast Software)
R2 avgfws; C:\Program Files\AVG\AVG2015\avgfws.exe [1486664 2014-12-18] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2015\avgidsagent.exe [3432976 2014-12-18] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [298080 2014-12-18] (AVG Technologies CZ, s.r.o.)
R2 BackupStack; C:\Program Files\MyPC Backup\BackupStack.exe [53832 2014-11-25] (Just Develop It) <==== ATTENTION
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX86\OfficeClickToRun.exe [1679536 2014-11-11] (Microsoft Corporation)
R2 IHProtect Service; C:\Program Files\XTab\ProtectService.exe [158864 2014-12-29] (XTab system)
R2 iSafeService; C:\Program Files\Elex-tech\YAC\iSafeSvc.exe [120128 2015-01-19] (Elex do Brasil Participações Ltda)
S3 ScDeviceEnum; C:\Windows\System32\ScDeviceEnum.dll [105472 2013-08-22] (Microsoft Corporation)
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [770944 2015-01-20] (Enigma Software Group USA, LLC.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [288128 2014-09-22] (Microsoft Corporation)
S3 WEPHOSTSVC; C:\Windows\system32\wephostsvc.dll [20992 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [22192 2014-09-22] (Microsoft Corporation)
S3 workfolderssvc; C:\Windows\system32\workfolderssvc.dll [1222144 2014-07-24] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2015-01-20] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [73480 2015-01-20] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2015-01-20] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2015-01-20] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2015-01-20] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423784 2015-01-20] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [91496 2015-01-20] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2015-01-20] ()
S3 AthDfu; C:\Windows\System32\Drivers\AthDfu.sys [47144 2012-08-22] (Windows ® Win 7 DDK provider)
S0 Avgbootx; C:\Windows\System32\DRIVERS\avgbootx.sys [17424 2013-09-04] (AVG Technologies CZ, s.r.o.)
R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [121624 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\system32\DRIVERS\avgfwd6x.sys [47928 2013-09-26] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [208152 2014-12-08] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [154904 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\system32\DRIVERS\avgidsshimw8x.sys [21272 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [192792 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [230680 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [98584 2014-10-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27416 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpx; C:\Windows\system32\DRIVERS\avgwfpx.sys [207128 2014-09-24] (AVG Technologies CZ, s.r.o.)
R1 BasicRender; C:\Windows\System32\drivers\BasicRender.sys [25600 2014-02-22] (Microsoft Corporation)
S3 BtFilter; C:\Windows\system32\DRIVERS\btfilter.sys [509224 2014-04-28] (Qualcomm Atheros)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [19984 2015-01-20] ()
S3 GPIO; C:\Windows\System32\drivers\iaiogpio.sys [22016 2013-07-23] (Intel Corporation)
R1 iSafeKrnl; C:\Program Files\Elex-tech\YAC\iSafeKrnl.sys [215336 2015-01-19] (Elex do Brasil Participações Ltda)
S3 iSafeKrnlBoot; C:\Windows\System32\DRIVERS\iSafeKrnlBoot.sys [40744 2015-01-19] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlKit; C:\Program Files\Elex-tech\YAC\iSafeKrnlKit.sys [83112 2015-01-19] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlMon; C:\Program Files\Elex-tech\YAC\iSafeKrnlMon.sys [34856 2015-01-19] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlR3; C:\Program Files\Elex-tech\YAC\iSafeKrnlR3.sys [63400 2015-01-19] (Elex do Brasil Participações Ltda)
R1 iSafeNetFilter; C:\Windows\System32\DRIVERS\iSafeNetFilter.sys [44712 2015-01-03] (Elex do Brasil Participações Ltda)
S1 MpKsl165deddf; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F643B035-8210-4DAF-B947-BD56B42F371D}\MpKsl165deddf.sys [39464 2015-01-20] () [File not signed]
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [27888 2013-08-20] (Synaptics Incorporated)
S3 tap0901; C:\Windows\system32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [22016 2013-08-29] (Windows ® Win 7 DDK provider)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [218192 2015-01-20] (Avast Software)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [84800 2014-09-22] (Microsoft Corporation)
R0 Wof; C:\Windows\system32\Drivers\Wof.sys [138584 2014-03-13] (Microsoft Corporation)
S3 WUDFWpdMtp; C:\Windows\system32\DRIVERS\WUDFRd.sys [188416 2014-05-31] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-21 20:41 - 2015-01-21 20:41 - 00000000 ____D () C:\Users\funbester\AppData\Roaming\AVG2015
2015-01-21 20:41 - 2015-01-21 20:41 - 00000000 ____D () C:\FRST
2015-01-21 20:40 - 2015-01-21 20:40 - 00000965 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2015-01-21 20:40 - 2015-01-21 20:40 - 00000000 ____D () C:\Users\funbester\AppData\Roaming\TuneUp Software
2015-01-21 20:40 - 2015-01-21 20:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-01-21 20:38 - 2015-01-21 20:40 - 00000000 ____D () C:\ProgramData\AVG2015
2015-01-21 20:38 - 2015-01-21 20:38 - 00000000 ___HD () C:\$AVG
2015-01-21 20:38 - 2015-01-21 20:38 - 00000000 ____D () C:\Program Files\AVG
2015-01-21 20:36 - 2015-01-21 20:41 - 00000000 ____D () C:\Users\funbester\AppData\Local\Avg2015
2015-01-21 20:36 - 2015-01-21 20:40 - 00000000 ____D () C:\ProgramData\MFAData
2015-01-21 20:36 - 2015-01-21 20:36 - 00000000 ____D () C:\Users\funbester\AppData\Local\MFAData
2015-01-20 22:25 - 2015-01-20 22:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UndeleteMyFiles
2015-01-20 22:25 - 2015-01-20 22:25 - 00000000 ____D () C:\Program Files\UndeleteMyFiles
2015-01-20 22:21 - 2015-01-20 22:21 - 00001886 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\YAC.lnk
2015-01-20 22:21 - 2015-01-20 22:21 - 00001880 _____ () C:\Users\Public\Desktop\YAC.lnk
2015-01-20 22:21 - 2015-01-20 22:21 - 00000000 ____D () C:\Users\funbester\AppData\Roaming\Elex-tech
2015-01-20 22:21 - 2015-01-20 22:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YAC
2015-01-20 22:21 - 2015-01-20 22:21 - 00000000 ____D () C:\Program Files\Elex-tech
2015-01-20 22:21 - 2015-01-19 12:04 - 00040744 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeKrnlBoot.sys
2015-01-20 22:21 - 2015-01-03 09:56 - 00044712 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeNetFilter.sys
2015-01-20 22:20 - 2015-01-20 22:20 - 00000000 ____D () C:\Users\funbester\AppData\Roaming\eCyber
2015-01-20 22:17 - 2015-01-20 22:17 - 00013728 _____ () C:\Users\funbester\Desktop\oberhausen.zip
2015-01-20 22:11 - 2015-01-20 22:11 - 00000000 ____D () C:\Users\funbester\AppData\Local\Microsoft Help
2015-01-20 21:05 - 2015-01-20 21:26 - 00000000 ____D () C:\Windows\system32\vbox
2015-01-20 20:50 - 2015-01-20 21:13 - 00000000 ____D () C:\Users\funbester\AppData\Roaming\Dropbox
2015-01-20 20:46 - 2015-01-20 20:46 - 00000000 ____D () C:\Users\funbester\AppData\Roaming\AVAST Software
2015-01-20 20:45 - 2015-01-20 20:45 - 00002137 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-01-20 20:45 - 2015-01-20 20:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-01-20 20:44 - 2015-01-20 20:45 - 00787800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2015-01-20 20:44 - 2015-01-20 20:45 - 00423784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2015-01-20 20:44 - 2015-01-20 20:45 - 00073480 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2015-01-20 20:44 - 2015-01-20 20:44 - 00291352 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-01-20 20:44 - 2015-01-20 20:44 - 00206248 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-01-20 20:44 - 2015-01-20 20:44 - 00091496 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-01-20 20:44 - 2015-01-20 20:44 - 00081768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-01-20 20:44 - 2015-01-20 20:44 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-01-20 20:44 - 2015-01-20 20:44 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-01-20 20:44 - 2015-01-20 20:44 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-01-20 20:42 - 2015-01-20 20:42 - 00000000 ____D () C:\Program Files\AVAST Software
2015-01-20 20:41 - 2015-01-20 20:42 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-01-20 20:32 - 2015-01-20 20:32 - 00000000 ____D () C:\Windows\system32\X86
2015-01-20 20:32 - 2015-01-20 20:32 - 00000000 ____D () C:\Windows\system32\AMD64
2015-01-20 20:32 - 2015-01-20 20:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EZDownloader
2015-01-20 20:30 - 2015-01-20 20:30 - 00000000 ____D () C:\Users\funbester\AppData\Local\SearchProtect
2015-01-20 20:30 - 2015-01-20 20:30 - 00000000 ____D () C:\ProgramData\bkjiaindpmlnnfahggiomnikoepjcaol
2015-01-20 20:30 - 2015-01-20 20:30 - 00000000 ____D () C:\Program Files\SearchProtect
2015-01-20 20:29 - 2015-01-20 21:03 - 00000000 ____D () C:\ProgramData\{767d44c9-ed96-9a8d-767d-d44c9ed91327}
2015-01-20 20:29 - 2015-01-20 21:02 - 00000000 ____D () C:\ProgramData\{38bdb457-d1b3-1f06-38bd-db457d1bd15f}
2015-01-20 20:28 - 2015-01-20 20:28 - 00000000 __SHD () C:\Users\funbester\AppData\Local\EmieBrowserModeList
2015-01-20 20:26 - 2015-01-20 20:26 - 00000000 ____D () C:\Users\funbester\AppData\Roaming\EZDownloader
2015-01-20 20:24 - 2015-01-20 20:24 - 00001931 _____ () C:\Users\funbester\Desktop\Sync Folder.lnk
2015-01-20 20:23 - 2015-01-20 20:32 - 00001911 _____ () C:\Users\Public\Desktop\EZDownloader.lnk
2015-01-20 20:23 - 2015-01-20 20:23 - 00001043 _____ () C:\Users\funbester\Desktop\MyPC Backup.lnk
2015-01-20 20:23 - 2015-01-20 20:23 - 00000000 ____D () C:\Users\funbester\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
2015-01-20 20:22 - 2015-01-21 20:41 - 00000000 ____D () C:\Program Files\MyPC Backup
2015-01-20 20:21 - 2015-01-20 20:22 - 00000000 ____D () C:\Program Files\XTab
2015-01-20 20:21 - 2015-01-20 20:21 - 00000000 ____D () C:\ProgramData\IHProtectUpDate
2015-01-20 20:20 - 2015-01-20 21:34 - 00000000 ____D () C:\Program Files\Gett on Outlookcom
2015-01-20 20:18 - 2015-01-20 20:18 - 00000000 ____D () C:\ProgramData\ohkmbbaiokcajnmfpaadbhdefggaplkf
2015-01-20 20:18 - 2015-01-20 20:18 - 00000000 ____D () C:\ProgramData\3657328309546891649
2015-01-20 20:17 - 2015-01-20 20:17 - 00000000 ____D () C:\ProgramData\{49db8a63-4b52-9612-49db-b8a634b5298d}
2015-01-20 19:08 - 2015-01-20 19:08 - 00000000 ____D () C:\Users\funbester\AppData\Roaming\Enigma Software Group
2015-01-20 19:06 - 2015-01-20 19:06 - 00019984 _____ () C:\Windows\system32\Drivers\EsgScanner.sys
2015-01-20 19:06 - 2015-01-20 19:06 - 00001260 _____ () C:\Users\funbester\Desktop\SpyHunter.lnk
2015-01-20 19:06 - 2015-01-20 19:06 - 00000000 ____D () C:\Program Files\Enigma Software Group
2015-01-20 18:51 - 2015-01-20 18:51 - 00000000 ____D () C:\Users\funbester\AppData\Roaming\VASCO
2015-01-19 18:38 - 2015-01-19 18:56 - 01068359 _____ () C:\ProgramData\qhdnbrb.html
2015-01-19 17:06 - 2015-01-19 17:06 - 00046512 _____ () C:\Users\funbester\Desktop\basketball.JPG.mddxeck
2015-01-19 17:06 - 2014-12-02 19:18 - 00009888 _____ () C:\Users\funbester\Desktop\CV Clarysse Michael.DOC.mddxeck
2015-01-19 17:06 - 2014-09-21 17:45 - 00013008 _____ () C:\Users\funbester\Desktop\scheidsrechtersrapport 21 sept 14 wedstrijd 7008.RTF.mddxeck
2015-01-19 17:06 - 2014-08-31 12:37 - 00068448 _____ () C:\Users\funbester\Desktop\Kalender 20142015 definitief (1).XLSX.mddxeck
2015-01-13 20:44 - 2014-12-19 06:46 - 00124928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-13 20:44 - 2014-12-12 02:34 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-13 20:44 - 2014-12-12 01:46 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ahcache.sys
2015-01-13 20:44 - 2014-12-09 04:42 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-13 20:44 - 2014-12-08 20:46 - 00485544 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-01-13 20:44 - 2014-12-08 20:46 - 00108944 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-01-13 20:44 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2015-01-13 20:44 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2015-01-13 20:44 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe
2015-01-13 20:44 - 2014-12-06 03:36 - 00273408 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-01-13 20:44 - 2014-12-06 02:28 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-13 20:44 - 2014-12-06 02:23 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2015-01-13 20:44 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
2015-01-13 20:44 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
2015-01-13 20:44 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-01-13 20:44 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-01-13 20:44 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-01-13 20:44 - 2014-10-29 04:07 - 00213336 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-01-13 20:44 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
2015-01-13 20:44 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-01-13 20:44 - 2014-10-29 01:49 - 00694272 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-01-12 14:19 - 2015-01-12 14:19 - 02349664 _____ (VASCO Data Security) C:\Users\funbester\Downloads\VASCOSmartCardReaderPlugin (1).exe
2015-01-12 14:18 - 2015-01-12 14:18 - 02349664 _____ (VASCO Data Security) C:\Users\funbester\Downloads\VASCOSmartCardReaderPlugin.exe
2015-01-12 14:18 - 2015-01-12 14:18 - 00000000 ____D () C:\Users\funbester\AppData\Local\Package Cache
2015-01-12 14:10 - 2015-01-12 14:10 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WUDFUsbccidDriver_01_11_00.Wdf
2015-01-05 11:10 - 2015-01-05 11:10 - 00056433 _____ () C:\Users\funbester\Downloads\Castle.S01E01.DVDRip.XviD-SAiNTS94455.srt
2015-01-01 09:22 - 2015-01-01 09:22 - 00019330 _____ () C:\Users\funbester\Downloads\[www.seedpeer.eu] Castle Season 1 Hdtv Nl Subs Swanheart.SEEDPEER.torrent
2014-12-30 18:54 - 2014-12-30 19:00 - 01209726 ____H () C:\Users\funbester\Desktop\~WRL2622.tmp
2014-12-30 18:54 - 2014-12-30 18:54 - 00000144 ____H () C:\Users\funbester\Desktop\~$rprise.DOCX.mddxeck
2014-12-30 18:54 - 2014-12-30 18:54 - 00000144 ____H () C:\Users\funbester\Desktop\~$rprise (Hersteld).DOCX.mddxeck
2014-12-30 18:54 - 2014-08-31 10:49 - 00000096 ____H () C:\Users\funbester\Desktop\~$Kalender 20142015 definitief (1).XLSX.mddxeck

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-21 20:40 - 2014-04-15 16:10 - 00000000 ____D () C:\Users\funbester\AppData\Roaming\uTorrent
2015-01-21 20:40 - 2013-08-22 09:17 - 00000000 ___HD () C:\Windows\ELAMBKUP
2015-01-21 20:38 - 2014-04-01 13:11 - 00001068 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-21 20:38 - 2014-04-01 13:11 - 00001064 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-21 20:35 - 2014-04-01 12:06 - 01994853 _____ () C:\Windows\WindowsUpdate.log
2015-01-21 20:34 - 2013-08-22 09:17 - 00000000 ____D () C:\Windows\AppReadiness
2015-01-21 20:26 - 2014-04-21 20:45 - 00000000 ___DO () C:\Users\funbester\SkyDrive
2015-01-21 20:23 - 2013-08-22 08:23 - 00021437 _____ () C:\Windows\setupact.log
2015-01-21 20:23 - 2013-08-22 08:23 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-20 22:23 - 2014-04-01 13:11 - 00002383 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-20 22:23 - 2014-04-01 12:07 - 00001644 _____ () C:\Users\funbester\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-20 21:47 - 2014-04-01 12:06 - 00000000 ____D () C:\Users\funbester
2015-01-20 21:45 - 2014-04-01 12:00 - 00094688 _____ () C:\Windows\PFRO.log
2015-01-20 21:34 - 2014-10-02 21:50 - 00000000 ____D () C:\Users\funbester\AppData\Local\22718
2015-01-20 21:34 - 2014-04-01 16:12 - 00000000 ____D () C:\ProgramData\Wincert
2015-01-20 20:52 - 2014-04-01 12:02 - 00000000 __SHD () C:\Recovery
2015-01-20 20:23 - 2013-08-22 09:17 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-01-20 20:00 - 2013-08-22 09:17 - 00000000 ____D () C:\Windows\system32\sru
2015-01-20 18:57 - 2013-08-22 07:13 - 00524288 ___SH () C:\Windows\system32\config\BBI
2015-01-19 22:34 - 2014-08-19 15:59 - 00000000 ____D () C:\Users\funbester\Desktop\white collar
2015-01-19 18:50 - 2014-07-28 10:11 - 00000000 ____D () C:\Users\funbester\Downloads\Person.of.Interest.season.3.2013.deel.21.t,m.23.NL-subs.hdtv.xvid.(DutchreleaseTeam)
2015-01-19 18:49 - 2014-07-06 22:01 - 00000000 ____D () C:\Users\funbester\Desktop\Reis Tunesie
2015-01-19 18:48 - 2014-05-20 11:55 - 00000000 ____D () C:\Users\funbester\Desktop\match kampioen koekelare
2015-01-19 18:44 - 2014-05-06 12:15 - 00000000 ____D () C:\Users\funbester\Documents\scans
2015-01-19 18:44 - 2014-04-24 14:46 - 00000000 ____D () C:\Users\funbester\Desktop\JSF25 KRB Jabbeke 2013-2014
2015-01-19 18:44 - 2014-04-24 12:47 - 00000000 ____D () C:\Users\funbester\Desktop\jeugdsubsidie2013 KRB Jabbeke
2015-01-19 18:43 - 2014-08-19 17:14 - 00000000 ____D () C:\Users\funbester\Downloads\White Collar S01E06 All in HDTV XviD DutchReleaseTeam
2015-01-19 18:43 - 2014-08-19 16:56 - 00000000 ____D () C:\Users\funbester\Downloads\White Collar S01E09 Bad Judgement HDTV XviD DutchReleaseTeam
2015-01-19 18:43 - 2014-08-19 16:56 - 00000000 ____D () C:\Users\funbester\Downloads\White Collar S01E08 Hard Sell HDTV Xvid DutchReleaseTeam
2015-01-19 18:43 - 2014-08-19 16:55 - 00000000 ____D () C:\Users\funbester\Downloads\White Collar S01E07 Free Fall HDTV XviD DutchReleaseTeam
2015-01-19 18:43 - 2014-08-19 16:03 - 00000000 ____D () C:\Users\funbester\Downloads\White Collar S01E10 Vital Signs HDTV XviD DutchReleaseTeam
2015-01-19 18:43 - 2014-04-01 13:52 - 00000000 ____D () C:\Users\funbester\Desktop\krachtbal initiator
2015-01-19 18:39 - 2014-04-15 16:12 - 00000000 ____D () C:\Users\funbester\Downloads\Convert X to DVD v4.1.19.365 Including Keys [h33t][iahq76]
2015-01-19 18:38 - 2014-08-19 19:02 - 00000000 ____D () C:\Users\funbester\Downloads\White Collar S01E12 Bottlenecked HDTV XviD DutchReleaseTeam
2015-01-19 18:38 - 2014-08-19 16:56 - 00000000 ____D () C:\Users\funbester\Downloads\White Collar S01E13 Front Man HDTV XviD DutchReleaseTeam
2015-01-19 18:38 - 2014-08-19 16:08 - 00000000 ____D () C:\Users\funbester\Downloads\White Collar S01E03 Books of Hours HDTV XviD DutchReleaseTeam
2015-01-19 18:38 - 2014-08-19 16:02 - 00000000 ____D () C:\Users\funbester\Downloads\White Collar S01E04 Flip of the Coin HDTV XviD DutchReleaseTeam
2015-01-19 18:38 - 2014-08-19 16:02 - 00000000 ____D () C:\Users\funbester\Downloads\White Collar S01E02 Threads HDTV XviD DutchReleaseTeam
2015-01-19 18:38 - 2014-08-19 16:02 - 00000000 ____D () C:\Users\funbester\Downloads\White Collar S01E01 Pilot HDTV XviD DutchReleaseTeam
2015-01-19 18:38 - 2014-08-19 15:58 - 00000000 ____D () C:\Users\funbester\Downloads\White Collar S01E05 The Portrait HDTV XviD DutchReleaseTeam
2015-01-19 18:38 - 2014-07-28 10:09 - 00000000 ____D () C:\Users\funbester\Downloads\Person.of.Interest.season.3.2013.deel.19&20.NL-subs.hdtv.xvid.(DutchreleaseTeam)
2015-01-19 18:38 - 2014-07-28 10:09 - 00000000 ____D () C:\Users\funbester\Downloads\Person.of.Interest.season.3.2013.deel.15&16.NL-subs.hdtv.xvid.(DutchreleaseTeam)
2015-01-19 18:38 - 2014-07-28 10:08 - 00000000 ____D () C:\Users\funbester\Downloads\Person.of.Interest.season.3.2013.deel.17&18.NL-subs.hdtv.xvid.(DutchreleaseTeam)
2015-01-19 18:38 - 2014-07-28 10:08 - 00000000 ____D () C:\Users\funbester\Downloads\Person.of.Interest.season.3.2013.deel.11&12.NL-subs.hdtv.xvid.(DutchreleaseTeam)
2015-01-19 18:35 - 2014-04-01 16:56 - 00000000 ____D () C:\ProgramData\BrowserProtect
2015-01-19 18:16 - 2014-09-17 21:09 - 00540064 _____ () C:\Users\funbester\Desktop\test fotoronde.DOCX.mddxeck
2015-01-19 18:15 - 2014-09-17 21:09 - 00540208 _____ () C:\Users\funbester\Desktop\fotoronde.DOCX.mddxeck
2015-01-19 16:51 - 2014-05-31 18:21 - 00552912 _____ () C:\Users\funbester\Downloads\Overlapronde 1.PDF.mddxeck
2015-01-19 14:24 - 2014-05-31 18:21 - 01761936 _____ () C:\Users\funbester\Downloads\city-guide-essen.PDF.mddxeck
2015-01-19 12:06 - 2014-04-05 14:44 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-19 12:06 - 2013-08-22 09:06 - 00000000 ____D () C:\Windows\CbsTemp
2015-01-19 12:00 - 2014-04-05 14:44 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-19 11:57 - 2013-08-22 09:16 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-01-18 18:34 - 2014-04-15 08:33 - 00000000 ____D () C:\Users\funbester\AppData\Roaming\vlc
2015-01-12 11:31 - 2014-05-31 18:21 - 00838544 _____ () C:\Users\funbester\Downloads\feinstaubplakette-ratgeber.PDF.mddxeck
2015-01-06 01:08 - 2014-06-20 20:33 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-01-06 01:08 - 2014-06-20 20:33 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-01-05 11:24 - 2014-05-31 17:08 - 08444352 _____ () C:\Users\funbester\Downloads\salora-40led8100cs-nl-en-fr.PDF.mddxeck
2015-01-05 11:24 - 2014-05-31 17:08 - 08444352 _____ () C:\Users\funbester\Downloads\salora-40led8100cs-nl-en-fr (1).PDF.mddxeck
2015-01-05 11:00 - 2014-05-31 18:21 - 00028096 _____ () C:\Users\funbester\Downloads\Telenet-25165723.PDF.mddxeck
2015-01-05 10:34 - 2014-05-31 18:21 - 00028096 _____ () C:\Users\funbester\Downloads\Telenet-25165165.PDF.mddxeck
2015-01-04 21:56 - 2014-09-17 21:09 - 00638640 _____ () C:\Users\funbester\Desktop\surprise (Hersteld).DOCX.mddxeck
2015-01-04 12:33 - 2014-05-31 18:21 - 00753664 _____ () C:\Users\funbester\Downloads\powerline_devolo_i13_instal_press.PDF.mddxeck
2015-01-02 21:53 - 2014-04-01 12:09 - 00005430 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-02 21:53 - 2013-08-22 15:35 - 01381922 _____ () C:\Windows\system32\perfh013.dat
2015-01-02 21:53 - 2013-08-22 15:35 - 00346536 _____ () C:\Windows\system32\perfc013.dat
2015-01-02 18:39 - 2014-05-31 18:21 - 00421840 _____ () C:\Users\funbester\Downloads\Castle.Season.1.Ep.1-10.RAR.mddxeck
2014-12-31 12:13 - 2014-04-05 13:49 - 00249488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-12-29 22:32 - 2014-09-17 21:09 - 00307504 _____ () C:\Users\funbester\Desktop\surprise.DOCX.mddxeck
2014-12-23 21:06 - 2014-09-17 21:09 - 00173376 _____ () C:\Users\funbester\Desktop\tussenronde1.PDF.mddxeck
2014-12-22 19:32 - 2014-04-01 13:44 - 00000000 ____D () C:\Program Files\Microsoft Office 15

==================== Files in the root of some directories =======
2014-04-15 11:26 - 2014-04-15 11:26 - 0087608 _____ () C:\Users\funbester\AppData\Roaming\inst.exe
2014-04-15 11:26 - 2014-04-15 11:26 - 0007887 _____ () C:\Users\funbester\AppData\Roaming\pcouffin.cat
2014-04-15 11:26 - 2014-04-15 11:26 - 0001144 _____ () C:\Users\funbester\AppData\Roaming\pcouffin.inf
2014-04-15 11:26 - 2014-04-15 11:26 - 0000055 _____ () C:\Users\funbester\AppData\Roaming\pcouffin.log
2014-04-15 11:26 - 2014-04-15 11:26 - 0047360 _____ (VSO Software) C:\Users\funbester\AppData\Roaming\pcouffin.sys
2014-04-15 16:20 - 2014-04-20 20:45 - 0001189 _____ () C:\Users\funbester\AppData\Roaming\vso_ts_preview.xml
2014-04-11 17:31 - 2014-04-11 17:31 - 0000057 _____ () C:\ProgramData\Ament.ini
2015-01-19 18:38 - 2015-01-19 18:56 - 1068359 _____ () C:\ProgramData\qhdnbrb.html

Some content of TEMP:
====================
C:\Users\funbester\AppData\Local\Temp\2F77.exe
C:\Users\funbester\AppData\Local\Temp\673431824a.exe
C:\Users\funbester\AppData\Local\Temp\BuenoSearchTB.exe
C:\Users\funbester\AppData\Local\Temp\BundleSweetIMSetup.exe
C:\Users\funbester\AppData\Local\Temp\d9341C.exe
C:\Users\funbester\AppData\Local\Temp\Delta.exe
C:\Users\funbester\AppData\Local\Temp\DeltaTB.exe
C:\Users\funbester\AppData\Local\Temp\dlLogic.exe
C:\Users\funbester\AppData\Local\Temp\dltr.exe
C:\Users\funbester\AppData\Local\Temp\drv2184.exe
C:\Users\funbester\AppData\Local\Temp\drvinst-1.exe
C:\Users\funbester\AppData\Local\Temp\GCVerifier.dll
C:\Users\funbester\AppData\Local\Temp\MybabylonTB.exe
C:\Users\funbester\AppData\Local\Temp\OnlineBackup.exe
C:\Users\funbester\AppData\Local\Temp\PidGenX.dll
C:\Users\funbester\AppData\Local\Temp\SettingsManagerSetup.exe
C:\Users\funbester\AppData\Local\Temp\Softonic_NL_1-5-10_NL-Production_10_CleanRelease.exe
C:\Users\funbester\AppData\Local\Temp\upd6685.exe
C:\Users\funbester\AppData\Local\Temp\vcredist_x86.exe
C:\Users\funbester\AppData\Local\Temp\verifier.exe
C:\Users\funbester\AppData\Local\Temp\WSSetup.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-12-31 09:47

==================== End Of Log ============================

 

 

addition-file

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 19-01-2015
Ran by funbester at 2015-01-21 20:42:57
Running from C:\Users\funbester\AppData\Local\Microsoft\Windows\INetCache\IE\URDEPQA1
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG Internet Security 2015 (Enabled - Out of date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Internet Security 2015 (Enabled - Out of date) {B5F5C120-2089-702E-0001-553BB0D5A664}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: AVG Internet Security 2015 (Enabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-297319761-413857168-1725417465-1001\...\uTorrent) (Version: 3.4.2.37754 - BitTorrent Inc.)
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.0.2208 - AVAST Software)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5645 - AVG Technologies)
AVG 2015 (Version: 15.0.4260 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5645 - AVG Technologies) Hidden
ConvertXtoDVD 4.1.19.365 (HKLM\...\{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1) (Version: 4.1.19.365 - )
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
EZDownloader (HKLM\...\{0F44DC3A-6E62-4961-A14B-95323C512F9B}_is1) (Version: 1.0 - EZDownloader) <==== ATTENTION
Gett on Outlookcom (HKLM\...\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}) (Version:  - )
Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2171.99 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
HP Deskjet 3050A J611 series Basissoftware van het apparaat (HKLM\...\{4804F9C7-D5B7-4443-9B4C-A209CA5D6B3D}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Deskjet 3050A J611 series Haelp (HKLM\...\{97DDCAB8-B770-4089-A10F-67568069D78A}) (Version: 140.0.2.2 - Hewlett Packard)
HP Deskjet 3050A J611 series Productverbeteringsonderzoek (HKLM\...\{574E84C4-1CD3-4347-A319-70148A6BCCA3}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Update (HKLM\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Junk Mail filter update (Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Microsoft Office 365 ProPlus - nl-nl (HKLM\...\O365ProPlusRetail - nl-nl) (Version: 15.0.4675.1003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-297319761-413857168-1725417465-1001\...\OneDriveSetup.exe) (Version: 17.3.1229.0918 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Movie Maker (Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
MyPC Backup  (HKLM\...\MyPC Backup) (Version:  - JDi Backup Ltd) <==== ATTENTION
Office 15 Click-to-Run Extensibility Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
SoftwareBoostX (HKLM\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{dd693f9b}) (Version:  - SystemDefend) <==== ATTENTION
SpyHunter 4 (HKLM\...\SpyHunter) (Version: 4.18.9.4384 - Enigma Software Group, LLC)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.8.2 - Synaptics Incorporated)
UndeleteMyFiles Pro (HKLM\...\UndeleteMyFiles Pro_is1) (Version:  - SeriousBit)
unIsalEs (HKLM\...\{4CEE92A3-9F0C-51AB-ADC0-34EC24AD7B7E}) (Version:  - )
VASCO Card Reader Plug-In (32-Bit) (Version: 3.2.3.4 - VASCO Data Security) Hidden
VASCO Smart Card Reader Plug-In (User) (HKU\S-1-5-21-297319761-413857168-1725417465-1001\...\{c77cb28d-ddd3-46f7-b51a-14a599127ba7}) (Version: 3.2.3.4 - VASCO Data Security)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
VSO ConvertXToDVD (HKLM\...\{CE1F93C0-4353-4C9D-84DA-AB4E7C63ED32}_is1) (Version: 5.1.0.12 - VSO Software)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3522.0110 - Microsoft Corporation)
Windows Vista - 7 - 8 - 8.1 KMS Activator Ultimate 2014 v1.8 (HKLM\...\Windows Vista - 7 - 8 - 8.1 KMS Activator Ultima~871C4E41_is1) (Version: v1.8 - )
WinRAR 5.01 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
YAC(Yet Another Cleaner!) (HKLM\...\iSafe) (Version:  - ELEX DO BRASIL PARTICIPAÇÕES LTDA) <==== ATTENTION
youtubeadblocker (HKLM\...\{4820778D-AB0D-6D18-C316-52A6A0E1D507}) (Version:  - ) <==== ATTENTION

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-297319761-413857168-1725417465-1001_Classes\CLSID\{9E436272-69C3-5FBA-9C1D-15694337F4AC}\InprocServer32 -> C:\Users\funbester\AppData\Roaming\VASCO\VascoCardReaderPlugin\3.2.3.4\npVascoCardReaderPlugin.dll (VASCO Data Security)
CustomCLSID: HKU\S-1-5-21-297319761-413857168-1725417465-1001_Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\localserver32 -> C:\Users\funbester\AppData\Local\Temp\57Cf2f\temp\Spyhunter 4 Crack.exe ()
CustomCLSID: HKU\S-1-5-21-297319761-413857168-1725417465-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\funbester\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\FileSyncApi.dll (Microsoft Corporation)

==================== Restore Points  =========================

20-01-2015 20:34:10 fff
21-01-2015 20:37:11 Installed AVG 2015
21-01-2015 20:38:10 Installed AVG 2015

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 07:13 - 2013-08-22 07:13 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {01C69BE9-0667-4E01-8BAD-F523F36F4E17} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-04-01] (Google Inc.)
Task: {0C03CBF6-6289-44B5-AC4C-357A4DBC8618} - System32\Tasks\LaunchSignup => C:\Program Files\MyPC Backup\Signup Wizard.exe [2014-11-25] (MyPC Backup) <==== ATTENTION
Task: {12B46089-9BD8-46D6-8339-34EEC40B3FD4} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-01-20] (AVAST Software)
Task: {1345305C-03C9-4058-A445-949E4D6194A3} - \AutoKMS No Task File <==== ATTENTION
Task: {165DFF7D-2018-4D60-BBEE-FC93174A2ACD} - System32\Tasks\Microsoft Office 15 Sync Maintenance for MICHAEL-funbester Michael => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-11-04] (Microsoft Corporation)
Task: {2835B28A-9A0D-402C-97AE-863BB33CACA5} - System32\Tasks\HPCustParticipation HP Deskjet 3050A J611 series => C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {2AD0001E-9A14-4A5A-8728-354EEAC08AF3} - \kpnmwdd No Task File <==== ATTENTION
Task: {327A2322-201F-43BC-BA53-B5B0BCCE67C8} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-10-07] (Microsoft Corporation)
Task: {85927575-9D19-4084-9F6B-4D64791FA390} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX86\OfficeC2RClient.exe [2014-11-04] (Microsoft Corporation)
Task: {A92CA0F1-84BA-49A8-9926-426ECC46B2A2} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe [2015-01-20] (Enigma Software Group USA, LLC.)
Task: {B1769CCC-6C0D-42A9-AED5-D7A3B61C37E3} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-10-07] (Microsoft Corporation)
Task: {B6B57783-B353-4D14-BB74-BBB01E7220FA} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-297319761-413857168-1725417465-1001 => %localappdata%\Microsoft\SkyDrive\SkyDrive.exe
Task: {D1D194A2-E284-4F77-B3B9-0341A3E9A655} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-04-01] (Google Inc.)
Task: {D84780FD-94B5-4E18-8C17-674EEE4ED1E2} - System32\Tasks\avastBCLRestartS-1-5-21-297319761-413857168-1725417465-1001 => Chrome.exe
Task: {E1F174DF-4EC6-4D2F-B98E-CE9534445F1B} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-01-19] (Microsoft Corporation)
Task: {EA627722-CE74-4DBF-8C90-F7B54D311211} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-11-12] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2015-01-20 20:44 - 2015-01-20 20:44 - 02911744 _____ () C:\Program Files\AVAST Software\Avast\defs\15012001\algo.dll
2015-01-20 20:44 - 2015-01-20 20:44 - 02151544 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxVMM.dll
2015-01-20 20:44 - 2015-01-20 20:44 - 04474224 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll
2015-01-20 20:44 - 2015-01-20 20:44 - 00021488 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxREM.dll
2015-01-21 20:26 - 2015-01-21 20:26 - 02913280 _____ () C:\Program Files\AVAST Software\Avast\defs\15012101\algo.dll
2014-04-01 13:44 - 2014-05-20 02:11 - 00080040 _____ () C:\Program Files\Microsoft Office 15\ClientX86\ApiClient.dll
2015-01-20 22:21 - 2015-01-19 12:00 - 00185656 _____ () C:\Program Files\Elex-tech\YAC\libpng.dll
2015-01-20 22:21 - 2015-01-19 12:00 - 00065696 _____ () C:\Program Files\Elex-tech\YAC\zlib1.dll
2012-11-26 22:54 - 2012-11-26 22:54 - 00094208 _____ () C:\Windows\System32\IccLibDll.dll
2015-01-20 20:44 - 2015-01-20 20:44 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-01-20 20:44 - 2015-01-20 20:44 - 00317632 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll
2014-11-22 10:36 - 2014-11-22 10:36 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll
2014-11-22 10:35 - 2014-11-22 10:35 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll
2015-01-19 11:39 - 2015-01-09 01:35 - 01077064 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.99\libglesv2.dll
2015-01-19 11:39 - 2015-01-09 01:35 - 00211272 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.99\libegl.dll
2015-01-19 11:39 - 2015-01-09 01:35 - 09009480 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.99\pdf.dll
2015-01-19 11:39 - 2015-01-09 01:35 - 01677128 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.99\ffmpegsumo.dll
2015-01-19 11:39 - 2015-01-09 01:35 - 14913352 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.99\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\funbester\SkyDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"

========================= Accounts: ==========================

Administrator (S-1-5-21-297319761-413857168-1725417465-500 - Administrator - Disabled)
funbester (S-1-5-21-297319761-413857168-1725417465-1001 - Administrator - Enabled) => C:\Users\funbester
Gast (S-1-5-21-297319761-413857168-1725417465-501 - Limited - Disabled)

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (01/21/2015 08:27:17 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: De licentieactivering (slui.exe) is mislukt met de volgende foutcode:
hr=0xC004F074
Opdrachtregelargumenten:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=7476d79f-8e48-49b4-ab63-4d0b813a16e4;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (01/21/2015 08:26:43 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: De licentieactivering (slui.exe) is mislukt met de volgende foutcode:
hr=0xC004F074
Opdrachtregelargumenten:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=7476d79f-8e48-49b4-ab63-4d0b813a16e4;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (01/20/2015 10:27:58 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Het programma chrome.exe, versie 39.0.2171.99 reageert niet meer op Windows en is afgesloten. Als u wilt zien of er meer informatie over het probleem beschikbaar is, raadpleegt u de probleemgeschiedenis in het onderdeel Onderhoudscentrum in het Configuratiescherm.

Proces-id: 16d4

Starttijd: 01d034f4a4b4aeb3

Eindtijd: 177

Toepassingspad: C:\Program Files\Google\Chrome\Application\chrome.exe

Rapport-id: 1c51d31c-a0eb-11e4-a3a9-88ae1defeecc

Volledige pakketnaam met fout:

Relatieve toepassings-id van pakket met fout:

Error: (01/20/2015 10:04:42 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: De licentieactivering (slui.exe) is mislukt met de volgende foutcode:
hr=0xC004F074
Opdrachtregelargumenten:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=7476d79f-8e48-49b4-ab63-4d0b813a16e4;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (01/20/2015 10:04:18 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: De licentieactivering (slui.exe) is mislukt met de volgende foutcode:
hr=0xC004F074
Opdrachtregelargumenten:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=7476d79f-8e48-49b4-ab63-4d0b813a16e4;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (01/20/2015 09:55:33 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Het programma LiveComm.exe, versie 17.5.9600.20689 reageert niet meer op Windows en is afgesloten. Als u wilt zien of er meer informatie over het probleem beschikbaar is, raadpleegt u de probleemgeschiedenis in het onderdeel Onderhoudscentrum in het Configuratiescherm.

Proces-id: 924

Starttijd: 01d034f2ae68162f

Eindtijd: 4294967295

Toepassingspad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x86__8wekyb3d8bbwe\LiveComm.exe

Rapport-id: a1e48e70-a0e6-11e4-a3a8-88ae1defeecc

Volledige pakketnaam met fout: microsoft.windowscommunicationsapps_17.5.9600.20689_x86__8wekyb3d8bbwe

Relatieve toepassings-id van pakket met fout: ppleae38af2e007f4358a809ac99a64a67c1

Error: (01/20/2015 09:54:50 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: De licentieactivering (slui.exe) is mislukt met de volgende foutcode:
hr=0xC004F074
Opdrachtregelargumenten:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=7476d79f-8e48-49b4-ab63-4d0b813a16e4;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (01/20/2015 09:54:26 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: De licentieactivering (slui.exe) is mislukt met de volgende foutcode:
hr=0xC004F074
Opdrachtregelargumenten:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=7476d79f-8e48-49b4-ab63-4d0b813a16e4;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (01/20/2015 09:34:43 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: De service Cryptografische services is mislukt tijdens het verwerken van aanroep OnIdentity() op het object System Writer.

Details:
AddWin32ServiceFiles: Unable to back up image of service TampaGeneration since QueryServiceConfig API failed

System Error:
Het systeem kan het opgegeven bestand niet vinden.
.

Error: (01/20/2015 09:32:57 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: De service Cryptografische services is mislukt tijdens het verwerken van aanroep OnIdentity() op het object System Writer.

Details:
AddWin32ServiceFiles: Unable to back up image of service TampaGeneration since QueryServiceConfig API failed

System Error:
Het systeem kan het opgegeven bestand niet vinden.
.

System errors:
=============
Error: (01/21/2015 08:42:58 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: De Computer Backup (MyPC Backup)-service is onverwacht beëindigd. Dit is nu 1 keer gebeurd.

Error: (01/21/2015 08:27:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: De Windows Store Service (WSService)-service kan vanwege de volgende fout niet worden gestart:
%%1053

Error: (01/21/2015 08:27:14 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Time-out (30000 seconden) tijdens het wachten op het verbinden van deze service: Windows Store Service (WSService).

Error: (01/21/2015 08:24:33 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: 1053AvastVBoxSvcNiet beschikbaar{F319F1B8-7587-4146-AF9C-0D6D77819BF1}

Error: (01/21/2015 08:24:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: De AvastVBox COM Service-service kan vanwege de volgende fout niet worden gestart:
%%1053

Error: (01/21/2015 08:24:33 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Time-out (30000 seconden) tijdens het wachten op het verbinden van deze service: AvastVBox COM Service.

Error: (01/20/2015 10:02:09 PM) (Source: DCOM) (EventID: 10016) (User: MICHAEL)
Description: toepassingsspecifiekLokaalStarten{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}MichaelfunbesterS-1-5-21-297319761-413857168-1725417465-1001LocalHost (via LRPC)Niet beschikbaarNiet beschikbaar

Error: (01/20/2015 10:02:09 PM) (Source: DCOM) (EventID: 10016) (User: MICHAEL)
Description: toepassingsspecifiekLokaalStarten{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}MichaelfunbesterS-1-5-21-297319761-413857168-1725417465-1001LocalHost (via LRPC)Niet beschikbaarNiet beschikbaar

Error: (01/20/2015 10:02:09 PM) (Source: DCOM) (EventID: 10016) (User: MICHAEL)
Description: toepassingsspecifiekLokaalStarten{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}MichaelfunbesterS-1-5-21-297319761-413857168-1725417465-1001LocalHost (via LRPC)Niet beschikbaarNiet beschikbaar

Error: (01/20/2015 10:02:09 PM) (Source: DCOM) (EventID: 10016) (User: MICHAEL)
Description: toepassingsspecifiekLokaalStarten{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}MichaelfunbesterS-1-5-21-297319761-413857168-1725417465-1001LocalHost (via LRPC)Niet beschikbaarNiet beschikbaar

Microsoft Office Sessions:
=========================
Error: (01/21/2015 08:27:17 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0xC004F074RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=7476d79f-8e48-49b4-ab63-4d0b813a16e4;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (01/21/2015 08:26:43 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0xC004F074RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=7476d79f-8e48-49b4-ab63-4d0b813a16e4;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (01/20/2015 10:27:58 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: chrome.exe39.0.2171.9916d401d034f4a4b4aeb3177C:\Program Files\Google\Chrome\Application\chrome.exe1c51d31c-a0eb-11e4-a3a9-88ae1defeecc

Error: (01/20/2015 10:04:42 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0xC004F074RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=7476d79f-8e48-49b4-ab63-4d0b813a16e4;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (01/20/2015 10:04:18 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0xC004F074RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=7476d79f-8e48-49b4-ab63-4d0b813a16e4;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (01/20/2015 09:55:33 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.2068992401d034f2ae68162f4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x86__8wekyb3d8bbwe\LiveComm.exea1e48e70-a0e6-11e4-a3a8-88ae1defeeccmicrosoft.windowscommunicationsapps_17.5.9600.20689_x86__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (01/20/2015 09:54:50 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0xC004F074RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=7476d79f-8e48-49b4-ab63-4d0b813a16e4;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (01/20/2015 09:54:26 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0xC004F074RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=7476d79f-8e48-49b4-ab63-4d0b813a16e4;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (01/20/2015 09:34:43 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service TampaGeneration since QueryServiceConfig API failed

System Error:
Het systeem kan het opgegeven bestand niet vinden.

Error: (01/20/2015 09:32:57 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service TampaGeneration since QueryServiceConfig API failed

System Error:
Het systeem kan het opgegeven bestand niet vinden.

CodeIntegrity Errors:
===================================
  Date: 2015-01-21 20:41:04.605
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Elex-tech\YAC\iSafeSrvMon.dll that did not meet the Windows signing level requirements.

  Date: 2015-01-21 20:27:45.668
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Elex-tech\YAC\iSafeSrvMon.dll that did not meet the Windows signing level requirements.

  Date: 2015-01-21 20:27:45.668
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Elex-tech\YAC\iSafeSrvMon.dll that did not meet the Windows signing level requirements.

  Date: 2015-01-19 18:30:45.095
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-19 18:30:45.095
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-19 18:30:45.079
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-19 18:30:44.938
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-19 18:30:44.923
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-19 18:30:44.923
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-19 18:30:13.910
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 19-01-2015
Ran by funbester at 2015-01-21 20:42:57
Running from C:\Users\funbester\AppData\Local\Microsoft\Windows\INetCache\IE\URDEPQA1
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG Internet Security 2015 (Enabled - Out of date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Internet Security 2015 (Enabled - Out of date) {B5F5C120-2089-702E-0001-553BB0D5A664}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: AVG Internet Security 2015 (Enabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-297319761-413857168-1725417465-1001\...\uTorrent) (Version: 3.4.2.37754 - BitTorrent Inc.)
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.0.2208 - AVAST Software)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5645 - AVG Technologies)
AVG 2015 (Version: 15.0.4260 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5645 - AVG Technologies) Hidden
ConvertXtoDVD 4.1.19.365 (HKLM\...\{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1) (Version: 4.1.19.365 - )
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
EZDownloader (HKLM\...\{0F44DC3A-6E62-4961-A14B-95323C512F9B}_is1) (Version: 1.0 - EZDownloader) <==== ATTENTION
Gett on Outlookcom (HKLM\...\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}) (Version:  - )
Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2171.99 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
HP Deskjet 3050A J611 series Basissoftware van het apparaat (HKLM\...\{4804F9C7-D5B7-4443-9B4C-A209CA5D6B3D}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Deskjet 3050A J611 series Haelp (HKLM\...\{97DDCAB8-B770-4089-A10F-67568069D78A}) (Version: 140.0.2.2 - Hewlett Packard)
HP Deskjet 3050A J611 series Productverbeteringsonderzoek (HKLM\...\{574E84C4-1CD3-4347-A319-70148A6BCCA3}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Update (HKLM\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Junk Mail filter update (Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Microsoft Office 365 ProPlus - nl-nl (HKLM\...\O365ProPlusRetail - nl-nl) (Version: 15.0.4675.1003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-297319761-413857168-1725417465-1001\...\OneDriveSetup.exe) (Version: 17.3.1229.0918 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Movie Maker (Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
MyPC Backup  (HKLM\...\MyPC Backup) (Version:  - JDi Backup Ltd) <==== ATTENTION
Office 15 Click-to-Run Extensibility Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
SoftwareBoostX (HKLM\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{dd693f9b}) (Version:  - SystemDefend) <==== ATTENTION
SpyHunter 4 (HKLM\...\SpyHunter) (Version: 4.18.9.4384 - Enigma Software Group, LLC)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.8.2 - Synaptics Incorporated)
UndeleteMyFiles Pro (HKLM\...\UndeleteMyFiles Pro_is1) (Version:  - SeriousBit)
unIsalEs (HKLM\...\{4CEE92A3-9F0C-51AB-ADC0-34EC24AD7B7E}) (Version:  - )
VASCO Card Reader Plug-In (32-Bit) (Version: 3.2.3.4 - VASCO Data Security) Hidden
VASCO Smart Card Reader Plug-In (User) (HKU\S-1-5-21-297319761-413857168-1725417465-1001\...\{c77cb28d-ddd3-46f7-b51a-14a599127ba7}) (Version: 3.2.3.4 - VASCO Data Security)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
VSO ConvertXToDVD (HKLM\...\{CE1F93C0-4353-4C9D-84DA-AB4E7C63ED32}_is1) (Version: 5.1.0.12 - VSO Software)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3522.0110 - Microsoft Corporation)
Windows Vista - 7 - 8 - 8.1 KMS Activator Ultimate 2014 v1.8 (HKLM\...\Windows Vista - 7 - 8 - 8.1 KMS Activator Ultima~871C4E41_is1) (Version: v1.8 - )
WinRAR 5.01 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
YAC(Yet Another Cleaner!) (HKLM\...\iSafe) (Version:  - ELEX DO BRASIL PARTICIPAÇÕES LTDA) <==== ATTENTION
youtubeadblocker (HKLM\...\{4820778D-AB0D-6D18-C316-52A6A0E1D507}) (Version:  - ) <==== ATTENTION

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-297319761-413857168-1725417465-1001_Classes\CLSID\{9E436272-69C3-5FBA-9C1D-15694337F4AC}\InprocServer32 -> C:\Users\funbester\AppData\Roaming\VASCO\VascoCardReaderPlugin\3.2.3.4\npVascoCardReaderPlugin.dll (VASCO Data Security)
CustomCLSID: HKU\S-1-5-21-297319761-413857168-1725417465-1001_Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\localserver32 -> C:\Users\funbester\AppData\Local\Temp\57Cf2f\temp\Spyhunter 4 Crack.exe ()
CustomCLSID: HKU\S-1-5-21-297319761-413857168-1725417465-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\funbester\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\FileSyncApi.dll (Microsoft Corporation)

==================== Restore Points  =========================

20-01-2015 20:34:10 fff
21-01-2015 20:37:11 Installed AVG 2015
21-01-2015 20:38:10 Installed AVG 2015

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 07:13 - 2013-08-22 07:13 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {01C69BE9-0667-4E01-8BAD-F523F36F4E17} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-04-01] (Google Inc.)
Task: {0C03CBF6-6289-44B5-AC4C-357A4DBC8618} - System32\Tasks\LaunchSignup => C:\Program Files\MyPC Backup\Signup Wizard.exe [2014-11-25] (MyPC Backup) <==== ATTENTION
Task: {12B46089-9BD8-46D6-8339-34EEC40B3FD4} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-01-20] (AVAST Software)
Task: {1345305C-03C9-4058-A445-949E4D6194A3} - \AutoKMS No Task File <==== ATTENTION
Task: {165DFF7D-2018-4D60-BBEE-FC93174A2ACD} - System32\Tasks\Microsoft Office 15 Sync Maintenance for MICHAEL-funbester Michael => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-11-04] (Microsoft Corporation)
Task: {2835B28A-9A0D-402C-97AE-863BB33CACA5} - System32\Tasks\HPCustParticipation HP Deskjet 3050A J611 series => C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {2AD0001E-9A14-4A5A-8728-354EEAC08AF3} - \kpnmwdd No Task File <==== ATTENTION
Task: {327A2322-201F-43BC-BA53-B5B0BCCE67C8} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-10-07] (Microsoft Corporation)
Task: {85927575-9D19-4084-9F6B-4D64791FA390} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX86\OfficeC2RClient.exe [2014-11-04] (Microsoft Corporation)
Task: {A92CA0F1-84BA-49A8-9926-426ECC46B2A2} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe [2015-01-20] (Enigma Software Group USA, LLC.)
Task: {B1769CCC-6C0D-42A9-AED5-D7A3B61C37E3} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-10-07] (Microsoft Corporation)
Task: {B6B57783-B353-4D14-BB74-BBB01E7220FA} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-297319761-413857168-1725417465-1001 => %localappdata%\Microsoft\SkyDrive\SkyDrive.exe
Task: {D1D194A2-E284-4F77-B3B9-0341A3E9A655} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-04-01] (Google Inc.)
Task: {D84780FD-94B5-4E18-8C17-674EEE4ED1E2} - System32\Tasks\avastBCLRestartS-1-5-21-297319761-413857168-1725417465-1001 => Chrome.exe
Task: {E1F174DF-4EC6-4D2F-B98E-CE9534445F1B} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-01-19] (Microsoft Corporation)
Task: {EA627722-CE74-4DBF-8C90-F7B54D311211} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-11-12] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2015-01-20 20:44 - 2015-01-20 20:44 - 02911744 _____ () C:\Program Files\AVAST Software\Avast\defs\15012001\algo.dll
2015-01-20 20:44 - 2015-01-20 20:44 - 02151544 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxVMM.dll
2015-01-20 20:44 - 2015-01-20 20:44 - 04474224 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll
2015-01-20 20:44 - 2015-01-20 20:44 - 00021488 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxREM.dll
2015-01-21 20:26 - 2015-01-21 20:26 - 02913280 _____ () C:\Program Files\AVAST Software\Avast\defs\15012101\algo.dll
2014-04-01 13:44 - 2014-05-20 02:11 - 00080040 _____ () C:\Program Files\Microsoft Office 15\ClientX86\ApiClient.dll
2015-01-20 22:21 - 2015-01-19 12:00 - 00185656 _____ () C:\Program Files\Elex-tech\YAC\libpng.dll
2015-01-20 22:21 - 2015-01-19 12:00 - 00065696 _____ () C:\Program Files\Elex-tech\YAC\zlib1.dll
2012-11-26 22:54 - 2012-11-26 22:54 - 00094208 _____ () C:\Windows\System32\IccLibDll.dll
2015-01-20 20:44 - 2015-01-20 20:44 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-01-20 20:44 - 2015-01-20 20:44 - 00317632 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll
2014-11-22 10:36 - 2014-11-22 10:36 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll
2014-11-22 10:35 - 2014-11-22 10:35 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll
2015-01-19 11:39 - 2015-01-09 01:35 - 01077064 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.99\libglesv2.dll
2015-01-19 11:39 - 2015-01-09 01:35 - 00211272 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.99\libegl.dll
2015-01-19 11:39 - 2015-01-09 01:35 - 09009480 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.99\pdf.dll
2015-01-19 11:39 - 2015-01-09 01:35 - 01677128 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.99\ffmpegsumo.dll
2015-01-19 11:39 - 2015-01-09 01:35 - 14913352 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.99\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\funbester\SkyDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"

========================= Accounts: ==========================

Administrator (S-1-5-21-297319761-413857168-1725417465-500 - Administrator - Disabled)
funbester (S-1-5-21-297319761-413857168-1725417465-1001 - Administrator - Enabled) => C:\Users\funbester
Gast (S-1-5-21-297319761-413857168-1725417465-501 - Limited - Disabled)

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (01/21/2015 08:27:17 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: De licentieactivering (slui.exe) is mislukt met de volgende foutcode:
hr=0xC004F074
Opdrachtregelargumenten:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=7476d79f-8e48-49b4-ab63-4d0b813a16e4;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (01/21/2015 08:26:43 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: De licentieactivering (slui.exe) is mislukt met de volgende foutcode:
hr=0xC004F074
Opdrachtregelargumenten:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=7476d79f-8e48-49b4-ab63-4d0b813a16e4;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (01/20/2015 10:27:58 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Het programma chrome.exe, versie 39.0.2171.99 reageert niet meer op Windows en is afgesloten. Als u wilt zien of er meer informatie over het probleem beschikbaar is, raadpleegt u de probleemgeschiedenis in het onderdeel Onderhoudscentrum in het Configuratiescherm.

Proces-id: 16d4

Starttijd: 01d034f4a4b4aeb3

Eindtijd: 177

Toepassingspad: C:\Program Files\Google\Chrome\Application\chrome.exe

Rapport-id: 1c51d31c-a0eb-11e4-a3a9-88ae1defeecc

Volledige pakketnaam met fout:

Relatieve toepassings-id van pakket met fout:

Error: (01/20/2015 10:04:42 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: De licentieactivering (slui.exe) is mislukt met de volgende foutcode:
hr=0xC004F074
Opdrachtregelargumenten:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=7476d79f-8e48-49b4-ab63-4d0b813a16e4;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (01/20/2015 10:04:18 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: De licentieactivering (slui.exe) is mislukt met de volgende foutcode:
hr=0xC004F074
Opdrachtregelargumenten:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=7476d79f-8e48-49b4-ab63-4d0b813a16e4;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (01/20/2015 09:55:33 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Het programma LiveComm.exe, versie 17.5.9600.20689 reageert niet meer op Windows en is afgesloten. Als u wilt zien of er meer informatie over het probleem beschikbaar is, raadpleegt u de probleemgeschiedenis in het onderdeel Onderhoudscentrum in het Configuratiescherm.

Proces-id: 924

Starttijd: 01d034f2ae68162f

Eindtijd: 4294967295

Toepassingspad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x86__8wekyb3d8bbwe\LiveComm.exe

Rapport-id: a1e48e70-a0e6-11e4-a3a8-88ae1defeecc

Volledige pakketnaam met fout: microsoft.windowscommunicationsapps_17.5.9600.20689_x86__8wekyb3d8bbwe

Relatieve toepassings-id van pakket met fout: ppleae38af2e007f4358a809ac99a64a67c1

Error: (01/20/2015 09:54:50 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: De licentieactivering (slui.exe) is mislukt met de volgende foutcode:
hr=0xC004F074
Opdrachtregelargumenten:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=7476d79f-8e48-49b4-ab63-4d0b813a16e4;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (01/20/2015 09:54:26 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: De licentieactivering (slui.exe) is mislukt met de volgende foutcode:
hr=0xC004F074
Opdrachtregelargumenten:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=7476d79f-8e48-49b4-ab63-4d0b813a16e4;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (01/20/2015 09:34:43 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: De service Cryptografische services is mislukt tijdens het verwerken van aanroep OnIdentity() op het object System Writer.

Details:
AddWin32ServiceFiles: Unable to back up image of service TampaGeneration since QueryServiceConfig API failed

System Error:
Het systeem kan het opgegeven bestand niet vinden.
.

Error: (01/20/2015 09:32:57 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: De service Cryptografische services is mislukt tijdens het verwerken van aanroep OnIdentity() op het object System Writer.

Details:
AddWin32ServiceFiles: Unable to back up image of service TampaGeneration since QueryServiceConfig API failed

System Error:
Het systeem kan het opgegeven bestand niet vinden.
.

System errors:
=============
Error: (01/21/2015 08:42:58 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: De Computer Backup (MyPC Backup)-service is onverwacht beëindigd. Dit is nu 1 keer gebeurd.

Error: (01/21/2015 08:27:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: De Windows Store Service (WSService)-service kan vanwege de volgende fout niet worden gestart:
%%1053

Error: (01/21/2015 08:27:14 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Time-out (30000 seconden) tijdens het wachten op het verbinden van deze service: Windows Store Service (WSService).

Error: (01/21/2015 08:24:33 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: 1053AvastVBoxSvcNiet beschikbaar{F319F1B8-7587-4146-AF9C-0D6D77819BF1}

Error: (01/21/2015 08:24:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: De AvastVBox COM Service-service kan vanwege de volgende fout niet worden gestart:
%%1053

Error: (01/21/2015 08:24:33 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Time-out (30000 seconden) tijdens het wachten op het verbinden van deze service: AvastVBox COM Service.

Error: (01/20/2015 10:02:09 PM) (Source: DCOM) (EventID: 10016) (User: MICHAEL)
Description: toepassingsspecifiekLokaalStarten{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}MichaelfunbesterS-1-5-21-297319761-413857168-1725417465-1001LocalHost (via LRPC)Niet beschikbaarNiet beschikbaar

Error: (01/20/2015 10:02:09 PM) (Source: DCOM) (EventID: 10016) (User: MICHAEL)
Description: toepassingsspecifiekLokaalStarten{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}MichaelfunbesterS-1-5-21-297319761-413857168-1725417465-1001LocalHost (via LRPC)Niet beschikbaarNiet beschikbaar

Error: (01/20/2015 10:02:09 PM) (Source: DCOM) (EventID: 10016) (User: MICHAEL)
Description: toepassingsspecifiekLokaalStarten{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}MichaelfunbesterS-1-5-21-297319761-413857168-1725417465-1001LocalHost (via LRPC)Niet beschikbaarNiet beschikbaar

Error: (01/20/2015 10:02:09 PM) (Source: DCOM) (EventID: 10016) (User: MICHAEL)
Description: toepassingsspecifiekLokaalStarten{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}MichaelfunbesterS-1-5-21-297319761-413857168-1725417465-1001LocalHost (via LRPC)Niet beschikbaarNiet beschikbaar

Microsoft Office Sessions:
=========================
Error: (01/21/2015 08:27:17 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0xC004F074RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=7476d79f-8e48-49b4-ab63-4d0b813a16e4;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (01/21/2015 08:26:43 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0xC004F074RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=7476d79f-8e48-49b4-ab63-4d0b813a16e4;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (01/20/2015 10:27:58 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: chrome.exe39.0.2171.9916d401d034f4a4b4aeb3177C:\Program Files\Google\Chrome\Application\chrome.exe1c51d31c-a0eb-11e4-a3a9-88ae1defeecc

Error: (01/20/2015 10:04:42 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0xC004F074RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=7476d79f-8e48-49b4-ab63-4d0b813a16e4;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (01/20/2015 10:04:18 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0xC004F074RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=7476d79f-8e48-49b4-ab63-4d0b813a16e4;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (01/20/2015 09:55:33 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.2068992401d034f2ae68162f4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x86__8wekyb3d8bbwe\LiveComm.exea1e48e70-a0e6-11e4-a3a8-88ae1defeeccmicrosoft.windowscommunicationsapps_17.5.9600.20689_x86__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (01/20/2015 09:54:50 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0xC004F074RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=7476d79f-8e48-49b4-ab63-4d0b813a16e4;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (01/20/2015 09:54:26 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0xC004F074RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=7476d79f-8e48-49b4-ab63-4d0b813a16e4;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (01/20/2015 09:34:43 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service TampaGeneration since QueryServiceConfig API failed

System Error:
Het systeem kan het opgegeven bestand niet vinden.

Error: (01/20/2015 09:32:57 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service TampaGeneration since QueryServiceConfig API failed

System Error:
Het systeem kan het opgegeven bestand niet vinden.

CodeIntegrity Errors:
===================================
  Date: 2015-01-21 20:41:04.605
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Elex-tech\YAC\iSafeSrvMon.dll that did not meet the Windows signing level requirements.

  Date: 2015-01-21 20:27:45.668
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Elex-tech\YAC\iSafeSrvMon.dll that did not meet the Windows signing level requirements.

  Date: 2015-01-21 20:27:45.668
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Elex-tech\YAC\iSafeSrvMon.dll that did not meet the Windows signing level requirements.

  Date: 2015-01-19 18:30:45.095
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-19 18:30:45.095
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-19 18:30:45.079
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-19 18:30:44.938
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-19 18:30:44.923
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-19 18:30:44.923
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-19 18:30:13.910
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

Thanks for helping me!

 

 



BC AdBot (Login to Remove)

 


#2 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,044 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:05 AM

Posted 25 January 2015 - 02:30 PM

Hey, :)
I don't think we can't recover your files. What we could do is trying to use Shadow Copies. What do you want to do?
Option 1: Trying to recover your files
Option 2: Removing the Malware

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#3 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,044 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:05 AM

Posted 29 January 2015 - 10:26 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users